Commit Graph

58635 Commits

Author SHA1 Message Date
Klim Kireev
a8aa6197a2 chardev/char-socket: add POLLHUP handler
The following behavior was observed for QEMU configured by libvirt
to use guest agent as usual for the guests without virtio-serial
driver (Windows or the guest remaining in BIOS stage).

In QEMU on first connect to listen character device socket
the listen socket is removed from poll just after the accept().
virtio_serial_guest_ready() returns 0 and the descriptor
of the connected Unix socket is removed from poll and it will
not be present in poll() until the guest will initialize the driver
and change the state of the serial to "guest connected".

In libvirt connect() to guest agent is performed on restart and
is run under VM state lock. Connect() is blocking and can
wait forever.
In this case libvirt can not perform ANY operation on that VM.

The bug can be easily reproduced this way:

Terminal 1:
qemu-system-x86_64 -m 512 -device pci-serial,chardev=serial1 -chardev socket,id=serial1,path=/tmp/console.sock,server,nowait
(virtio-serial and isa-serial also fit)

Terminal 2:
minicom -D unix\#/tmp/console.sock
(type something and press enter)
C-a x (to exit)

Do 3 times:
minicom -D unix\#/tmp/console.sock
C-a x

It needs 4 connections, because the first one is accepted by QEMU, then two are queued by
the kernel, and the 4th blocks.

The problem is that QEMU doesn't add a read watcher after succesful read
until the guest device wants to acquire recieved data, so
I propose to install a separate pullhup watcher regardless of
whether the device waits for data or not.

Signed-off-by: Klim Kireev <klim.kireev@virtuozzo.com>
Message-Id: <20180125135129.9305-1-klim.kireev@virtuozzo.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-07 14:09:24 +01:00
Peter Xu
d25836cafd memory: do explicit cleanup when remove listeners
When unregister memory listeners, we should call, e.g.,
region_del() (and possibly other undo operations) on every existing
memory region sections there, otherwise we may leak resources that are
held during the region_add(). This patch undo the stuff for the
listeners, which emulates the case when the address space is set from
current to an empty state.

I found this problem when debugging a refcount leak issue that leads to
a device unplug event lost (please see the "Bug:" line below).  In that
case, the leakage of resource is the PCI BAR memory region refcount.
And since memory regions are not keeping their own refcount but onto
their owners, so the vfio-pci device's (who is the owner of the PCI BAR
memory regions) refcount is leaked, and event missing.

We had encountered similar issues before and fixed in other
way (ee4c112846, "vhost: Release memory references on cleanup"). This
patch can be seen as a more high-level fix of similar problems that are
caused by the resource leaks from memory listeners. So now we can remove
the explicit unref of memory regions since that'll be done altogether
during unregistering of listeners now.

Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1531393
Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <20180122060244.29368-5-peterx@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-07 14:09:24 +01:00
Peter Xu
369686267a vfio: listener unregister before unset container
After next patch, listener unregister will need the container to be
alive.  Let's move this unregister phase to be before unset container,
since that operation will free the backend container in kernel,
otherwise we'll get these after next patch:

qemu-system-x86_64: VFIO_UNMAP_DMA: -22
qemu-system-x86_64: vfio_dma_unmap(0x559bf53a4590, 0x0, 0xa0000) = -22 (Invalid argument)

Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <20180122060244.29368-4-peterx@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Acked-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-07 14:09:24 +01:00
Peter Xu
0bbe435410 arm: postpone device listener unregister
It's a preparation for follow-up patch to call region_del() in
memory_listener_unregister(), otherwise all device addr attached with
kvm_devices_head will be reset before calling kvm_arm_set_device_addr.

Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <20180122060244.29368-3-peterx@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-07 14:09:24 +01:00
Peter Xu
0750b06021 vhost: add traces for memory listeners
Trace these operations on two memory listeners.  It helps to verify the
new memory listener fix, and good to keep them there.

Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <20180122060244.29368-2-peterx@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-07 14:09:24 +01:00
Marc-André Lureau
d83414e1fd ucontext: annotate coroutine stack for ASAN
It helps ASAN to detect more leaks on coroutine stacks, and to get rid
of some extra warnings.

Before:

tests/test-coroutine -p
/basic/lifecycle
/basic/lifecycle: ==20781==WARNING: ASan doesn't fully support
makecontext/swapcontext functions and may produce false positives in
some cases!
==20781==WARNING: ASan is ignoring requested __asan_handle_no_return:
stack top: 0x7ffcb184d000; bottom 0x7ff6c4cfd000; size: 0x0005ecb50000
(25446121472)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
OK

After:

tests/test-coroutine -p /basic/lifecycle
/basic/lifecycle: ==21110==WARNING: ASan doesn't fully support
makecontext/swapcontext functions and may produce false positives in
some cases!
OK

A similar work would need to be done for sigaltstack & windows fibers
to have similar coverage. Since ucontext is preferred, I didn't bother
checking the other coroutine implementations for now.

Update travis to fix the build with ASAN annotations.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20180116151152.4040-4-marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-07 14:09:24 +01:00
Marc-André Lureau
247724cb30 build-sys: add --enable-sanitizers
Typical slowdown introduced by AddressSanitizer is 2x.
UBSan shouldn't have much impact on runtime cost.

Enable it by default when --enable-debug, unless --disable-sanitizers.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20180116151152.4040-3-marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-07 14:09:20 +01:00
Marc-André Lureau
6c549dc141 exynos4210: workaround UBSAN compilation error
gcc 5.4.0-6ubuntu1~16.04.5 build with UBSAN enabled error:

  CC      hw/display/exynos4210_fimd.o
/home/petmay01/linaro/qemu-for-merges/hw/display/exynos4210_fimd.c: In
function ‘fimd_get_buffer_id’:
/home/petmay01/linaro/qemu-for-merges/hw/display/exynos4210_fimd.c:1105:5:
error: case label does not reduce to an integer constant
     case FIMD_WINCON_BUF2_STAT:

Because FIMD_WINCON_BUF2_STAT case contains an integer
overflow, use U suffix to get the unsigned type.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20180116151152.4040-2-marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-05 18:09:45 +01:00
Daniel P. Berrange
3e32370a96 sockets: fix parsing of ipv4/ipv6 opts in parse_socket_addr
The inet_parse() function looks for 'ipv4' and 'ipv6' flags, but only
treats them as bare bool flags. The normal QemuOpts parsing would allow
on/off values to be set too.

This updates inet_parse() so that its handling of the 'ipv4' and 'ipv6'
flags matches that done by QemuOpts.

This impacts the NBD block driver parsing the legacy filename syntax and
the migration code parsing the socket scheme.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <20180125171412.21627-1-berrange@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-05 18:09:45 +01:00
Peter Maydell
b1cef6d02f Drop remaining bits of ia64 host support
We dropped support for ia64 host CPUs in the 2.11 release (removing
the TCG backend for it, and advertising the support as being
completely removed in the changelog).  However there are a few bits
and pieces of code still floating about.  Remove those, too.

We can drop the check in configure for "ia64 or hppa host?"
entirely, because we don't support hppa hosts either any more.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <1516897189-11035-1-git-send-email-peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-05 18:09:45 +01:00
Paolo Bonzini
4d98a8e5ec hvf: ept_emulation_fault() needs NetApp BSD attribution
Add the BSD license there.

Reported-by: Izik Eidus <izik@veertu.com>
Message-Id: <20180123123639.35255-3-izik@veertu.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-05 18:09:45 +01:00
Izik Eidus
d781e24d05 Add missing hvdos public domain attribution:
hvf.c and vmx.h contain code from hvdos.c that is released as public domain:

from hvdos github: https://github.com/mist64/hvdos

"License

See LICENSE.txt (2-clause-BSD).

In order to simplify use of this code as a template, you can consider any parts from "hvdos.c" and "interface.h" as being in the public domain."

Signed-off-by: Izik Eidus <izik@veertu.com>
Message-Id: <20180123123639.35255-2-izik@veertu.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-05 18:09:45 +01:00
Thomas Huth
50876ead08 i2c: Add a CONFIG_I2C master switch to the configuration files
The i2c core and the at24c EEPROM should only be compiled and linked
on the machines that support i2c. Otherwise it's quite strange to see
the at24c-eeprom to be "available" on qemu-system-s390x for example.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <1516634853-15883-1-git-send-email-thuth@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-05 18:09:45 +01:00
Peter Maydell
9d70618c68 memory-internal.h: Remove obsolete claim that header is obsolete
The memory-internal.h header claims that it is for "obsolete
exec.c functions" which "will be removed soon". This statement
was added in 2011, six years ago, but the header is still here.
(Admittedly none of the prototypes added in commit 67d95c153b
are still in the header.)

It's convenient to have a place to put prototypes for functions
which are used internally to the various .c files of the memory
system or by the accel/tcg code, which is inevitably fairly
closely coupled. So keep the header but update the comments to
reflect what we're actually using it for.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <1511276888-17834-1-git-send-email-peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-05 18:09:45 +01:00
Greg Kurz
b90d80a73e scripts/qemu-gdb/timers.py: define encoding in header comment
This is required otherwise python complains because of the
accentuated letter in Alex's last name:

Traceback (most recent call last):
  File "scripts/qemu-gdb.py", line 29, in <module>
    from qemugdb import aio, mtree, coroutine, tcg, timers
  File "scripts/qemugdb/timers.py", line 1
SyntaxError: Non-ASCII character '\xc3' in file scripts/qemugdb/timers.py
 on line 1, but no encoding declared;
 see http://www.python.org/peps/pep-0263.html for details

Signed-off-by: Greg Kurz <groug@kaod.org>
Message-Id: <151629549711.18276.15497684562308683805.stgit@bahia.lan>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-05 13:54:39 +01:00
Greg Kurz
4183e2ea6d readline: don't free completions in readline_free()
Since commit e5dc1a6c6c, QEMU aborts on exit if completion was used
in the monitor:

*** Error in `obj/ppc64-softmmu/qemu-system-ppc64': double free or
 corruption (fasttop): 0x00000100331069d0 ***

 /home/greg/Work/qemu/qemu-spapr/util/readline.c:514
 /home/greg/Work/qemu/qemu-spapr/monitor.c:586
 /home/greg/Work/qemu/qemu-spapr/monitor.c:4125
 argv=<optimized out>, envp=<optimized out>) at
 /home/greg/Work/qemu/qemu-spapr/vl.c:4795

Completion strings are not persistent accross completions (why would
they?). They are allocated under readline_completion(), which already
takes care of freeing them before returning.

Maybe all completion related bits should be moved out of ReadLineState
to a dedicated structure ?

In the meantime, let's drop the offending lines from readline_free()
to fix the crash.

Signed-off-by: Greg Kurz <groug@kaod.org>
Message-Id: <151627206353.4505.4602428849861610759.stgit@bahia.lan>
Fixes: e5dc1a6c6c
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-05 13:54:39 +01:00
Peter Xu
4e4b57342e chardev: fix incorrect unref of source
glib reported error when pty chardev used:

$ ./qemu-system-x86_64 -chardev pty,id=foo -device isa-serial,chardev=foo
qemu-system-x86_64: -chardev pty,id=foo: char device redirected to /dev/pts/2 (label foo)
(qemu-system-x86_64:27885): GLib-CRITICAL **: g_source_unref: assertion 'source != NULL' failed
(qemu-system-x86_64:27885): GLib-CRITICAL **: g_source_unref: assertion 'source != NULL' failed

This patch fixes that.

Fixes: 2c716ba150 ("chardev: introduce qemu_chr_timeout_add_ms()")
CC: Paolo Bonzini <pbonzini@redhat.com>
Reported-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <20180118052049.31119-1-peterx@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-05 13:54:39 +01:00
Fam Zheng
c6caae553c scsi-generic: Simplify error handling code
Coverity doesn't like the ignored return value introduced in
9d3b155186 (hw/block: Fix the return type), and other callers are
converted already in ceff3e1f01.

This one was added lately in d9bcd6f7f2 and missed the train. Do it
now.

Signed-off-by: Fam Zheng <famz@redhat.com>
Message-Id: <20180118025245.13042-1-famz@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-05 13:54:39 +01:00
linzhecheng
0b15209571 memory: set ioeventfd_update_pending after address_space_update_ioeventfds
We should set ioeventfd_update_pending same as memory_region_update_pending.

Signed-off-by: linzhecheng <linzc@zju.edu.cn>
Message-Id: <1515934519-16158-1-git-send-email-linzc@zju.edu.cn>
Cc: qemu-stable@nongnu.org
Fixes: ade9c1aac5
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-05 13:54:38 +01:00
Marcelo Tosatti
e85687ffe2 qemu: improve hugepage allocation failure message
Improve hugepage allocation failure message, indicating
what is happening to the user.

Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>

Message-Id: <20180115201700.GA4439@amt.cnet>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-05 13:54:38 +01:00
Alexey Kardashevskiy
fe29141bee kvm: Add kvm_set_user_memory tracepoint
This adds a tracepoint to trace the KVM_SET_USER_MEMORY_REGION ioctl
parameters which is quite useful for debugging VFIO memory regions
being actually registered with KVM.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Message-Id: <20171215052326.21386-1-aik@ozlabs.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-05 13:54:38 +01:00
Philippe Mathieu-Daudé
bf85388169 qdev: use device_class_set_parent_realize/unrealize/reset()
changes generated using the following Coccinelle patch:

  @@
  type DeviceParentClass;
  DeviceParentClass *pc;
  DeviceClass *dc;
  identifier parent_fn;
  identifier child_fn;
  @@
  (
  +device_class_set_parent_realize(dc, child_fn, &pc->parent_fn);
  -pc->parent_fn = dc->realize;
  ...
  -dc->realize = child_fn;
  |
  +device_class_set_parent_unrealize(dc, child_fn, &pc->parent_fn);
  -pc->parent_fn = dc->unrealize;
  ...
  -dc->unrealize = child_fn;
  |
  +device_class_set_parent_reset(dc, child_fn, &pc->parent_fn);
  -pc->parent_fn = dc->reset;
  ...
  -dc->reset = child_fn;
  )

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20180114020412.26160-4-f4bug@amsat.org>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
Acked-by: David Gibson <david@gibson.dropbear.id.au>
Acked-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-05 13:54:38 +01:00
Philippe Mathieu-Daudé
46795cf2e2 qdev: add helpers to be more explicit when using abstract QOM parent functions
QOM API learning curve is quite hard, in particular when devices inherit from
abstract parent.
To be more explicit about when a device class change the parent hooks, add few
helpers hoping a device class_init() will be easier to understand.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20180114020412.26160-3-f4bug@amsat.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-05 13:54:38 +01:00
Philippe Mathieu-Daudé
b850f664a1 qdev: rename typedef qdev_resetfn() -> DeviceReset()
following the DeviceRealize and DeviceUnrealize typedefs,
this unify a bit the new QOM API.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20180114020412.26160-2-f4bug@amsat.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-05 13:54:38 +01:00
Jay Zhou
57914ecb06 memory: update comments and fix some typos
Signed-off-by: Jay Zhou <jianjay.zhou@huawei.com>
Message-Id: <1515043788-38300-1-git-send-email-jianjay.zhou@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-05 13:54:38 +01:00
Peter Maydell
f24ee107a0 ui: use QIONetListener in vnc, bugfixes for sdl1 and vnc.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJadBCQAAoJEEy22O7T6HE4fhoP/1gDeO2yfC2fPXlH5Ph2/jIG
 +/jW8bBS6LJPCN6H95GajYv9MoLq5shpQTJBgccxzp5dhs2XyFgQr6LTLKVt/oRH
 Ymbok0xXcOKILkMqSH+hCmA36R/ptaZUtdsV/0eLy9Ra91RBuPZGz80e1iAK4DPp
 hGinhYhGNHCF4Gd2ElfmWHVnkCExPXjBqGTSQT8gXRrruGSRxr8BtD9gtTqp532J
 Bzxqe74ZkW/gRZTRotbLy3DnW7HhkwBi5FWnjWB1Yj24SGe/N8ecZpM0h2f9jRET
 1WEji1Qm3Twg4O2M9CJbpFm46QQl6aYGuoNYm19Y748xSi2nDnclNiomfgtGQ5Cd
 hLjDyeANnlyIFbXHf5GhugYIB3Vp+AJm9yCQwWy1MpfeNmmDtPah0GB1mRNOCxUu
 8EFJNUDLeLDGfv1ON3XuVwdcUfhNLtL32uMq0eJbbsxa+iMLtqYx7gLjhN7ze3hp
 dqe0KuArLqNad94I27RWAAHWz6+Hl8aPX9pztkrt5ASRUHdL60VCyJzeSS0VoZ/4
 RLpyiJ2eWVKngCvnNXDmTUifQwJsPupcYJ8h8aFWRP187UkCYd5F4mCfQV1Q/Dyp
 nhXfqwH6NFXgwWjd+JncWoSxwRl0XY2B3mb1kPmNFeDfnG82ZDBp9zmDem4imya5
 IG/r5OH6u1ZlYbcsGQG6
 =uRH4
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/ui-20180202-pull-request' into staging

ui: use QIONetListener in vnc, bugfixes for sdl1 and vnc.

# gpg: Signature made Fri 02 Feb 2018 07:17:36 GMT
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/ui-20180202-pull-request:
  ui: correctly advance output buffer when writing SASL data
  ui: convert VNC server to QIONetListener
  ui: fix mixup between qnum and qcode in SDL1 key handling

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-02-02 18:54:11 +00:00
Peter Maydell
fb2516ef94 virtio-gpu: disallow vIOMMU
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJadCH4AAoJEEy22O7T6HE4BL0P/i7dew95tTYJLobhXv/ThYGM
 omouEZA55K7nrQuLHi9vAbAVw7bRQZrxOdOnRjdqFsp/pTKK57gOJ9YE/P50BGh0
 ukkdNht+QB+EEVYT1jh5vQLHjS26eHiK2KQBF15juZzZPCNA95SLBKNDH88eXZUN
 NkU3MkVbPD9ppHnWiCiAdjY8+raheL8gAkpQHY07S9tphZRnt4aVLa1/ChKSl8N0
 1Xcef7VrVDy4oZ+aIu7sqFCO3+z6VTR3qApT89V6TRLlqs32hHOoZRxI6nyIhSrm
 wUV+lfz4+K5JMvZXN+XBt1PSvLfHDqKhXvXGTu3Yv7HdUCraUkwibqJZBmOTUb5M
 uAglVAv2VO24NVEj3E4246sXqabqVj3+vmGFAprYecjl6NbVllsI9mZ3kD26Qylk
 eoLrt3DtBDZEwCkz/zYlMBDD18mGnpa/gerGvtw+wbNkajWugQFkHkE2SBjhds8o
 RKSLc3a6WtWPGT8qnXeOI9V3PqdGNUugYhsZKa1DMkY7WvabYMDYSn1+nBVZu/gz
 9bHF05ttN9i5NLKqeX3U6x7IxzP/LoAiNCRjFVjCBT08zzodtUNpScPP8xDEhTFq
 X5jZqDC6wK+sNlgWc0mggu+VoL37k1aXBTIYyJHZlrFDMmtxqvO26wWVFzq5LbQZ
 QTSsch6xo1z9G2R1C2C/
 =reIz
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/vga-20180202-pull-request' into staging

virtio-gpu: disallow vIOMMU

# gpg: Signature made Fri 02 Feb 2018 08:31:52 GMT
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/vga-20180202-pull-request:
  virtio-gpu: disallow vIOMMU

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-02-02 17:24:00 +00:00
Peter Maydell
f74425e267 This series is mostly about 9p request cancellation. It fixes a
long standing bug (read "specification violation") where the server
 would send an invalid response when the client has cancelled an
 in-flight request. This was causing annoying spurious EINTR returns
 in linux. The fix comes with some related testing in QTEST.
 
 Other patches are code cleanup and improvements.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEtIKLr5QxQM7yo0kQcdTV5YIvc9YFAlp0OmMACgkQcdTV5YIv
 c9bM2w/+ORsH7ifYVoPZDwPdhLAVg8t4aU7ak7kWSOeuTZhE8WA6GL8T4rjnhZZ4
 PbFZTye0fOsZZaT30sHUIwI/CGewvdx0kMJuX339XfwaWvsrF/8tHFA8QdreclVf
 YlLJwD2yZRujWPCU8k5D3hUfH2YD/w68b9Hv7K2hgsPw1Zoq7pLi/B2/BK/62G1d
 35nFG97xDmcScSybrIeLwaCIKW/wgjHsWgUgAVMpgaSwtu/JTtEG5JYCZLGO6HVa
 p67zdVQbCKQcdPLLllcrnGdWlA4CGxCBe+WMQyL3eJ2VDEH6XTBX8DiLstIVlXfj
 vXb7vjlsYxE6rdeiMXRZWDGK+jZIePmDsI6ILlpyL0rEphuBnjEMljCxyBnOp7gS
 dMTFmhfP4mApaYxeENlpQ5noDeQ/Jr1c9YeeBh9UnZ7r16/m3f2/sEIh+6QTL7YD
 iR7ZG5LF0eP5SJKoZNV0i4123A5I7v1ekn5N5q6Kf4PMcY11507lxZksPhckdPgp
 FPhsJJ1JQzWMcfE1mKeiZXq5Cys4EUhUK6UrOFp6tO38H/3YMuYMAz25D46Xk3Zx
 qGuptCaov9uPi+5uqKuG3aJ9nMIMW9ZJdMSWo2+kb4EX4hMiOewjOJtaKA11QeS+
 YoEr3szKtVnPUKsiqm+lhHL6ec5B8NQB7f8Hl88pkoLBGQzMaWU=
 =9T0i
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/gkurz/tags/for-upstream' into staging

This series is mostly about 9p request cancellation. It fixes a
long standing bug (read "specification violation") where the server
would send an invalid response when the client has cancelled an
in-flight request. This was causing annoying spurious EINTR returns
in linux. The fix comes with some related testing in QTEST.

Other patches are code cleanup and improvements.

# gpg: Signature made Fri 02 Feb 2018 10:16:03 GMT
# gpg:                using RSA key 71D4D5E5822F73D6
# gpg: Good signature from "Greg Kurz <groug@kaod.org>"
# gpg:                 aka "Gregory Kurz <gregory.kurz@free.fr>"
# gpg:                 aka "[jpeg image of size 3330]"
# Primary key fingerprint: B482 8BAF 9431 40CE F2A3  4910 71D4 D5E5 822F 73D6

* remotes/gkurz/tags/for-upstream:
  tests/virtio-9p: explicitly handle potential integer overflows
  tests: virtio-9p: add FLUSH operation test
  libqos/virtio: return length written into used descriptor
  tests: virtio-9p: add WRITE operation test
  tests: virtio-9p: add LOPEN operation test
  tests: virtio-9p: use the synth backend
  tests: virtio-9p: wait for completion in the test code
  tests: virtio-9p: move request tag to the test functions
  9pfs: Correctly handle cancelled requests
  9pfs: drop v9fs_register_transport()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-02-02 16:26:41 +00:00
Peter Maydell
fabbd691fd audio: two small fixes.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJadBgAAAoJEEy22O7T6HE4RHgQANxYU8qUNmDiNqyel4OdyVBs
 nGprFzNVWk1aJd5zHAPJRuEt7PMwnPQhQSYdhFlrUFNwQNSRk9DOhu1QIYVTQd65
 98Stvnxb8g+IS33Nkv3UNglLcROW+K+WEmaqK/XvQ8poAv9CZ0HSqGsshwfjHp9i
 iqFf+xPDg0yT9z/a3KrhrSl4GhOFcxlbQ8dZytcEKTvsLGm8vvn//QPe4H9J1RQj
 I/eAXIC5rKrr5WZ/N4vBTsEtRY0aZu/49W7nS9omRGDDrWn0jkdJigELhjlrX5ru
 zeek89HDY1yvxEM6vonFdNvrriFTa+tLT4izfB5fpoBeuzkcHCKlve1yemyVCMMn
 tdPvQPGhApWXC9opDvHc2EV2UWdE81FRKew7H+DytxN3PzmmwPBXPTYn35Ubkavv
 n/sNT1evt98AmLUGQlXnMUMkBqmtHZJY4Y0hPYR1K1f3ZDGHVXKLJQ1hBH8L/jvB
 UUaP/khZc71J9y3zip9/wu+taXXv/4fZ4NQEVykWzYemroj3Bop1fLu04m0X1wx4
 N6yUJHGUGbZ12speCXNwrbPFWlFgGyzBz4yddSmq3WbAiSR+ijZFsB7C0TGRoeoV
 Mtu4FXzBwF1VWeDq9r+Hy1b7tiJ6FcuJypGlrRoFZ8lPmTj4beSdnDBjYB4olYxW
 vJMAaLuRk9kE97YRwW5T
 =MwSl
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/audio-20180202-pull-request' into staging

audio: two small fixes.

# gpg: Signature made Fri 02 Feb 2018 07:49:20 GMT
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/audio-20180202-pull-request:
  hw/audio/sb16.c: change dolog() to qemu_log_mask()
  hw/audio/wm8750: move WM8750 declarations from i2c/i2c.h to audio/wm8750.h

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-02-02 15:33:57 +00:00
Peter Maydell
6a95e2586c Lots of litte miscellaneous fixes for the IPMI code, plus
add me as the IPMI maintainer.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJac2AnAAoJEGHzjJCRm/+B6iQP/1fqOS8QBJ8YB7simoHf8Vz0
 3Bfnphgr/T0U9Eqb7vJye3Aug3QpaBgxCynLLhLzG3tj9s4iCYFCqHehB/e9UoFV
 ok1WU6REul/8pnUjMFif23YVqn3MvZcIqva0O9/eAatUbXfRKIp7r0WRCIbLc8CW
 oGSzHsPKhJQ4pCl+Cbu+xOOAx3snOF6e92SAEKTRPeivYgXDyib+L4m00YyAuCa0
 qOT9/WqgRQqRfqrMZ9fI9RD9cM4xVD5bcn/COmk/KB7v1T0/on2LtI/pp4KYIS2E
 lcyCs1Hhoz2nz/Y0fdi83rhScJmomiLdLv0Su08Tr3u6WcOHnIqAzS5qqKRi7WaJ
 JAXp/+VX4LwEBEntAUS5PBAuM4E9DzGsQp3xypsfQHgAD9dnGJC06VPC3iRjrIim
 jtVrSftzEb/dq4iK5Kp+HmFpCUIJWgjJorTdkiQ8Nd1Ld/a2efjGyeE4H7eYwCrr
 uNqO8k739vR059oBdGEY/2bKeNr9imNdFRKd9CsMHX4rxM048S8NwemmmsZFWiiR
 Ik6POUTXFhQytBma2ZiArKUAS4VickLgDLIW2KV95y3z3eNyr+48patBUUQdqK36
 TeWE+SdwW7Nu1yD7EJzl6o1iduSUl+d2MZ62RssG4javI3hsMnWiEgaqt1fMy9V2
 cSOBe7c+LmIHcu1G7lY6
 =xjBI
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/cminyard/tags/for-release-20180201' into staging

Lots of litte miscellaneous fixes for the IPMI code, plus
add me as the IPMI maintainer.

# gpg: Signature made Thu 01 Feb 2018 18:44:55 GMT
# gpg:                using RSA key 61F38C90919BFF81
# gpg: Good signature from "Corey Minyard <cminyard@mvista.com>"
# gpg:                 aka "Corey Minyard <minyard@acm.org>"
# gpg:                 aka "Corey Minyard <corey@minyard.net>"
# gpg:                 aka "Corey Minyard <minyard@mvista.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: FD0D 5CE6 7CE0 F59A 6688  2686 61F3 8C90 919B FF81

* remotes/cminyard/tags/for-release-20180201:
  ipmi: Allow BMC device properties to be set
  ipmi: disable IRQ and ATN on an external disconnect
  ipmi: Fix macro issues
  ipmi: Add the platform event message command
  ipmi: Don't set the timestamp on add events that don't have it
  ipmi: Fix SEL get/set time commands
  Add maintainer for the IPMI code

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-02-02 14:10:13 +00:00
Peter Maydell
e486b52822 -----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJacvbeAAoJENro4Ql1lpzla2QP/AhMst66s1c9v/5CBkct3IfV
 v9rmg07RNdEZZl/WUSnPDMUBT51srkl3VdL/Fe8FKB9BS8DOOiwv2iL9Is1WvX19
 C6QhQvxlK8DDjMHPIw1tFYdR7h31Ec9XsOo9Ppry2dNE7iwv0K9G6WQW1LxPpoXq
 +PZVNykDq3JYwBCVozSxX5iz04V34AMHfCDxyjK9h8eHO7X+xaTB6V/Gei1XHxJb
 reJtmDZppFCGdADJ9CXfMk958PqwidLgGdIGE26E4LBBCeezFmYel5eFINC02501
 4QSGDbu991Ah2u51c/dgBGn7s4llsnxEMhJvqyYcoIWW3/jjGX9QUNW8AGPubiDJ
 inp7zueS9XP89QWL2lHdRxqZtf9U4PJjtIrbO+0qegIbQlibJifhLWBo1jRiJzab
 sy7W0KZtXB2G7P8EqfXtqQubbRwj2S6b+Z9IuGgsM9+RJohjdRAb7hfGvpTxICKq
 ZDbhMw00Mxk1umOtyA7ryrvccR4sLshzKER+IEIKPvklo4zW6YU1Uq/FZW8PYQLb
 qW47QGPSRsm67uDsGxtw9Qnhq+r8y/lNZWLn8nQ14VhvnoN28/mqFtw8MPVe2Idf
 q9/kRDdsgjpprXuoowT4ESFMo7b2mvPoRajUaex5SxuWuRkReryGAWjAqXrXOB7q
 ONGfVZkYAYAQcfPnrBf3
 =w2tr
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/elmarco/tags/dump-pull-request' into staging

# gpg: Signature made Thu 01 Feb 2018 11:15:42 GMT
# gpg:                using RSA key DAE8E10975969CE5
# gpg: Good signature from "Marc-André Lureau <marcandre.lureau@redhat.com>"
# gpg:                 aka "Marc-André Lureau <marcandre.lureau@gmail.com>"
# Primary key fingerprint: 87A9 BD93 3F87 C606 D276  F62D DAE8 E109 7596 9CE5

* remotes/elmarco/tags/dump-pull-request:
  dump-guest-memory.py: skip vmcoreinfo section if not available

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-02-02 10:57:50 +00:00
Greg Kurz
9ea776ee7d tests/virtio-9p: explicitly handle potential integer overflows
Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
2018-02-02 11:15:34 +01:00
Greg Kurz
357e2f7f4e tests: virtio-9p: add FLUSH operation test
The idea is to send a victim request that will possibly block in the
server and to send a flush request to cancel the victim request.

This patch adds two test to verifiy that:
- the server does not reply to a victim request that was actually
  cancelled
- the server replies to the flush request after replying to the
  victim request if it could not cancel it

9p request cancellation reference:

http://man.cat-v.org/plan_9/5/flush

Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
(groug, change the test to only write a single byte to avoid
        any alignment or endianess consideration)
2018-02-02 11:11:55 +01:00
Greg Kurz
be3a678160 libqos/virtio: return length written into used descriptor
When a 9p request is flushed (ie, cancelled) by the guest, the device
is expected to simply mark the request as used, without sending a 9p
reply (ie, without writing anything into the used buffer).

To be able to test this, we need access to the length written by the
device into the used descriptor. This patch adds a uint32_t * argument
to qvirtqueue_get_buf() and qvirtio_wait_used_elem() for this purpose.

All existing users are updated accordingly.

Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
2018-02-02 11:11:55 +01:00
Peter Maydell
707eafb8b0 -----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJacpICAAoJEL2+eyfA3jBXNoIP/11neaZupwJWWBeOm/87LPgY
 AzZU0fmFBLW0aSJBJAW4vVx+dsmriuSLGz6E4gPqI2yakBksqUeFN5noDfSZVz3F
 tQA5t9FrX3SvRaKIQ4S0SMmHDmmJjcFHl0ta3Bf0ZhNjtULaAvxrSXGzJdjyKAk1
 he2MjARECWwI5htvJ2s4f7VKDiy5x2PrNwEJdR+7BRRwbXaKJLoKrz111a5KMzF0
 7oiqzp+jmSNK1zs+LduOR/YkXoK+TKkPDesMSEyV32uoGXHEAV5xWI5FE6mPoYcZ
 kRZPiCyOWs4YKrBS8GtrY1jvIyQ1ftGPyEisgdYi7c5Tz6Ulhy+zWH9LNmaR5vT3
 1FEXFXI3gc1l1IYVYrWLbM9sTQgXePM39Jt/VgdGQ/YLtHD8npgooNXHKo5IYA5j
 8E9gHe0jzG2JyKrYGbQQb6J6eMMunWkclo/xo6fUNeGAvaEEHutNzn40EijTz0N5
 Qdn+sbPAjcnCo06F7pqc3TQMuoduC2GvP0cysG1ZP6BE03UIbIIerb8POQfpUtor
 7S11IKcAIQc+1asPKev/f7x65Jak3Bpch6Hwj966t6poQ/iOiSmp6J/GKcw6IwuE
 qx6tCdEqYE9FizYQlhaKGIqKLEcQHHf03tJN5D07ztBqmJdCvGfri15pFktjcdvE
 CqsDJ2m7s9+8HQzPKGeL
 =Digz
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/cody/tags/block-pull-request' into staging

# gpg: Signature made Thu 01 Feb 2018 04:05:22 GMT
# gpg:                using RSA key BDBE7B27C0DE3057
# gpg: Good signature from "Jeffrey Cody <jcody@redhat.com>"
# gpg:                 aka "Jeffrey Cody <jeff@codyprime.org>"
# gpg:                 aka "Jeffrey Cody <codyprime@gmail.com>"
# Primary key fingerprint: 9957 4B4D 3474 90E7 9D98  D624 BDBE 7B27 C0DE 3057

* remotes/cody/tags/block-pull-request:
  iotests: Make 200 run on tmpfs
  block/ssh: fix possible segmentation fault when .desc is not null-terminated

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-02-02 09:53:15 +00:00
Peter Xu
34e304e975 virtio-gpu: disallow vIOMMU
virtio-gpu has special code path that bypassed vIOMMU protection.  So
for now let's disable iommu_platform for the device until we fully
support that (if needed).

After the patch, both virtio-vga and virtio-gpu won't allow to boot with
iommu_platform parameter set.

CC: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
Message-id: 20180131040401.3550-1-peterx@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2018-02-02 08:53:22 +01:00
John Arbuckle
8ec660b80e hw/audio/sb16.c: change dolog() to qemu_log_mask()
Changes all the occurrances of dolog() to qemu_log_mask().

Signed-off-by: John Arbuckle <programmingkidx@gmail.com>
Message-id: 20180201172744.7504-1-programmingkidx@gmail.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2018-02-02 08:19:47 +01:00
Philippe Mathieu-Daudé
7ab14c5ace hw/audio/wm8750: move WM8750 declarations from i2c/i2c.h to audio/wm8750.h
while here use TYPE_WM8750 and declare a data_req_cb() typedef.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20170919123053.32675-1-f4bug@amsat.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2018-02-02 08:19:25 +01:00
Daniel P. Berrangé
627ebec208 ui: correctly advance output buffer when writing SASL data
In this previous commit:

  commit 8f61f1c5a6
  Author: Daniel P. Berrange <berrange@redhat.com>
  Date:   Mon Dec 18 19:12:20 2017 +0000

    ui: track how much decoded data we consumed when doing SASL encoding

I attempted to fix a flaw with tracking how much data had actually been
processed when encoding with SASL. With that flaw, the VNC server could
mistakenly discard queued data that had not been sent.

The fix was not quite right though, because it merely decremented the
vs->output.offset value. This is effectively discarding data from the
end of the pending output buffer. We actually need to discard data from
the start of the pending output buffer. We also want to free memory that
is no longer required. The correct way to handle this is to use the
buffer_advance() helper method instead of directly manipulating the
offset value.

Reported-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Message-id: 20180201155841.27509-1-berrange@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2018-02-02 07:48:18 +01:00
Daniel P. Berrange
13e1d0e71e ui: convert VNC server to QIONetListener
The VNC server already has the ability to listen on multiple sockets.
Converting it to use the QIONetListener APIs though, will reduce the
amount of code in the VNC server and improve the clarity of what is
left.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 20180201164514.10330-1-berrange@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2018-02-02 07:47:39 +01:00
Daniel P. Berrangé
8ea9c80a19 ui: fix mixup between qnum and qcode in SDL1 key handling
The previous commit:

  commit 2ec78706d1
  Author: Daniel P. Berrange <berrange@redhat.com>
  Date:   Wed Jan 17 16:47:15 2018 +0000

    ui: convert GTK and SDL1 frontends to keycodemapdb

changed the x_keymap.c keymap so that its target was qcodes instead of
qnums. It updated the GTK frontend to take account of this change, but
forgot to update the SDL1 frontend. Thus the SDL frontend was getting
qcodes but dispatching them as if they were qnums. IOW, keyboard input
was completely hosed with SDL1. Since the keyboard layout tables are
still all based on qnums, it is easier to just keep SDL1 using qnums as
it will be deleted in a few releases time.

Reported-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Tested-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-id: 20180201180033.14255-1-berrange@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2018-02-02 07:47:16 +01:00
Greg Kurz
354b86f85f tests: virtio-9p: add WRITE operation test
Trivial test of a successful write.

Signed-off-by: Greg Kurz <groug@kaod.org>
(groug, handle potential overflow when computing request size,
        add missing g_free(buf),
        backend handles one written byte at a time to validate
        the server doesn't do short-reads)
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
2018-02-01 21:21:28 +01:00
Greg Kurz
82469aaefe tests: virtio-9p: add LOPEN operation test
Trivial test of a successful open.

Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
2018-02-01 21:21:28 +01:00
Greg Kurz
2893ddd598 tests: virtio-9p: use the synth backend
The purpose of virtio-9p-test is to test the virtio-9p device, especially
the 9p server state machine. We don't really care what fsdev backend we're
using. Moreover, if we want to be able to test the flush request or a
device reset with in-flights I/O, it is close to impossible to achieve
with a physical backend because we cannot ask it reliably to put an I/O
on hold at a specific point in time.

Fortunately, we can do that with the synthetic backend, which allows to
register callbacks on read/write accesses to a specific file. This will
be used by a later patch to test the 9P flush request.

The walk request test is converted to using the synth backend.

Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
2018-02-01 21:21:27 +01:00
Greg Kurz
60b1fa9de1 tests: virtio-9p: wait for completion in the test code
In order to test request cancellation, we will need to send multiple
requests and wait for the associated replies. Since we poll the ISR
to know if a request completed, we may have several replies to parse
when we detect ISR was set to 1.

This patch moves the waiting out of the reply parsing path, up into
the functional tests.

Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
2018-02-01 21:21:27 +01:00
Greg Kurz
693b21d2c7 tests: virtio-9p: move request tag to the test functions
It doesn't really makes sense to hide the request tag from the test
functions. It prevents to test the 9p server behavior when passed
a wrong tag (ie, still in use or different from P9_NOTAG for a
version request). Also the spec says that a tag is reusable as soon
as the corresponding request was replied or flushed: no need to
always increment tags like we do now. And finaly, an upcoming test
of the flush command will need to manipulate tags explicitely.

This simply changes all request functions to have a tag argument.
Except for the version request which needs P9_NOTAG, all other
tests can pass 0 since they wait for the reply before sending
another request.

Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
2018-02-01 21:21:27 +01:00
Keno Fischer
fc78d5ee76 9pfs: Correctly handle cancelled requests
# Background

I was investigating spurious non-deterministic EINTR returns from
various 9p file system operations in a Linux guest served from the
qemu 9p server.

 ## EINTR, ERESTARTSYS and the linux kernel

When a signal arrives that the Linux kernel needs to deliver to user-space
while a given thread is blocked (in the 9p case waiting for a reply to its
request in 9p_client_rpc -> wait_event_interruptible), it asks whatever
driver is currently running to abort its current operation (in the 9p case
causing the submission of a TFLUSH message) and return to user space.
In these situations, the error message reported is generally ERESTARTSYS.
If the userspace processes specified SA_RESTART, this means that the
system call will get restarted upon completion of the signal handler
delivery (assuming the signal handler doesn't modify the process state
in complicated ways not relevant here). If SA_RESTART is not specified,
ERESTARTSYS gets translated to EINTR and user space is expected to handle
the restart itself.

 ## The 9p TFLUSH command

The 9p TFLUSH commands requests that the server abort an ongoing operation.
The man page [1] specifies:

```
If it recognizes oldtag as the tag of a pending transaction, it should
abort any pending response and discard that tag.
[...]
When the client sends a Tflush, it must wait to receive the corresponding
Rflush before reusing oldtag for subsequent messages. If a response to the
flushed request is received before the Rflush, the client must honor the
response as if it had not been flushed, since the completed request may
signify a state change in the server
```

In particular, this means that the server must not send a reply with the
orignal tag in response to the cancellation request, because the client is
obligated to interpret such a reply as a coincidental reply to the original
request.

 # The bug

When qemu receives a TFlush request, it sets the `cancelled` flag on the
relevant pdu. This flag is periodically checked, e.g. in
`v9fs_co_name_to_path`, and if set, the operation is aborted and the error
is set to EINTR. However, the server then violates the spec, by returning
to the client an Rerror response, rather than discarding the message
entirely. As a result, the client is required to assume that said Rerror
response is a result of the original request, not a result of the
cancellation and thus passes the EINTR error back to user space.
This is not the worst thing it could do, however as discussed above, the
correct error code would have been ERESTARTSYS, such that user space
programs with SA_RESTART set get correctly restarted upon completion of
the signal handler.
Instead, such programs get spurious EINTR results that they were not
expecting to handle.

It should be noted that there are plenty of user space programs that do not
set SA_RESTART and do not correctly handle EINTR either. However, that is
then a userspace bug. It should also be noted that this bug has been
mitigated by a recent commit to the Linux kernel [2], which essentially
prevents the kernel from sending Tflush requests unless the process is about
to die (in which case the process likely doesn't care about the response).
Nevertheless, for older kernels and to comply with the spec, I believe this
change is beneficial.

 # Implementation

The fix is fairly simple, just skipping notification of a reply if
the pdu was previously cancelled. We do however, also notify the transport
layer that we're doing this, so it can clean up any resources it may be
holding. I also added a new trace event to distinguish
operations that caused an error reply from those that were cancelled.

One complication is that we only omit sending the message on EINTR errors in
order to avoid confusing the rest of the code (which may assume that a
client knows about a fid if it sucessfully passed it off to pud_complete
without checking for cancellation status). This does mean that if the server
acts upon the cancellation flag, it always needs to set err to EINTR. I
believe this is true of the current code.

[1] https://9fans.github.io/plan9port/man/man9/flush.html
[2] https://github.com/torvalds/linux/commit/9523feac272ccad2ad8186ba4fcc891

Signed-off-by: Keno Fischer <keno@juliacomputing.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
[groug, send a zero-sized reply instead of detaching the buffer]
Signed-off-by: Greg Kurz <groug@kaod.org>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
2018-02-01 21:21:27 +01:00
Greg Kurz
066eb006b5 9pfs: drop v9fs_register_transport()
No good reasons to do this outside of v9fs_device_realize_common().

Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
2018-02-01 21:21:27 +01:00
Marc-André Lureau
ce6b9e421a dump-guest-memory.py: skip vmcoreinfo section if not available
On some architectures, qemu doesn't support vmcoreinfo device,
and dump-guest-memory fails:

(gdb) dump-guest-memory /tmp/vmcore  ppc64-le
guest RAM blocks:
target_start     target_end       host_addr        message count
---------------- ---------------- ---------------- ------- -----
0000000000000000 0000000200000000 00003ffd86980000 added       1
0000200080000000 0000200080800000 00003ffd86170000 added       2
Python Exception <class 'gdb.error'> No symbol "vmcoreinfo_realize" in current context.:
Error occurred in Python command: No symbol "vmcoreinfo_realize" in current context.

Check that vmcoreinfo_realize symbol exists before evaluating an
expression with it.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
2018-02-01 12:13:52 +01:00
Max Reitz
45a79646ea iotests: Make 200 run on tmpfs
200 currently fails on tmpfs because it sets cache=none.  However,
without that (and aio=native), the test still works now and it fails
before Jeff's series (on fc7dbc119e).  So
we can probably remove the aio=native safely, and replace cache=none by
cache=$CACHEMODE.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Jeff Cody <jcody@redhat.com>
Message-id: 20180117135015.15051-1-mreitz@redhat.com
Signed-off-by: Jeff Cody <jcody@redhat.com>
2018-01-31 22:37:00 -05:00