Stefan Hajnoczi [Wed, 30 Nov 2011 12:23:43 +0000 (12:23 +0000)]
block: convert qemu_aio_flush() calls to bdrv_drain_all()
Many places in QEMU call qemu_aio_flush() to complete all pending
asynchronous I/O. Most of these places actually want to drain all block
requests but there is no block layer API to do so.
This patch introduces the bdrv_drain_all() API to wait for requests
across all BlockDriverStates to complete. As a bonus we perform checks
after qemu_aio_wait() to ensure that requests really have finished.
Debugging a reentrant request deadlock was fun but in the future we need
a quick and obvious way of detecting such bugs. Add an assert that
checks we are not about to deadlock when waiting for another request.
Cases beyond the end of the disk image are only implemented for block
drivers that do not provide .bdrv_co_is_allocated(). It's worth making
these cases generic so that block drivers that do implement
.bdrv_co_is_allocated() also get them for free.
Stefan Hajnoczi [Wed, 23 Nov 2011 15:00:04 +0000 (15:00 +0000)]
cow: use bdrv_co_is_allocated()
Now that bdrv_co_is_allocated() is available we can use it instead of
the synchronous bdrv_is_allocated() interface. This is a follow-up that
Kevin Wolf <[email protected]> pointed out after applying the series that
introduces bdrv_co_is_allocated().
It is safe to make cow_read() a coroutine_fn because its only caller is
a coroutine_fn.
Stefan Hajnoczi [Thu, 17 Nov 2011 13:40:32 +0000 (13:40 +0000)]
block: add -drive copy-on-read=on|off
This patch adds the -drive copy-on-read=on|off command-line option:
copy-on-read=on|off
copy-on-read is "on" or "off" and enables whether to copy read backing
file sectors into the image file. Copy-on-read avoids accessing the
same backing file sectors repeatedly and is useful when the backing
file is over a slow network. By default copy-on-read is off.
Stefan Hajnoczi [Wed, 23 Nov 2011 11:47:56 +0000 (11:47 +0000)]
block: request overlap detection
Detect overlapping requests and remember to align to cluster boundaries
if the image format uses them. This assumes that allocating I/O is
performed in cluster granularity - which is true for qcow2, qed, etc.
Stefan Hajnoczi [Thu, 17 Nov 2011 13:40:29 +0000 (13:40 +0000)]
block: wait for overlapping requests
When copy-on-read is enabled it is necessary to wait for overlapping
requests before issuing new requests. This prevents races between the
copy-on-read and a write request.
Stefan Hajnoczi [Mon, 28 Nov 2011 16:08:47 +0000 (16:08 +0000)]
block: add interface to toggle copy-on-read
The bdrv_enable_copy_on_read()/bdrv_disable_copy_on_read() functions can
be used to programmatically enable or disable copy-on-read for a block
device. Later patches add the actual copy-on-read logic.
Stefan Hajnoczi [Thu, 17 Nov 2011 13:40:27 +0000 (13:40 +0000)]
block: add request tracking
The block layer does not know about pending requests. This information
is necessary for copy-on-read since overlapping requests must be
serialized to prevent races that corrupt the image.
The BlockDriverState gets a new tracked_request list field which
contains all pending requests. Each request is a BdrvTrackedRequest
record with sector_num, nb_sectors, and is_write fields.
Note that request tracking is always enabled but hopefully this extra
work is so small that it doesn't justify adding an enable/disable flag.
Stefan Hajnoczi [Thu, 17 Nov 2011 13:40:26 +0000 (13:40 +0000)]
coroutine: add qemu_co_queue_restart_all()
It's common to wake up all waiting coroutines. Introduce the
qemu_co_queue_restart_all() function to do this instead of looping over
qemu_co_queue_next() in every caller.
Since ALIGN_UP() is a common macro name use the QEMU_* namespace prefix.
Hopefully this will protect us from included headers that leak something
with a similar name.
Stefan Hajnoczi [Mon, 14 Nov 2011 12:44:24 +0000 (12:44 +0000)]
cow: convert to .bdrv_co_is_allocated()
The cow block driver does not keep internal state for cluster lookups.
This means it is safe to perform cluster lookups in coroutine context
without risk of race conditions that corrupt internal state.
Stefan Hajnoczi [Mon, 14 Nov 2011 12:44:21 +0000 (12:44 +0000)]
block: convert qcow2, qcow2, and vmdk to .bdrv_co_is_allocated()
The qcow2, qcow, and vmdk block drivers are based on coroutines. They have a
coroutine mutex which protects internal state. We can convert the
.bdrv_is_allocated() function to .bdrv_co_is_allocated() by holding the mutex
around the cluster lookup operation.
Stefan Hajnoczi [Mon, 14 Nov 2011 12:44:20 +0000 (12:44 +0000)]
qed: convert to .bdrv_co_is_allocated()
The bdrv_qed_is_allocated() function is a synchronous wrapper around
qed_find_cluster(), which performs the cluster lookup. In order to
convert the synchronous function to a coroutine function we yield
instead of using qemu_aio_wait(). Note that QED's cache is already safe
for parallel requests so no locking is needed.
Stefan Hajnoczi [Mon, 14 Nov 2011 12:44:19 +0000 (12:44 +0000)]
block: add .bdrv_co_is_allocated()
This patch adds the .bdrv_co_is_allocated() interface which is identical
to .bdrv_is_allocated() but runs in coroutine context. Running in
coroutine context implies that other coroutines might be performing I/O
at the same time. Therefore it must be safe to run while the following
BlockDriver functions are in-flight:
The new .bdrv_co_is_allocated() interface is useful because it can be
used when a VM is running, whereas .bdrv_is_allocated() is a synchronous
interface that does not cope with parallel requests.
Stefan Hajnoczi [Mon, 14 Nov 2011 12:44:18 +0000 (12:44 +0000)]
block: use public bdrv_is_allocated() interface
There is no need for bdrv_commit() to use the BlockDriver
.bdrv_is_allocated() interface directly. Converting to the public
interface gives us the freedom to drop .bdrv_is_allocated() entirely in
favor of a new .bdrv_co_is_allocated() in the future.
Kevin Wolf [Wed, 16 Nov 2011 16:30:33 +0000 (17:30 +0100)]
qcow2: Fix error path in qcow2_snapshot_load_tmp
If the bdrv_read() of the snapshot's L1 table fails, return the right
error code and make sure that the old L1 table is still loaded and we
don't break the BlockDriverState completely.
Kevin Wolf [Wed, 16 Nov 2011 14:04:11 +0000 (15:04 +0100)]
qcow2: Return real error in qcow2_snapshot_goto
Besides fixing the return code, this adds some comments that make clear
how the code works and that it potentially breaks images if we fail in
the wrong place. Actually fixing this is left for the next patch.
Increase refcounts only after allocating a new L1 table has succeeded in
order to make leaks less likely. If writing the snapshot table fails,
revert in-memory state to be consistent with that on disk.
While at it, make it return the real error codes instead of -1.
Kevin Wolf [Wed, 16 Nov 2011 16:46:29 +0000 (17:46 +0100)]
qcow2: Cleanups and memleak fix in qcow2_snapshot_create
sn->id_str could be leaked before this. The rest of this patch changes
comments, fixes coding style or removes checks that are unnecessary with
g_malloc.
This patch is only to refactor some lines of codes to get better and more robust codes.
As you have seen, in qed_read_table_cb() it's nice to
use qiov->size because that function doesn't obviously use a single
struct iovec.
In other two functions, if qiov use more than one struct iovec, the existing way will get wrong nb_sectors.
To make the code more robust, it will be nicer to refactor the existing way as below.
Stefan Hajnoczi [Wed, 30 Nov 2011 12:23:41 +0000 (12:23 +0000)]
qcow2: avoid reentrant bdrv_read() in copy_sectors()
A BlockDriverState should not issue requests on itself through the
public block layer interface. Nested, or reentrant, requests are
problematic because they do I/O throttling and request tracking twice.
Features like block layer copy-on-read use request tracking to avoid
race conditions between concurrent requests. The reentrant request will
have to "wait" for its parent request to complete. But the parent is
waiting for the reentrant request to make progress so we have reached
deadlock.
The solution is for block drivers to avoid the public block layer
interfaces for reentrant requests. Instead they should call their own
internal functions if they wish to perform reentrant requests.
This is also a good opportunity to make copy_sectors() a true
coroutine_fn. That means calling bdrv_co_writev() instead of
bdrv_write(). Behavior is unchanged but we're being explicit that this
executes in coroutine context.
Kevin Wolf [Mon, 19 Sep 2011 09:26:48 +0000 (11:26 +0200)]
qcow2: Unlock during COW
Unlocking during COW allows for more parallelism. One change it requires is
that buffers are dynamically allocated instead of just using a per-image
buffer.
While touching the code, drop the synchronous qcow2_read() function and replace
it by a bdrv_read() call.
Michael Roth [Tue, 29 Nov 2011 22:47:49 +0000 (16:47 -0600)]
Makefile: use full path for qapi-generated directory
Generally $(BUILD_DIR) == $(CURDIR), but that isn't necessarilly the
case, so use $(BUILD_DIR)/qapi-generated for generated files to
avoid potentionally sticking generating files in odd places outside
the build's include paths.
Michael Roth [Tue, 29 Nov 2011 22:47:48 +0000 (16:47 -0600)]
qapi: fix guardname generation
Fix a bug in handling dotted paths, and exclude directory prefixes
from generated guardnames to avoid odd/pseudo-random guardnames in
generated headers.
Max Filippov [Thu, 24 Nov 2011 12:11:31 +0000 (16:11 +0400)]
configure: avoid screening of --{en, dis}able-usb-redir options
--*dir) option pattern precede --{en,dis}able-usb-redir) patterns in the
option analysis switch, making the latter options have no effect.
There were some --*dir that are supported by Autoconf and not by QEMU configure.
The aim was to let QEMU packagers use the rpm (or similar) macro that overrides
directories for their distribution.
cutils: Make strtosz & friends leave follow set to callers
strtosz() & friends require the size to be at the end of the string,
or be followed by whitespace or ','. I find this surprising, because
the name suggests it works like strtol().
The check simplifies callers that accept exactly that follow set
slightly. No such callers exist.
The check is redundant for callers that accept a smaller follow set,
and thus need to check themselves anyway. Right now, this is the case
for all but one caller. All of them neglected to check, or checked
incorrectly, but the previous few commits fixed them up.
Finally, the check is problematic for callers that accept a larger
follow set. This is the case in monitor_parse_command().
Fortunately, the problems there are relatively harmless.
monitor_parse_command() uses strtosz() for argument type 'o'. When
the last argument is of type 'o', a trailing ',' is diagnosed
differently than other trailing junk:
(qemu) migrate_set_speed 1x
invalid size
(qemu) migrate_set_speed 1,
migrate_set_speed: extraneous characters at the end of line
A related inconsistency exists with non-last arguments. No such
command exists, but let's use memsave to explore the inconsistency.
The monitor permits, but does not require whitespace between
arguments. For instance, "memsave (1-1)1024foo" is parsed as command
memsave with three arguments 0, 1024 and "foo". Yes, this is daft,
but at least it's consistently daft.
If I change memsave's second argument from 'i' to 'o', then "memsave
(1-1)1foo" is rejected, because the size is followed by an 'f'. But
"memsave (1-1)1," is still accepted, and duly saves to file ",".
We don't have any users of strtosz that profit from the check. In the
users we have, it appears to encourage sloppy error checking, or gets
in the way. Drop the bothersome check.
strtosz_suffix() fails unless the size is followed by 0, whitespace or
','. Useless here, because we need to fail for any junk following the
size, even if it starts with whitespace or ','. Check manually.
Things like "qemu-img create xxx 1024," and "qemu-img convert -S '1024
junk'" are now caught.
cpu_x86_find_by_name() uses strtosz_suffix_unit(), but screws up the
error checking. It detects some failures, but not all. Undetected
failures result in a zero tsc_khz value (error value -1 divided by
1000), which means "no tsc_freq set".
To reproduce, try "-cpu qemu64,tsc_freq=9999999T".
strtosz_suffix_unit() fails, because the value overflows int64_t,
strtosz_suffix() fails unless the size is followed by 0, whitespace or
','. Useless here, because we need to fail for any junk following the
size, even if it starts with whitespace or ','. Check manually.
Things like "-m 1024," are now caught.
strtosz_suffix() fails unless the size is followed by 0, whitespace or
','. Useless here, because we need to fail for any junk following the
size, even if it starts with whitespace or ','. Check manually.
cutils: Drop broken support for zero strtosz default_suffix
Commit 9f9b17a4's strtosz() defaults a missing suffix to 'M', except
it rejects fractions then (switch case 0).
When commit d8427002 introduced strtosz_suffix(), that changed:
fractions are no longer rejected, because we go to switch case 'M' on
missing suffix now. Not mentioned in commit message, probably
unintentional. Not worth changing back now.
Because case 0 is still around, you can get the old behavior by
passing a zero default_suffix to strtosz_suffix() or
strtosz_suffix_unit(). Undocumented and not used. Drop.
Commit d8427002 also neglected to update the function comment. Fix it
up.
Hans de Goede [Sat, 19 Nov 2011 09:22:47 +0000 (10:22 +0100)]
usb-redir: Don't try to write to the chardev after a close event
Since we handle close async in a bh, do_write and thus write can get
called after receiving a close event. This patch adds a check to
the usb-redir write callback to not call qemu_chr_fe_write on a closed
backend.
These fixes mainly target the other side sending some (error status)
packets after a disconnect packet. In some cases these would get queued
up and then reported to the controller when a new device gets connected.
* Fully reset device state on disconnect
* Don't allow a connect message when already connected
* Ignore iso and interrupt status messages when disconnected
Define a state callback and make that generate chardev open/close events when
called by the spice-server.
Notes:
1) For all but the newest spice-server versions (which have a fix for this)
the code ignores these events for a spicevmc with a subtype of vdagent, this
subtype specific knowledge is undesirable, but unavoidable for now, see:
http://lists.freedesktop.org/archives/spice-devel/2011-July/004837.html
2) This code deliberately sends the events immediately rather then from a
bh. This is done this way because:
a) There is no need to do it from a bh; and
b) Doing it from a bh actually causes issues because the spice-server may send
data immediately after the open and when the open runs from a bh, then
qemu_chr_be_can_write will return 0 for the first write which the spice-server
does not expect, when this happens the spice-server will never retry the write
causing communication to stall.
Hans de Goede [Sat, 19 Nov 2011 09:22:43 +0000 (10:22 +0100)]
qemu-char: rename qemu_chr_event to qemu_chr_be_event and make it public
Rename qemu_chr_event to qemu_chr_be_event, since it is only to be
called by backends and make it public so that it can be used by chardev
code which lives outside of qemu-char.c
Paolo Bonzini [Thu, 24 Nov 2011 12:28:52 +0000 (13:28 +0100)]
virtio: add and use virtio_set_features
vdev->guest_features is not masking features that are not supported by
the guest. Fix this by introducing a common wrapper to be used by all
virtio bus implementations.
Paolo Bonzini [Mon, 21 Nov 2011 08:29:11 +0000 (09:29 +0100)]
9pfs: improve portability to older systems
Small requirements on "new" features have percolated to virtio-9p-local.c.
In particular, the utimensat wrapper actually only supports dirfd = AT_FDCWD
and flags = AT_SYMLINK_NOFOLLOW in the fallback code. Remove the arguments
so that virtio-9p-local.c will not use AT_* constants.
At the same time, fail local_ioc_getversion if the ioctl is not supported
by the host.
"Anthony, I think we should revert that commit and refactor cpuid for
1.1. The logic is spread over too many places which makes it hard to
reason about."
Gerd Hoffmann [Wed, 16 Nov 2011 11:37:17 +0000 (12:37 +0100)]
usb-host: add usb_host_do_reset function.
Add a special function to reset the host usb device. It tracks the time
needed by the USBDEVFS_RESET ioctl and prints a warning in case it needs
too long. Usually it should be finished in 200 - 300 miliseconds.
Warning threshold is one second.
Intention is to help troubleshooting by indicating that the usb device
stopped responding even to a reset request and is possibly broken.
Kevin Wolf [Tue, 22 Nov 2011 15:52:13 +0000 (16:52 +0100)]
vvfat: Add migration blocker
vvfat caches more or less everything when in writable mode. For migration
to work, it would have to be invalidated. Block migration for now when
in writable mode (default is readonly).
Gerd Hoffmann [Fri, 18 Nov 2011 09:49:25 +0000 (10:49 +0100)]
usb-ehci: add register names
The mmio register name list only had the names for four port status
registers. We emulate a EHCI adapter with six ports though, the last
two ones are listed as "unknown" in traces. Fix it.
Julian Pidancet [Wed, 23 Nov 2011 01:03:15 +0000 (01:03 +0000)]
rtl8139: Fix invalid IO access alignment
This patch makes iPXE work with the rtl8139 emulation. The rtl8139
driver in iPXE issues a 16bit access on the ChipCmd register
(offset 0x37) to check the status of the rx buffer. The offset of the
ioport access was getting fixed up to 0x36 in qemu, causing the value
read in iPXE to be invalid.
This fixes an issue with iPXE reporting timeouts during TFTP transfers.
Reposting this here because it is trivial enough and the original post
on qemu-devel didn't attract much attention.
Also, the inw() which was causing the issue has been replaced with an
inb() in upstream iPXE:
https://git.ipxe.org/ipxe.git/commit/91dd64ad25baa27954a7518e73df4fca8a2d0c93
Gerd Hoffmann [Tue, 22 Nov 2011 11:39:58 +0000 (12:39 +0100)]
usb: make usb_create_simple catch and pass up errors.
Use qdev_init() instead of qdev_init_nofail(), usb device initialization
can fail, most common case being port and device speed mismatch. Handle
failures correctly and pass up NULL pointers then.
Also fixup usb_create_simple() callers (only one was buggy) to properly
check for NULL pointers before referncing the usb_create_simple() return
value.
slirp: Clean up net_slirp_hostfwd_remove()'s use of get_str_sep()
get_str_sep() can fail, but net_slirp_hostfwd_remove() doesn't check.
Works, because it initializes buf[] to "", which get_str_sep() doesn't
touch when it fails. Coverity doesn't like it, and neither do I.
Paolo Bonzini [Fri, 18 Nov 2011 15:32:02 +0000 (16:32 +0100)]
scsi-generic: add as boot device
There is no reason why a scsi-generic device cannot boot if it has
the right type, and indeed it provides already a bootindex property.
So register those devices too.
Paolo Bonzini [Fri, 18 Nov 2011 16:03:45 +0000 (17:03 +0100)]
scsi: fix fw path
The pre-1.0 firmware path for SCSI devices already included the LUN
using the suffix argument to add_boot_device_path. Avoid that it is
included twice, and convert the colons to commas for consistency with
other kinds of devices
Paolo Bonzini [Fri, 18 Nov 2011 15:32:00 +0000 (16:32 +0100)]
usb-msd: do not register twice in the boot order
USB mass storage devices are registered twice in the boot order.
To avoid having to keep the two paths in sync, pass the bootindex
property down to the scsi-disk device and let it register itself.
Max Filippov [Mon, 21 Nov 2011 00:54:58 +0000 (04:54 +0400)]
configure: check for EFD_NONBLOCK | EFD_CLOEXEC flags
Add check for the EFD_NONBLOCK and EFD_CLOEXEC flags to the
CONFIG_EVENTFD test.
This fixes the following build failure on Fedora 9:
CC event_notifier.o
event_notifier.c: In function `event_notifier_init':
event_notifier.c:21: error: `EFD_NONBLOCK' undeclared (first use in this function)
event_notifier.c:21: error: (Each undeclared identifier is reported only once
event_notifier.c:21: error: for each function it appears in.)
event_notifier.c:21: error: `EFD_CLOEXEC' undeclared (first use in this function)
make: *** [event_notifier.o] Error 1
Avi Kivity [Tue, 15 Nov 2011 18:12:17 +0000 (20:12 +0200)]
configure: build position independent executables on x86-Linux hosts
Change the default on x86 Linux hosts to building PIE (position
independent executables); instead of restricting the option to
user-only targets, apply it to all targets.
In addition, set the relocation sections to read-only (relro) when
available; this reduces the attack surface by disallowing changes to
relocation tables at runtime.
While PIE reduces performance and relro increases load time, it
greatly improves security, with the potential to reduce a code
execution vulnerability to a self denial of service.
Non-x86 are not changed, as they require TCG changes; neither are
non-Linux, due to lack of test coverage.
Hongyong Zang [Mon, 21 Nov 2011 10:56:18 +0000 (18:56 +0800)]
ivshmem: fix PCI BAR2 registration during initialization
Ivshmem cannot work, and the command lspci cannot show ivshmem BAR2 in the guest.
As for pci_register_bar(), parameter MemoryRegion should be s->bar instead of s->ivshmem.
projects / qemu.git / log