diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2016-04-08 10:25:22 +0100 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2016-04-08 10:25:22 +0100 |
| commit | 28ee01269e910c68fb75ff780c9d84e0c34e0d66 (patch) | |
| tree | c875d6ec0887fba0e4d70e2d3d3b876331a97d7f | |
| parent | ead5268f2166101f7dde70598c9f538a90afd8ee (diff) | |
| parent | 44d066a2f770ee9d61fd1c2a609bdf2a994dfdf7 (diff) | |
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
* NBD fixes from Alex and Eric
* Debug code bitrot from Emilio
* HPET fix from Bill
* ps2kbd fix from Hervé
* PKU fix from myself
* Coverity fixes from Gonglei
* More memory.txt update from Jiangang
* .gitignore maintenance from Changlong
# gpg: Signature made Thu 07 Apr 2016 23:08:12 BST using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>"
* remotes/bonzini/tags/for-upstream:
target-i386: check for PKU even for non-writable pages
tests: ignore test-logging
translate-all: add missing fold of tb_ctx into tcg_ctx
hostmem-file: fix memory leak
spapr: fix possible Negative array index read
nbd: do not hang nbd_wr_syncv if outside a coroutine and no available data
nbd: Don't kill server when client requests unknown option
nbd: Fix NBD unsupported options
qemu-nbd: Document -x option
nbd: Improve debug traces on little-endian
nbd: Avoid bitrot in TRACE() usage
nbd: Return correct error for write to read-only export
docs: fix typo in memory.txt
hw/timer: Revert "hpet: inverse polarity when pin above ISA_NUM_IRQS"
ps2kbd: default to scancode_set 2, as with KBD_CMD_RESET
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| -rw-r--r-- | backends/hostmem-file.c | 5 | ||||
| -rw-r--r-- | docs/memory.txt | 8 | ||||
| -rw-r--r-- | hw/input/ps2.c | 2 | ||||
| -rw-r--r-- | hw/ppc/spapr.c | 4 | ||||
| -rw-r--r-- | hw/timer/hpet.c | 14 | ||||
| -rw-r--r-- | nbd/client.c | 63 | ||||
| -rw-r--r-- | nbd/common.c | 5 | ||||
| -rw-r--r-- | nbd/nbd-internal.h | 15 | ||||
| -rw-r--r-- | nbd/server.c | 11 | ||||
| -rw-r--r-- | qemu-nbd.c | 1 | ||||
| -rw-r--r-- | target-i386/helper.c | 18 | ||||
| -rw-r--r-- | tests/.gitignore | 1 | ||||
| -rw-r--r-- | translate-all.c | 3 |
13 files changed, 99 insertions, 51 deletions
diff --git a/backends/hostmem-file.c b/backends/hostmem-file.c index c70f268d6f..b17a1f10a2 100644 --- a/backends/hostmem-file.c +++ b/backends/hostmem-file.c @@ -52,11 +52,14 @@ file_backend_memory_alloc(HostMemoryBackend *backend, Error **errp) error_setg(errp, "-mem-path not supported on this host"); #else if (!memory_region_size(&backend->mr)) { + gchar *path; backend->force_prealloc = mem_prealloc; + path = object_get_canonical_path(OBJECT(backend)); memory_region_init_ram_from_file(&backend->mr, OBJECT(backend), - object_get_canonical_path(OBJECT(backend)), + path, backend->size, fb->share, fb->mem_path, errp); + g_free(path); } #endif } diff --git a/docs/memory.txt b/docs/memory.txt index f9272ca969..431d9ca88f 100644 --- a/docs/memory.txt +++ b/docs/memory.txt @@ -185,9 +185,9 @@ an MMIO region mapped at 0x0, size 0x6000, priority 1. B currently has two of its own subregions: D of size 0x1000 at offset 0 and E of size 0x1000 at offset 0x2000. As a diagram: - 0 1000 2000 3000 4000 5000 6000 7000 8000 - |------|------|------|------|------|------|------|-------| - A: [ ] + 0 1000 2000 3000 4000 5000 6000 7000 8000 + |------|------|------|------|------|------|------|------| + A: [ ] C: [CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC] B: [ ] D: [DDDDD] @@ -247,7 +247,7 @@ system_memory: container@0-2^48-1 | +---- himem: alias@0x100000000-0x11fffffff ---> #ram (0xe0000000-0xffffffff) | - +---- vga-window: alias@0xa0000-0xbfffff ---> #pci (0xa0000-0xbffff) + +---- vga-window: alias@0xa0000-0xbffff ---> #pci (0xa0000-0xbffff) | (prio 1) | +---- pci-hole: alias@0xe0000000-0xffffffff ---> #pci (0xe0000000-0xffffffff) diff --git a/hw/input/ps2.c b/hw/input/ps2.c index 58892d5ecd..a8aa36f5c0 100644 --- a/hw/input/ps2.c +++ b/hw/input/ps2.c @@ -628,7 +628,7 @@ static void ps2_kbd_reset(void *opaque) ps2_common_reset(&s->common); s->scan_enabled = 0; s->translate = 0; - s->scancode_set = 0; + s->scancode_set = 2; } static void ps2_mouse_reset(void *opaque) diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c index e7be21e678..feaab08c3d 100644 --- a/hw/ppc/spapr.c +++ b/hw/ppc/spapr.c @@ -2208,6 +2208,10 @@ static void spapr_machine_device_plug(HotplugHandler *hotplug_dev, if (*errp) { return; } + if (node < 0 || node >= MAX_NODES) { + error_setg(errp, "Invaild node %d", node); + return; + } /* * Currently PowerPC kernel doesn't allow hot-adding memory to diff --git a/hw/timer/hpet.c b/hw/timer/hpet.c index 78140e6092..a2c18b30c3 100644 --- a/hw/timer/hpet.c +++ b/hw/timer/hpet.c @@ -201,12 +201,7 @@ static void update_irq(struct HPETTimer *timer, int set) if (!set || !timer_enabled(timer) || !hpet_enabled(timer->state)) { s->isr &= ~mask; if (!timer_fsb_route(timer)) { - /* fold the ICH PIRQ# pin's internal inversion logic into hpet */ - if (route >= ISA_NUM_IRQS) { - qemu_irq_raise(s->irqs[route]); - } else { - qemu_irq_lower(s->irqs[route]); - } + qemu_irq_lower(s->irqs[route]); } } else if (timer_fsb_route(timer)) { address_space_stl_le(&address_space_memory, timer->fsb >> 32, @@ -214,12 +209,7 @@ static void update_irq(struct HPETTimer *timer, int set) NULL); } else if (timer->config & HPET_TN_TYPE_LEVEL) { s->isr |= mask; - /* fold the ICH PIRQ# pin's internal inversion logic into hpet */ - if (route >= ISA_NUM_IRQS) { - qemu_irq_lower(s->irqs[route]); - } else { - qemu_irq_raise(s->irqs[route]); - } + qemu_irq_raise(s->irqs[route]); } else { s->isr &= ~mask; qemu_irq_pulse(s->irqs[route]); diff --git a/nbd/client.c b/nbd/client.c index d9b7a9b07e..6777e589d1 100644 --- a/nbd/client.c +++ b/nbd/client.c @@ -73,16 +73,46 @@ static QTAILQ_HEAD(, NBDExport) exports = QTAILQ_HEAD_INITIALIZER(exports); */ -static int nbd_handle_reply_err(uint32_t opt, uint32_t type, Error **errp) +/* If type represents success, return 1 without further action. + * If type represents an error reply, consume the rest of the packet on ioc. + * Then return 0 for unsupported (so the client can fall back to + * other approaches), or -1 with errp set for other errors. + */ +static int nbd_handle_reply_err(QIOChannel *ioc, uint32_t opt, uint32_t type, + Error **errp) { + uint32_t len; + char *msg = NULL; + int result = -1; + if (!(type & (1 << 31))) { - return 0; + return 1; + } + + if (read_sync(ioc, &len, sizeof(len)) != sizeof(len)) { + error_setg(errp, "failed to read option length"); + return -1; + } + len = be32_to_cpu(len); + if (len) { + if (len > NBD_MAX_BUFFER_SIZE) { + error_setg(errp, "server's error message is too long"); + goto cleanup; + } + msg = g_malloc(len + 1); + if (read_sync(ioc, msg, len) != len) { + error_setg(errp, "failed to read option error message"); + goto cleanup; + } + msg[len] = '\0'; } switch (type) { case NBD_REP_ERR_UNSUP: - error_setg(errp, "Unsupported option type %x", opt); - break; + TRACE("server doesn't understand request %d, attempting fallback", + opt); + result = 0; + goto cleanup; case NBD_REP_ERR_POLICY: error_setg(errp, "Denied by server for option %x", opt); @@ -101,7 +131,13 @@ static int nbd_handle_reply_err(uint32_t opt, uint32_t type, Error **errp) break; } - return -1; + if (msg) { + error_append_hint(errp, "%s\n", msg); + } + + cleanup: + g_free(msg); + return result; } static int nbd_receive_list(QIOChannel *ioc, char **name, Error **errp) @@ -111,6 +147,7 @@ static int nbd_receive_list(QIOChannel *ioc, char **name, Error **errp) uint32_t type; uint32_t len; uint32_t namelen; + int error; *name = NULL; if (read_sync(ioc, &magic, sizeof(magic)) != sizeof(magic)) { @@ -138,11 +175,9 @@ static int nbd_receive_list(QIOChannel *ioc, char **name, Error **errp) return -1; } type = be32_to_cpu(type); - if (type == NBD_REP_ERR_UNSUP) { - return 0; - } - if (nbd_handle_reply_err(opt, type, errp) < 0) { - return -1; + error = nbd_handle_reply_err(ioc, opt, type, errp); + if (error <= 0) { + return error; } if (read_sync(ioc, &len, sizeof(len)) != sizeof(len)) { @@ -628,16 +663,16 @@ ssize_t nbd_send_request(QIOChannel *ioc, struct nbd_request *request) uint8_t buf[NBD_REQUEST_SIZE]; ssize_t ret; + TRACE("Sending request to server: " + "{ .from = %" PRIu64", .len = %u, .handle = %" PRIu64", .type=%i}", + request->from, request->len, request->handle, request->type); + cpu_to_be32w((uint32_t*)buf, NBD_REQUEST_MAGIC); cpu_to_be32w((uint32_t*)(buf + 4), request->type); cpu_to_be64w((uint64_t*)(buf + 8), request->handle); cpu_to_be64w((uint64_t*)(buf + 16), request->from); cpu_to_be32w((uint32_t*)(buf + 24), request->len); - TRACE("Sending request to server: " - "{ .from = %" PRIu64", .len = %u, .handle = %" PRIu64", .type=%i}", - request->from, request->len, request->handle, request->type); - ret = write_sync(ioc, buf, sizeof(buf)); if (ret < 0) { return ret; diff --git a/nbd/common.c b/nbd/common.c index a44718ce58..8ddb2dd2f0 100644 --- a/nbd/common.c +++ b/nbd/common.c @@ -50,9 +50,12 @@ ssize_t nbd_wr_syncv(QIOChannel *ioc, * qio_channel_yield() that works with AIO contexts * and consider using that in this branch */ qemu_coroutine_yield(); - } else { + } else if (done) { + /* XXX this is needed by nbd_reply_ready. */ qio_channel_wait(ioc, do_read ? G_IO_IN : G_IO_OUT); + } else { + return -EAGAIN; } continue; } diff --git a/nbd/nbd-internal.h b/nbd/nbd-internal.h index d09b4ee308..379153561d 100644 --- a/nbd/nbd-internal.h +++ b/nbd/nbd-internal.h @@ -33,18 +33,21 @@ /* #define DEBUG_NBD */ #ifdef DEBUG_NBD -#define TRACE(msg, ...) do { \ - LOG(msg, ## __VA_ARGS__); \ -} while(0) +#define DEBUG_NBD_PRINT 1 #else -#define TRACE(msg, ...) \ - do { } while (0) +#define DEBUG_NBD_PRINT 0 #endif +#define TRACE(msg, ...) do { \ + if (DEBUG_NBD_PRINT) { \ + LOG(msg, ## __VA_ARGS__); \ + } \ +} while (0) + #define LOG(msg, ...) do { \ fprintf(stderr, "%s:%s():L%d: " msg "\n", \ __FILE__, __FUNCTION__, __LINE__, ## __VA_ARGS__); \ -} while(0) +} while (0) /* This is all part of the "official" NBD API. * diff --git a/nbd/server.c b/nbd/server.c index b95571bdf5..2a4dd10f52 100644 --- a/nbd/server.c +++ b/nbd/server.c @@ -26,6 +26,7 @@ static int system_errno_to_nbd_errno(int err) case 0: return NBD_SUCCESS; case EPERM: + case EROFS: return NBD_EPERM; case EIO: return NBD_EIO; @@ -482,9 +483,12 @@ static int nbd_negotiate_options(NBDClient *client) return -EINVAL; default: TRACE("Unsupported option 0x%x", clientflags); + if (nbd_negotiate_drop_sync(client->ioc, length) != length) { + return -EIO; + } nbd_negotiate_send_rep(client->ioc, NBD_REP_ERR_UNSUP, clientflags); - return -EINVAL; + break; } } else { /* @@ -655,6 +659,9 @@ static ssize_t nbd_send_reply(QIOChannel *ioc, struct nbd_reply *reply) reply->error = system_errno_to_nbd_errno(reply->error); + TRACE("Sending response to client: { .error = %d, handle = %" PRIu64 " }", + reply->error, reply->handle); + /* Reply [ 0 .. 3] magic (NBD_REPLY_MAGIC) [ 4 .. 7] error (0 == no error) @@ -664,8 +671,6 @@ static ssize_t nbd_send_reply(QIOChannel *ioc, struct nbd_reply *reply) stl_be_p(buf + 4, reply->error); stq_be_p(buf + 8, reply->handle); - TRACE("Sending response to client"); - ret = write_sync(ioc, buf, sizeof(buf)); if (ret < 0) { return ret; diff --git a/qemu-nbd.c b/qemu-nbd.c index ca4a724d25..c2e4d3f64c 100644 --- a/qemu-nbd.c +++ b/qemu-nbd.c @@ -75,6 +75,7 @@ static void usage(const char *name) " -e, --shared=NUM device can be shared by NUM clients (default '1')\n" " -t, --persistent don't exit on the last connection\n" " -v, --verbose display extra debugging information\n" +" -x, --export-name=NAME expose export by name\n" "\n" "Exposing part of the image:\n" " -o, --offset=OFFSET offset into the image\n" diff --git a/target-i386/helper.c b/target-i386/helper.c index 575583942a..bf3e76207e 100644 --- a/target-i386/helper.c +++ b/target-i386/helper.c @@ -919,29 +919,31 @@ do_check_protect_pse36: !((env->cr[4] & CR4_SMEP_MASK) && (ptep & PG_USER_MASK)))) { prot |= PAGE_EXEC; } - - if ((prot & (1 << is_write1)) == 0) { - goto do_fault_protect; - } - if ((env->cr[4] & CR4_PKE_MASK) && (env->hflags & HF_LMA_MASK) && (ptep & PG_USER_MASK) && env->pkru) { uint32_t pk = (pte & PG_PKRU_MASK) >> PG_PKRU_BIT; uint32_t pkru_ad = (env->pkru >> pk * 2) & 1; uint32_t pkru_wd = (env->pkru >> pk * 2) & 2; + uint32_t pkru_prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC; if (pkru_ad) { - prot &= ~(PAGE_READ | PAGE_WRITE); + pkru_prot &= ~(PAGE_READ | PAGE_WRITE); } else if (pkru_wd && (is_user || env->cr[0] & CR0_WP_MASK)) { - prot &= ~PAGE_WRITE; + pkru_prot &= ~PAGE_WRITE; } - if ((prot & (1 << is_write1)) == 0) { + + prot &= pkru_prot; + if ((pkru_prot & (1 << is_write1)) == 0) { assert(is_write1 != 2); error_code |= PG_ERROR_PK_MASK; goto do_fault_protect; } } + if ((prot & (1 << is_write1)) == 0) { + goto do_fault_protect; + } + /* yes, it can! */ is_dirty = is_write && !(pte & PG_DIRTY_MASK); if (!(pte & PG_ACCESSED_MASK) || is_dirty) { diff --git a/tests/.gitignore b/tests/.gitignore index b7bf13ed27..9eed22988b 100644 --- a/tests/.gitignore +++ b/tests/.gitignore @@ -39,6 +39,7 @@ test-io-channel-file.txt test-io-channel-socket test-io-channel-tls test-io-task +test-logging test-mul64 test-opts-visitor test-qapi-event.[ch] diff --git a/translate-all.c b/translate-all.c index b4df1ec68f..8329ea60ee 100644 --- a/translate-all.c +++ b/translate-all.c @@ -861,7 +861,8 @@ static void tb_invalidate_check(target_ulong address) address &= TARGET_PAGE_MASK; for (i = 0; i < CODE_GEN_PHYS_HASH_SIZE; i++) { - for (tb = tb_ctx.tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) { + for (tb = tcg_ctx.tb_ctx.tb_phys_hash[i]; tb != NULL; + tb = tb->phys_hash_next) { if (!(address + TARGET_PAGE_SIZE <= tb->pc || address >= tb->pc + tb->size)) { printf("ERROR invalidate: address=" TARGET_FMT_lx |