Misc fixes, for thread-pool, xen, and xen-emulate

* fix an access to `request_cond` QemuCond in thread-pool * fix issue with PCI devices when unplugging IDE devices in Xen guest * several fixes for issues pointed out by Coverity -----BEGIN PGP SIGNATURE----- iQEzBAABCgAdFiEE+AwAYwjiLP2KkueYDPVXL9f7Va8FAmTI0qcACgkQDPVXL9f7 Va9DVAgAlKGhkOhLiOtlwL05iI8/YiT7ekCSoMTWYO8iIyLCKGLVU5yyOAqYiAJD dEgXNZOeulcLkn3LDCQYtZJmD42sUHv/xmdJ06zJ9jRvtLAJp5wuwaU9JFDhJPsG eYPGBMdO39meUmgQe3X27CEKtht5Z8M9ZABdTLAxMyPANEzFmT7ni9wd/8Uc+tWg BMsXQco8e1GSiBUjSky5nSW248FVDIyjkaYWk1poXEfm4gPQ0jf9gg/biEj44cSH Tdz6de1kTwJfuYR+h+COQOrq0fUfz4SyVocKvtycZhKGXIqL74DiIGatxdVOwV9Y NJ8g4oKDgDeMBZ66kXnTX4Y9nzhPpA== =CdlZ -----END PGP SIGNATURE----- Merge tag 'pull-xen-20230801' of https://xenbits.xen.org/git-http/people/aperard/qemu-dm into staging Misc fixes, for thread-pool, xen, and xen-emulate * fix an access to `request_cond` QemuCond in thread-pool * fix issue with PCI devices when unplugging IDE devices in Xen guest * several fixes for issues pointed out by Coverity # -----BEGIN PGP SIGNATURE----- # # iQEzBAABCgAdFiEE+AwAYwjiLP2KkueYDPVXL9f7Va8FAmTI0qcACgkQDPVXL9f7 # Va9DVAgAlKGhkOhLiOtlwL05iI8/YiT7ekCSoMTWYO8iIyLCKGLVU5yyOAqYiAJD # dEgXNZOeulcLkn3LDCQYtZJmD42sUHv/xmdJ06zJ9jRvtLAJp5wuwaU9JFDhJPsG # eYPGBMdO39meUmgQe3X27CEKtht5Z8M9ZABdTLAxMyPANEzFmT7ni9wd/8Uc+tWg # BMsXQco8e1GSiBUjSky5nSW248FVDIyjkaYWk1poXEfm4gPQ0jf9gg/biEj44cSH # Tdz6de1kTwJfuYR+h+COQOrq0fUfz4SyVocKvtycZhKGXIqL74DiIGatxdVOwV9Y # NJ8g4oKDgDeMBZ66kXnTX4Y9nzhPpA== # =CdlZ # -----END PGP SIGNATURE----- # gpg: Signature made Tue 01 Aug 2023 02:38:47 AM PDT # gpg: using RSA key F80C006308E22CFD8A92E7980CF5572FD7FB55AF # gpg: Good signature from "Anthony PERARD <anthony.perard@gmail.com>" [unknown] # gpg: aka "Anthony PERARD <anthony.perard@citrix.com>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 5379 2F71 024C 600F 778A 7161 D8D5 7199 DF83 42C8 # Subkey fingerprint: F80C 0063 08E2 2CFD 8A92 E798 0CF5 572F D7FB 55AF * tag 'pull-xen-20230801' of https://xenbits.xen.org/git-http/people/aperard/qemu-dm: xen-platform: do full PCI reset during unplug of IDE devices xen: Don't pass MemoryListener around by value thread-pool: signal "request_cond" while locked xen-block: Avoid leaks on new error path hw/xen: Clarify (lack of) error handling in transaction_commit() Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-08-01 07:27:31 -07:00 · 2023-08-01 07:27:31 -07:00 · 38a6de80b9
parent 802341823f 856ca10f9c
commit 38a6de80b9
8 changed files with 31 additions and 19 deletions
--- a/hw/arm/xen_arm.c
+++ b/hw/arm/xen_arm.c
@ -37,7 +37,7 @@
 #define TYPE_XEN_ARM  MACHINE_TYPE_NAME("xenpvh")
 OBJECT_DECLARE_SIMPLE_TYPE(XenArmState, XEN_ARM)

-static MemoryListener xen_memory_listener = {
+static const MemoryListener xen_memory_listener = {
    .region_add = xen_region_add,
    .region_del = xen_region_del,
    .log_start = NULL,
@ -108,7 +108,7 @@ static void xen_arm_init(MachineState *machine)

    xam->state =  g_new0(XenIOState, 1);

-    xen_register_ioreq(xam->state, machine->smp.cpus, xen_memory_listener);
+    xen_register_ioreq(xam->state, machine->smp.cpus, &xen_memory_listener);

 #ifdef CONFIG_TPM
    if (xam->cfg.tpm_base_addr) {
--- a/hw/block/xen-block.c
+++ b/hw/block/xen-block.c
@ -781,14 +781,15 @@ static XenBlockDrive *xen_block_drive_create(const char *id,
    drive = g_new0(XenBlockDrive, 1);
    drive->id = g_strdup(id);

-    file_layer = qdict_new();
-    driver_layer = qdict_new();
-
    rc = stat(filename, &st);
    if (rc) {
        error_setg_errno(errp, errno, "Could not stat file '%s'", filename);
        goto done;
    }
+
+    file_layer = qdict_new();
+    driver_layer = qdict_new();
+
    if (S_ISBLK(st.st_mode)) {
        qdict_put_str(file_layer, "driver", "host_device");
    } else {
@ -796,7 +797,6 @@ static XenBlockDrive *xen_block_drive_create(const char *id,
    }

    qdict_put_str(file_layer, "filename", filename);
-    g_free(filename);

    if (mode && *mode != 'w') {
        qdict_put_bool(file_layer, "read-only", true);
@ -831,7 +831,6 @@ static XenBlockDrive *xen_block_drive_create(const char *id,
    qdict_put_str(file_layer, "locking", "off");

    qdict_put_str(driver_layer, "driver", driver);
-    g_free(driver);

    qdict_put(driver_layer, "file", file_layer);

@ -842,6 +841,8 @@ static XenBlockDrive *xen_block_drive_create(const char *id,
    qobject_unref(driver_layer);

 done:
+    g_free(filename);
+    g_free(driver);
    if (*errp) {
        xen_block_drive_destroy(drive, NULL);
        return NULL;
--- a/hw/i386/kvm/xenstore_impl.c
+++ b/hw/i386/kvm/xenstore_impl.c
@ -1022,6 +1022,7 @@ static int transaction_commit(XenstoreImplState *s, XsTransaction *tx)
 {
    struct walk_op op;
    XsNode **n;
+    int ret;

    if (s->root_tx != tx->base_tx) {
        return EAGAIN;
@ -1032,7 +1033,16 @@ static int transaction_commit(XenstoreImplState *s, XsTransaction *tx)
    s->root_tx = tx->tx_id;
    s->nr_nodes = tx->nr_nodes;

-    init_walk_op(s, &op, XBT_NULL, tx->dom_id, "/", &n);
+    ret = init_walk_op(s, &op, XBT_NULL, tx->dom_id, "/", &n);
+    /*
+     * There are two reasons why init_walk_op() may fail: an invalid tx_id,
+     * or an invalid path. We pass XBT_NULL and "/", and it cannot fail.
+     * If it does, the world is broken. And returning 'ret' would be weird
+     * because the transaction *was* committed, and all this tree walk is
+     * trying to do is fire the resulting watches on newly-committed nodes.
+     */
+    g_assert(!ret);
+
    op.deleted_in_tx = false;
    op.mutating = true;

--- a/hw/i386/xen/xen-hvm.c
+++ b/hw/i386/xen/xen-hvm.c
@ -458,7 +458,7 @@ static void xen_log_global_stop(MemoryListener *listener)
    xen_in_migration = false;
 }

-static MemoryListener xen_memory_listener = {
+static const MemoryListener xen_memory_listener = {
    .name = "xen-memory",
    .region_add = xen_region_add,
    .region_del = xen_region_del,
@ -582,7 +582,7 @@ void xen_hvm_init_pc(PCMachineState *pcms, MemoryRegion **ram_memory)

    state = g_new0(XenIOState, 1);

-    xen_register_ioreq(state, max_cpus, xen_memory_listener);
+    xen_register_ioreq(state, max_cpus, &xen_memory_listener);

    QLIST_INIT(&xen_physmap);
    xen_read_physmap(state);
--- a/hw/i386/xen/xen_platform.c
+++ b/hw/i386/xen/xen_platform.c
@ -164,8 +164,9 @@ static void pci_unplug_nics(PCIBus *bus)
 *
 * [1] https://xenbits.xen.org/gitweb/?p=xen.git;a=blob;f=docs/misc/hvm-emulated-unplug.pandoc
 */
-static void pci_xen_ide_unplug(DeviceState *dev, bool aux)
+static void pci_xen_ide_unplug(PCIDevice *d, bool aux)
 {
+    DeviceState *dev = DEVICE(d);
    PCIIDEState *pci_ide;
    int i;
    IDEDevice *idedev;
@ -195,7 +196,7 @@ static void pci_xen_ide_unplug(DeviceState *dev, bool aux)
            blk_unref(blk);
        }
    }
-    device_cold_reset(dev);
+    pci_device_reset(d);
 }

 static void unplug_disks(PCIBus *b, PCIDevice *d, void *opaque)
@ -210,7 +211,7 @@ static void unplug_disks(PCIBus *b, PCIDevice *d, void *opaque)

    switch (pci_get_word(d->config + PCI_CLASS_DEVICE)) {
    case PCI_CLASS_STORAGE_IDE:
-        pci_xen_ide_unplug(DEVICE(d), aux);
+        pci_xen_ide_unplug(d, aux);
        break;

    case PCI_CLASS_STORAGE_SCSI:
--- a/hw/xen/xen-hvm-common.c
+++ b/hw/xen/xen-hvm-common.c
@ -765,8 +765,8 @@ void xen_shutdown_fatal_error(const char *fmt, ...)
 }

 static void xen_do_ioreq_register(XenIOState *state,
-                                           unsigned int max_cpus,
-                                           MemoryListener xen_memory_listener)
+                                  unsigned int max_cpus,
+                                  const MemoryListener *xen_memory_listener)
 {
    int i, rc;

@ -824,7 +824,7 @@ static void xen_do_ioreq_register(XenIOState *state,

    qemu_add_vm_change_state_handler(xen_hvm_change_state_handler, state);

-    state->memory_listener = xen_memory_listener;
+    state->memory_listener = *xen_memory_listener;
    memory_listener_register(&state->memory_listener, &address_space_memory);

    state->io_listener = xen_io_listener;
@ -842,7 +842,7 @@ err:
 }

 void xen_register_ioreq(XenIOState *state, unsigned int max_cpus,
-                        MemoryListener xen_memory_listener)
+                        const MemoryListener *xen_memory_listener)
 {
    int rc;

--- a/include/hw/xen/xen-hvm-common.h
+++ b/include/hw/xen/xen-hvm-common.h
@ -93,7 +93,7 @@ void xen_device_unrealize(DeviceListener *listener, DeviceState *dev);

 void xen_hvm_change_state_handler(void *opaque, bool running, RunState rstate);
 void xen_register_ioreq(XenIOState *state, unsigned int max_cpus,
-                        MemoryListener xen_memory_listener);
+                        const MemoryListener *xen_memory_listener);

 void cpu_ioreq_pio(ioreq_t *req);
 #endif /* HW_XEN_HVM_COMMON_H */
--- a/util/thread-pool.c
+++ b/util/thread-pool.c
@ -120,13 +120,13 @@ static void *worker_thread(void *opaque)

    pool->cur_threads--;
    qemu_cond_signal(&pool->worker_stopped);
-    qemu_mutex_unlock(&pool->lock);

    /*
     * Wake up another thread, in case we got a wakeup but decided
     * to exit due to pool->cur_threads > pool->max_threads.
     */
    qemu_cond_signal(&pool->request_cond);
+    qemu_mutex_unlock(&pool->lock);
    return NULL;
 }