Peter Maydell [Fri, 14 Feb 2020 17:50:56 +0000 (17:50 +0000)]
target/arm: Add _aa32_ to isar_feature functions testing 32-bit ID registers
Enforce a convention that an isar_feature function that tests a
32-bit ID register always has _aa32_ in its name, and one that
tests a 64-bit ID register always has _aa64_ in its name.
We already follow this except for three cases: thumb_div,
arm_div and jazelle, which all need _aa32_ adding.
(As noted in the comment, isar_feature_aa32_fp16_arith()
is an exception in that it currently tests ID_AA64PFR0_EL1,
but will switch to MVFR1 once we've properly implemented
FP16 for AArch32.)
target/arm: Split out aa64_va_parameter_tbi, aa64_va_parameter_tbid
For the purpose of rebuild_hflags_a64, we do not need to compute
all of the va parameters, only tbi. Moreover, we can compute them
in a form that is more useful to storing in hflags.
This eliminates the need for aa64_va_parameter_both, so fold that
in to aa64_va_parameter. The remaining calls to aa64_va_parameter
are in get_phys_addr_lpae and in pauth_helper.c.
This reduces the total cpu consumption of aa64_va_parameter in a
kernel boot plus a kvm guest kernel boot from 3% to 0.5%.
The psuedocode in aarch64/functions/pac/auth/Auth and
aarch64/functions/pac/strip/Strip always uses bit 55 for
extfield and do not consider if the current regime has 2 ranges.
Guenter Roeck [Mon, 17 Feb 2020 21:09:03 +0000 (13:09 -0800)]
z2: Make providing flash images non-mandatory
Up to now, the z2 machine only boots if a flash image is provided.
This is not really necessary; the machine can boot from initrd or from
SD without it. At the same time, having to provide dummy flash images
is a nuisance and does not add any real value. Make it optional.
Guenter Roeck [Mon, 17 Feb 2020 21:08:24 +0000 (13:08 -0800)]
mainstone: Make providing flash images non-mandatory
Up to now, the mainstone machine only boots if two flash images are
provided. This is not really necessary; the machine can boot from initrd
or from SD without it. At the same time, having to provide dummy flash
images is a nuisance and does not add any real value. Make it optional.
Peter Maydell [Fri, 21 Feb 2020 14:20:42 +0000 (14:20 +0000)]
Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-5.0-20200221' into staging
ppc patch queue 2020-02-21
Here's the next patch of ppc target patches. Highlights are:
* Some fixes for CAS / unplug interactions
* Remove some leaks of device trees
* Some fixes for the PHB3 and PHB4 devices
* Support for NVDIMMs on the pseries machine type
* Assorted other fixes and cleanups
* remotes/dgibson/tags/ppc-for-5.0-20200221:
hw/ppc/virtex_ml507:fix leak of fdevice tree blob
spapr: Fix handling of unplugged devices during CAS and migration
spapr: Don't use spapr_drc_needed() in CAS code
ppc: free 'fdt' after reset the machine
target/ppc/cpu.h: Clean up comments in the struct CPUPPCState definition
target/ppc/cpu.h: Move fpu related members closer in cpu env
target/ppc: Fix typo in comments
spapr: Allow changing offset for -kernel image
pnv/phb3: Add missing break statement
pnv/phb4: Fix error path in pnv_pec_realize()
pnv/phb3: Convert 1u to 1ull
target/ppc/cpu.h: Remove duplicate includes
spapr: Add Hcalls to support PAPR NVDIMM device
spapr: Add NVDIMM device support
nvdimm: add uuid property to nvdimm
mem: move nvdimm_device_list to utilities
ppc: function to setup latest class options
ppc/pnv: Fix PCI_EXPRESS dependency
qtest: Fix rtas dependencies
spapr/rtas: Print message from "ibm,os-term"
Peter Maydell [Fri, 21 Feb 2020 11:24:56 +0000 (11:24 +0000)]
Merge remote-tracking branch 'remotes/maxreitz/tags/pull-block-2020-02-20' into staging
Block patches:
- qemu-img convert: New --target-is-zero parameter
- qcow2: Specify non-default compression type flag
- optionally flat output for query-named-block-nodes
- some fixes
- pseudo-creation of images on block devices is now done by a generic
block layer function
* remotes/maxreitz/tags/pull-block-2020-02-20:
iotests: Test snapshot -l field separation
block: Fix VM size field width in snapshot dump
iotests: Test convert -n -B to backing-less target
qemu-img: Fix convert -n -B for backing-less targets
iotests: Add test for image creation fallback
iscsi: Drop iscsi_co_create_opts()
file-posix: Drop hdev_co_create_opts()
block: Generic file creation fallback
block/nbd: Fix hang in .bdrv_close()
iotests/279: Fix for non-qcow2 formats
block/backup-top: fix flags handling
block: always fill entire LUKS header space with zeros
qemu-img: Add --target-is-zero to convert
qapi: Allow getting flat output from 'query-named-block-nodes'
iotests/147: Fix drive parameters
iotests: Remove the superfluous 2nd check for the availability of quorum
docs: qcow2: introduce compression type feature
docs: improve qcow2 spec about extending image header
Greg Kurz [Fri, 14 Feb 2020 15:01:28 +0000 (16:01 +0100)]
spapr: Fix handling of unplugged devices during CAS and migration
We already detect if a device is being hot plugged before CAS to trigger
a CAS reboot and during migration to migrate the state of the associated
DRC. But hot unplugging a device is also an asynchronous operation that
requires the guest to take action. This means that if the guest is migrated
after the hot unplug event was sent but before it could release the device
with RTAS, the destination QEMU doesn't know about the pending unplug
operation and doesn't actually remove the device when the guest finally
releases it.
Similarly, if the unplug request is fired before CAS, the guest isn't
notified of the change, just like with hotplug. It ends up booting with
the device still present in the DT and configures it, just like it was
never removed. Even weirder, since the event is still queued, it will
be eventually processed when some other unrelated event is posted to
the guest.
Enhance spapr_drc_transient() to also return true if an unplug request is
pending. This fixes the issue at CAS with a CAS reboot request and
causes the DRC state to be migrated. Some extra care is still needed to
inform the destination that an unplug request is pending : migrate the
unplug_requested field of the DRC in an optional subsection. This might
break backwards migration, but this is still better than ending with
an inconsistent guest.
Greg Kurz [Fri, 14 Feb 2020 15:01:22 +0000 (16:01 +0100)]
spapr: Don't use spapr_drc_needed() in CAS code
We currently don't support hotplug of devices between boot and CAS. If
this happens a CAS reboot is triggered. We detect this during CAS using
the spapr_drc_needed() function which is essentially a VMStateDescription
.needed callback. Even if the condition for CAS reboot happens to be the
same as for DRC migration, it looks wrong to piggyback a migration helper
for this.
Introduce a helper with slightly more explicit name and use it in both CAS
and DRC migration code. Since a subsequent patch will enhance this helper
to cover the case of hot unplug, let's go for spapr_drc_transient(). While
here convert spapr_hotplugged_dev_before_cas() to the "transient" wording as
well.
Pan Nengyuan [Fri, 14 Feb 2020 03:32:06 +0000 (11:32 +0800)]
ppc: free 'fdt' after reset the machine
'fdt' forgot to clean both e500 and pnv when we call 'system_reset' on ppc,
this patch fix it. The leak stacks are as follow:
Direct leak of 4194304 byte(s) in 4 object(s) allocated from:
#0 0x7fafe37dd970 in __interceptor_calloc (/lib64/libasan.so.5+0xef970)
#1 0x7fafe2e3149d in g_malloc0 (/lib64/libglib-2.0.so.0+0x5249d)
#2 0x561876f7f80d in create_device_tree /mnt/sdb/qemu-new/qemu/device_tree.c:40
#3 0x561876b7ac29 in ppce500_load_device_tree /mnt/sdb/qemu-new/qemu/hw/ppc/e500.c:364
#4 0x561876b7f437 in ppce500_reset_device_tree /mnt/sdb/qemu-new/qemu/hw/ppc/e500.c:617
#5 0x56187718b1ae in qemu_devices_reset /mnt/sdb/qemu-new/qemu/hw/core/reset.c:69
#6 0x561876f6938d in qemu_system_reset /mnt/sdb/qemu-new/qemu/vl.c:1412
#7 0x561876f6a25b in main_loop_should_exit /mnt/sdb/qemu-new/qemu/vl.c:1645
#8 0x561876f6a398 in main_loop /mnt/sdb/qemu-new/qemu/vl.c:1679
#9 0x561876f7da8e in main /mnt/sdb/qemu-new/qemu/vl.c:4438
#10 0x7fafde16b812 in __libc_start_main ../csu/libc-start.c:308
#11 0x5618765c055d in _start (/mnt/sdb/qemu-new/qemu/build/ppc64-softmmu/qemu-system-ppc64+0x2b1555d)
Direct leak of 1048576 byte(s) in 1 object(s) allocated from:
#0 0x7fc0a6f1b970 in __interceptor_calloc (/lib64/libasan.so.5+0xef970)
#1 0x7fc0a656f49d in g_malloc0 (/lib64/libglib-2.0.so.0+0x5249d)
#2 0x55eb05acd2ca in pnv_dt_create /mnt/sdb/qemu-new/qemu/hw/ppc/pnv.c:507
#3 0x55eb05ace5bf in pnv_reset /mnt/sdb/qemu-new/qemu/hw/ppc/pnv.c:578
#4 0x55eb05f2f395 in qemu_system_reset /mnt/sdb/qemu-new/qemu/vl.c:1410
#5 0x55eb05f43850 in main /mnt/sdb/qemu-new/qemu/vl.c:4403
#6 0x7fc0a18a9812 in __libc_start_main ../csu/libc-start.c:308
#7 0x55eb0558655d in _start (/mnt/sdb/qemu-new/qemu/build/ppc64-softmmu/qemu-system-ppc64+0x2b1555d)
BALATON Zoltan [Sun, 16 Feb 2020 21:23:54 +0000 (22:23 +0100)]
target/ppc/cpu.h: Clean up comments in the struct CPUPPCState definition
The cpu env struct is quite complex but comments supposed to explain
it in its definition just make it harder to read. Reformat and reword
some comments to make it clearer and more readable.
This allows moving the kernel in the guest memory. The option is useful
for step debugging (as Linux is linked at 0x0); it also allows loading
grub which is normally linked to run at 0x20000.
This patch implements few of the necessary hcalls for the nvdimm support.
PAPR semantics is such that each NVDIMM device is comprising of multiple
SCM(Storage Class Memory) blocks. The guest requests the hypervisor to
bind each of the SCM blocks of the NVDIMM device using hcalls. There can
be SCM block unbind requests in case of driver errors or unplug(not
supported now) use cases. The NVDIMM label read/writes are done through
hcalls.
Since each virtual NVDIMM device is divided into multiple SCM blocks,
the bind, unbind, and queries using hcalls on those blocks can come
independently. This doesn't fit well into the qemu device semantics,
where the map/unmap are done at the (whole)device/object level granularity.
The patch doesnt actually bind/unbind on hcalls but let it happen at the
device_add/del phase itself instead.
The guest kernel makes bind/unbind requests for the virtual NVDIMM device
at the region level granularity. Without interleaving, each virtual NVDIMM
device is presented as a separate guest physical address range. So, there
is no way a partial bind/unbind request can come for the vNVDIMM in a
hcall for a subset of SCM blocks of a virtual NVDIMM. Hence it is safe to
do bind/unbind everything during the device_add/del.
Add support for NVDIMM devices for sPAPR. Piggyback on existing nvdimm
device interface in QEMU to support virtual NVDIMM devices for Power.
Create the required DT entries for the device (some entries have
dummy values right now).
The patch creates the required DT node and sends a hotplug
interrupt to the guest. Guest is expected to undertake the normal
DR resource add path in response and start issuing PAPR SCM hcalls.
The device support is verified based on the machine version unlike x86.
This is how it can be used ..
Ex :
For coldplug, the device to be added in qemu command line as shown below
-object memory-backend-file,id=memnvdimm0,prealloc=yes,mem-path=/tmp/nvdimm0,share=yes,size=1073872896
-device nvdimm,label-size=128k,uuid=75a3cdd7-6a2f-4791-8d15-fe0a920e8e9e,memdev=memnvdimm0,id=nvdimm0,slot=0
For hotplug, the device to be added from monitor as below
object_add memory-backend-file,id=memnvdimm0,prealloc=yes,mem-path=/tmp/nvdimm0,share=yes,size=1073872896
device_add nvdimm,label-size=128k,uuid=75a3cdd7-6a2f-4791-8d15-fe0a920e8e9e,memdev=memnvdimm0,id=nvdimm0,slot=0
We are going to add more init for the latest machine, so move the setup
to a function so we don't have to change the DEFINE_SPAPR_MACHINE macro
each time.
Laurent Vivier [Wed, 5 Feb 2020 23:20:16 +0000 (00:20 +0100)]
ppc/pnv: Fix PCI_EXPRESS dependency
When PHB4 bridge has been added, the dependencies to PCIE_PORT has been
added to XIVE_SPAPR and indirectly to PSERIES.
The build of the PowerNV machine is fine while we also build the PSERIES
machine.
If we disable the PSERIES machine, the PowerNV build fails because the
PCI Express files are not built:
/usr/bin/ld: hw/ppc/pnv.o: in function `pnv_chip_power8_pic_print_info':
.../hw/ppc/pnv.c:623: undefined reference to `pnv_phb3_msi_pic_print_info'
/usr/bin/ld: hw/ppc/pnv.o: in function `pnv_chip_power9_pic_print_info':
.../hw/ppc/pnv.c:639: undefined reference to `pnv_phb4_pic_print_info'
/usr/bin/ld: ../hw/usb/hcd-ehci-pci.o: in function `usb_ehci_pci_write_config':
.../hw/usb/hcd-ehci-pci.c:129: undefined reference to `pci_default_write_config'
/usr/bin/ld: ../hw/usb/hcd-ehci-pci.o: in function `usb_ehci_pci_realize':
.../hw/usb/hcd-ehci-pci.c:68: undefined reference to `pci_allocate_irq'
/usr/bin/ld: .../hw/usb/hcd-ehci-pci.c:72: undefined reference to `pci_register_bar'
/usr/bin/ld: ../hw/usb/hcd-ehci-pci.o:(.data.rel+0x50): undefined reference to `vmstate_pci_device'
This patch fixes the problem by adding needed dependencies to POWERNV.
Peter Maydell [Thu, 20 Feb 2020 17:35:42 +0000 (17:35 +0000)]
Merge remote-tracking branch 'remotes/vivier2/tags/linux-user-for-5.0-pull-request' into staging
Implement membarrier, SO_RCVTIMEO and SO_SNDTIMEO
Disable by default build of fdt, slirp and tools with linux-user
Improve strace and use qemu_log to send trace to a file
Add partial ALSA ioctl supports
* remotes/vivier2/tags/linux-user-for-5.0-pull-request:
linux-user: Add support for selected alsa timer instructions using ioctls
linux-user: Add support for getting/setting selected alsa timer parameters using ioctls
linux-user: Add support for selecting alsa timer using ioctl
linux-user: Add support for getting/setting specified alsa timer parameters using ioctls
linux-user: Add support for getting alsa timer version and id
linux-user: remove gemu_log from the linux-user tree
linux-user: Use `qemu_log' for strace
linux-user: Use `qemu_log' for non-strace logging
configure: Avoid compiling system tools on user build by default
linux-user/strace: Improve output of various syscalls
configure: linux-user doesn't need neither fdt nor slirp
linux-user: implement getsockopt SO_RCVTIMEO and SO_SNDTIMEO
linux-user: Implement membarrier syscall
Max Reitz [Fri, 17 Jan 2020 10:58:58 +0000 (11:58 +0100)]
block: Fix VM size field width in snapshot dump
When printing the snapshot list (e.g. with qemu-img snapshot -l), the VM
size field is only seven characters wide. As of de38b5005e9, this is
not necessarily sufficient: We generally print three digits, and this
may require a decimal point. Also, the unit field grew from something
as plain as "M" to " MiB". This means that number and unit may take up
eight characters in total; but we also want spaces in front.
Considering previously the maximum width was four characters and the
field width was chosen to be three characters wider, let us adjust the
field width to be eleven now.
Max Reitz [Tue, 21 Jan 2020 15:59:14 +0000 (16:59 +0100)]
qemu-img: Fix convert -n -B for backing-less targets
s.target_has_backing does not reflect whether the target BDS has a
backing file; it only tells whether we should use a backing file during
conversion (specified by -B).
As such, if you use convert -n, the target does not necessarily actually
have a backing file, and then dereferencing out_bs->backing fails here.
When converting to an existing file, we should set
target_backing_sectors to a negative value, because first, as the
comment explains, this value is only used for optimization, so it is
always fine to do that.
Second, we use this value to determine where the target must be
initialized to zeroes (overlays are initialized to zero after the end of
their backing file). When converting to an existing file, we cannot
assume that to be true.
Max Reitz [Wed, 22 Jan 2020 16:45:28 +0000 (17:45 +0100)]
block/nbd: Fix hang in .bdrv_close()
When nbd_close() is called from a coroutine, the connection_co never
gets to run, and thus nbd_teardown_connection() hangs.
This is because aio_co_enter() only puts the connection_co into the main
coroutine's wake-up queue, so this main coroutine needs to yield and
wait for connection_co to terminate.
backup-top "supports" write-unchanged, by skipping CBW operation in
backup_top_co_pwritev. But it forgets to do the same in
backup_top_co_pwrite_zeroes, as well as declare support for
BDRV_REQ_WRITE_UNCHANGED.
Fix this, and, while being here, declare also support for flags
supported by source child.
block: always fill entire LUKS header space with zeros
When initializing the LUKS header the size with default encryption
parameters will currently be 2068480 bytes. This is rounded up to
a multiple of the cluster size, 2081792, with 64k sectors. If the
end of the header is not the same as the end of the cluster we fill
the extra space with zeros. This was forgetting that not even the
space allocated for the header will be fully initialized, as we
only write key material for the first key slot. The space left
for the other 7 slots is never written to.
made the assumption that every cluster which was allocated would
have at least some data written to it. This was violated by way
the LUKS header is only partially written, with much space simply
reserved for future use.
Depending on the cluster size this problem was masked by the
logic which wrote zeros between the end of the LUKS header and
the end of the cluster.
$ qemu-img check --object secret,id=cluster_encrypt0,data=redhat \
'json:{"driver": "qcow2", "encrypt.format": "luks", \
"encrypt.key-secret": "cluster_encrypt0", \
"file.driver": "file", "file.filename": "cluster_size_check.qcow2"}'
ERROR: counting reference for region exceeding the end of the file by one cluster or more: offset 0x2000 size 0x1f9000
Leaked cluster 4 refcount=1 reference=0
...snip...
Leaked cluster 130 refcount=1 reference=0
1 errors were found on the image.
Data may be corrupted, or further writes to the image may corrupt it.
127 leaked clusters were found on the image.
This means waste of disk space, but no harm to data.
Image end offset: 268288
The problem only exists when the disk image is entirely empty. Writing
data to the disk image payload will solve the problem by causing the
end of the file to be extended further.
The change fixes it by ensuring that the entire allocated LUKS header
region is fully initialized with zeros. The qemu-img check will still
fail for any pre-existing disk images created prior to this change,
unless at least 1 byte of the payload is written to.
Fully writing zeros to the entire LUKS header is a good idea regardless
as it ensures that space has been allocated on the host filesystem (or
whatever block storage backend is used).
David Edmondson [Wed, 5 Feb 2020 11:02:48 +0000 (11:02 +0000)]
qemu-img: Add --target-is-zero to convert
In many cases the target of a convert operation is a newly provisioned
target that the user knows is blank (reads as zero). In this situation
there is no requirement for qemu-img to wastefully zero out the entire
device.
Add a new option, --target-is-zero, allowing the user to indicate that
an existing target device will return zeros for all reads.
Thomas Huth [Wed, 29 Jan 2020 14:17:51 +0000 (15:17 +0100)]
iotests: Remove the superfluous 2nd check for the availability of quorum
Commit d9df28e7b07 ("iotests: check whitelisted formats") added the
modern @iotests.skip_if_unsupported() to the functions in this test,
so we don't need the old explicit test here anymore.
The patch adds a new additional field to the qcow2 header: compression_type,
which specifies compression type. If field is absent or zero, default
compression type is set: ZLIB, which corresponds to current behavior.
New compression type (ZSTD) is to be added in further commit.
docs: improve qcow2 spec about extending image header
Make it more obvious how to add new fields to the version 3 header and
how to interpret them.
The specification is adjusted so that for new defined optional fields:
1. Software may support some of these optional fields and ignore the
others, which means that features may be backported to downstream
Qemu independently.
2. If we want to add incompatible field (or a field, for which some of
its values would be incompatible), it must be accompanied by
incompatible feature bit.
Also the concept of "default is zero" is clarified, as it's strange to
say that the value of the field is assumed to be zero for the software
version which don't know about the field at all and don't know how to
treat it be it zero or not.
Peter Maydell [Thu, 20 Feb 2020 14:04:16 +0000 (14:04 +0000)]
Merge remote-tracking branch 'remotes/rth/tags/pull-pa-20200218' into staging
Fixes for Dino and Artist.
# gpg: Signature made Tue 18 Feb 2020 19:35:09 GMT
# gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg: issuer "[email protected]"
# gpg: Good signature from "Richard Henderson <[email protected]>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A 05C0 64DF 38E8 AF7E 215F
* remotes/rth/tags/pull-pa-20200218:
hw/hppa/dino: Do not accept accesses to registers 0x818 and 0x82c
hw/hppa/dino: Fix bitmask for the PCIROR register
hw/hppa/dino: Fix reg800_keep_bits overrun (CID 141938714193931419394)
hw/hppa/dino: Add comments with register name
hw/display/artist: Remove dead code (CID 1419388 & 1419389)
hw/display/artist: Avoid drawing line when nothing to display
hw/display/artist: Delay some variables initialization
hw/display/artist: Remove pointless initialization
hw/display/artist: Move trace event to draw_line()
Starts the timer device that is selected. The third ioctl's argument is
ignored. Before calling this ioctl, the ioctl "SNDRV_TIMER_IOCTL_SELECT"
should be called first to select the timer that is to be started. If no
timer is selected, the error EBADFD ("File descriptor in bad shape")
is returned.
SNDRV_TIMER_IOCTL_STOP - Stop selected alsa timer
Stops the timer device that is selected. The third ioctl's argument is
ignored. Before calling this ioctl, the ioctl "SNDRV_TIMER_IOCTL_SELECT"
should be called first to select the timer that is to be stopped. If no
timer is selected, the error EBADFD ("File descriptor in bad shape")
is returned.
Continues the timer device that is selected. The third ioctl's argument is
ignored. Before calling this ioctl, the ioctl "SNDRV_TIMER_IOCTL_SELECT"
should be called first to select the timer that is to be continued. If no
timer is selected, the error EBADFD ("File descriptor in bad shape")
is returned.
Pauses the timer device that is selected. The third ioctl's argument is
ignored. Before calling this ioctl, the ioctl "SNDRV_TIMER_IOCTL_SELECT"
should be called first to select the timer that is to be paused. If no
timer is selected, the error EBADFD ("File descriptor in bad shape")
is returned.
Implementation notes:
Since all of the implemented ioctls have NULL as their third argument,
their implementation was straightforward.
Filip Bozuta [Wed, 15 Jan 2020 19:36:45 +0000 (20:36 +0100)]
linux-user: Add support for getting/setting selected alsa timer parameters using ioctls
This patch implements functionalities of following ioctls:
SNDRV_TIMER_IOCTL_INFO - Getting information about selected timer
Read information about the selected timer. The information is returned in
the following structure:
struct snd_timer_info {
unsigned int flags; /* timer flags - SNDRV_TIMER_FLG_* */
int card; /* card number */
unsigned char id[64]; /* timer identificator */
unsigned char name[80]; /* timer name */
unsigned long reserved0; /* reserved for future use */
unsigned long resolution; /* average period resolution in ns */
unsigned char reserved[64]; /* reserved for future use */
};
A pointer to this structure should be passed as the third ioctl's argument.
Before calling this ioctl, the ioctl "SNDRV_TIMER_IOCTL_SELECT" should be
called first to select the timer which information is to be obtained. If no
timer is selected, the error EBADFD ("File descriptor in bad shape") is
returned.
SNDRV_TIMER_IOCTL_PARAMS - Setting parameters for selected timer
Sets parameters for the selected timer. The paramaters are set in the
following structure:
struct snd_timer_params {
unsigned int flags; /* flags - SNDRV_TIMER_PSFLG_* */
unsigned int ticks; /* requested resolution in ticks */
unsigned int queue_size; /* total size of queue (32-1024) */
unsigned int reserved0; /* reserved, was: failure locations */
unsigned int filter; /* event filter */
unsigned char reserved[60]; /* reserved */
};
A pointer to this structure should be passed as the third ioctl's argument.
Before calling this ioctl, the ioctl "SNDRV_TIMER_IOCTL_SELECT" should be
called first to select the timer which parameters are to be set. If no
timer is selected, the error EBADFD ("File descriptor in bad shape") is
returned.
SNDRV_TIMER_IOCTL_STATUS - Getting status of selected timer
Read status of the selected timer. The status of the timer is returned in
the following structure:
struct snd_timer_status {
struct timespec tstamp; /* Timestamp - last update */
unsigned int resolution; /* current period resolution in ns */
unsigned int lost; /* counter of master tick lost */
unsigned int overrun; /* count of read queue overruns */
unsigned int queue; /* used queue size */
unsigned char reserved[64]; /* reserved */
};
A pointer to this structure should be passed as the third ioctl's argument.
Before calling this ioctl, the ioctl "SNDRV_TIMER_IOCTL_SELECT" should be
called first to select the timer which status is to be obtained. If no
timer is selected, the error EBADFD ("File descriptor in bad shape") is
returned.
Implementation notes:
All ioctls in this patch have pointer to some kind of a structure
as their third argument. That is the reason why corresponding
definitions were added in 'linux-user/syscall_types.h'. Structure
'snd_timer_status' has field of type 'struct timespec' which is why
a corresponding definition of that structure was also added in
'linux-user/syscall_types.h'. All of these strucutures have some
fields that are of type 'unsigned long'. That is the reason why
separate target structures were defined in 'linux-user/syscall_defs.h'.
Structure 'struct timespec' already had a separate target definition
so that definition was used to define a target structure for
'snd_timer_status'. The rest of the implementation was straightforward.
A pointer to this structure should be passed as the third ioctl's argument.
Before calling the ioctl, the field "tid" should be initialized with the id
information for the timer which is to be selected. If there is no timer
device with the specified id, the error ENODEV ("No such device") is
returned.
Implementation notes:
Ioctl implemented in this patch has a pointer to a
'struct snd_timer_select' as its third argument.
That is the reason why a corresponding definition
was added in 'linux-user/syscall_types.h'. The rest
of the implementation was straightforward.
Filip Bozuta [Wed, 15 Jan 2020 19:36:43 +0000 (20:36 +0100)]
linux-user: Add support for getting/setting specified alsa timer parameters using ioctls
This patch implements functionalities of following ioctls:
SNDRV_TIMER_IOCTL_GINFO - Getting information about specified timer
Read information about the specified timer. The information about the
timer is returned in the following structure:
struct snd_timer_ginfo {
struct snd_timer_id tid; /* requested timer ID */
unsigned int flags; /* timer flags - SNDRV_TIMER_FLG_* */
int card; /* card number */
unsigned char id[64]; /* timer identification */
unsigned char name[80]; /* timer name */
unsigned long reserved0; /* reserved for future use */
unsigned long resolution; /* average period resolution in ns */
unsigned long resolution_min; /* minimal period resolution in ns */
unsigned long resolution_max; /* maximal period resolution in ns */
unsigned int clients; /* active timer clients */
unsigned char reserved[32]; /* reserved */
};
A pointer to this structure should be passed as the third ioctl's argument.
Before calling the ioctl, the field "tid" should be initialized with the id
information for the timer which information is to be obtained. After the
ioctl call, the rest of the structure fields are filled with values from
the timer device with the specified id. If there is no device with the
specified id, the error ENODEV ("No such device") is returned.
SNDRV_TIMER_IOCTL_GPARAMS - Setting precise period duration
Sets timer precise period duration numerator and denominator in seconds. The
period duration is set in the following structure:
struct snd_timer_gparams {
struct snd_timer_id tid; /* requested timer ID */
unsigned long period_num; /* period duration - numerator */
unsigned long period_den; /* period duration - denominator */
unsigned char reserved[32]; /* reserved */
};
A pointer to this structure should be passed as the third ioctl's argument.
Before calling the ioctl, the field "tid" should be initialized with the id
information for the timer which period duration is to be set. Also, the
fileds "period_num" and "period_den" should be filled with the period
duration numerator and denominator values that are to be set respectively.
If there is no device with the specified id, the error ENODEV ("No such
device") is returned.
SNDRV_TIMER_IOCTL_GSTATUS - Getting current period resolution
Read timer current period resolution in nanoseconds and period resolution
numerator and denominator in seconds. The period resolution information is
returned in the following structure:
struct snd_timer_gstatus {
struct snd_timer_id tid; /* requested timer ID */
unsigned long resolution; /* current period resolution in ns */
unsigned long resolution_num; /* period resolution - numerator */
unsigned long resolution_den; /* period resolution - denominator */
unsigned char reserved[32]; /* reserved for future use */
};
A pointer to this structure should be passed as the third ioctl's argument.
Before calling the ioctl, the field "tid" should be initialized with the id
information for the timer which period resolution is to be obtained. After
the ioctl call, the rest of the structure fields are filled with values
from the timer device with the specified id. If there is no device with the
specified id, the error ENODEV ("No such device") is returned.
Implementation notes:
All ioctls in this patch have pointer to some kind of a structure as their
third argument. That is the reason why corresponding definitions were added
in 'linux-user/syscall_types.h'. All of these strcutures have some fields
that are of type 'unsigned long'. That is the reason why separate target
structures were defined in 'linux-user/syscall_defs.h'. Also, all of the
structures have a field with type 'struct snd_timer_id' which is the reason
why a separate target structure 'struct target_snd_timer_id' was also
defined. The rest of the implementation was straightforward.
Filip Bozuta [Wed, 15 Jan 2020 19:36:41 +0000 (20:36 +0100)]
linux-user: Add support for getting alsa timer version and id
This patch implements functionalities of following ioctls:
SNDRV_TIMER_IOCTL_PVERSION - Getting the sound timer version
Read the sound timer version. The third ioctl's argument is
a pointer to an int in which the specified timers version
is returned.
SNDRV_TIMER_IOCTL_NEXT_DEVICE - Getting id information about next timer
Read id information about the next timer device from the sound timer
device list. The id infomration is returned in the following structure:
struct snd_timer_id {
int dev_class; /* timer device class number */
int dev_sclass; /* slave device class number (unused) */
int card; /* card number */
int device; /* device number */
int subdevice; /* sub-device number */
};
The devices in the sound timer device list are arranged by the fields
of this structure respectively (first by dev_class number, then by
card number, ...). A pointer to this structure should be passed as
the third ioctl's argument. Before calling the ioctl, the parameters
of this structure should be initialized in relation to the next timer
device which information is to be obtained. For example, if a wanted
timer device has the device class number equal to or bigger then 2,
the field dev_class should be initialized to 2. After the ioctl call,
the structure fields are filled with values from the next device in
the sound timer device list. If there is no next device in the list,
the structure is filled with "zero" id values (in that case all
fields are filled with value -1).
Implementation notes:
The ioctl 'SNDRV_TIMER_IOCTL_NEXT_DEVICE' has a pointer to a
'struct snd_timer_id' as its third argument. That is the reason why
corresponding definition is added in 'linux-user/syscall_types.h'.
Since all elements of this structure are of type 'int', the rest of
the implementation was straightforward.
The line '#include <linux/rtc.h>' was added to recognize
preprocessor definitions for these ioctls. This needs to be
done only once in this series of commits. Also, the content
of this file (with respect to ioctl definitions) remained
unchanged for a long time, therefore there is no need to
worry about supporting older Linux kernel version.
Josh Kunz [Tue, 4 Feb 2020 02:54:14 +0000 (18:54 -0800)]
linux-user: Use `qemu_log' for strace
This change switches linux-user strace logging to use the newer `qemu_log`
logging subsystem rather than the older `gemu_log` (notice the "g")
logger. `qemu_log` has several advantages, namely that it allows logging
to a file, and provides a more unified interface for configuration
of logging (via the QEMU_LOG environment variable or options).
This change introduces a new log mask: `LOG_STRACE` which is used for
logging of user-mode strace messages.
Josh Kunz [Tue, 4 Feb 2020 02:54:13 +0000 (18:54 -0800)]
linux-user: Use `qemu_log' for non-strace logging
Since most calls to `gemu_log` are actually logging unimplemented features,
this change replaces most non-strace calls to `gemu_log` with calls to
`qemu_log_mask(LOG_UNIMP, ...)`. This allows the user to easily log to
a file, and to mask out these log messages if they desire.
Note: This change is slightly backwards incompatible, since now these
"unimplemented" log messages will not be logged by default.
*** CID 1419387: Memory - illegal accesses (OVERRUN)
/hw/hppa/dino.c: 267 in dino_chip_read_with_attrs()
261 val = s->ilr & s->imr & s->icr;
262 break;
263 case DINO_TOC_ADDR:
264 val = s->toc_addr;
265 break;
266 case DINO_GMASK ... DINO_TLTIM:
>>> CID 1419387: Memory - illegal accesses (OVERRUN)
>>> Overrunning array "s->reg800" of 12 4-byte elements at element index 12 (byte offset 48) using index "(addr - 2048UL) / 4UL" (which evaluates to 12).
267 val = s->reg800[(addr - DINO_GMASK) / 4];
268 if (addr == DINO_PAMR) {
269 val &= ~0x01; /* LSB is hardwired to 0 */
270 }
271 if (addr == DINO_MLTIM) {
272 val &= ~0x07; /* 3 LSB are hardwired to 0 */
*** CID 1419393: Memory - corruptions (OVERRUN)
/hw/hppa/dino.c: 363 in dino_chip_write_with_attrs()
357 /* These registers are read-only. */
358 break;
359
360 case DINO_GMASK ... DINO_TLTIM:
361 i = (addr - DINO_GMASK) / 4;
362 val &= reg800_keep_bits[i];
>>> CID 1419393: Memory - corruptions (OVERRUN)
>>> Overrunning array "s->reg800" of 12 4-byte elements at element index 12 (byte offset 48) using index "i" (which evaluates to 12).
363 s->reg800[i] = val;
364 break;
365
366 default:
367 /* Controlled by dino_chip_mem_valid above. */
368 g_assert_not_reached();
*** CID 1419394: Memory - illegal accesses (OVERRUN)
/hw/hppa/dino.c: 362 in dino_chip_write_with_attrs()
356 case DINO_IRR1:
357 /* These registers are read-only. */
358 break;
359
360 case DINO_GMASK ... DINO_TLTIM:
361 i = (addr - DINO_GMASK) / 4;
>>> CID 1419394: Memory - illegal accesses (OVERRUN)
>>> Overrunning array "reg800_keep_bits" of 12 4-byte elements at element index 12 (byte offset 48) using index "i" (which evaluates to 12).
362 val &= reg800_keep_bits[i];
363 s->reg800[i] = val;
364 break;
365
366 default:
367 /* Controlled by dino_chip_mem_valid above. */
Indeed the array should contain 13 entries, the undocumented
register 0x82c is missing. Fix by increasing the array size
and adding the missing register.
$ echo x 0xfff80830 | hppa-softmmu/qemu-system-hppa -S -monitor stdio -display none
QEMU 4.2.50 monitor - type 'help' for more information
(qemu) x 0xfff80830
qemu/hw/hppa/dino.c:267:15: runtime error: index 12 out of bounds for type 'uint32_t [12]'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/phil/source/qemu/hw/hppa/dino.c:267:15 in 00000000fff80830: 0x00000000
$ echo writeb 0xfff80830 0x69 \
| hppa-softmmu/qemu-system-hppa -S -accel qtest -qtest stdio -display none
[I 1581634452.654113] OPENED
[R +4.105415] writeb 0xfff80830 0x69
qemu/hw/hppa/dino.c:362:16: runtime error: index 12 out of bounds for type 'const uint32_t [12]'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior qemu/hw/hppa/dino.c:362:16 in
=================================================================
==29607==ERROR: AddressSanitizer: global-buffer-overflow on address 0x5577dae32f30 at pc 0x5577d93f2463 bp 0x7ffd97ea11b0 sp 0x7ffd97ea11a8
READ of size 4 at 0x5577dae32f30 thread T0
#0 0x5577d93f2462 in dino_chip_write_with_attrs qemu/hw/hppa/dino.c:362:16
#1 0x5577d9025664 in memory_region_write_with_attrs_accessor qemu/memory.c:503:12
#2 0x5577d9024920 in access_with_adjusted_size qemu/memory.c:539:18
#3 0x5577d9023608 in memory_region_dispatch_write qemu/memory.c:1482:13
#4 0x5577d8e3177a in flatview_write_continue qemu/exec.c:3166:23
#5 0x5577d8e20357 in flatview_write qemu/exec.c:3206:14
#6 0x5577d8e1fef4 in address_space_write qemu/exec.c:3296:18
#7 0x5577d8e20693 in address_space_rw qemu/exec.c:3306:16
#8 0x5577d9011595 in qtest_process_command qemu/qtest.c:432:13
#9 0x5577d900d19f in qtest_process_inbuf qemu/qtest.c:705:9
#10 0x5577d900ca22 in qtest_read qemu/qtest.c:717:5
#11 0x5577da8c4254 in qemu_chr_be_write_impl qemu/chardev/char.c:183:9
#12 0x5577da8c430c in qemu_chr_be_write qemu/chardev/char.c:195:9
#13 0x5577da8cf587 in fd_chr_read qemu/chardev/char-fd.c:68:9
#14 0x5577da9836cd in qio_channel_fd_source_dispatch qemu/io/channel-watch.c:84:12
#15 0x7faf44509ecc in g_main_context_dispatch (/lib64/libglib-2.0.so.0+0x4fecc)
#16 0x5577dab75f96 in glib_pollfds_poll qemu/util/main-loop.c:219:9
#17 0x5577dab74797 in os_host_main_loop_wait qemu/util/main-loop.c:242:5
#18 0x5577dab7435a in main_loop_wait qemu/util/main-loop.c:518:11
#19 0x5577d9514eb3 in main_loop qemu/vl.c:1682:9
#20 0x5577d950699d in main qemu/vl.c:4450:5
#21 0x7faf41a87f42 in __libc_start_main (/lib64/libc.so.6+0x23f42)
#22 0x5577d8cd4d4d in _start (qemu/build/sanitizer/hppa-softmmu/qemu-system-hppa+0x1256d4d)
0x5577dae32f30 is located 0 bytes to the right of global variable 'reg800_keep_bits' defined in 'qemu/hw/hppa/dino.c:87:23' (0x5577dae32f00) of size 48
SUMMARY: AddressSanitizer: global-buffer-overflow qemu/hw/hppa/dino.c:362:16 in dino_chip_write_with_attrs
Shadow bytes around the buggy address:
0x0aaf7b5be590: 00 f9 f9 f9 f9 f9 f9 f9 00 02 f9 f9 f9 f9 f9 f9
0x0aaf7b5be5a0: 07 f9 f9 f9 f9 f9 f9 f9 07 f9 f9 f9 f9 f9 f9 f9
0x0aaf7b5be5b0: 07 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
0x0aaf7b5be5c0: 00 00 00 02 f9 f9 f9 f9 00 00 00 00 00 00 00 00
0x0aaf7b5be5d0: 00 00 00 00 00 00 00 00 00 00 00 03 f9 f9 f9 f9
=>0x0aaf7b5be5e0: 00 00 00 00 00 00[f9]f9 f9 f9 f9 f9 00 00 00 00
0x0aaf7b5be5f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0aaf7b5be600: 00 00 01 f9 f9 f9 f9 f9 00 00 00 00 07 f9 f9 f9
0x0aaf7b5be610: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
0x0aaf7b5be620: 00 00 00 05 f9 f9 f9 f9 00 00 00 00 07 f9 f9 f9
0x0aaf7b5be630: f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9 07 f9 f9 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==29607==ABORTING
hw/net/rocker: Report unimplemented feature with qemu_log_mask(UNIMP)
Fix warnings reported by Clang static code analyzer:
CC hw/net/rocker/rocker.o
hw/net/rocker/rocker.c:213:9: warning: Value stored to 'tx_tso_mss' is never read
tx_tso_mss = rocker_tlv_get_le16(tlvs[ROCKER_TLV_TX_TSO_MSS]);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
hw/net/rocker/rocker.c:217:9: warning: Value stored to 'tx_tso_hdr_len' is never read
tx_tso_hdr_len = rocker_tlv_get_le16(tlvs[ROCKER_TLV_TX_TSO_HDR_LEN]);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
hw/net/rocker/rocker.c:255:9: warning: Value stored to 'tx_l3_csum_off' is never read
tx_l3_csum_off += tx_tso_mss = tx_tso_hdr_len = 0;
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fix warning reported by Clang static code analyzer:
hw/display/qxl.c:1634:14: warning: Value stored to 'orig_io_port' during its initialization is never read
uint32_t orig_io_port = io_port;
^~~~~~~~~~~~ ~~~~~~~
Michal Privoznik [Fri, 14 Feb 2020 09:55:19 +0000 (10:55 +0100)]
Report stringified errno in VFIO related errors
In a few places we report errno formatted as a negative integer.
This is not as user friendly as it can be. Use strerror() and/or
error_setg_errno() instead.
Peter Maydell [Tue, 18 Feb 2020 14:23:43 +0000 (14:23 +0000)]
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
Block layer patches:
- Fix check_to_replace_node()
- commit: Expose on-error option in QMP
- qcow2: Fix qcow2_alloc_cluster_abort() for external data file
- mirror: Fix deadlock
- vvfat: Fix segfault while closing read-write node
- Code cleanups
# gpg: Signature made Tue 18 Feb 2020 14:04:43 GMT
# gpg: using RSA key 7F09B272C88F2FD6
# gpg: Good signature from "Kevin Wolf <[email protected]>" [full]
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74 56FE 7F09 B272 C88F 2FD6
* remotes/kevin/tags/for-upstream: (36 commits)
iotests: Check that @replaces can replace filters
iotests: Add tests for invalid Quorum @replaces
iotests: Use self.image_len in TestRepairQuorum
iotests: Resolve TODOs in 041
iotests/041: Drop superfluous shutdowns
iotests: Add VM.assert_block_path()
iotests: Use complete_and_wait() in 155
quorum: Stop marking it as a filter
mirror: Double-check immediately before replacing
block: Remove bdrv_recurse_is_first_non_filter()
block: Use bdrv_recurse_can_replace()
quorum: Implement .bdrv_recurse_can_replace()
blkverify: Implement .bdrv_recurse_can_replace()
block: Add bdrv_recurse_can_replace()
quorum: Fix child permissions
iotests: Let 041 use -blockdev for quorum children
block: Drop bdrv_is_first_non_filter()
blockdev: Allow resizing everywhere
blockdev: Allow external snapshots everywhere
block/io_uring: Remove superfluous semicolon
...
projects / qemu.git / log