Commit Graph

76472 Commits

Author SHA1 Message Date
Olaf Hering
9a709f06c8 piix: fix xenfv regression, add compat machine xenfv-4.2
With QEMU 4.0 an incompatible change was added to pc_piix, which makes it
practical impossible to migrate domUs started with qemu2 or qemu3 to
newer qemu versions. Commit 7fccf2a068
added and enabled a new member "smbus_no_migration_support". In commit
4ab2f2a8aa the vmstate_acpi got new
elements, which are conditionally filled. As a result, an incoming
migration expected smbus related data unless smbus migration was
disabled for a given MachineClass. Since first commit forgot to handle
'xenfv', domUs started with QEMU 4.x are incompatible with their QEMU
siblings.

Using other existing machine types, such as 'pc-i440fx-3.1', is not
possible because 'xenfv' creates the 'xen-platform' PCI device at
00:02.0, while all other variants to run a domU would create it at
00:04.0.

To cover both the existing and the broken case of 'xenfv' in a single
qemu binary, a new compatibility variant of 'xenfv-4.2' must be added
which targets domUs started with qemu 4.2. The existing 'xenfv' restores
compatibility of QEMU 5.x with qemu 3.1.

Host admins who started domUs with QEMU 4.x (preferrable QEMU 4.2)
have to use a wrapper script which appends '-machine xenfv-4.2' to
the device-model command line.  This is only required if there is no
maintenance window which allows to temporary shutdown the domU and
restart it with a fixed device-model.

The wrapper script is as simple as this:
  #!/bin/sh
  exec /usr/bin/qemu-system-i386 "$@" -machine xenfv-4.2

With xl this script will be enabled with device_model_override=, see
xl.cfg(5). To live migrate a domU, adjust the existing domU.cfg and pass
it to xl migrate or xl save/restore:
  xl migrate -C new-domU.cfg domU remote-host
  xl save domU CheckpointFile new-domU.cfg
  xl restore new-domU.cfg CheckpointFile

With libvirt this script will be enabled with the <emulator> element in
domU.xml. Use 'virsh edit' prior 'virsh migrate' to replace the existing
<emulator> element to point it to the wrapper script.

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Message-Id: <20200327151841.13877-1-olaf@aepfle.de>
[Adjust tests for blacklisted machine types, simplifying the one in
 qom-test. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-04-11 08:49:11 -04:00
Peter Maydell
17e1e49814 Pull request
Fixes for QEMU on aarch64 ARM hosts and fdmon-io_uring.
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEEhpWov9P5fNqsNXdanKSrs4Grc8gFAl6PXmkACgkQnKSrs4Gr
 c8hsmAgAoy0Kw9bBlWth4RHQiwDSU/mVTw+2ClpRwWyd6hl6jdsBQawfnsZl+9iF
 MtB7RpIlX2SVenYTBzB75jJOUW+95k8r9yjrg5X6JzhuWTt+OS/C/YZ15kwMV4ti
 nXUpWgnwYp9ddLqEQTSEsrLWdPMA5vy2svpOhigk4aRg06qqi+ug8OyMt7V/E53b
 nW3t7DvdvIN5Wl9Q1NksIBouc+/IQBsOb8qP8BSDWVlDHkVF0vIc1MITi2V6rP3W
 uVOPMs1tvPjHppNgjkFkNv8OhrqX2Az6zWwhx6rmiP4JxcmaedDTahZwtI3QrBpV
 70nWpLLDATvLSVF72do4B3VnGrGXvg==
 =ODE0
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging

Pull request

Fixes for QEMU on aarch64 ARM hosts and fdmon-io_uring.

# gpg: Signature made Thu 09 Apr 2020 18:42:01 BST
# gpg:                using RSA key 8695A8BFD3F97CDAAC35775A9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" [full]
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>" [full]
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35  775A 9CA4 ABB3 81AB 73C8

* remotes/stefanha/tags/block-pull-request:
  async: use explicit memory barriers
  aio-wait: delegate polling of main AioContext if BQL not held
  aio-posix: signal-proof fdmon-io_uring

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-09 19:00:41 +01:00
Paolo Bonzini
5710a3e09f async: use explicit memory barriers
When using C11 atomics, non-seqcst reads and writes do not participate
in the total order of seqcst operations.  In util/async.c and util/aio-posix.c,
in particular, the pattern that we use

          write ctx->notify_me                 write bh->scheduled
          read bh->scheduled                   read ctx->notify_me
          if !bh->scheduled, sleep             if ctx->notify_me, notify

needs to use seqcst operations for both the write and the read.  In
general this is something that we do not want, because there can be
many sources that are polled in addition to bottom halves.  The
alternative is to place a seqcst memory barrier between the write
and the read.  This also comes with a disadvantage, in that the
memory barrier is implicit on strongly-ordered architectures and
it wastes a few dozen clock cycles.

Fortunately, ctx->notify_me is never written concurrently by two
threads, so we can assert that and relax the writes to ctx->notify_me.
The resulting solution works and performs well on both aarch64 and x86.

Note that the atomic_set/atomic_read combination is not an atomic
read-modify-write, and therefore it is even weaker than C11 ATOMIC_RELAXED;
on x86, ATOMIC_RELAXED compiles to a locked operation.

Analyzed-by: Ying Fang <fangying1@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Tested-by: Ying Fang <fangying1@huawei.com>
Message-Id: <20200407140746.8041-6-pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2020-04-09 16:17:14 +01:00
Paolo Bonzini
3c18a92dc4 aio-wait: delegate polling of main AioContext if BQL not held
Any thread that is not a iothread returns NULL for qemu_get_current_aio_context().
As a result, it would also return true for
in_aio_context_home_thread(qemu_get_aio_context()), causing
AIO_WAIT_WHILE to invoke aio_poll() directly.  This is incorrect
if the BQL is not held, because aio_poll() does not expect to
run concurrently from multiple threads, and it can actually
happen when savevm writes to the vmstate file from the
migration thread.

Therefore, restrict in_aio_context_home_thread to return true
for the main AioContext only if the BQL is held.

The function is moved to aio-wait.h because it is mostly used
there and to avoid a circular reference between main-loop.h
and block/aio.h.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200407140746.8041-5-pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2020-04-09 16:16:28 +01:00
Stefan Hajnoczi
636b836d5f aio-posix: signal-proof fdmon-io_uring
The io_uring_enter(2) syscall returns with errno=EINTR when interrupted
by a signal.  Retry the syscall in this case.

It's essential to do this in the io_uring_submit_and_wait() case.  My
interpretation of the Linux v5.5 io_uring_enter(2) code is that it
shouldn't affect the io_uring_submit() case, but there is no guarantee
this will always be the case.  Let's check for -EINTR around both APIs.

Note that the liburing APIs have -errno return values.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20200408091139.273851-1-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2020-04-09 15:55:06 +01:00
Peter Maydell
8bac3ba57e Add fall through comment for Coverity.
-----BEGIN PGP SIGNATURE-----
 
 iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAl6N7YwdHHJpY2hhcmQu
 aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV8PSQf8DLTD/6l40EmkSULS
 jj9g8aahZhcq04oApr4UesnGLq/No7Dq20sG7tn3aConeuE3ALPVn6CpvCpc6zpr
 yYuaLBSFYT7l4jFFJPdgLn491ogkgwCMe3HaCkmARAG/lXrduepz1l+QUHUSgZZ7
 WJBz7oJr2zA0DuQOAeW7oiD51vl622FFFrx1xg7ELGnR5ObZ6DwEQKWedvlg1hQE
 Ed6S2IiLVBTO0U1TZtSfOhYApa/4Gc4L92KfJp5H4raV5bocSk94IOzDVpyr2uwT
 VKcAVN7lPKm+zv2wyg65MEHTJEQGYSbzeCSoYmOJpUCtKBirMZ6MajPgLPUEEI9Q
 dhrYGA==
 =FFe1
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/rth/tags/pull-rx-20200408' into staging

Add fall through comment for Coverity.

# gpg: Signature made Wed 08 Apr 2020 16:28:12 BST
# gpg:                using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg:                issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A  05C0 64DF 38E8 AF7E 215F

* remotes/rth/tags/pull-rx-20200408:
  target/rx/translate: Add missing fall through comment

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-09 13:23:30 +01:00
Peter Maydell
bb2e2bfc07 target/xtensa fixes for 5.0:
- fix pasto in pfwait.r opcode name;
 - fix memory leak with dynamically allocated xtensa_insnbufs in
   DisasContext.
 -----BEGIN PGP SIGNATURE-----
 
 iQJHBAABCgAxFiEEK2eFS5jlMn3N6xfYUfnMkfg/oEQFAl6NE40THGpjbXZia2Jj
 QGdtYWlsLmNvbQAKCRBR+cyR+D+gRLlFD/sHrsySz19IoGxFMpKklh5YKKWh/sZy
 Dq7zb94y4eRCpCL/zUeeqp0x7Xl8EtGk07STmhGcvW7oButsI6mNx0RS6tlUoIJM
 XOZbx+EvF1uMyXuODMbfxgMKy5TxUtPFTfCOCLgRbe8goulvHSZBRTNiAwmNTrw0
 OhZIcvx8m+Pgpq3m9H1vroCsEtR+rL17JxoaFxcmPRNmQ6fcPMcOi4qDaZ0pIazP
 9TZE+G4TTt/ebkzbmsaGhHUAo44ayIACoMlt2URIY+MmE8ZMuJy4xVGh8PB9UPhV
 smgnkuN3sQPCFUCcyWhF66OICaMViMOaNI1jfsqakcLgjzcLNAlW8DjCJLeztrHH
 uVFfLFng9W9T8edkp/mJ6ITWdL2EYt9kxPTzfd/IUoiB6hHzE+Gj8P55aMQy5HWx
 PrU4aRcyq16zJf2pqeTTyrRubjOLXZViC07b8lkVr2jZFYDxe+7JYkQsHkjQSw5Y
 BVsX+g6dL7hv0u0uZW2yIdyUJwX7zFDwzudatFDcHQkTHIiZtOHnG1MxlneLi4eF
 hHF2Y2767HrvouXu4UuIpzlCbp3HPw4jHBLPAWWGvFJnhPX/0FtfCL+BRoh3hPse
 HvrRJYsBx76sriYRKiylqyDrIV0NGvYAzL2IbEXOcIqlxfL2ZDSytqSSw8SCUcGq
 S255wZ+rDc9FPg==
 =QmE2
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/xtensa/tags/20200407-xtensa' into staging

target/xtensa fixes for 5.0:

- fix pasto in pfwait.r opcode name;
- fix memory leak with dynamically allocated xtensa_insnbufs in
  DisasContext.

# gpg: Signature made Wed 08 Apr 2020 00:58:05 BST
# gpg:                using RSA key 2B67854B98E5327DCDEB17D851F9CC91F83FA044
# gpg:                issuer "jcmvbkbc@gmail.com"
# gpg: Good signature from "Max Filippov <filippov@cadence.com>" [unknown]
# gpg:                 aka "Max Filippov <max.filippov@cogentembedded.com>" [full]
# gpg:                 aka "Max Filippov <jcmvbkbc@gmail.com>" [full]
# Primary key fingerprint: 2B67 854B 98E5 327D CDEB  17D8 51F9 CC91 F83F A044

* remotes/xtensa/tags/20200407-xtensa:
  target/xtensa: statically allocate xtensa_insnbufs in DisasContext
  target/xtensa: fix pasto in pfwait.r opcode name

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-09 10:51:21 +01:00
Philippe Mathieu-Daudé
40bd0502db target/rx/translate: Add missing fall through comment
Coverity reported a missing fall through comment, add it.

Fixes: e5918d7d7f ("target/rx: TCG translation")
Reported-by: Coverity (CID 1422222 MISSING_BREAK)
Suggested-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200403184419.28556-1-philmd@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-04-07 18:45:54 -07:00
Max Filippov
fde557ad25 target/xtensa: statically allocate xtensa_insnbufs in DisasContext
Rather than dynamically allocate, and risk failing to free
when we longjmp out of the translator, allocate the maximum
buffer size based on the maximum supported instruction length.

Suggested-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Richard Henderson <richard.henderson@linaro.org>
2020-04-07 16:08:11 -07:00
Max Filippov
1a03362b14 target/xtensa: fix pasto in pfwait.r opcode name
Core xtensa opcode table has pfwait.o instead of pfwait.r. Fix that.

Fixes: c884400f29 ("target/xtensa: implement block prefetch option opcodes")
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2020-04-07 16:08:11 -07:00
Peter Maydell
f3bac27cc1 Update version for v5.0.0-rc2 release
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-07 23:13:37 +01:00
Peter Maydell
e715f7b77e Various fixes:
- add .github repo lockdown config
   - better handle missing symbols in elf-ops
   - protect fcntl64 with #ifdef
   - remove unused macros from test
   - fix handling of /proc/self/maps
   - avoid BAD_SHIFT in x80 softfloat
   - properly terminate on .hex EOF
   - fix configure probe on windows cross build
   - fix %r12 guest_base initialization
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCgAdFiEEZoWumedRZ7yvyN81+9DbCVqeKkQFAl6MnMIACgkQ+9DbCVqe
 KkQmYQf9EvffSO3rsazTR4fairuzKipnLaQor9LuwusV5CbESwC9BQiUt3G5Q/Ue
 cvBI9Lvwp0v2q0F/nLgRiomI+ZyOgxBNElAmX5YBiO9sKn+O/lIUSbEJvuglEl2F
 4sfnwLH3tXsIe+7N5R/NSS4VkOpMebIRBHQUNHZgg00KJuhRrK8Ikl/XW7RiqHrM
 bK2BmxgWRtx63JDGZDKVSsDIkY8dhCmlWIDyXaspaYUrU7kAoxoD6YwM4armIYat
 TkYeZxEAXRn5e9ln/hXg4sUd348Hhw4arCHqsOplPk8BQ9psw98o/TuHnvJ1CX1q
 G1Ci9LcGBhvaz8yoImzhiczykwCiiw==
 =PXy6
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/stsquad/tags/pull-misc-fixes-070420-1' into staging

Various fixes:

  - add .github repo lockdown config
  - better handle missing symbols in elf-ops
  - protect fcntl64 with #ifdef
  - remove unused macros from test
  - fix handling of /proc/self/maps
  - avoid BAD_SHIFT in x80 softfloat
  - properly terminate on .hex EOF
  - fix configure probe on windows cross build
  - fix %r12 guest_base initialization

# gpg: Signature made Tue 07 Apr 2020 16:31:14 BST
# gpg:                using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [full]
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8  DF35 FBD0 DB09 5A9E 2A44

* remotes/stsquad/tags/pull-misc-fixes-070420-1:
  tcg/i386: Fix %r12 guest_base initialization
  configure: Add -Werror to PIE probe
  hw/core: properly terminate loading .hex on EOF record
  linux-user: clean-up padding on /proc/self/maps
  linux-user: factor out reading of /proc/self/maps
  softfloat: Fix BAD_SHIFT from normalizeFloatx80Subnormal
  gdbstub: fix compiler complaining
  target/xtensa: add FIXME for translation memory leak
  linux-user: more debug for init_guest_space
  tests/tcg: remove extraneous pasting macros
  linux-user: protect fcntl64 with an #ifdef
  elf-ops: bail out if we have no function symbols
  .github: Enable repo-lockdown bot to refuse GitHub pull requests

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-07 22:12:05 +01:00
Peter Maydell
3f1082e5b8 Xen queue for QEMU 5.0
- Fix for xen-block.
 - A fix for a Coverity false positive in xen-usb.
 - Update MAINTAINERS to add xen-usb.c to Xen section.
 -----BEGIN PGP SIGNATURE-----
 
 iQFOBAABCgA4FiEE+AwAYwjiLP2KkueYDPVXL9f7Va8FAl6MmmwaHGFudGhvbnku
 cGVyYXJkQGNpdHJpeC5jb20ACgkQDPVXL9f7Va/iiAf/SHWEbkvUyaEIl9RrTzpo
 ZsFrtUMGhi3YRvxKUD8Q8zebejemLROwvPGxg/rJ5kq5ecygq8W1crXgN4OyaRzh
 oV00uC6h6AhfmUrZFuWGcgXDY+dg5rOPPmKLiF8ilE9dVZBSL2nPYo41QDaV96Q4
 1alJIh0IE5WwVzZb2D/dqt7jve3SB5zlHZigwtCRTMN5o/qJYUb66s/XIQc2htIq
 BsSNfU3QAZIXih6rGvzvG6Er7OnI86QtXlNl46zsjRr581nIwBndIdE2IU+Afm3+
 pZhXQR13OVSXPu5djv6rlfmYDsTI9zn90L9IIf7lLmW+8B3SOVlAbDr9GmGi+RKu
 Yg==
 =zTtF
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/aperard/tags/pull-xen-20200407' into staging

Xen queue for QEMU 5.0

- Fix for xen-block.
- A fix for a Coverity false positive in xen-usb.
- Update MAINTAINERS to add xen-usb.c to Xen section.

# gpg: Signature made Tue 07 Apr 2020 16:21:16 BST
# gpg:                using RSA key F80C006308E22CFD8A92E7980CF5572FD7FB55AF
# gpg:                issuer "anthony.perard@citrix.com"
# gpg: Good signature from "Anthony PERARD <anthony.perard@gmail.com>" [marginal]
# gpg:                 aka "Anthony PERARD <anthony.perard@citrix.com>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 5379 2F71 024C 600F 778A  7161 D8D5 7199 DF83 42C8
#      Subkey fingerprint: F80C 0063 08E2 2CFD 8A92  E798 0CF5 572F D7FB 55AF

* remotes/aperard/tags/pull-xen-20200407:
  MAINTAINERS: Add xen-usb.c to Xen section
  xen-block: Fix uninitialized variable
  hw/usb/xen-usb.c: Pass struct usbback_req* to usbback_packet_complete()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-07 20:55:07 +01:00
Peter Maydell
2f37b0222c Block layer patches:
- Fix crashes and hangs related to iothreads, bdrv_drain and block jobs:
     - Fix some AIO context locking in jobs
     - Fix blk->in_flight during blk_wait_while_drained()
 - vpc: Don't round up already aligned BAT sizes
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJejI1UAAoJEH8JsnLIjy/WQhEQAIF2zkkdbT77VTMLvFmPU36J
 hPR2RSzd5egNtfn3zm7vGZJ3FEZb5SEAV5R9CnwVAJeQnPUll7bjkPsoynrEUFU2
 PSoFe8lKuYwoAOOSjqakASpKx/Xs3sctKc4fgRWr5/dbWFCC77Q+qxHiKO4KYfeh
 g00jsjeCLMVLop3r9uMDovlA81mJUIP5axSjSH7akgzLC+ZCfH2RFFu62D7wYv9w
 UgQM/NZt2YuLFm+BeQLB4K2BK+PZBCN1trPj+h11ecUwm9b1XZZfO/7R0T8Wrljc
 49fd5Z/GombCnyxuLCr6QrhLZcr8FffLJXQgkdHTkWUKQXqZUfmqLjVIAbli0ZiC
 hP8jE5EgdAXpBrGeM2oH+dk0iQSBGTIMaGlhDwxO32xOAQ8TKpRiMZMfwGHqB+vn
 m/EPoHLHL6vQGxISfGjj4k3fnSP74nvRrS656MhLuG03SkPZacyTZQpTkErg2imW
 AeU6g4afvvLtJBoF/YYA5Qhff1Ux5eh9jactIW1DRf/Q4tTc4ioTU25560Le4eGZ
 kex/AwIcf9P47eTUCP8L6iNKz8RU7bV4g9vl9zz7fQm3i9GEhly88XvOppnXRUvT
 XdkfdlSmUZ9vue6rAfgsL5fQIHtsGRfH90nT11/IW1X4baOImtcQBWg3xZdR4zPS
 W2H0J01PlSKE8l/OWQlo
 =oODf
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Block layer patches:

- Fix crashes and hangs related to iothreads, bdrv_drain and block jobs:
    - Fix some AIO context locking in jobs
    - Fix blk->in_flight during blk_wait_while_drained()
- vpc: Don't round up already aligned BAT sizes

# gpg: Signature made Tue 07 Apr 2020 15:25:24 BST
# gpg:                using RSA key 7F09B272C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" [full]
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74  56FE 7F09 B272 C88F 2FD6

* remotes/kevin/tags/for-upstream:
  vpc: Don't round up already aligned BAT sizes
  block: Fix blk->in_flight during blk_wait_while_drained()
  block: Increase BB.in_flight for coroutine and sync interfaces
  block-backend: Reorder flush/pdiscard function definitions
  backup: don't acquire aio_context in backup_clean
  replication: assert we own context before job_cancel_sync
  job: take each job's lock individually in job_txn_apply

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-07 19:12:45 +01:00
Peter Maydell
339205e7ef Block patches for 5.0-rc2:
- Fix double QLIST_REMOVE() and potential request object leak in
   xen-block
 - Prevent a potential assertion failure in qcow2's code for compressed
   clusters by rejecting invalid (unaligned) requests with -EIO
 - Prevent discards on qcow2 v2 images from making backing data reappear
 - Make qemu-img convert report I/O error locations by byte offsets
   consistently
 - Fix for potential I/O test errors (accidental globbing due to missing
   quotes)
 -----BEGIN PGP SIGNATURE-----
 
 iQFGBAABCAAwFiEEkb62CjDbPohX0Rgp9AfbAGHVz0AFAl6MckkSHG1yZWl0ekBy
 ZWRoYXQuY29tAAoJEPQH2wBh1c9AGLcH/A8ML6mjaJtwjZG4hL2IuJiA5q+EwswL
 BSM9JBmShFHGkienYhjwMHBgU/QzXMjmsPNLSvdrn09Zd/0C3VjoHVZqfp67o3Cc
 /LmQxnMGfSD8OL/hQmuWeW4S0DKV4rFXFYfbeLFiVpdaS6Sy4BOXiM/ozVJz/IjA
 G+rdr9qk6ICWu940VfQXfl1nNxKw9fUebMH0p2SXbrKDmP4m+Op+Phr9rs506+wj
 Of+RwFQ5mkiou8k5s3ODTzD71gZmWsWP2xOGZ3n5ydVMuwZnblCmaTj2V/tbtBYN
 zQILgnwNYagYWrdOIjJepmC+oHa2tN3tJnMLMYRrB29BJN3AOcB7Etc=
 =0rFv
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/maxreitz/tags/pull-block-2020-04-07' into staging

Block patches for 5.0-rc2:
- Fix double QLIST_REMOVE() and potential request object leak in
  xen-block
- Prevent a potential assertion failure in qcow2's code for compressed
  clusters by rejecting invalid (unaligned) requests with -EIO
- Prevent discards on qcow2 v2 images from making backing data reappear
- Make qemu-img convert report I/O error locations by byte offsets
  consistently
- Fix for potential I/O test errors (accidental globbing due to missing
  quotes)

# gpg: Signature made Tue 07 Apr 2020 13:30:01 BST
# gpg:                using RSA key 91BEB60A30DB3E8857D11829F407DB0061D5CF40
# gpg:                issuer "mreitz@redhat.com"
# gpg: Good signature from "Max Reitz <mreitz@redhat.com>" [full]
# Primary key fingerprint: 91BE B60A 30DB 3E88 57D1  1829 F407 DB00 61D5 CF40

* remotes/maxreitz/tags/pull-block-2020-04-07:
  xen-block: Fix double qlist remove and request leak
  iotests/common.pattern: Quote echos
  qcow2: Check request size in qcow2_co_pwritev_compressed_part()
  qemu-img: Report convert errors by bytes, not sectors
  qcow2: Forbid discard in qcow2 v2 images with backing files

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-07 17:38:47 +01:00
Richard Henderson
cce743abbf tcg/i386: Fix %r12 guest_base initialization
When %gs cannot be used, we use register offset addressing.
This path is almost never used, so it was clearly not tested.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20200406174803.8192-1-richard.henderson@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
2020-04-07 16:19:49 +01:00
Richard Henderson
eca7a8e6c0 configure: Add -Werror to PIE probe
Without -Werror, the probe may succeed, but then compilation fails
later when -Werror is added for other reasons.  Shows up on windows,
where the compiler complains about -fPIC.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200401214756.6559-1-richard.henderson@linaro.org>
Message-Id: <20200403191150.863-13-alex.bennee@linaro.org>
2020-04-07 16:19:49 +01:00
Alex Bennée
58d5e749d6 hw/core: properly terminate loading .hex on EOF record
The https://makecode.microbit.org/#editor generates slightly weird
.hex files which work fine on a real microbit but causes QEMU to
choke. The reason is extraneous data after the EOF record which causes
the loader to attempt to write a bigger file than it should to the
"rom". According to the HEX file spec an EOF really should be the last
thing we process so lets do that.

Reported-by: Ursula Bennée <alex.bennee@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200403191150.863-12-alex.bennee@linaro.org>
2020-04-07 16:19:49 +01:00
Alex Bennée
bb55173cfb linux-user: clean-up padding on /proc/self/maps
Don't use magic spaces, calculate the justification for the file
field like the kernel does with seq_pad.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200403191150.863-10-alex.bennee@linaro.org>
2020-04-07 16:19:49 +01:00
Alex Bennée
01ef6b9e4e linux-user: factor out reading of /proc/self/maps
Unfortunately reading /proc/self/maps is still considered the gold
standard for a process finding out about it's own memory layout. As we
will want this data in other contexts soon factor out the code to read
and parse the data. Rather than just blindly copying the existing
sscanf based code we use a more modern glib version of the parsing
code to make a more general purpose map structure.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20200403191150.863-9-alex.bennee@linaro.org>
2020-04-07 16:19:49 +01:00
Richard Henderson
2f311075b7 softfloat: Fix BAD_SHIFT from normalizeFloatx80Subnormal
All other calls to normalize*Subnormal detect zero input before
the call -- this is the only outlier.  This case can happen with
+0.0 + +0.0 = +0.0 or -0.0 + -0.0 = -0.0, so return a zero of
the correct sign.

Reported-by: Coverity (CID 1421991)
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20200327232042.10008-1-richard.henderson@linaro.org>
Message-Id: <20200403191150.863-8-alex.bennee@linaro.org>
2020-04-07 16:19:49 +01:00
Denis Plotnikov
076b2fadb5 gdbstub: fix compiler complaining
./gdbstub.c: In function ‘handle_query_thread_extra’:
        /usr/include/glib-2.0/glib/glib-autocleanups.h:28:10:
    error: ‘cpu_name’ may be used uninitialized in this function
    [-Werror=maybe-uninitialized]
        g_free (*pp);
               ^
    ./gdbstub.c:2063:26: note: ‘cpu_name’ was declared here
        g_autofree char *cpu_name;
                         ^
    cc1: all warnings being treated as errors

Signed-off-by: Denis Plotnikov <dplotnikov@virtuozzo.com>
Message-Id: <20200326151407.25046-1-dplotnikov@virtuozzo.com>
Reported-by: Euler Robot <euler.robot@huawei.com>
Reported-by: Chen Qun <kuhn.chenqun@huawei.com>
Reviewed-by: Miroslav Rezanina <mrezanin@redhat.com>
Message-Id: <20200325092137.24020-1-kuhn.chenqun@huawei.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200403191150.863-7-alex.bennee@linaro.org>
2020-04-07 16:19:49 +01:00
Alex Bennée
1f089c6705 target/xtensa: add FIXME for translation memory leak
Dynamically allocating a new structure within the DisasContext can
potentially leak as we can longjmp out of the translation loop (see
test_phys_mem). The proper fix would be to use static allocation
within the DisasContext but as the Xtensa translator imports it's code
from elsewhere I leave that as an exercise for the maintainer.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Acked-by: Max Filippov <jcmvbkbc@gmail.com>
Message-Id: <20200403191150.863-6-alex.bennee@linaro.org>
2020-04-07 16:19:49 +01:00
Alex Bennée
b859040dc4 linux-user: more debug for init_guest_space
Searching for memory space can cause problems so lets extend the
CPU_LOG_PAGE output so you can watch init_guest_space fail to
allocate memory. A more involved fix is actually required to make this
function play nicely with the large guard pages the sanitiser likes to
use.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20200403191150.863-5-alex.bennee@linaro.org>
2020-04-07 16:19:49 +01:00
Alex Bennée
af7fc47f2c tests/tcg: remove extraneous pasting macros
We are not using them and they just get in the way.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200403191150.863-4-alex.bennee@linaro.org>
2020-04-07 16:19:49 +01:00
Alex Bennée
bbf5f2a1aa linux-user: protect fcntl64 with an #ifdef
Checking TARGET_ABI_BITS is sketchy - we should check for the presence
of the define to be sure. Also clean up the white space while we are
there.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200403191150.863-3-alex.bennee@linaro.org>
2020-04-07 16:19:49 +01:00
Alex Bennée
040425f849 elf-ops: bail out if we have no function symbols
It's perfectly possible to have no function symbols in your elf file
and if we do the undefined behaviour sanitizer rightly complains about
us passing NULL to qsort. Check nsyms before we go ahead.

While we are at it lets drop the unchecked return value and cleanup
the fail leg by use of g_autoptr.

Another fix was proposed 101 weeks ago in:
Message-Id: 20180421232120.22208-1-f4bug@amsat.org

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200403191150.863-2-alex.bennee@linaro.org>
2020-04-07 16:19:49 +01:00
Philippe Mathieu-Daudé
20a4f14f6e .github: Enable repo-lockdown bot to refuse GitHub pull requests
Some GitHub users try to open pull requests against the GitHub
mirror. Unfortunate these get ignored until eventually someone
notices and closes the request.

Enable the 'Repo Lockdown' [*] 3rd party bot which can autorespond
to pull requests with a friendly comment, close the request, and
then lock it to prevent further comments.

[*] https://github.com/dessant/repo-lockdown

Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-Id: <20200406214125.18538-1-f4bug@amsat.org>
[AJB: s/fill/file/ and point at canonical qemu.org/contribute]
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
2020-04-07 16:19:18 +01:00
Anthony PERARD
758af9cfab MAINTAINERS: Add xen-usb.c to Xen section
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Acked-by: Paul Durrant <paul@xen.org>
Message-Id: <20200406165043.1447837-1-anthony.perard@citrix.com>
2020-04-07 16:13:26 +01:00
Anthony PERARD
0cd40042c5 xen-block: Fix uninitialized variable
Since 7f5d9b206d ("object-add: don't create return value if
failed"), qmp_object_add() don't write any value in 'ret_data', thus
has random data. Then qobject_unref() fails and abort().

Fix by initialising 'ret_data' properly.

Fixes: 5f07c4d60d ("qapi: Flatten object-add")
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200406164207.1446817-1-anthony.perard@citrix.com>
2020-04-07 16:13:26 +01:00
Peter Maydell
1aef27c93d hw/usb/xen-usb.c: Pass struct usbback_req* to usbback_packet_complete()
The function usbback_packet_complete() currently takes a USBPacket*,
which must be a pointer to the packet field within a struct
usbback_req; the function uses container_of() to get the struct
usbback_req* given the USBPacket*.

This is unnecessarily confusing (and in particular it confuses the
Coverity Scan analysis, resulting in the false positive CID 1421919
where it thinks that we write off the end of the structure). Since
both callsites already have the pointer to the struct usbback_req,
just pass that in directly.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Anthony PERARD <anthony.perard@citrix.com>
Message-Id: <20200323164318.26567-1-peter.maydell@linaro.org>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
2020-04-07 16:13:26 +01:00
Peter Maydell
3f0fb07379 QAPI patches for 2020-04-07
-----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEENUvIs9frKmtoZ05fOHC0AOuRhlMFAl6MZ2oSHGFybWJydUBy
 ZWRoYXQuY29tAAoJEDhwtADrkYZTBTMP/28dQKp+4vbdW98TWg4MoxCkLviWmMLF
 qt8a6zK1WSoKgciUfCLWvGGW6lOmagOiLq+WGt+k23P9Wu5s0ax0tvm7p7Q8m7sx
 NMHh6MIPxCLcNh1zPQ8B2+tJSOOQtXfaZo6W4gfaJ+lgz/NtHPzjcs+tLvDhOofb
 QGH2dUBRmA2gh0kIO0fNfYWEL0/ckQA67bHnHWU714k+U8LWux7yJMK8z3gVjEIs
 Tk6eURF/vaNZrQmOOuqrMc8AIO6l3tgJG7Zcv+4Sv8tJUEiaiASiokEEmEs1bj63
 izt8pAF0EvfMoL/ZFODChTfJDsPuDQad5WApfqzLTE3zBWUEetIQjPZJwxMrv8uQ
 zLjEQxTMGTGkONrFASkSZqlRw6+mWOsE71KJwo/FEfHH2G2lzVnZRzdHhhSMB8+4
 F6dzHRd66oFWz/t2hwGIXc2ng1xqtc/llBC4HZBxBOUQ0iba6LP0clpBHUJ75UDB
 JClxFI6P6xztqSGejp2FsEy2FMUw67TnvRLGPS/t/NfcdsfNfEO1rL1M10RlThoa
 Nl131Opx50cT4jhMtOQS5wySQ8whtYHQQkMCfHc+QYXwmaAiRSvJrl227ywJcX3g
 AnSpCu8VeeKJKwhzLSA3UhROjbuk4NsR/NGERDe1iwtYV9X33/zdO/sGpdmX25rc
 G88DH3NWrzPR
 =BaVo
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2020-04-07' into staging

QAPI patches for 2020-04-07

# gpg: Signature made Tue 07 Apr 2020 12:43:38 BST
# gpg:                using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653
# gpg:                issuer "armbru@redhat.com"
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full]
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>" [full]
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867  4E5F 3870 B400 EB91 8653

* remotes/armbru/tags/pull-qapi-2020-04-07:
  json: Fix check for unbalanced right curly brace

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-07 16:05:07 +01:00
Peter Maydell
8f0d25c464 Acceptance tests patches
- Fixed EXEC migration
 - Reduce PReP/40p artifacts download failures,
 - Disable Leon3 HelenOS
 - Speed up Travis-CI job by using a specific cache bucket
 
 CI jobs results:
   https://gitlab.com/philmd/qemu/pipelines/133379305
   https://travis-ci.org/github/philmd/qemu/builds/671762970
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAl6MWAUACgkQ4+MsLN6t
 wN7UEg/9F+2INbIY24MAYhPldO5PZWJp2Eqdt5p0pR6yd4WzTMbRcRezYZZtQ9EP
 V4tsLACWnJAyeXPk0zgr+8gYHTD/m/sZCPU0Zg8v6O98H/XJmQOpRaofKScMdtc8
 QdMPFCtDVlkyWiVQ6BQOwWatYGsr/CIm6AEDNn+TtULLrqnRD1hdajKzQIELZTlO
 AdKThN4ewiDc2MPVSxqHt3z/1pCVSS53g59eSgWKsLvIEoY3UVigmDl2hITd6m8f
 zwCSzDtvDcC4ReKwMPc6OUC3kglp14WuiIgTiuUvb1Rok22A+u0QKqnJxK+aJTZ+
 ZnorEWJg3aEITJue0/biX5is3ieSRMMcNZD8FNxzZCEmwuPCDMlBu2mTQPF7+RwT
 qHZBL+e8ixT5274024ojZQ5fgH6QSSR3NdZ8EBzhQlxOFWpWarey9cQGwFk6Pgal
 mL+GoVHrlN3xt+AxDJaVwBWisSnxsy+ueGANbZ+4uvZxyeLSXCESV6bAEeU9REh4
 fvFmZL2LzV738Z86iwChwy80YkPNNau6BiSIuXn5uUUpjV9dR6u6y1k/oMAuZqvm
 67lbv3uaE6OlYd3JuV9VvaNAbV2BpLab8RCXcAhD2KLfSROJsPzCtGRRE2hGIWoG
 xlMlf/dIbF9p89vZSjmDcDWoKlVsJQUFDfTmqKnU7bABNCv9fRo=
 =YUaj
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/philmd-gitlab/tags/acceptance-fixes-20200407' into staging

Acceptance tests patches

- Fixed EXEC migration
- Reduce PReP/40p artifacts download failures,
- Disable Leon3 HelenOS
- Speed up Travis-CI job by using a specific cache bucket

CI jobs results:
  https://gitlab.com/philmd/qemu/pipelines/133379305
  https://travis-ci.org/github/philmd/qemu/builds/671762970

# gpg: Signature made Tue 07 Apr 2020 11:37:57 BST
# gpg:                using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD  6BB2 E3E3 2C2C DEAD C0DE

* remotes/philmd-gitlab/tags/acceptance-fixes-20200407:
  .travis.yml: Cache acceptance-test assets
  tests/acceptance/machine_sparc_leon3: Disable HelenOS test
  tests/acceptance/ppc_prep_40p: Use mirror for ftp.software.ibm.com
  tests/acceptance/ppc_prep_40p: Use cdn.netbsd.org hostname
  Acceptance test: Fix to EXEC migration

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-07 15:10:11 +01:00
Kevin Wolf
3f6de653b9 vpc: Don't round up already aligned BAT sizes
As reported on Launchpad, Azure apparently doesn't accept images for
upload that are not both aligned to 1 MB blocks and have a BAT size that
matches the image size exactly.

As far as I can tell, there is no real reason why we create a BAT that
is one entry longer than necessary for aligned image sizes, so change
that.

(Even though the condition is only mentioned as "should" in the spec and
previous products accepted larger BATs - but we'll try to maintain
compatibility with as many of Microsoft's ever-changing interpretations
of the VHD spec as possible.)

Fixes: https://bugs.launchpad.net/bugs/1870098
Reported-by: Tobias Witek
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20200402093603.2369-1-kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-04-07 15:42:08 +02:00
Kevin Wolf
7f16476fab block: Fix blk->in_flight during blk_wait_while_drained()
Waiting in blk_wait_while_drained() while blk->in_flight is increased
for the current request is wrong because it will cause the drain
operation to deadlock.

This patch makes sure that blk_wait_while_drained() is called with
blk->in_flight increased exactly once for the current request, and that
it temporarily decreases the counter while it waits.

Fixes: cf3129323f
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20200407121259.21350-4-kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-04-07 15:40:57 +02:00
Kevin Wolf
fbb92b6798 block: Increase BB.in_flight for coroutine and sync interfaces
External callers of blk_co_*() and of the synchronous blk_*() functions
don't currently increase the BlockBackend.in_flight counter, but calls
from blk_aio_*() do, so there is an inconsistency whether the counter
has been increased or not.

This patch moves the actual operations to static functions that can
later know they will always be called with in_flight increased exactly
once, even for external callers using the blk_co_*() coroutine
interfaces.

If the public blk_co_*() interface is unused, remove it.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20200407121259.21350-3-kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-04-07 15:40:41 +02:00
Kevin Wolf
564806c529 block-backend: Reorder flush/pdiscard function definitions
Move all variants of the flush/pdiscard functions to a single place and
put the blk_co_*() version first because it is called by all other
variants (and will become static in the next patch).

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20200407121259.21350-2-kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-04-07 15:40:28 +02:00
Peter Maydell
ca74fc1988 fixes for 5.0:
- audio: windows (dsound) fixes.
 - vga: ati blitter sanity check fixes.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABCgAGBQJejEYoAAoJEEy22O7T6HE4B8wQAMHEcbyXVnh2hc/0x1wHi6T5
 IlsLkWvTEC0ZsyG5FcCm9XVC3b+WYCOyt4p+Zci9/lCZuYVCQjsKAafy8zb/8gZo
 c+bQny3APdzE+LSO8sByRDCrnwAxEzyzdcqEj8NKXUhTK0fZRCopyi4nWDIfK1b8
 fNWhWvObeTQEqULbPk+NRFPzI49vMijNK/y7CA64X12jddstG6psaeNYxrjzSTVf
 Fk2L9f4rccVAIA2Cl1hmp18QqqFiQeL/Bw8zi/mGaMBE9ip+SyrTP70MY1GavRDF
 tRfwAHu+eVD3i6iiyoGOapQjgelprn83Qrce8gXJ4/ldxHLbeGnfVx90usp77d/9
 cMQygbIGzbOCpZFPZ0C6aCQrEBJ8aqrZdiCK9i6Z3loqh3plVWBpoUpKT6L1FF+U
 igO21JX3Sz/T4i2RVToylx/2LFii0A8uoT7OMqT45+yjFcra4T6LWdgQtntomKlV
 J51VIXjAzWrxQ3SNOZHrgKYq6MYuLRU6zDQW/arglgA3t0t+gco6LG63Jbx3IH+C
 CL2j4TVG5XHXf74hkWbWQlMxz7Os49k1DQojB9QfOk4L6M0IpJxZXFE8v+v/tIjE
 TF/KeM20Wv6rc8TWYx96SO8gCTW6lgysRymSn1tU09uWAx/bAfSxTru2E7VErmMx
 aiPUv6uzVdFJG8yRHX8j
 =AoE+
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/fixes-20200407-pull-request' into staging

fixes for 5.0:
- audio: windows (dsound) fixes.
- vga: ati blitter sanity check fixes.

# gpg: Signature made Tue 07 Apr 2020 10:21:44 BST
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/fixes-20200407-pull-request:
  ati-vga: Fix checks in ati_2d_blt() to avoid crash
  dsoundaudio: dsound_get_buffer_in should honor *size
  dsoundaudio: fix "Could not lock capture buffer" warning
  dsoundaudio: fix never-ending playback loop

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-07 14:01:49 +01:00
Stefan Reiter
eca0f3524a backup: don't acquire aio_context in backup_clean
All code-paths leading to backup_clean (via job_clean) have the job's
context already acquired. The job's context is guaranteed to be the same
as the one used by backup_top via backup_job_create.

Since the previous logic effectively acquired the lock twice, this
broke cleanup of backups for disks using IO threads, since the BDRV_POLL_WHILE
in bdrv_backup_top_drop -> bdrv_do_drained_begin would only release the lock
once, thus deadlocking with the IO thread.

This is a partial revert of 0abf258171.

Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20200407115651.69472-4-s.reiter@proxmox.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-04-07 14:34:47 +02:00
Stefan Reiter
08558e3325 replication: assert we own context before job_cancel_sync
job_cancel_sync requires the job's lock to be held, all other callers
already do this (replication_stop, drive_backup_abort,
blockdev_backup_abort, job_cancel_sync_all, cancel_common).

In this case we're in a BlockDriver handler, so we already have a lock,
just assert that it is the same as the one used for the commit_job.

Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
Message-Id: <20200407115651.69472-3-s.reiter@proxmox.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-04-07 14:34:47 +02:00
Stefan Reiter
b660a84bbb job: take each job's lock individually in job_txn_apply
All callers of job_txn_apply hold a single job's lock, but different
jobs within a transaction can have different contexts, thus we need to
lock each one individually before applying the callback function.

Similar to job_completed_txn_abort this also requires releasing the
caller's context before and reacquiring it after to avoid recursive
locks which might break AIO_WAIT_WHILE in the callback. This is safe, since
existing code would already have to take this into account, lest
job_completed_txn_abort might have broken.

This also brings to light a different issue: When a callback function in
job_txn_apply moves it's job to a different AIO context, callers will
try to release the wrong lock (now that we re-acquire the lock
correctly, previously it would just continue with the old lock, leaving
the job unlocked for the rest of the return path). Fix this by not caching
the job's context.

This is only necessary for qmp_block_job_finalize, qmp_job_finalize and
job_exit, since everyone else calls through job_exit.

One test needed adapting, since it calls job_finalize directly, so it
manually needs to acquire the correct context.

Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
Message-Id: <20200407115651.69472-2-s.reiter@proxmox.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-04-07 14:34:47 +02:00
Anthony PERARD
36d883ba0d xen-block: Fix double qlist remove and request leak
Commit a31ca6801c ("qemu/queue.h: clear linked list pointers on
remove") revealed that a request was removed twice from a list, once
in xen_block_finish_request() and a second time in
xen_block_release_request() when both function are called from
xen_block_complete_aio(). But also, the `requests_inflight' counter is
decreased twice, and thus became negative.

This is a bug that was introduced in bfd0d63660 ("xen-block: improve
response latency"), where a `finished' list was removed.

That commit also introduced a leak of request in xen_block_do_aio().
That function calls xen_block_finish_request() but the request is
never released after that.

To fix both issue, we do two changes:
- we squash finish_request() and release_request() together as we want
  to remove a request from 'inflight' list to add it to 'freelist'.
- before releasing a request, we need to let the other end know the
  result, thus we should call xen_block_send_response() before
  releasing a request.

The first change fixes the double QLIST_REMOVE() as we remove the extra
call. The second change makes the leak go away because if we want to
call finish_request(), we need to call a function that does all of
finish, send response, and release.

Fixes: bfd0d63660 ("xen-block: improve response latency")
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Message-Id: <20200406140217.1441858-1-anthony.perard@citrix.com>
Reviewed-by: Paul Durrant <paul@xen.org>
[mreitz: Amended commit message as per Paul's suggestions]
Signed-off-by: Max Reitz <mreitz@redhat.com>
2020-04-07 13:51:09 +02:00
Max Reitz
25fb2e9c39 iotests/common.pattern: Quote echos
From time to time, my shell decides to repace the bracketed numbers here
by the numbers inside (i.e., "=== Clusters to be compressed [1]" is
printed as "=== Clusters to be compressed 1").  That makes tests that
use common.pattern fail.  Prevent that from happening by quoting the
arguments to all echos in common.pattern.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20200403101134.805871-1-mreitz@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
2020-04-07 13:51:09 +02:00
Alberto Garcia
fb43d2d46e qcow2: Check request size in qcow2_co_pwritev_compressed_part()
When issuing a compressed write request the number of bytes must be a
multiple of the cluster size or reach the end of the last cluster.

With the current code such requests are allowed and we hit an
assertion:

   $ qemu-img create -f qcow2 img.qcow2 1M
   $ qemu-io -c 'write -c 0 32k' img.qcow2

   qemu-io: block/qcow2.c:4257: qcow2_co_pwritev_compressed_task:
   Assertion `bytes == s->cluster_size || (bytes < s->cluster_size &&
              (offset + bytes == bs->total_sectors << BDRV_SECTOR_BITS))' failed.
   Aborted

This patch fixes a regression introduced in 0d483dce38

Signed-off-by: Alberto Garcia <berto@igalia.com>
Message-Id: <20200406143401.26854-1-berto@igalia.com>
Reviewed-by: Andrey Shinkevich <andrey.shinkevich@virtuozzo.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
2020-04-07 13:51:09 +02:00
Eric Blake
39f77cb662 qemu-img: Report convert errors by bytes, not sectors
Various qemu-img commands are inconsistent on whether they report
status/errors in terms of bytes or sector offsets.  The latter is
confusing (especially as more places move to 4k block sizes), so let's
switch everything to just use bytes everywhere.  One iotest is
impacted.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <20200402135717.476398-1-eblake@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
2020-04-07 13:51:09 +02:00
Alberto Garcia
80f5c01183 qcow2: Forbid discard in qcow2 v2 images with backing files
A discard request deallocates the selected clusters so they read back
as zeroes. This is done by clearing the cluster offset field and
setting QCOW_OFLAG_ZERO in the L2 entry.

This flag is however only supported when qcow_version >= 3. In older
images the cluster is simply deallocated, exposing any possible stale
data from the backing file.

Since discard is an advisory operation it's safer to simply forbid it
in this scenario.

Note that we are adding this check to qcow2_co_pdiscard() and not to
qcow2_cluster_discard() or discard_in_l2_slice() because the last
two are also used by qcow2_snapshot_create() to discard the clusters
used by the VM state. In this case there's no risk of exposing stale
data to the guest and we really want that the clusters are always
discarded.

Signed-off-by: Alberto Garcia <berto@igalia.com>
Message-Id: <20200331114345.29993-1-berto@igalia.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
2020-04-07 13:51:09 +02:00
Simran Singhal
1394dc0690 json: Fix check for unbalanced right curly brace
We immediately diagnose unbalanced right curly brace:

    $ qemu-kvm --nodefaults --nographic --qmp stdio
    {"QMP": {"version": {"qemu": {"micro": 91, "minor": 2, "major": 4},
    "package": "v5.0.0-rc1-1-gf6ce4a439a08"}, "capabilities": ["oob"]}}
    }
    {"error": {"class": "GenericError", "desc": "JSON parse error,
    expecting value"}}

except within square bracket:

    [}

The check for unbalanced braces has a typo.  Fix it.

Fixes: 8d3265b3d0
Signed-off-by: Simran Singhal <singhalsimran0@gmail.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20200402182848.GA3023@simran-Inspiron-5558>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Commit message rewritten to explain what's broken]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2020-04-07 13:10:11 +02:00
Peter Maydell
c185e22112 ppc patch queue 2020-04-07
An assortment of fixes for qemu-5.0, including a number for the FWNMI
 feature which is new this release.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEdfRlhq5hpmzETofcbDjKyiDZs5IFAl6MAv4ACgkQbDjKyiDZ
 s5LxjhAAuyKEYD0n6U5JL/+4zIe2YPZbzyUJL4ZeTCwcKgPY71bvOO+57/ATHOBU
 7DJ92glrdN1DN5iA6tpI3nTEA6ghDOR3/16UizqC0CdT17a5V4LOhcZ76ZbtPXyM
 ct9bZPEkGvnHsr5UGZ9fcGLeapHYQa6GEww1BI0Ed8Sa6D3yX+mk9x4PTMQKN8+R
 P8GmLUt6CYNxtvv15mILNA5BsFJDpAYKh3WSqYrXD0UF10w0UKI/Ma0hfqevrpiE
 aXF/TQOnEzirQEQ5jAgFy88einu70LuJx5ws96CJJAUPrjhi9vWuuHe4hk03z795
 CFpjWBwB5Kf/bkwkJgzQ2SxOHRnFPaQPCJG1Baf2B+VXdo/6R9Y7tq+ia3qDq4QK
 +O30HVHjzGFerURiTFh5yvaT7nN24BL6L3vSU/njyLpy2hy8Kfa8q4ic2k17DBGn
 ZfD844r+8mFLiSCr+g11iLBYqFRtzqdvCYYJlhdJxQISzQdDHIoobNfWglv9uTD2
 CZ6wPPdw7nGIPdBIxsTmztJREgLVO0oeXa/0yZG//gaQKHhxDeD2iajSd87Z20Cl
 bZ8K/mDE3QSt8KQOtq22whivJIwzUAi6XWcRTnCaCs39rYRoVRo9Ey55KnV1b6gI
 WjkCCzoPrGxrDMyHw9o571QvWWynANCHBzolUR8p9VU0abBugI4=
 =F8JM
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-5.0-20200407' into staging

ppc patch queue 2020-04-07

An assortment of fixes for qemu-5.0, including a number for the FWNMI
feature which is new this release.

# gpg: Signature made Tue 07 Apr 2020 05:35:10 BST
# gpg:                using RSA key 75F46586AE61A66CC44E87DC6C38CACA20D9B392
# gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>" [full]
# gpg:                 aka "David Gibson (Red Hat) <dgibson@redhat.com>" [full]
# gpg:                 aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>" [full]
# gpg:                 aka "David Gibson (kernel.org) <dwg@kernel.org>" [unknown]
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 B392

* remotes/dgibson/tags/ppc-for-5.0-20200407:
  ppc/pnv: Create BMC devices only when defaults are enabled
  pseries: Update SLOF firmware image
  hw/ppc/ppc440_uc.c: Remove incorrect iothread locking from dcr_write_pcie()
  spapr: Fix failure path for attempting to hot unplug PCI bridges
  ppc/spapr: Don't kill the guest if a recovered FWNMI machine check delivery fails
  ppc/spapr: Add FWNMI machine check delivery warnings
  ppc/spapr: Improve FWNMI machine check delivery corner case comments
  ppc/spapr: KVM FWNMI should not be enabled until guest requests it
  vfio/spapr: Fix page size calculation
  hw/ppc/e500.c: Handle qemu_find_file() failure

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-07 11:19:31 +01:00
BALATON Zoltan
ac2071c379 ati-vga: Fix checks in ati_2d_blt() to avoid crash
In some corner cases (that never happen during normal operation but a
malicious guest could program wrong values) pixman functions were
called with parameters that result in a crash. Fix this and add more
checks to disallow such cases.

Reported-by: Ziming Zhang <ezrakiez@gmail.com>
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-id: 20200406204029.19559747D5D@zero.eik.bme.hu
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-04-07 09:25:23 +02:00
Cédric Le Goater
25f3170b06 ppc/pnv: Create BMC devices only when defaults are enabled
Commit e2392d4395 ("ppc/pnv: Create BMC devices at machine init")
introduced default BMC devices which can be a problem when the same
devices are defined on the command line with :

  -device ipmi-bmc-sim,id=bmc0 -device isa-ipmi-bt,bmc=bmc0,irq=10

QEMU fails with :

  qemu-system-ppc64: error creating device tree: node: FDT_ERR_EXISTS

Use defaults_enabled() when creating the default BMC devices to let
the user provide its own BMC devices using '-nodefaults'. If no BMC
device are provided, output a warning but let QEMU run as this is a
supported configuration. However, when multiple BMC devices are
defined, stop QEMU with a clear error as the results are unexpected.

Fixes: e2392d4395 ("ppc/pnv: Create BMC devices at machine init")
Reported-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20200404153655.166834-1-clg@kaod.org>
Tested-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-04-07 08:55:11 +10:00