qemu.git
12 months agomigration: Rework migrate_send_rp_req_pages() function
Peter Xu [Tue, 8 Sep 2020 20:30:18 +0000 (16:30 -0400)] 
migration: Rework migrate_send_rp_req_pages() function

We duplicated the logic of maintaining the last_rb variable at both callers of
this function.  Pass *rb pointer into the function so that we can avoid
duplicating the logic.  Also, when we have the rb pointer, it's also easier to
remove the original 2nd & 4th parameters, because both of them (name of the
ramblock when needed, or the page size) can be fetched from the ramblock
pointer too.

Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <20200908203022.341615-3-peterx@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
12 months agomigration: Properly destroy variables on incoming side
Peter Xu [Tue, 8 Sep 2020 20:30:17 +0000 (16:30 -0400)] 
migration: Properly destroy variables on incoming side

In migration_incoming_state_destroy(), we've got a few variables that aren't
destroyed properly, namely:

    main_thread_load_event
    postcopy_pause_sem_dst
    postcopy_pause_sem_fault
    rp_mutex

Destroy them properly.

Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <20200908203022.341615-2-peterx@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
12 months agoMerge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging
Peter Maydell [Thu, 24 Sep 2020 17:48:45 +0000 (18:48 +0100)] 
Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging

Pull request

This includes the atomic_ -> qatomic_ rename that touches many files and is
prone to conflicts.

# gpg: Signature made Wed 23 Sep 2020 17:08:43 BST
# gpg:                using RSA key 8695A8BFD3F97CDAAC35775A9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" [full]
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>" [full]
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35  775A 9CA4 ABB3 81AB 73C8

* remotes/stefanha/tags/block-pull-request:
  qemu/atomic.h: rename atomic_ to qatomic_
  tests: add test-fdmon-epoll
  fdmon-poll: reset npfd when upgrading to fdmon-epoll
  gitmodules: add qemu.org vbootrom submodule
  gitmodules: switch to qemu.org meson mirror
  gitmodules: switch to qemu.org qboot mirror
  docs/system: clarify deprecation schedule
  virtio-crypto: don't modify elem->in/out_sg
  virtio-blk: undo destructive iov_discard_*() operations
  util/iov: add iov_discard_undo()
  virtio: add vhost-user-fs-ccw device
  libvhost-user: handle endianness as mandated by the spec
  MAINTAINERS: add Stefan Hajnoczi as block/nvme.c maintainer

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12 months agoMerge remote-tracking branch 'remotes/kraxel/tags/audio-20200923-pull-request' into...
Peter Maydell [Thu, 24 Sep 2020 16:22:17 +0000 (17:22 +0100)] 
Merge remote-tracking branch 'remotes/kraxel/tags/audio-20200923-pull-request' into staging

audio: various buffering fixes.
audio: build spiceaudio as module.

# gpg: Signature made Wed 23 Sep 2020 10:09:46 BST
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/audio-20200923-pull-request:
  audio: build spiceaudio as module
  audio: remove qemu_spice_audio_init()
  audio: run downstream playback queue unconditionally
  audio: align audio_generic_write with audio_pcm_hw_run_out
  audio: remove unnecessary calls to put_buffer_in
  audio: align audio_generic_read with audio_pcm_hw_run_in
  audio/spiceaudio: always rate limit playback stream
  audio/audio: fix video playback slowdown with spiceaudio
  audio: handle buf == NULL in put_buffer_out()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12 months agoMerge remote-tracking branch 'remotes/ehabkost/tags/machine-next-pull-request' into...
Peter Maydell [Thu, 24 Sep 2020 14:28:26 +0000 (15:28 +0100)] 
Merge remote-tracking branch 'remotes/ehabkost/tags/machine-next-pull-request' into staging

machine + QOM queue, 2020-09-22

QOM cleanups:
* Convert instance properties to class properties
  (Eduardo Habkost)
* simplify object_find_property / object_class_find_property
  (Daniel P. Berrangé)

Deprecated feature removal:
* Drop support for invalid topologies (Igor Mammedov)

# gpg: Signature made Tue 22 Sep 2020 23:25:01 BST
# gpg:                using RSA key 5A322FD5ABC4D3DBACCFD1AA2807936F984DC5A6
# gpg:                issuer "ehabkost@redhat.com"
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>" [full]
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF  D1AA 2807 936F 984D C5A6

* remotes/ehabkost/tags/machine-next-pull-request:
  sifive_u: Register "start-in-flash" as class property
  sifive_e: Register "revb" as class property
  i440fx: Register i440FX-pcihost properties as class properties
  machine: Register "memory-backend" as class property
  xlnx-zcu102: Register properties as class properties
  cpu/core: Register core-id and nr-threads as class properties
  s390x: Register all CPU properties as class properties
  cryptodev-backend: Register "chardev" as class property
  cryptodev-vhost-user: Register "chardev" as class property
  smp: drop support for deprecated (invalid topologies)
  qom: simplify object_find_property / object_class_find_property

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12 months agoqemu/atomic.h: rename atomic_ to qatomic_
Stefan Hajnoczi [Wed, 23 Sep 2020 10:56:46 +0000 (11:56 +0100)] 
qemu/atomic.h: rename atomic_ to qatomic_

clang's C11 atomic_fetch_*() functions only take a C11 atomic type
pointer argument. QEMU uses direct types (int, etc) and this causes a
compiler error when a QEMU code calls these functions in a source file
that also included <stdatomic.h> via a system header file:

  $ CC=clang CXX=clang++ ./configure ... && make
  ../util/async.c:79:17: error: address argument to atomic operation must be a pointer to _Atomic type ('unsigned int *' invalid)

Avoid using atomic_*() names in QEMU's atomic.h since that namespace is
used by <stdatomic.h>. Prefix QEMU's APIs with 'q' so that atomic.h
and <stdatomic.h> can co-exist. I checked /usr/include on my machine and
searched GitHub for existing "qatomic_" users but there seem to be none.

This patch was generated using:

  $ git grep -h -o '\<atomic\(64\)\?_[a-z0-9_]\+' include/qemu/atomic.h | \
    sort -u >/tmp/changed_identifiers
  $ for identifier in $(</tmp/changed_identifiers); do
        sed -i "s%\<$identifier\>%q$identifier%g" \
            $(git grep -I -l "\<$identifier\>")
    done

I manually fixed line-wrap issues and misaligned rST tables.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200923105646.47864-1-stefanha@redhat.com>

12 months agoMerge remote-tracking branch 'remotes/ericb/tags/pull-bitmaps-2020-09-21' into staging
Peter Maydell [Wed, 23 Sep 2020 14:11:38 +0000 (15:11 +0100)] 
Merge remote-tracking branch 'remotes/ericb/tags/pull-bitmaps-2020-09-21' into staging

bitmaps patches for 2020-09-21

- Eric Blake: Improve 'qemu-img bitmap --merge' by not opening backing images

# gpg: Signature made Tue 22 Sep 2020 01:58:31 BST
# gpg:                using RSA key 71C2CC22B1C4602927D2F3AAA7A16B4A2527436A
# gpg: Good signature from "Eric Blake <eblake@redhat.com>" [full]
# gpg:                 aka "Eric Blake (Free Software Programmer) <ebb9@byu.net>" [full]
# gpg:                 aka "[jpeg image of size 6874]" [full]
# Primary key fingerprint: 71C2 CC22 B1C4 6029 27D2  F3AA A7A1 6B4A 2527 436A

* remotes/ericb/tags/pull-bitmaps-2020-09-21:
  qemu-img: Support bitmap --merge into backing image

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12 months agotests: add test-fdmon-epoll
Stefan Hajnoczi [Tue, 15 Sep 2020 12:03:39 +0000 (13:03 +0100)] 
tests: add test-fdmon-epoll

Test aio_disable_external(), which switches from fdmon-epoll back to
fdmon-poll. This resulted in an assertion failure that was fixed in the
previous patch.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20200915120339.702938-3-stefanha@redhat.com>

12 months agofdmon-poll: reset npfd when upgrading to fdmon-epoll
Stefan Hajnoczi [Tue, 15 Sep 2020 12:03:38 +0000 (13:03 +0100)] 
fdmon-poll: reset npfd when upgrading to fdmon-epoll

npfd keeps track of how many pollfds are currently being monitored. It
must be reset to 0 when fdmon_poll_wait() returns.

When npfd reaches a treshold we switch to fdmon-epoll because it scales
better.

This patch resets npfd in the case where we switch to fdmon-epoll.
Forgetting to do so results in the following assertion failure:

  util/fdmon-poll.c:65: fdmon_poll_wait: Assertion `npfd == 0' failed.

Fixes: 1f050a4690f62a1e7dabc4f44141e9f762c3769f ("aio-posix: extract ppoll(2) and epoll(7) fd monitoring")
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1869952
Message-Id: <20200915120339.702938-2-stefanha@redhat.com>

12 months agogitmodules: add qemu.org vbootrom submodule
Stefan Hajnoczi [Wed, 9 Sep 2020 10:09:37 +0000 (11:09 +0100)] 
gitmodules: add qemu.org vbootrom submodule

The vbootrom module is needed for the new NPCM7xx ARM SoCs. The
vbootrom.git repo is now mirrored on qemu.org. QEMU mirrors third-party
code to ensure that users can always build QEMU even if the dependency
goes offline and so QEMU meets its responsibilities to provide full
source code under software licenses.

Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Cc: Havard Skinnemoen <hskinnemoen@google.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20200915130834.706758-4-stefanha@redhat.com>

12 months agogitmodules: switch to qemu.org meson mirror
Stefan Hajnoczi [Tue, 15 Sep 2020 13:08:33 +0000 (14:08 +0100)] 
gitmodules: switch to qemu.org meson mirror

QEMU now hosts a mirror of meson.git. QEMU mirrors third-party code to
ensure that users can always build QEMU even if the dependency goes
offline and so QEMU meets its responsibilities to provide full source
code under software licenses.

Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Cc: Marc-André Lureau <marcandre.lureau@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200915130834.706758-3-stefanha@redhat.com>

12 months agogitmodules: switch to qemu.org qboot mirror
Stefan Hajnoczi [Tue, 15 Sep 2020 13:08:32 +0000 (14:08 +0100)] 
gitmodules: switch to qemu.org qboot mirror

QEMU now hosts a mirror of qboot.git. QEMU mirrors third-party code to
ensure that users can always build QEMU even if the dependency goes
offline and so QEMU meets its responsibilities to provide full source
code under software licenses.

Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200915130834.706758-2-stefanha@redhat.com>

12 months agodocs/system: clarify deprecation schedule
Stefan Hajnoczi [Tue, 15 Sep 2020 15:07:34 +0000 (16:07 +0100)] 
docs/system: clarify deprecation schedule

The sentence explaining the deprecation schedule is ambiguous. Make it
clear that a feature deprecated in the Nth release is guaranteed to
remain available in the N+1th release. Removal can occur in the N+2nd
release or later.

As an example of this in action, see commit
25956af3fe5dd0385ad8017bc768a6afe41e2a74 ("block: Finish deprecation of
'qemu-img convert -n -o'"). The feature was deprecated in QEMU 4.2.0. It
was present in the 5.0.0 release and removed in the 5.1.0 release.

Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20200915150734.711426-1-stefanha@redhat.com>

12 months agovirtio-crypto: don't modify elem->in/out_sg
Stefan Hajnoczi [Thu, 17 Sep 2020 09:44:55 +0000 (10:44 +0100)] 
virtio-crypto: don't modify elem->in/out_sg

A number of iov_discard_front/back() operations are made by
virtio-crypto. The elem->in/out_sg iovec arrays are modified by these
operations, resulting virtqueue_unmap_sg() calls on different addresses
than were originally mapped.

This is problematic because dirty memory may not be logged correctly,
MemoryRegion refcounts may be leaked, and the non-RAM bounce buffer can
be leaked.

Take a copy of the elem->in/out_sg arrays so that the originals are
preserved. The iov_discard_undo() API could be used instead (with better
performance) but requires careful auditing of the code, so do the simple
thing instead.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Li Qiang <liq3ea@gmail.com>
Message-Id: <20200917094455.822379-4-stefanha@redhat.com>

12 months agovirtio-blk: undo destructive iov_discard_*() operations
Stefan Hajnoczi [Thu, 17 Sep 2020 09:44:54 +0000 (10:44 +0100)] 
virtio-blk: undo destructive iov_discard_*() operations

Fuzzing discovered that virtqueue_unmap_sg() is being called on modified
req->in/out_sg iovecs. This means dma_memory_map() and
dma_memory_unmap() calls do not have matching memory addresses.

Fuzzing discovered that non-RAM addresses trigger a bug:

  void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
                           bool is_write, hwaddr access_len)
  {
      if (buffer != bounce.buffer) {
          ^^^^^^^^^^^^^^^^^^^^^^^

A modified iov->iov_base is no longer recognized as a bounce buffer and
the wrong branch is taken.

There are more potential bugs: dirty memory is not tracked correctly and
MemoryRegion refcounts can be leaked.

Use the new iov_discard_undo() API to restore elem->in/out_sg before
virtqueue_push() is called.

Fixes: 827805a2492c1bbf1c0712ed18ee069b4ebf3dd6 ("virtio-blk: Convert VirtIOBlockReq.out to structrue")
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Li Qiang <liq3ea@gmail.com>
Buglink: https://bugs.launchpad.net/qemu/+bug/1890360
Message-Id: <20200917094455.822379-3-stefanha@redhat.com>

12 months agoutil/iov: add iov_discard_undo()
Stefan Hajnoczi [Thu, 17 Sep 2020 09:44:53 +0000 (10:44 +0100)] 
util/iov: add iov_discard_undo()

The iov_discard_front/back() operations are useful for parsing iovecs
but they modify the array elements. If the original array is needed
after parsing finishes there is currently no way to restore it.

Although g_memdup() can be used before performing destructive
iov_discard_front/back() operations, this is inefficient.

Introduce iov_discard_undo() to restore the array to the state prior to
an iov_discard_front/back() operation.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Li Qiang <liq3ea@gmail.com>
Message-Id: <20200917094455.822379-2-stefanha@redhat.com>

12 months agovirtio: add vhost-user-fs-ccw device
Halil Pasic [Tue, 1 Sep 2020 15:00:18 +0000 (17:00 +0200)] 
virtio: add vhost-user-fs-ccw device

Wire up the CCW device for vhost-user-fs.

Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Halil Pasic <pasic@linux.ibm.com>
Message-id: 20200901150019.29229-2-mhartmay@linux.ibm.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
12 months agolibvhost-user: handle endianness as mandated by the spec
Marc Hartmayer [Tue, 1 Sep 2020 15:00:19 +0000 (17:00 +0200)] 
libvhost-user: handle endianness as mandated by the spec

Since virtio existed even before it got standardized, the virtio
standard defines the following types of virtio devices:

 + legacy device (pre-virtio 1.0)
 + non-legacy or VIRTIO 1.0 device
 + transitional device (which can act both as legacy and non-legacy)

Virtio 1.0 defines the fields of the virtqueues as little endian,
while legacy uses guest's native endian [1]. Currently libvhost-user
does not handle virtio endianness at all, i.e. it works only if the
native endianness matches with whatever is actually needed. That means
things break spectacularly on big-endian targets. Let us handle virtio
endianness for non-legacy as required by the virtio specification [1]
and fence legacy virtio, as there is no safe way to figure out the
needed endianness conversions for all cases. The fencing of legacy
virtio devices is done in `vu_set_features_exec`.

[1] https://docs.oasis-open.org/virtio/virtio/v1.1/cs01/virtio-v1.1-cs01.html#x1-210003

Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Message-id: 20200901150019.29229-3-mhartmay@linux.ibm.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
12 months agoMAINTAINERS: add Stefan Hajnoczi as block/nvme.c maintainer
Stefan Hajnoczi [Mon, 7 Sep 2020 11:16:32 +0000 (12:16 +0100)] 
MAINTAINERS: add Stefan Hajnoczi as block/nvme.c maintainer

Development of the userspace NVMe block driver picked up again recently.
After talking with Fam I am stepping up as block/nvme.c maintainer.
Patches will be merged through my 'block' tree.

Cc: Kevin Wolf <kwolf@redhat.com>
Cc: Klaus Jensen <k.jensen@samsung.com>
Cc: Fam Zheng <fam@euphon.net>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Acked-by: Kevin Wolf <kwolf@redhat.com>
Acked-by: Klaus Jensen <k.jensen@samsung.com>
Acked-by: Fam Zheng <fam@euphon.net>
Message-id: 20200907111632.90499-1-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
12 months agoaudio: build spiceaudio as module
Gerd Hoffmann [Wed, 16 Sep 2020 08:41:17 +0000 (10:41 +0200)] 
audio: build spiceaudio as module

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20200916084117.21828-3-kraxel@redhat.com

12 months agoaudio: remove qemu_spice_audio_init()
Gerd Hoffmann [Wed, 16 Sep 2020 08:41:16 +0000 (10:41 +0200)] 
audio: remove qemu_spice_audio_init()

Handle the spice special case in audio_init instead.

With the qemu_spice_audio_init() symbol dependency being
gone we can build spiceaudio as module.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20200916084117.21828-2-kraxel@redhat.com

12 months agoaudio: run downstream playback queue unconditionally
Volker Rümelin [Sun, 20 Sep 2020 17:17:27 +0000 (19:17 +0200)] 
audio: run downstream playback queue unconditionally

Run the downstream playback queue even if there are no samples
in the mixing engine buffer. The downstream queue may still have
queued samples.

Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Message-id: 20200920171729.15861-7-vr_qemu@t-online.de
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
12 months agoaudio: align audio_generic_write with audio_pcm_hw_run_out
Volker Rümelin [Sun, 20 Sep 2020 17:17:26 +0000 (19:17 +0200)] 
audio: align audio_generic_write with audio_pcm_hw_run_out

The function audio_generic_write should work exactly like
audio_pcm_hw_run_out. It's a very similar function working on a
different buffer.

This patch significantly reduces the number of drop-outs with
the DirectSound backend. To hear the difference start qemu with
-audiodev dsound,id=audio0,out.mixing-engine=off and play a
song in the guest with and without this patch.

Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Message-id: 20200920171729.15861-6-vr_qemu@t-online.de
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
12 months agoaudio: remove unnecessary calls to put_buffer_in
Volker Rümelin [Sun, 20 Sep 2020 17:17:25 +0000 (19:17 +0200)] 
audio: remove unnecessary calls to put_buffer_in

This patch removes unnecessary calls to the pcm_ops function
put_buffer_in(). No audio backend needs this call if the
returned length of pcm_ops function get_buffer_in() is zero.

For the DirectSound backend this prevents a call to
dsound_unlock_in() without a preceding call to dsound_lock_in().
While Windows doesn't complain it seems wrong anyway.

Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Message-id: 20200920171729.15861-5-vr_qemu@t-online.de
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
12 months agoaudio: align audio_generic_read with audio_pcm_hw_run_in
Volker Rümelin [Sun, 20 Sep 2020 17:17:24 +0000 (19:17 +0200)] 
audio: align audio_generic_read with audio_pcm_hw_run_in

The function audio_generic_read should work exactly like
audio_pcm_hw_run_in. It's a very similar function working
on a different buffer.

Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Message-id: 20200920171729.15861-4-vr_qemu@t-online.de
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
12 months agoaudio/spiceaudio: always rate limit playback stream
Volker Rümelin [Sun, 20 Sep 2020 17:17:23 +0000 (19:17 +0200)] 
audio/spiceaudio: always rate limit playback stream

The playback rate with the spiceaudio backend is currently too
fast if there's no spice client connected or the spice client
can't play audio. Rate limit the audio playback stream in all
cases. To calculate the rate correctly the limiter has to know
the maximum buffer size.

Fixes: 8c198ff065 ("spiceaudio: port to the new audio backend api")
Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Message-id: 20200920171729.15861-3-vr_qemu@t-online.de
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
12 months agoaudio/audio: fix video playback slowdown with spiceaudio
Volker Rümelin [Sun, 20 Sep 2020 17:17:22 +0000 (19:17 +0200)] 
audio/audio: fix video playback slowdown with spiceaudio

This patch allows the audio backends get_buffer_out() functions
to drop audio data and mitigates a bug reported on the qemu-devel
mailing list.

https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg03832.html

The new rules for the variables buf and size returned by
get_buffer_out() are:
size == 0: Downstream playback buffer is full. Retry later.
size > 0, buf != NULL: Copy size bytes to buf for playback.
size > 0, buf == NULL: Drop size bytes.

The audio playback rate with spiceaudio for the no audio case is
too fast, but that's what we had before commit fb35c2cec5
"audio/dsound: fix invalid parameters error". The complete fix
comes with the next patch.

Reported-by: Qi Zhou <atmgnd@outlook.com>
Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Message-id: 20200920171729.15861-2-vr_qemu@t-online.de
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
12 months agoaudio: handle buf == NULL in put_buffer_out()
Volker Rümelin [Sun, 20 Sep 2020 17:17:21 +0000 (19:17 +0200)] 
audio: handle buf == NULL in put_buffer_out()

With the next patch all audio backends put_buffer_out() functions
have to handle the buf == NULL case, provided the get_buffer_out()
function may return buf = NULL and size > 0.

It turns out that all audio backends get_buffer_out() functions
either can't return buf = NULL or return buf = NULL and size = 0
at the same time. The only exception is the spiceaudio backend
where size may be uninitialized.

Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Message-id: 20200920171729.15861-1-vr_qemu@t-online.de
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
12 months agosifive_u: Register "start-in-flash" as class property
Eduardo Habkost [Mon, 21 Sep 2020 22:10:45 +0000 (18:10 -0400)] 
sifive_u: Register "start-in-flash" as class property

Class properties make QOM introspection simpler and easier, as
they don't require an object to be instantiated.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20200921221045.699690-25-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
12 months agosifive_e: Register "revb" as class property
Eduardo Habkost [Mon, 21 Sep 2020 22:10:44 +0000 (18:10 -0400)] 
sifive_e: Register "revb" as class property

Class properties make QOM introspection simpler and easier, as
they don't require an object to be instantiated.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20200921221045.699690-24-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
12 months agoi440fx: Register i440FX-pcihost properties as class properties
Eduardo Habkost [Mon, 21 Sep 2020 22:10:43 +0000 (18:10 -0400)] 
i440fx: Register i440FX-pcihost properties as class properties

Class properties make QOM introspection simpler and easier, as
they don't require an object to be instantiated.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20200921221045.699690-23-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
12 months agomachine: Register "memory-backend" as class property
Eduardo Habkost [Mon, 21 Sep 2020 22:10:41 +0000 (18:10 -0400)] 
machine: Register "memory-backend" as class property

Class properties make QOM introspection simpler and easier, as
they don't require an object to be instantiated.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20200921221045.699690-21-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
12 months agoxlnx-zcu102: Register properties as class properties
Eduardo Habkost [Mon, 21 Sep 2020 22:10:40 +0000 (18:10 -0400)] 
xlnx-zcu102: Register properties as class properties

Class properties make QOM introspection simpler and easier, as
they don't require an object to be instantiated.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20200921221045.699690-20-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
12 months agocpu/core: Register core-id and nr-threads as class properties
Eduardo Habkost [Mon, 21 Sep 2020 22:10:38 +0000 (18:10 -0400)] 
cpu/core: Register core-id and nr-threads as class properties

Class properties make QOM introspection simpler and easier, as
they don't require an object to be instantiated.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20200921221045.699690-18-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
12 months agos390x: Register all CPU properties as class properties
Eduardo Habkost [Mon, 21 Sep 2020 22:10:33 +0000 (18:10 -0400)] 
s390x: Register all CPU properties as class properties

Class properties make QOM introspection simpler and easier, as
they don't require an object to be instantiated.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Acked-by: Cornelia Huck <cohuck@redhat.com>
Message-Id: <20200921221045.699690-13-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
12 months agocryptodev-backend: Register "chardev" as class property
Eduardo Habkost [Mon, 21 Sep 2020 22:10:23 +0000 (18:10 -0400)] 
cryptodev-backend: Register "chardev" as class property

Class properties make QOM introspection simpler and easier, as
they don't require an object to be instantiated.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Message-Id: <20200921221045.699690-3-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
12 months agocryptodev-vhost-user: Register "chardev" as class property
Eduardo Habkost [Mon, 21 Sep 2020 22:10:22 +0000 (18:10 -0400)] 
cryptodev-vhost-user: Register "chardev" as class property

Class properties make QOM introspection simpler and easier, as
they don't require an object to be instantiated.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Message-Id: <20200921221045.699690-2-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
12 months agosmp: drop support for deprecated (invalid topologies)
Igor Mammedov [Fri, 11 Sep 2020 13:32:02 +0000 (09:32 -0400)] 
smp: drop support for deprecated (invalid topologies)

it's was deprecated since 3.1

Support for invalid topologies is removed, the user must ensure
that topologies described with -smp include all possible cpus,
i.e. (sockets * cores * threads) == maxcpus or QEMU will
exit with error.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20200911133202.938754-1-imammedo@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
12 months agoqom: simplify object_find_property / object_class_find_property
Daniel P. Berrangé [Mon, 14 Sep 2020 13:56:17 +0000 (14:56 +0100)] 
qom: simplify object_find_property / object_class_find_property

When debugging QEMU it is often useful to put a breakpoint on the
error_setg_internal method impl.

Unfortunately the object_property_add / object_class_property_add
methods call object_property_find / object_class_property_find methods
to check if a property exists already before adding the new property.

As a result there are a huge number of calls to error_setg_internal
on startup of most QEMU commands, making it very painful to set a
breakpoint on this method.

Most callers of object_find_property and object_class_find_property,
however, pass in a NULL for the Error parameter. This simplifies the
methods to remove the Error parameter entirely, and then adds some
new wrapper methods that are able to raise an Error when needed.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200914135617.1493072-1-berrange@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
12 months agoMerge remote-tracking branch 'remotes/kraxel/tags/input-20200921-pull-request' into...
Peter Maydell [Tue, 22 Sep 2020 20:11:10 +0000 (21:11 +0100)] 
Merge remote-tracking branch 'remotes/kraxel/tags/input-20200921-pull-request' into staging

input: tsc2xxx fix.

# gpg: Signature made Mon 21 Sep 2020 12:09:17 BST
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/input-20200921-pull-request:
  hw/input/tsc2xxx: Reduce MouseTransformInfo structure exposure

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12 months agoMerge remote-tracking branch 'remotes/kraxel/tags/usb-20200921-pull-request' into...
Peter Maydell [Tue, 22 Sep 2020 15:40:56 +0000 (16:40 +0100)] 
Merge remote-tracking branch 'remotes/kraxel/tags/usb-20200921-pull-request' into staging

usb: fix u2f build
usb: fix ohci oob access and loop issues

# gpg: Signature made Mon 21 Sep 2020 09:58:06 BST
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/usb-20200921-pull-request:
  hw: usb: hcd-ohci: check for processed TD before retire
  hw: usb: hcd-ohci: check len and frame_number variables
  usb: fix u2f build

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12 months agoMerge remote-tracking branch 'remotes/vivier2/tags/trivial-branch-for-5.2-pull-reques...
Peter Maydell [Tue, 22 Sep 2020 14:42:23 +0000 (15:42 +0100)] 
Merge remote-tracking branch 'remotes/vivier2/tags/trivial-branch-for-5.2-pull-request' into staging

Pull request trivial patches 20200919

# gpg: Signature made Sat 19 Sep 2020 19:43:35 BST
# gpg:                using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C
# gpg:                issuer "laurent@vivier.eu"
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full]
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>" [full]
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full]
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F  5173 F30C 38BD 3F2F BE3C

* remotes/vivier2/tags/trivial-branch-for-5.2-pull-request:
  contrib/: fix some comment spelling errors
  qapi/: fix some comment spelling errors
  disas/: fix some comment spelling errors
  linux-user/: fix some comment spelling errors
  util/: fix some comment spelling errors
  scripts/: fix some comment spelling errors
  docs/: fix some comment spelling errors
  migration/: fix some comment spelling errors
  qemu/: fix some comment spelling errors
  scripts/git.orderfile: Display meson files along with buildsys ones
  hw/timer/hpet: Fix debug format strings
  hw/timer/hpet: Remove unused functions hpet_ram_readb, hpet_ram_readw
  meson: remove empty else and duplicated gio deps
  manual: escape backslashes in "parsed-literal" blocks
  ui/spice-input: Remove superfluous forward declaration
  hw/ppc/ppc4xx_pci: Replace magic value by the PCI_NUM_PINS definition
  hw/gpio/max7310: Remove impossible check

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12 months agoqemu-img: Support bitmap --merge into backing image
Eric Blake [Mon, 14 Sep 2020 19:10:09 +0000 (14:10 -0500)] 
qemu-img: Support bitmap --merge into backing image

If you have the chain 'base.qcow2 <- top.qcow2' and want to merge a
bitmap from top into base, qemu-img was failing with:

qemu-img: Could not open 'top.qcow2': Could not open backing file: Failed to get shared "write" lock
Is another process using the image [base.qcow2]?

The easiest fix is to not open the entire backing chain of either
image (source or destination); after all, the point of 'qemu-img
bitmap' is solely to manipulate bitmaps directly within a single qcow2
image, and this is made more precise if we don't pay attention to
other images in the chain that may happen to have a bitmap by the same
name.

However, note that on a case-by-case analysis, there _are_ times where
we treat it as a feature that we can access a bitmap from a backing
layer in association with an overlay BDS.  A demonstration of this is
using NBD to expose both an overlay BDS (for constant contents) and a
bitmap (for learning which blocks are interesting) during an
incremental backup:

Base <- Active <- Temporary
          \--block job ->/

where Temporary is being fed by a backup 'sync=none' job.  When
exposing Temporary over NBD, referring to a bitmap that lives only in
Active is less effort than having to copy a bitmap into Temporary [1].
So the testsuite additions in this patch check both where bitmaps get
allocated (the qemu-img info output), and that qemu-nbd is indeed able
to access a bitmap inherited from the backing chain since it is a
different use case than 'qemu-img bitmap'.

[1] Full disclosure: prior to the recent commit 374eedd1c4 and
friends, we were NOT able to see bitmaps through filters, which meant
that we actually did not have nice clean semantics for uniformly being
able to pick up bitmaps from anywhere in the backing chain (seen as a
change in behavior between qemu 4.1 and 4.2 at commit 00e30f05de, when
block-copy swapped from a one-off to a filter).  Which means libvirt
was already coded to copy bitmaps around for the sake of older qemu,
even though modern qemu no longer needs it.  Oh well.

Fixes: http://bugzilla.redhat.com/1877209
Reported-by: Eyal Shenitzky <eshenitz@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20200914191009.644842-1-eblake@redhat.com>
[eblake: more commit message tweaks, per Max Reitz review]
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
12 months agoMerge remote-tracking branch 'remotes/ehabkost/tags/machine-next-pull-request' into...
Peter Maydell [Mon, 21 Sep 2020 17:55:39 +0000 (18:55 +0100)] 
Merge remote-tracking branch 'remotes/ehabkost/tags/machine-next-pull-request' into staging

QOM queue, 2020-09-18

Fixes:
* Error value corrections (Markus Armbruster)
* Correct object_class_dynamic_cast_assert() documentation (Eduardo Habkost)
* Ensure objects using QEMU_ALIGNED are properly aligned (Richard Henderson)

QOM cleanups (Eduardo Habkost):
* Rename some constants
* Simplify parameters of OBJECT_DECLARE* macros
* Additional DECLARE_*CHECKER* usage
* Additional OBJECT_DECLARE_TYPE usage
* Additional OBJECT_DECLARE_SIMPLE_TYPE usage

# gpg: Signature made Fri 18 Sep 2020 21:45:29 BST
# gpg:                using RSA key 5A322FD5ABC4D3DBACCFD1AA2807936F984DC5A6
# gpg:                issuer "ehabkost@redhat.com"
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>" [full]
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF  D1AA 2807 936F 984D C5A6

* remotes/ehabkost/tags/machine-next-pull-request:
  Use OBJECT_DECLARE_SIMPLE_TYPE when possible
  Use OBJECT_DECLARE_TYPE when possible
  qom: Remove module_obj_name parameter from OBJECT_DECLARE* macros
  qom: Remove ParentClassType argument from OBJECT_DECLARE_SIMPLE_TYPE
  scripts/codeconverter: Update to latest version
  target/s390x: Set instance_align on S390CPU TypeInfo
  target/riscv: Set instance_align on RISCVCPU TypeInfo
  target/ppc: Set instance_align on PowerPCCPU TypeInfo
  target/arm: Set instance_align on CPUARM TypeInfo
  qom: Allow objects to be allocated with increased alignment
  qom: Correct error values in two contracts
  qom: Clean up object_property_get_enum()'s error value
  qom: Correct object_class_dynamic_cast_assert() documentation
  sifive: Use DECLARE_*CHECKER* macros
  sifive: Move QOM typedefs and add missing includes
  sifive_u: Rename memmap enum constants
  sifive_e: Rename memmap enum constants

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12 months agoMerge remote-tracking branch 'remotes/ehabkost/tags/x86-next-pull-request' into staging
Peter Maydell [Mon, 21 Sep 2020 16:41:32 +0000 (17:41 +0100)] 
Merge remote-tracking branch 'remotes/ehabkost/tags/x86-next-pull-request' into staging

x86 queue, 2020-09-18

Cleanups:
* Correct the meaning of '0xffffffff' value for hv-spinlocks (Vitaly Kuznetsov)
* vmport: Drop superfluous parenthesis (Philippe Mathieu-Daudé)

Fixes:
* Use generic APIC ID encoding code for EPYC (Babu Moger)

# gpg: Signature made Fri 18 Sep 2020 21:26:57 BST
# gpg:                using RSA key 5A322FD5ABC4D3DBACCFD1AA2807936F984DC5A6
# gpg:                issuer "ehabkost@redhat.com"
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>" [full]
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF  D1AA 2807 936F 984D C5A6

* remotes/ehabkost/tags/x86-next-pull-request:
  i386: Simplify CPUID_8000_001E for AMD
  i386: Simplify CPUID_8000_001d for AMD
  hw/i386/vmport: Drop superfluous parenthesis around function typedef
  i386/kvm: correct the meaning of '0xffffffff' value for hv-spinlocks

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12 months agoMerge remote-tracking branch 'remotes/philmd-gitlab/tags/acceptance-next-20200918...
Peter Maydell [Mon, 21 Sep 2020 12:24:55 +0000 (13:24 +0100)] 
Merge remote-tracking branch 'remotes/philmd-gitlab/tags/acceptance-next-20200918' into staging

Acceptance tests queue

Get GitLab CI acceptance jobs green again.

CI jobs results:
  https://gitlab.com/philmd/qemu/-/pipelines/191795388

# gpg: Signature made Fri 18 Sep 2020 20:17:54 BST
# gpg:                using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD  6BB2 E3E3 2C2C DEAD C0DE

* remotes/philmd-gitlab/tags/acceptance-next-20200918:
  tests/acceptance: Skip slow quanta-gsj U-boot+Linux test
  tests/acceptance: Disable tests dependent of unreliable apt.armbian.com

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12 months agoMerge remote-tracking branch 'remotes/ehabkost/tags/python-next-pull-request' into...
Peter Maydell [Mon, 21 Sep 2020 09:26:46 +0000 (10:26 +0100)] 
Merge remote-tracking branch 'remotes/ehabkost/tags/python-next-pull-request' into staging

Python queue, 2020-09-18

Alexey Kirillov (1):
      analyze-migration.py: fix read_migration_debug_json() return type

Andrey Shinkevich (1):
      scripts/simplebench: compare write request performance

# gpg: Signature made Fri 18 Sep 2020 19:02:00 BST
# gpg:                using RSA key 5A322FD5ABC4D3DBACCFD1AA2807936F984DC5A6
# gpg:                issuer "ehabkost@redhat.com"
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>" [full]
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF  D1AA 2807 936F 984D C5A6

* remotes/ehabkost/tags/python-next-pull-request:
  analyze-migration.py: fix read_migration_debug_json() return type
  scripts/simplebench: compare write request performance

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12 months agohw/input/tsc2xxx: Reduce MouseTransformInfo structure exposure
Philippe Mathieu-Daudé [Mon, 7 Sep 2020 01:01:55 +0000 (03:01 +0200)] 
hw/input/tsc2xxx: Reduce MouseTransformInfo structure exposure

Commit a5d7eb6534a ("Add TSC2301 touchscreen & keypad controller")
added the MouseTransformInfo declaration in "ui/console.h",
however it is only used in "hw/input/tsc2xxx.h".
Reduce the structure exposure by moving it to the single include
where it is used.

This should fix a build failure on OpenBSD:

  In file included from hw/arm/nseries.c:30:
  In file included from include/hw/arm/omap.h:24:
  In file included from include/hw/input/tsc2xxx.h:14:
  include/ui/console.h:11:11: fatal error: 'epoxy/gl.h' file not found
  # include <epoxy/gl.h>
            ^~~~~~~~~~~~
  1 error generated.
  gmake: *** [Makefile.ninja:1735:
  libqemu-aarch64-softmmu.fa.p/hw_arm_nseries.c.o] Error 1

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20200907010155.815131-1-f4bug@amsat.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
12 months agohw: usb: hcd-ohci: check for processed TD before retire
Prasad J Pandit [Tue, 15 Sep 2020 18:22:59 +0000 (23:52 +0530)] 
hw: usb: hcd-ohci: check for processed TD before retire

While servicing OHCI transfer descriptors(TD), ohci_service_iso_td
retires a TD if it has passed its time frame. It does not check if
the TD was already processed once and holds an error code in TD_CC.
It may happen if the TD list has a loop. Add check to avoid an
infinite loop condition.

Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Reviewed-by: Li Qiang <liq3ea@gmail.com>
Message-id: 20200915182259.68522-3-ppandit@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
12 months agohw: usb: hcd-ohci: check len and frame_number variables
Prasad J Pandit [Tue, 15 Sep 2020 18:22:58 +0000 (23:52 +0530)] 
hw: usb: hcd-ohci: check len and frame_number variables

While servicing the OHCI transfer descriptors(TD), OHCI host
controller derives variables 'start_addr', 'end_addr', 'len'
etc. from values supplied by the host controller driver.
Host controller driver may supply values such that using
above variables leads to out-of-bounds access issues.
Add checks to avoid them.

AddressSanitizer: stack-buffer-overflow on address 0x7ffd53af76a0
  READ of size 2 at 0x7ffd53af76a0 thread T0
  #0 ohci_service_iso_td ../hw/usb/hcd-ohci.c:734
  #1 ohci_service_ed_list ../hw/usb/hcd-ohci.c:1180
  #2 ohci_process_lists ../hw/usb/hcd-ohci.c:1214
  #3 ohci_frame_boundary ../hw/usb/hcd-ohci.c:1257
  #4 timerlist_run_timers ../util/qemu-timer.c:572
  #5 qemu_clock_run_timers ../util/qemu-timer.c:586
  #6 qemu_clock_run_all_timers ../util/qemu-timer.c:672
  #7 main_loop_wait ../util/main-loop.c:527
  #8 qemu_main_loop ../softmmu/vl.c:1676
  #9 main ../softmmu/main.c:50

Reported-by: Gaoning Pan <pgn@zju.edu.cn>
Reported-by: Yongkang Jia <j_kangel@163.com>
Reported-by: Yi Ren <yunye.ry@alibaba-inc.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-id: 20200915182259.68522-2-ppandit@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
12 months agousb: fix u2f build
Gerd Hoffmann [Fri, 18 Sep 2020 11:01:22 +0000 (13:01 +0200)] 
usb: fix u2f build

Just use qemu_open_old() for a quick fix, switch
to better error handling left for another day.

Fixes: 448058aa99aa ("util: rename qemu_open() to qemu_open_old()")
Cc: César Belley <cesar.belley@lse.epita.fr>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 20200918110122.9121-1-kraxel@redhat.com

12 months agoUse OBJECT_DECLARE_SIMPLE_TYPE when possible
Eduardo Habkost [Wed, 16 Sep 2020 18:25:19 +0000 (14:25 -0400)] 
Use OBJECT_DECLARE_SIMPLE_TYPE when possible

This converts existing DECLARE_INSTANCE_CHECKER usage to
OBJECT_DECLARE_SIMPLE_TYPE when possible.

$ ./scripts/codeconverter/converter.py -i \
  --pattern=AddObjectDeclareSimpleType $(git grep -l '' -- '*.[ch]')

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Acked-by: Paul Durrant <paul@xen.org>
Message-Id: <20200916182519.415636-6-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
12 months agoUse OBJECT_DECLARE_TYPE when possible
Eduardo Habkost [Wed, 16 Sep 2020 18:25:18 +0000 (14:25 -0400)] 
Use OBJECT_DECLARE_TYPE when possible

This converts existing DECLARE_OBJ_CHECKERS usage to
OBJECT_DECLARE_TYPE when possible.

 $ ./scripts/codeconverter/converter.py -i \
   --pattern=AddObjectDeclareType $(git grep -l '' -- '*.[ch]')

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Acked-by: Paul Durrant <paul@xen.org>
Message-Id: <20200916182519.415636-5-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
12 months agoqom: Remove module_obj_name parameter from OBJECT_DECLARE* macros
Eduardo Habkost [Wed, 16 Sep 2020 18:25:17 +0000 (14:25 -0400)] 
qom: Remove module_obj_name parameter from OBJECT_DECLARE* macros

One of the goals of having less boilerplate on QOM declarations
is to avoid human error.  Requiring an extra argument that is
never used is an opportunity for mistakes.

Remove the unused argument from OBJECT_DECLARE_TYPE and
OBJECT_DECLARE_SIMPLE_TYPE.

Coccinelle patch used to convert all users of the macros:

  @@
  declarer name OBJECT_DECLARE_TYPE;
  identifier InstanceType, ClassType, lowercase, UPPERCASE;
  @@
   OBJECT_DECLARE_TYPE(InstanceType, ClassType,
  -                    lowercase,
                       UPPERCASE);

  @@
  declarer name OBJECT_DECLARE_SIMPLE_TYPE;
  identifier InstanceType, lowercase, UPPERCASE;
  @@
   OBJECT_DECLARE_SIMPLE_TYPE(InstanceType,
  -                    lowercase,
                       UPPERCASE);

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Acked-by: Cornelia Huck <cohuck@redhat.com>
Acked-by: Igor Mammedov <imammedo@redhat.com>
Acked-by: Paul Durrant <paul@xen.org>
Acked-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20200916182519.415636-4-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
12 months agoqom: Remove ParentClassType argument from OBJECT_DECLARE_SIMPLE_TYPE
Eduardo Habkost [Wed, 16 Sep 2020 18:25:16 +0000 (14:25 -0400)] 
qom: Remove ParentClassType argument from OBJECT_DECLARE_SIMPLE_TYPE

The requirement to specify the parent class type makes the macro
harder to use and easy to misuse (silent bugs can be introduced
if the wrong struct type is specified).

Simplify the macro by just not declaring any class struct,
allowing us to remove the class_size field from the TypeInfo
variables for those types.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200916182519.415636-3-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
12 months agoscripts/codeconverter: Update to latest version
Eduardo Habkost [Wed, 16 Sep 2020 18:25:15 +0000 (14:25 -0400)] 
scripts/codeconverter: Update to latest version

I'm not documenting every single change in the codeconverter
script because most of that code will be deleted once we finish
the QOM code conversion.  This patch updates the script to the
latest version that was used to perform changes in the QOM code.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20200916182519.415636-2-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
12 months agoanalyze-migration.py: fix read_migration_debug_json() return type
Alexey Kirillov [Wed, 15 Jul 2020 15:21:35 +0000 (18:21 +0300)] 
analyze-migration.py: fix read_migration_debug_json() return type

Since we use result of read_migration_debug_json() as JSON formatted string,
we must provide proper type. Before Python 3.6 json.loads() method
support only str typed input.

Signed-off-by: Alexey Kirillov <lekiravi@yandex-team.ru>
Message-Id: <20200715152135.20287-1-lekiravi@yandex-team.ru>
[ehabkost: added comment explaining why decode() is needed}
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
12 months agoscripts/simplebench: compare write request performance
Andrey Shinkevich [Tue, 14 Jul 2020 15:50:46 +0000 (18:50 +0300)] 
scripts/simplebench: compare write request performance

The script 'bench_write_req.py' allows comparing performances of write
request for two qemu-img binary files.
An example with (qemu-img binary 1) and without (qemu-img binary 2) the
applied patch "qcow2: skip writing zero buffers to empty COW areas"
(git commit ID: c8bb23cbdbe32f5) has the following results:

SSD:
----------------  -------------------  -------------------
                  <qemu-img binary 1>  <qemu-img binary 2>
<cluster front>   0.10 +- 0.00         8.16 +- 0.65
<cluster middle>  0.10 +- 0.00         7.37 +- 1.10
<cross cluster>   7.40 +- 1.08         21.97 +- 4.19
<cluster 64K>     2.14 +- 0.94         8.48 +- 1.66
----------------  -------------------  -------------------
HDD:
----------------  -------------------  -------------------
                  <qemu-img binary 1>  <qemu-img binary 2>
<cluster front>   2.30 +- 0.01         6.19 +- 0.06
<cluster middle>  2.20 +- 0.09         6.20 +- 0.06
<cross cluster>   8.32 +- 0.16         8.26 +- 0.14
<cluster 64K>     8.20 +- 0.05         6.26 +- 0.10
----------------  -------------------  -------------------

Suggested-by: Denis V. Lunev <den@openvz.org>
Suggested-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Andrey Shinkevich <andrey.shinkevich@virtuozzo.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <1594741846-475697-1-git-send-email-andrey.shinkevich@virtuozzo.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
12 months agotarget/s390x: Set instance_align on S390CPU TypeInfo
Richard Henderson [Wed, 16 Sep 2020 00:46:38 +0000 (17:46 -0700)] 
target/s390x: Set instance_align on S390CPU TypeInfo

Fix alignment of CPUS390XState.vregs.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200916004638.2444147-7-richard.henderson@linaro.org>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
12 months agotarget/riscv: Set instance_align on RISCVCPU TypeInfo
Richard Henderson [Wed, 16 Sep 2020 00:46:37 +0000 (17:46 -0700)] 
target/riscv: Set instance_align on RISCVCPU TypeInfo

Fix alignment of CPURISCVState.vreg.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20200916004638.2444147-6-richard.henderson@linaro.org>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
12 months agotarget/ppc: Set instance_align on PowerPCCPU TypeInfo
Richard Henderson [Wed, 16 Sep 2020 00:46:36 +0000 (17:46 -0700)] 
target/ppc: Set instance_align on PowerPCCPU TypeInfo

Fix alignment of CPUPPCState.vsr.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Acked-by: David Gibson <david@gibson.dropbear.id.au>
Message-Id: <20200916004638.2444147-5-richard.henderson@linaro.org>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
12 months agotarget/arm: Set instance_align on CPUARM TypeInfo
Richard Henderson [Wed, 16 Sep 2020 00:46:35 +0000 (17:46 -0700)] 
target/arm: Set instance_align on CPUARM TypeInfo

Fix alignment of CPUARMState.vfp.zregs.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200916004638.2444147-4-richard.henderson@linaro.org>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
12 months agoqom: Allow objects to be allocated with increased alignment
Richard Henderson [Wed, 16 Sep 2020 00:46:34 +0000 (17:46 -0700)] 
qom: Allow objects to be allocated with increased alignment

It turns out that some hosts have a default malloc alignment less
than that required for vectors.

We assume that, with compiler annotation on CPUArchState, that we
can properly align the vector portion of the guest state.  Fix the
alignment of the allocation by using qemu_memalloc when required.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200916004638.2444147-3-richard.henderson@linaro.org>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
12 months agoi386: Simplify CPUID_8000_001E for AMD
Babu Moger [Tue, 1 Sep 2020 15:57:32 +0000 (10:57 -0500)] 
i386: Simplify CPUID_8000_001E for AMD

apic_id contains all the information required to build
CPUID_8000_001E. core_id and node_id is already part of
apic_id generated by x86_topo_ids_from_apicid.

Also remove the restriction on number bits on core_id and
node_id.

Remove all the hardcoded values and replace with generalized
fields.

Refer the Processor Programming Reference (PPR) documentation
available from the bugzilla Link below.

Signed-off-by: Babu Moger <babu.moger@amd.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Pankaj Gupta <pankaj.gupta.linux@gmail.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Link: https://bugzilla.kernel.org/show_bug.cgi?id=206537
Message-Id: <159897585257.30750.5815593918927986935.stgit@naples-babu.amd.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
12 months agoi386: Simplify CPUID_8000_001d for AMD
Babu Moger [Tue, 1 Sep 2020 15:57:26 +0000 (10:57 -0500)] 
i386: Simplify CPUID_8000_001d for AMD

Remove all the hardcoded values and replace with generalized
fields.

Signed-off-by: Babu Moger <babu.moger@amd.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Pankaj Gupta <pankaj.gupta.linux@gmail.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Message-Id: <159897584649.30750.3939159632943292252.stgit@naples-babu.amd.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
12 months agohw/i386/vmport: Drop superfluous parenthesis around function typedef
Philippe Mathieu-Daudé [Tue, 5 May 2020 14:28:36 +0000 (16:28 +0200)] 
hw/i386/vmport: Drop superfluous parenthesis around function typedef

Drop superfluous parenthesis around VMPortReadFunc typedef
(added in d67f679d99, missed to remove when moved in e595112985).

Suggested-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200505142836.16903-1-philmd@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
12 months agoi386/kvm: correct the meaning of '0xffffffff' value for hv-spinlocks
Vitaly Kuznetsov [Fri, 15 May 2020 11:48:47 +0000 (13:48 +0200)] 
i386/kvm: correct the meaning of '0xffffffff' value for hv-spinlocks

Hyper-V TLFS prior to version 6.0 had a mistake in it: special value
'0xffffffff' for CPUID 0x40000004.EBX was called 'never to retry', this
looked weird (like why it's not '0' which supposedly have the same effect?)
but nobody raised the question. In TLFS version 6.0 the mistake was
corrected to 'never notify' which sounds logical. Fix QEMU accordingly.

Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Message-Id: <20200515114847.74523-1-vkuznets@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
12 months agoqom: Correct error values in two contracts
Markus Armbruster [Thu, 17 Sep 2020 12:55:40 +0000 (14:55 +0200)] 
qom: Correct error values in two contracts

object_property_get_bool()'s contract claims it returns NULL on error.
Pasto; it returns false.

object_property_get_int()'s contract claims it returns "negative".  It
actually returns -1.  All the other object_property_get_FOO()
contracts specify the exact error value, so do the same here.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20200917125540.597786-3-armbru@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
12 months agoqom: Clean up object_property_get_enum()'s error value
Markus Armbruster [Thu, 17 Sep 2020 12:55:39 +0000 (14:55 +0200)] 
qom: Clean up object_property_get_enum()'s error value

object_property_get_enum() is the only object_property_FOO() that is
documented to return an undefined value on error.  It does no such
thing, actually: it returns 0 on some errors, and -1 on others.

Needlessly complicated.  Always return -1 on error, and adjust the
contract.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20200917125540.597786-2-armbru@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
12 months agoqom: Correct object_class_dynamic_cast_assert() documentation
Eduardo Habkost [Wed, 16 Sep 2020 19:30:59 +0000 (15:30 -0400)] 
qom: Correct object_class_dynamic_cast_assert() documentation

object_class_dynamic_cast_assert() is not used by
INTERFACE_CHECK, remove misleading mention of that function in
the documentation.

Message-Id: <20200916193101.511600-2-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
12 months agosifive: Use DECLARE_*CHECKER* macros
Eduardo Habkost [Mon, 31 Aug 2020 21:07:33 +0000 (17:07 -0400)] 
sifive: Use DECLARE_*CHECKER* macros

 $ ./scripts/codeconverter/converter.py -i \
   --pattern=TypeCheckMacro $(git grep -l '' -- '*.[ch]')

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20200831210740.126168-12-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
12 months agosifive: Move QOM typedefs and add missing includes
Eduardo Habkost [Mon, 31 Aug 2020 21:07:30 +0000 (17:07 -0400)] 
sifive: Move QOM typedefs and add missing includes

Some typedefs and macros are defined after the type check macros.
This makes it difficult to automatically replace their
definitions with OBJECT_DECLARE_TYPE.

Patch generated using:

 $ ./scripts/codeconverter/converter.py -i \
   --pattern=QOMStructTypedefSplit $(git grep -l '' -- '*.[ch]')

which will split "typdef struct { ... } TypedefName"
declarations.

Followed by:

 $ ./scripts/codeconverter/converter.py -i --pattern=MoveSymbols \
    $(git grep -l '' -- '*.[ch]')

which will:
- move the typedefs and #defines above the type check macros
- add missing #include "qom/object.h" lines if necessary

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20200831210740.126168-9-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
12 months agosifive_u: Rename memmap enum constants
Eduardo Habkost [Fri, 11 Sep 2020 17:34:47 +0000 (13:34 -0400)] 
sifive_u: Rename memmap enum constants

Some of the enum constant names conflict with the QOM type check
macros (SIFIVE_U_OTP, SIFIVE_U_PRCI).  This needs to be addressed
to allow us to transform the QOM type check macros into functions
generated by OBJECT_DECLARE_TYPE().

Rename all the constants to SIFIVE_U_DEV_*, to avoid conflicts.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20200911173447.165713-3-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
12 months agosifive_e: Rename memmap enum constants
Eduardo Habkost [Fri, 11 Sep 2020 17:34:46 +0000 (13:34 -0400)] 
sifive_e: Rename memmap enum constants

Some of the enum constant names conflict with a QOM type check
macro (SIFIVE_E_PRCI).  This needs to be addressed to allow us to
transform the QOM type check macros into functions generated by
OBJECT_DECLARE_TYPE().

Rename all the constants to SIFIVE_E_DEV_*, to avoid conflicts.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20200911173447.165713-2-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
12 months agotests/acceptance: Skip slow quanta-gsj U-boot+Linux test
Philippe Mathieu-Daudé [Fri, 18 Sep 2020 14:23:01 +0000 (16:23 +0200)] 
tests/acceptance: Skip slow quanta-gsj U-boot+Linux test

The 'arm_quanta_gsj_initrd' test is timeouting on GitLab CI:
https://gitlab.com/philmd/qemu/-/jobs/745483978#L846
and also sometimes on my workstation, so proceed as with
the other slow tests: do not run it by default.
The test can still be run setting the AVOCADO_TIMEOUT_EXPECTED
environment variable.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Willian Rampazzo <willianr@redhat.com>
Reviewed-by: Havard Skinnemoen <hskinnemoen@google.com>
Tested-by: Havard Skinnemoen <hskinnemoen@google.com>
Message-Id: <20200918143355.153522-1-f4bug@amsat.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
12 months agotests/acceptance: Disable tests dependent of unreliable apt.armbian.com
Philippe Mathieu-Daudé [Thu, 17 Sep 2020 16:39:54 +0000 (18:39 +0200)] 
tests/acceptance: Disable tests dependent of unreliable apt.armbian.com

Armbian servers are not very reliable and confused the GitLab CI
users a few times this month (path updated, archives moved, and
now the SSL: CERTIFICATE_VERIFY_FAILED "certificate has expired"
error). Time to disable these tests.
Users can still use the artifacts from the cache (or manually add
them to the cache).

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Willian Rampazzo <willianr@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <20200917163954.50514-1-philmd@redhat.com>

12 months agoMerge remote-tracking branch 'remotes/philmd-gitlab/tags/fw_cfg-20200918' into staging
Peter Maydell [Fri, 18 Sep 2020 15:34:26 +0000 (16:34 +0100)] 
Merge remote-tracking branch 'remotes/philmd-gitlab/tags/fw_cfg-20200918' into staging

fw_cfg patches

Fixes a bug in the recently introduced fw_cfg_add_from_generator().

CI jobs results:
. https://gitlab.com/philmd/qemu/-/pipelines/191714875
. https://travis-ci.org/github/philmd/qemu/builds/728288784
. https://app.shippable.com/github/philmd/qemu/runs/869/1/console

# gpg: Signature made Fri 18 Sep 2020 16:20:56 BST
# gpg:                using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD  6BB2 E3E3 2C2C DEAD C0DE

* remotes/philmd-gitlab/tags/fw_cfg-20200918:
  hw/nvram/fw_cfg: fix FWCfgDataGeneratorClass::get_data() consumption

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12 months agohw/nvram/fw_cfg: fix FWCfgDataGeneratorClass::get_data() consumption
Laszlo Ersek [Wed, 16 Sep 2020 15:15:10 +0000 (17:15 +0200)] 
hw/nvram/fw_cfg: fix FWCfgDataGeneratorClass::get_data() consumption

The documentation on g_byte_array_free()
<https://developer.gnome.org/glib/stable/glib-Byte-Arrays.html#g-byte-array-free>
says:

> Returns
>
> the element data if free_segment is FALSE, otherwise NULL. The element
> data should be freed using g_free().

Because we currently call g_byte_array_free() with free_segment=TRUE, we
end up passing data=NULL to fw_cfg_add_file().

On the plus side, fw_cfg_data_read() and fw_cfg_dma_transfer() both deal
with NULL data gracefully: QEMU does not crash when the guest reads such
an item, the guest just gets a properly sized, but zero-filled blob.

However, the bug breaks UEFI HTTPS boot, as the IANA_TLS_CIPHER array,
generated otherwise correctly by the "tls-cipher-suites" object, is in
effect replaced with a zero blob.

Fix the issue by passing free_segment=FALSE to g_byte_array_free():

- the caller (fw_cfg_add_from_generator()) temporarily assumes ownership
  of the generated byte array,

- then ownership of the byte array is transfered to fw_cfg, as
  fw_cfg_add_file() links (not copies) "data" into fw_cfg.

Cc: "Daniel P. Berrangé" <berrange@redhat.com>
Cc: "Philippe Mathieu-Daudé" <philmd@redhat.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Fixes: 3203148917d035b09f71986ac2eaa19a352d6d9d
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20200916151510.22767-1-lersek@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
12 months agoMerge remote-tracking branch 'remotes/legoater/tags/pull-aspeed-20200918' into staging
Peter Maydell [Fri, 18 Sep 2020 12:36:42 +0000 (13:36 +0100)] 
Merge remote-tracking branch 'remotes/legoater/tags/pull-aspeed-20200918' into staging

Aspeed patches :

* Couple of cleanups
* New machine properties to define the flash models

# gpg: Signature made Fri 18 Sep 2020 08:23:19 BST
# gpg:                using RSA key A0F66548F04895EBFE6B0B6051A343C7CFFBECA1
# gpg: Good signature from "Cédric Le Goater <clg@kaod.org>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: A0F6 6548 F048 95EB FE6B  0B60 51A3 43C7 CFFB ECA1

* remotes/legoater/tags/pull-aspeed-20200918:
  misc: aspeed_scu: Update AST2600 silicon id register
  hw/arm/aspeed: Add machine properties to define the flash models
  hw/arm/aspeed: Map the UART5 device unconditionally

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12 months agodocker.py: always use --rm
Paolo Bonzini [Thu, 17 Sep 2020 10:44:41 +0000 (12:44 +0200)] 
docker.py: always use --rm

Avoid that containers pile up.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Acked-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12 months agomisc: aspeed_scu: Update AST2600 silicon id register
Joel Stanley [Fri, 18 Sep 2020 07:04:36 +0000 (09:04 +0200)] 
misc: aspeed_scu: Update AST2600 silicon id register

Aspeed have released an updated datasheet (v7) containing the silicon id
for the AST2600 A2. It looks like this:

              SCU004      SCU014
  AST2600-A0  0x05000303  0x05000303
  AST2600-A1  0x05010303  0x05010303
  AST2600-A2  0x05010303  0x05020303
  AST2620-A1  0x05010203  0x05010203
  AST2620-A2  0x05010203  0x05020203

The SCU004 (silicon id 1) value matches SCU014 for A0, but for
subsequent revisions it is hard coded to the A1 value.

Qemu effectively dropped support for the A0 in 7582591ae745 ("aspeed:
Support AST2600A1 silicon revision") as the A0 reset table was removed,
so it makes sense to only support the behaviour of A1 and onwards.

Signed-off-by: Joel Stanley <joel@jms.id.au>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20200916082012.776628-1-joel@jms.id.au>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
12 months agohw/arm/aspeed: Add machine properties to define the flash models
Cédric Le Goater [Fri, 18 Sep 2020 07:04:36 +0000 (09:04 +0200)] 
hw/arm/aspeed: Add machine properties to define the flash models

Some machines don't have much differences a part from the flash model
being used. Introduce new machine properties to change them from the
command line.

For instance, to start the ast2500-evb machine with a different FMC
chip and a 64M SPI chip, use :

  -M ast2500-evb,fmc-model=mx25l25635e,spi-model=mx66u51235f

Cc: 郁雷 <yulei.sh@bytedance.com>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Tested-by: Lei YU <yulei.sh@bytedance.com>
Message-Id: <20200915054859.2338477-1-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
12 months agohw/arm/aspeed: Map the UART5 device unconditionally
Philippe Mathieu-Daudé [Fri, 18 Sep 2020 07:04:36 +0000 (09:04 +0200)] 
hw/arm/aspeed: Map the UART5 device unconditionally

The UART5 is present on the machine regardless there is a
character device connected to it. Map it unconditionally.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20200905212415.760452-1-f4bug@amsat.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
12 months agoMerge remote-tracking branch 'remotes/kraxel/tags/microvm-20200917-pull-request'...
Peter Maydell [Thu, 17 Sep 2020 19:40:59 +0000 (20:40 +0100)] 
Merge remote-tracking branch 'remotes/kraxel/tags/microvm-20200917-pull-request' into staging

microvm: add acpi support

# gpg: Signature made Thu 17 Sep 2020 14:53:06 BST
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/microvm-20200917-pull-request: (21 commits)
  microvm: enable ramfb
  tests/acpi: update expected data files for microvm
  tests/acpi: add microvm test
  tests/acpi: allow override blkdev
  tests/acpi: allow microvm test data updates.
  microvm: wire up hotplug
  x86: move cpu hotplug from pc to x86
  x86: move acpi_dev from pc/microvm
  x86: constify x86_machine_is_*_enabled
  microvm/acpi: disable virtio-mmio cmdline hack
  microvm/acpi: use seabios with acpi=on
  microvm/acpi: use GSI 16-23 for virtio
  microvm/acpi: add acpi_dsdt_add_virtio() for x86
  microvm/acpi: add minimal acpi support
  microvm: make virtio irq base runtime configurable
  acpi: move acpi_dsdt_add_power_button() to ged
  acpi: ged: add x86 device variant.
  acpi: ged: add control regs
  seabios: add bios-microvm.bin binary
  seabios: add microvm config, update build rules
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12 months agocontrib/: fix some comment spelling errors
zhaolichang [Thu, 17 Sep 2020 07:50:29 +0000 (15:50 +0800)] 
contrib/: fix some comment spelling errors

I found that there are many spelling errors in the comments of qemu,
so I used the spellcheck tool to check the spelling errors
and finally found some spelling errors in the contrib folder.

Signed-off-by: zhaolichang <zhaolichang@huawei.com>
Reviewed-by: Alex Bennee <alex.bennee@linaro.org>
Message-Id: <20200917075029.313-11-zhaolichang@huawei.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
12 months agoqapi/: fix some comment spelling errors
zhaolichang [Thu, 17 Sep 2020 07:50:28 +0000 (15:50 +0800)] 
qapi/: fix some comment spelling errors

I found that there are many spelling errors in the comments of qemu,
so I used the spellcheck tool to check the spelling errors
and finally found some spelling errors in the qapi folder.

Signed-off-by: zhaolichang <zhaolichang@huawei.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200917075029.313-10-zhaolichang@huawei.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
12 months agodisas/: fix some comment spelling errors
zhaolichang [Thu, 17 Sep 2020 07:50:27 +0000 (15:50 +0800)] 
disas/: fix some comment spelling errors

I found that there are many spelling errors in the comments of qemu,
so I used the spellcheck tool to check the spelling errors
and finally found some spelling errors in the disas folder.

Signed-off-by: zhaolichang <zhaolichang@huawei.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20200917075029.313-9-zhaolichang@huawei.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
12 months agolinux-user/: fix some comment spelling errors
zhaolichang [Thu, 17 Sep 2020 07:50:25 +0000 (15:50 +0800)] 
linux-user/: fix some comment spelling errors

I found that there are many spelling errors in the comments of qemu,
so I used the spellcheck tool to check the spelling errors
and finally found some spelling errors in the linux-user folder.

Signed-off-by: zhaolichang <zhaolichang@huawei.com>
Reviewed-by: Alex Bennee <alex.bennee@linaro.org>
Message-Id: <20200917075029.313-7-zhaolichang@huawei.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
12 months agoutil/: fix some comment spelling errors
zhaolichang [Thu, 17 Sep 2020 07:50:24 +0000 (15:50 +0800)] 
util/: fix some comment spelling errors

I found that there are many spelling errors in the comments of qemu,
so I used the spellcheck tool to check the spelling errors
and finally found some spelling errors in the util folder.

Signed-off-by: zhaolichang <zhaolichang@huawei.com>
Reviewed-by: Alex Bennee <alex.bennee@linaro.org>
Message-Id: <20200917075029.313-6-zhaolichang@huawei.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
12 months agoscripts/: fix some comment spelling errors
zhaolichang [Thu, 17 Sep 2020 07:50:23 +0000 (15:50 +0800)] 
scripts/: fix some comment spelling errors

I found that there are many spelling errors in the comments of qemu,
so I used the spellcheck tool to check the spelling errors
and finally found some spelling errors in the scripts folder.

Signed-off-by: zhaolichang <zhaolichang@huawei.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20200917075029.313-5-zhaolichang@huawei.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
12 months agodocs/: fix some comment spelling errors
zhaolichang [Thu, 17 Sep 2020 07:50:22 +0000 (15:50 +0800)] 
docs/: fix some comment spelling errors

I found that there are many spelling errors in the comments of qemu,
so I used the spellcheck tool to check the spelling errors
and finally found some spelling errors in the docs folder.

Signed-off-by: zhaolichang <zhaolichang@huawei.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20200917075029.313-4-zhaolichang@huawei.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
12 months agomigration/: fix some comment spelling errors
zhaolichang [Thu, 17 Sep 2020 07:50:21 +0000 (15:50 +0800)] 
migration/: fix some comment spelling errors

I found that there are many spelling errors in the comments of qemu,
so I used the spellcheck tool to check the spelling errors
and finally found some spelling errors in the migration folder.

Signed-off-by: zhaolichang <zhaolichang@huawei.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20200917075029.313-3-zhaolichang@huawei.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
12 months agoqemu/: fix some comment spelling errors
zhaolichang [Thu, 17 Sep 2020 07:50:20 +0000 (15:50 +0800)] 
qemu/: fix some comment spelling errors

I found that there are many spelling errors in the comments of qemu,
so I used the spellcheck tool to check the spelling errors
and finally found some spelling errors in the folder.

Signed-off-by: zhaolichang <zhaolichang@huawei.com>
Reviewed-by: Alex Bennee <alex.bennee@linaro.org>
Message-Id: <20200917075029.313-2-zhaolichang@huawei.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
12 months agoMerge remote-tracking branch 'remotes/stsquad/tags/pull-configure-fixes-160920-1...
Peter Maydell [Thu, 17 Sep 2020 13:50:55 +0000 (14:50 +0100)] 
Merge remote-tracking branch 'remotes/stsquad/tags/pull-configure-fixes-160920-1' into staging

configure tweaks for deprecation

  - iotest fix for readlink -f
  - linux-user, report rather than assert on mmap failure
  - clean-up and re-factor the logic
  - add tilegx-linux-user to deprecated_targets_list
  - add [lm32|unicore32]-softmmu deprecated_targets_list
  - add a gitlab deprecated builds test

# gpg: Signature made Wed 16 Sep 2020 10:11:41 BST
# gpg:                using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [full]
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8  DF35 FBD0 DB09 5A9E 2A44

* remotes/stsquad/tags/pull-configure-fixes-160920-1:
  configure: add [lm32|unicore32]-softmmu to deprecation logic
  gitlab: create a build-deprecated target
  configure: include tilegx-linux-user in the deprecation logic
  configure: clean-up the target-list-exclude logic
  configure: also skip deprecated targets with target-list-exclude
  configure: move deprecated feature processing to supported_target
  iotests: Drop readlink -f
  linux-user: test, don't assert addr != test in pgb_reserved_va

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12 months agoMerge remote-tracking branch 'remotes/huth-gitlab/tags/pull-request-2020-09-16' into...
Peter Maydell [Thu, 17 Sep 2020 12:38:08 +0000 (13:38 +0100)] 
Merge remote-tracking branch 'remotes/huth-gitlab/tags/pull-request-2020-09-16' into staging

* Fix "readlink -f" problem in iotests on macOS (to fix the Cirrus-CI tests)
* Some minor qtest improvements
* Fix the unit tests to work on MSYS2, too
* Enable building and testing on MSYS2 in the Cirrus-CI
* Build FreeBSD with one task again in the Cirrus-CI

# gpg: Signature made Wed 16 Sep 2020 12:24:29 BST
# gpg:                using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg:                issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full]
# gpg:                 aka "Thomas Huth <thuth@redhat.com>" [full]
# gpg:                 aka "Thomas Huth <huth@tuxfamily.org>" [full]
# gpg:                 aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3  EAB9 2ED9 D774 FE70 2DB5

* remotes/huth-gitlab/tags/pull-request-2020-09-16: (24 commits)
  cirrus: Building freebsd in a single shot
  ci: Enable msys2 ci in cirrus
  tests: Fixes test-qdev-global-props.c
  tests: fix test-util-sockets.c
  tests: Fixes test-io-channel-file by mask only owner file state mask bits
  tests: fixes aio-win32 about aio_remove_fd_handler, get it consistence with aio-posix.c
  tests: Fixes test-io-channel-socket.c tests under msys2/mingw
  vmstate: Fixes test-vmstate.c on msys2/mingw
  meson: remove empty else and duplicated gio deps
  meson: Use -b to ignore CR vs. CR-LF issues on Windows
  osdep: file locking functions are not available on Win32
  tests: test-replication disable /replication/secondary/* on msys2/mingw.
  tests: Fixes test-replication.c on msys2/mingw.
  meson: disable crypto tests are empty under win32
  meson: Disable test-char on msys2/mingw for fixing tests stuck
  rcu: fixes test-logging.c by call drain_call_rcu before rmdir_full
  tests: Convert g_free to g_autofree macro in test-logging.c
  rcu: Implement drain_call_rcu
  qga/commands-win32: Fix problem with redundant protype declaration
  Simplify the .gitignore file
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12 months agomicrovm: enable ramfb
Gerd Hoffmann [Tue, 15 Sep 2020 12:09:09 +0000 (14:09 +0200)] 
microvm: enable ramfb

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20200915120909.20838-22-kraxel@redhat.com

12 months agotests/acpi: update expected data files for microvm
Gerd Hoffmann [Tue, 15 Sep 2020 12:09:08 +0000 (14:09 +0200)] 
tests/acpi: update expected data files for microvm

Also clear tests/qtest/bios-tables-test-allowed-diff.h

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20200915120909.20838-21-kraxel@redhat.com

12 months agotests/acpi: add microvm test
Gerd Hoffmann [Tue, 15 Sep 2020 12:09:07 +0000 (14:09 +0200)] 
tests/acpi: add microvm test

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-id: 20200915120909.20838-20-kraxel@redhat.com

12 months agotests/acpi: allow override blkdev
Gerd Hoffmann [Tue, 15 Sep 2020 12:09:06 +0000 (14:09 +0200)] 
tests/acpi: allow override blkdev

microvm needs virtio-blk instead of ide.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Sergio Lopez <slp@redhat.com>
Message-id: 20200915120909.20838-19-kraxel@redhat.com

12 months agotests/acpi: allow microvm test data updates.
Gerd Hoffmann [Tue, 15 Sep 2020 12:09:05 +0000 (14:09 +0200)] 
tests/acpi: allow microvm test data updates.

Also add empty test data files.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20200915120909.20838-18-kraxel@redhat.com