Geoffrey McRae [Sun, 8 Nov 2020 06:33:50 +0000 (17:33 +1100)]
audio/jack: fix use after free segfault
This change registers a bottom handler to close the JACK client
connection when a server shutdown signal is received. Without this
libjack2 attempts to "clean up" old clients and causes a use after free
segfault.
Mark Cave-Ayland [Tue, 10 Nov 2020 10:31:11 +0000 (10:31 +0000)]
macio: set user_creatable to false in macio_class_init()
Commit 348b8d1a76 "macio: don't reference serial_hd() directly within the device"
removed the setting of user_creatable to false on the basis that the restriction
was due to the use of serial_hd() in macio_instance_init().
Unfortunately this isn't the full story since the PIC object property links
must still be set before the device is realized. Whilst it is possible to update
the macio device and Mac machines to resolve this, the fix is too invasive at
this point in the release cycle.
For now simply set user_creatable back to false in macio_class_init() to
prevent QEMU from segfaulting in anticipation of the proper fix arriving in
QEMU 6.0.
Peter Maydell [Wed, 11 Nov 2020 19:53:14 +0000 (19:53 +0000)]
Merge remote-tracking branch 'remotes/stefanha-gitlab/tags/tracing-pull-request' into staging
Tracing pull request
# gpg: Signature made Wed 11 Nov 2020 15:56:18 GMT
# gpg: using RSA key 8695A8BFD3F97CDAAC35775A9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <[email protected]>" [full]
# gpg: aka "Stefan Hajnoczi <[email protected]>" [full]
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8
* remotes/stefanha-gitlab/tags/tracing-pull-request:
scripts/tracetool: silence SystemTap dtrace(1) long long warnings
trace: remove argument from trace_init_file
* remotes/bonzini-gitlab/tags/for-upstream:
pvpanic: Advertise the PVPANIC_CRASHLOADED event support
physmem: improve ram size error messages
Makefile: No echoing for 'make help V=1'
replay: remove some dead code
fix make clean/distclean
meson: Clarify the confusing vhost-user vs. vhost-kernel output
Peter Maydell [Wed, 11 Nov 2020 14:00:35 +0000 (14:00 +0000)]
Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging
# gpg: Signature made Wed 11 Nov 2020 13:04:02 GMT
# gpg: using RSA key EF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <[email protected]>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F 3562 EF04 965B 398D 6211
* remotes/jasowang/tags/net-pull-request:
hw/net/can/ctucan_core: Use stl_le_p to write to tx_buffers
hw/net/can/ctucan_core: Handle big-endian hosts
hw/net/can/ctucan: Avoid unused value in ctucan_send_ready_buffers()
hw/net/can/ctucan: Don't allow guest to write off end of tx_buffer
net/l2tpv3: Remove redundant check in net_init_l2tpv3()
net: remove an assert call in eth_get_gso_type
net/colo-compare.c: Increase default queued packet scan frequency
net/colo-compare.c: Add secondary old packet detection
net/colo-compare.c: Change the timer clock type
net/colo-compare.c: Fix compare_timeout format issue
colo-compare: check mark in mutual exclusion
colo-compare: fix missing compare_seq initialization
Fix the qemu crash when guest shutdown in COLO mode
Reduce the time of checkpoint for COLO
Optimize seq_sorter function for colo-compare
net/filter-rewriter: destroy g_hash_table in colo_rewriter_cleanup
virtio-net: Set mac address to hardware if the peer is vdpa
Peter Maydell [Tue, 10 Nov 2020 21:52:50 +0000 (22:52 +0100)]
hw/net/can/ctucan_core: Use stl_le_p to write to tx_buffers
Instead of casting an address within a uint8_t array to a
uint32_t*, use stl_le_p(). This handles possibly misaligned
addresses which would otherwise crash on some hosts.
Peter Maydell [Tue, 10 Nov 2020 21:52:49 +0000 (22:52 +0100)]
hw/net/can/ctucan_core: Handle big-endian hosts
The ctucan driver defines types for its registers which are a union
of a uint32_t with a struct with bitfields for the individual
fields within that register. This is a bad idea, because bitfields
aren't portable. The ctu_can_fd_regs.h header works around the
most glaring of the portability issues by defining the
fields in two different orders depending on the setting of the
__LITTLE_ENDIAN_BITFIELD define. However, in ctucan_core.h this
is unconditionally set to 1, which is wrong for big-endian hosts.
Set it only if HOST_WORDS_BIGENDIAN is not set. There is no need
for a "have we defined it already" guard, because the only place
that should set it is ctucan_core.h, which has the usual
double-inclusion guard.
Peter Maydell [Tue, 10 Nov 2020 21:52:48 +0000 (22:52 +0100)]
hw/net/can/ctucan: Avoid unused value in ctucan_send_ready_buffers()
Coverity points out that in ctucan_send_ready_buffers() we
set buff_st_mask = 0xf << (i * 4) inside the loop, but then
we never use it before overwriting it later.
The only thing we use the mask for is as part of the code that is
inserting the new buff_st field into tx_status. That is more
comprehensibly written using deposit32(), so do that and drop the
mask variable entirely.
We also update the buff_st local variable at multiple points
during this function, but nothing can ever see these
intermediate values, so just drop those, write the final
TXT_TOK as a fixed constant value, and collapse the only
remaining set/use of buff_st down into an extract32().
Peter Maydell [Tue, 10 Nov 2020 21:52:47 +0000 (22:52 +0100)]
hw/net/can/ctucan: Don't allow guest to write off end of tx_buffer
The ctucan device has 4 CAN bus cores, each of which has a set of 20
32-bit registers for writing the transmitted data. The registers are
however not contiguous; each core's buffers is 0x100 bytes after
the last.
We got the checks on the address wrong in the ctucan_mem_write()
function:
* the first "is addr in range at all" check allowed
addr == CTUCAN_CORE_MEM_SIZE, which is actually the first
byte off the end of the range
* the decode of addresses into core-number plus offset in the
tx buffer for that core failed to check that the offset was
in range, so the guest could write off the end of the
tx_buffer[] array
NB: currently the values of CTUCAN_CORE_MEM_SIZE, CTUCAN_CORE_TXBUF_NUM,
etc, make "buff_num >= CTUCAN_CORE_TXBUF_NUM" impossible, but we
retain this as a runtime check rather than an assertion to permit
those values to be changed in future (in hardware they are
configurable synthesis parameters).
Fix the top level check, and check the offset is within the buffer.
The `event` parameter is ignored by the kernel if `op` is EPOLL_CTL_DEL,
do the same and avoid returning EFAULT if garbage is passed instead of a
valid pointer.
LemonBoy [Thu, 5 Nov 2020 15:52:51 +0000 (16:52 +0100)]
linux-user: Correct definition of stack_t
Some platforms used the wrong definition of stack_t where the flags and
size fields were swapped or where the flags field had type ulong instead
of int.
Due to the presence of padding space in the structure and the prevalence
of little-endian machines this problem went unnoticed for a long time.
The type definitions have been cross-checked with the ones defined in
the Linux kernel v5.9, plus some older versions for a few architecture
that have been removed and Xilinx's kernel fork for NiosII [1].
The bsd-user headers remain unchanged as I don't know if they are wrong
or not.
Paolo Bonzini [Mon, 9 Nov 2020 13:53:04 +0000 (08:53 -0500)]
pvpanic: Advertise the PVPANIC_CRASHLOADED event support
Advertise both types of events as supported when the guest OS
queries the pvpanic device. Currently only PVPANIC_PANICKED is
exposed; PVPANIC_CRASHLOADED must also be advertised, but only on
new machine types.
eth_get_gso_type() routine returns segmentation offload type based on
L3 protocol type. It calls g_assert_not_reached if L3 protocol is
unknown, making the following return statement unreachable. Remove the
g_assert call, it maybe triggered by a guest user.
Zhang Chen [Fri, 16 Oct 2020 05:52:06 +0000 (13:52 +0800)]
net/colo-compare.c: Change the timer clock type
The virtual clock only runs during the emulation. It stops
when the virtual machine is stopped.
The host clock should be used for device models that emulate accurate
real time sources. It will continue to run when the virtual machine
is suspended. COLO need to know the host time here.
Fixes: dd321ecfc2e ("colo-compare: Use IOThread to Check old packet
regularly and Process packets of the primary")
Rao, Lei [Fri, 16 Oct 2020 05:52:02 +0000 (13:52 +0800)]
Fix the qemu crash when guest shutdown in COLO mode
In COLO mode, if the startup parameters of QEMU include "no-shutdown",
QEMU will crash when the guest shutdown. The root cause is when the
guest shutdown, the state of VM will switch COLO to SHUTDOWN. When do
checkpoint again, the state will be changed to COLO. But the state
switch is undefined in runstate_transitions_def, we should add it.
This patch fixes the following:
qemu-system-x86_64: invalid runstate transition: 'shutdown' -> 'colo'
Aborted
Rao, Lei [Fri, 16 Oct 2020 05:52:01 +0000 (13:52 +0800)]
Reduce the time of checkpoint for COLO
we should set ram_bulk_stage to false after ram_state_init,
otherwise the bitmap will be unused in migration_bitmap_find_dirty.
all pages in ram cache will be flushed to the ram of secondary guest
for each checkpoint.
* remotes/pmaydell/tags/pull-target-arm-20201110:
target/arm/translate-neon.c: Handle VTBL UNDEF case before VFP access check
tests/qtest/npcm7xx_rng-test: count runs properly
hw/arm/nseries: Check return value from load_image_targphys()
hw/arm/musicpal: Only use qdev_get_gpio_in() when necessary
hw/arm/musicpal: Don't connect two qemu_irqs directly to the same input
hw/arm/nseries: Remove invalid/unnecessary n8x0_uart_setup()
hw/misc/stm32f2xx_syscfg: Remove extraneous IRQ
hw/arm/armsse: Correct expansion MPC interrupt lines
target/arm: Fix neon VTBL/VTBX for len > 1
hw/arm/virt: Remove dependency on Cortex-A15 MPCore peripherals
docs: add some notes on the sbsa-ref machine
target/arm: add space before the open parenthesis '('
target/arm: Don't use '#' flag of printf format
target/arm: add spaces around operator
ssi: Fix bad printf format specifiers
hw/arm/Kconfig: ARM_V7M depends on PTIMER
Peter Maydell [Tue, 10 Nov 2020 12:23:05 +0000 (12:23 +0000)]
Merge remote-tracking branch 'remotes/huth-gitlab/tags/pull-request-2020-11-10' into staging
* Some small qtest fixes
* Oss-fuzz updates
* Publish the docs built during gitlab CI to the user's gitlab.io page
* Update the OpenBSD VM test to v6.8
* Fix the device-crash-test script to run with the meson build system
* Some small s390x fixes
* remotes/huth-gitlab/tags/pull-request-2020-11-10:
s390x: Avoid variable size warning in ipl.h
s390x: fix clang 11 warnings in cpu_models.c
qtest: Update references to parse_escape() in comments
fuzz: add virtio-blk fuzz target
docs: add "page source" link to sphinx documentation
gitlab: force enable docs build in Fedora, Ubuntu, Debian
gitlab: publish the docs built during CI
configure: surface deprecated targets in the help output
fuzz: Make fork_fuzz.ld compatible with LLVM's LLD
scripts/oss-fuzz: give all fuzzers -target names
docs/fuzz: update fuzzing documentation post-meson
docs/fuzz: rST-ify the fuzzing documentation
MAINTAINERS: Add gitlab-pipeline-status script to GitLab CI section
gitlab-ci: Drop generic cache rule
tests/qtest/tpm: Remove redundant check in the tpm_test_swtpm_test()
qtest: Fix bad printf format specifiers
device-crash-test: Check if path is actually an executable file
tests/vm: update openbsd to release 6.8
meson: always include contrib/libvhost-user
Peter Maydell [Mon, 9 Nov 2020 14:53:24 +0000 (14:53 +0000)]
target/arm/translate-neon.c: Handle VTBL UNDEF case before VFP access check
Checks for UNDEF cases should go before the "is VFP enabled?" access
check, except in special cases. Move a stray UNDEF check in the VTBL
trans function up above the access check.
The number of runs is equal to the number of 0-1 and 1-0 transitions,
plus one. Currently, it's counting the number of times these transitions
do _not_ happen, plus one.
Source:
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-22r1a.pdf
section 2.3.4 point (3).
Peter Maydell [Tue, 3 Nov 2020 11:49:18 +0000 (11:49 +0000)]
hw/arm/nseries: Check return value from load_image_targphys()
The nseries machines have a codepath that allows them to load a
secondary bootloader. This code wasn't checking that the
load_image_targphys() succeeded. Check the return value and report
the error to the user.
While we're in the vicinity, fix the comment style of the
comment documenting what this image load is doing.
hw/arm/musicpal: Don't connect two qemu_irqs directly to the same input
The MusicPal board code connects both of the IRQ outputs of the UART
to the same INTC qemu_irq. Connecting two qemu_irqs outputs directly
to the same input is not valid as it produces subtly wrong behaviour
(for instance if both the IRQ lines are high, and then one goes
low, the INTC input will see this as a high-to-low transition
even though the second IRQ line should still be holding it high).
This kind of wiring needs an explicitly created OR gate; add one.
omap2420_mpu_init() introduced in commit 827df9f3c5f ("Add basic
OMAP2 chip support") takes care of creating the 3 UARTs.
Then commit 58a26b477e9 ("Emulate a serial bluetooth HCI with H4+
extensions and attach to n8x0's UART") added n8x0_uart_setup()
which create the UART and connects it to an IRQ output,
overwritting the existing peripheral and its IRQ connection.
This is incorrect.
Fortunately we don't need to fix this, because commit 6da68df7f9b
("hw/arm/nseries: Replace the bluetooth chardev with a "null"
chardev") removed the use of this peripheral. We can simply
remove the code.
The helper function did not get updated when we reorganized
the vector register file for SVE. Since then, the neon dregs
are non-sequential and cannot be simply indexed.
At the same time, make the helper function operate on 64-bit
quantities so that we do not have to call it twice.
Andrew Jones [Wed, 4 Nov 2020 10:33:43 +0000 (11:33 +0100)]
hw/arm/Kconfig: ARM_V7M depends on PTIMER
commit 32bd322a0134 ("hw/timer/armv7m_systick: Rewrite to use ptimers")
changed armv7m_systick to build on ptimers. Make sure we have ptimers
in the build when building armv7m_systick.
* remotes/vivier2/tags/linux-user-for-5.2-pull-request:
linux-user/sparc: Don't zero high half of PC, NPC, PSR in sigreturn
linux-user/sparc: Correct set/get_context handling of fp and i7
linux-user/sparc: Fix errors in target_ucontext structures
Peter Maydell [Tue, 10 Nov 2020 09:24:56 +0000 (09:24 +0000)]
Merge remote-tracking branch 'remotes/alistair/tags/pull-riscv-to-apply-20201109' into staging
This fixes two bugs in the RISC-V port. One is a bug in the
Ibex PLIC, the other fixes the Hypvervisor access functions.
# gpg: Signature made Tue 10 Nov 2020 03:53:49 GMT
# gpg: using RSA key F6C4AC46D4934868D3B8CE8F21E10D29DF977054
# gpg: Good signature from "Alistair Francis <[email protected]>" [full]
# Primary key fingerprint: F6C4 AC46 D493 4868 D3B8 CE8F 21E1 0D29 DF97 7054
* remotes/alistair/tags/pull-riscv-to-apply-20201109:
hw/intc/ibex_plic: Clear the claim register when read
target/riscv: Split the Hypervisor execute load helpers
target/riscv: Remove the hyp load and store functions
target/riscv: Remove the HS_TWO_STAGE flag
target/riscv: Set the virtualised MMU mode when doing hyp accesses
target/riscv: Add a virtualised MMU Mode
Daniele Buono [Thu, 5 Nov 2020 22:19:00 +0000 (17:19 -0500)]
s390x: Avoid variable size warning in ipl.h
S390IPLState contains two IplParameterBlock, which may in turn have
either a IPLBlockPV or a IplBlockFcp, both ending with a variable
sized field (an array).
This causes a warning with clang 11 or greater, which checks that
variable sized type are only allocated at the end of the struct:
In file included from ../qemu-cfi-v3/target/s390x/diag.c:21:
../qemu-cfi-v3/hw/s390x/ipl.h:161:23: error: field 'iplb' with variable sized type 'IplParameterBlock' (aka 'union IplParameterBlock') not at the end of a struct or class is a GNU extension [-Werror,-Wgnu-variable-sized-type-not-at-end]
IplParameterBlock iplb;
^
../qemu-cfi-v3/hw/s390x/ipl.h:162:23: error: field 'iplb_pv' with variable sized type 'IplParameterBlock' (aka 'union IplParameterBlock') not at the end of a struct or class is a GNU extension [-Werror,-Wgnu-variable-sized-type-not-at-end]
IplParameterBlock iplb_pv;
In this case, however, the warning is a false positive, because
IPLBlockPV and IplBlockFcp are allocated in a union wrapped at 4K,
making the union non-variable sized.
Fix the warning by turning the two variable sized arrays into arrays
of size 0. This avoids the compiler error and should produce the
same code.
Daniele Buono [Thu, 5 Nov 2020 22:18:58 +0000 (17:18 -0500)]
s390x: fix clang 11 warnings in cpu_models.c
There are void * pointers that get casted to enums, in cpu_models.c
Such casts can result in a small integer type and are caught as
warnings with clang, starting with version 11:
Clang 11 finds a bunch of spots in the code that trigger this new warnings:
../qemu-base/target/s390x/cpu_models.c:985:21: error: cast to smaller integer type 'S390Feat' from 'void *' [-Werror,-Wvoid-pointer-to-enum-cast]
S390Feat feat = (S390Feat) opaque;
^~~~~~~~~~~~~~~~~
../qemu-base/target/s390x/cpu_models.c:1002:21: error: cast to smaller integer type 'S390Feat' from 'void *' [-Werror,-Wvoid-pointer-to-enum-cast]
S390Feat feat = (S390Feat) opaque;
^~~~~~~~~~~~~~~~~
../qemu-base/target/s390x/cpu_models.c:1036:27: error: cast to smaller integer type 'S390FeatGroup' from 'void *' [-Werror,-Wvoid-pointer-to-enum-cast]
S390FeatGroup group = (S390FeatGroup) opaque;
^~~~~~~~~~~~~~~~~~~~~~
../qemu-base/target/s390x/cpu_models.c:1057:27: error: cast to smaller integer type 'S390FeatGroup' from 'void *' [-Werror,-Wvoid-pointer-to-enum-cast]
S390FeatGroup group = (S390FeatGroup) opaque;
^~~~~~~~~~~~~~~~~~~~~~
4 errors generated.
Avoid this warning by casting the pointer to uintptr_t first.
Peter Maydell [Mon, 9 Nov 2020 16:26:21 +0000 (16:26 +0000)]
qtest: Update references to parse_escape() in comments
In commit 61030280ca2d67bd in 2018 we renamed the parse_escape()
function to parse_interpolation(), but we didn't catch the references
to this function in doc comments in libqtest.h. Update them.
Dima Stepanov [Mon, 9 Nov 2020 11:25:50 +0000 (14:25 +0300)]
fuzz: add virtio-blk fuzz target
The virtio-blk fuzz target sets up and fuzzes the available virtio-blk
queues. The implementation is based on two files:
- tests/qtest/fuzz/virtio_scsi_fuzz.c
- tests/qtest/virtio_blk_test.c
gitlab: force enable docs build in Fedora, Ubuntu, Debian
Meson runs a test to see if Sphinx works, and automatically disables it
on error. This can lead to the CI jobs skipping docs build without
maintainers noticing the problem. Use --enable-docs to force a fatal
error if Sphinx doesn't work on the jobs where we expect it to be OK.
Most of the build jobs will create the sphinx documentation. If we
expose this as an artifact of a "pages" job in a "public" directory, it
will get published using GitLab Pages. This means a user can push a
branch with docs changes to GitLab and view the results at
Daniele Buono [Thu, 5 Nov 2020 22:18:57 +0000 (17:18 -0500)]
fuzz: Make fork_fuzz.ld compatible with LLVM's LLD
LLVM's linker, LLD, supports the keyword "INSERT AFTER", starting with
version 11.
However, when multiple sections are defined in the same "INSERT AFTER",
they are added in a reversed order, compared to BFD's LD.
This patch makes fork_fuzz.ld generic enough to work with both linkers.
Each section now has its own "INSERT AFTER" keyword, so proper ordering is
defined between the sections added.
This was also not a complete fix, because though OSS-Fuzz
ignores the renamed fuzzer, the underlying ClusterFuzz, doesn't:
https://storage.googleapis.com/clusterfuzz-builds/qemu/targets.list.address
https://oss-fuzz-build-logs.storage.googleapis.com/log-9bfb55f9-1c20-4aa6-a49c-ede12864eeb2.txt
(clusterfuzz still lists qemu-fuzz-i386.base as a fuzzer)
This change keeps the hard-links, but makes them all point to a file
with a qemu-fuzz-i386-target-.. name. If we have targets, A, B, C, the
result will be:
The result should be that every file that looks like a fuzzer to
OSS-Fuzz/ClusterFuzz, can run as a fuzzer (we don't have a separate base
copy). Unfortunately, there is not simple way to test this locally.
In the future, it might be worth it to link the majority of QEMU in as a
shared-object (see https://github.com/google/oss-fuzz/issues/4575 )
Peter Maydell [Thu, 5 Nov 2020 21:23:14 +0000 (21:23 +0000)]
linux-user/sparc: Don't zero high half of PC, NPC, PSR in sigreturn
The function do_sigreturn() tries to store the PC, NPC and PSR in
uint32_t local variables, which implicitly drops the high half of
these fields for 64-bit guests.
The usual effect was that a guest which used signals would crash on
return from a signal unless it was lucky enough to take it while the
PC was in the low 4GB of the address space. In particular, Debian
/bin/dash and /bin/bash would segfault after executing external
commands.
Use abi_ulong, which is the type these fields all have in the
__siginfo_t struct.
Peter Maydell [Thu, 5 Nov 2020 21:23:13 +0000 (21:23 +0000)]
linux-user/sparc: Correct set/get_context handling of fp and i7
Because QEMU's user-mode emulation just directly accesses guest CPU
state, for SPARC the guest register window state is not the same in
the sparc64_get_context() and sparc64_set_context() functions as it
is for the real kernel's versions of those functions. Specifically,
for the kernel it has saved the user space state such that the O*
registers go into a pt_regs struct as UREG_I*, and the I* registers
have been spilled onto the userspace stack. For QEMU, we haven't
done that, so the guest's O* registers are still in WREG_O* and the
I* registers in WREG_I*.
The code was already accessing the O* registers correctly for QEMU,
but had copied the kernel code for accessing the I* registers off the
userspace stack. Replace this with direct accesses to fp and i7 in
the CPU state, and add a comment explaining why we differ from the
kernel code here.
This fix is sufficient to get bash to a shell prompt.
Peter Maydell [Thu, 5 Nov 2020 21:23:12 +0000 (21:23 +0000)]
linux-user/sparc: Fix errors in target_ucontext structures
The various structs that make up the SPARC target_ucontext had some
errors:
* target structures must not include fields which are host pointers,
which might be the wrong size. These should be abi_ulong instead
* because we don't have the 'long double' part of the mcfpu_fregs
union in our version of the target_mc_fpu struct, we need to
manually force it to be 16-aligned
In particular, the lack of 16-alignment caused sparc64_get_context()
and sparc64_set_context() to read and write all the registers at the
wrong offset, which triggered a guest glibc stack check in
siglongjmp:
*** longjmp causes uninitialized stack frame ***: terminated
when trying to run bash.
hw/intc/ibex_plic: Clear the claim register when read
After claiming the interrupt by reading the claim register we want to
clear the register to make sure the interrupt doesn't appear at the next
read.
This matches the documentation for the claim register as when an interrupt
is claimed by a target the relevant bit of IP is cleared (which we already
do): https://docs.opentitan.org/hw/ip/rv_plic/doc/index.html
target/riscv: Remove the hyp load and store functions
Remove the special Virtulisation load and store functions and just use
the standard tcg tcg_gen_qemu_ld_tl() and tcg_gen_qemu_st_tl() functions
instead.
As part of this change we ensure we still run an access check to make
sure we can perform the operations.
Peter Maydell [Mon, 9 Nov 2020 19:33:07 +0000 (19:33 +0000)]
Merge remote-tracking branch 'remotes/maxreitz/tags/pull-block-2020-11-09-v2' into staging
Block patches for 5.2.0-rc1:
- Some nvme fixes (addressing problems spotted by Coverity)
- Fix nfs compiling on mingw (and enable it in Cirrus)
- Fix an error path in bdrv_co_invalidate_cache() (permission update
was initiated, but not aborted)
- Fix (on-error) roll back in bdrv_drop_intermediate(): Instead of
inlining bdrv_replace_node() (wrongly), call that function
- Fix for iotest 240
- Fix error handling in bdrv_getlength()
- Be more explicit about how QCowL2Meta objects are handled
- Cleanups
* remotes/maxreitz/tags/pull-block-2020-11-09-v2:
block: make bdrv_drop_intermediate() less wrong
block: add bdrv_replace_node_common()
block: add forgotten bdrv_abort_perm_update() to bdrv_co_invalidate_cache()
block: Fix some code style problems, "foo* bar" should be "foo *bar"
block: Fix integer promotion error in bdrv_getlength()
block: enable libnfs on msys2/mingw in cirrus.yml
block: Fixes nfs compiling error on msys2/mingw
iotests: rewrite iotest 240 in python
iotests: add filter_qmp_virtio_scsi function
hw/block/nvme: fix free of array-typed value
hw/block/nvme: fix uint16_t use of uint32_t sgls member
hw/block/nvme: fix null ns in register namespace
qcow2: Document and enforce the QCowL2Meta invariants
block: Move bdrv_drain_all_end_quiesce() to block_int.h
block: Remove unused include
First, permission update loop tries to do iterations transactionally,
but the whole update is not transactional: nobody roll-back successful
loop iterations when some iteration fails.
Second, in the iteration we have nested permission update:
c->klass->update_filename may point to bdrv_child_cb_update_filename()
which calls bdrv_backing_update_filename(), which may do node reopen to
RW.
Permission update system is not prepared to nested updates, at least it
has intermediate permission-update state stored in BdrvChild
structures: has_backup_perm, backup_perm and backup_shared_perm.
So, let's first do bdrv_replace_node_common() (which is more
transactional than open-coded update in bdrv_drop_intermediate()) and
then call update_filename() in separate. We still do not rollback
changes in case of update_filename() failure but it's not much worse
than pre-patch behavior.
Note that bdrv_replace_node_common() does check for frozen children,
so corresponding check is dropped in bdrv_drop_intermediate().
Add new parameter to bdrv_replace_node(): auto_skip. With
auto_skip=false we'll have stricter behavior: update _all_ from
parents or fail. New behaviour will be used in the following commit in
block.c, so keep original function name as public interface.
Note: new error message is a bit funny in contrast with further
"Cannot" in case of frozen child, but we'd better keep some difference
to make it possible to distinguish one from another on failure. Still,
actually we'd better refactor should_update_child() call to distinguish
also different kinds of "should not". Let's do it later.
shiliyang [Fri, 30 Oct 2020 03:35:12 +0000 (11:35 +0800)]
block: Fix some code style problems, "foo* bar" should be "foo *bar"
There have some code style problems be found when read the block driver code.
So I fixes some problems of this error, ERROR: "foo* bar" should be "foo *bar".
This cache rule is meant for Avocado artifacts, but affects
all jobs. Moreover the 'acceptance_template' template already
include a more detailled rule to cache artifacts.
AlexChen [Thu, 5 Nov 2020 15:03:36 +0000 (23:03 +0800)]
tests/qtest/tpm: Remove redundant check in the tpm_test_swtpm_test()
The 'addr' would not be NULL after checking 'succ' is valid,
and it has been dereferenced in the previous code(args = g_strdup_printf()).
So the check on 'addr' in the tpm_test_swtpm_test() is redundant. Remove it.
Eduardo Habkost [Mon, 26 Oct 2020 12:52:38 +0000 (08:52 -0400)]
device-crash-test: Check if path is actually an executable file
After the transition to Meson, the build directory now have
subdirectories named "qemu-system-*.p", and device-crash-test
will try to execute them as if they were binaries. This results
in errors like:
Stefan Hajnoczi [Fri, 6 Nov 2020 21:03:40 +0000 (21:03 +0000)]
meson: always include contrib/libvhost-user
libvhost-user is needed when CONFIG_LINUX is set. The CONFIG_VHOST_USER
check in meson.build is incorrect.
In fact, no explicit check is needed since this dependency is not built
by default. If something declares a dependency on libvhost-user then it
will be built, otherwise it won't be built (i.e. on non-Linux hosts).
This fixes ./configure --disable-vhost-user && make.
Eric Blake [Thu, 5 Nov 2020 15:51:22 +0000 (09:51 -0600)]
block: Fix integer promotion error in bdrv_getlength()
Back in 2015, we attempted to fix error reporting for images that
claimed to have more than INT64_MAX/512 sectors, but due to the type
promotions caused by BDRV_SECTOR_SIZE being unsigned, this
inadvertently forces all negative ret values to be slammed into -EFBIG
rather than the original error. While we're at it, we can avoid the
confusing ?: by spelling the logic more directly.
Yonggang Luo [Thu, 5 Nov 2020 12:31:15 +0000 (20:31 +0800)]
block: Fixes nfs compiling error on msys2/mingw
These compiling errors are fixed:
../block/nfs.c:27:10: fatal error: poll.h: No such file or directory
27 | #include <poll.h>
| ^~~~~~~~
compilation terminated.
../block/nfs.c:63:5: error: unknown type name 'blkcnt_t'
63 | blkcnt_t st_blocks;
| ^~~~~~~~
../block/nfs.c: In function 'nfs_client_open':
../block/nfs.c:550:27: error: 'struct _stat64' has no member named 'st_blocks'
550 | client->st_blocks = st.st_blocks;
| ^
../block/nfs.c: In function 'nfs_get_allocated_file_size':
../block/nfs.c:751:41: error: 'struct _stat64' has no member named 'st_blocks'
751 | return (task.ret < 0 ? task.ret : st.st_blocks * 512);
| ^
../block/nfs.c: In function 'nfs_reopen_prepare':
../block/nfs.c:805:31: error: 'struct _stat64' has no member named 'st_blocks'
805 | client->st_blocks = st.st_blocks;
| ^
../block/nfs.c: In function 'nfs_get_allocated_file_size':
../block/nfs.c:752:1: error: control reaches end of non-void function [-Werror=return-type]
752 | }
| ^
On msys2/mingw, there is no st_blocks in struct _stat64 yet, we disable the usage of it
on msys2/mingw, and create a typedef long long blkcnt_t; for further implementation
Klaus Jensen [Wed, 4 Nov 2020 10:22:48 +0000 (11:22 +0100)]
hw/block/nvme: fix free of array-typed value
Since 7f0f1acedf15 ("hw/block/nvme: support multiple namespaces"), the
namespaces member of NvmeCtrl is no longer a dynamically allocated
array. Remove the free.
Alberto Garcia [Wed, 7 Oct 2020 16:13:23 +0000 (18:13 +0200)]
qcow2: Document and enforce the QCowL2Meta invariants
The QCowL2Meta structure is used to store information about a part of
a write request that touches clusters that need changes in their L2
entries. This happens with newly-allocated clusters or subclusters.
This structure has changed a bit since it was first created and its
current documentation is not quite up-to-date.
A write request can span a region consisting of a combination of
clusters of different types, and qcow2_alloc_host_offset() can
repeatedly call handle_copied() and handle_alloc() to add more
clusters to the mix as long as they all are contiguous on the image
file.
Because of this a write request has a list of QCowL2Meta structures,
one for each part of the request that needs changes in the L2
metadata.
Each one of them spans nb_clusters and has two copy-on-write regions
located immediately before and after the middle region touched by that
part of the write request. Even when those regions themselves are
empty their offsets must be correct because they are used to know the
location of the middle region.
This was not always the case but it is not a problem anymore
because the only two places where QCowL2Meta structures are created
(calculate_l2_meta() and qcow2_co_truncate()) ensure that the
copy-on-write regions are correctly defined, and so do assertions like
the ones in perform_cow().
The conditional initialization of the 'written_to' variable is
therefore unnecessary and is removed by this patch.
CI jobs results:
. https://cirrus-ci.com/build/5340929353580544
. https://gitlab.com/philmd/qemu/-/pipelines/213407241
. https://travis-ci.org/github/philmd/qemu/builds/742315021
# gpg: Signature made Sun 08 Nov 2020 23:58:37 GMT
# gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <[email protected]>" [full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE
Peter Maydell [Mon, 9 Nov 2020 10:10:49 +0000 (10:10 +0000)]
Merge remote-tracking branch 'remotes/philmd-gitlab/tags/mips-fixes-20201109' into staging
MIPS patches queue
- Deprecate nanoMIPS ISA
- Fix PageMask with variable page size (Huacai Chen)
- Fix memory leak in boston_fdt_filter (Coverity CID 1432275, Peter Maydell)
CI jobs results:
. https://cirrus-ci.com/build/5439131968864256
. https://gitlab.com/philmd/qemu/-/pipelines/213403385
. https://travis-ci.org/github/philmd/qemu/builds/742312387
# gpg: Signature made Sun 08 Nov 2020 23:41:19 GMT
# gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <[email protected]>" [full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE
* remotes/philmd-gitlab/tags/mips-fixes-20201109:
hw/mips/boston: Fix memory leak in boston_fdt_filter() error-handling paths
target/mips: Fix PageMask with variable page size
target/mips: Deprecate nanoMIPS ISA
projects / qemu.git / log