Skip to content

Q
Qemu

mirror_resources / Qemu
12 个月 前同步成功

通知 4
Star 0
Fork 0
Q
Qemu

体验新版 GitCode,发现更多精彩内容 >>

切换分支/标签
  1. 13 3月, 2015 3 次提交
    • P
      Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging · f9f141b7
      Peter Maydell 提交于 
      # gpg: Signature made Thu Mar 12 19:09:26 2015 GMT using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"

* remotes/stefanha/tags/block-pull-request:
  qcow2: fix the macro QCOW_MAX_L1_SIZE's use
  queue: fix QSLIST_INSERT_HEAD_ATOMIC race
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
      f9f141b7
    • W
      qcow2: fix the macro QCOW_MAX_L1_SIZE's use · 87b86e7e
      Wen Congyang 提交于 
      QCOW_MAX_L1_SIZE's unit is byte, and l1_size's unit
is l1 table entry size(8 bytes).
Signed-off-by: NWen Congyang <wency@cn.fujitsu.com>
Message-id: 54FFB0F1.5010307@cn.fujitsu.com
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
      87b86e7e
    • P
      queue: fix QSLIST_INSERT_HEAD_ATOMIC race · 2120465f
      Paolo Bonzini 提交于 
      There is a not-so-subtle race in QSLIST_INSERT_HEAD_ATOMIC.

Because atomic_cmpxchg returns the old value instead of a success flag,
QSLIST_INSERT_HEAD_ATOMIC was checking for success by comparing against
the second argument to atomic_cmpxchg.  Unfortunately, this only works
if the second argument is a local or thread-local variable.

If it is in memory, it can be subject to common subexpression elimination
(and then everything's fine) or reloaded after the atomic_cmpxchg,
depending on the compiler's whims.  If the latter happens, the race can
happen.  A thread can sneak in, doing something on elm->field.sle_next
after the atomic_cmpxchg and before the comparison.  This causes a wrong
failure, and then two threads are using "elm" at the same time.  In the
case discovered by Christian, the sequence was likely something like this:

    thread 1                   | thread 2
    QSLIST_INSERT_HEAD_ATOMIC  |
      atomic_cmpxchg succeeds  |
      elm added to list        |
                               | steal release_pool
                               | QSLIST_REMOVE_HEAD
                               | elm removed from list
                               | ...
                               | QSLIST_INSERT_HEAD_ATOMIC
                               |   (overwrites sle_next)
      spurious failure         |
      atomic_cmpxchg succeeds  |
      elm added to list again  |
                               |
    steal release_pool         |
    QSLIST_REMOVE_HEAD         |
    elm removed again          |

The last three steps could be done by a third thread as well.
A reproducer that failed in a matter of seconds is as follows:

- the guest has 32 VCPUs on a 28 core host (hyperthreading was enabled),
  memory was 16G just to err on the safe side (the host has 64G, but hey
  at least you need no s390)

- the guest has 24 null-aio virtio-blk devices using dataplane
  (-object iothread,id=ioN -drive if=none,id=blkN,driver=null-aio,size=500G
  -device virtio-blk-pci,iothread=ioN,drive=blkN)

- the guest also has a single network interface.  It's only doing loopback
  tests so slirp vs. tap and the model doesn't matter.

- the guest is running fio with the following script:

     [global]
     rw=randread
     blocksize=16k
     ioengine=libaio
     runtime=10m
     buffered=0
     fallocate=none
     time_based
     iodepth=32

     [virtio1a]
     filename=/dev/block/252\:16

     [virtio1b]
     filename=/dev/block/252\:16

     ...

     [virtio24a]
     filename=/dev/block/252\:384

     [virtio24b]
     filename=/dev/block/252\:384

     [listen1]
     protocol=tcp
     ioengine=net
     port=12345
     listen
     rw=read
     bs=4k
     size=1000g

     [connect1]
     protocol=tcp
     hostname=localhost
     ioengine=net
     port=12345
     protocol=tcp
     rw=write
     startdelay=1
     size=1000g

     ...

     [listen8]
     protocol=tcp
     ioengine=net
     port=12352
     listen
     rw=read
     bs=4k
     size=1000g

     [connect8]
     protocol=tcp
     hostname=localhost
     ioengine=net
     port=12352
     rw=write
     startdelay=1
     size=1000g

Moral of the story: I should refrain from writing more clever stuff.
At least it looks like it is not too clever to be undebuggable.
Reported-by: NChristian Borntraeger <borntraeger@de.ibm.com>
Tested-by: NChristian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Message-id: 1426002357-6889-1-git-send-email-pbonzini@redhat.com
Fixes: c740ad92Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
      2120465f
  3. 12 3月, 2015 31 次提交
  5. 11 3月, 2015 6 次提交
    • P
      Merge remote-tracking branch 'remotes/borntraeger/tags/s390x-20150310' into staging · 165fa409
      Peter Maydell 提交于 
      s390x/kvm: Features and fixes for 2.3

- an extension to the elf loader to allow relocations
- make the ccw bios relocatable. This allows for bigger ramdisks
  or smaller guests
- Handle all slow SIGPs in QEMU (instead of kernel) for better
  compliance and correctness
- tell the KVM module the maximum guest size. This allows KVM
  to reduce the number or page table levels
- Several fixes/cleanups

# gpg: Signature made Wed Mar 11 10:17:13 2015 GMT using RSA key ID B5A61C7C
# gpg: Good signature from "Christian Borntraeger (IBM) <borntraeger@de.ibm.com>"

* remotes/borntraeger/tags/s390x-20150310:
  s390-ccw: rebuild BIOS
  s390/bios: Make the s390-ccw.img relocatable
  elf-loader: Provide the possibility to relocate s390 ELF files
  s390-ccw.img: Reinitialize guessing on reboot
  s390-ccw.img: Allow bigger ramdisk sizes or offsets
  s390x/kvm: passing max memory size to accelerator
  virtio-ccw: Convert to realize()
  virtio-s390: Convert to realize()
  virtio-s390: s390_virtio_device_init() can't fail, simplify
  s390x/kvm: enable the new SIGP handling in user space
  s390x/kvm: deliver SIGP RESTART directly if stopped
  s390x: add function to deliver restart irqs
  s390x/kvm: SIGP START is only applicable when STOPPED
  s390x/kvm: implement handling of new SIGP orders
  s390x/kvm: trace all SIGP orders
  s390x/kvm: helper to set the SIGP status in SigpInfo
  s390x/kvm: pass the SIGP instruction parameter to the SIGP handler
  s390x/kvm: more details for SIGP handler with one destination vcpu
  s390x: introduce defines for SIGP condition codes
  synchronize Linux headers to 4.0-rc3
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
      165fa409
    • M
      pci/shpc: fix signed integer overflow · 58209459
      Michael S. Tsirkin 提交于 
      clang undefined behaviour sanitizer reports:
> hw/pci/shpc.c:162:27: runtime error: left shift of 1 by 31 places
> cannot be represented in type 'int'

Caused by the usual lack of a 'U' qualifier on a constant 1 being
shifted left. Fix it up.
Reported-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      58209459
    • M
      acpi-test: update expected files · 92bf484a
      Michael S. Tsirkin 提交于 
      commit ecdc7bab
    "acpi: fix aml_equal term implementation"
dropped a useless Zero in generated code,
update expected files appropriately.
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      92bf484a
    • P
      Merge remote-tracking branch 'remotes/amit/tags/vser-for-2.3-1' into staging · 9159eb9a
      Peter Maydell 提交于 
      virtio-serial: fix crash on port hotplug when a previously-added port
did not have the 'name' property set.

# gpg: Signature made Wed Mar 11 11:13:53 2015 GMT using RSA key ID 854083B6
# gpg: Good signature from "Amit Shah <amit@amitshah.net>"
# gpg:                 aka "Amit Shah <amit@kernel.org>"
# gpg:                 aka "Amit Shah <amitshah@gmx.net>"

* remotes/amit/tags/vser-for-2.3-1:
  virtio-serial: fix segfault on NULL port names
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
      9159eb9a
    • L
      target-mips: add missing MSACSR and restore fp_status and hflags · 64451111
      Leon Alrae 提交于 
      Save MSACSR state. Also remove fp_status, msa_fp_status, hflags and restore
them in post_load() from the architectural registers.
Float exception flags are not present in vmstate. Information they carry
is used only by softfloat caller who translates them into MIPS FCSR.Cause,
FCSR.Flags and then they are cleared. Therefore there is no need for saving
them in vmstate.
Signed-off-by: NLeon Alrae <leon.alrae@imgtec.com>
Reviewed-by: NRichard Henderson <rth@twiddle.net>
      64451111
    • L
      target-mips: replace cpu_save/cpu_load with VMStateDescription · 04cd7962
      Leon Alrae 提交于 
      Create VMStateDescription for MIPS CPU. The new structure contains exactly the
same fields as before, therefore leaving existing version_id.
Signed-off-by: NLeon Alrae <leon.alrae@imgtec.com>
      04cd7962