qemu.git
17 months agoesp: consolidate esp_cmdfifo_push() into esp_fifo_push()
Mark Cave-Ayland [Wed, 7 Apr 2021 19:57:52 +0000 (20:57 +0100)] 
esp: consolidate esp_cmdfifo_push() into esp_fifo_push()

Each FIFO currently has its own push functions with the only difference being
the capacity check. The original reason for this was that the fifo8
implementation doesn't have a formal API for retrieving the FIFO capacity,
however there are multiple examples within QEMU where the capacity field is
accessed directly.

Change esp_fifo_push() to access the FIFO capacity directly and then consolidate
esp_cmdfifo_push() into esp_fifo_push().

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20210407195801.685-4-mark.cave-ayland@ilande.co.uk>

17 months agoesp: rework write_response() to avoid using the FIFO for DMA transactions
Mark Cave-Ayland [Wed, 7 Apr 2021 19:57:51 +0000 (20:57 +0100)] 
esp: rework write_response() to avoid using the FIFO for DMA transactions

The code for write_response() has always used the FIFO to store the data for
the status/message in phases, even for DMA transactions. Switch to using a
separate buffer that can be used directly for DMA transactions and restrict
the FIFO use to the non-DMA case.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20210407195801.685-3-mark.cave-ayland@ilande.co.uk>

17 months agoesp: always check current_req is not NULL before use in DMA callbacks
Mark Cave-Ayland [Wed, 7 Apr 2021 19:57:50 +0000 (20:57 +0100)] 
esp: always check current_req is not NULL before use in DMA callbacks

After issuing a SCSI command the SCSI layer can call the SCSIBusInfo .cancel
callback which resets both current_req and current_dev to NULL. If any data
is left in the transfer buffer (async_len != 0) then the next TI (Transfer
Information) command will attempt to reference the NULL pointer causing a
segfault.

Buglink: https://bugs.launchpad.net/qemu/+bug/1910723
Buglink: https://bugs.launchpad.net/qemu/+bug/1909247
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20210407195801.685-2-mark.cave-ayland@ilande.co.uk>

17 months agoesp: fix setting of ESPState mig_version_id when launching QEMU with -S option
Mark Cave-Ayland [Wed, 7 Apr 2021 12:48:42 +0000 (13:48 +0100)] 
esp: fix setting of ESPState mig_version_id when launching QEMU with -S option

If QEMU is launched with the -S option then the ESPState mig_version_id property
is left unset due to the ordering of the VMState fields in the VMStateDescription
for sysbusespscsi and pciespscsi. If the VM is migrated and restored in this
stopped state, the version tests in the vmstate_esp VMStateDescription and
esp_post_load() become confused causing the migration to fail.

Fix the ordering problem by moving the setting of mig_version_id to a common
esp_pre_save() function which is invoked first by both sysbusespscsi and
pciespscsi rather than at the point where ESPState is itself serialised into the
migration stream.

Buglink: https://bugs.launchpad.net/qemu/+bug/1922611
Fixes: 0bd005be78 ("esp: add vmstate_esp version to embedded ESPState")
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210407124842.32695-1-mark.cave-ayland@ilande.co.uk>

17 months agoMerge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20210412' into... 284946491 285096155
Peter Maydell [Mon, 12 Apr 2021 11:12:09 +0000 (12:12 +0100)] 
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20210412' into staging

target-arm queue:
 * hw/arm/virt-acpi-build: Fix GSIV values of the {GERR, Sync} interrupts
 * hw/arm/smmuv3: Emulate CFGI_STE_RANGE for an aligned range of StreamIDs
 * accel/tcg: Preserve PAGE_ANON when changing page permissions
 * target/arm: Check PAGE_WRITE_ORG for MTE writeability
 * exec: Fix overlap of PAGE_ANON and PAGE_TARGET_1

# gpg: Signature made Mon 12 Apr 2021 11:31:15 BST
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20210412:
  exec: Fix overlap of PAGE_ANON and PAGE_TARGET_1
  target/arm: Check PAGE_WRITE_ORG for MTE writeability
  accel/tcg: Preserve PAGE_ANON when changing page permissions
  hw/arm/smmuv3: Emulate CFGI_STE_RANGE for an aligned range of StreamIDs
  hw/arm/virt-acpi-build: Fix GSIV values of the {GERR, Sync} interrupts

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
17 months agoexec: Fix overlap of PAGE_ANON and PAGE_TARGET_1
Richard Henderson [Tue, 6 Apr 2021 17:40:31 +0000 (10:40 -0700)] 
exec: Fix overlap of PAGE_ANON and PAGE_TARGET_1

Unfortuately, the elements of PAGE_* were not in numerical
order and so PAGE_ANON was added to an "unused" bit.
As an arbitrary choice, move PAGE_TARGET_{1,2} together.

Cc: Laurent Vivier <laurent@vivier.eu>
Fixes: 26bab757d41b ("linux-user: Introduce PAGE_ANON")
Buglink: https://bugs.launchpad.net/bugs/1922617
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Tested-by: Laurent Vivier <laurent@vivier.eu>
Tested-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
17 months agotarget/arm: Check PAGE_WRITE_ORG for MTE writeability
Richard Henderson [Tue, 6 Apr 2021 17:40:21 +0000 (10:40 -0700)] 
target/arm: Check PAGE_WRITE_ORG for MTE writeability

We can remove PAGE_WRITE when (internally) marking a page
read-only because it contains translated code.

This can be triggered by tests/tcg/aarch64/bti-2, after
having serviced SIGILL trampolines on the stack.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
17 months agoaccel/tcg: Preserve PAGE_ANON when changing page permissions
Richard Henderson [Tue, 6 Apr 2021 17:40:20 +0000 (10:40 -0700)] 
accel/tcg: Preserve PAGE_ANON when changing page permissions

Using mprotect() to change PROT_* does not change the MAP_ANON
previously set with mmap().  Our linux-user version of MTE only
works with MAP_ANON pages, so losing PAGE_ANON caused MTE to
stop working.

Reported-by: Stephen Long <steplong@quicinc.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
17 months agohw/arm/smmuv3: Emulate CFGI_STE_RANGE for an aligned range of StreamIDs
Zenghui Yu [Fri, 2 Apr 2021 10:04:49 +0000 (18:04 +0800)] 
hw/arm/smmuv3: Emulate CFGI_STE_RANGE for an aligned range of StreamIDs

In emulation of the CFGI_STE_RANGE command, we now take StreamID as the
start of the invalidation range, regardless of whatever the Range is,
whilst the spec clearly states that

 - "Invalidation is performed for an *aligned* range of 2^(Range+1)
    StreamIDs."

 - "The bottom Range+1 bits of the StreamID parameter are IGNORED,
    aligning the range to its size."

Take CFGI_ALL (where Range == 31) as an example, if there are some random
bits in the StreamID field, we'll fail to perform the full invalidation but
get a strange range (e.g., SMMUSIDRange={.start=1, .end=0}) instead. Rework
the emulation a bit to get rid of the discrepancy with the spec.

Signed-off-by: Zenghui Yu <yuzenghui@huawei.com>
Acked-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20210402100449.528-1-yuzenghui@huawei.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
17 months agohw/arm/virt-acpi-build: Fix GSIV values of the {GERR, Sync} interrupts
Zenghui Yu [Fri, 2 Apr 2021 08:47:31 +0000 (16:47 +0800)] 
hw/arm/virt-acpi-build: Fix GSIV values of the {GERR, Sync} interrupts

The GSIV values in SMMUv3 IORT node are not correct as they don't match
the SMMUIrq enumeration, which describes the IRQ<->PIN mapping used by
our emulated vSMMU.

Fixes: a703b4f6c1ee ("hw/arm/virt-acpi-build: Add smmuv3 node in IORT table")
Signed-off-by: Zenghui Yu <yuzenghui@huawei.com>
Acked-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20210402084731.93-1-yuzenghui@huawei.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
17 months agoMerge remote-tracking branch 'remotes/nvme/tags/nvme-fixes-20210412-pull-request... 284892267 284946124
Peter Maydell [Mon, 12 Apr 2021 09:41:11 +0000 (10:41 +0100)] 
Merge remote-tracking branch 'remotes/nvme/tags/nvme-fixes-20210412-pull-request' into staging

emulated nvme docs and fixes for -rc3

- documentation
- fixes

# gpg: Signature made Mon 12 Apr 2021 07:56:09 BST
# gpg:                using RSA key 522833AA75E2DCE6A24766C04DE1AF316D4F0DE9
# gpg: Good signature from "Klaus Jensen <its@irrelevant.dk>" [unknown]
# gpg:                 aka "Klaus Jensen <k.jensen@samsung.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: DDCA 4D9C 9EF9 31CC 3468  4272 63D5 6FC5 E55D A838
#      Subkey fingerprint: 5228 33AA 75E2 DCE6 A247  66C0 4DE1 AF31 6D4F 0DE9

* remotes/nvme/tags/nvme-fixes-20210412-pull-request:
  hw/block/nvme: drain namespaces on sq deletion
  hw/block/nvme: store aiocb in compare
  hw/block/nvme: map prp fix if prp2 contains non-zero offset
  docs: add nvme emulation documentation

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
17 months agohw/block/nvme: drain namespaces on sq deletion
Klaus Jensen [Thu, 8 Apr 2021 10:44:05 +0000 (12:44 +0200)] 
hw/block/nvme: drain namespaces on sq deletion

For most commands, when issuing an AIO, the BlockAIOCB is stored in the
NvmeRequest aiocb pointer when the AIO is issued. The main use of this
is cancelling AIOs when deleting submission queues (it is currently not
used for Abort).

However, some commands like Dataset Management Zone Management Send
(zone reset) may involve more than one AIO and here the AIOs are issued
without saving a reference to the BlockAIOCB. This is a problem since
nvme_del_sq() will attempt to cancel outstanding AIOs, potentially with
an invalid BlockAIOCB since the aiocb pointer is not NULL'ed when the
request structure is recycled.

Fix this by

  1. making sure the aiocb pointer is NULL'ed when requests are recycled
  2. only attempt to cancel the AIO if the aiocb is non-NULL
  3. if any AIOs could not be cancelled, drain all aio as a last resort.

Fixes: dc04d25e2f3f ("hw/block/nvme: add support for the format nvm command")
Fixes: c94973288cd9 ("hw/block/nvme: add broadcast nsid support flush command")
Fixes: e4e430b3d6ba ("hw/block/nvme: add simple copy command")
Fixes: 5f5dc4c6a942 ("hw/block/nvme: zero out zones on reset")
Fixes: 2605257a26b8 ("hw/block/nvme: add the dataset management command")
Cc: Gollu Appalanaidu <anaidu.gollu@samsung.com>
Cc: Minwoo Im <minwoo.im@samsung.com>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Minwoo Im <minwoo.im.dev@gmail.com>
17 months agohw/block/nvme: store aiocb in compare
Klaus Jensen [Thu, 8 Apr 2021 11:46:03 +0000 (13:46 +0200)] 
hw/block/nvme: store aiocb in compare

nvme_compare() fails to store the aiocb from the blk_aio_preadv() call.
Fix this.

Fixes: 0a384f923f51 ("hw/block/nvme: add compare command")
Cc: Gollu Appalanaidu <anaidu.gollu@samsung.com>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Gollu Appalanaidu <anaidu.gollu@samsung.com>
Reviewed-by: Minwoo Im <minwoo.im.dev@gmail.com>
17 months agohw/block/nvme: map prp fix if prp2 contains non-zero offset
Padmakar Kalghatgi [Fri, 9 Apr 2021 07:25:48 +0000 (12:55 +0530)] 
hw/block/nvme: map prp fix if prp2 contains non-zero offset

nvme_map_prp needs to calculate the number of list entries based on the
offset value. For the subsequent PRP2 list, need to ensure the number of
entries is within the MAX number of PRP entries for a page.

Signed-off-by: Padmakar Kalghatgi <p.kalghatgi@samsung.com>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
17 months agodocs: add nvme emulation documentation
Klaus Jensen [Thu, 8 Apr 2021 09:11:02 +0000 (11:11 +0200)] 
docs: add nvme emulation documentation

Remove the docs/specs/nvme.txt and replace it with proper documentation
in docs/system/nvme.rst.

Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
17 months agoMerge remote-tracking branch 'remotes/ehabkost-gl/tags/x86-next-pull-request' into... 284379554 284561512
Peter Maydell [Sat, 10 Apr 2021 15:58:56 +0000 (16:58 +0100)] 
Merge remote-tracking branch 'remotes/ehabkost-gl/tags/x86-next-pull-request' into staging

x86 and CPU bug fixes for 6.0-rc3

* Add missing features to EPYC-Rome CPU model (Babu Moger)
* Fix crash with "-device ...-cpu-core,help" (Greg Kurz)

# gpg: Signature made Fri 09 Apr 2021 21:20:18 BST
# gpg:                using RSA key 5A322FD5ABC4D3DBACCFD1AA2807936F984DC5A6
# gpg:                issuer "ehabkost@redhat.com"
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>" [full]
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF  D1AA 2807 936F 984D C5A6

* remotes/ehabkost-gl/tags/x86-next-pull-request:
  cpu/core: Fix "help" of CPU core device types
  i386: Add missing cpu feature bits in EPYC-Rome model

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
17 months agocpu/core: Fix "help" of CPU core device types
Greg Kurz [Fri, 9 Apr 2021 16:03:39 +0000 (18:03 +0200)] 
cpu/core: Fix "help" of CPU core device types

Calling qdev_get_machine() from a QOM instance_init function is
fragile because we can't be sure the machine object actually
exists. And this happens to break when passing ",help" on the
command line to get the list of properties for a CPU core
device types :

$ ./qemu-system-ppc64 -device power8_v2.0-spapr-cpu-core,help
qemu-system-ppc64: ../../hw/core/machine.c:1290:
 qdev_get_machine: Assertion `machine != NULL' failed.
Aborted (core dumped)

This used to work before QEMU 5.0, but commit 3df261b6676b
unwillingly introduced a subtle regression : the above command
line needs to create an instance but the instance_init function
of the base class calls qdev_get_machine() before
qemu_create_machine() has been called, which is a programming bug.

Use current_machine instead. It is okay to skip the setting of
nr_thread in this case since only its type is displayed.

Fixes: 3df261b6676b ("softmmu/vl.c: Handle '-cpu help' and '-device help' before 'no default machine'")
Reported-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Greg Kurz <groug@kaod.org>
Cc: peter.maydell@linaro.org
Message-Id: <20210409160339.500167-3-groug@kaod.org>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
17 months agoi386: Add missing cpu feature bits in EPYC-Rome model
Babu Moger [Wed, 3 Mar 2021 15:45:30 +0000 (09:45 -0600)] 
i386: Add missing cpu feature bits in EPYC-Rome model

Found the following cpu feature bits missing from EPYC-Rome model.
ibrs    : Indirect Branch Restricted Speculation
ssbd    : Speculative Store Bypass Disable

These new features will be added in EPYC-Rome-v2. The -cpu help output
after the change.

x86 EPYC-Rome             (alias configured by machine type)
x86 EPYC-Rome-v1          AMD EPYC-Rome Processor
x86 EPYC-Rome-v2          AMD EPYC-Rome Processor

Reported-by: Pankaj Gupta <pankaj.gupta@cloud.ionos.com>
Signed-off-by: Babu Moger <babu.moger@amd.com>
Signed-off-by: Pankaj Gupta <pankaj.gupta@cloud.ionos.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: David Edmondson <david.edmondson@oracle.com>
Message-Id: <161478622280.16275.6399866734509127420.stgit@bmoger-ubuntu>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
17 months agoMerge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging 284128640 284379504
Peter Maydell [Fri, 9 Apr 2021 18:26:42 +0000 (19:26 +0100)] 
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Block layer fixes

- mirror: Fix job-complete race condition causing unexpected errors
- fdc: Fix 'fallback' property on sysbus floppy disk controllers
- rbd: Fix memory leaks
- iotest improvements

# gpg: Signature made Fri 09 Apr 2021 17:13:11 BST
# gpg:                using RSA key DC3DEB159A9AF95D3D7456FE7F09B272C88F2FD6
# gpg:                issuer "kwolf@redhat.com"
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" [full]
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74  56FE 7F09 B272 C88F 2FD6

* remotes/kevin/tags/for-upstream:
  test-blockjob: Test job_wait_unpaused()
  job: Allow complete for jobs on standby
  mirror: Do not enter a paused job on completion
  mirror: Move open_backing_file to exit_common
  hw/block/fdc: Fix 'fallback' property on sysbus floppy disk controllers
  iotests: Test mirror-top filter permissions
  iotests: add test for removing persistent bitmap from backing file
  iotests/qsd-jobs: Filter events in the first test
  block/rbd: fix memory leak in qemu_rbd_co_create_opts()
  block/rbd: fix memory leak in qemu_rbd_connect()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
17 months agoMerge remote-tracking branch 'remotes/cohuck-gitlab/tags/s390x-20210409' into staging 284078285 284128507
Peter Maydell [Fri, 9 Apr 2021 16:21:18 +0000 (17:21 +0100)] 
Merge remote-tracking branch 'remotes/cohuck-gitlab/tags/s390x-20210409' into staging

One s390x fix:
- correctly handle the case where the guest ccw payload points to
  invalid memory areas

# gpg: Signature made Fri 09 Apr 2021 15:43:45 BST
# gpg:                using RSA key C3D0D66DC3624FF6A8C018CEDECF6B93C6F02FAF
# gpg:                issuer "cohuck@redhat.com"
# gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>" [unknown]
# gpg:                 aka "Cornelia Huck <huckc@linux.vnet.ibm.com>" [full]
# gpg:                 aka "Cornelia Huck <cornelia.huck@de.ibm.com>" [full]
# gpg:                 aka "Cornelia Huck <cohuck@kernel.org>" [unknown]
# gpg:                 aka "Cornelia Huck <cohuck@redhat.com>" [unknown]
# Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0  18CE DECF 6B93 C6F0 2FAF

* remotes/cohuck-gitlab/tags/s390x-20210409:
  s390x: css: report errors from ccw_dstream_read/write

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
17 months agotest-blockjob: Test job_wait_unpaused()
Max Reitz [Fri, 9 Apr 2021 12:04:21 +0000 (14:04 +0200)] 
test-blockjob: Test job_wait_unpaused()

Create a job that remains on STANDBY after a drained section, and see
that invoking job_wait_unpaused() will get it unstuck.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20210409120422.144040-5-mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
17 months agojob: Allow complete for jobs on standby
Max Reitz [Fri, 9 Apr 2021 12:04:20 +0000 (14:04 +0200)] 
job: Allow complete for jobs on standby

The only job that implements .complete is the mirror job, and it can
handle completion requests just fine while the job is paused.

Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1945635
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20210409120422.144040-4-mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
17 months agomirror: Do not enter a paused job on completion
Max Reitz [Fri, 9 Apr 2021 12:04:19 +0000 (14:04 +0200)] 
mirror: Do not enter a paused job on completion

Currently, it is impossible to complete jobs on standby (i.e. paused
ready jobs), but actually the only thing in mirror_complete() that does
not work quite well with a paused job is the job_enter() at the end.

If we make it conditional, this function works just fine even if the
mirror job is paused.

So technically this is a no-op, but obviously the intention is to accept
block-job-complete even for jobs on standby, which we need this patch
for first.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20210409120422.144040-3-mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
17 months agomirror: Move open_backing_file to exit_common
Max Reitz [Fri, 9 Apr 2021 12:04:18 +0000 (14:04 +0200)] 
mirror: Move open_backing_file to exit_common

This is a graph change and therefore should be done in job-finalize
(which is what invokes mirror_exit_common()).

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20210409120422.144040-2-mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
17 months agohw/block/fdc: Fix 'fallback' property on sysbus floppy disk controllers
Philippe Mathieu-Daudé [Wed, 7 Apr 2021 13:37:42 +0000 (15:37 +0200)] 
hw/block/fdc: Fix 'fallback' property on sysbus floppy disk controllers

Setting the 'fallback' property corrupts the QOM instance state
(FDCtrlSysBus) because it accesses an incorrect offset (it uses
the offset of the FDCtrlISABus state).

Cc: qemu-stable@nongnu.org
Fixes: a73275dd6fc ("fdc: Add fallback option")
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20210407133742.1680424-1-f4bug@amsat.org>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
17 months agoiotests: Test mirror-top filter permissions
Max Reitz [Wed, 31 Mar 2021 12:28:15 +0000 (14:28 +0200)] 
iotests: Test mirror-top filter permissions

Add a test accompanying commit 53431b9086b2832ca1aeff0c55e186e9ed79bd11
("block/mirror: Fix mirror_top's permissions").

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20210331122815.51491-1-mreitz@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
17 months agoiotests: add test for removing persistent bitmap from backing file
Vladimir Sementsov-Ogievskiy [Thu, 1 Apr 2021 16:15:22 +0000 (19:15 +0300)] 
iotests: add test for removing persistent bitmap from backing file

Just demonstrate one of x-blockdev-reopen usecases. We can't simply
remove persistent bitmap from RO node (for example from backing file),
as we need to remove it from the image too. So, we should reopen the
node first.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <20210401161522.8001-1-vsementsov@virtuozzo.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
17 months agoiotests/qsd-jobs: Filter events in the first test
Max Reitz [Thu, 1 Apr 2021 13:28:39 +0000 (15:28 +0200)] 
iotests/qsd-jobs: Filter events in the first test

The job may or may not be ready before the 'quit' is issued.  Whether it
is is irrelevant; for the purpose of the test, it only needs to still be
there.  Filter the job status change and READY events from the output so
it becomes reliable.

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Suggested-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20210401132839.139939-1-mreitz@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
17 months agoblock/rbd: fix memory leak in qemu_rbd_co_create_opts()
Stefano Garzarella [Mon, 29 Mar 2021 15:01:29 +0000 (17:01 +0200)] 
block/rbd: fix memory leak in qemu_rbd_co_create_opts()

When we allocate 'q_namespace', we forgot to set 'has_q_namespace'
to true. This can cause several issues, including a memory leak,
since qapi_free_BlockdevCreateOptions() does not deallocate that
memory, as reported by valgrind:

  13 bytes in 1 blocks are definitely lost in loss record 7 of 96
     at 0x4839809: malloc (vg_replace_malloc.c:307)
     by 0x48CEBB8: g_malloc (in /usr/lib64/libglib-2.0.so.0.6600.8)
     by 0x48E3FE3: g_strdup (in /usr/lib64/libglib-2.0.so.0.6600.8)
     by 0x180010: qemu_rbd_co_create_opts (rbd.c:446)
     by 0x1AE72C: bdrv_create_co_entry (block.c:492)
     by 0x241902: coroutine_trampoline (coroutine-ucontext.c:173)
     by 0x57530AF: ??? (in /usr/lib64/libc-2.32.so)
     by 0x1FFEFFFA6F: ???

Fix setting 'has_q_namespace' to true when we allocate 'q_namespace'.

Fixes: 19ae9ae014 ("block/rbd: Add support for ceph namespaces")
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Message-Id: <20210329150129.121182-3-sgarzare@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
17 months agoblock/rbd: fix memory leak in qemu_rbd_connect()
Stefano Garzarella [Mon, 29 Mar 2021 15:01:28 +0000 (17:01 +0200)] 
block/rbd: fix memory leak in qemu_rbd_connect()

In qemu_rbd_connect(), 'mon_host' is allocated by qemu_rbd_mon_host()
using g_strjoinv(), but it's only freed in the error path, leaking
memory in the success path as reported by valgrind:

  80 bytes in 4 blocks are definitely lost in loss record 5,028 of 6,516
     at 0x4839809: malloc (vg_replace_malloc.c:307)
     by 0x5315BB8: g_malloc (in /usr/lib64/libglib-2.0.so.0.6600.8)
     by 0x532B6FF: g_strjoinv (in /usr/lib64/libglib-2.0.so.0.6600.8)
     by 0x87D07E: qemu_rbd_mon_host (rbd.c:538)
     by 0x87D07E: qemu_rbd_connect (rbd.c:562)
     by 0x87E1CE: qemu_rbd_open (rbd.c:740)
     by 0x840EB1: bdrv_open_driver (block.c:1528)
     by 0x8453A9: bdrv_open_common (block.c:1802)
     by 0x8453A9: bdrv_open_inherit (block.c:3444)
     by 0x8464C2: bdrv_open (block.c:3537)
     by 0x8108CD: qmp_blockdev_add (blockdev.c:3569)
     by 0x8EA61B: qmp_marshal_blockdev_add (qapi-commands-block-core.c:1086)
     by 0x90B528: do_qmp_dispatch_bh (qmp-dispatch.c:131)
     by 0x907EA4: aio_bh_poll (async.c:164)

Fix freeing 'mon_host' also when qemu_rbd_connect() ends correctly.

Fixes: 0a55679b4a5061f4d74bdb1a0e81611ba3390b00
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Message-Id: <20210329150129.121182-2-sgarzare@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
17 months agoMerge remote-tracking branch 'remotes/vivier2/tags/linux-user-for-6.0-pull-request... 283972564 284078094
Peter Maydell [Fri, 9 Apr 2021 13:22:03 +0000 (14:22 +0100)] 
Merge remote-tracking branch 'remotes/vivier2/tags/linux-user-for-6.0-pull-request' into staging

linux-user pull request 20210409

Fix lock_user()/unlock_user()

# gpg: Signature made Fri 09 Apr 2021 14:09:17 BST
# gpg:                using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C
# gpg:                issuer "laurent@vivier.eu"
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full]
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>" [full]
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full]
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F  5173 F30C 38BD 3F2F BE3C

* remotes/vivier2/tags/linux-user-for-6.0-pull-request:
  linux-user: Use signed lengths in uaccess.c

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
17 months agos390x: css: report errors from ccw_dstream_read/write
Pierre Morel [Thu, 8 Apr 2021 16:32:09 +0000 (18:32 +0200)] 
s390x: css: report errors from ccw_dstream_read/write

ccw_dstream_read/write functions returned values are sometime
not taking into account and reported back to the upper level
of interpretation of CCW instructions.

It follows that accessing an invalid address does not trigger
a subchannel status program check to the guest as it should.

Let's test the return values of ccw_dstream_write[_buf] and
ccw_dstream_read[_buf] and report it to the caller.

Cc: qemu-stable@nongnu.org
Signed-off-by: Pierre Morel <pmorel@linux.ibm.com>
Acked-by: Halil Pasic <pasic@linux.ibm.com>
Message-Id: <1617899529-9329-2-git-send-email-pmorel@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
17 months agoMerge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging 283447234 283972370
Peter Maydell [Thu, 8 Apr 2021 15:45:31 +0000 (16:45 +0100)] 
Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging

# gpg: Signature made Thu 08 Apr 2021 10:34:24 BST
# gpg:                using RSA key EF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F  3562 EF04 965B 398D 6211

* remotes/jasowang/tags/net-pull-request:
  tap-win32: correctly recycle buffers
  Revert "qapi: net: Add query-netdev command"
  Revert "tests: Add tests for query-netdev command"
  Revert "net: Move NetClientState.info_str to dynamic allocations"
  Revert "hmp: Use QAPI NetdevInfo in hmp_info_network"
  Revert "net: Do not fill legacy info_str for backends"

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
17 months agoMerge remote-tracking branch 'remotes/dgilbert/tags/pull-migration-20210407b' into... 283337231 283446974
Peter Maydell [Thu, 8 Apr 2021 13:00:57 +0000 (14:00 +0100)] 
Merge remote-tracking branch 'remotes/dgilbert/tags/pull-migration-20210407b' into staging

V2 migration+virtiofs fixes pull 2021-04-07

A seg fix in virtiofsd, a bunch of fixes for background snapshots, and
a migration test fix.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
v2
  Fix for !linux build

# gpg: Signature made Wed 07 Apr 2021 18:53:13 BST
# gpg:                using RSA key 45F5C71B4A0CB7FB977A9FA90516331EBC5BFDE7
# gpg: Good signature from "Dr. David Alan Gilbert (RH2) <dgilbert@redhat.com>" [full]
# Primary key fingerprint: 45F5 C71B 4A0C B7FB 977A  9FA9 0516 331E BC5B FDE7

* remotes/dgilbert/tags/pull-migration-20210407b:
  tests/migration: fix parameter of auto-converge migration
  migration: Rename 'bs' to 'block' in background snapshot code
  migration: Pre-fault memory before starting background snasphot
  migration: Inhibit virtio-balloon for the duration of background snapshot
  migration: Fix missing qemu_fflush() on buffer file in bg_migration_thread
  virtiofsd: Fix security.capability comparison

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
17 months agoMerge remote-tracking branch 'remotes/stsquad/tags/pull-6.0-rc2-fixes-060421-1' into... 283254482 283336714
Peter Maydell [Thu, 8 Apr 2021 10:39:53 +0000 (11:39 +0100)] 
Merge remote-tracking branch 'remotes/stsquad/tags/pull-6.0-rc2-fixes-060421-1' into staging

Testing updates:

  - fix x86_64 cross compilers
  - don't use registry for non-x86 containers
  - add valid host types for given cross compile containers
  - clean up i386 code16 test with explicit -no-pie
  - relax sha1.py gdbstub test
  - add more gdbstub documentation
  - remove annoying warning on gitlab
  - test dtrace backend in gitlab

# gpg: Signature made Tue 06 Apr 2021 15:55:53 BST
# gpg:                using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [full]
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8  DF35 FBD0 DB09 5A9E 2A44

* remotes/stsquad/tags/pull-6.0-rc2-fixes-060421-1:
  gitlab-ci.yml: Test the dtrace backend in one of the jobs
  gitlab-ci.yml: Fix the filtering for the git submodules
  docs/system/gdb.rst: Document how to debug multicore machines
  docs/system/gdb.rst: Add some more heading structure
  tests/tcg: relax the next step precision of the gdb sha1 test
  tests/tcg/i386: force -fno-pie for test-i386
  tests/tcg/i386: expand .data sections for system tests
  tests/tcg/configure.sh: make sure we pick up x86_64 cross compilers
  tests/tcg: add concept of container_hosts
  tests/docker: don't set DOCKER_REGISTRY on non-x86_64
  tests/tcg: update the defaults for x86 compilers

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
17 months agotap-win32: correctly recycle buffers
Jason Wang [Fri, 26 Mar 2021 08:46:43 +0000 (16:46 +0800)] 
tap-win32: correctly recycle buffers

Commit 969e50b61a28 ("net: Pad short frames to minimum size before
sending from SLiRP/TAP") tries to pad frames but try to recyle the
local array that is used for padding to tap thread. This patch fixes
this by recyling the original buffer.

Fixes: 969e50b61a28 ("net: Pad short frames to minimum size before sending from SLiRP/TAP")
Tested-by: Howard Spoelstra <hsp.cat7@gmail.com>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
17 months agoRevert "qapi: net: Add query-netdev command"
Jason Wang [Fri, 2 Apr 2021 03:05:20 +0000 (11:05 +0800)] 
Revert "qapi: net: Add query-netdev command"

Several issues has been reported for query-netdev series. Consider
it's late in the rc, this reverts commit
d32ad10a14d46dfe9304e3ed5858a11dcd5c71a0.

Signed-off-by: Jason Wang <jasowang@redhat.com>
17 months agoRevert "tests: Add tests for query-netdev command"
Jason Wang [Fri, 2 Apr 2021 03:05:12 +0000 (11:05 +0800)] 
Revert "tests: Add tests for query-netdev command"

Several issues has been reported for query-netdev series. Consider
it's late in the rc, this reverts commit
3c3b656885473ef0d699290ba966177f17839aa5.

Signed-off-by: Jason Wang <jasowang@redhat.com>
17 months agoRevert "net: Move NetClientState.info_str to dynamic allocations"
Jason Wang [Fri, 2 Apr 2021 03:03:33 +0000 (11:03 +0800)] 
Revert "net: Move NetClientState.info_str to dynamic allocations"

Several issues has been reported for query-netdev info
series. Consider it's late in the rc, this reverts commit
commit 59b5437eb732d6b103a9bc279c3482c834d1eff9.

Signed-off-by: Jason Wang <jasowang@redhat.com>
17 months agoRevert "hmp: Use QAPI NetdevInfo in hmp_info_network"
Jason Wang [Fri, 2 Apr 2021 03:03:20 +0000 (11:03 +0800)] 
Revert "hmp: Use QAPI NetdevInfo in hmp_info_network"

Several issues has been reported for query-netdev info
series. Consider it's late in the rc, this reverts commit
a0724776c5a98a08fc946bb5a4ad16410ca64c0e.

Signed-off-by: Jason Wang <jasowang@redhat.com>
17 months agoRevert "net: Do not fill legacy info_str for backends"
Jason Wang [Fri, 2 Apr 2021 03:03:12 +0000 (11:03 +0800)] 
Revert "net: Do not fill legacy info_str for backends"

Several issues has been reported for query-netdev info
series. Consider it's late in the rc, this reverts commit
f2e8319d456724c3d8514d943dc4607e2f08e88a.

Signed-off-by: Jason Wang <jasowang@redhat.com>
17 months agoMerge remote-tracking branch 'remotes/nvme/tags/nvme-fixes-20210407-pull-request... 282902055 283254044
Peter Maydell [Wed, 7 Apr 2021 18:21:47 +0000 (19:21 +0100)] 
Merge remote-tracking branch 'remotes/nvme/tags/nvme-fixes-20210407-pull-request' into staging

emulated nvme fixes for -rc3

v3:
  - removed unnecessary deprecation warning

v2:
  - added missing patches

# gpg: Signature made Wed 07 Apr 2021 17:47:13 BST
# gpg:                using RSA key 522833AA75E2DCE6A24766C04DE1AF316D4F0DE9
# gpg: Good signature from "Klaus Jensen <its@irrelevant.dk>" [unknown]
# gpg:                 aka "Klaus Jensen <k.jensen@samsung.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: DDCA 4D9C 9EF9 31CC 3468  4272 63D5 6FC5 E55D A838
#      Subkey fingerprint: 5228 33AA 75E2 DCE6 A247  66C0 4DE1 AF31 6D4F 0DE9

* remotes/nvme/tags/nvme-fixes-20210407-pull-request:
  hw/block/nvme: fix out-of-bounds read in nvme_subsys_ctrl
  hw/block/nvme: fix assert crash in nvme_subsys_ns
  hw/block/nvme: fix ns attachment out-of-bounds read
  hw/block/nvme: add missing copyright headers
  hw/block/nvme: fix handling of private namespaces
  hw/block/nvme: update dmsrl limit on namespace detachment
  hw/block/nvme: fix warning about legacy namespace configuration
  hw/block/nvme: fix the nsid 'invalid' value
  hw/block/nvme: fix missing string representation for ns attachment
  hw/block/nvme: fix pi constraint check

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
17 months agotests/migration: fix parameter of auto-converge migration
Hyman Huang(黄勇) [Tue, 23 Mar 2021 15:43:58 +0000 (23:43 +0800)] 
tests/migration: fix parameter of auto-converge migration

when execute the following test command:
$ ./guestperf-batch.py --auto-converge \
    --auto-converge-step {percent} ...
test aborts and error message be throwed as the following:
"Parameter 'x-cpu-throttle-increment' is unexpected"

The reason is that 'x-cpu-throttle-increment' has been
deprecated and 'cpu-throttle-increment' was introduced
Since v2.7. Use the new parameter instead.

Signed-off-by: Hyman Huang(黄勇) <huangy81@chinatelecom.cn>
Message-Id: <0195d34a317ce3cc417b3efd275e30cad35a7618.1616513998.git.huangy81@chinatelecom.cn>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
17 months agomigration: Rename 'bs' to 'block' in background snapshot code
Andrey Gruzdev [Thu, 1 Apr 2021 09:22:26 +0000 (12:22 +0300)] 
migration: Rename 'bs' to 'block' in background snapshot code

Rename 'bs' to commonly used 'block' in migration/ram.c background
snapshot code.

Signed-off-by: Andrey Gruzdev <andrey.gruzdev@virtuozzo.com>
Reported-by: David Hildenbrand <david@redhat.com>
Message-Id: <20210401092226.102804-5-andrey.gruzdev@virtuozzo.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
17 months agomigration: Pre-fault memory before starting background snasphot
Andrey Gruzdev [Thu, 1 Apr 2021 09:22:25 +0000 (12:22 +0300)] 
migration: Pre-fault memory before starting background snasphot

This commit solves the issue with userfault_fd WP feature that
background snapshot is based on. For any never poluated or discarded
memory page, the UFFDIO_WRITEPROTECT ioctl() would skip updating
PTE for that page, thereby loosing WP setting for it.

So we need to pre-fault pages for each RAM block to be protected
before making a userfault_fd wr-protect ioctl().

Fixes: 278e2f551a095b234de74dca9c214d5502a1f72c (migration: support
  UFFD write fault processing in ram_save_iterate())
Signed-off-by: Andrey Gruzdev <andrey.gruzdev@virtuozzo.com>
Reported-by: David Hildenbrand <david@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Message-Id: <20210401092226.102804-4-andrey.gruzdev@virtuozzo.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
dgilbert:
  Bodged ifdef __linux__ on ram_write_tracking_prepare, should really
      go in a stub

17 months agolinux-user: Use signed lengths in uaccess.c
Richard Henderson [Mon, 15 Mar 2021 20:40:04 +0000 (14:40 -0600)] 
linux-user: Use signed lengths in uaccess.c

Partially revert 09f679b62dff, but only for the length arguments.
Instead of reverting to long, use ssize_t.  Reinstate the > 0 check
in unlock_user.

Fixes: 09f679b62dff
Reported-by: Coverity (CID 1446711)
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20210315204004.2025219-1-richard.henderson@linaro.org>
[lv: remove superfluous semicolon]
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
17 months agohw/block/nvme: fix out-of-bounds read in nvme_subsys_ctrl
Klaus Jensen [Wed, 7 Apr 2021 05:16:14 +0000 (07:16 +0200)] 
hw/block/nvme: fix out-of-bounds read in nvme_subsys_ctrl

nvme_subsys_ctrl() is used in contexts where the given controller
identifier is from an untrusted source. Like its friends nvme_ns() and
nvme_subsys_ns(), nvme_subsys_ctrl() should just return NULL if an
invalid identifier is given.

Fixes: 645ce1a70cb6 ("hw/block/nvme: support namespace attachment command")
Cc: Minwoo Im <minwoo.im.dev@gmail.com>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Minwoo Im <minwoo.im.dev@gmail.com>
17 months agohw/block/nvme: fix assert crash in nvme_subsys_ns
Klaus Jensen [Wed, 7 Apr 2021 05:07:43 +0000 (07:07 +0200)] 
hw/block/nvme: fix assert crash in nvme_subsys_ns

nvme_subsys_ns() is used in contexts where the namespace identifier is
taken from an untrusted source. Commit 3921756dee6d ("hw/block/nvme:
assert namespaces array indices") tried to guard against this by
introducing an assert on the namespace identifier.

This is wrong since it is perfectly valid to call the function with an
invalid namespace identifier and like nvme_ns(), nvme_subsys_ns() should
simply return NULL.

Fixes: 3921756dee6d ("hw/block/nvme: assert namespaces array indices")
Fixes: 94d8d6d16781 ("hw/block/nvme: support allocated namespace type")
Cc: Minwoo Im <minwoo.im.dev@gmail.com>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Minwoo Im <minwoo.im.dev@gmail.com>
17 months agohw/block/nvme: fix ns attachment out-of-bounds read
Klaus Jensen [Wed, 7 Apr 2021 04:54:34 +0000 (06:54 +0200)] 
hw/block/nvme: fix ns attachment out-of-bounds read

nvme_ns_attachment() does not verify the contents of the host-supplied
16 bit "Number of Identifiers" field in the command payload.

Make sure the value is capped at 2047 and fix the out-of-bounds read.

Fixes: 645ce1a70cb6 ("hw/block/nvme: support namespace attachment command")
Cc: Minwoo Im <minwoo.im.dev@gmail.com>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Minwoo Im <minwoo.im.dev@gmail.com>
17 months agohw/block/nvme: add missing copyright headers
Klaus Jensen [Mon, 5 Apr 2021 13:32:18 +0000 (15:32 +0200)] 
hw/block/nvme: add missing copyright headers

Add missing license/copyright headers to the nvme-dif.{c,h} files.

Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Keith Busch <kbusch@kernel.org>
17 months agohw/block/nvme: fix handling of private namespaces
Klaus Jensen [Tue, 23 Mar 2021 11:43:24 +0000 (12:43 +0100)] 
hw/block/nvme: fix handling of private namespaces

Prior to this patch, if a private nvme-ns device (that is, a namespace
that is not linked to a subsystem) is wired up to an nvme-subsys linked
nvme controller device, the device fails to verify that the namespace id
is unique within the subsystem. NVM Express v1.4b, Section 6.1.6 ("NSID
and Namespace Usage") states that because the device supports Namespace
Management, "NSIDs *shall* be unique within the NVM subsystem".

Additionally, prior to this patch, private namespaces are not known to
the subsystem and the namespace is considered exclusive to the
controller with which it is initially wired up to. However, this is not
the definition of a private namespace; per Section 1.6.33 ("private
namespace"), a private namespace is just a namespace that does not
support multipath I/O or namespace sharing, which means "that it is only
able to be attached to one controller at a time".

Fix this by always allocating namespaces in the subsystem (if one is
linked to the controller), regardless of the shared/private status of
the namespace. Whether or not the namespace is shareable is controlled
by a new `shared` nvme-ns parameter.

Finally, this fix allows the nvme-ns `subsys` parameter to be removed,
since the `shared` parameter now serves the purpose of attaching the
namespace to all controllers in the subsystem upon device realization.
It is invalid to have an nvme-ns namespace device with a linked
subsystem without the parent nvme controller device also being linked to
one and since the nvme-ns devices will unconditionally be "attached" (in
QEMU terms that is) to an nvme controller device through an NvmeBus, the
nvme-ns namespace device can always get a reference to the subsystem of
the controller it is explicitly (using 'bus=' parameter) or implicitly
attaching to.

Fixes: e570768566b3 ("hw/block/nvme: support for shared namespace in subsystem")
Cc: Minwoo Im <minwoo.im.dev@gmail.com>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Gollu Appalanaidu <anaidu.gollu@samsung.com>
Reviewed-by: Keith Busch <kbusch@kernel.org>
Reviewed-by: Minwoo Im <minwoo.im.dev@gmail.com>
17 months agohw/block/nvme: update dmsrl limit on namespace detachment
Klaus Jensen [Tue, 23 Mar 2021 21:42:56 +0000 (22:42 +0100)] 
hw/block/nvme: update dmsrl limit on namespace detachment

The Non-MDTS DMSRL limit must be recomputed when namespaces are
detached.

Fixes: 645ce1a70cb6 ("hw/block/nvme: support namespace attachment command")
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Gollu Appalanaidu <anaidu.gollu@samsung.com>
Reviewed-by: Keith Busch <kbusch@kernel.org>
17 months agohw/block/nvme: fix warning about legacy namespace configuration
Klaus Jensen [Tue, 23 Mar 2021 21:12:36 +0000 (22:12 +0100)] 
hw/block/nvme: fix warning about legacy namespace configuration

Remove the unused BlockConf from the controller structure and remove the
noop constraint checking.

Device works just fine with both legacy drive parameter namespace and
nvme-ns namespace definitions.

Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Gollu Appalanaidu <anaidu.gollu@samsung.com>
17 months agohw/block/nvme: fix the nsid 'invalid' value
Klaus Jensen [Wed, 24 Mar 2021 09:11:55 +0000 (10:11 +0100)] 
hw/block/nvme: fix the nsid 'invalid' value

The `nvme_nsid()` function returns '-1' (FFFFFFFFh) when the given
namespace is NULL. Since FFFFFFFFh is actually a valid namespace
identifier (the "broadcast" value), change this to be '0' since that
actually *is* the invalid value.

Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Gollu Appalanaidu <anaidu.gollu@samsung.com>
Reviewed-by: Keith Busch <kbusch@kernel.org>
17 months agohw/block/nvme: fix missing string representation for ns attachment
Klaus Jensen [Tue, 23 Mar 2021 14:10:54 +0000 (15:10 +0100)] 
hw/block/nvme: fix missing string representation for ns attachment

Add the missing nvme_adm_opc_str entry for the Namespace Attachment
command.

Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Gollu Appalanaidu <anaidu.gollu@samsung.com>
Reviewed-by: Keith Busch <kbusch@kernel.org>
17 months agohw/block/nvme: fix pi constraint check
Klaus Jensen [Tue, 23 Mar 2021 08:03:10 +0000 (09:03 +0100)] 
hw/block/nvme: fix pi constraint check

Protection Information can only be enabled if there is at least 8 bytes
of metadata.

Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Gollu Appalanaidu <anaidu.gollu@samsung.com>
Reviewed-by: Keith Busch <kbusch@kernel.org>
17 months agomigration: Inhibit virtio-balloon for the duration of background snapshot
Andrey Gruzdev [Thu, 1 Apr 2021 09:22:24 +0000 (12:22 +0300)] 
migration: Inhibit virtio-balloon for the duration of background snapshot

The same thing as for incoming postcopy - we cannot deal with concurrent
RAM discards when using background snapshot feature in outgoing migration.

Fixes: 8518278a6af589ccc401f06e35f171b1e6fae800 (migration: implementation
  of background snapshot thread)
Signed-off-by: Andrey Gruzdev <andrey.gruzdev@virtuozzo.com>
Reported-by: David Hildenbrand <david@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Message-Id: <20210401092226.102804-3-andrey.gruzdev@virtuozzo.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
17 months agomigration: Fix missing qemu_fflush() on buffer file in bg_migration_thread
Andrey Gruzdev [Thu, 1 Apr 2021 09:22:23 +0000 (12:22 +0300)] 
migration: Fix missing qemu_fflush() on buffer file in bg_migration_thread

Added missing qemu_fflush() on buffer file holding precopy device state.
Increased initial QIOChannelBuffer allocation to 512KB to avoid reallocs.
Typical configurations often require >200KB for device state and VMDESC.

Fixes: 8518278a6af589ccc401f06e35f171b1e6fae800 (migration: implementation
  of background snapshot thread)
Signed-off-by: Andrey Gruzdev <andrey.gruzdev@virtuozzo.com>
Message-Id: <20210401092226.102804-2-andrey.gruzdev@virtuozzo.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
17 months agovirtiofsd: Fix security.capability comparison
Dr. David Alan Gilbert [Thu, 1 Apr 2021 14:58:45 +0000 (15:58 +0100)] 
virtiofsd: Fix security.capability comparison

My security fix for the security.capability remap has a silly early
segfault in a simple case where there is an xattrmapping but it doesn't
remap the security.capability.

Fixes: e586edcb41054 ("virtiofs: drop remapped security.capability xattr as needed")
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <20210401145845.78445-1-dgilbert@redhat.com>
Reviewed-by: Connor Kuehl <ckuehl@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
17 months agoUpdate version for v6.0.0-rc2 release 282260145 282260182 v6.0.0-rc2
Peter Maydell [Tue, 6 Apr 2021 17:34:34 +0000 (18:34 +0100)] 
Update version for v6.0.0-rc2 release

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
17 months agoMerge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20210406' into... 282176304 282227980
Peter Maydell [Tue, 6 Apr 2021 15:04:33 +0000 (16:04 +0100)] 
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20210406' into staging

target-arm queue:
 * ppc/e500 and arm/virt: only add valid dynamic sysbus devices to the
   platform bus
 * update i.mx31 maintainer list
 * Revert "target/arm: Make number of counters in PMCR follow the CPU"

# gpg: Signature made Tue 06 Apr 2021 13:25:54 BST
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20210406:
  Remove myself as i.mx31 maintainer
  Revert "target/arm: Make number of counters in PMCR follow the CPU"
  hw/ppc/e500plat: Only try to add valid dynamic sysbus devices to platform bus
  hw/arm/virt: Only try to add valid dynamic sysbus devices to platform bus
  machine: Provide a function to check the dynamic sysbus allowlist
  include/hw/boards.h: Document machine_class_allow_dynamic_sysbus_dev()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
17 months agogitlab-ci.yml: Test the dtrace backend in one of the jobs
Thomas Huth [Thu, 1 Apr 2021 10:25:30 +0000 (11:25 +0100)] 
gitlab-ci.yml: Test the dtrace backend in one of the jobs

We are using the dtrace backend in downstream RHEL, so testing this
in the CentOS 8 task seems to be a good fit.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Willian Rampazzo <willianr@redhat.com>
Message-Id: <20210331160351.3071279-1-thuth@redhat.com>
Message-Id: <20210401102530.12030-12-alex.bennee@linaro.org>

17 months agogitlab-ci.yml: Fix the filtering for the git submodules
Thomas Huth [Thu, 1 Apr 2021 10:25:29 +0000 (11:25 +0100)] 
gitlab-ci.yml: Fix the filtering for the git submodules

Commit 7d7dbf9dc15be6e introduced a new line starting with
"GIT_SUBMODULES_ACTION=" in the config-host.mak file. The grep that
tries to determine the submodules in the gitlab-ci.yml file matches
this new line, too, causing a warning message when updating the modules:

 warn: ignoring non-existent submodule GIT_SUBMODULES_ACTION=update

Fix it by matching the "GIT_SUBMODULES=..." line only.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Willian Rampazzo <willianr@redhat.com>
Message-Id: <20210331073316.2965928-1-thuth@redhat.com>
Message-Id: <20210401102530.12030-11-alex.bennee@linaro.org>

17 months agodocs/system/gdb.rst: Document how to debug multicore machines
Peter Maydell [Thu, 1 Apr 2021 10:25:28 +0000 (11:25 +0100)] 
docs/system/gdb.rst: Document how to debug multicore machines

Document how multicore machines appear to GDB when debugged
via the debug stub. This is particularly non-intuitive for
the "multiple heterogenous clusters" case, but unfortunately
as far as I know there is no way with the remote protocol
for the stub to tell gdb "I have 2 inferiors, please connect
to both", so the user must set it all up manually.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20210325175023.13838-3-peter.maydell@linaro.org>
Message-Id: <20210401102530.12030-10-alex.bennee@linaro.org>

17 months agodocs/system/gdb.rst: Add some more heading structure
Peter Maydell [Thu, 1 Apr 2021 10:25:27 +0000 (11:25 +0100)] 
docs/system/gdb.rst: Add some more heading structure

We're about to add a new section to gdb.rst. In
preparation, add some more headings so it isn't just
one huge run-on section.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20210325175023.13838-2-peter.maydell@linaro.org>
Message-Id: <20210401102530.12030-9-alex.bennee@linaro.org>

17 months agotests/tcg: relax the next step precision of the gdb sha1 test
Alex Bennée [Thu, 1 Apr 2021 10:25:26 +0000 (11:25 +0100)] 
tests/tcg: relax the next step precision of the gdb sha1 test

Depending on the version of gdb we may not execute the first line of
SHA1Init when executing the first "next" command - instead just
stepping over the preamble. As we don't actually care about the
position of the PC after the steps and want to be sure the
context->state[] has been loaded before we inspect it do a double next
at the start.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210401102530.12030-8-alex.bennee@linaro.org>

17 months agotests/tcg/i386: force -fno-pie for test-i386
Alex Bennée [Thu, 1 Apr 2021 10:25:25 +0000 (11:25 +0100)] 
tests/tcg/i386: force -fno-pie for test-i386

The containerised compiler defaults to no-pie anyway but if we are
relying on the users installed cross compiler we need to check it
works for building 16 bit code first.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20210401102530.12030-7-alex.bennee@linaro.org>

17 months agotests/tcg/i386: expand .data sections for system tests
Alex Bennée [Thu, 1 Apr 2021 10:25:24 +0000 (11:25 +0100)] 
tests/tcg/i386: expand .data sections for system tests

Newer compilers might end up putting some data in .data.rel.local
which was getting skipped resulting in hilarious confusion on some
tests. Fix that.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210401102530.12030-6-alex.bennee@linaro.org>

17 months agotests/tcg/configure.sh: make sure we pick up x86_64 cross compilers
Alex Bennée [Thu, 1 Apr 2021 10:25:23 +0000 (11:25 +0100)] 
tests/tcg/configure.sh: make sure we pick up x86_64 cross compilers

While it's hard to find cross compilers packaged for arches other than
x86_64 the same cannot be said for the x86_64 compiler which is
available on Debians i386, arm64 and ppc64el release architectures.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210401102530.12030-5-alex.bennee@linaro.org>

17 months agotests/tcg: add concept of container_hosts
Alex Bennée [Thu, 1 Apr 2021 10:25:22 +0000 (11:25 +0100)] 
tests/tcg: add concept of container_hosts

While docker is nominally multiarch these days it doesn't mean our
distros actually package all cross compilers for all architectures.
The upcoming Debian bullseye release will improve things further. At
least for now we can get things like the 32 bit ARM compiler on it's
64 bit cousin.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210401102530.12030-4-alex.bennee@linaro.org>

17 months agotests/docker: don't set DOCKER_REGISTRY on non-x86_64
Alex Bennée [Thu, 1 Apr 2021 10:25:21 +0000 (11:25 +0100)] 
tests/docker: don't set DOCKER_REGISTRY on non-x86_64

Currently our gitlab registry is x86_64 only so attempting to pull an
image from it on something else will end in tears.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Willian Rampazzo <willianr@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210401102530.12030-3-alex.bennee@linaro.org>

17 months agotests/tcg: update the defaults for x86 compilers
Alex Bennée [Thu, 1 Apr 2021 10:25:20 +0000 (11:25 +0100)] 
tests/tcg: update the defaults for x86 compilers

You don't usually notice this is broken on developer system on x86 as
we use the normal host compiler. However on other systems the -pc was
extraneous. Also for 32 bit only i686 packages exist now so we should
use those when available.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20210401102530.12030-2-alex.bennee@linaro.org>

17 months agoMerge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging 282067396 282176080
Peter Maydell [Tue, 6 Apr 2021 12:22:51 +0000 (13:22 +0100)] 
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

pc,virtio: last minute bugfixes

Two last minute bugfixes. They are both designed to prevent
compatibility headaches down the road.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Tue 06 Apr 2021 12:13:07 BST
# gpg:                using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469
# gpg:                issuer "mst@redhat.com"
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full]
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>" [full]
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17  0970 C350 3912 AFBE 8E67
#      Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA  8A0D 281F 0DB8 D28D 5469

* remotes/mst/tags/for_upstream:
  virtio-pci: compat page aligned ATS
  x86: rename oem-id and oem-table-id properties

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
17 months agovirtio-pci: compat page aligned ATS
Jason Wang [Tue, 6 Apr 2021 04:03:30 +0000 (12:03 +0800)] 
virtio-pci: compat page aligned ATS

Commit 4c70875372b8 ("pci: advertise a page aligned ATS") advertises
the page aligned via ATS capability (RO) to unbrek recent Linux IOMMU
drivers since 5.2. But it forgot the compat the capability which
breaks the migration from old machine type:

(qemu) qemu-kvm: get_pci_config_device: Bad config data: i=0x104 read:
0 device: 20 cmask: ff wmask: 0 w1cmask:0

This patch introduces a new parameter "x-ats-page-aligned" for
virtio-pci device and turns it on for machine type which is newer than
5.1.

Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Peter Xu <peterx@redhat.com>
Cc: Dr. David Alan Gilbert <dgilbert@redhat.com>
Cc: qemu-stable@nongnu.org
Fixes: 4c70875372b8 ("pci: advertise a page aligned ATS")
Signed-off-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20210406040330.11306-1-jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
17 months agoRemove myself as i.mx31 maintainer
Chubb, Peter (Data61, Eveleigh) [Tue, 6 Apr 2021 09:39:24 +0000 (09:39 +0000)] 
Remove myself as i.mx31 maintainer

Remove Peter Chubb as i/MX31 maintainer.

I'm leaving my current job and will no longer have access to the
hardware to test or maintain this port.

Signed-off-by: Peter Chubb <peter.chubb@data61.csiro.au>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
17 months agoRevert "target/arm: Make number of counters in PMCR follow the CPU"
Peter Maydell [Wed, 31 Mar 2021 15:48:22 +0000 (16:48 +0100)] 
Revert "target/arm: Make number of counters in PMCR follow the CPU"

This reverts commit f7fb73b8cdd3f77e26f9fcff8cf24ff1b58d200f.

This change turned out to be a bit half-baked, and doesn't
work with KVM, which fails with the error:
   "qemu-system-aarch64: Failed to retrieve host CPU features"

because KVM does not allow accessing of the PMCR_EL0 value in
the scratch "query CPU ID registers" VM unless we have first
set the KVM_ARM_VCPU_PMU_V3 feature on the VM.

Revert the change for 6.0.

Reported-by: Zenghui Yu <yuzenghui@huawei.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Zenghui Yu <yuzenghui@huawei.com>
Message-id: 20210331154822.23332-1-peter.maydell@linaro.org

17 months agohw/ppc/e500plat: Only try to add valid dynamic sysbus devices to platform bus
Peter Maydell [Thu, 25 Mar 2021 15:33:10 +0000 (15:33 +0000)] 
hw/ppc/e500plat: Only try to add valid dynamic sysbus devices to platform bus

The e500plat machine device plug callback currently calls
platform_bus_link_device() for any sysbus device.  This is overly
broad, because platform_bus_link_device() will unconditionally grab
the IRQs and MMIOs of the device it is passed, whether it was
intended for the platform bus or not.  Restrict hotpluggability of
sysbus devices to only those devices on the dynamic sysbus allowlist.

We were mostly getting away with this because the board creates the
platform bus as the last device it creates, and so the hotplug
callback did not do anything for all the sysbus devices created by
the board itself.  However if the user plugged in a device which
itself uses a sysbus device internally we would have mishandled this
and probably asserted. An example of this is:
 qemu-system-ppc64 -M ppce500 -device macio-oldworld

This isn't a sensible command because the macio-oldworld device
is really specific to the 'g3beige' machine, but we now fail
with a reasonable error message rather than asserting:
qemu-system-ppc64: Device heathrow is not supported by this machine yet.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Acked-by: David Gibson <david@gibson.dropbear.id.au>
Message-id: 20210325153310.9131-5-peter.maydell@linaro.org

17 months agohw/arm/virt: Only try to add valid dynamic sysbus devices to platform bus
Peter Maydell [Thu, 25 Mar 2021 15:33:09 +0000 (15:33 +0000)] 
hw/arm/virt: Only try to add valid dynamic sysbus devices to platform bus

The virt machine device plug callback currently calls
platform_bus_link_device() for any sysbus device.  This is overly
broad, because platform_bus_link_device() will unconditionally grab
the IRQs and MMIOs of the device it is passed, whether it was
intended for the platform bus or not.  Restrict hotpluggability of
sysbus devices to only those devices on the dynamic sysbus
allowlist.

We were mostly getting away with this because the board creates the
platform bus as the last device it creates, and so the hotplug
callback did not do anything for all the sysbus devices created by
the board itself.  However if the user plugged in a device which
itself uses a sysbus device internally we would have mishandled this
and probably asserted.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20210325153310.9131-4-peter.maydell@linaro.org

17 months agomachine: Provide a function to check the dynamic sysbus allowlist
Peter Maydell [Thu, 25 Mar 2021 15:33:08 +0000 (15:33 +0000)] 
machine: Provide a function to check the dynamic sysbus allowlist

Provide a new function dynamic_sysbus_dev_allowed() which checks the
per-machine list of permitted dynamic sysbus devices and returns a
boolean result indicating whether the device is allowed.  We can use
this in the implementation of validate_sysbus_device(), but we will
also need it so that machine hotplug callbacks can validate devices
rather than assuming that any sysbus device might be hotpluggable
into the platform bus.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20210325153310.9131-3-peter.maydell@linaro.org

17 months agoinclude/hw/boards.h: Document machine_class_allow_dynamic_sysbus_dev()
Peter Maydell [Thu, 25 Mar 2021 15:33:07 +0000 (15:33 +0000)] 
include/hw/boards.h: Document machine_class_allow_dynamic_sysbus_dev()

The function machine_class_allow_dynamic_sysbus_dev() is currently
undocumented; add a doc comment.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20210325153310.9131-2-peter.maydell@linaro.org

17 months agoMerge remote-tracking branch 'remotes/nvme/tags/nvme-fixes-for-6.0-pull-request'... 281723779 281973248
Peter Maydell [Mon, 5 Apr 2021 21:15:38 +0000 (22:15 +0100)] 
Merge remote-tracking branch 'remotes/nvme/tags/nvme-fixes-for-6.0-pull-request' into staging

emulated nvme fixes

# gpg: Signature made Mon 05 Apr 2021 18:33:34 BST
# gpg:                using RSA key 522833AA75E2DCE6A24766C04DE1AF316D4F0DE9
# gpg: Good signature from "Klaus Jensen <its@irrelevant.dk>" [unknown]
# gpg:                 aka "Klaus Jensen <k.jensen@samsung.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: DDCA 4D9C 9EF9 31CC 3468  4272 63D5 6FC5 E55D A838
#      Subkey fingerprint: 5228 33AA 75E2 DCE6 A247  66C0 4DE1 AF31 6D4F 0DE9

* remotes/nvme/tags/nvme-fixes-for-6.0-pull-request:
  hw/block/nvme: expose 'bootindex' property
  hw/block/nvme: remove description for zoned.append_size_limit

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
17 months agoMerge remote-tracking branch 'remotes/rth-gitlab/tags/pull-tcg-20210405' into staging 281650079 281723487
Peter Maydell [Mon, 5 Apr 2021 18:29:45 +0000 (19:29 +0100)] 
Merge remote-tracking branch 'remotes/rth-gitlab/tags/pull-tcg-20210405' into staging

tcg/mips tlb lookup fix
target/alpha icount fix

# gpg: Signature made Mon 05 Apr 2021 15:34:06 BST
# gpg:                using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg:                issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A  05C0 64DF 38E8 AF7E 215F

* remotes/rth-gitlab/tags/pull-tcg-20210405:
  target/alpha: fix icount handling for timer instructions
  tcg/mips: Fix SoftTLB comparison on mips backend

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
17 months agohw/block/nvme: expose 'bootindex' property
Joelle van Dyne [Mon, 22 Mar 2021 08:24:44 +0000 (01:24 -0700)] 
hw/block/nvme: expose 'bootindex' property

The check for `n->namespace.blkconf.blk` always fails because
this is in the initialization function.

Signed-off-by: Joelle van Dyne <j@getutm.app>
Reviewed-by: Klaus Jensen <k.jensen@samsung.com>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
17 months agotarget/alpha: fix icount handling for timer instructions
Pavel Dovgalyuk [Mon, 29 Mar 2021 07:42:10 +0000 (10:42 +0300)] 
target/alpha: fix icount handling for timer instructions

This patch handles icount mode for timer read/write instructions,
because it is required to call gen_io_start in such cases.

Signed-off-by: Pavel Dovgalyuk <pavel.dovgalyuk@ispras.ru>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <161700373035.1135822.16451510827008616793.stgit@pasha-ThinkPad-X280>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
17 months agotcg/mips: Fix SoftTLB comparison on mips backend
Kele Huang [Thu, 1 Apr 2021 10:04:57 +0000 (18:04 +0800)] 
tcg/mips: Fix SoftTLB comparison on mips backend

The addrl used to compare with SoftTLB entry should be sign-extended
in common case, and it will cause constant failing in SoftTLB
comparisons for the addrl whose address is over 0x80000000 on the
emulation of 32-bit guest on 64-bit host.

This is an important performance bug fix. Spec2000 gzip rate increase
from ~45 to ~140 on Loongson 3A4000 (MIPS compatible platform).

Signed-off-by: Kele Huang <kele.hwang@gmail.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20210401100457.191458-1-kele.hwang@gmail.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
17 months agohw/block/nvme: remove description for zoned.append_size_limit
Niklas Cassel [Tue, 23 Mar 2021 11:18:25 +0000 (11:18 +0000)] 
hw/block/nvme: remove description for zoned.append_size_limit

The description was originally removed in commit 578d914b263c
("hw/block/nvme: align zoned.zasl with mdts") together with the removal
of the zoned.append_size_limit parameter itself.

However, it was (most likely accidentally), re-added in commit
f7dcd31885cb ("hw/block/nvme: add non-mdts command size limit for verify").

Remove the description again, since the parameter it describes,
zoned.append_size_limit, no longer exists.

Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
17 months agox86: rename oem-id and oem-table-id properties
Paolo Bonzini [Fri, 2 Apr 2021 08:21:28 +0000 (10:21 +0200)] 
x86: rename oem-id and oem-table-id properties

After introducing non-scalar machine properties, it would be preferrable
to have a single acpitable property which includes both generic
information (such as the OEM ids) and custom tables currently
passed via -acpitable.

Do not saddle ourselves with legacy oem-id and oem-table-id
properties, instead mark them as experimental.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20210402082128.13854-1-pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
17 months agoMerge remote-tracking branch 'remotes/xtensa/tags/20210403-xtensa' into staging 281285797 281529164
Peter Maydell [Sun, 4 Apr 2021 20:48:45 +0000 (21:48 +0100)] 
Merge remote-tracking branch 'remotes/xtensa/tags/20210403-xtensa' into staging

target/xtensa fixes for v6.0:

- make meson.build pick up all available xtensa core definitions;
- don't modify Makefile.objs in import_core.sh;
- add sed rule to import_core.sh to make xtensa_modules variable static.

# gpg: Signature made Sat 03 Apr 2021 17:08:41 BST
# gpg:                using RSA key 2B67854B98E5327DCDEB17D851F9CC91F83FA044
# gpg:                issuer "jcmvbkbc@gmail.com"
# gpg: Good signature from "Max Filippov <filippov@cadence.com>" [unknown]
# gpg:                 aka "Max Filippov <max.filippov@cogentembedded.com>" [full]
# gpg:                 aka "Max Filippov <jcmvbkbc@gmail.com>" [full]
# Primary key fingerprint: 2B67 854B 98E5 327D CDEB  17D8 51F9 CC91 F83F A044

* remotes/xtensa/tags/20210403-xtensa:
  target/xtensa: make xtensa_modules static on import
  target/xtensa: fix meson.build rule for xtensa cores

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
17 months agotarget/xtensa: make xtensa_modules static on import
Max Filippov [Tue, 30 Mar 2021 06:59:49 +0000 (23:59 -0700)] 
target/xtensa: make xtensa_modules static on import

xtensa_modules variable defined in each xtensa-modules.c.inc is only
used locally by the including file. Make it static.

Reported-by: Yury Gribov <tetra2005@gmail.com>
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
17 months agotarget/xtensa: fix meson.build rule for xtensa cores
Max Filippov [Tue, 30 Mar 2021 07:25:24 +0000 (00:25 -0700)] 
target/xtensa: fix meson.build rule for xtensa cores

import_core.sh tries to change Makefile.objs when importing new xtensa
core, but that file no longer exists. Rewrite meson.build rule to pick
up all source files that match core-*.c pattern and drop commands that
change Makefile.objs.

Cc: qemu-stable@nongnu.org # v5.2.0
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
18 months agoMerge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging 280642269 281285718
Peter Maydell [Fri, 2 Apr 2021 10:53:18 +0000 (11:53 +0100)] 
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

pc,virtio,pci: bugfixes

Fixes all over the place.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Thu 01 Apr 2021 17:22:03 BST
# gpg:                using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469
# gpg:                issuer "mst@redhat.com"
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full]
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>" [full]
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17  0970 C350 3912 AFBE 8E67
#      Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA  8A0D 281F 0DB8 D28D 5469

* remotes/mst/tags/for_upstream:
  pci: sprinkle assert in PCI pin number
  isa/v582c686: Reinitialize ACPI PM device on reset
  vt82c686.c: don't raise SCI when PCI_INTERRUPT_PIN isn't setup
  acpi/piix4: reinitialize acpi PM device on reset
  virtio-pci: remove explicit initialization of val
  virtio-pci: add check for vdev in virtio_pci_isr_read
  vhost-user-blk: add immediate cleanup on shutdown
  vhost-user-blk: perform immediate cleanup if disconnect on initialization
  vhost-user-blk: use different event handlers on initialization

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
18 months agoMerge remote-tracking branch 'remotes/thuth-gitlab/tags/pull-request-2021-04-01'... 280444121 280642147
Peter Maydell [Thu, 1 Apr 2021 22:34:16 +0000 (23:34 +0100)] 
Merge remote-tracking branch 'remotes/thuth-gitlab/tags/pull-request-2021-04-01' into staging

* Updates for the MAINTAINERS file
* Some small documentation updates
* Some small misc fixes

# gpg: Signature made Thu 01 Apr 2021 13:30:39 BST
# gpg:                using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg:                issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full]
# gpg:                 aka "Thomas Huth <thuth@redhat.com>" [full]
# gpg:                 aka "Thomas Huth <huth@tuxfamily.org>" [full]
# gpg:                 aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3  EAB9 2ED9 D774 FE70 2DB5

* remotes/thuth-gitlab/tags/pull-request-2021-04-01:
  device-crash-test: Ignore errors about a bus not being available
  docs: Fix typo in the default name of the qemu-system-x86_64 binary
  docs: Remove obsolete paragraph about config-target.mak
  util/compatfd.c: Fixed style issues
  qom: Fix default values in help
  MAINTAINERS: Mark SH-4 hardware emulation orphan
  MAINTAINERS: Mark RX hardware emulation orphan
  MAINTAINERS: add virtio-fs mailing list
  MAINTAINERS: Drop the line with Xiang Zheng
  MAINTAINERS: replace Huawei's email to personal one
  MAINTAINERS: Drop the lines with Sarah Harris
  MAINTAINERS: add/replace backups for some s390 areas
  MAINTAINERS: Fix tests/migration maintainers

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
18 months agopci: sprinkle assert in PCI pin number
Isaku Yamahata [Tue, 23 Mar 2021 20:52:27 +0000 (13:52 -0700)] 
pci: sprinkle assert in PCI pin number

If a device model
(a) doesn't set the value to a correct interrupt number and then
(b) triggers an interrupt for itself,
it's device model bug. Add assert on interrupt pin number to catch
this kind of bug more obviously.

Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
Message-Id: <9cf8ac3b17e162daac0971d7be32deb6a33ae6ec.1616532563.git.isaku.yamahata@intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
18 months agoisa/v582c686: Reinitialize ACPI PM device on reset
Isaku Yamahata [Tue, 23 Mar 2021 20:52:26 +0000 (13:52 -0700)] 
isa/v582c686: Reinitialize ACPI PM device on reset

Commit 6be8cf56bc8b made sure that SCI is enabled in PM1.CNT
on reset in acpi_only mode by modifying acpi_pm1_cnt_reset() and
that worked for q35 as expected.

This patch adds reset ACPI PM related registers on vt82c686 reset time
and de-assert sci.
via_pm_realize() initializes acpi pm tmr, evt, cnt and gpe.
Reset them on device reset.

Cc: BALATON Zoltan <balaton@eik.bme.hu>
Cc: Huacai Chen <chenhuacai@kernel.org>
Cc: "Philippe Mathieu-Daudé" <f4bug@amsat.org>
Cc: Jiaxun Yang <jiaxun.yang@flygoat.com>
Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
Message-Id: <0a3fe998525552860919a690ce83dab8f663ab99.1616532563.git.isaku.yamahata@intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
18 months agovt82c686.c: don't raise SCI when PCI_INTERRUPT_PIN isn't setup
Isaku Yamahata [Tue, 23 Mar 2021 20:52:25 +0000 (13:52 -0700)] 
vt82c686.c: don't raise SCI when PCI_INTERRUPT_PIN isn't setup

Without this patch, the following patch will triger clan runtime
sanitizer warnings as follows. This patch proactively works around it.
I leave a correct fix to v582c686.c maintainerfix as I'm not sure
about fuloong2e device model.

> MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}
> QTEST_QEMU_IMG=./qemu-img
> G_TEST_DBUS_DAEMON=/home/petmay01/linaro/qemu-for-merges/tests/dbus-vmstate-daemon.sh
> QTEST_QEMU_BINARY=./qemu-system-mips64el tests/qtest/qom-test --tap -k
> PASS 1 qtest-mips64el/qom-test /mips64el/qom/loongson3-virt
> PASS 2 qtest-mips64el/qom-test /mips64el/qom/none
> PASS 3 qtest-mips64el/qom-test /mips64el/qom/magnum
> PASS 4 qtest-mips64el/qom-test /mips64el/qom/mipssim
> PASS 5 qtest-mips64el/qom-test /mips64el/qom/malta
> ../../hw/pci/pci.c:252:30: runtime error: shift exponent -1 is negative
> PASS 6 qtest-mips64el/qom-test /mips64el/qom/fuloong2e
> PASS 7 qtest-mips64el/qom-test /mips64el/qom/boston
> PASS 8 qtest-mips64el/qom-test /mips64el/qom/pica61
>
> and similarly for eg
>
> MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}
> QTEST_QEMU_IMG=./qemu-img
> G_TEST_DBUS_DAEMON=/home/petmay01/linaro/qemu-for-merges/tests/dbus-vmstate-daemon.sh
> QTEST_QEMU_BINARY=./qemu-system-mips64el tests/qtest/endianness-test
> --tap -k
> ../../hw/pci/pci.c:252:30: runtime error: shift exponent -1 is negative
> PASS 1 qtest-mips64el/endianness-test /mips64el/endianness/fuloong2e
> ../../hw/pci/pci.c:252:30: runtime error: shift exponent -1 is negative
> PASS 2 qtest-mips64el/endianness-test /mips64el/endianness/split/fuloong2e
> ../../hw/pci/pci.c:252:30: runtime error: shift exponent -1 is negative
> PASS 3 qtest-mips64el/endianness-test /mips64el/endianness/combine/fuloong2e

Cc: BALATON Zoltan <balaton@eik.bme.hu>
Cc: Huacai Chen <chenhuacai@kernel.org>
Cc: "Philippe Mathieu-Daudé" <f4bug@amsat.org>
Cc: Jiaxun Yang <jiaxun.yang@flygoat.com>
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
Message-Id: <62a5fc69e453fb848bfd4794bae1852a75af73c5.1616532563.git.isaku.yamahata@intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
18 months agoacpi/piix4: reinitialize acpi PM device on reset
Isaku Yamahata [Tue, 23 Mar 2021 20:52:24 +0000 (13:52 -0700)] 
acpi/piix4: reinitialize acpi PM device on reset

Commit 6be8cf56bc8b made sure that SCI is enabled in PM1.CNT
on reset in acpi_only mode by modifying acpi_pm1_cnt_reset() and
that worked for q35 as expected.

The function was introduced by commit
  eaba51c573a (acpi, acpi_piix, vt82c686: factor out PM1_CNT logic)
that forgot to actually call it at piix4 reset time and as result
SCI_EN wasn't set as was expected by 6be8cf56bc8b in acpi_only mode.

So Windows crashes when it notices that SCI_EN is not set and FADT is
not providing information about how to enable it anymore.
Reproducer:
   qemu-system-x86_64 -enable-kvm -M pc-i440fx-6.0,smm=off -cdrom any_windows_10x64.iso

Fix it by calling acpi_pm1_cnt_reset() at piix4 reset time.

Occasionally this patch adds reset acpi PM related registers on
piix4 reset time and de-assert sci.
piix4_pm_realize() initializes acpi pm tmr, evt, cnt and gpe.
Reset them on device reset. pm_reset() in ich9.c correctly calls
corresponding reset functions.

Fixes: 6be8cf56bc8b (acpi/core: always set SCI_EN when SMM isn't supported)
Reported-by: Reinoud Zandijk <reinoud@NetBSD.org>
Co-developed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
Message-Id: <8a5bbd19727045ec863523830078dd4ca63f6a9a.1616532563.git.isaku.yamahata@intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
18 months agoMerge remote-tracking branch 'remotes/marcandre/tags/for-6.0-pull-request' into staging 280300147 280444060
Peter Maydell [Thu, 1 Apr 2021 16:08:48 +0000 (17:08 +0100)] 
Merge remote-tracking branch 'remotes/marcandre/tags/for-6.0-pull-request' into staging

For 6.0 misc patches under my radar.

V2:
 - "tests: Add tests for yank with the chardev-change case" updated
 - drop the readthedoc theme patch

# gpg: Signature made Thu 01 Apr 2021 12:54:52 BST
# gpg:                using RSA key 87A9BD933F87C606D276F62DDAE8E10975969CE5
# gpg:                issuer "marcandre.lureau@redhat.com"
# gpg: Good signature from "Marc-André Lureau <marcandre.lureau@redhat.com>" [full]
# gpg:                 aka "Marc-André Lureau <marcandre.lureau@gmail.com>" [full]
# Primary key fingerprint: 87A9 BD93 3F87 C606 D276  F62D DAE8 E109 7596 9CE5

* remotes/marcandre/tags/for-6.0-pull-request:
  tests: Add tests for yank with the chardev-change case
  chardev: Fix yank with the chardev-change case
  chardev/char.c: Always pass id to chardev_new
  chardev/char.c: Move object_property_try_add_child out of chardev_new
  yank: Always link full yank code
  yank: Remove dependency on qiochannel
  docs: simplify each section title
  dbus-vmstate: Increase the size of input stream buffer used during load
  util: fix use-after-free in module_load_one

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
18 months agovirtio-pci: remove explicit initialization of val
Yuri Benditovich [Mon, 15 Mar 2021 11:59:37 +0000 (13:59 +0200)] 
virtio-pci: remove explicit initialization of val

The value is assigned later in this procedure.

Signed-off-by: Yuri Benditovich <yuri.benditovich@daynix.com>
Message-Id: <20210315115937.14286-3-yuri.benditovich@daynix.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
18 months agovirtio-pci: add check for vdev in virtio_pci_isr_read
Yuri Benditovich [Mon, 15 Mar 2021 11:59:36 +0000 (13:59 +0200)] 
virtio-pci: add check for vdev in virtio_pci_isr_read

https://bugzilla.redhat.com/show_bug.cgi?id=1743098
This commit completes the solution of segfault in hot unplug flow
(by commit ccec7e9603f446fe75c6c563ba335c00cfda6a06).
Added missing check for vdev in virtio_pci_isr_read.
Typical stack of crash:
virtio_pci_isr_read ../hw/virtio/virtio-pci.c:1365 with proxy-vdev = 0
memory_region_read_accessor at ../softmmu/memory.c:442
access_with_adjusted_size at ../softmmu/memory.c:552
memory_region_dispatch_read1 at ../softmmu/memory.c:1420
memory_region_dispatch_read  at ../softmmu/memory.c:1449
flatview_read_continue at ../softmmu/physmem.c:2822
flatview_read at ../softmmu/physmem.c:2862
address_space_read_full at ../softmmu/physmem.c:2875

Signed-off-by: Yuri Benditovich <yuri.benditovich@daynix.com>
Message-Id: <20210315115937.14286-2-yuri.benditovich@daynix.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
18 months agovhost-user-blk: add immediate cleanup on shutdown
Denis Plotnikov [Thu, 25 Mar 2021 15:12:17 +0000 (18:12 +0300)] 
vhost-user-blk: add immediate cleanup on shutdown

Qemu crashes on shutdown if the chardev used by vhost-user-blk has been
finalized before the vhost-user-blk.

This happens with char-socket chardev operating in the listening mode (server).
The char-socket chardev emits "close" event at the end of finalizing when
its internal data is destroyed. This calls vhost-user-blk event handler
which in turn tries to manipulate with destroyed chardev by setting an empty
event handler for vhost-user-blk cleanup postponing.

This patch separates the shutdown case from the cleanup postponing removing
the need to set an event handler.

Signed-off-by: Denis Plotnikov <den-plotnikov@yandex-team.ru>
Message-Id: <20210325151217.262793-4-den-plotnikov@yandex-team.ru>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>