Current parameter was always one. We continue with that value for now
in all callers.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
---
Moved trace to socket_listen
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEeruW64tGuU1eD+m7ZX6NM6XyCfMFAl1nJjoACgkQZX6NM6Xy
CfNELw/+Jfd9wMB/cH7SRqlEJgdtyR9NtoS6AZGglgka9vdnu6zS0uyiz1iY9Ek/
qy6sP+njjsR7/54Dezg6HAK2ToqiASl11Z6385Z8Fh+KE+V15dmpEEI/FryYOlxE
Z7HPLhrixhMxJNIF+7x2+DoMrSB8y7gbuliF0sgGnkjbY4Z+pSUZr+NLyU3pqaTv
dKjpfqRi2/7YmFBc4rqL9znEzYNDSPL76i7iRTpFz9Nm5No5lz9MC434IqoBfNM0
H2m/pzGpci9Vo0yTObQL4HxRegApPHZWb3Bzq0hqiR61ElWUThrzcI1VcFJh3/Z5
WE3eFzVeZJXbmiP+zKC6MKSesshPo/8zhz2Wom2eW+bjwGQw29xJGH/qZ+VTnKi2
exyKwX4/fo/3WB5j4rMaQk+PdrDQrMvxyPsmOMiAxG8M3ImLmYT0NCva8SKzwJMV
JZG1a/wJu8dlaK2ZO25+1/JPTHzhR/tGo1mfXwXejmY4kgZ+puUeuBXHcBWh9h0j
WkwFXM1SFaOx1hj9vVOdU8ZoVxHyubrqSS9kYW8ki2DBm7Z1LJdeiLdCZXnXHVFW
3G980s8bpr2hssLf2/evMqbXQOZSt/rXqmBN/AzGbVCCeJji+YuQNeFwhMWwH0IL
510DyD1gzurTEJC51f//6XDJpxZVEHG1KiyQk0GCf9jzNYKAC1s=
=UzY/
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/cleber/tags/python-next-pull-request' into staging
Python (acceptance tests) queue, 2019-08-28
# gpg: Signature made Thu 29 Aug 2019 02:11:22 BST
# gpg: using RSA key 7ABB96EB8B46B94D5E0FE9BB657E8D33A5F209F3
# gpg: Good signature from "Cleber Rosa <crosa@redhat.com>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 7ABB 96EB 8B46 B94D 5E0F E9BB 657E 8D33 A5F2 09F3
* remotes/cleber/tags/python-next-pull-request:
VNC Acceptance test: simplify test names
Boot Linux Console Test: add a test for ppc64 + pseries
Acceptance tests: drop left over usage of "🥑 enable"
tests/requirements.txt: pin paramiko version requirement
tests.acceptance.avocado_qemu: Add support for powerpc
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The test name is composed of the class name and method name, so it
looks like there's some redundancy here that we can eliminate.
Signed-off-by: Cleber Rosa <crosa@redhat.com>
Reviewed-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20190607152223.9467-7-crosa@redhat.com>
Signed-off-by: Cleber Rosa <crosa@redhat.com>
Just like the previous tests, boots a Linux kernel on a ppc64 target
using the pseries machine.
Signed-off-by: Cleber Rosa <crosa@redhat.com>
CC: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Message-Id: <20190607152223.9467-5-crosa@redhat.com>
Signed-off-by: Cleber Rosa <crosa@redhat.com>
Commit 9531d26c10 removed all of "🥑 enable" tags, but then
a new entry was added with the introduction of migration.py.
Let's remove it for consistency.
Signed-off-by: Cleber Rosa <crosa@redhat.com>
Reviewed-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20190607152223.9467-4-crosa@redhat.com>
Signed-off-by: Cleber Rosa <crosa@redhat.com>
It's a good practice (I'd really say a must) to pin as much as
possible of the software versions used during test, so let's apply
that to paramiko.
According to https://pypi.org/project/paramiko/, 2.4.2 is the latest
released version. It's also easily obtainable on systems such as
Fedora 30.
Signed-off-by: Cleber Rosa <crosa@redhat.com>
Reviewed-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20190607152223.9467-3-crosa@redhat.com>
Signed-off-by: Cleber Rosa <crosa@redhat.com>
Current acceptance test will not run properly in powerpc
environment due qemu target is different from arch, this
usually matches, except with bi-endian architectures like ppc64.
uname would return `ppc64` or `ppc64le` based `big` or `little`
endian but qemu `target` is always `ppc64`. Let's handle it.
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Satheesh Rajendran <sathnaga@linux.vnet.ibm.com>
Message-Id: <20190819082820.14817-1-sathnaga@linux.vnet.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Cleber Rosa <crosa@redhat.com>
Unfortunately, changes introduced in af2041ed2d "audio: audiodev=
parameters no longer optional when -audiodev present" breaks backward
compatibility. This patch changes the error into a deprecation warning.
Signed-off-by: Kővágó, Zoltán <DirtY.iCE.hu@gmail.com>
Message-id: 02d4328c33455742d01e0b62395013e95293c3ba.1566847960.git.DirtY.iCE.hu@gmail.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The code used sizeof(AudiodevAlsaPerDirectionOptions) instead of the
appropriate per direction options for the audio backend. If the size of
the actual audiodev's per direction options are larger than alsa's, it
could cause a buffer overflow.
However, alsa has three fields in per direction options: a string, an
uint32 and a bool. Oss has the same fields, coreaudio has a single
uint32, paaudio has a string and an uint32, all other backends only use
the common options, so currently no per direction options struct should
be larger than alsa's.
Signed-off-by: Kővágó, Zoltán <DirtY.iCE.hu@gmail.com>
Message-Id: <7808bc816ba7da8b8de8a214713444d85f7af3c6.1566847960.git.DirtY.iCE.hu@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The current approach to capture the Python version is fragile, as it
was demonstrated by a very specific build of Python 3 on Fedora 29
that, under non-interactive shells would print multiline version
information.
The (badly) stripped version output would be sent to config-host.mak,
producing bad syntax and rendering the makefiles unusable. Now, the
Python versions is printed by configure, but only a simple (and better
controlled variable) indicating whether the build system is using
Python 2 is kept on config-host.mak.
Signed-off-by: Cleber Rosa <crosa@redhat.com>
Message-Id: <20190826155832.17427-1-crosa@redhat.com>
Reviewed-by: Tony Nguyen <tony.nguyen@bt.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
In commit f6e501a28e, Eduardo started to use "check_" as a
prefix for methods of similar purpose. Follow this prior art,
since it might become the conventions when writting Avocado
tests.
Suggested-by: Cleber Rosa <crosa@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20190607174953.22342-1-philmd@redhat.com>
Reviewed-by: Aleksandar Markovic <amarkovic@wavecomp.com>
Reviewed-by: Cleber Rosa <crosa@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
This reverts commit 45db1ac157 ("modules-test: ui-spice-app is not
built as module") and fixes commit d8aec9d9f1 ("display: add -display
spice-app launching a Spice client").
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-id: 20190827140241.20818-1-marcandre.lureau@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Most tracing backends are implemented within QEMU, except the
DTrace/SystemTap backends.
One side effect is when running 'qemu -trace help', an incomplete
list of trace events is displayed when using the DTrace/SystemTap
backends.
This is partly due to trace events registered as modules with
trace_init(), and since the events are not used within QEMU,
the linker optimize and remove the unused modules (which is
OK in this particular case).
Currently only the events compiled in trace-root.o and in the
last trace.o member of libqemuutil.a are linked, resulting in
an incomplete list of events.
To avoid confusion, improve the help message, recommending to
use the proper systemtap script to display the events list.
Before:
$ lm32-softmmu/qemu-system-lm32 -trace help 2>&1 | wc -l
70
After:
$ lm32-softmmu/qemu-system-lm32 -trace help
Run 'qemu-trace-stap list qemu-system-lm32' to print a list
of names of trace points with the DTrace/SystemTap backends.
$ qemu-trace-stap list qemu-system-lm32 | wc -l
1136
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190823142203.5210-1-philmd@redhat.com
Message-Id: <20190823142203.5210-1-philmd@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Implement and use new interface to get rid of hd_qiov.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20190604161514.262241-13-vsementsov@virtuozzo.com
Message-Id: <20190604161514.262241-13-vsementsov@virtuozzo.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Implement and use new interface to get rid of hd_qiov.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20190604161514.262241-12-vsementsov@virtuozzo.com
Message-Id: <20190604161514.262241-12-vsementsov@virtuozzo.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Use buffer based io in encrypted case.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20190604161514.262241-11-vsementsov@virtuozzo.com
Message-Id: <20190604161514.262241-11-vsementsov@virtuozzo.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Introduce extended variants of bdrv_co_preadv and bdrv_co_pwritev
with qiov_offset parameter.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20190604161514.262241-10-vsementsov@virtuozzo.com
Message-Id: <20190604161514.262241-10-vsementsov@virtuozzo.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Use and support new API in bdrv_aligned_pwritev.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20190604161514.262241-9-vsementsov@virtuozzo.com
Message-Id: <20190604161514.262241-9-vsementsov@virtuozzo.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Use and support new API in bdrv_co_do_copy_on_readv.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20190604161514.262241-8-vsementsov@virtuozzo.com
Message-Id: <20190604161514.262241-8-vsementsov@virtuozzo.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Allocate bounce_buffer only if it is really needed. Also, sub-optimize
allocation size (why not?).
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20190604161514.262241-7-vsementsov@virtuozzo.com
Message-Id: <20190604161514.262241-7-vsementsov@virtuozzo.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Use and support new API in bdrv_co_do_copy_on_readv. Note that in case
of allocated-in-top we need to shrink read size to MIN(..) by hand, as
pre-patch this was actually done implicitly by qemu_iovec_concat (and
we used local_qiov.size).
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20190604161514.262241-6-vsementsov@virtuozzo.com
Message-Id: <20190604161514.262241-6-vsementsov@virtuozzo.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Add handlers supporting qiov_offset parameter:
bdrv_co_preadv_part
bdrv_co_pwritev_part
bdrv_co_pwritev_compressed_part
This is used to reduce need of defining local_qiovs and hd_qiovs in all
corners of block layer code. The following patches will increase usage
of this new API part by part.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20190604161514.262241-5-vsementsov@virtuozzo.com
Message-Id: <20190604161514.262241-5-vsementsov@virtuozzo.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
We have similar padding code in bdrv_co_pwritev,
bdrv_co_do_pwrite_zeroes and bdrv_co_preadv. Let's combine and unify
it.
[Squashed in Vladimir's qemu-iotests 077 fix
--Stefan]
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20190604161514.262241-4-vsementsov@virtuozzo.com
Message-Id: <20190604161514.262241-4-vsementsov@virtuozzo.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
We'll need to check a part of qiov soon, so implement it now.
Optimization with align down to 4 * sizeof(long) is dropped due to:
1. It is strange: it aligns length of the buffer, but where is a
guarantee that buffer pointer is aligned itself?
2. buffer_is_zero() is a better place for optimizations and it has
them.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20190604161514.262241-3-vsementsov@virtuozzo.com
Message-Id: <20190604161514.262241-3-vsementsov@virtuozzo.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Introduce new initialization API, to create requests with padding. Will
be used in the following patch. New API uses qemu_iovec_init_buf if
resulting io vector has only one element, to avoid extra allocations.
So, we need to update qemu_iovec_destroy to support destroying such
QIOVs.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20190604161514.262241-2-vsementsov@virtuozzo.com
Message-Id: <20190604161514.262241-2-vsementsov@virtuozzo.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
When QEMU receives a xenstore watch event suggesting that the "state"
of the frontend changed, it records this in its own state but it also
re-write the value back into xenstore even so there were no change.
This triggers an unnecessary xenstore watch event which QEMU will
process again (and maybe the frontend as well). Also QEMU could
potentially write an already old value.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Reviewed-by: Paul Durrant <paul.durrant@citrix.com>
Message-Id: <20190823101534.465-3-anthony.perard@citrix.com>
When a frontend wants to reset its state and the backend one, it
starts with setting "Closing", then waits for the backend (QEMU) to do
the same.
But when QEMU is setting "Closing" to its state, it triggers an event
(xenstore watch) that re-execute xen_device_backend_changed() and set
the backend state to "Closed". QEMU should wait for the frontend to
set "Closed" before doing the same.
Before setting "Closed" to the backend_state, we are also going to
check if there is a frontend. If that the case, when the backend state
is set to "Closing" the frontend should react and sets its state to
"Closing" then "Closed". The backend should wait for that to happen.
Fixes: b6af8926fb
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Reviewed-by: Paul Durrant <paul.durrant@citrix.com>
Message-Id: <20190823101534.465-2-anthony.perard@citrix.com>
Device model is supposed to destroy IOREQ server for itself.
Signed-off-by: Igor Druzhinin <igor.druzhinin@citrix.com>
Acked-by: Paul Durrant <paul.durrant@citrix.com>
Message-Id: <1564428563-1006-1-git-send-email-igor.druzhinin@citrix.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
The xen_[rw]?mb() macros defined in ring.h can't be used and the fact
that there are gated behind __XEN_INTERFACE_VERSION__ means that it
needs to be defined somewhere. QEMU doesn't implement interfaces with
the Xen hypervisor so defining __XEN_INTERFACE_VERSION__ is pointless.
This leads to:
include/hw/xen/io/ring.h:47:5: error: "__XEN_INTERFACE_VERSION__"
is not defined, evaluates to 0 [-Werror=undef]
Cleanup ring.h. The xen_*mb() macros are already defined in xenctrl.h
which is included in xen_common.h.
Reported-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20190704153605.4140-1-anthony.perard@citrix.com>
[aperard: Adding the comment proposed upstream]
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Commit e41c945297 ("target/alpha: Convert to CPUClass::tlb_fill")
slightly changed the way the trap_arg2 value is computed in case of TLB
fill. The type of the variable used in the ternary operator has been
changed from an int to an enum. This causes the -1 value to not be
sign-extended to 64-bit in case of an instruction fetch. The trap_arg2
ends up with 0xffffffff instead of 0xffffffffffffffff. Fix that by
changing the -1 into -1LL.
This fixes the execution of user space processes in qemu-system-alpha.
Fixes: e41c945297
Cc: qemu-stable@nongnu.org
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
[rth: Test MMU_DATA_LOAD and MMU_DATA_STORE instead of implying them.]
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
$(call land, $(CONFIG_SPICE), $(CONFIG_GIO)) will never return "m" so
ui-spice-app is always linked into QEMU.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Miroslav Rezanina <mrezanin@redhat.com>
Message-id: 1566495734-23297-2-git-send-email-pbonzini@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Add a missing cast; this fixes a build failure with --enable-modules.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Miroslav Rezanina <mrezanin@redhat.com>
Message-id: 1566495734-23297-1-git-send-email-pbonzini@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* Bump minium glib2 version to 2.48
* Convert much of the crypto code to use automatic memory free functions
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEE2vOm/bJrYpEtDo4/vobrtBUQT98FAl1ec88ACgkQvobrtBUQ
T99J+Q//VLUBXqVEqPCc9IrcV12s9dlSTh8moIe+SEXuKHQc7STczbF0aoOnsoH3
FmgYxibhjSC/m4OQxfuwk/F9x58mXgUgsIZGfqF0rW143xVgA0XZL9ZYL/igZFYC
k4yQ7LvmPTicoL2IzctlgkwfpjX/2YIsBZr0sRRzutrILCeXzaY2ZTPkTPAzzCmE
yssIkNpBfq/rZAqFGNNOQs+5Jv22e5hNYFkuIOMAM6VtZD1AEU7j0SlQ6MxL5Uo1
GxwdBDMXLnUK94ZcYjH0m/5VqsIAkOb+dg51ZCiB2Ly8TV3hZhBJxioqWca+W324
7IfwERYGBfCUFRdx08ff5IMxo7fsIt8f9K2qYscBZPlGetOjPeJVn+HRmSs1NY96
KnToAp53XBh7JTaTnpC3jGuUEQtQ3oqxSkjVUJttECzuS5g/RAFYYA8IPS3JaXiy
m9VqDembXNTtLvdI4yEqYfCnjGwayDfpbM5UOoaXDreO1jBi7DjzY46KPEqWjqys
CUXovltZSuh1x03sodqyq14hwD1f/utVlkUaBZhcZXnE1EQVm42a5pWuHhuVgYd4
2k1tcxhy3agLcoWSSKDkeRwMQp1ShhiiSZXtumP8DAuJT1NwdaKDRlpadcirs/po
Zf1zo7gLU/n2y3KFxkafL/AaoKF78X94+8Bo/gyoN4bnr+Db0OY=
=adkl
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/berrange/tags/autofree-pull-request' into staging
require newer glib2 to enable autofree'ing of stack variables exiting scope
* Bump minium glib2 version to 2.48
* Convert much of the crypto code to use automatic memory free functions
# gpg: Signature made Thu 22 Aug 2019 11:51:59 BST
# gpg: using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full]
# gpg: aka "Daniel P. Berrange <berrange@redhat.com>" [full]
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF
* remotes/berrange/tags/autofree-pull-request:
crypto: use auto cleanup for many stack variables
crypto: define cleanup functions for use with g_autoptr
glib: bump min required glib library version to 2.48
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Of the 3 virtqueues, seabios only sets cmd, leaving ctrl
and event without a physical address. This can cause
vhost_verify_ring_part_mapping to return ENOMEM, causing
the following logs:
qemu-system-x86_64: Unable to map available ring for ring 0
qemu-system-x86_64: Verify ring failure on region 0
The qemu commit e6cc11d64f
has already resolved the issue for vhost scsi devices but
the fix was never applied to vhost-user scsi devices.
Signed-off-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1560299717-177734-1-git-send-email-raphael.norwitz@nutanix.com
Message-Id: <1560299717-177734-1-git-send-email-raphael.norwitz@nutanix.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The tests/test-bdrv-drain /bdrv-drain/iothread/drain test case does the
following:
1. The preadv coroutine calls aio_bh_schedule_oneshot() and then yields.
2. The one-shot BH executes in another AioContext. All it does is call
aio_co_wakeup(preadv_co).
3. The preadv coroutine is re-entered and returns.
There is a race condition in aio_co_wake() where the preadv coroutine
returns and the test case destroys the preadv IOThread. aio_co_wake()
can still be running in the other AioContext and it performs an access
to the freed IOThread AioContext.
Here is the race in aio_co_schedule():
QSLIST_INSERT_HEAD_ATOMIC(&ctx->scheduled_coroutines,
co, co_scheduled_next);
<-- race: co may execute before we invoke qemu_bh_schedule()!
qemu_bh_schedule(ctx->co_schedule_bh);
So if co causes ctx to be freed then we're in trouble. Fix this problem
by holding a reference to ctx.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 20190723190623.21537-1-stefanha@redhat.com
Message-Id: <20190723190623.21537-1-stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
