crypto: move QCryptoHashAlgorithm enum definition into QAPI
The QCryptoHashAlgorithm enum is defined in the crypto/hash.h
header. In the future some QAPI types will want to reference
the hash enums, so move the enum definition into QAPI too.
Andrew Baumann [Mon, 21 Dec 2015 22:47:49 +0000 (14:47 -0800)]
sdhci: add optional quirk property to disable card insertion/removal interrupts
This is needed for a quirk of the Raspberry Pi (bcm2835/6) MMC
controller, where the card insert bit is documented as unimplemented
(always reads zero, doesn't generate interrupts) but is in fact
observed on hardware as set at power on, but is cleared (and remains
clear) on subsequent controller resets.
Andrew Baumann [Mon, 21 Dec 2015 22:47:48 +0000 (14:47 -0800)]
sdhci: don't raise a command index error for an unexpected response
This deletes a block of code that raised a command index error if a
command returned response data, but the guest did not set the
appropriate bits in the response register to handle such a response. I
cannot find any documentation that suggests the controller should
behave in this way, the error code doesn't make sense (command index
error is defined for the case where the index in a response does not
match that of the issued command), and in at least one case (CMD23
issued by UEFI on Raspberry Pi 2), actual hardware does not do this.
This check was conditionalising SD card operation on the card being
powered by the SDHCI host controller. It is however possible
(particularly in embedded systems) for the power control of the SD card
to be managed outside of SDHCI. This can be as trivial as hard-wiring
the SD slot VCC to a constant power-rail.
This means the guest SDHCI can validly opt-out of the SDHCI power
control feature while still using the card. So delete this check to
allow operation of the card with SDHCI power control.
This is needed for at least Xilinx Zynq and Raspberry Pi, and
also makes Freescale i.MX25 work for me. The digilent Zybo board
has a public schematic which shows SD VCC hardwiring:
http://digilentinc.com/Data/Products/ZYBO/ZYBO_sch_VB.3.pdf
bottom of page 3.
Yang Wei [Sat, 5 Dec 2015 11:52:20 +0000 (19:52 +0800)]
scripts/gdb: Fix a python exception in mtree.py
The following exception is threw:
Python Exception <class 'NameError'> name 'long' is not defined:
Error occurred in Python command: name 'long' is not defined
Python 2.4+, int()/long() have been unified, so replace long
with int.
Stefan Hajnoczi [Thu, 9 Jul 2015 09:56:46 +0000 (10:56 +0100)]
block: replace IOV_MAX with BlockLimits.max_iov
Request merging must not result in a huge request that exceeds the
maximum number of iovec elements. Use BlockLimits.max_iov instead of
hardcoding IOV_MAX.
Stefan Hajnoczi [Thu, 9 Jul 2015 09:56:44 +0000 (10:56 +0100)]
block: add BlockLimits.max_iov field
The maximum number of struct iovec elements depends on the
BlockDriverState. The raw-posix and iSCSI protocols have a maximum of
IOV_MAX but others could have different values.
* When object_get_objects_root() returns null. It never does, so
simply drop the useless error handling.
* When query_memdev() fails. It leaks err then. But any failure
there is actually a programming error. Switch it to &error_abort,
and drop the useless error handling.
Messed up in commit 76b5d85 "qmp: add query-memdev".
Peter Maydell [Fri, 18 Dec 2015 17:04:15 +0000 (17:04 +0000)]
Merge remote-tracking branch 'remotes/berrange/tags/pull-qcrypto-secrets-base-2015-12-18-1' into staging
Merge QCryptoSecret object support
# gpg: Signature made Fri 18 Dec 2015 16:51:21 GMT using RSA key ID 15104FDF
# gpg: Good signature from "Daniel P. Berrange <[email protected]>"
# gpg: aka "Daniel P. Berrange <[email protected]>"
* remotes/berrange/tags/pull-qcrypto-secrets-base-2015-12-18-1:
crypto: add support for loading encrypted x509 keys
crypto: add QCryptoSecret object class for password/key handling
qga: convert to use error checked base64 decode
qemu-char: convert to use error checked base64 decode
util: add base64 decoding function
Peter Maydell [Fri, 18 Dec 2015 16:34:44 +0000 (16:34 +0000)]
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
Block layer patches
# gpg: Signature made Fri 18 Dec 2015 13:41:03 GMT using RSA key ID C88F2FD6
# gpg: Good signature from "Kevin Wolf <[email protected]>"
* remotes/kevin/tags/for-upstream: (48 commits)
block/qapi: allow best-effort query
qemu-img: abort when full_backing_filename not present
block/qapi: explicitly warn if !has_full_backing_filename
block/qapi: always report full_backing_filename
block/qapi: do not redundantly print "actual path"
qemu-iotests: s390x: fix test 068
qemu-iotests: s390x: fix test 051
qemu-iotests: refine common.config
block: fix bdrv_ioctl called from coroutine
block: use drained section around bdrv_snapshot_delete
iotests: Update comments for bdrv_swap() in 094
block: Remove prototype of bdrv_swap from header
raw-posix: Make aio=native option binding
qcow2: insert assert into qcow2_get_specific_info()
iotests: Extend test 112 for qemu-img amend
qcow2: Point to amend function in check
qcow2: Invoke refcount order amendment function
qcow2: Add function for refcount order amendment
qcow2: Use intermediate helper CB for amend
qcow2: Split upgrade/downgrade paths for amend
...
crypto: add support for loading encrypted x509 keys
Make use of the QCryptoSecret object to support loading of
encrypted x509 keys. The optional 'passwordid' parameter
to the tls-creds-x509 object type, provides the ID of a
secret object instance that holds the decryption password
for the PEM file.
This requires QEMU to be linked to GNUTLS >= 3.1.11. If
GNUTLS is too old an error will be reported if an attempt
is made to pass a decryption password.
crypto: add QCryptoSecret object class for password/key handling
Introduce a new QCryptoSecret object class which will be used
for providing passwords and keys to other objects which need
sensitive credentials.
The new object can provide secret values directly as properties,
or indirectly via a file. The latter includes support for file
descriptor passing syntax on UNIX platforms. Ordinarily passing
secret values directly as properties is insecure, since they
are visible in process listings, or in log files showing the
CLI args / QMP commands. It is possible to use AES-256-CBC to
encrypt the secret values though, in which case all that is
visible is the ciphertext. For ad hoc developer testing though,
it is fine to provide the secrets directly without encryption
so this is not explicitly forbidden.
The anticipated scenario is that libvirtd will create a random
master key per QEMU instance (eg /var/run/libvirt/qemu/$VMNAME.key)
and will use that key to encrypt all passwords it provides to
QEMU via '-object secret,....'. This avoids the need for libvirt
(or other mgmt apps) to worry about file descriptor passing.
It also makes life easier for people who are scripting the
management of QEMU, for whom FD passing is significantly more
complex.
Providing data inline (insecure, only for ad hoc dev testing)
The standard glib provided g_base64_decode doesn't provide any
kind of sensible error checking on its input. Add a QEMU custom
wrapper qbase64_decode which can be used with untrustworthy
input that can contain invalid base64 characters, embedded
NUL characters, or not be NUL terminated at all.
Peter Maydell [Fri, 18 Dec 2015 16:04:31 +0000 (16:04 +0000)]
Merge remote-tracking branch 'remotes/berrange/tags/pull-io-channel-vnc-2015-12-18-1' into staging
Merge VNC conversion to I/O channels
# gpg: Signature made Fri 18 Dec 2015 15:44:30 GMT using RSA key ID 15104FDF
# gpg: Good signature from "Daniel P. Berrange <[email protected]>"
# gpg: aka "Daniel P. Berrange <[email protected]>"
* remotes/berrange/tags/pull-io-channel-vnc-2015-12-18-1:
ui: convert VNC server to use QIOChannelWebsock
ui: convert VNC server to use QIOChannelTLS
ui: convert VNC server to use QIOChannelSocket
xenfb: avoid reading twice the same fields from the shared page
Reading twice the same field could give the guest an attack of
opportunity. In the case of event->type, gcc could compile the switch
statement into a jump table, effectively ending up reading the type
field multiple times.
xen/blkif: Avoid double access to src->nr_segments
src is stored in shared memory and src->nr_segments is dereferenced
twice at the end of the function. If a compiler decides to compile this
into two separate memory accesses then the size limitation could be
bypassed.
Fix it by removing the double access to src->nr_segments.
Switch VNC server over to using the QIOChannelTLS object for
the TLS session. This removes all remaining VNC specific code
for dealing with TLS handshakes.
The minimal first step conversion to use QIOChannelSocket
classes instead of directly using POSIX sockets API. This
will later be extended to also cover the TLS, SASL and
websockets code.
John Snow [Mon, 14 Dec 2015 19:55:16 +0000 (14:55 -0500)]
block/qapi: allow best-effort query
For more complex BDS trees that can be created under normal circumstances,
we lose the ability to issue query commands because of our inability to
re-construct the absolute filename.
Instead, omit this field when it is a problem and present as much information
as we can.
This will change the expected output in iotest 110, where we will now see a
json filename and the lack of an absolute filename instead of an error.
John Snow [Mon, 14 Dec 2015 19:55:15 +0000 (14:55 -0500)]
qemu-img: abort when full_backing_filename not present
...But only if we have the backing_filename. It means something Scary
happened and we can't really be quite exactly sure if we can trust the
backing_filename.
John Snow [Mon, 14 Dec 2015 19:55:13 +0000 (14:55 -0500)]
block/qapi: always report full_backing_filename
Always report full_backing_filename, even if it's the same as
backing_filename. In the next patch, full_backing_filename may be
omitted if it cannot be generated instead of allowing e.g. drive_query
to abort if it runs into this scenario.
The presence or absence of the "full" field becomes useful information.
Bo Tu [Thu, 3 Dec 2015 10:01:31 +0000 (18:01 +0800)]
qemu-iotests: s390x: fix test 068
Now, s390-virtio-ccw is default machine and s390-ccw.img is default boot
loader. If the s390-virtio-ccw machine finds no device to load from and
errors out, then emits a panic and exits the vm. This breaks test cases
068 for s390x.
Adding the parameter of "-no-shutdown" for s390-ccw-virtio will pause VM
before shutdown.
Bo Tu [Thu, 3 Dec 2015 10:01:30 +0000 (18:01 +0800)]
qemu-iotests: s390x: fix test 051
The tests for ide device should only be tested for the pc
platform.
Set device_id to "drive0", and replace every "-drive file..."
by "-drive file=...,if=none,id=$device_id", then x86 and s390x
can get the common output in the test of "Snapshot mode".
Warning message expected for s390x when drive without device.
A x86 platform specific output file is also needed.
Bo Tu [Thu, 3 Dec 2015 10:01:29 +0000 (18:01 +0800)]
qemu-iotests: refine common.config
Replacing awk with sed, then it's easier to read.
Replacing "[ ! -z "$default_alias_machine" ]" with
"[[ $default_alias_machine ]]", then it's slightly shorter.
Kevin Wolf [Tue, 15 Dec 2015 10:35:36 +0000 (11:35 +0100)]
raw-posix: Make aio=native option binding
Traditionally, aio=native was treated as an advice that could simply be
ignored if an error occurs while initialising Linux AIO or the feature
wasn't compiled in. This behaviour was deprecated in commit 96518254
(qemu 2.3; error during init) and commit 1501ecc1 (qemu 2.5; not
compiled in).
This patch changes raw-posix to error out in these cases instead of
printing a deprecation warning.
Max Reitz [Mon, 27 Jul 2015 15:51:39 +0000 (17:51 +0200)]
qcow2: Point to amend function in check
If a reference count is not representable with the current refcount
order, the image check should point to qemu-img amend for increasing the
refcount order. However, qemu-img amend needs write access to the image
which cannot be provided if the image is marked corrupt; and the image
check will not mark the image consistent unless everything actually is
consistent.
Therefore, if an image is marked corrupt and the image check encounters
a reference count overflow, it cannot be fixed by using qemu-img amend
to increase the refcount order. Instead, one has to use qemu-img convert
to create a completely new copy of the image in this case.
Alternatively, we may want to give the user a way of manually removing
the corrupt flag, maybe through qemu-img amend, but this is not part of
this patch.
Max Reitz [Mon, 27 Jul 2015 15:51:36 +0000 (17:51 +0200)]
qcow2: Use intermediate helper CB for amend
If there is more than one time-consuming operation to be performed for
qcow2_amend_options(), we need an intermediate CB which coordinates the
progress of the individual operations and passes the result to the
original status callback.
Max Reitz [Mon, 27 Jul 2015 15:51:35 +0000 (17:51 +0200)]
qcow2: Split upgrade/downgrade paths for amend
If the image version should be upgraded, that is the first we should do;
if it should be downgraded, that is the last we should do. So split the
version change block into an upgrade part at the start and a downgrade
part at the end.
Kevin Wolf [Fri, 8 May 2015 16:11:08 +0000 (18:11 +0200)]
qemu-iotests: Test reopen with node-name/driver options
'node-name' and 'driver' should not be changed during a reopen
operation. It is, however, valid to specify them with the same value as
they already had.
Kevin Wolf [Fri, 8 May 2015 16:06:47 +0000 (18:06 +0200)]
qemu-iotests: Test cache mode option inheritance
This is doing a more complete test on setting cache modes both while
opening an image (i.e. in a -drive command line) and in reopen
situations. It checks that reopen can specify options for child nodes
and that cache modes are correctly inherited from parent nodes where
they are not specified.
Kevin Wolf [Fri, 8 May 2015 15:49:53 +0000 (17:49 +0200)]
block: Move cache options into options QDict
This adds the cache mode options to the QDict, so that they can be
specified for child nodes (e.g. backing.cache.direct=off).
The cache modes are not removed from the flags at this point; instead,
options and flags are kept in sync. If the user specifies both flags and
options, the options take precedence.
Child node inherit cache modes as options now, they don't use flags any
more.
Note that this forbids specifying the cache mode for empty drives. It
didn't make sense anyway to specify it there, because it didn't have any
effect. blockdev_init() considers the cache options now bdrv_open()
options and therefore doesn't create an empty drive any more but calls
into bdrv_open(). This in turn will fail with no driver and filename
specified.
Kevin Wolf [Fri, 8 May 2015 15:24:56 +0000 (17:24 +0200)]
block: reopen: Extract QemuOpts for generic block layer options
This patch adds a QemuOpts for generic block layer options to
bdrv_reopen_prepare(). The only two options that currently exist
(node-name and driver) cannot be changed, so the only thing we do is
putting them right back into the QDict so that we check at the end that
they are indeed unchanged.
We will add new options soon that can actually be changed.
Kevin Wolf [Thu, 7 May 2015 12:41:30 +0000 (14:41 +0200)]
qemu-iotests: Remove cache mode test without medium
Specifying the cache mode for a driver without a medium is not a useful
thing to do: As long as there is no medium, the cache mode doesn't make
a difference, and once the 'change' command is used to insert a medium,
it ignores the old cache mode and makes the new medium use
cache=writethrough.
Later patches will make it an error to specify the cache mode for an
empty drive. Remove the corresponding test case.
Kevin Wolf [Fri, 13 Nov 2015 13:45:42 +0000 (14:45 +0100)]
blockdev: Set 'format' indicates non-empty drive
Creating an empty drive while specifying 'format' doesn't make sense.
The specified format driver would simply be ignored.
Make a set 'format' option an indication that a non-empty drive should
be created. This makes 'format' consistent with 'driver' and allows
using it with a block driver that doesn't need any other options (like
null-co/null-aio).
Kevin Wolf [Fri, 8 May 2015 14:15:03 +0000 (16:15 +0200)]
block: Introduce bs->explicit_options
bs->options doesn't only contain options that the user explicitly
requested, but also option that were derived from flags, the filename or
inherited from the parent node.
For reopen, it is important to know the difference because reopening the
parent can change inherited values in child nodes, but it shouldn't
change any options that were explicitly specified for the child.
Kevin Wolf [Thu, 29 Oct 2015 14:24:41 +0000 (15:24 +0100)]
block: Split out parse_json_protocol()
The next patch distinguishes options that were explicitly set and
options that were derived. bdrv_fill_option() added options of both
types: Options given by json: syntax should be counted as explicit, but
the rest is derived.
In preparation for the distinction, move json: parse to a separate
function.
Kevin Wolf [Fri, 8 May 2015 15:07:31 +0000 (17:07 +0200)]
block: reopen: Document option precedence and refactor accordingly
The interesting part of reopening an image is from which sources the
effective options should be taken, i.e. which options take precedence
over which other options. This patch documents the precedence that will
be implemented in the following patches.
It also refactors bdrv_reopen_queue(), so that the top-level reopened
node is handled the same way as children are. Option/flag inheritance
from the parent becomes just one item in the list and is done at the
beginning of the function, similar to how the other items are/will be
handled.
Kevin Wolf [Fri, 8 May 2015 13:14:15 +0000 (15:14 +0200)]
block: Allow specifying child options in reopen
If the child was defined in the same context (-drive argument or
blockdev-add QMP command) as its parent, a reopen of the parent should
work the same and allow changing options of the child.
Kevin Wolf [Fri, 24 Apr 2015 14:38:02 +0000 (16:38 +0200)]
block: Keep "driver" in bs->options
Instead of passing a separate drv argument to bdrv_open_common(), just
make sure that a "driver" option is set in the QDict. This also means
that a "driver" entry is consistently present in bs->options now.
This is another step towards keeping all options in the QDict (which is
the represenation of the blockdev-add QMP command).
Kevin Wolf [Mon, 27 Apr 2015 11:50:54 +0000 (13:50 +0200)]
block: Pass driver-specific options to .bdrv_refresh_filename()
In order to decide whether a blkdebug: filename can be produced or a
json: one is necessary, blkdebug checked whether bs->options had more
options than just "config", "x-image" or "image" (the latter including
nested options). That doesn't work well when generic block layer options
are present.
This patch passes an option QDict to the driver that contains only
driver-specific options, i.e. the options for the general block layer as
well as child nodes are already filtered out. Works much better this
way.
Kevin Wolf [Mon, 27 Apr 2015 11:46:22 +0000 (13:46 +0200)]
block: Exclude nested options only for children in append_open_options()
Some drivers have nested options (e.g. blkdebug rule arrays), which
don't belong to a child node and shouldn't be removed. Don't remove all
options with "." in their name, but check for the complete prefixes of
actually existing child nodes.
Kevin Wolf [Fri, 24 Apr 2015 13:20:28 +0000 (15:20 +0200)]
block: Consider all block layer options in append_open_options
The code already special-cased "node-name", which is currently the only
option passed in the QDict that isn't driver-specific. Generalise the
code to take all general block layer options into consideration.
Kevin Wolf [Wed, 28 Oct 2015 12:24:26 +0000 (13:24 +0100)]
mirror: Error out when a BDS would get two BBs
bdrv_replace_in_backing_chain() asserts that not both old and new
BlockDdriverState have a BlockBackend attached to them because both
would have to end up pointing to the new BDS and we don't support more
than one BB per BDS yet.
Before we can safely allow references to existing nodes as backing
files, we need to make sure that even if a backing file has a BB on it,
this doesn't crash qemu.
There are probably also some cases with the 'replaces' option set where
drive-mirror could fail this assertion today. They are fixed with this
error check as well.
The approach taken so far would result in an options QDict that has both
"overlap-check.template=all" and "overlap-check=none", which obviously
conflicts. In this case, the old option should be overridden by the
newly specified option.
Kevin Wolf [Mon, 16 Nov 2015 14:34:59 +0000 (15:34 +0100)]
qcow2: Add .bdrv_join_options callback
qcow2 accepts a few driver-specific options that overlap semantically
(e.g. "overlap-check" is an alias of "overlap-check.template", and any
missing cache size option is derived from the given ones).
When bdrv_reopen() merges the set of updated options with left out
options that should be kept at their old value, we need to consider this
and filter out any duplicates (which would generally cause errors
because new and old value would contradict each other).
This patch adds a .bdrv_join_options callback to BlockDriver and
implements it for qcow2.
John Snow [Tue, 1 Dec 2015 23:16:37 +0000 (18:16 -0500)]
iotests: 124: Split into two test classes
Split it into an abstract test class and an implementation class.
The split is primarily to facilitate more flexible setUp variations
for other kinds of tests without having to rewrite or shuffle around
all of these helpers.
See the following two patches for more of the "why."
Peter Maydell [Fri, 18 Dec 2015 12:42:10 +0000 (12:42 +0000)]
Merge remote-tracking branch 'remotes/berrange/tags/pull-io-channel-base-2015-12-18-1' into staging
Merge I/O channels base classes
# gpg: Signature made Fri 18 Dec 2015 12:18:38 GMT using RSA key ID 15104FDF
# gpg: Good signature from "Daniel P. Berrange <[email protected]>"
# gpg: aka "Daniel P. Berrange <[email protected]>"
* remotes/berrange/tags/pull-io-channel-base-2015-12-18-1:
io: add QIOChannelBuffer class
io: add QIOChannelCommand class
io: add QIOChannelWebsock class
io: add QIOChannelTLS class
io: add QIOChannelFile class
io: add QIOChannelSocket class
io: add QIOTask class for async operations
io: add helper module for creating watches on FDs
io: add abstract QIOChannel classes
Add a QIOChannel subclass that is capable of performing I/O
to/from a memory buffer. This implementation does not attempt
to support concurrent readers & writers. It is designed for
serialized access where by a single thread at a time may write
data, seek and then read data back out.
Add a QIOChannel subclass that is capable of performing I/O
to/from a separate process, via a pair of pipes. The command
can be used for unidirectional or bi-directional I/O.
Add a QIOChannel subclass that can run the websocket protocol over
the top of another QIOChannel instance. This initial implementation
is only capable of acting as a websockets server. There is no support
for acting as a websockets client yet.
Add a QIOChannel subclass that can run the TLS protocol over
the top of another QIOChannel instance. The object provides a
simplified API to perform the handshake when starting the TLS
session. The layering of TLS over the underlying channel does
not have to be setup immediately. It is possible to take an
existing QIOChannel that has done some handshake and then swap
in the QIOChannelTLS layer. This allows for use with protocols
which start TLS right away, and those which start plain text
and then negotiate TLS.
Add a QIOChannel subclass that is capable of operating on things
that are files, such as plain files, pipes, character/block
devices, but notably not sockets.
Implement a QIOChannel subclass that supports sockets I/O.
The implementation is able to manage a single socket file
descriptor, whether a TCP/UNIX listener, TCP/UNIX connection,
or a UDP datagram. It provides APIs which can listen and
connect either asynchronously or synchronously. Since there
is no asynchronous DNS lookup API available, it uses the
QIOTask helper for spawning a background thread to ensure
non-blocking operation.
A number of I/O operations need to be performed asynchronously
to avoid blocking the main loop. The caller of such APIs need
to provide a callback to be invoked on completion/error and
need access to the error, if any. The small QIOTask provides
a simple framework for dealing with such probes. The API
docs inline provide an outline of how this is to be used.
Some functions don't have the ability to run asynchronously
(eg getaddrinfo always blocks), so to facilitate their use,
the task class provides a mechanism to run a blocking
function in a thread, while triggering the completion
callback in the main event loop thread. This easily allows
any synchronous function to be made asynchronous, albeit
at the cost of spawning a thread.
In this series, the QIOTask class will be used for things like
the TLS handshake, the websockets handshake and TCP connect()
progress.
The concept of QIOTask is inspired by the GAsyncResult
interface / GTask class in the GIO libraries. The min
version requirements on glib don't allow those to be
used from QEMU, so QIOTask provides a facsimilie which
can be easily switched to GTask in the future if the
min version is increased.
A number of the channel implementations will require the
ability to create watches on file descriptors / sockets.
To avoid duplicating this code in each channel, provide a
helper API for dealing with file descriptor watches.
There are two watch implementations provided. The first
is useful for bi-directional file descriptors such as
sockets, regular files, character devices, etc. The
second works with a pair of unidirectional file descriptors
such as pipes.
Start the new generic I/O channel framework by defining a
QIOChannel abstract base class. This is designed to feel
similar to GLib's GIOChannel, but with the addition of
support for using iovecs, qemu error reporting, file
descriptor passing, coroutine integration and use of
the QOM framework for easier sub-classing.
The intention is that anywhere in QEMU that almost
anywhere that deals with sockets will use this new I/O
infrastructure, so that it becomes trivial to then layer
in support for TLS encryption. This will at least include
the VNC server, char device backend and migration code.
We model all the non-deprecated memory allocation functions from
https://developer.gnome.org/glib/stable/glib-Memory-Allocation.html
except for g_memdup(), g_clear_pointer(), g_steal_pointer(). We don't
use the latter two. Model the former.
Coverity now reports an OVERRUN
vl.c:2317: alloc_strlen: Allocating insufficient memory for the terminating null of the string.
Correct, but we omit the terminating null intentionally there.
Paolo Bonzini [Wed, 16 Dec 2015 18:33:44 +0000 (19:33 +0100)]
scsi: always call notifier on async cancellation
This was found by code inspection. If the request is cancelled twice,
the notifier is never called on the second cancellation request,
and hence for example a TMF might never finish.
All the calls in scsi_req_cancel_async are idempotent, so the change
is safe.
Michael Chapman [Mon, 7 Dec 2015 04:54:07 +0000 (15:54 +1100)]
target-i386: kvm: clear unusable segments' flags in migration
This commit fixes migration of a QEMU/KVM guest from kernel >= v3.9 to
kernel <= v3.7 (e.g. from RHEL 7 to RHEL 6). Without this commit a guest
migrated across these kernel versions fails to resume on the target host
as its segment descriptors are invalid.
Two separate kernel commits combined together to result in this bug:
Some userspace (e.g. QEMU 1.1) munge the d and g bits of segment
descriptors, causing us not to recognize them as unusable segments
with emulate_invalid_guest_state=1. Relax the check by testing for
segment not present (a non-present segment cannot be usable).
KVM: VMX: don't clobber segment AR of unusable segments.
Usability is returned in unusable field, so not need to clobber entire
AR. Callers have to know how to deal with unusable segments already
since if emulate_invalid_guest_state=true AR is not zeroed.
Signed-off-by: Gleb Natapov <[email protected]> Signed-off-by: Marcelo Tosatti <[email protected]>
The first commit changed the KVM_SET_SREGS ioctl so that it did no treat
segment flags == 0 as an unusable segment, instead only looking at the
"present" flag.
The second commit changed KVM_GET_SREGS so that it did not clear the
flags of an unusable segment.
Since QEMU does not itself maintain the "unusable" flag across a
migration, the end result is that unusable segments read from a kernel
with these commits and loaded into a kernel without these commits are
not properly recognised as being unusable.
This commit updates both get_seg and set_seg so that the problem is
avoided even when migrating to or migrating from a QEMU without this
commit. In get_seg, we clear the segment flags if the segment is marked
unusable. In set_seg, we mark the segment unusable if the segment's
"present" flag is not set.
Paolo Bonzini [Wed, 16 Dec 2015 11:32:22 +0000 (12:32 +0100)]
rcu: optimize rcu_read_lock
rcu_read_lock cannot change rcu_gp_ongoing from true to false
(the previous value of p_rcu_reader->ctr is zero), hence
there is no need to check p_rcu_reader->waiting and wake up
a concurrent synchronize_rcu.
While at it mark the wakeup as unlikely in rcu_read_unlock.
Paolo Bonzini [Wed, 9 Dec 2015 09:34:13 +0000 (10:34 +0100)]
memory: try to inline constant-length reads
memcpy can take a large amount of time for small reads and writes.
Handle the common case of reading s/g descriptors from memory (there
is no corresponding "write" case that is as common, because writes
often use address_space_st* functions) by inlining the relevant
parts of address_space_read into the caller.
Paolo Bonzini [Wed, 9 Dec 2015 09:18:57 +0000 (10:18 +0100)]
memory: extract first iteration of address_space_read and address_space_write
We want to inline the case where there is only one iteration, because
then the compiler can also inline the memcpy. As a start, extract
everything after the first address_space_translate call.
projects / qemu.git / log