Maxim Levitsky [Thu, 25 Jun 2020 12:55:42 +0000 (14:55 +0200)]
block/crypto: implement the encryption key management
This implements the encryption key management using the generic code in
qcrypto layer and exposes it to the user via qemu-img
This code adds another 'write_func' because the initialization
write_func works directly on the underlying file, and amend
works on instance of luks device.
This commit also adds a 'hack/workaround' I and Kevin Wolf (thanks)
made to make the driver both support write sharing (to avoid breaking the users),
and be safe against concurrent metadata update (the keyslots)
Eventually the write sharing for luks driver will be deprecated
and removed together with this hack.
The hack is that we ask (as a format driver) for BLK_PERM_CONSISTENT_READ
and then when we want to update the keys, we unshare that permission.
So if someone else has the image open, even readonly, encryption
key update will fail gracefully.
Also thanks to Daniel Berrange for the idea of
unsharing read, rather that write permission which allows
to avoid cases when the other user had opened the image read-only.
Maxim Levitsky [Thu, 25 Jun 2020 12:55:41 +0000 (14:55 +0200)]
block/crypto: rename two functions
rename the write_func to create_write_func, and init_func to create_init_func.
This is preparation for other write_func that will be used to update the encryption keys.
Maxim Levitsky [Thu, 25 Jun 2020 12:55:39 +0000 (14:55 +0200)]
block/amend: separate amend and create options for qemu-img
Some options are only useful for creation
(or hard to be amended, like cluster size for qcow2), while some other
options are only useful for amend, like upcoming keyslot management
options for luks
Since currently only qcow2 supports amend, move all its options
to a common macro and then include it in each action option list.
In future it might be useful to remove some options which are
not supported anyway from amend list, which currently
cause an error message if amended.
Maxim Levitsky [Thu, 25 Jun 2020 12:55:38 +0000 (14:55 +0200)]
block/amend: add 'force' option
'force' option will be used for some unsafe amend operations.
This includes things like erasing last keyslot in luks based formats
(which destroys the data, unless the master key is backed up
by external means), but that _might_ be desired result.
Max Reitz [Thu, 25 Jun 2020 12:55:32 +0000 (14:55 +0200)]
iotests/common.rc: Add _require_working_luks
That the luks driver is present is little indication on whether it is
actually working. Without the crypto libraries linked in, it does not
work. So add this function, which tries to create a luks image to see
whether that actually works.
Max Reitz [Thu, 25 Jun 2020 12:55:30 +0000 (14:55 +0200)]
iotests: Make _filter_img_create more active
Right now, _filter_img_create just filters out everything that looks
format-dependent, and applies some filename filters. That means that we
have to add another filter line every time some format gets a new
creation option. This can be avoided by instead discarding everything
and just keeping what we know is format-independent (format, size,
backing file, encryption information[1], preallocation) or just
interesting to have in the reference output (external data file path).
Furthermore, we probably want to sort these options. Format drivers are
not required to define them in any specific order, so the output is
effectively random (although this has never bothered us until now). We
need a specific order for our reference outputs, though. Unfortunately,
just using a plain "sort" would change a lot of existing reference
outputs, so we have to pre-filter the option keys to keep our existing
order (fmt, size, backing*, data, encryption info, preallocation).
Finally, this makes it difficult for _filter_img_create to automagically
work for QMP output. Thus, this patch adds a separate
_filter_img_create_for_qmp function that echos every line verbatim that
does not start with "Formatting", and pipes those "Formatting" lines to
_filter_img_create.
[1] Actually, the only thing that is really important is whether
encryption is enabled or not. A patch by Maxim thus removes all
other "encrypt.*" options from the output:
https://lists.nongnu.org/archive/html/qemu-block/2020-06/msg00339.html
But that patch needs to come later so we can get away with changing
as few reference outputs in this patch here as possible.
Alberto Garcia [Wed, 17 Jun 2020 14:00:36 +0000 (16:00 +0200)]
qcow2: Fix preallocation on images with unaligned sizes
When resizing an image with qcow2_co_truncate() using the falloc or
full preallocation modes the code assumes that both the old and new
sizes are cluster-aligned.
There are two problems with this:
1) The calculation of how many clusters are involved does not always
get the right result.
Example: creating a 60KB image and resizing it (with
preallocation=full) to 80KB won't allocate the second cluster.
2) No copy-on-write is performed, so in the previous example if
there is a backing file then the first 60KB of the first cluster
won't be filled with data from the backing file.
Peter Maydell [Sat, 4 Jul 2020 15:08:41 +0000 (16:08 +0100)]
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200703' into staging
target-arm queue:
* i.MX6UL EVK board: put PHYs in the correct places
* hw/arm/virt: Let the virtio-iommu bypass MSIs
* target/arm: kvm: Handle DABT with no valid ISS
* hw/arm/virt-acpi-build: Only expose flash on older machine types
* target/arm: Fix temp double-free in sve ldr/str
* hw/display/bcm2835_fb.c: Initialize all fields of struct
* hw/arm/spitz: Code cleanup to fix Coverity-detected memory leak
* Deprecate TileGX port
* remotes/pmaydell/tags/pull-target-arm-20200703: (34 commits)
Deprecate TileGX port
Replace uses of FROM_SSI_SLAVE() macro with QOM casts
hw/arm/spitz: Provide usual QOM macros for corgi-ssp and spitz-lcdtg
hw/arm/pxa2xx_pic: Use LOG_GUEST_ERROR for bad guest register accesses
hw/arm/spitz: Use LOG_GUEST_ERROR for bad guest register accesses
hw/gpio/zaurus.c: Use LOG_GUEST_ERROR for bad guest register accesses
hw/arm/spitz: Encapsulate misc GPIO handling in a device
hw/misc/max111x: Create header file for documentation, TYPE_ macros
hw/misc/max111x: Use GPIO lines rather than max111x_set_input()
hw/arm/spitz: Use max111x properties to set initial values
ssi: Add ssi_realize_and_unref()
hw/misc/max111x: Don't use vmstate_register()
hw/misc/max111x: provide QOM properties for setting initial values
hw/arm/spitz: Implement inbound GPIO lines for bit5 and power signals
hw/arm/spitz: Keep pointers to scp0, scp1 in SpitzMachineState
hw/arm/spitz: Keep pointers to MPU and SSI devices in SpitzMachineState
hw/arm/spitz: Create SpitzMachineClass abstract base class
hw/arm/spitz: Detabify
hw/display/bcm2835_fb.c: Initialize all fields of struct
target/arm: Fix temp double-free in sve ldr/str
...
* remotes/cohuck/tags/s390x-20200703:
s390x/pci: fix set_ind_atomic
virtio-ccw: fix virtio_set_ind_atomic
target/s390x: Fix SQXBR
pc-bios/s390: Update s390-ccw bios binaries with the latest changes
pc-bios/s390-ccw: Generate and include dependency files in the Makefile
pc-bios: s390x: Make u32 ptr check explicit
pc-bios: s390x: Use ebcdic2ascii table
pc-bios: s390x: Move panic() into header and add infinite loop
pc-bios: s390x: Use PSW masks where possible and introduce PSW_MASK_SHORT_ADDR
pc-bios: s390x: Rename PSW_MASK_ZMODE to PSW_MASK_64
pc-bios: s390x: Get rid of magic offsets into the lowcore
pc-bios: s390x: Move sleep and yield to helper.h
pc-bios: s390x: Consolidate timing functions into time.h
pc-bios: s390x: cio.c cleanup and compile fix
Peter Maydell [Fri, 3 Jul 2020 15:59:46 +0000 (16:59 +0100)]
Deprecate TileGX port
Deprecate our TileGX target support:
* we have no active maintainer for it
* it has had essentially no contributions (other than tree-wide cleanups
and similar) since it was first added
* the Linux kernel dropped support in 2018, as has glibc
Note the deprecation in the manual, but don't try to print a warning
when QEMU runs -- printing unsuppressable messages is more obtrusive
for linux-user mode than it would be for system-emulation mode, and
it doesn't seem worth trying to invent a new suppressible-error
system for linux-user just for this.
Peter Maydell [Fri, 3 Jul 2020 15:59:46 +0000 (16:59 +0100)]
Replace uses of FROM_SSI_SLAVE() macro with QOM casts
The FROM_SSI_SLAVE() macro predates QOM and is used as a typesafe way
to cast from an SSISlave* to the instance struct of a subtype of
TYPE_SSI_SLAVE. Switch to using the QOM cast macros instead, which
have the same effect (by writing the QOM macros if the types were
previously missing them.)
(The FROM_SSI_SLAVE() macro allows the SSISlave member of the
subtype's struct to be anywhere as long as it is named "ssidev",
whereas a QOM cast macro insists that it is the first thing in the
subtype's struct. This is true for all the types we convert here.)
This removes all the uses of FROM_SSI_SLAVE() so we can delete the
definition.
Peter Maydell [Fri, 3 Jul 2020 15:59:46 +0000 (16:59 +0100)]
hw/arm/spitz: Provide usual QOM macros for corgi-ssp and spitz-lcdtg
The QOM types "spitz-lcdtg" and "corgi-ssp" are missing the
usual QOM TYPE and casting macros; provide and use them.
In particular, we can safely use the QOM cast macros instead of
FROM_SSI_SLAVE() because in both cases the 'ssidev' field of
the instance state struct is the first field in it.
Peter Maydell [Fri, 3 Jul 2020 15:59:45 +0000 (16:59 +0100)]
hw/arm/pxa2xx_pic: Use LOG_GUEST_ERROR for bad guest register accesses
Instead of using printf() for logging guest accesses to invalid
register offsets in the pxa2xx PIC device, use the usual
qemu_log_mask(LOG_GUEST_ERROR,...).
This was the only user of the REG_FMT macro in pxa.h, so we can
remove that.
Peter Maydell [Fri, 3 Jul 2020 15:59:45 +0000 (16:59 +0100)]
hw/arm/spitz: Use LOG_GUEST_ERROR for bad guest register accesses
Instead of logging guest accesses to invalid register offsets in the
Spitz flash device with zaurus_printf() (which just prints to stderr),
use the usual qemu_log_mask(LOG_GUEST_ERROR,...).
Peter Maydell [Fri, 3 Jul 2020 15:59:45 +0000 (16:59 +0100)]
hw/gpio/zaurus.c: Use LOG_GUEST_ERROR for bad guest register accesses
Instead of logging guest accesses to invalid register offsets in this
device using zaurus_printf() (which just prints to stderr), use the
usual qemu_log_mask(LOG_GUEST_ERROR,...).
Since this was the only use of the zaurus_printf() macro outside
spitz.c, we can move the definition of that macro from sharpsl.h
to spitz.c.
Peter Maydell [Fri, 3 Jul 2020 15:59:45 +0000 (16:59 +0100)]
hw/arm/spitz: Encapsulate misc GPIO handling in a device
Currently we have a free-floating set of IRQs and a function
spitz_out_switch() which handle some miscellaneous GPIO lines for the
spitz board. Encapsulate this behaviour in a simple QOM device.
At this point we can finally remove the 'max1111' global, because the
ADC battery-temperature value is now handled by the misc-gpio device
writing the value to its outbound "adc-temp" GPIO, which the board
code wires up to the appropriate inbound GPIO line on the max1111.
This commit also fixes Coverity issue CID 1421913 (which pointed out
that the 'outsignals' in spitz_scoop_gpio_setup() were leaked),
because it removes the use of the qemu_allocate_irqs() API from this
code entirely.
Peter Maydell [Fri, 3 Jul 2020 15:59:45 +0000 (16:59 +0100)]
hw/misc/max111x: Create header file for documentation, TYPE_ macros
Create a header file for the hw/misc/max111x device, in the
usual modern style for QOM devices:
* definition of the TYPE_ constants and macros
* definition of the device's state struct so that it can
be embedded in other structs if desired
* documentation of the interface
This allows us to use TYPE_MAX_1111 in the spitz.c code rather
than the string "max1111".
Peter Maydell [Fri, 3 Jul 2020 15:59:45 +0000 (16:59 +0100)]
hw/misc/max111x: Use GPIO lines rather than max111x_set_input()
The max111x ADC device model allows other code to set the level on
the 8 ADC inputs using the max111x_set_input() function. Replace
this with generic qdev GPIO inputs, which also allow inputs to be set
to arbitrary values.
Using GPIO lines will make it easier for board code to wire things
up, so that if device A wants to set the ADC input it doesn't need to
have a direct pointer to the max111x but can just set that value on
its output GPIO, which is then wired up by the board to the
appropriate max111x input.
Peter Maydell [Fri, 3 Jul 2020 15:59:44 +0000 (16:59 +0100)]
hw/arm/spitz: Use max111x properties to set initial values
Use the new max111x qdev properties to set the initial input
values rather than calling max111x_set_input(); this means that
on system reset the inputs will correctly return to their initial
values.
Peter Maydell [Fri, 3 Jul 2020 15:59:44 +0000 (16:59 +0100)]
ssi: Add ssi_realize_and_unref()
Add an ssi_realize_and_unref(), for the benefit of callers
who want to be able to create an SSI device, set QOM properties
on it, and then do the realize-and-unref afterwards.
The API works on the same principle as the recently added
qdev_realize_and_undef(), sysbus_realize_and_undef(), etc.
Peter Maydell [Fri, 3 Jul 2020 15:59:44 +0000 (16:59 +0100)]
hw/misc/max111x: Don't use vmstate_register()
The max111x is a proper qdev device; we can use dc->vmsd rather than
directly calling vmstate_register().
It's possible that this is a migration compat break, but the only
boards that use this device are the spitz-family ('akita', 'borzoi',
'spitz', 'terrier').
Peter Maydell [Fri, 3 Jul 2020 15:59:44 +0000 (16:59 +0100)]
hw/misc/max111x: provide QOM properties for setting initial values
Add some QOM properties to the max111x ADC device to allow the
initial values to be configured. Currently this is done by
board code calling max111x_set_input() after it creates the
device, which doesn't work on system reset.
This requires us to implement a reset method for this device,
so while we're doing that make sure we reset the other parts
of the device state.
Peter Maydell [Fri, 3 Jul 2020 15:59:44 +0000 (16:59 +0100)]
hw/arm/spitz: Implement inbound GPIO lines for bit5 and power signals
Currently the Spitz board uses a nasty hack for the GPIO lines
that pass "bit5" and "power" information to the LCD controller:
the lcdtg realize function sets a global variable to point to
the instance it just realized, and then the functions spitz_bl_power()
and spitz_bl_bit5() use that to find the device they are changing
the internal state of. There is a comment reading:
FIXME: Implement GPIO properly and remove this hack.
which was added in 2009.
Peter Maydell [Fri, 3 Jul 2020 15:59:44 +0000 (16:59 +0100)]
hw/arm/spitz: Keep pointers to MPU and SSI devices in SpitzMachineState
Keep pointers to the MPU and the SSI devices in SpitzMachineState.
We're going to want to make GPIO connections between some of the
SSI devices and the SCPs, so we want to keep hold of a pointer to
those; putting the MPU into the struct allows us to pass just
one thing to spitz_ssp_attach() rather than two.
We have to retain the setting of the global "max1111" variable
for the moment as it is used in spitz_adc_temp_on(); later in
this series of commits we will be able to remove it.
Peter Maydell [Fri, 3 Jul 2020 15:59:43 +0000 (16:59 +0100)]
hw/arm/spitz: Create SpitzMachineClass abstract base class
For the four Spitz-family machines (akita, borzoi, spitz, terrier)
create a proper abstract class SpitzMachineClass which encapsulates
the common behaviour, rather than having them all derive directly
from TYPE_MACHINE:
* instead of each machine class setting mc->init to a wrapper
function which calls spitz_common_init() with parameters,
put that data in the SpitzMachineClass and make spitz_common_init
the SpitzMachineClass machine-init function
* move the settings of mc->block_default_type and
mc->ignore_memory_transaction_failures into the SpitzMachineClass
class init rather than repeating them in each machine's class init
(The motivation is that we're going to want to keep some state in
the SpitzMachineState so we can connect GPIOs between devices created
in one sub-function of the machine init to devices created in a
different sub-function.)
Peter Maydell [Fri, 3 Jul 2020 15:59:43 +0000 (16:59 +0100)]
hw/arm/spitz: Detabify
The spitz board has been around a long time, and still has a fair number
of hard-coded tab characters in it. We're about to do some work on
this source file, so start out by expanding out the tabs.
Peter Maydell [Fri, 3 Jul 2020 15:59:43 +0000 (16:59 +0100)]
hw/display/bcm2835_fb.c: Initialize all fields of struct
In bcm2835_fb_mbox_push(), Coverity complains (CID 1429989) that we
pass a pointer to a local struct to another function without
initializing all its fields. This is a real bug:
bcm2835_fb_reconfigure() copies the whole of our new BCM2385FBConfig
struct into s->config, so any fields we don't initialize will corrupt
the state of the device.
Copy the two fields which we don't want to update (pixo and alpha)
from the existing config so we don't accidentally change them.
The temp that gets assigned to clean_addr has been allocated with
new_tmp_a64, which means that it will be freed at the end of the
instruction. Freeing it earlier leads to assertion failure.
The loop creates a complication, in which we allocate a new local
temp, which does need freeing, and the final code path is shared
between the loop and non-loop.
Fix this complication by adding new_tmp_a64_local so that the new
local temp is freed at the end, and can be treated exactly like
the non-loop path.
Andrew Jones [Fri, 3 Jul 2020 15:59:43 +0000 (16:59 +0100)]
hw/arm/virt-acpi-build: Only expose flash on older machine types
The flash device is exclusively for the host-controlled firmware, so
we should not expose it to the OS. Exposing it risks the OS messing
with it, which could break firmware runtime services and surprise the
OS when all its changes disappear after reboot.
As firmware needs the device and uses DT, we leave the device exposed
there. It's up to firmware to remove the nodes from DT before sending
it on to the OS. However, there's no need to force firmware to remove
tables from ACPI (which it doesn't know how to do anyway), so we
simply don't add the tables in the first place. But, as we've been
adding the tables for quite some time and don't want to change the
default hardware exposed to versioned machines, then we only stop
exposing the flash device tables for 5.1 and later machine types.
Injecting external data abort through KVM might trigger
an issue on kernels that do not get updated to include the KVM fix.
For those and aarch32 guests, the injected abort gets misconfigured
to be an implementation defined exception. This leads to the guest
repeatedly re-running the faulting instruction.
Add support for handling that case.
[ Fixed-by: 018f22f95e8a
('KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests') Fixed-by: 21aecdbd7f3a
('KVM: arm: Make inject_abt32() inject an external abort instead')
]
On ARMv7 & ARMv8 some load/store instructions might trigger a data abort
exception with no valid ISS info to be decoded. The lack of decode info
makes it at least tricky to emulate those instruction which is one of the
(many) reasons why KVM will not even try to do so.
Add support for handling those by requesting KVM to inject external
dabt into the quest.
Eric Auger [Fri, 3 Jul 2020 15:59:42 +0000 (16:59 +0100)]
hw/arm/virt: Let the virtio-iommu bypass MSIs
At the moment the virtio-iommu translates MSI transactions.
This behavior is inherited from ARM SMMU. The virt machine
code knows where the guest MSI doorbells are so we can easily
declare those regions as VIRTIO_IOMMU_RESV_MEM_T_MSI. With that
setting the guest will not map MSIs through the IOMMU and those
transactions will be simply bypassed.
Depending on which MSI controller is in use (ITS or GICV2M),
we declare either:
- the ITS interrupt translation space (ITS_base + 0x10000),
containing the GITS_TRANSLATOR or
- The GICV2M single frame, containing the MSI_SETSP_NS register.
Eric Auger [Fri, 3 Jul 2020 15:59:42 +0000 (16:59 +0100)]
virtio-iommu-pci: Add array of Interval properties
The machine may need to pass reserved regions to the
virtio-iommu-pci device (such as the MSI window on x86
or the MSI doorbells on ARM).
So let's add an array of Interval properties.
Note: if some reserved regions are already set by the
machine code - which should be the case in general -,
the length of the property array is already set and
prevents the end-user from modifying them. For example,
attempting to use:
qemu-system-aarch64: -device virtio-iommu-pci,addr=0xa,
len-reserved-regions=1,reserved-regions[0]=0xfee00000:0xfeefffff:1:
array size property len-reserved-regions may not be set more than once
Otherwise, for example, adding two reserved regions is achieved
using the following options:
Eric Auger [Fri, 3 Jul 2020 15:59:42 +0000 (16:59 +0100)]
virtio-iommu: Implement RESV_MEM probe request
This patch implements the PROBE request. At the moment,
only THE RESV_MEM property is handled. The first goal is
to report iommu wide reserved regions such as the MSI regions
set by the machine code. On x86 this will be the IOAPIC MSI
region, [0xFEE00000 - 0xFEEFFFFF], on ARM this may be the ITS
doorbell.
In the future we may introduce per device reserved regions.
This will be useful when protecting host assigned devices
which may expose their own reserved regions
Eric Auger [Fri, 3 Jul 2020 15:59:41 +0000 (16:59 +0100)]
qdev: Introduce DEFINE_PROP_RESERVED_REGION
Introduce a new property defining a reserved region:
<low address>:<high address>:<type>.
This will be used to encode reserved IOVA regions.
For instance, in virtio-iommu use case, reserved IOVA regions
will be passed by the machine code to the virtio-iommu-pci
device (an array of those). The type of the reserved region
will match the virtio_iommu_probe_resv_mem subtype value:
- VIRTIO_IOMMU_RESV_MEM_T_RESERVED (0)
- VIRTIO_IOMMU_RESV_MEM_T_MSI (1)
on PC/Q35 machine, this will be used to inform the
virtio-iommu-pci device it should bypass the MSI region.
The reserved region will be: 0xfee00000:0xfeefffff:1.
On ARM, we can declare the ITS MSI doorbell as an MSI
region to prevent MSIs from being mapped on guest side.
We need a solution to use an Ethernet PHY that is not the first device
on the MDIO bus (device 0 on MDIO bus).
As an example with the i.MX6UL the NXP SOC has 2 Ethernet devices but
only one MDIO bus on which the 2 related PHY are connected but at unique
addresses.
Peter Maydell [Fri, 3 Jul 2020 15:58:38 +0000 (16:58 +0100)]
Merge remote-tracking branch 'remotes/alistair/tags/pull-riscv-to-apply-20200702-1' into staging
This PR contains two patches to improve PLIC support in QEMU.
It also contains one patch that fixes CLINT accesses for RISC-V. This
fixes a regression for most RISC-V boards.
The rest of the PR is adding support for the v0.7.1 RISC-V vector
extensions. This is experimental support as the vector extensions are
still in a draft state.
This is a v2 pull request that has fixed the building on big endian
machines failure.
# gpg: Signature made Thu 02 Jul 2020 17:21:54 BST
# gpg: using RSA key F6C4AC46D4934868D3B8CE8F21E10D29DF977054
# gpg: Good signature from "Alistair Francis <[email protected]>" [full]
# Primary key fingerprint: F6C4 AC46 D493 4868 D3B8 CE8F 21E1 0D29 DF97 7054
Keqian Zhu [Mon, 22 Jun 2020 03:20:37 +0000 (11:20 +0800)]
migration: Count new_dirty instead of real_dirty
real_dirty_pages becomes equal to total ram size after dirty log sync
in ram_init_bitmaps, the reason is that the bitmap of ramblock is
initialized to be all set, so old path counts them as "real dirty" at
beginning.
This causes wrong dirty rate and false positive throttling.
capng_updatev is a varargs function that needs a -1 to terminate it,
but it was missing.
In practice what seems to have been happening is that it's added the
capabilities we asked for, then runs into junk on the stack, so if
we're unlucky it might be adding some more, but in reality it's
failing - but after adding the capabilities we asked for.
* tag 's390-ccw-bios-2020-07-02':
pc-bios/s390: Update s390-ccw bios binaries with the latest changes
pc-bios/s390-ccw: Generate and include dependency files in the Makefile
pc-bios: s390x: Make u32 ptr check explicit
pc-bios: s390x: Use ebcdic2ascii table
pc-bios: s390x: Move panic() into header and add infinite loop
pc-bios: s390x: Use PSW masks where possible and introduce PSW_MASK_SHORT_ADDR
pc-bios: s390x: Rename PSW_MASK_ZMODE to PSW_MASK_64
pc-bios: s390x: Get rid of magic offsets into the lowcore
pc-bios: s390x: Move sleep and yield to helper.h
pc-bios: s390x: Consolidate timing functions into time.h
pc-bios: s390x: cio.c cleanup and compile fix
Halil Pasic [Tue, 16 Jun 2020 04:50:35 +0000 (06:50 +0200)]
s390x/pci: fix set_ind_atomic
The atomic_cmpxchg() loop is broken because we occasionally end up with
old and _old having different values (a legit compiler can generate code
that accessed *ind_addr again to pick up a value for _old instead of
using the value of old that was already fetched according to the
rules of the abstract machine). This means the underlying CS instruction
may use a different old (_old) than the one we intended to use if
atomic_cmpxchg() performed the xchg part.
Let us use volatile to force the rules of the abstract machine for
accesses to *ind_addr. Let us also rewrite the loop so, we that the
new old is used to compute the new desired value if the xchg part
is not performed.
Halil Pasic [Tue, 16 Jun 2020 04:50:34 +0000 (06:50 +0200)]
virtio-ccw: fix virtio_set_ind_atomic
The atomic_cmpxchg() loop is broken because we occasionally end up with
old and _old having different values (a legit compiler can generate code
that accessed *ind_addr again to pick up a value for _old instead of
using the value of old that was already fetched according to the
rules of the abstract machine). This means the underlying CS instruction
may use a different old (_old) than the one we intended to use if
atomic_cmpxchg() performed the xchg part.
Let us use volatile to force the rules of the abstract machine for
accesses to *ind_addr. Let us also rewrite the loop so, we that the
new old is used to compute the new desired value if the xchg part
is not performed.
Max Reitz [Tue, 30 Jun 2020 08:37:11 +0000 (10:37 +0200)]
iotests.py: Do not wait() before communicate()
Waiting on a process for which we have a pipe will stall if the process
outputs more data than fits into the OS-provided buffer. We must use
communicate() before wait(), and in fact, communicate() perfectly
replaces wait() already.
We have to drop the stderr=subprocess.STDOUT parameter from
subprocess.Popen() in qemu_nbd_early_pipe(), because stderr is passed on
to the child process, so if we do not drop this parameter, communicate()
will hang (because the pipe is not closed).
Kevin Wolf [Tue, 23 Jun 2020 17:55:34 +0000 (19:55 +0200)]
vvfat: Fix array_remove_slice()
array_remove_slice() calls array_roll() with array->next - 1 as the
destination index. This is only correct for count == 1, otherwise we're
writing past the end of the array. array->next - count would be correct.
However, this is the only place ever calling array_roll(), so this
rather complicated operation isn't even necessary.
Fix the problem and simplify the code by replacing it with a single
memmove() call. array_roll() can now be removed.
Kevin Wolf [Tue, 23 Jun 2020 17:55:33 +0000 (19:55 +0200)]
vvfat: Check that updated filenames are valid
FAT allows only a restricted set of characters in file names, and for
some of the illegal characters, it's actually important that we catch
them: If filenames can contain '/', the guest can construct filenames
containing "../" and escape from the assigned vvfat directory. The same
problem could arise if ".." was ever accepted as a literal filename.
Fix this by adding a check that all filenames are valid in
check_directory_consistency().
Stefan Hajnoczi [Fri, 19 Jun 2020 10:11:32 +0000 (11:11 +0100)]
qemu-storage-daemon: add missing cleanup calls
Several components used by qemu-storage-daemon have cleanup functions
that aren't called. Keep the "valgrind --leak-check=full" as clean as
possible by invoking the necessary cleanup functions.
Stefan Hajnoczi [Fri, 19 Jun 2020 10:11:31 +0000 (11:11 +0100)]
qemu-storage-daemon: remember to add qemu_object_opts
The --object option is supported by qemu-storage-daemon but the
qemu_object_opts QemuOptsList wasn't being added. As a result calls to
qemu_find_opts("object") failed with "There is no option group
'object'".
Kevin Wolf [Mon, 22 Jun 2020 15:12:03 +0000 (17:12 +0200)]
qemu-img convert: Don't pre-zero images
Since commit 5a37b60a61c, qemu-img create will pre-zero the target image
if it isn't already zero-initialised (most importantly, for host block
devices, but also iscsi etc.), so that writing explicit zeros wouldn't
be necessary later.
This could speed up the operation significantly, in particular when the
source image file was only sparsely populated. However, it also means
that some block are written twice: Once when pre-zeroing them, and then
when they are overwritten with actual data. On a full image, the
pre-zeroing is wasted work because everything will be overwritten.
In practice, write_zeroes typically turns out faster than writing
explicit zero buffers, but slow enough that first zeroing everything and
then overwriting parts can be a significant net loss.
Meanwhile, qemu-img convert was rewritten in 690c7301600 and zero blocks
are now written to the target using bdrv_co_pwrite_zeroes() if the
target could be pre-zeroed. This way we already make use of the faster
write_zeroes operation, but avoid writing any blocks twice.
Remove the pre-zeroing because these days this former optimisation has
actually turned into a pessimisation in the common case.
LIU Zhiwei [Wed, 1 Jul 2020 15:25:49 +0000 (23:25 +0800)]
target/riscv: configure and turn on vector extension from command line
Vector extension is default off. The only way to use vector extension is
1. use cpu rv32 or rv64
2. turn on it by command line
"-cpu rv64,x-v=true,vlen=128,elen=64,vext_spec=v0.7.1".
vlen is the vector register length, default value is 128 bit.
elen is the max operator size in bits, default value is 64 bit.
vext_spec is the vector specification version, default value is v0.7.1.
These properties can be specified with other values.
projects / qemu.git / log