aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-08-04target/arm: Implement new do_transaction_failed hooktxfailPeter Maydell
Implement the new do_transaction_failed hook for ARM, which should cause the CPU to take a prefetch abort or data abort. Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-08-04target/arm: Allow deliver_fault() caller to specify EA bitPeter Maydell
For external aborts, we will want to be able to specify the EA (external abort type) bit in the syndrome field. Allow callers of deliver_fault() to do that by adding a field to ARMMMUFaultInfo which we use when constructing the syndrome values. Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-08-04target/arm: Factor out fault delivery codePeter Maydell
We currently have some similar code in tlb_fill() and in arm_cpu_do_unaligned_access() for delivering a data abort or prefetch abort. We're also going to want to do the same thing to handle external aborts. Factor out the common code into a new function deliver_fault(). Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-08-04hw/arm: Set ignore_memory_transaction_failures for most ARM boardsPeter Maydell
Set the MachineClass flag ignore_memory_transaction_failures for almost all ARM boards. This means they retain the legacy behaviour that accesses to unimplemented addresses will RAZ/WI rather than aborting, when a subsequent commit adds support for external aborts. The exceptions are: * virt -- we know that guests won't try to prod devices that we don't describe in the device tree or ACPI tables * mps2 -- this board was written to use unimplemented-device for all the ranges with devices we don't yet handle New boards should not set the flag, but instead be written like the mps2. Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-08-04boards.h: Define new flag ignore_memory_transaction_failuresPeter Maydell
Define a new MachineClass field ignore_memory_transaction_failures. If this is flag is true then the CPU will ignore memory transaction failures which should cause the CPU to take an exception due to an access to an unassigned physical address; the transaction will instead return zero (for a read) or be ignored (for a write). This should be set only by legacy board models which rely on the old RAZ/WI behaviour for handling devices that QEMU does not yet model. New board models should instead use "unimplemented-device" for all memory ranges where the guest will attempt to probe for a device that QEMU doesn't implement and a stub device is required. We need this for ARM boards, where we're about to implement support for generating external aborts on memory transaction failures. Too many of our legacy board models rely on the RAZ/WI behaviour and we would break currently working guests when their "probe for device" code provoked an external abort rather than a RAZ. Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-08-04cputlb: Support generating CPU exceptions on memory transaction failuresPeter Maydell
Call the new cpu_transaction_failed() hook at the places where CPU generated code interacts with the memory system: io_readx() io_writex() get_page_addr_code() Any access from C code (eg via cpu_physical_memory_rw(), address_space_rw(), ld/st_*_phys()) will *not* trigger CPU exceptions via cpu_transaction_failed(). Handling for transactions failures for this kind of call should be done by using a function which returns a MemTxResult and treating the failure case appropriately in the calling code. In an ideal world we would not generate CPU exceptions for instruction fetch failures in get_page_addr_code() but instead wait until the code translation process tried a load and it failed; however that change would require too great a restructuring and redesign to attempt at this point. Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-08-02cpu: Define new cpu_transaction_failed() hookPeter Maydell
Currently we have a rather half-baked setup for allowing CPUs to generate exceptions on accesses to invalid memory: the CPU has a cpu_unassigned_access() hook which the memory system calls in unassigned_mem_write() and unassigned_mem_read() if the current_cpu pointer is non-NULL. This was originally designed before we implemented the MemTxResult type that allows memory operations to report a success or failure code, which is why the hook is called right at the bottom of the memory system. The major problem with this is that it means that the hook can be called even when the access was not actually done by the CPU: for instance if the CPU writes to a DMA engine register which causes the DMA engine to begin a transaction which has been set up by the guest to operate on invalid memory then this will casue the CPU to take an exception incorrectly. Another minor problem is that currently if a device returns a transaction error then this won't turn into a CPU exception at all. The right way to do this is to have allow the CPU to respond to memory system transaction failures at the point where the CPU specific code calls into the memory system. Define a new QOM CPU method and utility function cpu_transaction_failed() which is called in these cases. The functionality here overlaps with the existing cpu_unassigned_access() because individual target CPUs will need some work to convert them to the new system. When this transition is complete we can remove the old cpu_unassigned_access() code. Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-08-02memory.h: Move MemTxResult type to memattrs.hPeter Maydell
Move the MemTxResult type to memattrs.h. We're going to want to use it in cpu/qom.h, which doesn't want to include all of memory.h. In practice MemTxResult and MemTxAttrs are pretty closely linked since both are used for the new-style read_with_attrs and write_with_attrs callbacks, so memattrs.h is a reasonable home for this rather than creating a whole new header file for it. Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-08-02Update version for v2.10.0-rc1 releasePeter Maydell
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-08-02tests/hmp: Fix typo in the 'chardev-send-break' testThomas Huth
testchardev2 is not a valid chardev id here. Use testchardev1 instead which has been created with chardev-add right before the 'chardev-send-break' line. And while we're at it, add the test-hmp.c file to the MAINTAINERS file, too. Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Message-id: 1501149097-19071-1-git-send-email-thuth@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-08-02Merge remote-tracking branch ↵Peter Maydell
'remotes/dgilbert/tags/pull-migration-20170802a' into staging Migration pull 2017-08-02 Just minor fixes for 2.10 # gpg: Signature made Wed 02 Aug 2017 14:55:21 BST # gpg: using RSA key 0x0516331EBC5BFDE7 # gpg: Good signature from "Dr. David Alan Gilbert (RH2) <dgilbert@redhat.com>" # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 45F5 C71B 4A0C B7FB 977A 9FA9 0516 331E BC5B FDE7 * remotes/dgilbert/tags/pull-migration-20170802a: io: fix qio_channel_socket_accept err handling migration: fix comment disorder in RAMState migration: fix small leaks Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-08-02io: fix qio_channel_socket_accept err handlingPeter Xu
When accept failed, we should setup errp with the reason. More importantly, the caller may assume errp be non-NULL when error happens, and not setting the errp may crash QEMU. At the same time, move the trace_qio_channel_socket_accept_fail() after the if check on EINTR. Two reasons: 1. when EINTR happened, it's not really a fault (we should just try again), so we should not log with an "accept failure". 2. trace_*() functions may overwrite errno, then the old errno will be missing. We need to either check errno before trace_*() calls, or reserve the errno. Signed-off-by: Peter Xu <peterx@redhat.com> Message-Id: <1501666880-10159-3-git-send-email-peterx@redhat.com> Reviewed-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2017-08-02migration: fix comment disorder in RAMStatePeter Xu
Comments for "migration_dirty_pages" and "bitmap_mutex" are switched. Fix it. Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Peter Xu <peterx@redhat.com> Message-Id: <1501666880-10159-2-git-send-email-peterx@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2017-08-02migration: fix small leaksMarc-André Lureau
Spotted thanks to valgrind and tests/device-introspect-test: ==11711== 1 bytes in 1 blocks are definitely lost in loss record 6 of 14,537 ==11711== at 0x4C2EB6B: malloc (vg_replace_malloc.c:299) ==11711== by 0x1E0CDBD8: g_malloc (gmem.c:94) ==11711== by 0x1E0E696E: g_strdup (gstrfuncs.c:363) ==11711== by 0x695693: migration_instance_init (migration.c:2226) ==11711== by 0x717C4B: object_init_with_type (object.c:344) ==11711== by 0x717E80: object_initialize_with_type (object.c:375) ==11711== by 0x7182EB: object_new_with_type (object.c:483) ==11711== by 0x718328: object_new (object.c:493) ==11711== by 0x4B8A29: qmp_device_list_properties (qmp.c:542) ==11711== by 0x4A9561: qmp_marshal_device_list_properties (qmp-marshal.c:1425) ==11711== by 0x819D4A: do_qmp_dispatch (qmp-dispatch.c:104) ==11711== by 0x819E82: qmp_dispatch (qmp-dispatch.c:131) Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20170801160419.14180-1-marcandre.lureau@redhat.com> Reviewed-by: Peter Xu <peterx@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2017-08-02Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into stagingPeter Maydell
pc, acpi, virtio: fixes, test speedup for rc1 Some fixes all over the place. Notably vhost-user gained a new message to set endian-ness. Borderline for 2.10 but seems to be the only way to fix legacy guests. Also pc tests are run on kvm now. Not a fix at all but doesn't touch qemu itself, so I merged it since I had to run these a lot and I just got tired of waiting for these to finish. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> # gpg: Signature made Tue 01 Aug 2017 22:36:47 BST # gpg: using RSA key 0x281F0DB8D28D5469 # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67 # Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469 * remotes/mst/tags/for_upstream: pc: acpi: force FADT rev1 for 440fx based machine types pc: make 'pc.rom' readonly when machine has PCI enabled vhost-user: fix watcher need be removed when vhost-user hotplug tests/bios-tables-test: Compiler warning fix accel: cleanup error output intel_iommu: use access_flags for iotlb intel_iommu: fix iova for pt vhost-user: fix legacy cross-endian configurations vhost: fix a memory leak tests: switch pxe and vm gen id tests to use kvm Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-08-02pc: acpi: force FADT rev1 for 440fx based machine typesIgor Mammedov
w2k used to boot on QEMU until revision of FADT has been bumped to rev3 (commit 77af8a2b hw/i386: Use Rev3 FADT (ACPI 2.0) instead of Rev1 to improve guest OS support.) Keep PC machine at rev1 to remain compatible and Q35 at rev3 where w2k isn't supported anyway so OSX could run as well. Signed-off-by: Igor Mammedov <imammedo@redhat.com> Tested-by: John Arbuckle <programmingkidx@gmail.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2017-08-02pc: make 'pc.rom' readonly when machine has PCI enabledIgor Mammedov
looking at bios ROM mapping in QEMU it seems that only isapc (i.e. not PCI enabled machine) requires ROM being mapped as RW in other cases BIOS is mapped as RO. Do the same for option ROM 'pc.rom' when machine has PCI enabled. As useful side-effect pc.rom MemoryRegion stops being put in vhost memory map (filtered out by vhost_section()), which reduces number of entries by 1. Coincidentally it fixes migration failure reported in "[PATCH V2] vhost: fix a migration failed because of vhost region merge" where following destination CLI with /sys/module/vhost/parameters/max_mem_regions = 8 export DIMMSCOUNT=6 QEMU -enable-kvm \ -netdev type=tap,id=guest0,vhost=on,script=no,vhostforce \ -device virtio-net-pci,netdev=guest0 \ -m 256,slots=256,maxmem=2G \ `i=0; while [ $i -lt $DIMMSCOUNT ]; do echo \ "-object memory-backend-ram,id=m$i,size=128M \ -device pc-dimm,id=d$i,memdev=m$i"; i=$(($i + 1)); \ done` will fail to startup with error: "-device pc-dimm,id=d5,memdev=m5: a used vhost backend has no free memory slots left" while it's possible to add the 6th DIMM during hotplug on source. Issue is caused by the fact that number of entries in vhost map is bigger on 1 entry, when -device is processed, than after guest boots up, and that offending entry belongs to 'pc.rom', it's not like vhost intends to do IO in ROM range so making it RO hides region from vhost and makes number of entries in vhost memory map at -device/machine_done time match number of entries after guest boots. Signed-off-by: Igor Mammedov <imammedo@redhat.com> Reported-by: Peng Hao <peng.hao2@zte.com.cn> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2017-08-02vhost-user: fix watcher need be removed when vhost-user hotplugYunjian Wang
"nc" is freed after hotplug vhost-user, but the watcher is not removed. The QEMU crash when the watcher access the "nc" when socket disconnects. Program received signal SIGSEGV, Segmentation fault. #0 object_get_class (obj=obj@entry=0x2) at qom/object.c:750 #1 0x00007f9bb4180da1 in qemu_chr_fe_disconnect (be=<optimized out>) at chardev/char-fe.c:372 #2 0x00007f9bb40d1100 in net_vhost_user_watch (chan=<optimized out>, cond=<optimized out>, opaque=<optimized out>) at net/vhost-user.c:188 #3 0x00007f9baf97f99a in g_main_context_dispatch () from /usr/lib64/libglib-2.0.so.0 #4 0x00007f9bb41d7ebc in glib_pollfds_poll () at util/main-loop.c:213 #5 os_host_main_loop_wait (timeout=<optimized out>) at util/main-loop.c:261 #6 main_loop_wait (nonblocking=nonblocking@entry=0) at util/main-loop.c:515 #7 0x00007f9bb3e266a7 in main_loop () at vl.c:1917 #8 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4786 Signed-off-by: Yunjian Wang <wangyunjian@huawei.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2017-08-02tests/bios-tables-test: Compiler warning fixDr. David Alan Gilbert
gcc 7.1.1 in fedora 26 moans about the: tables = g_new0(uint32_t, tables_nr) because it can't convince itself that tables_nr is positive. This is fallout from g_assert_cmpint no longer necessarily being no-return; replace it with a plain g_assert. Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
2017-08-02accel: cleanup error outputLaurent Vivier
Only emit "XXX accelerator not found", if there are not further accelerators listed. eg accel=kvm:tcg doesn't print a "KVM accelerator not found" warning when it falls back to tcg, but a accel=kvm prints a warning, since no fallback is given. Suggested-by: Daniel P. Berrange <berrange@redhat.com> Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Tested-by: Thomas Huth <thuth@redhat.com>
2017-08-02intel_iommu: use access_flags for iotlbPeter Xu
It was cached by read/write separately. Let's merge them. Signed-off-by: Peter Xu <peterx@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2017-08-02intel_iommu: fix iova for ptPeter Xu
IOMMUTLBEntry.iova is returned incorrectly on one PT path (though mostly we cannot really trigger this path, even if we do, we are mostly disgarding this value, so it didn't break anything). Fix it by converting the VTD_PAGE_MASK into the correct definition VTD_PAGE_MASK_4K, then remove VTD_PAGE_MASK. Fixes: b93130 ("intel_iommu: cleanup vtd_{do_}iommu_translate()") Signed-off-by: Peter Xu <peterx@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2017-08-02vhost-user: fix legacy cross-endian configurationsFelipe Franciosi
Currently, vhost-user does not implement any means for notifying the backend about guest endianess. This commit introduces a new message called VHOST_USER_SET_VRING_ENDIAN which is analogous to the ioctl() called VHOST_SET_VRING_ENDIAN used for kernel vhost backends. Such message is necessary for backends supporting legacy (pre-1.0) virtio devices running in big-endian guests. Signed-off-by: Felipe Franciosi <felipe@nutanix.com> Signed-off-by: Mike Cui <cui@nutanix.com>
2017-08-02vhost: fix a memory leakPeng Hao
vhost exists a call for g_file_get_contents, but not call g_free. Signed-off-by: Peng Hao<peng.hao2@zte.com.cn> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2017-08-02tests: switch pxe and vm gen id tests to use kvmMichael S. Tsirkin
Speed up tests on host systems with kvm support. Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Thomas Huth <thuth@redhat.com> Cc: Laurent Vivier <lvivier@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Acked-by: Paolo Bonzini <pbonzini@redhat.com>
2017-08-01Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell
* Xen fix (Anthony) * chardev fixes (Anton, Marc-André) * small dead code removal (Zhongyi) * documentation (Dan) * bugfixes (David) * decrease migration downtime (Jay) * improved error output (Laurent) * RTC tests and bugfix (me) * Bluetooth clang analyzer fix (me) * KVM CPU hotplug race (Peng Hao) * Two other patches from Philippe's clang analyzer series # gpg: Signature made Tue 01 Aug 2017 16:56:21 BST # gpg: using RSA key 0xBFFBD25F78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini/tags/for-upstream: mc146818rtc: implement UIP latching as intended mc146818rtc: simplify check_update_timer rtc-test: introduce more update tests rtc-test: cleanup register_b_set_flag test hw/scsi/vmw_pvscsi: Convert to realize hw/scsi/vmw_pvscsi: Remove the dead error handling migration: optimize the downtime qemu-options: document existance of versioned machine types bt: stop the sdp memory allocation craziness exec: Add lock parameter to qemu_ram_ptr_length target-i386: kvm_get/put_vcpu_events don't handle sipi_vector docs: document deprecation policy & deprecated features in appendix char: don't exit on hmp 'chardev-add help' char-fd: remove useless chr pointer accel: cleanup error output cpu_physical_memory_sync_dirty_bitmap: Fix alignment check vl.c/exit: pause cpus before closing block devices Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-08-01Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into stagingPeter Maydell
Block layer patches for 2.10.0-rc1 # gpg: Signature made Tue 01 Aug 2017 17:10:52 BST # gpg: using RSA key 0x7F09B272C88F2FD6 # gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" # Primary key fingerprint: DC3D EB15 9A9A F95D 3D74 56FE 7F09 B272 C88F 2FD6 * remotes/kevin/tags/for-upstream: block/qapi: Remove redundant NULL check to silence Coverity qemu-iotests/059: Fix leaked image files qemu-iotests/063: Fix leaked image qemu-iotests/162: Fix leaked temporary files qemu-iotests/153: Fix leaked scratch images qemu-iotests/141: Fix image cleanup qemu-iotests: Remove blkdebug.conf after tests qemu-iotests/041: Fix leaked scratch images block: fix leaks in bdrv_open_driver() block: fix dangling bs->explicit_options in block.c iotests: Add test of recent fix to 'qemu-img measure' iotests: Check dirty bitmap statistics in 124 iotests: Redirect stderr to stdout in 186 iotests: Fix test 156 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-08-01block/qapi: Remove redundant NULL check to silence CoverityKevin Wolf
When skipping implicit nodes in bdrv_block_device_info(), we know that bs0 is always non-NULL; initially, because it's taken from a BdrvChild and a BdrvChild never has a NULL bs, and after the first iteration because implicit nodes always have a backing file. Remove the NULL check and add an assertion that the implicit node does indeed have a backing file. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Jeff Cody <jcody@redhat.com>
2017-08-01qemu-iotests/059: Fix leaked image filesKevin Wolf
qemu-iotests 059 left a whole lot of image files behind in the scratch directory because VMDK creates additional files for extents and cleaning them up requires the original image intact (it parses qemu-img info output to find all extent files), but the image overwrote it many times like it works for all other image formats. In addition, _use_sample_img overwrites the TEST_IMG variable, causing new images created afterwards to reuse the name of the sample file rather than the usual t.IMGFMT. This patch adds an intermediate _cleanup_test_img after each subtest that created an image file with additional extent files, and also after each use of a sample image. _cleanup_test_img is also changed so that it resets TEST_IMG after a sample image is cleaned up. Note that this test was failing before this commit and continues to do so after it. This failure was introduced in commit 9877860 ('block/vmdk: Report failures in vmdk_read_cid()') and needs to be dealt with separately. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Jeff Cody <jcody@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2017-08-01qemu-iotests/063: Fix leaked imageKevin Wolf
qemu-iotests 063 left t.raw.raw1 behind in the scratch directory because it used the wrong suffix. Make sure to clean it up after completing the test. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Jeff Cody <jcody@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2017-08-01qemu-iotests/162: Fix leaked temporary filesKevin Wolf
qemu-iotests 162 left qemu-nbd.pid behind in the scratch directory, and potentially a file called '42' in the current directory. Make sure to clean it up after completing the tests. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Jeff Cody <jcody@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2017-08-01qemu-iotests/153: Fix leaked scratch imagesKevin Wolf
qemu-iotests 153 left t.qcow2.c behind in the scratch directory. Make sure to clean it up after completing the tests. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Jeff Cody <jcody@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2017-08-01qemu-iotests/141: Fix image cleanupKevin Wolf
qemu-iotests 141 attempted to use brace expansion to remove all images with a single command. However, for this to work, the braces shouldn't be quoted. With this fix, the tests correctly cleans up its scratch images. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Jeff Cody <jcody@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2017-08-01qemu-iotests: Remove blkdebug.conf after testsKevin Wolf
qemu-iotests 074 and 179 left a blkdebug.conf behind in the scratch directory. Make sure to clean up after completing the tests. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Jeff Cody <jcody@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2017-08-01qemu-iotests/041: Fix leaked scratch imagesKevin Wolf
qemu-iotests 041 left quorum_snapshot.img and target.img behind in the scratch directory. Make sure to clean up after completing the tests. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Jeff Cody <jcody@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2017-08-01block: fix leaks in bdrv_open_driver()Manos Pitsidianakis
bdrv_open_driver() is called in two places, bdrv_new_open_driver() and bdrv_open_common(). In the latter, failure cleanup in is in its caller, bdrv_open_inherit(), which unrefs the bs->file of the failed driver open if it exists. Let's move the bs->file cleanup to bdrv_open_driver() to take care of all callers and do not set bs->drv to NULL unless the driver's open function failed. When bs is destroyed by removing its last reference, it calls bdrv_close() which checks bs->drv to perform the needed cleanups and also call the driver's close function. Since it cleans up options and opaque we must take care not leave dangling pointers. The error paths in bdrv_open_driver() are now two: If open fails, drv->bdrv_close() should not be called. Unref the child if it exists, free what we allocated and set bs->drv to NULL. Return the error and let callers free their stuff. If open succeeds but we fail after, return the error and let callers unref and delete their bs, while cleaning up their allocations. Signed-off-by: Manos Pitsidianakis <el13635@mail.ntua.gr> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2017-08-01block: fix dangling bs->explicit_options in block.cManos Pitsidianakis
In some error paths it is possible to QDECREF a freed dangling explicit_options, resulting in a heap overflow crash. For example bdrv_open_inherit()'s fail unrefs it, then calls bdrv_unref which calls bdrv_close which also unrefs it. Signed-off-by: Manos Pitsidianakis <el13635@mail.ntua.gr> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2017-08-01iotests: Add test of recent fix to 'qemu-img measure'Eric Blake
The new test 190 ensures we don't regress back to an infinite loop when measuring the size of a 2T+ qcow2 image. I did not append to test 178, because that test is also designed to run with format 'raw'; also, this gives us some coverage of the measure command under the quick group. Signed-off-by: Eric Blake <eblake@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2017-08-01iotests: Check dirty bitmap statistics in 124Eric Blake
We had a bug for multiple releases where dirty-bitmap count was documented in bytes but reported in sectors; enhance the testsuite to add coverage of DirtyBitmapInfo to ensure we do not regress again. Signed-off-by: Eric Blake <eblake@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2017-08-01iotests: Redirect stderr to stdout in 186Max Reitz
Without redirecting qemu's stderr to stdout, _filter_qemu will not apply to warnings. This results in $QEMU_PROG not being replaced by QEMU_PROG which is not great if your qemu executable is not called qemu-system-x86_64 (e.g. qemu-system-i386). Signed-off-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Jeff Cody <jcody@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2017-08-01iotests: Fix test 156Max Reitz
On one hand, the _make_test_img invocation for creating the target image was missing a -u because its backing file is not supposed to exist at that point. On the other hand, nobody noticed probably because the backing file is created later on and _cleanup failed to remove it: The quotation marks were misplaced so bash tried to delete a file literally called "$TEST_IMG{,.target}..." instead of performing brace expansion. Thus, the files stayed around after the first run and qemu-img create did not complain about a missing backing file on any run but the first. Signed-off-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Jeff Cody <jcody@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2017-08-01mc146818rtc: implement UIP latching as intendedPaolo Bonzini
In some cases, the guest can observe the wrong ordering of UIP and interrupts. This can happen if the VCPU exit is timed like this: iothread VCPU ... wait for interrupt ... t-100ns read register A t wake up, take BQL t+100ns update_in_progress return false return UIP=0 trigger interrupt The interrupt is late; the VCPU expected the falling edge of UIP to happen after the interrupt. update_in_progress is already trying to cover this case by latching UIP if the timer is going to fire soon, and the fix is documented in the commit message for commit 56038ef623 ("RTC: Update the RTC clock only when reading it", 2012-09-10). It cannot be tested with qtest, because its timing of interrupts vs. reads is exact. However, the implementation was incorrect because UIP cmos_ioport_read cleared register A instead of leaving that to rtc_update_timer. Fixing the implementation of cmos_ioport_read to match the commit message, however, breaks the "uip-stuck" test case from the previous patch. To fix it, skip update timer optimizations if UIP has been latched. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-08-01mc146818rtc: simplify check_update_timerPaolo Bonzini
Move all the optimized cases together, since they all have UF=1 in common. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-08-01rtc-test: introduce more update testsPaolo Bonzini
Test divider reset and UIP behavior. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-08-01rtc-test: cleanup register_b_set_flag testPaolo Bonzini
Introduce set_datetime_bcd/assert_datetime_bcd, and handle UIP correctly. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-08-01hw/scsi/vmw_pvscsi: Convert to realizeMao Zhongyi
Convert a device model where initialization obviously can't fail, make it implement realize() rather than init(). Reviewed-by: Dmitry Fleytman <dmitry@daynix.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Markus Armbruster <armbru@redhat.com> Signed-off-by: Mao Zhongyi <maozy.fnst@cn.fujitsu.com> Message-Id: <20170726084153.10121-2-maozy.fnst@cn.fujitsu.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-08-01hw/scsi/vmw_pvscsi: Remove the dead error handlingMao Zhongyi
qemu_bh_new() is a wrapper around aio_bh_new(), which returns null only when g_new() does. It doesn't. So remove the dead error handling. Reviewed-by: Dmitry Fleytman <dmitry@daynix.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Markus Armbruster <armbru@redhat.com> Signed-off-by: Mao Zhongyi <maozy.fnst@cn.fujitsu.com> Message-Id: <20170726084153.10121-1-maozy.fnst@cn.fujitsu.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-08-01migration: optimize the downtimeJay Zhou
Qemu_savevm_state_cleanup takes about 300ms in my ram migration tests with a 8U24G vm(20G is really occupied), the main cost comes from KVM_SET_USER_MEMORY_REGION ioctl when mem.memory_size = 0 in kvm_set_user_memory_region. In kmod, the main cost is kvm_zap_obsolete_pages, which traverses the active_mmu_pages list to zap the unsync sptes. It can be optimized by delaying memory_global_dirty_log_stop to the next vm_start. Changes v2->v3: - NULL VMChangeStateHandler if it is deleted and protect the scenario of nested invocations of memory_global_dirty_log_start/stop [Paolo] Changes v1->v2: - create a VMChangeStateHandler in memory.c to reduce the coupling [Paolo] Signed-off-by: Jay Zhou <jianjay.zhou@huawei.com> Message-Id: <1501237733-2736-1-git-send-email-jianjay.zhou@huawei.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-08-01qemu-options: document existance of versioned machine typesDaniel P. Berrange
The -machine docs did not explain what the versioned machine types are for, nor that they'll be maintained across releases. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Message-Id: <20170725141041.1195-1-berrange@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-08-01bt: stop the sdp memory allocation crazinessPaolo Bonzini
Clang static analyzer reports a memory leak. Actually, the allocated memory escapes here: record->attribute_list[record->attributes].pair = data; but clang is correct that the memory might leak if len is zero. We know it isn't; assert that it is the case. The craziness doesn't end there. The memory is freed by bt_l2cap_sdp_close_ch: g_free(sdp->service_list[i].attribute_list->pair); which actually should have been written like this: g_free(sdp->service_list[i].attribute_list[0].pair); The attribute_list is sorted with qsort; but indeed the first entry of attribute_list should point to "data" even after the qsort, because the first record has id SDP_ATTR_RECORD_HANDLE, whose numeric value is zero. But hang on. The qsort function is static int sdp_attributeid_compare( const struct sdp_service_attribute_s *a, const struct sdp_service_attribute_s *b) { return (int) b->attribute_id - a->attribute_id; } but no one ever writes attribute_id. So it only works if qsort is stable, and who knows what else is broken, but we can fix it by setting attribute_id in the while loop. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>