Commit Graph

63212 Commits

Author SHA1 Message Date
Tiwei Bie
388a86df9c vhost: check region type before casting
Check region type first before casting the memory region
to IOMMUMemoryRegion. Otherwise QEMU will abort with below
error message when casting non-IOMMU memory region:

vhost_iommu_region_add: Object 0x561f28bce4f0 is not an
instance of type qemu:iommu-memory-region

Fixes: cb1efcf462 ("iommu: Add IOMMU index argument to notifier APIs")
Cc: Peter Maydell <peter.maydell@linaro.org>

Signed-off-by: Tiwei Bie <tiwei.bie@intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2018-08-03 11:35:21 +03:00
BALATON Zoltan
6484ab3dff sam460ex: Fix PCI interrupts with multiple devices
The four interrupts of the PCI bus are connected to the same UIC pin
on the real Sam460ex. Evidence for this can be found in the UBoot
source for the Sam460ex in the Sam460ex.c file where
PCI_INTERRUPT_LINE is written. Change the ppc440_pcix model to behave
more like this.

This fixes the problem that can be observed when adding further PCI
cards that got their interrupt rotated to other interrupts than PCI
INT A. In particular, the bug was observed with an additional OHCI PCI
card or an ES1370 sound device.

Signed-off-by: Sebastian Bauer <mail@sebastianbauer.info>
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Tested-by: Sebastian Bauer <mail@sebastianbauer.info>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-08-01 11:01:38 +10:00
Thomas Huth
1069a3c6e1 hw/misc/macio: Fix device introspection problems in macio devices
Valgrind reports an error when introspecting the macio devices, e.g.:

echo "{'execute':'qmp_capabilities'} {'execute':'device-list-properties'," \
 "'arguments':{'typename':'macio-newworld'}}" \
 "{'execute': 'human-monitor-command', " \
 "'arguments': {'command-line': 'info qtree'}}" | \
 valgrind -q ppc64-softmmu/qemu-system-ppc64 -M none,accel=qtest -qmp stdio
[...]
==30768== Invalid read of size 8
==30768==    at 0x5BC1EA: qdev_print (qdev-monitor.c:686)
==30768==    by 0x5BC1EA: qbus_print (qdev-monitor.c:719)
==30768==    by 0x43E458: handle_hmp_command (monitor.c:3446)
[...]

Use the new function sysbus_init_child_obj() to initialize the objects
here, to get the reference counting of the objects right, so that they
are cleaned up correctly when the parent gets removed.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-08-01 09:48:40 +10:00
Peter Maydell
f750236039 Update version for v3.0.0-rc3 release
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-31 19:30:17 +01:00
Peter Maydell
b890416474 Monitor patches for 2018-07-31 (3.0.0-rc3)
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJbYIRIAAoJEDhwtADrkYZTOH4P/1DNSUs7Is1Icl5nCmzQ8kOo
 zozo3u449zJxaPtg63yF1WracR2THhjrsThhpZOUvZXAtmbgCNogZNo50TlfFNfb
 hanM90eyJR0vzP3iYVsKhuwSFb6XPqcpAVMu6hcRTgWSD58ANdQUT/sOj4wtDIdL
 r9JuEVUQ/6ddul5CIP7cTfnih7W5RdMMTTYBSdUai9rRP1SoBeGDDPIvrwzG70/D
 KbGSyuyBhFyNJThzB/jf7fGBZOYNqu6lVUVH7zdy8wHA7NVaZQU/ct4jdkSZAKx0
 nz4FHwBqVg72FMWAB0rj7QfNgigg9Y0qPYUBVcjOZxHqYGs4/V0O4HJVkQWb9L7E
 oBVHlAKGPOzRbwu4086MKtnziF8HFviSBSdtb0vE7ke3vnFK38cx/SPDsMmZGc6a
 BloPl4UpLaJ/GVbbv7Cg+LS5Bt9vYDg3CtkIw23Gpo79t/Qdl89RUbHWREJmzonW
 5FpvPLIy/cnboICfrKQHSlIO4J1BDcDomKHRzbZFEcH3tHKyifx1bmC4vlD9bfJl
 6nLJIMfRa49Pvh2hzvTr3u67k9NnFH/6pvMUyRvFI/A/cODbeAul9Z1aLhKbEtBm
 QDEnW1BqJmg3/XUsaqJ0s8vz4255hthvvNvkm9DVLdQrTvD1yNEWUplVr9TUQAFR
 5fw5BKP/SefJDugzxCbk
 =0oin
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/armbru/tags/pull-monitor-2018-07-31' into staging

Monitor patches for 2018-07-31 (3.0.0-rc3)

# gpg: Signature made Tue 31 Jul 2018 16:46:16 BST
# gpg:                using RSA key 3870B400EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>"
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867  4E5F 3870 B400 EB91 8653

* remotes/armbru/tags/pull-monitor-2018-07-31:
  monitor: temporary fix for dead-lock on event recursion

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-31 18:02:11 +01:00
Marc-André Lureau
9a1054061c monitor: temporary fix for dead-lock on event recursion
With a Spice port chardev, it is possible to reenter
monitor_qapi_event_queue() (when the client disconnects for
example). This will dead-lock on monitor_lock.

Instead, use some TLS variables to check for recursion and queue the
events.

Fixes:
 (gdb) bt
 #0  0x00007fa69e7217fd in __lll_lock_wait () at /lib64/libpthread.so.0
 #1  0x00007fa69e71acf4 in pthread_mutex_lock () at /lib64/libpthread.so.0
 #2  0x0000563303567619 in qemu_mutex_lock_impl (mutex=0x563303d3e220 <monitor_lock>, file=0x5633036589a8 "/home/elmarco/src/qq/monitor.c", line=645) at /home/elmarco/src/qq/util/qemu-thread-posix.c:66
 #3  0x0000563302fa6c25 in monitor_qapi_event_queue (event=QAPI_EVENT_SPICE_DISCONNECTED, qdict=0x56330602bde0, errp=0x7ffc6ab5e728) at /home/elmarco/src/qq/monitor.c:645
 #4  0x0000563303549aca in qapi_event_send_spice_disconnected (server=0x563305afd630, client=0x563305745360, errp=0x563303d8d0f0 <error_abort>) at qapi/qapi-events-ui.c:149
 #5  0x00005633033e600f in channel_event (event=3, info=0x5633061b0050) at /home/elmarco/src/qq/ui/spice-core.c:235
 #6  0x00007fa69f6c86bb in reds_handle_channel_event (reds=<optimized out>, event=3, info=0x5633061b0050) at reds.c:316
 #7  0x00007fa69f6b193b in main_dispatcher_self_handle_channel_event (info=0x5633061b0050, event=3, self=0x563304e088c0) at main-dispatcher.c:197
 #8  0x00007fa69f6b193b in main_dispatcher_channel_event (self=0x563304e088c0, event=event@entry=3, info=0x5633061b0050) at main-dispatcher.c:197
 #9  0x00007fa69f6d0833 in red_stream_push_channel_event (s=s@entry=0x563305ad8f50, event=event@entry=3) at red-stream.c:414
 #10 0x00007fa69f6d086b in red_stream_free (s=0x563305ad8f50) at red-stream.c:388
 #11 0x00007fa69f6b7ddc in red_channel_client_finalize (object=0x563304df2360) at red-channel-client.c:347
 #12 0x00007fa6a56b7fb9 in g_object_unref () at /lib64/libgobject-2.0.so.0
 #13 0x00007fa69f6ba212 in red_channel_client_push (rcc=0x563304df2360) at red-channel-client.c:1341
 #14 0x00007fa69f68b259 in red_char_device_send_msg_to_client (client=<optimized out>, msg=0x5633059b6310, dev=0x563304e08bc0) at char-device.c:305
 #15 0x00007fa69f68b259 in red_char_device_send_msg_to_clients (msg=0x5633059b6310, dev=0x563304e08bc0) at char-device.c:305
 #16 0x00007fa69f68b259 in red_char_device_read_from_device (dev=0x563304e08bc0) at char-device.c:353
 #17 0x000056330317d01d in spice_chr_write (chr=0x563304cafe20, buf=0x563304cc50b0 "{\"timestamp\": {\"seconds\": 1532944763, \"microseconds\": 326636}, \"event\": \"SHUTDOWN\", \"data\": {\"guest\": false}}\r\n", len=111) at /home/elmarco/src/qq/chardev/spice.c:199
 #18 0x00005633034deee7 in qemu_chr_write_buffer (s=0x563304cafe20, buf=0x563304cc50b0 "{\"timestamp\": {\"seconds\": 1532944763, \"microseconds\": 326636}, \"event\": \"SHUTDOWN\", \"data\": {\"guest\": false}}\r\n", len=111, offset=0x7ffc6ab5ea70, write_all=false) at /home/elmarco/src/qq/chardev/char.c:112
 #19 0x00005633034df054 in qemu_chr_write (s=0x563304cafe20, buf=0x563304cc50b0 "{\"timestamp\": {\"seconds\": 1532944763, \"microseconds\": 326636}, \"event\": \"SHUTDOWN\", \"data\": {\"guest\": false}}\r\n", len=111, write_all=false) at /home/elmarco/src/qq/chardev/char.c:147
 #20 0x00005633034e1e13 in qemu_chr_fe_write (be=0x563304dbb800, buf=0x563304cc50b0 "{\"timestamp\": {\"seconds\": 1532944763, \"microseconds\": 326636}, \"event\": \"SHUTDOWN\", \"data\": {\"guest\": false}}\r\n", len=111) at /home/elmarco/src/qq/chardev/char-fe.c:42
 #21 0x0000563302fa6334 in monitor_flush_locked (mon=0x563304dbb800) at /home/elmarco/src/qq/monitor.c:425
 #22 0x0000563302fa6520 in monitor_puts (mon=0x563304dbb800, str=0x563305de7e9e "") at /home/elmarco/src/qq/monitor.c:468
 #23 0x0000563302fa680c in qmp_send_response (mon=0x563304dbb800, rsp=0x563304df5730) at /home/elmarco/src/qq/monitor.c:517
 #24 0x0000563302fa6905 in qmp_queue_response (mon=0x563304dbb800, rsp=0x563304df5730) at /home/elmarco/src/qq/monitor.c:538
 #25 0x0000563302fa6b5b in monitor_qapi_event_emit (event=QAPI_EVENT_SHUTDOWN, qdict=0x563304df5730) at /home/elmarco/src/qq/monitor.c:624
 #26 0x0000563302fa6c4b in monitor_qapi_event_queue (event=QAPI_EVENT_SHUTDOWN, qdict=0x563304df5730, errp=0x7ffc6ab5ed00) at /home/elmarco/src/qq/monitor.c:649
 #27 0x0000563303548cce in qapi_event_send_shutdown (guest=false, errp=0x563303d8d0f0 <error_abort>) at qapi/qapi-events-run-state.c:58
 #28 0x000056330313bcd7 in main_loop_should_exit () at /home/elmarco/src/qq/vl.c:1822
 #29 0x000056330313bde3 in main_loop () at /home/elmarco/src/qq/vl.c:1862
 #30 0x0000563303143781 in main (argc=3, argv=0x7ffc6ab5f068, envp=0x7ffc6ab5f088) at /home/elmarco/src/qq/vl.c:4644

Note that error report is now moved to the first caller, which may
receive an error for a recursed event. This is probably fine (95% of
callers use &error_abort, the rest have NULL error and ignore it)

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20180731150144.14022-1-marcandre.lureau@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
[*_no_recurse renamed to *_no_reenter, local variables reordered]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2018-07-31 17:42:57 +02:00
Peter Maydell
42e76456cf Fix safe_syscall() on ppc64 host
Fix mmap() 0 length error case
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJbYCCjAAoJEPMMOL0/L748vT0QALKCgwuf8RBXJnNe1I8TGHXr
 4YtE9fnEhbph23qaiqIg8/zEkpZVGZ8nWdGxhCXYL7Lzm/w5HWqxrICEc5aw/adj
 TWlJy52A216XLYPmGWBrTjNHkNaN+r7vulIEnfzp4eDU1b1SsunsbgHVti/PIsb7
 Mp8gsDWwxkIhgRluBnArOavvaehARoq2C6Fz/jNp1Bxc7/oEcYcjR31NbKhvZfPz
 S9zGqXVx70wFpWpu+P2F15rkeoktaOcvPluAmdLALbQW+AQa3ZSommwfWQyYI0pO
 7V1FCxGM4cTEsCfzJjsz+9X+db+qu6fhlBFTF6/ASan3jZntujdaKHEE81skJKVv
 YsGE799VjMx2QN/I9FF6hmSgfGXET2btmMjRTBzrNdnV1dcj5CCup9AtLhpmxspD
 JOhl/qDHEhPNfg312fDl9GhOi16AE8KhovpDHrzZ6VdBM0hpjKimKKamm0qMA1m7
 VPIGxI39QYm5VbxfWPBkYnsGSt85pmOv9PZhgQUAnHFyWnBNzbFqo4KqI9zUCswg
 AdRPcGUhxvNc4m59QhiKuleB1xVn2SMuiCDDjgRqVMNOGVZvGF5MXT65NjWrOb44
 k1/RDar2K7mQ0QCJlrQIdWUK0/4Q2CQnWm9vbjOrcMviVR1xhYEwl4s6qEJtX8GF
 r6HTITlxWlTcHlcF6TrI
 =JiXT
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/vivier2/tags/linux-user-for-3.0-pull-request' into staging

Fix safe_syscall() on ppc64 host
Fix mmap() 0 length error case

# gpg: Signature made Tue 31 Jul 2018 09:41:07 BST
# gpg:                using RSA key F30C38BD3F2FBE3C
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>"
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>"
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>"
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F  5173 F30C 38BD 3F2F BE3C

* remotes/vivier2/tags/linux-user-for-3.0-pull-request:
  linux-user: ppc64: don't use volatile register during safe_syscall
  tests: add check_invalid_maps to test-mmap
  linux-user/mmap.c: handle invalid len maps correctly

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-31 13:52:03 +01:00
Peter Maydell
45a505d0a4 Bug fixes.
-----BEGIN PGP SIGNATURE-----
 
 iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAlte/ecUHHBib256aW5p
 QHJlZGhhdC5jb20ACgkQv/vSX3jHroP5Egf+I5rWCZ5p3YGjP1HnSoWEoVNbeZvZ
 aXWtvYYBnL8B/nVJ11CynyZgwqHSDiCODHH29Q3Qiopu/yeEYEBc5NtsheND7cMi
 2cXXT2uxHCenMx2oRBJ7H0580n7V1xC4HRbLsNhuk5G8VL0je/pdBylNWNlyEjlj
 8K+J18IKYqSsrIpcHtnN5Y/hyvMoGTqi3dwUeTL6u8rFzulVVUo2q9G0+k9WybJD
 lK7f1gXJImTFxqAfyMIuJSRKI9PjZMwWT9pCJ4ie52l7EwL+hj0068EMziw7/AMd
 asUGd56PG9K/37h2WC/qcMdZnRHO/8EBvEMEHHmXKMEDFF2XSQXIoO4Qvw==
 =35+O
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

Bug fixes.

# gpg: Signature made Mon 30 Jul 2018 13:00:39 BST
# gpg:                using RSA key BFFBD25F78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream:
  backends/cryptodev: remove dead code
  timer: remove replay clock probe in deadline calculation
  i386: implement MSR_SMI_COUNT for TCG
  i386: do not migrate MSR_SMI_COUNT on machine types <2.12

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-31 11:14:53 +01:00
Peter Maydell
fd76fef8e5 fix large guests on s390x
-----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEEw9DWbcNiT/aowBjO3s9rk8bwL68FAltgBgoSHGNvaHVja0By
 ZWRoYXQuY29tAAoJEN7Pa5PG8C+vsw0QAIIU3dExsjKmpb4cYY+v3LaYC1FXWBAF
 3QkHvWY+bmvahMI9a9etBjVTyvAEWVNlRJxM8tYGEzqRLek4kdU054gqgmURr5A6
 bNqTMtWzXTDRsL+ejKfnY8lk9/RgpZYp0gmjR612oc7RORcDoMZJluWk8njI1wXj
 xfuECPTM3W8LCMM0B984cwCfR9CuIIIUmsEKWwyquCprvdZxsAnw7Q+23hIqPp3N
 3c8KYm7ZMYxcoSned/OIkWA3fmUSL31QXIGtKNGWcuYxfz899ORTHc3wKcSXQrhN
 R5/kpAx5DsU5AumMQ53otUCQld7fAa1WNK0EyCE/N6EB1Wn4cVek6ei33VyVWyc6
 QzWMY3iEQ+cpdAtR2GSkcWaeYUy/4df2ziA7aTk2PLQm+XXPrI6dIh+EotfVERDC
 xzTyp+ndQqKNhDJLHaANpXXQ260OlB3kYsRmgvEubA0YU8xhZZgRZ3Iv6T/1PKrC
 8HMC3iedI+R4B3JcMCeZ9dVd5Iu4cw7rvn5U/9sna2lgRMwRmoQJ7jG7YeaodUdK
 3tfixyyDf+NxRpT4+3A1rkeYyR/e0JLGEqcIWQlsPImE7FMOZXvLCGsK1Kp5Uraw
 zIenH4gYWGKEbkSiH/MUqH6+l1hNkDq5BXmqL+ZalIOezMw9c4DoWXKiWyrHMH3+
 7anSDE+4LzlM
 =7jN3
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20180731' into staging

fix large guests on s390x

# gpg: Signature made Tue 31 Jul 2018 07:47:38 BST
# gpg:                using RSA key DECF6B93C6F02FAF
# gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>"
# gpg:                 aka "Cornelia Huck <huckc@linux.vnet.ibm.com>"
# gpg:                 aka "Cornelia Huck <cornelia.huck@de.ibm.com>"
# gpg:                 aka "Cornelia Huck <cohuck@kernel.org>"
# gpg:                 aka "Cornelia Huck <cohuck@redhat.com>"
# Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0  18CE DECF 6B93 C6F0 2FAF

* remotes/cohuck/tags/s390x-20180731:
  s390x/sclp: fix maxram calculation

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-31 10:10:14 +01:00
Shivaprasad G Bhat
5d9f3ea081 linux-user: ppc64: don't use volatile register during safe_syscall
r11 is a volatile register on PPC as per calling conventions.
The safe_syscall code uses it to check if the signal_pending
is set during the safe_syscall. When a syscall is interrupted
on return from signal handling, the r11 might be corrupted
before we retry the syscall leading to a crash. The registers
r0-r13 are not to be used here as they have
volatile/designated/reserved usages.

Change the code to use r14 which is non-volatile.
Use SP+16 which is a slot for LR, for save/restore of previous value
of r14. SP+16 can be used, as LR is preserved across the syscall.

Steps to reproduce:
On PPC host, issue `qemu-x86_64 /usr/bin/cc -E -`
Attempt Ctrl-C, the issue is reproduced.

Reference:
https://refspecs.linuxfoundation.org/ELF/ppc64/PPC-elf64abi-1.9.html#REG
https://openpowerfoundation.org/wp-content/uploads/2016/03/ABI64BitOpenPOWERv1.1_16July2015_pub4.pdf

Signed-off-by: Shivaprasad G Bhat <sbhat@linux.vnet.ibm.com>
Tested-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <153301568965.30312.10498134581068746871.stgit@dhcp-9-109-246-16>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2018-07-31 09:57:43 +02:00
Alex Bennée
28cbb997d6 tests: add check_invalid_maps to test-mmap
This adds a test to make sure we fail properly for a 0 length mmap.
There are most likely other failure conditions we should also check.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Cc: umarcor <1783362@bugs.launchpad.net>
Message-Id: <20180730134321.19898-3-alex.bennee@linaro.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2018-07-31 09:57:25 +02:00
Alex Bennée
38138fab93 linux-user/mmap.c: handle invalid len maps correctly
I've slightly re-organised the check to more closely match the
sequence that the kernel uses in do_mmap(). We check for both the zero
case (EINVAL) and the overflow length case (ENOMEM).

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Cc: umarcor <1783362@bugs.launchpad.net>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20180730134321.19898-2-alex.bennee@linaro.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2018-07-31 09:57:25 +02:00
Peter Maydell
7b799ec696 Block layer patches:
- qemu-img convert -C is now required to enable copy offloading
 - file-posix: Fix write_zeroes with unmap on block devices (would fall
   back to explicit writes on recent kernels)
 - Fix query-blockstats interface for use with -blockdev
 - Minor fixes and documentation updates
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJbXyneAAoJEH8JsnLIjy/WQ8YQAKZgEMeFIp/MmYuyqCzjUKux
 lNgM6MrwSSLqDnnyHLMjXL2LLEzeLQzrY47lLAS9e2rZUQhPj7enebNr1mIGW2lk
 +qd0nQualADNEjV91WwwnGs/vvs9ApPtQNGsUhAo4B+vAD9xkKVTPGZr1lAE40l5
 3rIfmFO9DjYXmQD49bqqfEMZrcpgHLHGPCEECgdPCg08OZxm7rLm7KzEh/IYDKeB
 mdGNe1xTraYXvGLXZSCWrZUH2P6pLNVoifoWhT4AyGuw+sz9SZGTA0I2jNHIUtYQ
 4CKPtvKibPEO3RcYXLMuzzUTmmWMwyv5WJne1k7no735D0ZYsfro9E7wSNb+h8FQ
 Ragh+QgHgssx/ttDsVdnpXY15PJjgxAtxX3qcXDP8t9TYtjAiu3HrjtHDUWT+24x
 kME4zURg5Lyf2C+9JLl30SLDnLgdA7hdP+cv4Gbn2AHs+Z32suZX02adMj7iBqVZ
 YtSWxdX7TspavOjwAj4B4KMiFt+apOOu+zm3iy0Gf87x5QjdiUHKirr88rMUYrxu
 3dZwnXZi+gok4NCiHzQmJx23j/vGuUyrMR5hPKtvDfKY7znQl0vm/FfNMlbNn0i1
 hZCjiTYUVkOgvbTI5YXhvYKAFVQF0fifyMVvuWMFMC9vHdQxWS6k61XDYDpjgCup
 vXRRjhkohy/FLlM/vNVU
 =1IKa
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Block layer patches:

- qemu-img convert -C is now required to enable copy offloading
- file-posix: Fix write_zeroes with unmap on block devices (would fall
  back to explicit writes on recent kernels)
- Fix query-blockstats interface for use with -blockdev
- Minor fixes and documentation updates

# gpg: Signature made Mon 30 Jul 2018 16:08:14 BST
# gpg:                using RSA key 7F09B272C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74  56FE 7F09 B272 C88F 2FD6

* remotes/kevin/tags/for-upstream:
  qemu-iotests: Test query-blockstats with -drive and -blockdev
  block/qapi: Include anonymous BBs in query-blockstats
  block/qapi: Add 'qdev' field to query-blockstats result
  file-posix: Fix write_zeroes with unmap on block devices
  block: Fix documentation for BDRV_REQ_MAY_UNMAP
  iotests: Add test for 'qemu-img convert -C' compatibility
  qemu-img: Add -C option for convert with copy offloading
  Revert "qemu-img: Document copy offloading implications with -S and -c"
  iotests: Don't lock /dev/null in 226
  docs: Describe using images in writing iotests
  file-posix: Handle EINTR in preallocation=full write
  qcow2: A grammar fix in conflicting cache sizing error message
  qcow: fix a reference leak

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-30 19:11:57 +01:00
Peter Maydell
7aefc14565 target-arm queue:
* arm/smmuv3: Fix broken VM state migration
  * armv7m_nvic: Fix broken VM state migration
  * hw/arm/sysbus-fdt: Fix assertion in copy_properties_from_host()
  * hw/arm/iotkit: Fix IRQ number for timer1
  * hw/misc/tz-mpc: Zero the LUT on initialization, not just reset
  * target/arm: Remove duplicate 'host' entry in '-cpu ?' output
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCAAGBQJbXx2hAAoJEDwlJe0UNgzeFbgP/1Rnv6TTrxsqdINCbVIZk95G
 uV7pI2zQ/G7mdRmwk26U52mkLEB4Jk9Noqx86OKXMU8jKqOw+hzcHukjtnGb2j2t
 OYhXC2vp/6TSZAX8q0XGSkoQAdTErA7rEeXYf36y/ifGZeZQJZAR1oVikl0JRGCe
 yvRUjt0cQ7CiJVbxUbXioxSV5HvKW2YYop/F4Lb3kYMtqcCbHzuRJHaKDGa3NGZR
 JKsUrmlG3gUYjFv3mqS6vdmjU2SAj+XtnROXwQ681XTKUdi6AwFzEtyICDHlf/Gi
 9lBKbuAbv31rCvuwqnOZoxrtAO6WJih77/2eFFEByVsdCLYiFCvOcABldRhQ+zav
 8tNavUkql8VESHaP1PpAoG6nSQrkzWSB0fy/Jjqh5RxVo2vnqdqten+wJeBqsc+1
 KaOnHkNLx4WfNZbh1397tAmfb6e4dnTKs4rgbGapUfKowkocGtRFg8Ep3g2YQQc0
 G1OfIuWEfO/IBlxRDPUotZEAcA11TXSsy5LEHSu2VZdCIYW13xxt7g19ENyNUIY4
 wesGTzBUkPudh5WJc15WSF8yF4mNhafalQ9msLAJz1B+NMV7GGfLX4MQM5ffq1UJ
 33x8PEsTE1decKBGwtHh+j8kgEe9FXo/X/LOcysvgeM7UBtGXQI2qTwDpXZXxfjd
 /ZydejQM01Rym5JKJxTv
 =QNZi
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20180730' into staging

target-arm queue:
 * arm/smmuv3: Fix broken VM state migration
 * armv7m_nvic: Fix broken VM state migration
 * hw/arm/sysbus-fdt: Fix assertion in copy_properties_from_host()
 * hw/arm/iotkit: Fix IRQ number for timer1
 * hw/misc/tz-mpc: Zero the LUT on initialization, not just reset
 * target/arm: Remove duplicate 'host' entry in '-cpu ?' output

# gpg: Signature made Mon 30 Jul 2018 15:16:01 BST
# gpg:                using RSA key 3C2525ED14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>"
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>"
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20180730:
  target/arm: Remove duplicate 'host' entry in '-cpu ?' output
  hw/misc/tz-mpc: Zero the LUT on initialization, not just reset
  hw/arm/iotkit: Fix IRQ number for timer1
  armv7m_nvic: Fix m-security subsection name
  hw/arm/sysbus-fdt: Fix assertion in copy_properties_from_host()
  arm/smmuv3: Fix missing VMSD terminator

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-30 17:27:54 +01:00
Christian Borntraeger
408e5ace51 s390x/sclp: fix maxram calculation
We clamp down ram_size to match the sclp increment size. We do
not do the same for maxram_size, which means for large guests
with some sizes (e.g. -m 50000) maxram_size differs from ram_size.
This can break other code (e.g. CMMA migration) which uses maxram_size
to calculate the number of pages and then throws some errors.

Fixes: 82fab5c5b9 ("s390x/sclp: remove memory hotplug support")
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
CC: qemu-stable@nongnu.org
CC: David Hildenbrand <david@redhat.com>
Message-Id: <1532959766-53343-1-git-send-email-borntraeger@de.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-07-30 17:41:52 +02:00
Philippe Mathieu-Daudé
0261fb805c target/arm: Remove duplicate 'host' entry in '-cpu ?' output
Since 86f0a186d6 the TYPE_ARM_HOST_CPU is only compiled when CONFIG_KVM
is enabled.

Remove the now redundant special-case introduced in a96c0514ab, to avoid:

  $ qemu-system-aarch64 -machine virt -cpu \? | fgrep host
  host
  host (only available in KVM mode)

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20180727132311.2777-1-f4bug@amsat.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-30 15:07:08 +01:00
Peter Maydell
218fe5ce40 hw/misc/tz-mpc: Zero the LUT on initialization, not just reset
In the tz-mpc device we allocate a data block for the LUT,
which we then clear to zero in the device's reset method.
This is conceptually fine, but unfortunately results in a
valgrind complaint about use of uninitialized data on startup:

==30906== Conditional jump or move depends on uninitialised value(s)
==30906==    at 0x503609: tz_mpc_translate (tz-mpc.c:439)
==30906==    by 0x3F3D90: address_space_translate_iommu (exec.c:511)
==30906==    by 0x3F3FF8: flatview_do_translate (exec.c:584)
==30906==    by 0x3F4292: flatview_translate (exec.c:644)
==30906==    by 0x3F2120: address_space_translate (memory.h:1962)
==30906==    by 0x3FB753: address_space_ldl_internal (memory_ldst.inc.c:36)
==30906==    by 0x3FB8A6: address_space_ldl (memory_ldst.inc.c:80)
==30906==    by 0x619037: ldl_phys (memory_ldst_phys.inc.h:25)
==30906==    by 0x61985D: arm_cpu_reset (cpu.c:255)
==30906==    by 0x98791B: cpu_reset (cpu.c:249)
==30906==    by 0x57FFDB: armv7m_reset (armv7m.c:265)
==30906==    by 0x7B1775: qemu_devices_reset (reset.c:69)

This is because of a reset ordering problem -- the TZ MPC
resets after the CPU, but an M-profile CPU's reset function
includes memory loads to get the initial PC and SP, which
then go through an MPC that hasn't yet been reset.

The simplest fix for this is to zero the LUT when we
initialize the data, which will result in the MPC's
translate function giving the right answers for these
early memory accesses.

Reported-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Thomas Huth <thuth@redhat.com>
Message-id: 20180724153616.32352-1-peter.maydell@linaro.org
2018-07-30 14:52:15 +01:00
Peter Maydell
984b0c100f hw/arm/iotkit: Fix IRQ number for timer1
A cut-and-paste error meant we were incorrectly wiring up the timer1
IRQ to IRQ3. IRQ3 is the interrupt for timer0 -- move timer0 to
IRQ4 where it belongs.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20180727113854.20283-3-peter.maydell@linaro.org
2018-07-30 14:51:40 +01:00
Peter Maydell
942566ffc1 armv7m_nvic: Fix m-security subsection name
The vmstate save/load code insists that subsections of a VMState must
have names which include their parent VMState's name as a leading
substring.  Unfortunately it neither documents this nor checks it on
device init or state save, but instead fails state load with a
confusing error message ("Missing section footer for armv7m_nvic").

Fix the name of the m-security subsection of the NVIC, so that
state save/load works correctly for the security-enabled NVIC.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180727113854.20283-2-peter.maydell@linaro.org
2018-07-30 14:51:40 +01:00
Geert Uytterhoeven
d1fb710a9b hw/arm/sysbus-fdt: Fix assertion in copy_properties_from_host()
When copy_properties_from_host() ignores the error for an optional
property, it frees the error, but fails to reset it.

Hence if two or more optional properties are missing, an assertion is
triggered:

    util/error.c:57: error_setv: Assertion `*errp == NULL' failed.

Fis this by resetting err to NULL after ignoring the error.

Fixes: 9481cf2e5f ("hw/arm/sysbus-fdt: helpers for clock node generation")
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Message-id: 20180725113000.11014-1-geert+renesas@glider.be
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-30 14:47:32 +01:00
Dr. David Alan Gilbert
758b71f7a3 arm/smmuv3: Fix missing VMSD terminator
The 'vmstate_smmuv3_queue' is missing the end-of-list marker.

Fixes: 10a83cb988
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-id: 20180727135406.15132-1-dgilbert@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: dropped stray blank line]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-30 14:45:54 +01:00
Kevin Wolf
1239ac241f qemu-iotests: Test query-blockstats with -drive and -blockdev
Make sure that query-blockstats returns information for every
BlockBackend that is named or attached to a device model (or both).

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-30 15:35:37 +02:00
Kevin Wolf
567dcb31f2 block/qapi: Include anonymous BBs in query-blockstats
Consistent with query-block, query-blockstats should not only include
named BlockBackends, but also those that are anonymous, but belong to a
device model.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2018-07-30 15:35:37 +02:00
Kevin Wolf
5a9cb5a97f block/qapi: Add 'qdev' field to query-blockstats result
Like for query-block, the client needs to identify which BlockBackend
the returned data is for. Anonymous BlockBackends are identified by the
device model they are attached to. Add a 'qdev' field that contains the
qdev ID or QOM path of the attached device model.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2018-07-30 15:35:37 +02:00
Kevin Wolf
34fa110e42 file-posix: Fix write_zeroes with unmap on block devices
The BLKDISCARD ioctl doesn't guarantee that the discarded blocks read as
all-zero afterwards, so don't try to abuse it for zero writing. We try
to only use this if BLKDISCARDZEROES tells us that it is safe, but this
is unreliable on older kernels and a constant 0 in newer kernels. In
other words, this code path is never actually used with newer kernels,
so we don't even try to unmap while writing zeros.

This patch removes the abuse of discard for writing zeroes from
file-posix and instead adds a new function that uses interfaces that are
actually meant to deallocate and zero out at the same time. Only if
those fail, it falls back to zeroing out without unmap. We never fall
back to a discard operation any more that may or may not result in
zeros.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-30 15:35:37 +02:00
Kevin Wolf
52ebcb2682 block: Fix documentation for BDRV_REQ_MAY_UNMAP
BDRV_REQ_MAY_UNMAP in a write_zeroes request does not only allow the
driver to unmap the blocks, but it actively requests that the blocks be
unmapped afterwards if at all possible.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-30 15:35:37 +02:00
Fam Zheng
8ba4f10fa6 iotests: Add test for 'qemu-img convert -C' compatibility
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-30 15:35:37 +02:00
Fam Zheng
e11ce12f5e qemu-img: Add -C option for convert with copy offloading
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-30 15:35:37 +02:00
Fam Zheng
b85504314f Revert "qemu-img: Document copy offloading implications with -S and -c"
This reverts commit eb461485f4.

Now that we introduce an explicit option, these implicit rules are not
used.

Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-30 15:35:37 +02:00
Fam Zheng
ac49c189b4 iotests: Don't lock /dev/null in 226
On my system (Fedora 28), this script reports a 'failed to get
"consistent read" lock' error. Following docs/devel/testing.rst, it's
better to add locking=off here.

Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-30 15:35:37 +02:00
Fam Zheng
f4a1b6536f docs: Describe using images in writing iotests
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-30 15:35:37 +02:00
Fam Zheng
a1c81f4f16 file-posix: Handle EINTR in preallocation=full write
Cc: qemu-stable@nongnu.org
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-30 15:35:37 +02:00
Leonid Bloch
308999e9d4 qcow2: A grammar fix in conflicting cache sizing error message
Signed-off-by: Leonid Bloch <lbloch@janustech.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-30 15:35:37 +02:00
KONRAD Frederic
41b6513436 qcow: fix a reference leak
Since 42a3e1ab36 qemu asserts when using the
vvfat driver:

git clone git://qemu.org/qemu.git
cd qemu
./configure --target-list=ppc-softmmu --enable-debug
make -j8
mkdir foo
touch foo/hello
./ppc-softmmu/qemu-system-ppc -M prep --nographic --monitor null             \
                              -hda fat:rw:./foo

"Ctrl-C"

qemu-system-ppc: block.c:3368: bdrv_close_all: Assertion                     \
   `((&all_bdrv_states)->tqh_first == ((void *)0))' failed.

This is because we reference bs twice in qcow_co_create(..) one time in
bdrv_open_blockdev_ref(..) and in blk_insert_bs(..) but we unref it only once
in blk_unref which leads to the reference leak.

Note that I didn't tested much QCOW after this change as I don't use it much.

Signed-off-by: KONRAD Frederic <frederic.konrad@adacore.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-30 15:35:37 +02:00
Jay Zhou
cc4c77e12b backends/cryptodev: remove dead code
Fix Coverity issue 1390600.

Signed-off-by: Jay Zhou <jianjay.zhou@huawei.com>
Message-Id: <1524894864-7492-1-git-send-email-jianjay.zhou@huawei.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-07-30 14:00:11 +02:00
Pavel Dovgalyuk
e4dab9449a timer: remove replay clock probe in deadline calculation
Ciro Santilli reported that commit a5ed352596
breaks the execution replay. It happens due to the probing the clock
for the new instances of iothread.
However, this probing was made in replay mode for the timer lists that
are empty.
This patch removes clock probing in replay mode.
It is an artifact of the old version with another thread model.

Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
Message-Id: <20180725121526.12867.17866.stgit@pasha-VirtualBox>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-07-30 14:00:11 +02:00
Paolo Bonzini
1d3db6bdbb i386: implement MSR_SMI_COUNT for TCG
This is trivial, so just do it.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-07-30 14:00:11 +02:00
Paolo Bonzini
990e0be260 i386: do not migrate MSR_SMI_COUNT on machine types <2.12
MSR_SMI_COUNT started being migrated in QEMU 2.12.  Do not migrate it
on older machine types, or the subsection causes a load failure for
guests that use SMM.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-07-30 14:00:11 +02:00
Peter Maydell
6d9dd5fb9d QObject patches for 2018-07-27 (3.0.0-rc3)
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJbXBbvAAoJEDhwtADrkYZTaB4P/3Tq0rloDyKS23RA1o9682fd
 N3tOpDIS4tMsHY/mwNZ9lPLCVSScBy+w7JebB5XsWDLB57Ccj84jQKDfQT1MWAxT
 +LuhH+xQXtQalOpsmnMvHv07dJAHBjlgJoYFmlJhf0rRCnMgCvC+XzV76Z+4Wu1t
 hRCPMK2yFrP5BGPzWmJ1zVo4emCsk6UPoGp0g+6DdKBSEQkBTpk6CPoLEKounXK7
 f3v/p5oCD1eWj0nw0m3haCam1uUgRWbbmIPQB4i9H2qRHqVhDZhBFzuuTviaLh0j
 XJML+fGMLvgEJuU+ZO/o9Ye/NN6RBYrALeMJ+mshGHYjyDRSVgzB2eUPzgAK76TV
 CK37Ei2DqehIwoWiyI0Q67GCp9uSTUVSnCli+7KDj/j9vJ8Ar/XbZGRQ0ZC6rYjp
 In8qsL39xHCkgJYVIiLp8s9izVrpP2U8OEe9ZOpvBUXZy/MZHf6UYmMN4QUN4d9M
 Yju9Q7gBCXrYkRxY4pZhjbfD4njNWhaQnYqOe9QOe89/1Ne7UOE+F3wp8kxQXvb+
 ISOYAKKQUZQoGFQ9s1DxVWGnGY0hv/IcKyZIcLBX3a2l3IeOQpZpcKx1OYGR0mmO
 JnM1iEMTH9qclOfiA976pOv2l+lV1FJom+rSXClKwdvXxsToGJj4R/5mG2vcqOee
 P+cTTzYz78LCYjepKOHk
 =3ilO
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/armbru/tags/pull-qobject-2018-07-27-v2' into staging

QObject patches for 2018-07-27 (3.0.0-rc3)

# gpg: Signature made Sat 28 Jul 2018 08:10:39 BST
# gpg:                using RSA key 3870B400EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>"
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867  4E5F 3870 B400 EB91 8653

* remotes/armbru/tags/pull-qobject-2018-07-27-v2:
  qstring: Move qstring_from_substr()'s @end one to the right
  qstring: Assert size calculations don't overflow
  qstring: Fix qstring_from_substr() not to provoke int overflow

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-30 09:55:47 +01:00
Markus Armbruster
ba891d68b4 qstring: Move qstring_from_substr()'s @end one to the right
qstring_from_substr() takes the index of the substring's first and
last character.  qstring_from_substr(s, 0, SIZE_MAX) denotes an empty
substring.  Awkward.

Shift the end index one to the right.  This simplifies both
qstring_from_substr() and its callers.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20180727062204.10401-3-armbru@redhat.com>
2018-07-28 09:09:58 +02:00
Markus Armbruster
b65ab77b3a qstring: Assert size calculations don't overflow
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20180727062204.10401-2-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2018-07-28 09:09:58 +02:00
liujunjie
ad63c549ec qstring: Fix qstring_from_substr() not to provoke int overflow
qstring_from_substr() parameters @start and @end are of type int.
blkdebug_parse_filename(), blkverify_parse_filename(), nbd_parse_uri(),
and qstring_from_str() pass @end values of type size_t or ptrdiff_t.
Values exceeding INT_MAX get truncated, with possibly disastrous
results.

Such huge substrings seem unlikely, but we found one in a core dump,
where "info tlb" executed via QMP's human-monitor-command apparently
produced 35 GiB of output.

Fix by changing the parameters size_t.

Signed-off-by: liujunjie <liujunjie23@huawei.com>
Message-Id: <20180724134339.17832-1-liujunjie23@huawei.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2018-07-28 09:09:58 +02:00
Peter Maydell
18a398f6a3 Update version for v3.0.0-rc2 release
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-24 22:06:31 +01:00
Peter Maydell
8ca2838de2 Migration pull for 3.0
Fixes only
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJbV3CLAAoJEAUWMx68W/3nnbwQAIqKENVGu6iiDov2cVmboVE+
 p5dmZxOKwhzOri0gtU5CbljO96JBJPvvQ6H8bcxf7GijHpHfFbk9laENrKabSNP9
 Mbm0JnszeAy7W1w+d2Ryb2qQA/Aagyo5/W+BUtWK5PROWB3zJLjySbSeas7Grho6
 U6QCV1bs4UslMlsKXYVk17zHZVice7S6B0UCivDxe4Ms0I2KrhEi+L1Dfg6Ip88l
 Yg6JlpXS4TLDzz5uGTkYBVHRH4k2m5LgRm9xQieCT27m0e8CMIU9akRDALy0D0BK
 LfQrITPy5w2pmEyC3WhJ2O4pEXnC/WbLl8djvx6TjrQorlbptROzynHKz9tAz4GX
 5S+AaZHbXG8vxaSPq9vsGBJfBSJgbZjskImbapy1lcY9y1OorhiZYolD4tv4A7r1
 awLOsAUARUNV7eV6Q3oo5IXSNyxmYaNyEdrR8ufABB8r7nwQSzgTUfokvMhsYC6U
 r/9UwVeFW/HrqonreDkz1dCNV0qhmtnOmOaitUfskflKkSzCFWOXqTbTYIgsyAG4
 KfF2r3ouWV0wq4QT+xvCEJUgE+87zplZ8wkwYtIbdszGH1vi7+1jcnog6logLZiG
 HihH4fk/d3WkoPm3RfOIwe+XWUAWIMtNpAr+bPPYilsixoGDj4kLEQcBIMwp/A7U
 vrDLmU/9Ke77L/oHThdE
 =rfmW
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/dgilbert/tags/pull-migration-20180724a' into staging

Migration pull for 3.0

Fixes only

# gpg: Signature made Tue 24 Jul 2018 19:31:39 BST
# gpg:                using RSA key 0516331EBC5BFDE7
# gpg: Good signature from "Dr. David Alan Gilbert (RH2) <dgilbert@redhat.com>"
# Primary key fingerprint: 45F5 C71B 4A0C B7FB 977A  9FA9 0516 331E BC5B FDE7

* remotes/dgilbert/tags/pull-migration-20180724a:
  migration: fix duplicate initialization for expected_downtime and cleanup_bh
  tests: only update last_byte when at the edge
  migration: disallow recovery for release-ram
  migration: update recv bitmap only on dest vm
  audio/hda: Fix migration
  migrate: Fix cancelling state warning
  migration: fix potential overflow in multifd send

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-24 20:16:31 +01:00
Peter Maydell
debe96fdec Fix unit test compatibility with TLS 1.3
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABCAAGBQJbV1deAAoJEL6G67QVEE/ftpQQAJWkZJTNWfnsSdHirE/XBpDN
 O8t6404F1eIEi5TAEVGlA0w4SqLbic14LWhBj6MCYjpOmP3dlfUbF0oRhV35GX+o
 Q5dJp/2DVpMK58wQdElIgBVmWzFI7jllQojHBz25wCS/4RNNi7xAF3z94ge6KG5c
 KCm7LN3ZzkXZ4sFdkpxW36m1c0lVr/qc1+eWVPMMuIeKE7zalIzZFYAvhw5U6DNT
 jt6aMt5Cu9JahYabXiQZSTjf94m+PKQKiYdyCB8tKKglmmcvcBoz62mNEPXro2uS
 ljiVyj5pM1HZ9V29eik8wXoDDUz1C+20eI50mAqIBtSCHvAS7i+FercVbAUI7xQe
 y87I9muZ0NXUtHzyA3zcA5T4Mt+mOQE1Kz4GlI7y+o5Iq+4J9jXiw8otISzHq38Q
 JZyZTsb5Wc/yU2I4ioioM93udrN8ONA3lnPPrS09jfEBFafTcXP0JkuYzEjsO70g
 0QilbCohksB/SBIPCdjhJFc0CgSwr6jKve9U5a16w5ywXzFagI+MjDlAucy2usIf
 LrLgBraVF7Tj6vUjvGOgoj4wjxZp2gOVAxV26uegL8Vqf99kZaOOzs242FKua672
 /4TXObiz5g4uMWgjFuxmcigzj0EDzrkaQl5KE0NDdqggcRYl9DYS9r+SMsEWhIRy
 Yj/V0pLwKW/Ak2VlPvEd
 =fCC/
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/berrange/tags/qcrypto-next-pull-request' into staging

Fix unit test compatibility with TLS 1.3

# gpg: Signature made Tue 24 Jul 2018 17:44:14 BST
# gpg:                using RSA key BE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>"
# gpg:                 aka "Daniel P. Berrange <berrange@redhat.com>"
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E  8E3F BE86 EBB4 1510 4FDF

* remotes/berrange/tags/qcrypto-next-pull-request:
  tests: fix TLS handshake failure with TLS 1.3
  tests: use error_abort in places expecting errors
  tests: don't silence error reporting for all tests
  tests: call qcrypto_init instead of gnutls_global_init

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-24 17:51:36 +01:00
Daniel P. Berrangé
db0a8c70f2 tests: fix TLS handshake failure with TLS 1.3
When gnutls negotiates TLS 1.3 instead of 1.2, the order of messages
sent by the handshake changes. This exposed a logic bug in the test
suite which caused us to wait for the server to see handshake
completion, but not wait for the client to see completion. The result
was the client didn't receive the certificate for verification and the
test failed.

This is exposed in Fedora 29 rawhide which has just enabled TLS 1.3 in
its GNUTLS builds.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-07-24 17:36:12 +01:00
Daniel P. Berrangé
68db13183f tests: use error_abort in places expecting errors
Most of the TLS related tests are passing an in a "Error" object to
methods that are expected to fail, but then ignoring any error that is
set and instead asserting on a return value. This means that when an
error is unexpectedly raised, no information about it is printed out,
making failures hard to diagnose. Changing these tests to pass in
&error_abort will make unexpected failures print messages to stderr.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-07-24 17:35:57 +01:00
Daniel P. Berrangé
977a7204ab tests: don't silence error reporting for all tests
The test-vmstate test is a bit chatty because it triggers various
expected failure scenarios and the code in question uses error_report
instead of accepting 'Error **errp' parameters. To silence this test the
stubs for error_vprintf() were changed to send errors via
g_test_message() instead of stderr:

  commit 28017e010d
  Author: Paolo Bonzini <pbonzini@redhat.com>
  Date:   Mon Oct 24 18:31:03 2016 +0200

    tests: send error_report to test log

    Implement error_vprintf to send the output of error_report to
    the test log.  This silences test-vmstate.

    Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
    Message-Id: <1477326663-67817-3-git-send-email-pbonzini@redhat.com>

Unfortunately this change has global impact across the entire test suite
and means that when tests fail for unexpected reasons, the message is
not displayed on stderr. eg when using &error_abort in a call the test
merely prints

  Unexpected error in qcrypto_tls_session_check_certificate() at crypto/tlssession.c:280:

and the actual error message is hidden, making it impossible to diagnose
the failure. This is especially problematic in CI or build systems where
it isn't possible to easily pass the --debug-log flag to tests and
re-run with the test log visible.

This change makes the previous big hammer much more nuanced, providing a
flag in the stub error_vprintf() that can used on a per-test basis to
silence the errors. Only the test-vmstate silences errors initially.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-07-24 17:35:23 +01:00
Daniel P. Berrangé
dbddad7026 tests: call qcrypto_init instead of gnutls_global_init
Calling qcrypto_init ensures that all relevant initialization is
done. In particular this honours the debugging settings and thread
settings.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-07-24 17:33:39 +01:00
Lidong Chen
4b3fb65db9 migration: fix duplicate initialization for expected_downtime and cleanup_bh
migrate_fd_connect duplicate initialize expected_downtime and cleanup_bh.

Signed-off-by: Lidong Chen <lidongchen@tencent.com>
Message-Id: <1532434585-14732-2-git-send-email-lidongchen@tencent.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2018-07-24 17:28:57 +01:00