qemu.git
8 months agohw/usb/Kconfig: Fix USB_XHCI_NEC (depends on USB_XHCI_PCI)
Philippe Mathieu-Daudé [Mon, 9 Nov 2020 13:52:57 +0000 (14:52 +0100)] 
hw/usb/Kconfig: Fix USB_XHCI_NEC (depends on USB_XHCI_PCI)

Since commit 755fba11fbc and 8ddab8dd3d8 we can not build
USB_XHCI_NEC without USB_XHCI_PCI. Correct the Kconfig
dependency.

Fixes: 755fba11fbc ("usb/hcd-xhci: Move qemu-xhci device to hcd-xhci-pci.c")
Reviewed-by: Sai Pavan Boddu <sai.pavan.boddu@xilinx.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20201109135300.2592982-2-philmd@redhat.com

[ kraxel: restore "default y if PCI_DEVICES" because
          "qemu-system-ppc64 -M pseries,usb=on" needs USB_XHCI_NEC=y ]

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
8 months agoconsole: avoid passing con=NULL to graphic_hw_update_done()
lichun [Fri, 6 Nov 2020 17:03:39 +0000 (01:03 +0800)] 
console: avoid passing con=NULL to graphic_hw_update_done()

In graphic_hw_update(), first select an existing console,
a specific-console or active_console(if not specified),
then updating the console.

Signed-off-by: lichun <lichun@ruijie.com.cn>
Message-id: 1604682219-114389-1-git-send-email-lichun@ruijie.com.cn
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
8 months agoaudio/jack: fix use after free segfault
Geoffrey McRae [Sun, 8 Nov 2020 06:33:50 +0000 (17:33 +1100)] 
audio/jack: fix use after free segfault

This change registers a bottom handler to close the JACK client
connection when a server shutdown signal is received. Without this
libjack2 attempts to "clean up" old clients and causes a use after free
segfault.

Signed-off-by: Geoffrey McRae <geoff@hostfission.com>
Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Message-Id: <20201108063351.35804-2-geoff@hostfission.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
8 months agoMerge remote-tracking branch 'remotes/mcayland/tags/qemu-macppc-20201112' into staging
Peter Maydell [Thu, 12 Nov 2020 11:33:26 +0000 (11:33 +0000)] 
Merge remote-tracking branch 'remotes/mcayland/tags/qemu-macppc-20201112' into staging

qemu-macppc fix for 5.2

# gpg: Signature made Thu 12 Nov 2020 09:50:45 GMT
# gpg:                using RSA key CC621AB98E82200D915CC9C45BC2C56FAE0F321F
# gpg:                issuer "mark.cave-ayland@ilande.co.uk"
# gpg: Good signature from "Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>" [full]
# Primary key fingerprint: CC62 1AB9 8E82 200D 915C  C9C4 5BC2 C56F AE0F 321F

* remotes/mcayland/tags/qemu-macppc-20201112:
  macio: set user_creatable to false in macio_class_init()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 months agomacio: set user_creatable to false in macio_class_init()
Mark Cave-Ayland [Tue, 10 Nov 2020 10:31:11 +0000 (10:31 +0000)] 
macio: set user_creatable to false in macio_class_init()

Commit 348b8d1a76 "macio: don't reference serial_hd() directly within the device"
removed the setting of user_creatable to false on the basis that the restriction
was due to the use of serial_hd() in macio_instance_init().

Unfortunately this isn't the full story since the PIC object property links
must still be set before the device is realized. Whilst it is possible to update
the macio device and Mac machines to resolve this, the fix is too invasive at
this point in the release cycle.

For now simply set user_creatable back to false in macio_class_init() to
prevent QEMU from segfaulting in anticipation of the proper fix arriving in
QEMU 6.0.

Reported-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20201110103111.18395-1-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
8 months agoMerge remote-tracking branch 'remotes/vivier2/tags/linux-user-for-5.2-pull-request...
Peter Maydell [Wed, 11 Nov 2020 21:54:01 +0000 (21:54 +0000)] 
Merge remote-tracking branch 'remotes/vivier2/tags/linux-user-for-5.2-pull-request' into staging

Fixes for epoll_ctl and stack_t

# gpg: Signature made Wed 11 Nov 2020 21:40:16 GMT
# gpg:                using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C
# gpg:                issuer "laurent@vivier.eu"
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full]
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>" [full]
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full]
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F  5173 F30C 38BD 3F2F BE3C

* remotes/vivier2/tags/linux-user-for-5.2-pull-request:
  linux-user: Prevent crash in epoll_ctl
  linux-user: Correct definition of stack_t

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 months agoMerge remote-tracking branch 'remotes/stefanha-gitlab/tags/tracing-pull-request'...
Peter Maydell [Wed, 11 Nov 2020 19:53:14 +0000 (19:53 +0000)] 
Merge remote-tracking branch 'remotes/stefanha-gitlab/tags/tracing-pull-request' into staging

Tracing pull request

# gpg: Signature made Wed 11 Nov 2020 15:56:18 GMT
# gpg:                using RSA key 8695A8BFD3F97CDAAC35775A9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" [full]
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>" [full]
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35  775A 9CA4 ABB3 81AB 73C8

* remotes/stefanha-gitlab/tags/tracing-pull-request:
  scripts/tracetool: silence SystemTap dtrace(1) long long warnings
  trace: remove argument from trace_init_file

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 months agoMerge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into staging
Peter Maydell [Wed, 11 Nov 2020 16:52:39 +0000 (16:52 +0000)] 
Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into staging

Bug fixes

# gpg: Signature made Wed 11 Nov 2020 08:59:24 GMT
# gpg:                using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg:                issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini-gitlab/tags/for-upstream:
  pvpanic: Advertise the PVPANIC_CRASHLOADED event support
  physmem: improve ram size error messages
  Makefile: No echoing for 'make help V=1'
  replay: remove some dead code
  fix make clean/distclean
  meson: Clarify the confusing vhost-user vs. vhost-kernel output

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 months agoMerge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging
Peter Maydell [Wed, 11 Nov 2020 14:00:35 +0000 (14:00 +0000)] 
Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging

# gpg: Signature made Wed 11 Nov 2020 13:04:02 GMT
# gpg:                using RSA key EF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F  3562 EF04 965B 398D 6211

* remotes/jasowang/tags/net-pull-request:
  hw/net/can/ctucan_core: Use stl_le_p to write to tx_buffers
  hw/net/can/ctucan_core: Handle big-endian hosts
  hw/net/can/ctucan: Avoid unused value in ctucan_send_ready_buffers()
  hw/net/can/ctucan: Don't allow guest to write off end of tx_buffer
  net/l2tpv3: Remove redundant check in net_init_l2tpv3()
  net: remove an assert call in eth_get_gso_type
  net/colo-compare.c: Increase default queued packet scan frequency
  net/colo-compare.c: Add secondary old packet detection
  net/colo-compare.c: Change the timer clock type
  net/colo-compare.c: Fix compare_timeout format issue
  colo-compare: check mark in mutual exclusion
  colo-compare: fix missing compare_seq initialization
  Fix the qemu crash when guest shutdown in COLO mode
  Reduce the time of checkpoint for COLO
  Optimize seq_sorter function for colo-compare
  net/filter-rewriter: destroy g_hash_table in colo_rewriter_cleanup
  virtio-net: Set mac address to hardware if the peer is vdpa

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 months agoscripts/tracetool: silence SystemTap dtrace(1) long long warnings
Stefan Hajnoczi [Tue, 20 Oct 2020 09:40:43 +0000 (10:40 +0100)] 
scripts/tracetool: silence SystemTap dtrace(1) long long warnings

SystemTap's dtrace(1) prints the following warning when it encounters
long long arguments:

  Warning: /usr/bin/dtrace:trace/trace-dtrace-hw_virtio.dtrace:76: syntax error near:
  probe vhost_vdpa_dev_start

  Warning: Proceeding as if --no-pyparsing was given.

Use the uint64_t and int64_t types, respectively. This works with all
host CPU 32- and 64-bit data models (ILP32, LP64, and LLP64) that QEMU
supports.

Reported-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20201020094043.159935-1-stefanha@redhat.com
Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
8 months agotrace: remove argument from trace_init_file
Paolo Bonzini [Mon, 2 Nov 2020 11:58:41 +0000 (06:58 -0500)] 
trace: remove argument from trace_init_file

It is not needed, all the callers are just saving what was
retrieved from -trace and trace_init_file can retrieve it
on its own.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 20201102115841.4017692-1-pbonzini@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
8 months agohw/net/can/ctucan_core: Use stl_le_p to write to tx_buffers
Peter Maydell [Tue, 10 Nov 2020 21:52:50 +0000 (22:52 +0100)] 
hw/net/can/ctucan_core: Use stl_le_p to write to tx_buffers

Instead of casting an address within a uint8_t array to a
uint32_t*, use stl_le_p(). This handles possibly misaligned
addresses which would otherwise crash on some hosts.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Pavel Pisa <pisa@cmp.felk.cvut.cz>
Tested-by: Pavel Pisa <pisa@cmp.felk.cvut.cz>
Signed-off-by: Jason Wang <jasowang@redhat.com>
8 months agohw/net/can/ctucan_core: Handle big-endian hosts
Peter Maydell [Tue, 10 Nov 2020 21:52:49 +0000 (22:52 +0100)] 
hw/net/can/ctucan_core: Handle big-endian hosts

The ctucan driver defines types for its registers which are a union
of a uint32_t with a struct with bitfields for the individual
fields within that register. This is a bad idea, because bitfields
aren't portable. The ctu_can_fd_regs.h header works around the
most glaring of the portability issues by defining the
fields in two different orders depending on the setting of the
__LITTLE_ENDIAN_BITFIELD define. However, in ctucan_core.h this
is unconditionally set to 1, which is wrong for big-endian hosts.

Set it only if HOST_WORDS_BIGENDIAN is not set. There is no need
for a "have we defined it already" guard, because the only place
that should set it is ctucan_core.h, which has the usual
double-inclusion guard.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Acked-by: Pavel Pisa <pisa@cmp.felk.cvut.cz>
Tested-by: Pavel Pisa <pisa@cmp.felk.cvut.cz>
Signed-off-by: Jason Wang <jasowang@redhat.com>
8 months agohw/net/can/ctucan: Avoid unused value in ctucan_send_ready_buffers()
Peter Maydell [Tue, 10 Nov 2020 21:52:48 +0000 (22:52 +0100)] 
hw/net/can/ctucan: Avoid unused value in ctucan_send_ready_buffers()

Coverity points out that in ctucan_send_ready_buffers() we
set buff_st_mask = 0xf << (i * 4) inside the loop, but then
we never use it before overwriting it later.

The only thing we use the mask for is as part of the code that is
inserting the new buff_st field into tx_status.  That is more
comprehensibly written using deposit32(), so do that and drop the
mask variable entirely.

We also update the buff_st local variable at multiple points
during this function, but nothing can ever see these
intermediate values, so just drop those, write the final
TXT_TOK as a fixed constant value, and collapse the only
remaining set/use of buff_st down into an extract32().

Fixes: Coverity CID 1432869
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Pavel Pisa <pisa@cmp.felk.cvut.cz>
Tested-by: Pavel Pisa <pisa@cmp.felk.cvut.cz>
Signed-off-by: Jason Wang <jasowang@redhat.com>
8 months agohw/net/can/ctucan: Don't allow guest to write off end of tx_buffer
Peter Maydell [Tue, 10 Nov 2020 21:52:47 +0000 (22:52 +0100)] 
hw/net/can/ctucan: Don't allow guest to write off end of tx_buffer

The ctucan device has 4 CAN bus cores, each of which has a set of 20
32-bit registers for writing the transmitted data. The registers are
however not contiguous; each core's buffers is 0x100 bytes after
the last.

We got the checks on the address wrong in the ctucan_mem_write()
function:
 * the first "is addr in range at all" check allowed
   addr == CTUCAN_CORE_MEM_SIZE, which is actually the first
   byte off the end of the range
 * the decode of addresses into core-number plus offset in the
   tx buffer for that core failed to check that the offset was
   in range, so the guest could write off the end of the
   tx_buffer[] array

NB: currently the values of CTUCAN_CORE_MEM_SIZE, CTUCAN_CORE_TXBUF_NUM,
etc, make "buff_num >= CTUCAN_CORE_TXBUF_NUM" impossible, but we
retain this as a runtime check rather than an assertion to permit
those values to be changed in future (in hardware they are
configurable synthesis parameters).

Fix the top level check, and check the offset is within the buffer.

Fixes: Coverity CID 1432874
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Pavel Pisa <pisa@cmp.felk.cvut.cz>
Tested-by: Pavel Pisa <pisa@cmp.felk.cvut.cz>
Signed-off-by: Jason Wang <jasowang@redhat.com>
8 months agolinux-user: Prevent crash in epoll_ctl
LemonBoy [Fri, 17 Apr 2020 15:34:54 +0000 (17:34 +0200)] 
linux-user: Prevent crash in epoll_ctl

From 894bb5172705e46a3a04c93b4962c0f0cafee814 Mon Sep 17 00:00:00 2001
From: Giuseppe Musacchio <thatlemon@gmail.com>
Date: Fri, 17 Apr 2020 17:25:07 +0200
Subject: [PATCH] linux-user: Prevent crash in epoll_ctl

The `event` parameter is ignored by the kernel if `op` is EPOLL_CTL_DEL,
do the same and avoid returning EFAULT if garbage is passed instead of a
valid pointer.

Signed-off-by: Giuseppe Musacchio <thatlemon@gmail.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <a244fa67-dace-abdb-995a-3198bd80fee8@gmail.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
8 months agolinux-user: Correct definition of stack_t
LemonBoy [Thu, 5 Nov 2020 15:52:51 +0000 (16:52 +0100)] 
linux-user: Correct definition of stack_t

Some platforms used the wrong definition of stack_t where the flags and
size fields were swapped or where the flags field had type ulong instead
of int.

Due to the presence of padding space in the structure and the prevalence
of little-endian machines this problem went unnoticed for a long time.

The type definitions have been cross-checked with the ones defined in
the Linux kernel v5.9, plus some older versions for a few architecture
that have been removed and Xilinx's kernel fork for NiosII [1].

The bsd-user headers remain unchanged as I don't know if they are wrong
or not.

[1] https://github.com/Xilinx/linux-xlnx/blob/master/arch/nios2/include/uapi/asm/signal.h

Signed-off-by: Giuseppe Musacchio <thatlemon@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <e9d47692-ee92-009f-6007-0abc3f502b97@gmail.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
8 months agopvpanic: Advertise the PVPANIC_CRASHLOADED event support
Paolo Bonzini [Mon, 9 Nov 2020 13:53:04 +0000 (08:53 -0500)] 
pvpanic: Advertise the PVPANIC_CRASHLOADED event support

Advertise both types of events as supported when the guest OS
queries the pvpanic device.  Currently only PVPANIC_PANICKED is
exposed; PVPANIC_CRASHLOADED must also be advertised, but only on
new machine types.

Fixes: 7dc58deea79a ("pvpanic: implement crashloaded event handling")
Reported-by: Alejandro Jimenez <alejandro.j.jimenez@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 months agonet/l2tpv3: Remove redundant check in net_init_l2tpv3()
AlexChen [Fri, 30 Oct 2020 02:46:55 +0000 (10:46 +0800)] 
net/l2tpv3: Remove redundant check in net_init_l2tpv3()

The result has been checked to be NULL before, it cannot be NULL here,
so the check is redundant. Remove it.

Reported-by: Euler Robot <euler.robot@huawei.com>
Signed-off-by: AlexChen <alex.chen@huawei.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
8 months agonet: remove an assert call in eth_get_gso_type
Prasad J Pandit [Wed, 21 Oct 2020 06:05:50 +0000 (11:35 +0530)] 
net: remove an assert call in eth_get_gso_type

eth_get_gso_type() routine returns segmentation offload type based on
L3 protocol type. It calls g_assert_not_reached if L3 protocol is
unknown, making the following return statement unreachable. Remove the
g_assert call, it maybe triggered by a guest user.

Reported-by: Gaoning Pan <pgn@zju.edu.cn>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Jason Wang <jasowang@redhat.com>
8 months agonet/colo-compare.c: Increase default queued packet scan frequency
Zhang Chen [Fri, 16 Oct 2020 05:52:08 +0000 (13:52 +0800)] 
net/colo-compare.c: Increase default queued packet scan frequency

In my test, use this default parameter looks better.

Signed-off-by: Zhang Chen <chen.zhang@intel.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
8 months agonet/colo-compare.c: Add secondary old packet detection
Zhang Chen [Fri, 16 Oct 2020 05:52:07 +0000 (13:52 +0800)] 
net/colo-compare.c: Add secondary old packet detection

Detect queued secondary packet to sync VM state in time.

Signed-off-by: Zhang Chen <chen.zhang@intel.com>
Reviewed-by: Li Zhijian <lizhijian@cn.fujitsu.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
8 months agonet/colo-compare.c: Change the timer clock type
Zhang Chen [Fri, 16 Oct 2020 05:52:06 +0000 (13:52 +0800)] 
net/colo-compare.c: Change the timer clock type

The virtual clock only runs during the emulation. It stops
when the virtual machine is stopped.
The host clock should be used for device models that emulate accurate
real time sources. It will continue to run when the virtual machine
is suspended. COLO need to know the host time here.

Fixes: dd321ecfc2e ("colo-compare: Use IOThread to Check old packet
regularly and Process packets of the primary")

Reported-by: Derek Su <dereksu@qnap.com>
Signed-off-by: Zhang Chen <chen.zhang@intel.com>
Reviewed-by: Li Zhijian <lizhijian@cn.fujitsu.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
8 months agonet/colo-compare.c: Fix compare_timeout format issue
Zhang Chen [Fri, 16 Oct 2020 05:52:05 +0000 (13:52 +0800)] 
net/colo-compare.c: Fix compare_timeout format issue

This parameter need compare with the return of qemu_clock_get_ms(),
it is uint64_t. So we need fix this issue here.

Fixes: 9cc43c94b31 ("net/colo-compare.c: Expose "compare_timeout" to users")

Reported-by: Derek Su <dereksu@qnap.com>
Signed-off-by: Zhang Chen <chen.zhang@intel.com>
Reviewed-by: Li Zhijian <lizhijian@cn.fujitsu.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
8 months agocolo-compare: check mark in mutual exclusion
Li Zhijian [Fri, 16 Oct 2020 05:52:04 +0000 (13:52 +0800)] 
colo-compare: check mark in mutual exclusion

Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com>
Signed-off-by: Zhang Chen <chen.zhang@intel.com>
Reviewed-by: Zhang Chen <chen.zhang@intel.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
8 months agocolo-compare: fix missing compare_seq initialization
Li Zhijian [Fri, 16 Oct 2020 05:52:03 +0000 (13:52 +0800)] 
colo-compare: fix missing compare_seq initialization

Fixes: f449c9e549c ("colo: compare the packet based on the tcp sequence
number")

Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com>
Signed-off-by: Zhang Chen <chen.zhang@intel.com>
Reviewed-by: Zhang Chen <chen.zhang@intel.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
8 months agoFix the qemu crash when guest shutdown in COLO mode
Rao, Lei [Fri, 16 Oct 2020 05:52:02 +0000 (13:52 +0800)] 
Fix the qemu crash when guest shutdown in COLO mode

In COLO mode, if the startup parameters of QEMU include "no-shutdown",
QEMU will crash when the guest shutdown. The root cause is when the
guest shutdown, the state of VM will switch COLO to SHUTDOWN. When do
checkpoint again, the state will be changed to COLO. But the state
switch is undefined in runstate_transitions_def, we should add it.
This patch fixes the following:
qemu-system-x86_64: invalid runstate transition: 'shutdown' -> 'colo'
Aborted

Signed-off-by: Lei Rao <lei.rao@intel.com>
Signed-off-by: Zhang Chen <chen.zhang@intel.com>
Reviewed-by: Zhang Chen <chen.zhang@intel.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
8 months agoReduce the time of checkpoint for COLO
Rao, Lei [Fri, 16 Oct 2020 05:52:01 +0000 (13:52 +0800)] 
Reduce the time of checkpoint for COLO

we should set ram_bulk_stage to false after ram_state_init,
otherwise the bitmap will be unused in migration_bitmap_find_dirty.
all pages in ram cache will be flushed to the ram of secondary guest
for each checkpoint.

Signed-off-by: Lei Rao <lei.rao@intel.com>
Signed-off-by: Derek Su <dereksu@qnap.com>
Signed-off-by: Zhang Chen <chen.zhang@intel.com>
Reviewed-by: Li Zhijian <lizhijian@cn.fujitsu.com>
Reviewed-by: Zhang Chen <chen.zhang@intel.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
8 months agoOptimize seq_sorter function for colo-compare
Rao, Lei [Fri, 16 Oct 2020 05:52:00 +0000 (13:52 +0800)] 
Optimize seq_sorter function for colo-compare

The seq of tcp has been filled in fill_pkt_tcp_info, it
can be used directly here.

Signed-off-by: Lei Rao <lei.rao@intel.com>
Signed-off-by: Zhang Chen <chen.zhang@intel.com>
Reviewed-by: Li Zhijian <lizhijian@cn.fujitsu.com>
Reviewed-by: Zhang Chen <chen.zhang@intel.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
8 months agonet/filter-rewriter: destroy g_hash_table in colo_rewriter_cleanup
Pan Nengyuan [Fri, 16 Oct 2020 05:51:59 +0000 (13:51 +0800)] 
net/filter-rewriter: destroy g_hash_table in colo_rewriter_cleanup

s->connection_track_table forgot to destroy in colo_rewriter_cleanup. Fix it.

Reported-by: Euler Robot <euler.robot@huawei.com>
Signed-off-by: Pan Nengyuan <pannengyuan@huawei.com>
Signed-off-by: Zhang Chen <chen.zhang@intel.com>
Reviewed-by: Zhang Chen <chen.zhang@intel.com>
Reviewed-by: Li Qiang <liq3ea@gmail.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
8 months agovirtio-net: Set mac address to hardware if the peer is vdpa
Cindy Lu [Fri, 25 Sep 2020 15:13:33 +0000 (23:13 +0800)] 
virtio-net: Set mac address to hardware if the peer is vdpa

If the peer's type is vdpa, we need to set the mac address to hardware
in virtio_net_device_realize,

Signed-off-by: Cindy Lu <lulu@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
8 months agoUpdate version for v5.2.0-rc1 release v5.2.0-rc1
Peter Maydell [Tue, 10 Nov 2020 22:29:57 +0000 (22:29 +0000)] 
Update version for v5.2.0-rc1 release

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 months agoMerge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20201110' into...
Peter Maydell [Tue, 10 Nov 2020 14:59:20 +0000 (14:59 +0000)] 
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20201110' into staging

target-arm queue:
 * hw/arm/Kconfig: ARM_V7M depends on PTIMER
 * Minor coding style fixes
 * docs: add some notes on the sbsa-ref machine
 * hw/arm/virt: Remove dependency on Cortex-A15 MPCore peripherals
 * target/arm: Fix neon VTBL/VTBX for len > 1
 * hw/arm/armsse: Correct expansion MPC interrupt lines
 * hw/misc/stm32f2xx_syscfg: Remove extraneous IRQ
 * hw/arm/nseries: Remove invalid/unnecessary n8x0_uart_setup()
 * hw/arm/musicpal: Don't connect two qemu_irqs directly to the same input
 * hw/arm/musicpal: Only use qdev_get_gpio_in() when necessary
 * hw/arm/nseries: Check return value from load_image_targphys()
 * tests/qtest/npcm7xx_rng-test: count runs properly
 * target/arm/translate-neon.c: Handle VTBL UNDEF case before VFP access check

# gpg: Signature made Tue 10 Nov 2020 11:17:45 GMT
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20201110:
  target/arm/translate-neon.c: Handle VTBL UNDEF case before VFP access check
  tests/qtest/npcm7xx_rng-test: count runs properly
  hw/arm/nseries: Check return value from load_image_targphys()
  hw/arm/musicpal: Only use qdev_get_gpio_in() when necessary
  hw/arm/musicpal: Don't connect two qemu_irqs directly to the same input
  hw/arm/nseries: Remove invalid/unnecessary n8x0_uart_setup()
  hw/misc/stm32f2xx_syscfg: Remove extraneous IRQ
  hw/arm/armsse: Correct expansion MPC interrupt lines
  target/arm: Fix neon VTBL/VTBX for len > 1
  hw/arm/virt: Remove dependency on Cortex-A15 MPCore peripherals
  docs: add some notes on the sbsa-ref machine
  target/arm: add space before the open parenthesis '('
  target/arm: Don't use '#' flag of printf format
  target/arm: add spaces around operator
  ssi: Fix bad printf format specifiers
  hw/arm/Kconfig: ARM_V7M depends on PTIMER

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 months agoMerge remote-tracking branch 'remotes/huth-gitlab/tags/pull-request-2020-11-10' into...
Peter Maydell [Tue, 10 Nov 2020 12:23:05 +0000 (12:23 +0000)] 
Merge remote-tracking branch 'remotes/huth-gitlab/tags/pull-request-2020-11-10' into staging

* Some small qtest fixes
* Oss-fuzz updates
* Publish the docs built during gitlab CI to the user's gitlab.io page
* Update the OpenBSD VM test to v6.8
* Fix the device-crash-test script to run with the meson build system
* Some small s390x fixes

# gpg: Signature made Tue 10 Nov 2020 11:05:06 GMT
# gpg:                using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg:                issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full]
# gpg:                 aka "Thomas Huth <thuth@redhat.com>" [full]
# gpg:                 aka "Thomas Huth <huth@tuxfamily.org>" [full]
# gpg:                 aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3  EAB9 2ED9 D774 FE70 2DB5

* remotes/huth-gitlab/tags/pull-request-2020-11-10:
  s390x: Avoid variable size warning in ipl.h
  s390x: fix clang 11 warnings in cpu_models.c
  qtest: Update references to parse_escape() in comments
  fuzz: add virtio-blk fuzz target
  docs: add "page source" link to sphinx documentation
  gitlab: force enable docs build in Fedora, Ubuntu, Debian
  gitlab: publish the docs built during CI
  configure: surface deprecated targets in the help output
  fuzz: Make fork_fuzz.ld compatible with LLVM's LLD
  scripts/oss-fuzz: give all fuzzers -target names
  docs/fuzz: update fuzzing documentation post-meson
  docs/fuzz: rST-ify the fuzzing documentation
  MAINTAINERS: Add gitlab-pipeline-status script to GitLab CI section
  gitlab-ci: Drop generic cache rule
  tests/qtest/tpm: Remove redundant check in the tpm_test_swtpm_test()
  qtest: Fix bad printf format specifiers
  device-crash-test: Check if path is actually an executable file
  tests/vm: update openbsd to release 6.8
  meson: always include contrib/libvhost-user

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 months agophysmem: improve ram size error messages
Pankaj Gupta [Thu, 22 Oct 2020 11:13:02 +0000 (13:13 +0200)] 
physmem: improve ram size error messages

 Ram size mismatch condition logs below message.

   "Length mismatch: pc.ram: 0x80000000 in != 0x180000000: Invalid argument"

 This patch improves the readability of error messages.
 Removed the superflous "in" and changed "Length" to "Size".

Signed-off-by: Pankaj Gupta <pankaj.gupta.linux@gmail.com>
Reported-by: Li Zhang <li.zhang@cloud.ionos.com>
Message-Id: <20201022111302.8105-1-pankaj.gupta.linux@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 months agotarget/arm/translate-neon.c: Handle VTBL UNDEF case before VFP access check
Peter Maydell [Mon, 9 Nov 2020 14:53:24 +0000 (14:53 +0000)] 
target/arm/translate-neon.c: Handle VTBL UNDEF case before VFP access check

Checks for UNDEF cases should go before the "is VFP enabled?" access
check, except in special cases. Move a stray UNDEF check in the VTBL
trans function up above the access check.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20201109145324.2859-1-peter.maydell@linaro.org

8 months agotests/qtest/npcm7xx_rng-test: count runs properly
Havard Skinnemoen [Tue, 3 Nov 2020 01:14:55 +0000 (17:14 -0800)] 
tests/qtest/npcm7xx_rng-test: count runs properly

The number of runs is equal to the number of 0-1 and 1-0 transitions,
plus one. Currently, it's counting the number of times these transitions
do _not_ happen, plus one.

Source:
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-22r1a.pdf
section 2.3.4 point (3).

Signed-off-by: Havard Skinnemoen <hskinnemoen@google.com>
Message-id: 20201103011457.2959989-2-hskinnemoen@google.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 months agohw/arm/nseries: Check return value from load_image_targphys()
Peter Maydell [Tue, 3 Nov 2020 11:49:18 +0000 (11:49 +0000)] 
hw/arm/nseries: Check return value from load_image_targphys()

The nseries machines have a codepath that allows them to load a
secondary bootloader.  This code wasn't checking that the
load_image_targphys() succeeded.  Check the return value and report
the error to the user.

While we're in the vicinity, fix the comment style of the
comment documenting what this image load is doing.

Fixes: Coverity CID 1192904
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20201103114918.11807-1-peter.maydell@linaro.org

8 months agohw/arm/musicpal: Only use qdev_get_gpio_in() when necessary
Philippe Mathieu-Daudé [Sat, 7 Nov 2020 19:34:03 +0000 (20:34 +0100)] 
hw/arm/musicpal: Only use qdev_get_gpio_in() when necessary

We don't need to fill the full pic[] array if we only use
few of the interrupt lines. Directly call qdev_get_gpio_in()
when necessary.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20201107193403.436146-6-f4bug@amsat.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 months agohw/arm/musicpal: Don't connect two qemu_irqs directly to the same input
Philippe Mathieu-Daudé [Sat, 7 Nov 2020 19:34:02 +0000 (20:34 +0100)] 
hw/arm/musicpal: Don't connect two qemu_irqs directly to the same input

The MusicPal board code connects both of the IRQ outputs of the UART
to the same INTC qemu_irq. Connecting two qemu_irqs outputs directly
to the same input is not valid as it produces subtly wrong behaviour
(for instance if both the IRQ lines are high, and then one goes
low, the INTC input will see this as a high-to-low transition
even though the second IRQ line should still be holding it high).

This kind of wiring needs an explicitly created OR gate; add one.

Inspired-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20201107193403.436146-5-f4bug@amsat.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 months agohw/arm/nseries: Remove invalid/unnecessary n8x0_uart_setup()
Philippe Mathieu-Daudé [Sat, 7 Nov 2020 19:34:01 +0000 (20:34 +0100)] 
hw/arm/nseries: Remove invalid/unnecessary n8x0_uart_setup()

omap2420_mpu_init() introduced in commit 827df9f3c5f ("Add basic
OMAP2 chip support") takes care of creating the 3 UARTs.

Then commit 58a26b477e9 ("Emulate a serial bluetooth HCI with H4+
extensions and attach to n8x0's UART") added n8x0_uart_setup()
which create the UART and connects it to an IRQ output,
overwritting the existing peripheral and its IRQ connection.
This is incorrect.

Fortunately we don't need to fix this, because commit 6da68df7f9b
("hw/arm/nseries: Replace the bluetooth chardev with a "null"
chardev") removed the use of this peripheral. We can simply
remove the code.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20201107193403.436146-4-f4bug@amsat.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 months agohw/misc/stm32f2xx_syscfg: Remove extraneous IRQ
Philippe Mathieu-Daudé [Sat, 7 Nov 2020 19:34:00 +0000 (20:34 +0100)] 
hw/misc/stm32f2xx_syscfg: Remove extraneous IRQ

The system configuration controller (SYSCFG) doesn't have
any output IRQ (and the INTC input #71 belongs to the UART6).
Remove the invalid code.

Fixes: db635521a02 ("stm32f205: Add the stm32f205 SoC")
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20201107193403.436146-3-f4bug@amsat.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 months agohw/arm/armsse: Correct expansion MPC interrupt lines
Philippe Mathieu-Daudé [Sat, 7 Nov 2020 19:33:59 +0000 (20:33 +0100)] 
hw/arm/armsse: Correct expansion MPC interrupt lines

We can use one MPC per SRAM bank, but we currently only wire the
IRQ from the first expansion MPC to the IRQ splitter. Fix that.

Fixes: bb75e16d5e6 ("hw/arm/iotkit: Wire up MPC interrupt lines")
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20201107193403.436146-2-f4bug@amsat.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 months agotarget/arm: Fix neon VTBL/VTBX for len > 1
Richard Henderson [Thu, 5 Nov 2020 17:11:26 +0000 (09:11 -0800)] 
target/arm: Fix neon VTBL/VTBX for len > 1

The helper function did not get updated when we reorganized
the vector register file for SVE.  Since then, the neon dregs
are non-sequential and cannot be simply indexed.

At the same time, make the helper function operate on 64-bit
quantities so that we do not have to call it twice.

Fixes: c39c2b9043e
Reported-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
[PMM: use aa32_vfp_dreg() rather than opencoding]
Message-id: 20201105171126.88014-1-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 months agohw/arm/virt: Remove dependency on Cortex-A15 MPCore peripherals
Philippe Mathieu-Daudé [Sat, 7 Nov 2020 11:48:52 +0000 (12:48 +0100)] 
hw/arm/virt: Remove dependency on Cortex-A15 MPCore peripherals

When using a Cortex-A15, the Virt machine does not use any
MPCore peripherals. Remove the dependency.

Fixes: 7951c7b7c05 ("hw/arm: Express dependencies of the virt machine with Kconfig")
Reported-by: Miroslav Rezanina <mrezanin@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20201107114852.271922-1-philmd@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 months agodocs: add some notes on the sbsa-ref machine
Alex Bennée [Wed, 4 Nov 2020 16:52:54 +0000 (16:52 +0000)] 
docs: add some notes on the sbsa-ref machine

We should at least document what this machine is about.

Reviewed-by: Graeme Gregory <graeme@nuviainc.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20201104165254.24822-1-alex.bennee@linaro.org
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Shashi Mallela <shashi.mallela@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
[PMM: fixed filename mismatch]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 months agotarget/arm: add space before the open parenthesis '('
Xinhao Zhang [Tue, 3 Nov 2020 11:45:29 +0000 (19:45 +0800)] 
target/arm: add space before the open parenthesis '('

Fix code style. Space required before the open parenthesis '('.

Signed-off-by: Xinhao Zhang <zhangxinhao1@huawei.com>
Signed-off-by: Kai Deng <dengkai1@huawei.com>
Message-id: 20201103114529.638233-3-zhangxinhao1@huawei.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 months agotarget/arm: Don't use '#' flag of printf format
Xinhao Zhang [Tue, 3 Nov 2020 11:45:28 +0000 (19:45 +0800)] 
target/arm: Don't use '#' flag of printf format

Fix code style. Don't use '#' flag of printf format ('%#') in
format strings, use '0x' prefix instead

Signed-off-by: Xinhao Zhang <zhangxinhao1@huawei.com>
Signed-off-by: Kai Deng <dengkai1@huawei.com>
Message-id: 20201103114529.638233-2-zhangxinhao1@huawei.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 months agotarget/arm: add spaces around operator
Xinhao Zhang [Tue, 3 Nov 2020 11:45:27 +0000 (19:45 +0800)] 
target/arm: add spaces around operator

Fix code style. Operator needs spaces both sides.

Signed-off-by: Xinhao Zhang <zhangxinhao1@huawei.com>
Signed-off-by: Kai Deng <dengkai1@huawei.com>
Message-id: 20201103114529.638233-1-zhangxinhao1@huawei.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 months agossi: Fix bad printf format specifiers
AlexChen [Wed, 4 Nov 2020 10:22:45 +0000 (18:22 +0800)] 
ssi: Fix bad printf format specifiers

We should use printf format specifier "%u" instead of "%d" for
argument of type "unsigned int".

Reported-by: Euler Robot <euler.robot@huawei.com>
Signed-off-by: Alex Chen <alex.chen@huawei.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 5FA280F5.8060902@huawei.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 months agohw/arm/Kconfig: ARM_V7M depends on PTIMER
Andrew Jones [Wed, 4 Nov 2020 10:33:43 +0000 (11:33 +0100)] 
hw/arm/Kconfig: ARM_V7M depends on PTIMER

commit 32bd322a0134 ("hw/timer/armv7m_systick: Rewrite to use ptimers")
changed armv7m_systick to build on ptimers. Make sure we have ptimers
in the build when building armv7m_systick.

Signed-off-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20201104103343.30392-1-drjones@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 months agoMerge remote-tracking branch 'remotes/vivier2/tags/linux-user-for-5.2-pull-request...
Peter Maydell [Tue, 10 Nov 2020 10:54:48 +0000 (10:54 +0000)] 
Merge remote-tracking branch 'remotes/vivier2/tags/linux-user-for-5.2-pull-request' into staging

Some linux-user/sparc fixes

# gpg: Signature made Tue 10 Nov 2020 08:30:17 GMT
# gpg:                using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C
# gpg:                issuer "laurent@vivier.eu"
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full]
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>" [full]
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full]
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F  5173 F30C 38BD 3F2F BE3C

* remotes/vivier2/tags/linux-user-for-5.2-pull-request:
  linux-user/sparc: Don't zero high half of PC, NPC, PSR in sigreturn
  linux-user/sparc: Correct set/get_context handling of fp and i7
  linux-user/sparc: Fix errors in target_ucontext structures

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 months agoMerge remote-tracking branch 'remotes/alistair/tags/pull-riscv-to-apply-20201109...
Peter Maydell [Tue, 10 Nov 2020 09:24:56 +0000 (09:24 +0000)] 
Merge remote-tracking branch 'remotes/alistair/tags/pull-riscv-to-apply-20201109' into staging

This fixes two bugs in the RISC-V port. One is a bug in the
Ibex PLIC, the other fixes the Hypvervisor access functions.

# gpg: Signature made Tue 10 Nov 2020 03:53:49 GMT
# gpg:                using RSA key F6C4AC46D4934868D3B8CE8F21E10D29DF977054
# gpg: Good signature from "Alistair Francis <alistair@alistair23.me>" [full]
# Primary key fingerprint: F6C4 AC46 D493 4868 D3B8  CE8F 21E1 0D29 DF97 7054

* remotes/alistair/tags/pull-riscv-to-apply-20201109:
  hw/intc/ibex_plic: Clear the claim register when read
  target/riscv: Split the Hypervisor execute load helpers
  target/riscv: Remove the hyp load and store functions
  target/riscv: Remove the HS_TWO_STAGE flag
  target/riscv: Set the virtualised MMU mode when doing hyp accesses
  target/riscv: Add a virtualised MMU Mode

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 months agos390x: Avoid variable size warning in ipl.h
Daniele Buono [Thu, 5 Nov 2020 22:19:00 +0000 (17:19 -0500)] 
s390x: Avoid variable size warning in ipl.h

S390IPLState contains two IplParameterBlock, which may in turn have
either a IPLBlockPV or a IplBlockFcp, both ending with a variable
sized field (an array).

This causes a warning with clang 11 or greater, which checks that
variable sized type are only allocated at the end of the struct:

In file included from ../qemu-cfi-v3/target/s390x/diag.c:21:
../qemu-cfi-v3/hw/s390x/ipl.h:161:23: error: field 'iplb' with variable sized type 'IplParameterBlock' (aka 'union IplParameterBlock') not at the end of a struct or class is a GNU extension [-Werror,-Wgnu-variable-sized-type-not-at-end]
    IplParameterBlock iplb;
                      ^
../qemu-cfi-v3/hw/s390x/ipl.h:162:23: error: field 'iplb_pv' with variable sized type 'IplParameterBlock' (aka 'union IplParameterBlock') not at the end of a struct or class is a GNU extension [-Werror,-Wgnu-variable-sized-type-not-at-end]
    IplParameterBlock iplb_pv;

In this case, however, the warning is a false positive, because
IPLBlockPV and IplBlockFcp are allocated in a union wrapped at 4K,
making the union non-variable sized.

Fix the warning by turning the two variable sized arrays into arrays
of size 0. This avoids the compiler error and should produce the
same code.

Signed-off-by: Daniele Buono <dbuono@linux.vnet.ibm.com>
Message-Id: <20201105221905.1350-5-dbuono@linux.vnet.ibm.com>
Acked-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
8 months agos390x: fix clang 11 warnings in cpu_models.c
Daniele Buono [Thu, 5 Nov 2020 22:18:58 +0000 (17:18 -0500)] 
s390x: fix clang 11 warnings in cpu_models.c

There are void * pointers that get casted to enums, in cpu_models.c
Such casts can result in a small integer type and are caught as
warnings with clang, starting with version 11:

Clang 11 finds a bunch of spots in the code that trigger this new warnings:

../qemu-base/target/s390x/cpu_models.c:985:21: error: cast to smaller integer type 'S390Feat' from 'void *' [-Werror,-Wvoid-pointer-to-enum-cast]
    S390Feat feat = (S390Feat) opaque;
                    ^~~~~~~~~~~~~~~~~
../qemu-base/target/s390x/cpu_models.c:1002:21: error: cast to smaller integer type 'S390Feat' from 'void *' [-Werror,-Wvoid-pointer-to-enum-cast]
    S390Feat feat = (S390Feat) opaque;
                    ^~~~~~~~~~~~~~~~~
../qemu-base/target/s390x/cpu_models.c:1036:27: error: cast to smaller integer type 'S390FeatGroup' from 'void *' [-Werror,-Wvoid-pointer-to-enum-cast]
    S390FeatGroup group = (S390FeatGroup) opaque;
                          ^~~~~~~~~~~~~~~~~~~~~~
../qemu-base/target/s390x/cpu_models.c:1057:27: error: cast to smaller integer type 'S390FeatGroup' from 'void *' [-Werror,-Wvoid-pointer-to-enum-cast]
    S390FeatGroup group = (S390FeatGroup) opaque;
                          ^~~~~~~~~~~~~~~~~~~~~~
4 errors generated.

Avoid this warning by casting the pointer to uintptr_t first.

Signed-off-by: Daniele Buono <dbuono@linux.vnet.ibm.com>
Message-Id: <20201105221905.1350-3-dbuono@linux.vnet.ibm.com>
Acked-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
8 months agoqtest: Update references to parse_escape() in comments
Peter Maydell [Mon, 9 Nov 2020 16:26:21 +0000 (16:26 +0000)] 
qtest: Update references to parse_escape() in comments

In commit 61030280ca2d67bd in 2018 we renamed the parse_escape()
function to parse_interpolation(), but we didn't catch the references
to this function in doc comments in libqtest.h. Update them.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20201109162621.18885-1-peter.maydell@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
8 months agofuzz: add virtio-blk fuzz target
Dima Stepanov [Mon, 9 Nov 2020 11:25:50 +0000 (14:25 +0300)] 
fuzz: add virtio-blk fuzz target

The virtio-blk fuzz target sets up and fuzzes the available virtio-blk
queues. The implementation is based on two files:
  - tests/qtest/fuzz/virtio_scsi_fuzz.c
  - tests/qtest/virtio_blk_test.c

Signed-off-by: Dima Stepanov <dimastep@yandex-team.ru>
Reviewed-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <e2405c459302ecaee2555405604975353bfa3837.1604920905.git.dimastep@yandex-team.ru>
Signed-off-by: Thomas Huth <thuth@redhat.com>
8 months agodocs: add "page source" link to sphinx documentation
Daniel P. Berrangé [Mon, 2 Nov 2020 13:09:26 +0000 (13:09 +0000)] 
docs: add "page source" link to sphinx documentation

Add a link to the top of the sidebar in every docs page that takes the
user back to the source code in gitlab.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20201102130926.161183-5-berrange@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
8 months agogitlab: force enable docs build in Fedora, Ubuntu, Debian
Daniel P. Berrangé [Mon, 2 Nov 2020 13:09:24 +0000 (13:09 +0000)] 
gitlab: force enable docs build in Fedora, Ubuntu, Debian

Meson runs a test to see if Sphinx works, and automatically disables it
on error. This can lead to the CI jobs skipping docs build without
maintainers noticing the problem. Use --enable-docs to force a fatal
error if Sphinx doesn't work on the jobs where we expect it to be OK.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20201102130926.161183-3-berrange@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
8 months agogitlab: publish the docs built during CI
Daniel P. Berrangé [Mon, 2 Nov 2020 13:09:23 +0000 (13:09 +0000)] 
gitlab: publish the docs built during CI

Most of the build jobs will create the sphinx documentation. If we
expose this as an artifact of a "pages" job in a "public" directory, it
will get published using GitLab Pages. This means a user can push a
branch with docs changes to GitLab and view the results at

  https://yourusername.gitlab.io/qemu/

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20201102130926.161183-2-berrange@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
8 months agoconfigure: surface deprecated targets in the help output
Alex Bennée [Thu, 29 Oct 2020 20:14:49 +0000 (20:14 +0000)] 
configure: surface deprecated targets in the help output

Show the targets but keep them separate from the main list.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20201029201449.6926-1-alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
8 months agofuzz: Make fork_fuzz.ld compatible with LLVM's LLD
Daniele Buono [Thu, 5 Nov 2020 22:18:57 +0000 (17:18 -0500)] 
fuzz: Make fork_fuzz.ld compatible with LLVM's LLD

LLVM's linker, LLD, supports the keyword "INSERT AFTER", starting with
version 11.
However, when multiple sections are defined in the same "INSERT AFTER",
they are added in a reversed order, compared to BFD's LD.

This patch makes fork_fuzz.ld generic enough to work with both linkers.
Each section now has its own "INSERT AFTER" keyword, so proper ordering is
defined between the sections added.

Signed-off-by: Daniele Buono <dbuono@linux.vnet.ibm.com>
Message-Id: <20201105221905.1350-2-dbuono@linux.vnet.ibm.com>
Reviewed-by: Alexander Bulekov <alxndr@bu.edu>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Thomas Huth <thuth@redhat.com>
8 months agoscripts/oss-fuzz: give all fuzzers -target names
Alexander Bulekov [Sun, 8 Nov 2020 17:11:36 +0000 (12:11 -0500)] 
scripts/oss-fuzz: give all fuzzers -target names

We switched to hardlinks in
a942f64cc4 ("scripts/oss-fuzz: use hardlinks instead of copying")

The motivation was to conserve space (50 fuzzers built with ASAN, can
weigh close to 9 GB).

Unfortunately, OSS-Fuzz (partially) treated the underlying copy of the
fuzzer as a standalone fuzzer. To attempt to fix, we tried:

f8b8f37463 ("scripts/oss-fuzz: rename bin/qemu-fuzz-i386")

This was also not a complete fix, because though OSS-Fuzz
ignores the renamed fuzzer, the underlying ClusterFuzz, doesn't:
https://storage.googleapis.com/clusterfuzz-builds/qemu/targets.list.address
https://oss-fuzz-build-logs.storage.googleapis.com/log-9bfb55f9-1c20-4aa6-a49c-ede12864eeb2.txt
(clusterfuzz still lists qemu-fuzz-i386.base as a fuzzer)

This change keeps the hard-links, but makes them all point to a file
with a qemu-fuzz-i386-target-.. name. If we have targets, A, B, C, the
result will be:

qemu-fuzz-i386-target-A (base file)
qemu-fuzz-i386-target-B -> qemu-fuzz-i386-target-A
qemu-fuzz-i386-target-C -> qemu-fuzz-i386-target-A

The result should be that every file that looks like a fuzzer to
OSS-Fuzz/ClusterFuzz, can run as a fuzzer (we don't have a separate base
copy). Unfortunately, there is not simple way to test this locally.

In the future, it might be worth it to link the majority of QEMU in as a
shared-object (see https://github.com/google/oss-fuzz/issues/4575 )

Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20201108171136.160607-1-alxndr@bu.edu>
Signed-off-by: Thomas Huth <thuth@redhat.com>
8 months agodocs/fuzz: update fuzzing documentation post-meson
Alexander Bulekov [Fri, 6 Nov 2020 18:06:00 +0000 (13:06 -0500)] 
docs/fuzz: update fuzzing documentation post-meson

Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20201106180600.360110-3-alxndr@bu.edu>
Signed-off-by: Thomas Huth <thuth@redhat.com>
8 months agodocs/fuzz: rST-ify the fuzzing documentation
Alexander Bulekov [Fri, 6 Nov 2020 18:05:59 +0000 (13:05 -0500)] 
docs/fuzz: rST-ify the fuzzing documentation

Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20201106180600.360110-2-alxndr@bu.edu>
Signed-off-by: Thomas Huth <thuth@redhat.com>
8 months agoMAINTAINERS: Add gitlab-pipeline-status script to GitLab CI section
Philippe Mathieu-Daudé [Sun, 8 Nov 2020 20:45:22 +0000 (21:45 +0100)] 
MAINTAINERS: Add gitlab-pipeline-status script to GitLab CI section

Do not let the gitlab-pipeline-status script unmaintained,
add it to the 'GitLab Continuous Integration' section.

Fixes: c02b2eac55e ("GitLab Gating CI: introduce pipeline-status contrib script")
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20201108204535.2319870-5-philmd@redhat.com>
Reviewed-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
8 months agolinux-user/sparc: Don't zero high half of PC, NPC, PSR in sigreturn
Peter Maydell [Thu, 5 Nov 2020 21:23:14 +0000 (21:23 +0000)] 
linux-user/sparc: Don't zero high half of PC, NPC, PSR in sigreturn

The function do_sigreturn() tries to store the PC, NPC and PSR in
uint32_t local variables, which implicitly drops the high half of
these fields for 64-bit guests.

The usual effect was that a guest which used signals would crash on
return from a signal unless it was lucky enough to take it while the
PC was in the low 4GB of the address space.  In particular, Debian
/bin/dash and /bin/bash would segfault after executing external
commands.

Use abi_ulong, which is the type these fields all have in the
__siginfo_t struct.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20201105212314.9628-4-peter.maydell@linaro.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
8 months agolinux-user/sparc: Correct set/get_context handling of fp and i7
Peter Maydell [Thu, 5 Nov 2020 21:23:13 +0000 (21:23 +0000)] 
linux-user/sparc: Correct set/get_context handling of fp and i7

Because QEMU's user-mode emulation just directly accesses guest CPU
state, for SPARC the guest register window state is not the same in
the sparc64_get_context() and sparc64_set_context() functions as it
is for the real kernel's versions of those functions.  Specifically,
for the kernel it has saved the user space state such that the O*
registers go into a pt_regs struct as UREG_I*, and the I* registers
have been spilled onto the userspace stack.  For QEMU, we haven't
done that, so the guest's O* registers are still in WREG_O* and the
I* registers in WREG_I*.

The code was already accessing the O* registers correctly for QEMU,
but had copied the kernel code for accessing the I* registers off the
userspace stack.  Replace this with direct accesses to fp and i7 in
the CPU state, and add a comment explaining why we differ from the
kernel code here.

This fix is sufficient to get bash to a shell prompt.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20201105212314.9628-3-peter.maydell@linaro.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
8 months agolinux-user/sparc: Fix errors in target_ucontext structures
Peter Maydell [Thu, 5 Nov 2020 21:23:12 +0000 (21:23 +0000)] 
linux-user/sparc: Fix errors in target_ucontext structures

The various structs that make up the SPARC target_ucontext had some
errors:
 * target structures must not include fields which are host pointers,
   which might be the wrong size.  These should be abi_ulong instead
 * because we don't have the 'long double' part of the mcfpu_fregs
   union in our version of the target_mc_fpu struct, we need to
   manually force it to be 16-aligned

In particular, the lack of 16-alignment caused sparc64_get_context()
and sparc64_set_context() to read and write all the registers at the
wrong offset, which triggered a guest glibc stack check in
siglongjmp:
  *** longjmp causes uninitialized stack frame ***: terminated
when trying to run bash.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20201105212314.9628-2-peter.maydell@linaro.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
8 months agohw/intc/ibex_plic: Clear the claim register when read
Alistair Francis [Fri, 6 Nov 2020 02:32:19 +0000 (18:32 -0800)] 
hw/intc/ibex_plic: Clear the claim register when read

After claiming the interrupt by reading the claim register we want to
clear the register to make sure the interrupt doesn't appear at the next
read.

This matches the documentation for the claim register as when an interrupt
is claimed by a target the relevant bit of IP is cleared (which we already
do): https://docs.opentitan.org/hw/ip/rv_plic/doc/index.html

This also matches the current hardware.

Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 68d4575deef2559b7a747f3bda193fcf43af4558.1604629928.git.alistair.francis@wdc.com

8 months agotarget/riscv: Split the Hypervisor execute load helpers
Alistair Francis [Wed, 4 Nov 2020 04:43:34 +0000 (20:43 -0800)] 
target/riscv: Split the Hypervisor execute load helpers

Split the hypervisor execute load functions into two seperate functions.
This avoids us having to pass the memop to the C helper functions.

Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 5b1550f0faa3c435cc77f3c1ae811dea98ab9e36.1604464950.git.alistair.francis@wdc.com

8 months agotarget/riscv: Remove the hyp load and store functions
Alistair Francis [Wed, 4 Nov 2020 04:43:31 +0000 (20:43 -0800)] 
target/riscv: Remove the hyp load and store functions

Remove the special Virtulisation load and store functions and just use
the standard tcg tcg_gen_qemu_ld_tl() and tcg_gen_qemu_st_tl() functions
instead.

As part of this change we ensure we still run an access check to make
sure we can perform the operations.

Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 189ac3e53ef2854824d18aad7074c6649f17de2c.1604464950.git.alistair.francis@wdc.com

8 months agotarget/riscv: Remove the HS_TWO_STAGE flag
Alistair Francis [Wed, 4 Nov 2020 04:43:29 +0000 (20:43 -0800)] 
target/riscv: Remove the HS_TWO_STAGE flag

The HS_TWO_STAGE flag is no longer required as the MMU index contains
the information if we are performing a two stage access.

Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: f514b128b1ff0fb41c85f914cee18f905007a922.1604464950.git.alistair.francis@wdc.com

8 months agotarget/riscv: Set the virtualised MMU mode when doing hyp accesses
Alistair Francis [Wed, 4 Nov 2020 04:43:26 +0000 (20:43 -0800)] 
target/riscv: Set the virtualised MMU mode when doing hyp accesses

When performing the hypervisor load/store operations set the MMU mode to
indicate that we are virtualised.

Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: e411c61a1452cad16853f13cac2fb86dc91ebee8.1604464950.git.alistair.francis@wdc.com

8 months agotarget/riscv: Add a virtualised MMU Mode
Alistair Francis [Wed, 4 Nov 2020 04:43:23 +0000 (20:43 -0800)] 
target/riscv: Add a virtualised MMU Mode

Add a new MMU mode that includes the current virt mode.

Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 4b301bc0ea36da962fc1605371b65019ac3073df.1604464950.git.alistair.francis@wdc.com

8 months agoMerge remote-tracking branch 'remotes/mdroth/tags/qga-pull-2020-11-09-tag' into staging
Peter Maydell [Mon, 9 Nov 2020 20:29:04 +0000 (20:29 +0000)] 
Merge remote-tracking branch 'remotes/mdroth/tags/qga-pull-2020-11-09-tag' into staging

qemu-ga patch queue for hard-freeze

* fix leaked DIR* descriptor in guest-get-disks spotted by coverity

# gpg: Signature made Mon 09 Nov 2020 20:11:08 GMT
# gpg:                using RSA key CEACC9E15534EBABB82D3FA03353C9CEF108B584
# gpg:                issuer "michael.roth@amd.com"
# gpg: Good signature from "Michael Roth <flukshun@gmail.com>" [full]
# gpg:                 aka "Michael Roth <mdroth@utexas.edu>" [full]
# gpg:                 aka "Michael Roth <mdroth@linux.vnet.ibm.com>" [full]
# Primary key fingerprint: CEAC C9E1 5534 EBAB B82D  3FA0 3353 C9CE F108 B584

* remotes/mdroth/tags/qga-pull-2020-11-09-tag:
  qga: fix missing closedir() in qmp_guest_get_disks()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 months agoqga: fix missing closedir() in qmp_guest_get_disks()
Michael Roth [Sun, 8 Nov 2020 14:37:41 +0000 (08:37 -0600)] 
qga: fix missing closedir() in qmp_guest_get_disks()

We opendir("/sys/block") at the beginning of the function, but we never
close it prior to returning.

Fixes: Coverity CID 1436130
Fixes: fed3956429d5 ("qga: add implementation of guest-get-disks for Linux")
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Cc: Marc-André Lureau <marcandre.lureau@redhat.com>
Cc: Tomáš Golembiovský <tgolembi@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
8 months agoMerge remote-tracking branch 'remotes/maxreitz/tags/pull-block-2020-11-09-v2' into...
Peter Maydell [Mon, 9 Nov 2020 19:33:07 +0000 (19:33 +0000)] 
Merge remote-tracking branch 'remotes/maxreitz/tags/pull-block-2020-11-09-v2' into staging

Block patches for 5.2.0-rc1:
- Some nvme fixes (addressing problems spotted by Coverity)
- Fix nfs compiling on mingw (and enable it in Cirrus)
- Fix an error path in bdrv_co_invalidate_cache() (permission update
  was initiated, but not aborted)
- Fix (on-error) roll back in bdrv_drop_intermediate(): Instead of
  inlining bdrv_replace_node() (wrongly), call that function
- Fix for iotest 240
- Fix error handling in bdrv_getlength()
- Be more explicit about how QCowL2Meta objects are handled
- Cleanups

# gpg: Signature made Mon 09 Nov 2020 17:45:06 GMT
# gpg:                using RSA key 91BEB60A30DB3E8857D11829F407DB0061D5CF40
# gpg:                issuer "mreitz@redhat.com"
# gpg: Good signature from "Max Reitz <mreitz@redhat.com>" [full]
# Primary key fingerprint: 91BE B60A 30DB 3E88 57D1  1829 F407 DB00 61D5 CF40

* remotes/maxreitz/tags/pull-block-2020-11-09-v2:
  block: make bdrv_drop_intermediate() less wrong
  block: add bdrv_replace_node_common()
  block: add forgotten bdrv_abort_perm_update() to bdrv_co_invalidate_cache()
  block: Fix some code style problems, "foo* bar" should be "foo *bar"
  block: Fix integer promotion error in bdrv_getlength()
  block: enable libnfs on msys2/mingw in cirrus.yml
  block: Fixes nfs compiling error on msys2/mingw
  iotests: rewrite iotest 240 in python
  iotests: add filter_qmp_virtio_scsi function
  hw/block/nvme: fix free of array-typed value
  hw/block/nvme: fix uint16_t use of uint32_t sgls member
  hw/block/nvme: fix null ns in register namespace
  qcow2: Document and enforce the QCowL2Meta invariants
  block: Move bdrv_drain_all_end_quiesce() to block_int.h
  block: Remove unused include

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 months agoblock: make bdrv_drop_intermediate() less wrong
Vladimir Sementsov-Ogievskiy [Fri, 6 Nov 2020 12:42:37 +0000 (15:42 +0300)] 
block: make bdrv_drop_intermediate() less wrong

First, permission update loop tries to do iterations transactionally,
but the whole update is not transactional: nobody roll-back successful
loop iterations when some iteration fails.

Second, in the iteration we have nested permission update:
c->klass->update_filename may point to bdrv_child_cb_update_filename()
which calls bdrv_backing_update_filename(), which may do node reopen to
RW.

Permission update system is not prepared to nested updates, at least it
has intermediate permission-update state stored in BdrvChild
structures: has_backup_perm, backup_perm and backup_shared_perm.

So, let's first do bdrv_replace_node_common() (which is more
transactional than open-coded update in bdrv_drop_intermediate()) and
then call update_filename() in separate. We still do not rollback
changes in case of update_filename() failure but it's not much worse
than pre-patch behavior.

Note that bdrv_replace_node_common() does check for frozen children,
so corresponding check is dropped in bdrv_drop_intermediate().

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <20201106124241.16950-4-vsementsov@virtuozzo.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
8 months agoblock: add bdrv_replace_node_common()
Vladimir Sementsov-Ogievskiy [Fri, 6 Nov 2020 12:42:36 +0000 (15:42 +0300)] 
block: add bdrv_replace_node_common()

Add new parameter to bdrv_replace_node(): auto_skip. With
auto_skip=false we'll have stricter behavior: update _all_ from
parents or fail. New behaviour will be used in the following commit in
block.c, so keep original function name as public interface.

Note: new error message is a bit funny in contrast with further
"Cannot" in case of frozen child, but we'd better keep some difference
to make it possible to distinguish one from another on failure. Still,
actually we'd better refactor should_update_child() call to distinguish
also different kinds of "should not". Let's do it later.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <20201106124241.16950-3-vsementsov@virtuozzo.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
8 months agoblock: add forgotten bdrv_abort_perm_update() to bdrv_co_invalidate_cache()
Vladimir Sementsov-Ogievskiy [Fri, 6 Nov 2020 12:42:35 +0000 (15:42 +0300)] 
block: add forgotten bdrv_abort_perm_update() to bdrv_co_invalidate_cache()

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <20201106124241.16950-2-vsementsov@virtuozzo.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
8 months agoblock: Fix some code style problems, "foo* bar" should be "foo *bar"
shiliyang [Fri, 30 Oct 2020 03:35:12 +0000 (11:35 +0800)] 
block: Fix some code style problems, "foo* bar" should be "foo *bar"

There have some code style problems be found when read the block driver code.
So I fixes some problems of this error, ERROR: "foo* bar" should be "foo *bar".

Signed-off-by: Liyang Shi <shiliyang@huawei.com>
Reported-by: Euler Robot <euler.robot@huawei.com>
Message-Id: <3211f389-6d22-46c1-4a16-e6a2ba66f070@huawei.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
8 months agogitlab-ci: Drop generic cache rule
Philippe Mathieu-Daudé [Sun, 8 Nov 2020 22:19:15 +0000 (23:19 +0100)] 
gitlab-ci: Drop generic cache rule

This cache rule is meant for Avocado artifacts, but affects
all jobs. Moreover the 'acceptance_template' template already
include a more detailled rule to cache artifacts.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20201108221925.2344515-2-philmd@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
8 months agotests/qtest/tpm: Remove redundant check in the tpm_test_swtpm_test()
AlexChen [Thu, 5 Nov 2020 15:03:36 +0000 (23:03 +0800)] 
tests/qtest/tpm: Remove redundant check in the tpm_test_swtpm_test()

The 'addr' would not be NULL after checking 'succ' is valid,
and it has been dereferenced in the previous code(args = g_strdup_printf()).
So the check on 'addr' in the tpm_test_swtpm_test() is redundant. Remove it.

Reported-by: Euler Robot <euler.robot@huawei.com>
Signed-off-by: Alex Chen <alex.chen@huawei.com>
Message-Id: <5FA41448.4040404@huawei.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
8 months agoqtest: Fix bad printf format specifiers
AlexChen [Wed, 4 Nov 2020 10:23:19 +0000 (18:23 +0800)] 
qtest: Fix bad printf format specifiers

We should use printf format specifier "%u" instead of "%d" for
argument of type "unsigned int".

Reported-by: Euler Robot <euler.robot@huawei.com>
Signed-off-by: Alex Chen <alex.chen@huawei.com>
Message-Id: <5FA28117.3020802@huawei.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
8 months agodevice-crash-test: Check if path is actually an executable file
Eduardo Habkost [Mon, 26 Oct 2020 12:52:38 +0000 (08:52 -0400)] 
device-crash-test: Check if path is actually an executable file

After the transition to Meson, the build directory now have
subdirectories named "qemu-system-*.p", and device-crash-test
will try to execute them as if they were binaries.  This results
in errors like:

  PermissionError: [Errno 13] Permission denied: './qemu-system-or1k.p'

When generating the default list of binaries to test, check if
the path is actually a file and if it's executable.

Reported-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20201026125238.2752882-1-ehabkost@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
8 months agotests/vm: update openbsd to release 6.8
Brad Smith [Tue, 27 Oct 2020 05:30:48 +0000 (01:30 -0400)] 
tests/vm: update openbsd to release 6.8

A double dash at the end of a package name removes ambiguity
when the intent is to install a non-FLAVORed package.

Signed-off-by: Brad Smith <brad@comstyle.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Tested-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20201027053048.GB64546@humpty.home.comstyle.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
8 months agomeson: always include contrib/libvhost-user
Stefan Hajnoczi [Fri, 6 Nov 2020 21:03:40 +0000 (21:03 +0000)] 
meson: always include contrib/libvhost-user

libvhost-user is needed when CONFIG_LINUX is set. The CONFIG_VHOST_USER
check in meson.build is incorrect.

In fact, no explicit check is needed since this dependency is not built
by default. If something declares a dependency on libvhost-user then it
will be built, otherwise it won't be built (i.e. on non-Linux hosts).

This fixes ./configure --disable-vhost-user && make.

Fixes: bc15e44cb2191bbb2318878acdf5038134e56394 ("configure: introduce --enable-vhost-user-blk-server")
Reported-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reported-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20201106210340.698771-1-stefanha@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
8 months agoblock: Fix integer promotion error in bdrv_getlength()
Eric Blake [Thu, 5 Nov 2020 15:51:22 +0000 (09:51 -0600)] 
block: Fix integer promotion error in bdrv_getlength()

Back in 2015, we attempted to fix error reporting for images that
claimed to have more than INT64_MAX/512 sectors, but due to the type
promotions caused by BDRV_SECTOR_SIZE being unsigned, this
inadvertently forces all negative ret values to be slammed into -EFBIG
rather than the original error.  While we're at it, we can avoid the
confusing ?: by spelling the logic more directly.

Fixes: 4a9c9ea0d3
Reported-by: Guoyi Tu <tu.guoyi@h3c.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20201105155122.60943-1-eblake@redhat.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
8 months agoblock: enable libnfs on msys2/mingw in cirrus.yml
Yonggang Luo [Thu, 5 Nov 2020 12:31:16 +0000 (20:31 +0800)] 
block: enable libnfs on msys2/mingw in cirrus.yml

Initially, libnfs has not been enabled, and now it's fixed, so enable it
on cirrus.

Signed-off-by: Yonggang Luo <luoyonggang@gmail.com>
Message-Id: <20201105123116.674-3-luoyonggang@gmail.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
8 months agoblock: Fixes nfs compiling error on msys2/mingw
Yonggang Luo [Thu, 5 Nov 2020 12:31:15 +0000 (20:31 +0800)] 
block: Fixes nfs compiling error on msys2/mingw

These compiling errors are fixed:
../block/nfs.c:27:10: fatal error: poll.h: No such file or directory
   27 | #include <poll.h>
      |          ^~~~~~~~
compilation terminated.

../block/nfs.c:63:5: error: unknown type name 'blkcnt_t'
   63 |     blkcnt_t st_blocks;
      |     ^~~~~~~~
../block/nfs.c: In function 'nfs_client_open':
../block/nfs.c:550:27: error: 'struct _stat64' has no member named 'st_blocks'
  550 |     client->st_blocks = st.st_blocks;
      |                           ^
../block/nfs.c: In function 'nfs_get_allocated_file_size':
../block/nfs.c:751:41: error: 'struct _stat64' has no member named 'st_blocks'
  751 |     return (task.ret < 0 ? task.ret : st.st_blocks * 512);
      |                                         ^
../block/nfs.c: In function 'nfs_reopen_prepare':
../block/nfs.c:805:31: error: 'struct _stat64' has no member named 'st_blocks'
  805 |         client->st_blocks = st.st_blocks;
      |                               ^
../block/nfs.c: In function 'nfs_get_allocated_file_size':
../block/nfs.c:752:1: error: control reaches end of non-void function [-Werror=return-type]
  752 | }
      | ^

On msys2/mingw, there is no st_blocks in struct _stat64 yet, we disable the usage of it
on msys2/mingw, and create a typedef long long blkcnt_t; for further implementation

Signed-off-by: Yonggang Luo <luoyonggang@gmail.com>
Message-Id: <20201105123116.674-2-luoyonggang@gmail.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
8 months agoiotests: rewrite iotest 240 in python
Maxim Levitsky [Wed, 4 Nov 2020 18:50:25 +0000 (20:50 +0200)] 
iotests: rewrite iotest 240 in python

The recent changes that brought RCU delayed device deletion,
broke few tests and this test breakage went unnoticed.

Fix this test by rewriting it in python
(which allows to wait for DEVICE_DELETED events before continuing).

Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Tested-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20201104185025.434703-3-mlevitsk@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
8 months agoiotests: add filter_qmp_virtio_scsi function
Maxim Levitsky [Wed, 4 Nov 2020 18:50:24 +0000 (20:50 +0200)] 
iotests: add filter_qmp_virtio_scsi function

filter_qmp_virtio_scsi can be used to filter virtio-scsi-pci/ccw differences.
Note that this patch was only tested on x86.

Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Tested-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20201104185025.434703-2-mlevitsk@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
8 months agohw/block/nvme: fix free of array-typed value
Klaus Jensen [Wed, 4 Nov 2020 10:22:48 +0000 (11:22 +0100)] 
hw/block/nvme: fix free of array-typed value

Since 7f0f1acedf15 ("hw/block/nvme: support multiple namespaces"), the
namespaces member of NvmeCtrl is no longer a dynamically allocated
array. Remove the free.

Fixes: 7f0f1acedf15 ("hw/block/nvme: support multiple namespaces")
Reported-by: Coverity (CID 1436131)
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Message-Id: <20201104102248.32168-4-its@irrelevant.dk>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
8 months agohw/block/nvme: fix uint16_t use of uint32_t sgls member
Klaus Jensen [Wed, 4 Nov 2020 10:22:47 +0000 (11:22 +0100)] 
hw/block/nvme: fix uint16_t use of uint32_t sgls member

nvme_map_sgl_data erroneously uses the sgls member of NvmeIdNs as a
uint16_t.

Reported-by: Coverity (CID 1436129)
Fixes: cba0a8a344fe ("hw/block/nvme: add support for scatter gather lists")
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Message-Id: <20201104102248.32168-3-its@irrelevant.dk>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
8 months agohw/block/nvme: fix null ns in register namespace
Klaus Jensen [Wed, 4 Nov 2020 10:22:46 +0000 (11:22 +0100)] 
hw/block/nvme: fix null ns in register namespace

Fix dereference after NULL check.

Reported-by: Coverity (CID 1436128)
Fixes: b20804946bce ("hw/block/nvme: update nsid when registered")
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Message-Id: <20201104102248.32168-2-its@irrelevant.dk>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
8 months agoqcow2: Document and enforce the QCowL2Meta invariants
Alberto Garcia [Wed, 7 Oct 2020 16:13:23 +0000 (18:13 +0200)] 
qcow2: Document and enforce the QCowL2Meta invariants

The QCowL2Meta structure is used to store information about a part of
a write request that touches clusters that need changes in their L2
entries. This happens with newly-allocated clusters or subclusters.

This structure has changed a bit since it was first created and its
current documentation is not quite up-to-date.

A write request can span a region consisting of a combination of
clusters of different types, and qcow2_alloc_host_offset() can
repeatedly call handle_copied() and handle_alloc() to add more
clusters to the mix as long as they all are contiguous on the image
file.

Because of this a write request has a list of QCowL2Meta structures,
one for each part of the request that needs changes in the L2
metadata.

Each one of them spans nb_clusters and has two copy-on-write regions
located immediately before and after the middle region touched by that
part of the write request. Even when those regions themselves are
empty their offsets must be correct because they are used to know the
location of the middle region.

This was not always the case but it is not a problem anymore
because the only two places where QCowL2Meta structures are created
(calculate_l2_meta() and qcow2_co_truncate()) ensure that the
copy-on-write regions are correctly defined, and so do assertions like
the ones in perform_cow().

The conditional initialization of the 'written_to' variable is
therefore unnecessary and is removed by this patch.

Signed-off-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <20201007161323.4667-1-berto@igalia.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
8 months agoblock: Move bdrv_drain_all_end_quiesce() to block_int.h
Greg Kurz [Wed, 28 Oct 2020 08:07:34 +0000 (09:07 +0100)] 
block: Move bdrv_drain_all_end_quiesce() to block_int.h

This function is really an internal helper for bdrv_close(). Update its
doc comment to make this clear and make the function private.

Signed-off-by: Greg Kurz <groug@kaod.org>
Message-Id: <160387245480.131299.13430357162209598411.stgit@bahia>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
8 months agoblock: Remove unused include
AlexChen [Wed, 21 Oct 2020 09:12:52 +0000 (17:12 +0800)] 
block: Remove unused include

The "qemu-common.h" include is not used, remove it.

Reported-by: Euler Robot <euler.robot@huawei.com>
Signed-off-by: AlexChen <alex.chen@huawei.com>
Message-Id: <5F8FFB94.3030209@huawei.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
8 months agoMerge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2020-11-09' into staging
Peter Maydell [Mon, 9 Nov 2020 13:55:15 +0000 (13:55 +0000)] 
Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2020-11-09' into staging

QAPI patches patches for 2020-11-09

# gpg: Signature made Mon 09 Nov 2020 08:16:33 GMT
# gpg:                using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653
# gpg:                issuer "armbru@redhat.com"
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full]
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>" [full]
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867  4E5F 3870 B400 EB91 8653

* remotes/armbru/tags/pull-qapi-2020-11-09:
  block: Remove unused BlockDeviceMapEntry
  qapi/block-core: Improve MapEntry documentation
  qapi: Fix missing headers in QMP Reference Manual
  MAINTAINERS: Add QAPI schema modules to their subsystems
  docs/devel/qapi-code-gen: Fix up examples

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>