Alistair Francis [Wed, 11 Mar 2015 13:21:05 +0000 (13:21 +0000)]
stm32f2xx_SYSCFG: Add the stm32f2xx SYSCFG
This patch adds the stm32f2xx System Configuration
Controller. This is used to configure what memory is mapped
at address 0 (although that is not supported) as well
as configure how the EXTI interrupts work (also not
supported at the moment).
This device is not required for basic examples, but more
complex systems will require it (as well as the EXTI device)
Ard Biesheuvel [Wed, 11 Mar 2015 13:21:05 +0000 (13:21 +0000)]
hw/arm/virt: fix cmdline parsing bug with CPU options and smp > 1
The recently introduced feature that allows 32 bit guests to be
executed under KVM on a 64-bit host incorrectly handles the case
where more than 1 cpu is specified using '-smp N'
qemu-system-aarch64: Expected key=value format, found aarch64
which is caused by the destructive parsing performed by
cpu_common_parse_features(), resulting in subsequent attempts
to parse the CPU option string (for each additional CPU) to fail.
So duplicate the string before parsing it, and free it directly
afterwards.
Peter Maydell [Wed, 11 Mar 2015 11:12:35 +0000 (11:12 +0000)]
Merge remote-tracking branch 'remotes/ehabkost/tags/x86-pull-request' into staging
X86 patches queued in the last few weeks. Mostly code cleanup and changes on
code assigning APIC ID.
# gpg: Signature made Mon Mar 9 20:40:38 2015 GMT using RSA key ID 984DC5A6
# gpg: Can't check signature: public key not found
* remotes/ehabkost/tags/x86-pull-request:
target-i386: Require APIC ID to be explicitly set before CPU realize
target-i386: Move APIC ID compatibility code to pc.c
target-i386: Move CPUX86State::cpuid_apic_id to X86CPU::apic_id
target-i386: Remove unused APIC ID default code
target-i386: Eliminate unnecessary get_cpuid_vendor() function
target-i386: Simplify listflags() function
target-i386: Move topology.h to include/hw/i386
Peter Maydell [Wed, 11 Mar 2015 08:44:59 +0000 (08:44 +0000)]
Merge remote-tracking branch 'remotes/mcayland/tags/qemu-sparc-signed' into staging
qemu-sparc update
# gpg: Signature made Tue Mar 10 13:39:51 2015 GMT using RSA key ID AE0F321F
# gpg: Good signature from "Mark Cave-Ayland <[email protected]>"
* remotes/mcayland/tags/qemu-sparc-signed:
sun4u: switch m48t59 NVRAM to MMIO access
MAINTAINERS: add myself as SPARC maintainer
doc: minor updates to SPARC32 and SPARC64 documentation
m48t59: add m48t59 sysbus device
m48t59: introduce new base-year qdev property
m48t59: let init functions return a Nvram object
m48t59: add a Nvram interface
m48t59: register a QOM type for each nvram type we support
m48t59: move ISA ports/memory regions registration to QOM constructor
Peter Maydell [Tue, 10 Mar 2015 19:28:09 +0000 (19:28 +0000)]
Merge remote-tracking branch 'remotes/kraxel/tags/pull-vnc-20150310-1' into staging
vnc bugfixes.
# gpg: Signature made Tue Mar 10 10:37:51 2015 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <[email protected]>"
# gpg: aka "Gerd Hoffmann <[email protected]>"
# gpg: aka "Gerd Hoffmann (private) <[email protected]>"
* remotes/kraxel/tags/pull-vnc-20150310-1:
Fix crash when connecting to VNC through websocket
vnc: -readconfig fix
vnc: set id at parse time not init time
Peter Maydell [Tue, 10 Mar 2015 18:03:02 +0000 (18:03 +0000)]
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
- scsi: improvements to error reporting and conversion to realize,
Coverity/sparse fix for iscsi driver
- RCU fallout: fix -daemonize and s390x system emulation
- KVM: kvm_stat improvements and new man page
- x86: SYSRET fix for VxWorks
# gpg: Signature made Tue Mar 10 10:18:45 2015 GMT using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <[email protected]>"
# gpg: aka "Paolo Bonzini <[email protected]>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini/tags/for-upstream:
x86: fix SS selector in SYSRET
scsi: Convert remaining PCI HBAs to realize()
scsi: Improve error reporting for invalid drive property
hw: Propagate errors through qdev_prop_set_drive()
scsi: Clean up duplicated error in legacy if=scsi code
cpus: initialize cpu->memory_dispatch
rcu: handle forks safely
qemu-thread: do not use PTHREAD_MUTEX_ERRORCHECK
kvm_stat: add kvm_stat.1 man page
kvm_stat: add column headers to text UI
iscsi: Fix check for username
Peter Maydell [Tue, 10 Mar 2015 14:01:22 +0000 (14:01 +0000)]
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
Block patches for 2.3
# gpg: Signature made Tue Mar 10 13:03:17 2015 GMT using RSA key ID C88F2FD6
# gpg: Good signature from "Kevin Wolf <[email protected]>"
* remotes/kevin/tags/for-upstream: (73 commits)
MAINTAINERS: Add jcody as blockjobs, block devices maintainer
iotests: add O_DIRECT alignment probing test
block/raw-posix: fix launching with failed disks
MAINTAINERS: Add jsnow as IDE maintainer
sheepdog: Fix misleading error messages in sd_snapshot_create()
Add testcase for scsi-hd devices without drive property
scsi-hd: fix property unset case
block/vdi: Add locking for parallel requests
iotests: Drop vpc from 004's and 104's format list
iotests: Remove 006
iotests: Fix 051's reference output
virtio-blk: Remove the stale FIXME comment
tests: Check QVIRTIO_F_ANY_LAYOUT flag in virtio-blk test
libqos: Solve bug in interrupt checking when using MSIX in virtio-pci.c
sheepdog: fix confused return values
qtest/ahci: add fragmented dma test
qtest/ahci: Add PIO and LBA48 tests
qtest/ahci: Add DMA test variants
libqos/ahci: add ahci command helpers
qtest/ahci: Add a macro bootup routine
...
As we split out the block layer, we will begin using the qemu-block
mailing list as a catchall for all of the block layer subcomponents.
Please CC [email protected] for all block layer patches, including
any that touch the above listed areas.
Stefan Hajnoczi [Thu, 5 Mar 2015 21:38:18 +0000 (15:38 -0600)]
iotests: add O_DIRECT alignment probing test
This test case checks that image files can be opened even if I/O
produces EIO errors. QEMU should not refuse opening failed disks since
the guest may be configured for multipath I/O where accessing failed
disks is expected.
Previously, QEMU would launch successfully and the guest would see the
errors when attempting I/O.
This is a regression and may prevent multipath I/O inside the guest,
where QEMU must launch and let the guest figure out by itself which
disks are online.
Tweak the alignment probing code in raw-posix.c to explicitly look for
EINVAL on Linux instead of bailing. The kernel refuses misaligned
requests with this error code and other error codes can be ignored.
John Snow [Thu, 5 Mar 2015 04:37:55 +0000 (23:37 -0500)]
MAINTAINERS: Add jsnow as IDE maintainer
It has been proposed that the block layer be split up into smaller,
more manageable portions to help speed up the review and merging of
block layer patches.
As part of this process, I propose that I take over the IDE, ATA, ATAPI
and FD devices.
As we split out the block layer, we will begin using the qemu-block
mailing list as a catchall for all of the block layer subcomponents.
Please CC [email protected] for all block layer patches, including
any that touch the IDE/Floppy devices.
Commit c53659f0 ("BlockConf: Call backend functions to detect geometry
and blocksizes") causes a segmentation fault on the invalid
configuration of a scsi device without a drive.
Let's check for conf.blk before calling blkconf_blocksizes. The error
will be handled later on in scsi_realize anyway.
Max Reitz [Fri, 27 Feb 2015 19:54:39 +0000 (14:54 -0500)]
block/vdi: Add locking for parallel requests
When allocating a new cluster, the first write to it must be the one
doing the allocation, because that one pads its write request to the
cluster size; if another write to that cluster is executed before it,
that write will be overwritten due to the padding.
See https://bugs.launchpad.net/qemu/+bug/1422307 for what can go wrong
without this patch.
Max Reitz [Tue, 3 Mar 2015 21:22:39 +0000 (16:22 -0500)]
iotests: Drop vpc from 004's and 104's format list
Both tests require the test image to have a specific size; this cannot
be guaranteed by vpc (unless tuning the test specifically for that
format).
It is safe to exclude vpc from 004 because what is tested there is
implemented in a generic part in the block layer and not
format-specific.
It is safe to exclude vpc from 104 because for vpc basically every image
size is "unaligned", so if that would break at some point in time, we
would quickly notice just by running the generic tests.
Fam Zheng [Mon, 16 Feb 2015 04:09:40 +0000 (12:09 +0800)]
virtio-blk: Remove the stale FIXME comment
By default, we have ioeventfd enabled, so the IO request processing is
in IO thread; in the vcpu thread, guest mode is returned to as quickly
as possible, and completion is delivered via irqfd. Therefore this
comment from the initial implementation is barely relevant.
Marc Marí [Tue, 24 Feb 2015 16:34:14 +0000 (17:34 +0100)]
libqos: Solve bug in interrupt checking when using MSIX in virtio-pci.c
The MSIX interrupt was always acked without checking its value, which caused a
race condition. If the ISR was raised between the read and the acking, the ISR
was never detected and it timed out.
John Snow [Wed, 25 Feb 2015 23:06:39 +0000 (18:06 -0500)]
qtest/ahci: Add PIO and LBA48 tests
In addition to DMA tests, test PIO and LBA48 command pathways in AHCI.
To accomplish this, a primitive multiplexer for gtest is added.
Though guests may prefer not to issue PIO commands directly except
for single sector cases during early boot and shutdown, these pathways
are still used for the transfer of ATAPI commands as well, and should
be behaving well.
John Snow [Wed, 25 Feb 2015 23:06:38 +0000 (18:06 -0500)]
qtest/ahci: Add DMA test variants
These test a few different pathways in the AHCI code.
short: Test the minimum transfer size, exactly one sector.
simple: Test a transfer using a single PRD, in this case, 4K.
double: Test transferring 8K, which we will split up as two PRDs.
long: Test transferring a lot of data using many PRDs, 256K. Signed-off-by: John Snow <[email protected]>
Message-id: 1424905602[email protected] Signed-off-by: Stefan Hajnoczi <[email protected]> Signed-off-by: Kevin Wolf <[email protected]>
John Snow [Wed, 25 Feb 2015 23:06:37 +0000 (18:06 -0500)]
libqos/ahci: add ahci command helpers
ahci_command_set_flags: Set additional flags in the command header.
ahci_command_clr_flags: Clear flags from the command header.
ahci_command_set_offset: Change the IO sector from 0.
ahci_command_adjust: Adjust many values simultaneously.
To be used to adjust the command header if the default values/guesses
were incorrect or undesirable.
John Snow [Wed, 25 Feb 2015 23:06:36 +0000 (18:06 -0500)]
qtest/ahci: Add a macro bootup routine
Add a routine that can be used to engage the AHCI
device at a not-granular level so that bringing up
the functionality of the HBA is easy in future tests
that are not concerned with testing the bring-up process.
John Snow [Mon, 23 Feb 2015 16:18:06 +0000 (11:18 -0500)]
qtest/ide: Test flush / retry for ISA and PCI
This patch adds tests for werror and rerror functionality
for the PCI and ISA ide buses.
Tests for the AHCI device are to be included at a later
date after requisite patches have been merged upstream
to support needed functionality by the tests.
John Snow [Mon, 23 Feb 2015 16:18:05 +0000 (11:18 -0500)]
ahci: Recompute cur_cmd on migrate post load
When the AHCI HBA device is migrated, all of the information that
led to the request being created is stored in the AHCIDevice
structures, except for pointers into guest data where return
information needs to be stored.
The "cur_cmd" field is usually responsible for this.
To rebuild the cur_cmd pointer post-migration, we can utilize
the busy_slot index to figure out where the command header
we are still processing is.
This allows a machine in a halted state from rerror=stop or
werror=stop to be migrated and resume operations without issue.
Paolo Bonzini [Mon, 23 Feb 2015 16:18:04 +0000 (11:18 -0500)]
ahci: add support for restarting non-queued commands
This is easy, since start_dma already restarts processing from the
beginning of the PRDT.
Migration is also easy to cover; the comment about busy_slot is
wrong, busy_slot will only be set if there is an error. In this
case we have nothing to do really. The core IDE code will restart
the operation and command list processing will proceed after the
erroring command has been completed.
John Snow [Mon, 23 Feb 2015 16:18:03 +0000 (11:18 -0500)]
ahci: Migrate IDEStatus
Amazingly, we weren't doing this before.
Make sure we migrate the IDEState structure that belongs to
the AHCIDevice.IDEBus structure during migrations.
No version numbering changes because AHCI is not officially
migratable (and we can all see with good reason why) so we
do not impact any official builds by altering the stream and
leaving it at version 1.
This fixes the rerror=stop/werror=stop test case where we wish
to migrate a halted job. Previously, the error code would not
migrate, so even if the job completed successfully, AHCI would
report an error because it would still have the placeholder
error code from initialization time.
Paolo Bonzini [Mon, 23 Feb 2015 16:18:00 +0000 (11:18 -0500)]
ide: commonize io_buffer_index initialization
Resetting the io_buffer_index to 0 is commonized,
with the exception of the case within ide_atapi_cmd_reply,
where we need to reset this index to 0 prior to the
ide_atapi_cmd_reply_end call.
Note that not all calls to ide_atapi_cmd_reply_end
expect the index to be 0, so setting it there is
not appropriate.
Paolo Bonzini [Mon, 23 Feb 2015 16:17:59 +0000 (11:17 -0500)]
ide: migrate initial request state via IDEBus
This only breaks backwards migration compatibility if the bus is in
an error state. It is in principle possible to avoid this by making
two subsections (one for version 1, and one for version 2, but with
the same name) with different "_needed" callbacks. The v1 callback would
return true if error_status != 0 and the bus is PATA; the v2 callback
would return true if error_status != 0 and the bus is AHCI.
Paolo Bonzini [Mon, 23 Feb 2015 16:17:55 +0000 (11:17 -0500)]
ide: move restart callback to common code
With BMDMA specific excised from the restart functions,
create a HBA-agnostic restart callback to be shared
between the different HBAs.
Change the callback registered with the vmstate_change
handler to always point to ide_restart_cb instead of
relying on the IDEDMAOps.restart_cb() member.
Paolo Bonzini [Mon, 23 Feb 2015 16:17:52 +0000 (11:17 -0500)]
ide: introduce ide_register_restart_cb
A helper is added that registers the IDEDMAOp .restart_cb()
via qemu_add_vm_change_state_handler instead of requiring
each HBA to register the callback themselves.
Paolo Bonzini [Mon, 23 Feb 2015 16:17:51 +0000 (11:17 -0500)]
ide: prepare to move restart to common code
This patch adds the restart_dma callback and adjusts
the ide_restart_dma function to utilize this callback
to call the BMDMA-specific restart code instead of statically
executing BMDMA-specific code.
BlockConf: Call backend functions to detect geometry and blocksizes
geometry: hd_geometry_guess function autodetects the drive geometry.
This patch adds a block backend call, that probes the backing device
geometry. If the inner driver method is implemented and succeeds
(currently only for DASDs), the blkconf_geometry will pass-through
the backing device geometry. Otherwise will fallback to old logic.
blocksize: This patch initializes blocksize properties to 0.
In order to set the property a blkconf_blocksizes was introduced.
If user didn't set physical or logical blocksize, it will
retrieve its value from a driver (only succeeds for DASD), otherwise
it will set default 512 value.
The blkconf_blocksizes call was added to all users of BlkConf.
block: Add driver methods to probe blocksizes and geometry
Introduce driver methods of defining disk blocksizes (physical and
logical) and hard drive geometry.
Methods are only implemented for "host_device". For "raw" devices
driver calls child's method.
For now geometry detection will only work for DASD devices. To check
that a local check_for_dasd function was introduced. It calls BIODASDINFO2
ioctl and returns its rc.
Blocksizes detection function will probe sizes for DASD devices.
John Snow [Fri, 6 Feb 2015 21:26:17 +0000 (16:26 -0500)]
blkdebug: fix "once" rule
Background:
The blkdebug scripts are currently engineered so that when a debug
event occurs, a prefilter browses a master list of parsed rules for a
certain event and adds them to an "active list" of rules to be used for
the forthcoming action, provided the events and state numbers match.
Then, once the request is received, the last active rule is used to
inject an error if certain parameters match.
This active list is cleared every time the prefilter injects a new
rule for the first time during a debug event.
The "once" rule currently causes the error injection, if it is
triggered, to only clear the active list. This is insufficient for
preventing future injections of the same rule.
Remedy:
This patch /deletes/ the rule from the list that the prefilter
browses, so it is gone for good. In V2, we remove only the rule of
interest from the active list instead of allowing the "once" rule to
clear the entire list of active rules.
Impact:
This affects iotests 026. Several ENOSPC tests that used "once" can
be seen to have output that shows multiple failure messages. After
this patch, the error messages tend to be smaller and less severe, but
the injection can still be seen to be working. I have patched the
expected output to expect the smaller error messages.
Max Reitz [Wed, 18 Feb 2015 22:40:48 +0000 (17:40 -0500)]
iotests: Prepare for refcount_bits option
Some tests do not work well with certain refcount widths (i.e. you
cannot create internal snapshots with refcount_bits=1), so make those
widths unsupported.
Furthermore, add another filter to _filter_img_create in common.filter
which filters out the refcount_bits value.
This is necessary for test 079, which does actually work with any
refcount width, but invoking qemu-img directly leads to the
refcount_bits value being visible in the output; use _make_test_img
instead which will filter it out.
Max Reitz [Wed, 18 Feb 2015 22:40:47 +0000 (17:40 -0500)]
qcow2: Use symbolic macros in qcow2_amend_options
qcow2_amend_options() should not compare options against some inline
strings but rather use the symbolic macros available for each of the
creation options.
Max Reitz [Wed, 18 Feb 2015 22:40:46 +0000 (17:40 -0500)]
qcow2: refcount_order parameter for qcow2_create2
Add a refcount_order parameter to qcow2_create2(), use that value for
the image header and for calculating the size required for
preallocation.
For now, always pass 4.
This addition requires changes to the calculation of the file size for
the "full" and "falloc" preallocation modes. That in turn is a nice
opportunity to add a comment about that calculation not necessarily
being exact (and that being intentional).
Max Reitz [Tue, 10 Feb 2015 20:28:52 +0000 (15:28 -0500)]
qcow2: Open images with refcount order != 4
No longer refuse to open images with a different refcount entry width
than 16 bits; only reject images with a refcount width larger than 64
bits (which is prohibited by the specification).
Max Reitz [Tue, 10 Feb 2015 20:28:51 +0000 (15:28 -0500)]
qcow2: More helpers for refcount modification
Add helper functions for getting and setting refcounts in a refcount
array for any possible refcount order, and choose the correct one during
refcount initialization.
Max Reitz [Tue, 10 Feb 2015 20:28:50 +0000 (15:28 -0500)]
qcow2: Helper function for refcount modification
Since refcounts do not always have to be a uint16_t, all refcount blocks
and arrays in memory should not have a specific type (thus they become
pointers to void) and for accessing them, two helper functions are used
(a getter and a setter). Those functions are called indirectly through
function pointers in the BDRVQcowState so they may later be exchanged
for different refcount orders.
With the check and repair functions using this function, the refcount
array they are creating will be in big endian byte order; additionally,
using realloc_refcount_array() makes the size of this refcount array
always cluster-aligned. Both combined allow rebuild_refcount_structure()
to drop the bounce buffer which was used to convert parts of the
refcount array to big endian byte order and store them on disk. Instead,
those parts can now be written directly.
[ kwolf: Fixed a build failure on 32 bit and another with old glib ]
Max Reitz [Tue, 10 Feb 2015 20:28:49 +0000 (15:28 -0500)]
qcow2: Helper for refcount array reallocation
Add a helper function for reallocating a refcount array, independent of
the refcount order. The newly allocated space is zeroed and the function
handles failed reallocations gracefully.
The helper function will always align the buffer size to a cluster
boundary; if storing the refcounts in such an array in big endian byte
order, this makes it possible to write parts of the array directly as
refcount blocks into the image file.
Max Reitz [Tue, 10 Feb 2015 20:28:47 +0000 (15:28 -0500)]
qcow2: Use unsigned addend for update_refcount()
update_refcount() and qcow2_update_cluster_refcount() currently take a
signed addend. At least one caller passes a value directly derived from
an absolute refcount that should be reached ("l2_refcount - 1" in
expand_zero_clusters_in_l1()). Therefore, the addend should be unsigned
as well; this will be especially important for 64 bit refcounts.
Because update_refcount() then no longer knows whether the refcount
should be increased or decreased, it now requires an additional flag
which specified exactly that. The same applies to
qcow2_update_cluster_refcount().
Max Reitz [Tue, 10 Feb 2015 20:28:46 +0000 (15:28 -0500)]
qcow2: Only return status from qcow2_get_refcount
Refcounts can theoretically be of type uint64_t; in order to be able to
represent the full range, qcow2_get_refcount() cannot use a single
variable to represent both all refcount values and also keep some values
reserved for errors.
One solution would be to add an Error pointer parameter to
qcow2_get_refcount(); however, no caller could (currently) pass that
error message, so it would have to be emitted immediately and be
passed to the next caller by returning -EIO or something similar.
Therefore, an Error parameter does not offer any advantages here.
The solution applied by this patch is simpler to use. Because no caller
would be able to pass the error message, they would have to print it and
free it, whereas with this patch the caller only needs to pass the
returned integer (which is often a no-op from the code perspective,
because that integer will be stored in a variable "ret" which will be
returned by the fail path of many callers).
Max Reitz [Tue, 10 Feb 2015 20:28:45 +0000 (15:28 -0500)]
qcow2: Do not return new value after refcount update
qcow2_update_cluster_refcount() does not have any quick access to the
new refcount value, it has to call qcow2_get_refcount(). Some callers do
not need that new value at all, others call qcow2_get_refcount()
themselves anyway (albeit in a different code path, which can however be
easily changed), therefore there is no advantage in making
qcow2_update_cluster_refcount() return the new value. Drop it.
Max Reitz [Tue, 10 Feb 2015 20:28:44 +0000 (15:28 -0500)]
qcow2: Add refcount_bits to format-specific info
Add the bit width of every refcount entry to the format-specific
information.
In contrast to lazy_refcounts and the corrupt flag, this should be
always emitted, even for compat=0.10 although it does not support any
refcount width other than 16 bits. This is because if a boolean is
optional, one normally assumes it to be false when omitted; but if an
integer is not specified, it is rather difficult to guess its value.
This new field breaks some test outputs, fix them.
Marc Marí [Tue, 24 Feb 2015 21:21:54 +0000 (22:21 +0100)]
libqos: Add malloc generic
This malloc is a basic interface implementation that works for any platform.
It should be replaced in the future for a real malloc implementation for each
of the platforms.
Fix crash when connecting to VNC through websocket
Connecting to VNC through websocket crashes in vnc_flush() when trying
to acquire a mutex that hasn't been initialized (vnc_init_state(vs)
hasn't been called at this point).
Gerd Hoffmann [Tue, 17 Feb 2015 07:45:06 +0000 (08:45 +0100)]
vnc: -readconfig fix
Now that -vnc goes through QemuOpts we can get vnc configuration
via -readconfig too. So setting display_remote in the command
line parsing code doesn't cut it any more, we must check QemuOpts
instead to see whenever any vnc display is configured.
Bill Paul [Mon, 9 Mar 2015 22:48:01 +0000 (15:48 -0700)]
x86: fix SS selector in SYSRET
According to my reading of the Intel documentation, the SYSRET instruction
is supposed to force the RPL bits of the %ss register to 3 when returning
to user mode. The actual sequence is:
SS.Selector <-- (IA32_STAR[63:48]+8) OR 3; (* RPL forced to 3 *)
However, the code in helper_sysret() leaves them at 0 (in other words, the "OR
3" part of the above sequence is missing). It does set the privilege level
bits of %cs correctly though.
This has caused me trouble with some of my VxWorks development: code that runs
okay on real hardware will crash on QEMU, unless I apply the patch below.
scsi: Improve error reporting for invalid drive property
When setting "realized" fails, scsi_bus_legacy_add_drive() passes the
error to qerror_report_err(), then returns an unspecific "Setting
drive property failed" error, which is reported further up the call
chain.
Example:
$ qemu-system-x86_64 -nodefaults -S -display none \
> -drive if=scsi,id=foo,file=tmp.qcow2 -global isa-fdc.driveA=foo
qemu-system-x86_64: -drive if=scsi,id=foo,file=tmp.qcow2: Property 'scsi-disk.drive' can't take value 'foo', it's in use
qemu-system-x86_64: Setting drive property failed
qemu-system-x86_64: Initialization of device lsi53c895a failed: Device initialization failed
Clean up the obvious way: simply return the original error to the
caller. Gets rid of the second message in the above error cascade.
hw: Propagate errors through qdev_prop_set_drive()
Three kinds of callers:
1. On failure, report the error and abort
Passing &error_abort does the job. No functional change.
2. On failure, report the error and exit()
This is qdev_prop_set_drive_nofail(). Error reporting moves from
qdev_prop_set_drive() to its caller. Because hiding away the error
in the monitor right before exit() isn't helpful, replace
qerror_report_err() by error_report_err(). Shouldn't make a
difference, because qdev_prop_set_drive_nofail() should never be
used in QMP context.
3. On failure, report the error and recover
This is usb_msd_init() and scsi_bus_legacy_add_drive(). Error
reporting and freeing the error object moves from
qdev_prop_set_drive() to its callers.
Because usb_msd_init() can't run in QMP context, replace
qerror_report_err() by error_report_err() there.
No functional change.
scsi_bus_legacy_add_drive() calling qerror_report_err() is of
course inappropriate, but this commit merely makes it more obvious.
The next one will clean it up.
scsi: Clean up duplicated error in legacy if=scsi code
Commit a818a4b changed scsi_bus_legacy_handle_cmdline() to report
errors from scsi_bus_legacy_add_drive() with error_report() in
addition to returning them. That's inappropriate.
Two kinds of callers:
1. realize methods (devices "esp", "virtio-scsi-device" and
"spapr-vscsi")
The error object gets passed up the call chain until it gets
reported again and freed.
Example:
$ qemu-system-arm -M virt -S -display none \
> -drive if=scsi,id=foo,bus=1,file=tmp.qcow2 \
> -device nec-usb-xhci -device usb-storage,drive=foo \
> -device virtio-scsi-pci
qemu-system-arm: -drive if=scsi,id=foo,bus=1,file=tmp.qcow2: Property 'scsi-disk.drive' can't take value 'foo', it's in use
qemu-system-arm: -drive if=scsi,id=foo,bus=1,file=tmp.qcow2: Setting drive property failed
qemu-system-arm: -device virtio-scsi-pci: Setting drive property failed
qemu-system-arm: -device virtio-scsi-pci: Device initialization failed
qemu-system-arm: -device virtio-scsi-pci: Device 'virtio-scsi-pci' could not be initialized
The second message in this error cascade comes from
scsi_bus_legacy_handle_cmdline(). The error object then gets
passed up to the qdev_init() called from
virtio_scsi_pci_init_pci(), which reports it again.
init methods need to report their errors with qerror_report().
These don't. The inappropriate error_report() papers over the bug.
error_report() isn't the same as qerror_report() in QMP context,
but this can't actually happen: QMP can still only hot-plug, and
callers call scsi_bus_legacy_handle_cmdline() only on cold-plug.
Except for sysbus_esp_realize(), but that can't be hot-plugged at
all, as far as I can tell.
Fix the init methods and drop the inappropriate error_report() in
scsi_bus_legacy_handle_cmdline().
Paolo Bonzini [Mon, 9 Mar 2015 14:28:37 +0000 (15:28 +0100)]
cpus: initialize cpu->memory_dispatch
This fixes a NULL pointer dereference in s390x-softmmu.
On pretty much all other architectures, creating an MMIO region calls
cpu_reload_memory_map. On s390, however, there are no MMIO regions
and everything is done via hypercalls.
Fixes: 9d82b5a792236db31a75b9db5c93af69ac07c7c5 Reported-by: Christian Borntraeger <[email protected]> Signed-off-by: Paolo Bonzini <[email protected]>
Paolo Bonzini [Thu, 5 Mar 2015 15:53:48 +0000 (16:53 +0100)]
rcu: handle forks safely
After forking, only the calling thread is duplicated in the child process.
The call_rcu thread has to be recreated in the child. Exploit the fact
that only one thread exists (same as when constructors run), and just redo
the entire initialization to ensure the threads are in the proper state.
The only additional things to do are emptying the list of threads
registered with RCU, and unlocking the lock that was taken in the prepare
callback (implementations are allowed to fail pthread_mutex_init()
if the mutex is still locked).
Paolo Bonzini [Thu, 5 Mar 2015 15:47:14 +0000 (16:47 +0100)]
qemu-thread: do not use PTHREAD_MUTEX_ERRORCHECK
PTHREAD_MUTEX_ERRORCHECK is completely broken with respect to fork.
The way to safely do fork is to bring all threads to a quiescent
state by acquiring locks (either in callers---as we do for the
iothread mutex---or using pthread_atfork's prepare callbacks)
and then release them in the child.
The problem is that releasing error-checking locks in the child
fails under glibc with EPERM, because the mutex stores a different
owner tid than the duplicated thread in the child process. We
could make it work for locks acquired via pthread_atfork, by
recreating the mutex in the child instead of unlocking it
(we know that there are no other threads that could have taken
the mutex; but when the lock is acquired in fork's caller
that would not be possible.
The simplest solution is just to forgo error checking.
Real sun4u systems memory-map the NVRAM on the (ISA) ebus, so switch over to
MMIO from ioport access whilst setting the base year to 1968 as used by Sun
systems. This allows all SPARC64 OSs included in my tests to correctly detect
the NVRAM IC and read the hardware clock correctly upon boot.
Note that this also requires a corresponding OpenBIOS update to r1330 in order
to switch the SPARC64 NVRAM accessors over from ioport to MMIO.
Currently the m48t59 device uses the hardware model in order to determine
whether the year value is offset from the hardware value. As this will
soon be required by the x59 model, create a qdev base-year property to
represent the base year and update the callers appropriately.
m48t59: register a QOM type for each nvram type we support
As m48t59 devices can only be created with m48t59_init() or m48t59_init_isa(),
we know exactly which nvram types are required. Register only those three
types.
Remove .model and .size properties as they can be infered from nvram name.
Rename type to 'isa-*' (and 'sysbus-*') to do like other devices ISA devices
(isa-ide, isa-parallel, isa-serial...)
Paolo Bonzini [Mon, 2 Mar 2015 12:26:58 +0000 (13:26 +0100)]
gdbstub: avoid possible NULL pointer dereference
Coverity reports that s->chr is checked after put_packet dereferences it.
Move the check earlier, consistent with the code used for user-mode
emulation.
projects / qemu.git / log