Eduardo Habkost [Wed, 11 Nov 2020 18:38:17 +0000 (13:38 -0500)]
virt: Register "its" as class property
Class properties make QOM introspection simpler and easier, as
they don't require an object to be instantiated.
Note: "its" is currently registered conditionally, but this makes
the feature be registered unconditionally. The only side effect
is that it will be now possible to set its=on on virt-2.7 and
older.
Eduardo Habkost [Wed, 11 Nov 2020 18:38:15 +0000 (13:38 -0500)]
i386: Register feature bit properties as class properties
Class properties make QOM introspection simpler and easier, as
they don't require an object to be instantiated.
Also, the hundreds of instance properties were having an impact
on QMP commands that create temporary CPU objects. On my
machine, run time of qmp_query_cpu_definitions() changed
from ~200ms to ~16ms after applying this patch.
Peter Maydell [Mon, 14 Dec 2020 16:31:15 +0000 (16:31 +0000)]
Merge remote-tracking branch 'remotes/dg-gitlab/tags/ppc-for-6.0-20201214' into staging
ppc patch queue 2020-12-14
Here's my first pull request for qemu-6.0, with a bunch of things
queued over the freeze. Highlights are:
* A bunch of cleanups to hotplug error paths from Greg Kurz
* A number of TCG fixes from new contributor Giuseppe Musacchio
* Added Greg Kurz as co-maintainer
* Assorted other bugfixes and cleanups
This supersedes ppc-for-6.0-20201211, the only change are some patch
authors to better match qemu conventions.
* remotes/dg-gitlab/tags/ppc-for-6.0-20201214: (30 commits)
spapr.c: set a 'kvm-type' default value instead of relying on NULL
spapr: Pass sPAPR machine state to some RTAS events handling functions
spapr: Don't use qdev_get_machine() in spapr_msi_write()
spapr: Pass sPAPR machine state down to spapr_pci_switch_vga()
target/ppc: Introduce an mmu_is_64bit() helper
ppc/translate: Use POWERPC_MMU_64 to detect 64-bit MMU models
ppc/e500: Free irqs array to avoid memleak
MAINTAINERS: Add Greg Kurz as co-maintainer for ppc
hw/ppc: Do not re-read the clock on pre_save if doing savevm
target/ppc: Remove "compat" property of server class POWER CPUs
spapr: spapr_drc_attach() cannot fail
spapr: Simplify error path of spapr_core_plug()
spapr: Abort if ppc_set_compat() fails for hot-plugged CPUs
spapr: Fix pre-2.10 dummy ICP hack
xive: Add trace events
hw/ppc/spapr_tpm_proxy: Fix hexadecimal format string specifier
ppc/translate: Rewrite gen_lxvdsx to use gvec primitives
ppc/translate: Raise exceptions after setting the cc
ppc/translate: Delay NaN checking after comparison
ppc/translate: Turn the helper macros into functions
...
Peter Maydell [Mon, 14 Dec 2020 13:37:02 +0000 (13:37 +0000)]
tests/tcg/multiarch/Makefile.target: Disable run-gdbstub-sha1 test
Disable the run-gdbstub-sha1 test: it provokes an internal error
assertion failure in Ubuntu gdb 8.1.1-0ubuntu1 (Ubuntu gdb
8.1-0ubuntu3.2 also has this assert but we were previously skipping
this test because it doesn't support connection over local domain
sockets) :
timeout 60 /home/petmay01/linaro/qemu-for-merges/tests/guest-debug/run-test.py --gdb /usr/bin/gdb-multiar
/build/gdb-veKdC1/gdb-8.1.1/gdb/regcache.c:122: internal-error: void* init_regcache_descr(gdbarch*): Asser
A problem internal to GDB has been detected,
further debugging may prove unreliable.
This is a bug, please report it. For instructions, see:
<http://www.gnu.org/software/gdb/bugs/>.
Aborted (core dumped)
/home/petmay01/linaro/qemu-for-merges/tests/tcg/multiarch/Makefile.target:51: recipe for target 'run-gdbst
spapr.c: set a 'kvm-type' default value instead of relying on NULL
spapr_kvm_type() is considering 'vm_type=NULL' as a valid input, where
the function returns 0. This is relying on the current QEMU machine
options handling logic, where the absence of the 'kvm-type' option
will be reflected as 'vm_type=NULL' in this function.
This is not robust, and will break if QEMU options code decides to propagate
something else in the case mentioned above (e.g. an empty string instead
of NULL).
Let's avoid this entirely by setting a non-NULL default value in case of
no user input for 'kvm-type'. spapr_kvm_type() was changed to handle 3 fixed
values of kvm-type: "auto", "hv", and "pr", with "auto" being the default
if no kvm-type was set by the user. This allows us to always be predictable
regardless of any enhancements/changes made in QEMU options mechanics.
While we're at it, let's also document in 'kvm-type' description the
already existing default mode, now named 'auto'. The information provided
about it is based on how the pseries kernel handles the KVM_CREATE_VM
ioctl(), where the default value '0' makes the kernel choose an available
KVM module to use, giving precedence to kvm_hv. This logic is described in
the kernel source file arch/powerpc/kvm/powerpc.c, function kvm_arch_init_vm().
Greg Kurz [Wed, 9 Dec 2020 17:00:51 +0000 (18:00 +0100)]
spapr: Pass sPAPR machine state to some RTAS events handling functions
Some functions in hw/ppc/spapr_events.c get a pointer to the machine
state using qdev_get_machine(). Convert them to get it from their
caller when possible.
ppc/translate: Use POWERPC_MMU_64 to detect 64-bit MMU models
The ppc_tr_init_disas_context() function currently checks whether the
MMU is 64-bit by ANDing its model type with POWERPC_MMU_64B. This is
wrong : POWERPC_MMU_64B isn't a mask, it is the generic MMU model for
pre-PowerISA-2.03 64-bit CPUs (ie. PowerPC 970 in QEMU).
Use POWERPC_MMU_64 instead of POWERPC_MMU_64B. This should fix a
potential bug with some 32-bit CPUs for which 'need_access_type'
was mis-computed because (POWERPC_MMU_32B & POWERPC_MMU_64B)
happens to be equal to 1. The end result being a crash in
ppc_hash32_direct_store() because the access type isn't set:
cpu_abort(cs, "ERROR: instruction should not need "
"address translation\n");
This doesn't change anything for 'lazy_tlb_flush' since POWERPC_MMU_32B
is checked first.
Fixes: 5f2a6254522b ("ppc: Don't set access_type on all load/stores on hash64") Signed-off-by: Stephane Duverger <[email protected]>
[groug: - extended patch to address another misuse of POWERPC_MMU_64B
- updated title and changelog accordingly] Signed-off-by: Greg Kurz <[email protected]>
Message-Id: <20201209173536.1437351[email protected]> Signed-off-by: David Gibson <[email protected]>
Gan Qixin [Fri, 4 Dec 2020 07:58:22 +0000 (15:58 +0800)]
ppc/e500: Free irqs array to avoid memleak
When running qom-test, a memory leak occurred in the ppce500_init function,
this patch free irqs array to fix it.
ASAN shows memory leak stack:
Direct leak of 40 byte(s) in 1 object(s) allocated from:
#0 0xfffc5ceee1f0 in __interceptor_calloc (/lib64/libasan.so.5+0xee1f0)
#1 0xfffc5c806800 in g_malloc0 (/lib64/libglib-2.0.so.0+0x56800)
#2 0xaaacf9999244 in ppce500_init qemu/hw/ppc/e500.c:859
#3 0xaaacf97434e8 in machine_run_board_init qemu/hw/core/machine.c:1134
#4 0xaaacf9c9475c in qemu_init qemu/softmmu/vl.c:4369
#5 0xaaacf94785a0 in main qemu/softmmu/main.c:49
David Gibson [Thu, 26 Nov 2020 04:09:16 +0000 (15:09 +1100)]
MAINTAINERS: Add Greg Kurz as co-maintainer for ppc
Greg has agreed to be co-maintainer of the ppc target and machines.
This should avoid repeats of the problem we had in qemu-5.2 where a
last minute fix was needed while I was on holiday.
Greg Kurz [Wed, 2 Dec 2020 17:28:26 +0000 (18:28 +0100)]
hw/ppc: Do not re-read the clock on pre_save if doing savevm
A guest with enough RAM, eg. 128G, is likely to detect savevm downtime
and to complain about stalled CPUs. This happens because we re-read
the timebase just before migrating it and we thus don't account for
all the time between VM stop and pre-save.
A very similar situation was already addressed for live migration of
paused guests (commit d14f33976282). Extend the logic to do the same
with savevm.
Greg Kurz [Tue, 1 Dec 2020 13:11:03 +0000 (14:11 +0100)]
target/ppc: Remove "compat" property of server class POWER CPUs
This property has been deprecated since QEMU 5.0 by commit 22062e54bb68.
We only kept a legacy hack that internally converts "compat" into the
official "max-cpu-compat" property of the pseries machine type.
According to our deprecation policy, we could have removed it for QEMU 5.2
already. Do it now ; since ppc_cpu_parse_featurestr() now just calls the
generic parent_parse_features handler, drop it as well.
Users are supposed to use the "max-cpu-compat" property of the pseries
machine type instead.
Greg Kurz [Tue, 1 Dec 2020 11:37:28 +0000 (12:37 +0100)]
spapr: spapr_drc_attach() cannot fail
All users are passing &error_abort already. Document the fact
that spapr_drc_attach() should only be passed a free DRC, which
is supposedly the case if appropriate checking is done earlier.
Greg Kurz [Tue, 1 Dec 2020 11:37:27 +0000 (12:37 +0100)]
spapr: Simplify error path of spapr_core_plug()
spapr_core_pre_plug() already guarantees that the slot for the given core
ID is available. It is thus safe to assume that spapr_find_cpu_slot()
returns a slot during plug. Turn the error path into an assertion.
It is also safe to assume that no device is attached to the corresponding
DRC and that spapr_drc_attach() shouldn't fail.
Pass &error_abort to spapr_drc_attach() and simplify error handling.
Greg Kurz [Tue, 1 Dec 2020 11:37:26 +0000 (12:37 +0100)]
spapr: Abort if ppc_set_compat() fails for hot-plugged CPUs
When a CPU is hot-plugged, we set its compat mode to match the boot
CPU, which was either set by machine reset or by CAS. This is currently
handled in the plug handler after the core got realized. Potential errors
of ppc_set_compat() are propagated to the hot-plug logic.
Handling errors this late in the hot-plug sequence is generally frown
upon. Ideally, we should do sanity checks in a pre-plug handler and pass
&error_abort to ppc_set_compat() in the plug handler.
We can filter out some error cases of ppc_set_compat() by calling
ppc_check_compat() at pre-plug. But ppc_set_compat() also sets the
compat register in KVM, and KVM doesn't provide any API that would
allow to check valid compat mode settings beforehand.
However, at this point we know that the compat mode was already
successfully set for the boot CPU. Since this all boils down to
setting a register with the very same value that was valid
for the boot CPU, it should definitely not fail for hot-plugged
CPUS.
Greg Kurz [Tue, 1 Dec 2020 11:37:25 +0000 (12:37 +0100)]
spapr: Fix pre-2.10 dummy ICP hack
This hack registers dummy VMState entries of ICPs in order to
support migration of old pseries machine types that used to
create all smp.max_cpus possible ICPs at machine init.
Part of the work is to unregister the dummy entries when plugging
an actual vCPU core, and to register them back when unplugging the
core. The code that unregisters the dummy ICPs in spapr_core_plug()
is misplaced: if ppc_set_compat() fails afterwards, the hotplug
operation will be cancelled and the dummy ICPs won't be registered
back since the unplug handler isn't called.
Unregister the dummy ICPs at the end of spapr_core_plug().
ppc/translate: Rewrite gen_lxvdsx to use gvec primitives
Make the implementation match the lxvwsx one.
The code is now shorter smaller and potentially faster as the
translation will use the host SIMD capabilities if available.
According to the PowerISA v3.1 reference, Table 68 "Actions for xscmpudp
- Part 1: Compare Unordered", whenever one of the two operands is a NaN
the SO bit is set while the other three bits are cleared.
Apply the same change to xscmpuqp.
The respective ordered counterparts are unaffected.
Chen Qun [Mon, 16 Nov 2020 02:48:09 +0000 (10:48 +0800)]
ppc: Add a missing break for PPC6xx_INPUT_TBEN
When using -Wimplicit-fallthrough in our CFLAGS, the compiler showed warning:
hw/ppc/ppc.c: In function ‘ppc6xx_set_irq’:
hw/ppc/ppc.c:118:16: warning: this statement may fall through [-Wimplicit-fallthrough=]
118 | if (level) {
| ^
hw/ppc/ppc.c:123:9: note: here
123 | case PPC6xx_INPUT_INT:
| ^~~~
According to the discussion, a break statement needs to be added here.
Chen Qun [Mon, 16 Nov 2020 02:48:10 +0000 (10:48 +0800)]
target/ppc: replaced the TODO with LOG_UNIMP and add break for silence warnings
When using -Wimplicit-fallthrough in our CFLAGS, the compiler showed warning:
target/ppc/mmu_helper.c: In function ‘dump_mmu’:
target/ppc/mmu_helper.c:1351:12: warning: this statement may fall through [-Wimplicit-fallthrough=]
1351 | if (ppc64_v3_radix(env_archcpu(env))) {
| ^
target/ppc/mmu_helper.c:1358:5: note: here
1358 | default:
| ^~~~~~~
Use "qemu_log_mask(LOG_UNIMP**)" instead of the TODO comment.
And add the break statement to fix it.
Greg Kurz [Fri, 20 Nov 2020 23:42:01 +0000 (00:42 +0100)]
spapr: Do NVDIMM/PC-DIMM device hotplug sanity checks at pre-plug only
Pre-plug of a memory device, be it an NVDIMM or a PC-DIMM, ensures
that the memory slot is available and that addresses don't overlap
with existing memory regions. The corresponding DRCs in the LMB
and PMEM namespaces are thus necessarily attachable at plug time.
Pass &error_abort to spapr_drc_attach() in spapr_add_lmbs() and
spapr_add_nvdimm(). This allows to greatly simplify error handling
on the plug path.
Greg Kurz [Fri, 20 Nov 2020 23:42:00 +0000 (00:42 +0100)]
spapr: Do PCI device hotplug sanity checks at pre-plug only
The PHB acts as the hotplug handler for PCI devices. It does some
sanity checks on DR enablement, PCI bridge chassis numbers and
multifunction. These checks are currently performed at plug time,
but they would best sit in a pre-plug handler in order to error
out as early as possible.
Create a spapr_pci_pre_plug() handler and move all the checking
there. Add a check that the associated DRC doesn't already have
an attached device. This is equivalent to the slot availability
check performed by do_pci_register_device() upon realization of
the PCI device.
This allows to pass &error_abort to spapr_drc_attach() and to end
up with a plug handler that doesn't need to report errors anymore.
Greg Kurz [Fri, 20 Nov 2020 17:46:39 +0000 (18:46 +0100)]
spapr/xive: Turn some sanity checks into assertions
The sPAPR XIVE device is created by the machine in spapr_irq_init().
The latter overrides any value provided by the user with -global for
the "nr-irqs" and "nr-ends" properties with strictly positive values.
It seems reasonable to assume these properties should never be 0,
which wouldn't make much sense by the way.
* remotes/vivier/tags/m68k-for-6.0-pull-request:
m68k: fix some comment spelling errors
target/m68k: Add vmstate definition for M68kCPU
target/m68k: remove useless qregs array
hw/m68k/q800.c: Make the GLUE chip an actual QOM device
hw/m68k/q800: Don't connect two qemu_irqs directly to the same input
zhaolichang [Fri, 9 Oct 2020 06:44:43 +0000 (14:44 +0800)]
m68k: fix some comment spelling errors
I found that there are many spelling errors in the comments of qemu/target/m68k.
I used spellcheck to check the spelling errors and found some errors in the folder.
Peter Maydell [Fri, 6 Nov 2020 23:51:09 +0000 (23:51 +0000)]
hw/m68k/q800.c: Make the GLUE chip an actual QOM device
The handling of the GLUE (General Logic Unit) device is
currently open-coded. Make this into a proper QOM device.
This minor piece of modernisation gets rid of the free
floating qemu_irq array 'pic', which Coverity points out
is technically leaked when we exit the machine init function.
(The replacement glue device is not leaked because it gets
added to the sysbus, so it's accessible via that.)
Peter Maydell [Fri, 6 Nov 2020 23:51:08 +0000 (23:51 +0000)]
hw/m68k/q800: Don't connect two qemu_irqs directly to the same input
The q800 board code connects both of the IRQ outputs of the ESCC
to the same pic[3] qemu_irq. Connecting two qemu_irqs outputs directly
to the same input is not valid as it produces subtly wrong behaviour
(for instance if both the IRQ lines are high, and then one goes
low, the PIC input will see this as a high-to-low transition
even though the second IRQ line should still be holding it high).
This kind of wiring needs an explicitly created OR gate; add one.
Peter Maydell [Sat, 12 Dec 2020 00:20:45 +0000 (00:20 +0000)]
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
Block layer patches:
- Support for FUSE exports
- Fix deadlock in bdrv_co_yield_to_drain()
- Use lock guard macros
- Some preparational patches for 64 bit block layer
- file-posix: Fix request extension to INT64_MAX in raw_do_pwrite_zeroes()
* remotes/kevin/tags/for-upstream: (34 commits)
block: Fix deadlock in bdrv_co_yield_to_drain()
block: Fix locking in qmp_block_resize()
block: Simplify qmp_block_resize() error paths
block: introduce BDRV_MAX_LENGTH
block/io: bdrv_check_byte_request(): drop bdrv_is_inserted()
block/io: bdrv_refresh_limits(): use ERRP_GUARD
block/file-posix: fix workaround in raw_do_pwrite_zeroes()
can-host: Fix crash when 'canbus' property is not set
iotests/221: Discard image before qemu-img map
file-posix: check the use_lock before setting the file lock
iotests/308: Add test for FUSE exports
iotests: Enable fuse for many tests
iotests: Allow testing FUSE exports
iotests: Give access to the qemu-storage-daemon
storage-daemon: Call bdrv_close_all() on exit
iotests/287: Clean up subshell test image
iotests: Let _make_test_img guess $TEST_IMG_FILE
iotests: Restrict some Python tests to file
iotests/091: Use _cleanup_qemu instad of "wait"
iotests: Derive image names from $TEST_IMG
...
* remotes/cohuck/tags/s390x-20201211:
s390x/cpu: Use timer_free() in the finalize function to avoid memleaks
tests/acceptance: test s390x zpci fid propagation
tests/acceptance: verify s390x device detection
tests/acceptance: test virtio-ccw revision handling
tests/acceptance: add a test for devices on s390x
hw/watchdog/wdt_diag288: Remove unnecessary includes
* remotes/kraxel/tags/ui-20201211-pull-request:
sdl2: Add extra mouse buttons
ui/vnc: Add missing lock for send_color_map
vnc: add alpha cursor support
vnc: add pseudo encodings
vnc: drop unused copyrect feature
vnc: use enum for features
console: allow con==NULL in dpy_{get, set}_ui_info and dpy_ui_info_supported
console: drop qemu_console_get_ui_info
Kevin Wolf [Thu, 3 Dec 2020 17:23:11 +0000 (18:23 +0100)]
block: Fix deadlock in bdrv_co_yield_to_drain()
If bdrv_co_yield_to_drain() is called for draining a block node that
runs in a different AioContext, it keeps that AioContext locked while it
yields and schedules a BH in the AioContext to do the actual drain.
As long as executing the BH is the very next thing that the event loop
of the node's AioContext does, this actually happens to work, but when
it tries to execute something else that wants to take the AioContext
lock, it will deadlock. (In the bug report, this other thing is a
virtio-scsi device running virtio_scsi_data_plane_handle_cmd().)
Instead, always drop the AioContext lock across the yield and reacquire
it only when the coroutine is reentered. The BH needs to unconditionally
take the lock for itself now.
This fixes the 'block_resize' QMP command on a block node that runs in
an iothread.
Kevin Wolf [Thu, 3 Dec 2020 17:23:09 +0000 (18:23 +0100)]
block: Simplify qmp_block_resize() error paths
The only thing that happens after the 'out:' label is blk_unref(blk).
However, blk = NULL in all of the error cases, so instead of jumping to
'out:', we can just return directly.
We are going to modify block layer to work with 64bit requests. And
first step is moving to int64_t type for both offset and bytes
arguments in all block request related functions.
It's mostly safe (when widening signed or unsigned int to int64_t), but
switching from uint64_t is questionable.
So, let's first establish the set of requests we want to work with.
First signed int64_t should be enough, as off_t is signed anyway. Then,
obviously offset + bytes should not overflow.
And most interesting: (offset + bytes) being aligned up should not
overflow as well. Aligned to what alignment? First thing that comes in
mind is bs->bl.request_alignment, as we align up request to this
alignment. But there is another thing: look at
bdrv_mark_request_serialising(). It aligns request up to some given
alignment. And this parameter may be bdrv_get_cluster_size(), which is
often a lot greater than bs->bl.request_alignment.
Note also, that bdrv_mark_request_serialising() uses signed int64_t for
calculations. So, actually, we already depend on some restrictions.
Happily, bdrv_get_cluster_size() returns int and
bs->bl.request_alignment has 32bit unsigned type, but defined to be a
power of 2 less than INT_MAX. So, we may establish, that INT_MAX is
absolute maximum for any kind of alignment that may occur with the
request.
Note, that bdrv_get_cluster_size() is not documented to return power
of 2, still bdrv_mark_request_serialising() behaves like it is.
Also, backup uses bdi.cluster_size and is not prepared to it not being
power of 2.
So, let's establish that Qemu supports only power-of-2 clusters and
alignments.
So, alignment can't be greater than 2^30.
Finally to be safe with calculations, to not calculate different
maximums for different nodes (depending on cluster size and
request_alignment), let's simply set QEMU_ALIGN_DOWN(INT64_MAX, 2^30)
as absolute maximum bytes length for Qemu. Actually, it's not much less
than INT64_MAX.
OK, then, let's apply it to block/io.
Let's consider all block/io entry points of offset/bytes:
4 bytes/offset interface functions: bdrv_co_preadv_part(),
bdrv_co_pwritev_part(), bdrv_co_copy_range_internal() and
bdrv_co_pdiscard() and we check them all with bdrv_check_request().
We also have one entry point with only offset: bdrv_co_truncate().
Check the offset.
And one public structure: BdrvTrackedRequest. Happily, it has only
three external users:
file-posix.c: adopted by this patch
write-threshold.c: only read fields
test-write-threshold.c: sets obviously small constant values
Better is to make the structure private and add corresponding
interfaces.. Still it's not obvious what kind of interface is needed
for file-posix.c. Let's keep it public but add corresponding
assertions.
After this patch we'll convert functions in block/io.c to int64_t bytes
and offset parameters. We can assume that offset/bytes pair always
satisfy new restrictions, and make
corresponding assertions where needed. If we reach some offset/bytes
point in block/io.c missing bdrv_check_request() it is considered a
bug. As well, if block/io.c modifies a offset/bytes request, expanding
it more then aligning up to request_alignment, it's a bug too.
For all io requests except for discard we keep for now old restriction
of 32bit request length.
iotest 206 output error message changed, as now test disk size is
larger than new limit. Add one more test case with new maximum disk
size to cover too-big-L1 case.
block/io: bdrv_check_byte_request(): drop bdrv_is_inserted()
Move bdrv_is_inserted() calls into callers.
We are going to make bdrv_check_byte_request() a clean thing.
bdrv_is_inserted() is not about checking the request, it's about
checking the bs. So, it should be separate.
With this patch we probably change error path for some failure
scenarios. But depending on the fact that querying too big request on
empty cdrom (or corrupted qcow2 node with no drv) will result in EIO
and not ENOMEDIUM would be very strange. More over, we are going to
move to 64bit requests, so larger requests will be allowed anyway.
More over, keeping in mind that cdrom is the only driver that has
.bdrv_is_inserted() handler it's strange that we should care so much
about it in generic block layer, intuitively we should just do read and
write, and cdrom driver should return correct errors if it is not
inserted. But it's a work for another series.
block/file-posix: fix workaround in raw_do_pwrite_zeroes()
We should not set overlap_bytes:
1. Don't worry: it is calculated by bdrv_mark_request_serialising() and
will be equal to or greater than bytes anyway.
2. If the request was already aligned up to some greater alignment,
than we may break things: we reduce overlap_bytes, and further
bdrv_mark_request_serialising() may not help, as it will not restore
old bigger alignment.
Kevin Wolf [Mon, 30 Nov 2020 10:56:15 +0000 (11:56 +0100)]
can-host: Fix crash when 'canbus' property is not set
Providing the 'if' property, but not 'canbus' segfaults like this:
#0 0x0000555555b0f14d in can_bus_insert_client (bus=0x0, client=0x555556aa9af0) at ../net/can/can_core.c:88
#1 0x00005555559c3803 in can_host_connect (ch=0x555556aa9ac0, errp=0x7fffffffd568) at ../net/can/can_host.c:62
#2 0x00005555559c386a in can_host_complete (uc=0x555556aa9ac0, errp=0x7fffffffd568) at ../net/can/can_host.c:72
#3 0x0000555555d52de9 in user_creatable_complete (uc=0x555556aa9ac0, errp=0x7fffffffd5c8) at ../qom/object_interfaces.c:23
Max Reitz [Mon, 7 Dec 2020 15:22:45 +0000 (16:22 +0100)]
iotests/221: Discard image before qemu-img map
See the new comment for why this should be done.
I do not have a reproducer on master, but when using FUSE block exports,
this test breaks depending on the underlying filesystem (for me, it
works on tmpfs, but fails on xfs, because the block allocated by
file-posix has 16 kB there instead of 4 kB).
Li Feng [Mon, 7 Dec 2020 11:44:06 +0000 (19:44 +0800)]
file-posix: check the use_lock before setting the file lock
The scenario is that when accessing a volume on an NFS filesystem
without supporting the file lock, Qemu will complain "Failed to lock
byte 100", even when setting the file.locking = off.
We should do file lock related operations only when the file.locking is
enabled, otherwise, the syscall of 'fcntl' will return non-zero.
Max Reitz [Tue, 27 Oct 2020 19:06:00 +0000 (20:06 +0100)]
iotests/308: Add test for FUSE exports
We have good coverage of the normal I/O paths now, but what remains is a
test that tests some more special cases: Exporting an image on itself
(thus turning a formatted image into a raw one), some error cases, and
non-writable and non-growable exports.
Max Reitz [Tue, 27 Oct 2020 19:05:59 +0000 (20:05 +0100)]
iotests: Enable fuse for many tests
Many tests (that do not support generic protocols) can run just fine
with FUSE-exported images, so allow them to. Note that this is no
attempt at being definitely complete. There are some tests that might
be modified to run on FUSE, but this patch still skips them. This patch
only tries to pick the rather low-hanging fruits.
Note that 221 and 250 only pass when .lseek is correctly implemented,
which is only possible with a libfuse that is 3.8 or newer.
Max Reitz [Tue, 27 Oct 2020 19:05:58 +0000 (20:05 +0100)]
iotests: Allow testing FUSE exports
This pretends FUSE exports are a kind of protocol. As such, they are
always tested under the format node. This is probably the best way to
test them, actually, because this will generate more I/O load and more
varied patterns.
Max Reitz [Tue, 27 Oct 2020 19:05:56 +0000 (20:05 +0100)]
storage-daemon: Call bdrv_close_all() on exit
Otherwise, exports and block devices are not properly shut down and
closed, unless the users explicitly issues blockdev-del and
block-export-del commands for each of them.
Max Reitz [Tue, 27 Oct 2020 19:05:55 +0000 (20:05 +0100)]
iotests/287: Clean up subshell test image
287 creates an image in a subshell (thanks to the pipe) to see whether
that is possible with compression_type=zstd. If _make_test_img were to
modify any global state, this global state would then be lost before we
could cleanup the image.
When using FUSE as the test protocol, this global state is important, so
clean up the image before the state is lost.
Max Reitz [Tue, 27 Oct 2020 19:05:54 +0000 (20:05 +0100)]
iotests: Let _make_test_img guess $TEST_IMG_FILE
When most iotests want to create a test image that is named differently
from the default $TEST_IMG, they do something like this:
TEST_IMG="$TEST_IMG.base" _make_test_img $options
This works fine with the "file" protocol, but not so much for anything
else: _make_test_img tries to create an image under $TEST_IMG_FILE
first, and only under $TEST_IMG if the former is not set; and on
everything but "file", $TEST_IMG_FILE is set.
There are two ways we can fix this: First, we could make all tests
adjust not only TEST_IMG, but also TEST_IMG_FILE if that is present
(e.g. with something like _set_test_img_suffix $suffix that would affect
not only TEST_IMG but also TEST_IMG_FILE, if necessary). This is a
pretty clean solution, and this is maybe what we should have done from
the start.
But it would also require changes to most existing bash tests. So the
alternative is this: Let _make_test_img see whether $TEST_IMG_FILE still
points to the original value. If so, it is possible that the caller has
adjusted $TEST_IMG but not $TEST_IMG_FILE. In such a case, we can (for
most protocols) derive the corresponding $TEST_IMG_FILE value from
$TEST_IMG value and thus work around what technically is the caller
misbehaving.
This second solution is less clean, but it is robust against people
keeping their old habit of adjusting TEST_IMG only, and requires much
less changes. So this patch implements it.
Max Reitz [Tue, 27 Oct 2020 19:05:52 +0000 (20:05 +0100)]
iotests/091: Use _cleanup_qemu instad of "wait"
If the test environment has some other child processes running (like a
storage daemon that provides a FUSE export), then "wait" will never
finish. Use wait=yes _cleanup_qemu instead.
(We need to discard the output so there is no change to the reference
output.)
Max Reitz [Tue, 27 Oct 2020 19:05:51 +0000 (20:05 +0100)]
iotests: Derive image names from $TEST_IMG
Avoid creating images with custom filenames in $TEST_DIR, because
non-file protocols may want to keep $TEST_IMG (and all other test
images) in some other directory.
Max Reitz [Tue, 27 Oct 2020 19:05:50 +0000 (20:05 +0100)]
iotests/046: Avoid renaming images
This generally does not work on non-file protocols. It is better to
create the image with the final name from the start, and most tests do
this already. Let 046 follow suit.
Max Reitz [Tue, 27 Oct 2020 19:05:49 +0000 (20:05 +0100)]
iotests: Use convert -n in some cases
qemu-img convert (without -n) can often be replaced by a combination of
_make_test_img + qemu-img convert -n. Doing so allows converting to
protocols that do not allow direct file creation, such as FUSE exports.
The only problem is that for formats other than qcow2 and qed (qcow1 at
least), this may lead to high disk usage for some reason, so we cannot
do it everywhere.
But we can do it in 028 and 089, so let us do that so they can run on
FUSE exports. Also, in 028 this allows us to remove a 9-line comment
that used to explain why we cannot safely filter drive-backup's image
creation output.
Max Reitz [Tue, 27 Oct 2020 19:05:48 +0000 (20:05 +0100)]
iotests: Do not pipe _make_test_img
Executing _make_test_img as part of a pipe will undo all variable
changes it has done. As such, this could not work with FUSE (because
we want to remember all of our exports and their qemu instances).
Replace the pipe by a temporary file in 071 and 174 (the two tests that
can run on FUSE).
Max Reitz [Tue, 27 Oct 2020 19:05:47 +0000 (20:05 +0100)]
iotests: Do not needlessly filter _make_test_img
In most cases, _make_test_img does not need a _filter_imgfmt on top. It
does that by itself.
(The exception is when IMGFMT has been overwritten but TEST_IMG has not.
In such cases, we do need a _filter_imgfmt on top to filter the test's
original IMGFMT from TEST_IMG.)
Max Reitz [Tue, 27 Oct 2020 19:05:46 +0000 (20:05 +0100)]
fuse: Implement hole detection through lseek
This is a relatively new feature in libfuse (available since 3.8.0,
which was released in November 2019), so we have to add a dedicated
check whether it is available before making use of it.
Max Reitz [Tue, 27 Oct 2020 19:05:44 +0000 (20:05 +0100)]
fuse: Allow growable exports
These will behave more like normal files in that writes beyond the EOF
will automatically grow the export size.
As an optimization, keep the RESIZE permission for growable exports so
we do not have to take it for every post-EOF write. (This permission is
not released when the export is destroyed, because at that point the
BlockBackend is destroyed altogether anyway.)
Max Reitz [Tue, 27 Oct 2020 19:05:42 +0000 (20:05 +0100)]
fuse: Allow exporting BDSs via FUSE
block-export-add type=fuse allows mounting block graph nodes via FUSE on
some existing regular file. That file should then appears like a raw
disk image, and accesses to it result in accesses to the exported BDS.
Right now, we only implement the necessary block export functions to set
it up and shut it down. We do not implement any access functions, so
accessing the mount point only results in errors. This will be
addressed by a followup patch.
We keep a hash table of exported mount points, because we want to be
able to detect when users try to use a mount point twice. This is
because we invoke stat() to check whether the given mount point is a
regular file, but if that file is served by ourselves (because it is
already used as a mount point), then this stat() would have to be served
by ourselves, too, which is impossible to do while we (as the caller)
are waiting for it to settle. Therefore, keep track of mount point
paths to at least catch the most obvious instances of that problem.
Peter Maydell [Fri, 11 Dec 2020 15:01:05 +0000 (15:01 +0000)]
Merge remote-tracking branch 'remotes/rth-gitlab/tags/pull-tcg-20201210' into staging
Split CpusAccel for tcg variants
# gpg: Signature made Fri 11 Dec 2020 01:07:33 GMT
# gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg: issuer "[email protected]"
# gpg: Good signature from "Richard Henderson <[email protected]>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A 05C0 64DF 38E8 AF7E 215F
* remotes/rth-gitlab/tags/pull-tcg-20201210:
accel/tcg: rename tcg-cpus functions to match module name
accel/tcg: split tcg_start_vcpu_thread
accel/tcg: split CpusAccel into three TCG variants
Peter Maydell [Fri, 11 Dec 2020 13:50:35 +0000 (13:50 +0000)]
Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into staging
* Fix for NULL segments (Bin Meng)
* Support for 32768 CPUs on x86 without IOMMU (David)
* PDEP/PEXT fix and testcase (myself)
* Remove bios_name and ram_size globals (myself)
* qemu_init rationalization (myself)
* Update kernel-doc (myself + upstream patches)
* Propagate MemTxResult across DMA and PCI functions (Philippe)
* Remove master/slave when applicable (Philippe)
* WHPX support for in-kernel irqchip (Sunil)
* remotes/bonzini-gitlab/tags/for-upstream: (113 commits)
scripts: kernel-doc: remove unnecessary change wrt Linux
Revert "docs: temporarily disable the kernel-doc extension"
scripts: kernel-doc: use :c:union when needed
scripts: kernel-doc: split typedef complex regex
scripts: kernel-doc: fix typedef parsing
Revert "kernel-doc: Handle function typedefs that return pointers"
Revert "kernel-doc: Handle function typedefs without asterisks"
scripts: kernel-doc: try to use c:function if possible
scripts: kernel-doc: fix line number handling
scripts: kernel-doc: allow passing desired Sphinx C domain dialect
scripts: kernel-doc: don't mangle with parameter list
scripts: kernel-doc: fix typedef identification
scripts: kernel-doc: reimplement -nofunction argument
scripts: kernel-doc: fix troubles with line counts
scripts: kernel-doc: use a less pedantic markup for funcs on Sphinx 3.x
scripts: kernel-doc: make it more compatible with Sphinx 3.x
Revert "kernel-doc: Use c:struct for Sphinx 3.0 and later"
Revert "scripts/kerneldoc: For Sphinx 3 use c:macro for macros with arguments"
scripts: kernel-doc: add support for typedef enum
kernel-doc: add support for ____cacheline_aligned attribute
...
* remotes/ehabkost/tags/machine-next-pull-request:
i386/cpu: Make the Intel PT LIP feature configurable
sev: add sev-inject-launch-secret
qom: code hardening - have bound checking while looping with integer value
Gan Qixin [Fri, 4 Dec 2020 08:12:09 +0000 (16:12 +0800)]
s390x/cpu: Use timer_free() in the finalize function to avoid memleaks
When running device-introspect-test, a memory leak occurred in the s390_cpu_initfn
function, this patch use timer_free() in the finalize function to fix it.
ASAN shows memory leak stack:
Direct leak of 3552 byte(s) in 74 object(s) allocated from:
#0 0xfffeb3d4e1f0 in __interceptor_calloc (/lib64/libasan.so.5+0xee1f0)
#1 0xfffeb36e6800 in g_malloc0 (/lib64/libglib-2.0.so.0+0x56800)
#2 0xaaad51a8f9c4 in timer_new_full qemu/include/qemu/timer.h:523
#3 0xaaad51a8f9c4 in timer_new qemu/include/qemu/timer.h:544
#4 0xaaad51a8f9c4 in timer_new_ns qemu/include/qemu/timer.h:562
#5 0xaaad51a8f9c4 in s390_cpu_initfn qemu/target/s390x/cpu.c:304
#6 0xaaad51e00f58 in object_init_with_type qemu/qom/object.c:371
#7 0xaaad51e0406c in object_initialize_with_type qemu/qom/object.c:515
#8 0xaaad51e042e0 in object_new_with_type qemu/qom/object.c:729
#9 0xaaad51e3ff40 in qmp_device_list_properties qemu/qom/qom-qmp-cmds.c:153
#10 0xaaad51910518 in qdev_device_help qemu/softmmu/qdev-monitor.c:283
#11 0xaaad51911918 in qmp_device_add qemu/softmmu/qdev-monitor.c:801
#12 0xaaad51911e48 in hmp_device_add qemu/softmmu/qdev-monitor.c:916
Cornelia Huck [Mon, 30 Nov 2020 18:02:15 +0000 (19:02 +0100)]
tests/acceptance: verify s390x device detection
The kernel/initrd combination does not provide the virtio-net
driver; therefore, simply check whether the presented device type
is indeed virtio-net for the two virtio-net-{ccw,pci} devices.
Cornelia Huck [Mon, 30 Nov 2020 18:02:14 +0000 (19:02 +0100)]
tests/acceptance: test virtio-ccw revision handling
The max_revision prop of virtio-ccw devices can be used to force
an older revision for compatibility handling. The easiest way to
check this is to force a device to revision 0, which turns off
virtio-1.
Cornelia Huck [Thu, 26 Nov 2020 13:01:58 +0000 (14:01 +0100)]
tests/acceptance: add a test for devices on s390x
This adds a very basic test for checking that we present devices
in a way that Linux can consume: boot with both virtio-net-ccw and
virtio-net-pci attached and then verify that Linux is able to see
and detect these devices.
Thomas Huth [Wed, 18 Nov 2020 09:03:44 +0000 (10:03 +0100)]
hw/watchdog/wdt_diag288: Remove unnecessary includes
Neither sysbus.h nor module.h are required to compile this file.
diag288 is not a sysbus device, and module.h (for type_init) is
included eventually through qom/object.h.
Gerd Hoffmann [Tue, 8 Dec 2020 11:57:34 +0000 (12:57 +0100)]
vnc: add alpha cursor support
There is a new vnc extension for cursors with an alpha channel. Use
it if supported by the vnc client, prefer it over the "rich cursor"
extension which supports only a bitmask for transparency.
This is a visible improvement especially on modern desktops which
actually use the alpha channel when defining cursors.
Gerd Hoffmann [Tue, 8 Dec 2020 11:57:32 +0000 (12:57 +0100)]
vnc: drop unused copyrect feature
vnc stopped using the copyrect pseudo encoding in 2017, in commit 50628d3479e4 ("cirrus/vnc: zap bitblit support from console code.")
So we can drop the now unused copyrect feature bit.
Gerd Hoffmann [Tue, 8 Dec 2020 11:57:31 +0000 (12:57 +0100)]
vnc: use enum for features
Use an enum for the vnc feature bits. That way they are enumerated
automatically and we don't have to do that manually when adding or
removing features.
projects / qemu.git / log