- 06 2月, 2018 6 次提交
-
-
由 Daniel P. Berrange 提交于
The inet_parse() function looks for 'ipv4' and 'ipv6' flags, but only treats them as bare bool flags. The normal QemuOpts parsing would allow on/off values to be set too. This updates inet_parse() so that its handling of the 'ipv4' and 'ipv6' flags matches that done by QemuOpts. This impacts the NBD block driver parsing the legacy filename syntax and the migration code parsing the socket scheme. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> Message-Id: <20180125171412.21627-1-berrange@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Peter Maydell 提交于
We dropped support for ia64 host CPUs in the 2.11 release (removing the TCG backend for it, and advertising the support as being completely removed in the changelog). However there are a few bits and pieces of code still floating about. Remove those, too. We can drop the check in configure for "ia64 or hppa host?" entirely, because we don't support hppa hosts either any more. Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Message-Id: <1516897189-11035-1-git-send-email-peter.maydell@linaro.org> Reviewed-by: NRichard Henderson <richard.henderson@linaro.org> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Paolo Bonzini 提交于
Add the BSD license there. Reported-by: NIzik Eidus <izik@veertu.com> Message-Id: <20180123123639.35255-3-izik@veertu.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Izik Eidus 提交于
hvf.c and vmx.h contain code from hvdos.c that is released as public domain: from hvdos github: https://github.com/mist64/hvdos "License See LICENSE.txt (2-clause-BSD). In order to simplify use of this code as a template, you can consider any parts from "hvdos.c" and "interface.h" as being in the public domain." Signed-off-by: NIzik Eidus <izik@veertu.com> Message-Id: <20180123123639.35255-2-izik@veertu.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Thomas Huth 提交于
The i2c core and the at24c EEPROM should only be compiled and linked on the machines that support i2c. Otherwise it's quite strange to see the at24c-eeprom to be "available" on qemu-system-s390x for example. Signed-off-by: NThomas Huth <thuth@redhat.com> Message-Id: <1516634853-15883-1-git-send-email-thuth@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Peter Maydell 提交于
The memory-internal.h header claims that it is for "obsolete exec.c functions" which "will be removed soon". This statement was added in 2011, six years ago, but the header is still here. (Admittedly none of the prototypes added in commit 67d95c15 are still in the header.) It's convenient to have a place to put prototypes for functions which are used internally to the various .c files of the memory system or by the accel/tcg code, which is inevitably fairly closely coupled. So keep the header but update the comments to reflect what we're actually using it for. Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Message-Id: <1511276888-17834-1-git-send-email-peter.maydell@linaro.org> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
- 05 2月, 2018 11 次提交
-
-
由 Greg Kurz 提交于
This is required otherwise python complains because of the accentuated letter in Alex's last name: Traceback (most recent call last): File "scripts/qemu-gdb.py", line 29, in <module> from qemugdb import aio, mtree, coroutine, tcg, timers File "scripts/qemugdb/timers.py", line 1 SyntaxError: Non-ASCII character '\xc3' in file scripts/qemugdb/timers.py on line 1, but no encoding declared; see http://www.python.org/peps/pep-0263.html for details Signed-off-by: NGreg Kurz <groug@kaod.org> Message-Id: <151629549711.18276.15497684562308683805.stgit@bahia.lan> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Greg Kurz 提交于
Since commit e5dc1a6c, QEMU aborts on exit if completion was used in the monitor: *** Error in `obj/ppc64-softmmu/qemu-system-ppc64': double free or corruption (fasttop): 0x00000100331069d0 *** /home/greg/Work/qemu/qemu-spapr/util/readline.c:514 /home/greg/Work/qemu/qemu-spapr/monitor.c:586 /home/greg/Work/qemu/qemu-spapr/monitor.c:4125 argv=<optimized out>, envp=<optimized out>) at /home/greg/Work/qemu/qemu-spapr/vl.c:4795 Completion strings are not persistent accross completions (why would they?). They are allocated under readline_completion(), which already takes care of freeing them before returning. Maybe all completion related bits should be moved out of ReadLineState to a dedicated structure ? In the meantime, let's drop the offending lines from readline_free() to fix the crash. Signed-off-by: NGreg Kurz <groug@kaod.org> Message-Id: <151627206353.4505.4602428849861610759.stgit@bahia.lan> Fixes: e5dc1a6cSigned-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Peter Xu 提交于
glib reported error when pty chardev used: $ ./qemu-system-x86_64 -chardev pty,id=foo -device isa-serial,chardev=foo qemu-system-x86_64: -chardev pty,id=foo: char device redirected to /dev/pts/2 (label foo) (qemu-system-x86_64:27885): GLib-CRITICAL **: g_source_unref: assertion 'source != NULL' failed (qemu-system-x86_64:27885): GLib-CRITICAL **: g_source_unref: assertion 'source != NULL' failed This patch fixes that. Fixes: 2c716ba1 ("chardev: introduce qemu_chr_timeout_add_ms()") CC: Paolo Bonzini <pbonzini@redhat.com> Reported-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: NPeter Xu <peterx@redhat.com> Message-Id: <20180118052049.31119-1-peterx@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Fam Zheng 提交于
Coverity doesn't like the ignored return value introduced in 9d3b1551 (hw/block: Fix the return type), and other callers are converted already in ceff3e1f. This one was added lately in d9bcd6f7 and missed the train. Do it now. Signed-off-by: NFam Zheng <famz@redhat.com> Message-Id: <20180118025245.13042-1-famz@redhat.com> Reviewed-by: NPhilippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 linzhecheng 提交于
We should set ioeventfd_update_pending same as memory_region_update_pending. Signed-off-by: Nlinzhecheng <linzc@zju.edu.cn> Message-Id: <1515934519-16158-1-git-send-email-linzc@zju.edu.cn> Cc: qemu-stable@nongnu.org Fixes: ade9c1aaSigned-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Marcelo Tosatti 提交于
Improve hugepage allocation failure message, indicating what is happening to the user. Signed-off-by: NMarcelo Tosatti <mtosatti@redhat.com> Message-Id: <20180115201700.GA4439@amt.cnet> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Alexey Kardashevskiy 提交于
This adds a tracepoint to trace the KVM_SET_USER_MEMORY_REGION ioctl parameters which is quite useful for debugging VFIO memory regions being actually registered with KVM. Signed-off-by: NAlexey Kardashevskiy <aik@ozlabs.ru> Message-Id: <20171215052326.21386-1-aik@ozlabs.ru> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Philippe Mathieu-Daudé 提交于
changes generated using the following Coccinelle patch: @@ type DeviceParentClass; DeviceParentClass *pc; DeviceClass *dc; identifier parent_fn; identifier child_fn; @@ ( +device_class_set_parent_realize(dc, child_fn, &pc->parent_fn); -pc->parent_fn = dc->realize; ... -dc->realize = child_fn; | +device_class_set_parent_unrealize(dc, child_fn, &pc->parent_fn); -pc->parent_fn = dc->unrealize; ... -dc->unrealize = child_fn; | +device_class_set_parent_reset(dc, child_fn, &pc->parent_fn); -pc->parent_fn = dc->reset; ... -dc->reset = child_fn; ) Signed-off-by: NPhilippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20180114020412.26160-4-f4bug@amsat.org> Reviewed-by: NMarcel Apfelbaum <marcel@redhat.com> Acked-by: NDavid Gibson <david@gibson.dropbear.id.au> Acked-by: NCornelia Huck <cohuck@redhat.com> Reviewed-by: NLaurent Vivier <laurent@vivier.eu> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Philippe Mathieu-Daudé 提交于
QOM API learning curve is quite hard, in particular when devices inherit from abstract parent. To be more explicit about when a device class change the parent hooks, add few helpers hoping a device class_init() will be easier to understand. Signed-off-by: NPhilippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20180114020412.26160-3-f4bug@amsat.org> Reviewed-by: NLaurent Vivier <laurent@vivier.eu> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Philippe Mathieu-Daudé 提交于
following the DeviceRealize and DeviceUnrealize typedefs, this unify a bit the new QOM API. Signed-off-by: NPhilippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20180114020412.26160-2-f4bug@amsat.org> Reviewed-by: NLaurent Vivier <laurent@vivier.eu> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Jay Zhou 提交于
Signed-off-by: NJay Zhou <jianjay.zhou@huawei.com> Message-Id: <1515043788-38300-1-git-send-email-jianjay.zhou@huawei.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
- 03 2月, 2018 3 次提交
-
-
由 Peter Maydell 提交于
ui: use QIONetListener in vnc, bugfixes for sdl1 and vnc. # gpg: Signature made Fri 02 Feb 2018 07:17:36 GMT # gpg: using RSA key 4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/ui-20180202-pull-request: ui: correctly advance output buffer when writing SASL data ui: convert VNC server to QIONetListener ui: fix mixup between qnum and qcode in SDL1 key handling Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
virtio-gpu: disallow vIOMMU # gpg: Signature made Fri 02 Feb 2018 08:31:52 GMT # gpg: using RSA key 4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/vga-20180202-pull-request: virtio-gpu: disallow vIOMMU Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
This series is mostly about 9p request cancellation. It fixes a long standing bug (read "specification violation") where the server would send an invalid response when the client has cancelled an in-flight request. This was causing annoying spurious EINTR returns in linux. The fix comes with some related testing in QTEST. Other patches are code cleanup and improvements. # gpg: Signature made Fri 02 Feb 2018 10:16:03 GMT # gpg: using RSA key 71D4D5E5822F73D6 # gpg: Good signature from "Greg Kurz <groug@kaod.org>" # gpg: aka "Gregory Kurz <gregory.kurz@free.fr>" # gpg: aka "[jpeg image of size 3330]" # Primary key fingerprint: B482 8BAF 9431 40CE F2A3 4910 71D4 D5E5 822F 73D6 * remotes/gkurz/tags/for-upstream: tests/virtio-9p: explicitly handle potential integer overflows tests: virtio-9p: add FLUSH operation test libqos/virtio: return length written into used descriptor tests: virtio-9p: add WRITE operation test tests: virtio-9p: add LOPEN operation test tests: virtio-9p: use the synth backend tests: virtio-9p: wait for completion in the test code tests: virtio-9p: move request tag to the test functions 9pfs: Correctly handle cancelled requests 9pfs: drop v9fs_register_transport() Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 02 2月, 2018 20 次提交
-
-
由 Peter Maydell 提交于
audio: two small fixes. # gpg: Signature made Fri 02 Feb 2018 07:49:20 GMT # gpg: using RSA key 4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/audio-20180202-pull-request: hw/audio/sb16.c: change dolog() to qemu_log_mask() hw/audio/wm8750: move WM8750 declarations from i2c/i2c.h to audio/wm8750.h Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
Lots of litte miscellaneous fixes for the IPMI code, plus add me as the IPMI maintainer. # gpg: Signature made Thu 01 Feb 2018 18:44:55 GMT # gpg: using RSA key 61F38C90919BFF81 # gpg: Good signature from "Corey Minyard <cminyard@mvista.com>" # gpg: aka "Corey Minyard <minyard@acm.org>" # gpg: aka "Corey Minyard <corey@minyard.net>" # gpg: aka "Corey Minyard <minyard@mvista.com>" # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: FD0D 5CE6 7CE0 F59A 6688 2686 61F3 8C90 919B FF81 * remotes/cminyard/tags/for-release-20180201: ipmi: Allow BMC device properties to be set ipmi: disable IRQ and ATN on an external disconnect ipmi: Fix macro issues ipmi: Add the platform event message command ipmi: Don't set the timestamp on add events that don't have it ipmi: Fix SEL get/set time commands Add maintainer for the IPMI code Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
# gpg: Signature made Thu 01 Feb 2018 11:15:42 GMT # gpg: using RSA key DAE8E10975969CE5 # gpg: Good signature from "Marc-André Lureau <marcandre.lureau@redhat.com>" # gpg: aka "Marc-André Lureau <marcandre.lureau@gmail.com>" # Primary key fingerprint: 87A9 BD93 3F87 C606 D276 F62D DAE8 E109 7596 9CE5 * remotes/elmarco/tags/dump-pull-request: dump-guest-memory.py: skip vmcoreinfo section if not available Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Greg Kurz 提交于
Signed-off-by: NGreg Kurz <groug@kaod.org> Reviewed-by: NEric Blake <eblake@redhat.com> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Greg Kurz 提交于
The idea is to send a victim request that will possibly block in the server and to send a flush request to cancel the victim request. This patch adds two test to verifiy that: - the server does not reply to a victim request that was actually cancelled - the server replies to the flush request after replying to the victim request if it could not cancel it 9p request cancellation reference: http://man.cat-v.org/plan_9/5/flushSigned-off-by: NGreg Kurz <groug@kaod.org> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> (groug, change the test to only write a single byte to avoid any alignment or endianess consideration)
-
由 Greg Kurz 提交于
When a 9p request is flushed (ie, cancelled) by the guest, the device is expected to simply mark the request as used, without sending a 9p reply (ie, without writing anything into the used buffer). To be able to test this, we need access to the length written by the device into the used descriptor. This patch adds a uint32_t * argument to qvirtqueue_get_buf() and qvirtio_wait_used_elem() for this purpose. All existing users are updated accordingly. Signed-off-by: NGreg Kurz <groug@kaod.org> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Peter Maydell 提交于
# gpg: Signature made Thu 01 Feb 2018 04:05:22 GMT # gpg: using RSA key BDBE7B27C0DE3057 # gpg: Good signature from "Jeffrey Cody <jcody@redhat.com>" # gpg: aka "Jeffrey Cody <jeff@codyprime.org>" # gpg: aka "Jeffrey Cody <codyprime@gmail.com>" # Primary key fingerprint: 9957 4B4D 3474 90E7 9D98 D624 BDBE 7B27 C0DE 3057 * remotes/cody/tags/block-pull-request: iotests: Make 200 run on tmpfs block/ssh: fix possible segmentation fault when .desc is not null-terminated Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Xu 提交于
virtio-gpu has special code path that bypassed vIOMMU protection. So for now let's disable iommu_platform for the device until we fully support that (if needed). After the patch, both virtio-vga and virtio-gpu won't allow to boot with iommu_platform parameter set. CC: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: NPeter Xu <peterx@redhat.com> Message-id: 20180131040401.3550-1-peterx@redhat.com Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
由 John Arbuckle 提交于
Changes all the occurrances of dolog() to qemu_log_mask(). Signed-off-by: NJohn Arbuckle <programmingkidx@gmail.com> Message-id: 20180201172744.7504-1-programmingkidx@gmail.com Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
由 Philippe Mathieu-Daudé 提交于
while here use TYPE_WM8750 and declare a data_req_cb() typedef. Signed-off-by: NPhilippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20170919123053.32675-1-f4bug@amsat.org Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
由 Daniel P. Berrangé 提交于
In this previous commit: commit 8f61f1c5 Author: Daniel P. Berrange <berrange@redhat.com> Date: Mon Dec 18 19:12:20 2017 +0000 ui: track how much decoded data we consumed when doing SASL encoding I attempted to fix a flaw with tracking how much data had actually been processed when encoding with SASL. With that flaw, the VNC server could mistakenly discard queued data that had not been sent. The fix was not quite right though, because it merely decremented the vs->output.offset value. This is effectively discarding data from the end of the pending output buffer. We actually need to discard data from the start of the pending output buffer. We also want to free memory that is no longer required. The correct way to handle this is to use the buffer_advance() helper method instead of directly manipulating the offset value. Reported-by: NLaszlo Ersek <lersek@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Reviewed-by: NLaszlo Ersek <lersek@redhat.com> Message-id: 20180201155841.27509-1-berrange@redhat.com Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
由 Daniel P. Berrange 提交于
The VNC server already has the ability to listen on multiple sockets. Converting it to use the QIONetListener APIs though, will reduce the amount of code in the VNC server and improve the clarity of what is left. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> Message-id: 20180201164514.10330-1-berrange@redhat.com Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
由 Daniel P. Berrangé 提交于
The previous commit: commit 2ec78706 Author: Daniel P. Berrange <berrange@redhat.com> Date: Wed Jan 17 16:47:15 2018 +0000 ui: convert GTK and SDL1 frontends to keycodemapdb changed the x_keymap.c keymap so that its target was qcodes instead of qnums. It updated the GTK frontend to take account of this change, but forgot to update the SDL1 frontend. Thus the SDL frontend was getting qcodes but dispatching them as if they were qnums. IOW, keyboard input was completely hosed with SDL1. Since the keyboard layout tables are still all based on qnums, it is easier to just keep SDL1 using qnums as it will be deleted in a few releases time. Reported-by: NBALATON Zoltan <balaton@eik.bme.hu> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com> Tested-by: NBALATON Zoltan <balaton@eik.bme.hu> Message-id: 20180201180033.14255-1-berrange@redhat.com Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
由 Greg Kurz 提交于
Trivial test of a successful write. Signed-off-by: NGreg Kurz <groug@kaod.org> (groug, handle potential overflow when computing request size, add missing g_free(buf), backend handles one written byte at a time to validate the server doesn't do short-reads) Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Greg Kurz 提交于
Trivial test of a successful open. Signed-off-by: NGreg Kurz <groug@kaod.org> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Greg Kurz 提交于
The purpose of virtio-9p-test is to test the virtio-9p device, especially the 9p server state machine. We don't really care what fsdev backend we're using. Moreover, if we want to be able to test the flush request or a device reset with in-flights I/O, it is close to impossible to achieve with a physical backend because we cannot ask it reliably to put an I/O on hold at a specific point in time. Fortunately, we can do that with the synthetic backend, which allows to register callbacks on read/write accesses to a specific file. This will be used by a later patch to test the 9P flush request. The walk request test is converted to using the synth backend. Signed-off-by: NGreg Kurz <groug@kaod.org> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Greg Kurz 提交于
In order to test request cancellation, we will need to send multiple requests and wait for the associated replies. Since we poll the ISR to know if a request completed, we may have several replies to parse when we detect ISR was set to 1. This patch moves the waiting out of the reply parsing path, up into the functional tests. Signed-off-by: NGreg Kurz <groug@kaod.org> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Greg Kurz 提交于
It doesn't really makes sense to hide the request tag from the test functions. It prevents to test the 9p server behavior when passed a wrong tag (ie, still in use or different from P9_NOTAG for a version request). Also the spec says that a tag is reusable as soon as the corresponding request was replied or flushed: no need to always increment tags like we do now. And finaly, an upcoming test of the flush command will need to manipulate tags explicitely. This simply changes all request functions to have a tag argument. Except for the version request which needs P9_NOTAG, all other tests can pass 0 since they wait for the reply before sending another request. Signed-off-by: NGreg Kurz <groug@kaod.org> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Keno Fischer 提交于
# Background I was investigating spurious non-deterministic EINTR returns from various 9p file system operations in a Linux guest served from the qemu 9p server. ## EINTR, ERESTARTSYS and the linux kernel When a signal arrives that the Linux kernel needs to deliver to user-space while a given thread is blocked (in the 9p case waiting for a reply to its request in 9p_client_rpc -> wait_event_interruptible), it asks whatever driver is currently running to abort its current operation (in the 9p case causing the submission of a TFLUSH message) and return to user space. In these situations, the error message reported is generally ERESTARTSYS. If the userspace processes specified SA_RESTART, this means that the system call will get restarted upon completion of the signal handler delivery (assuming the signal handler doesn't modify the process state in complicated ways not relevant here). If SA_RESTART is not specified, ERESTARTSYS gets translated to EINTR and user space is expected to handle the restart itself. ## The 9p TFLUSH command The 9p TFLUSH commands requests that the server abort an ongoing operation. The man page [1] specifies: ``` If it recognizes oldtag as the tag of a pending transaction, it should abort any pending response and discard that tag. [...] When the client sends a Tflush, it must wait to receive the corresponding Rflush before reusing oldtag for subsequent messages. If a response to the flushed request is received before the Rflush, the client must honor the response as if it had not been flushed, since the completed request may signify a state change in the server ``` In particular, this means that the server must not send a reply with the orignal tag in response to the cancellation request, because the client is obligated to interpret such a reply as a coincidental reply to the original request. # The bug When qemu receives a TFlush request, it sets the `cancelled` flag on the relevant pdu. This flag is periodically checked, e.g. in `v9fs_co_name_to_path`, and if set, the operation is aborted and the error is set to EINTR. However, the server then violates the spec, by returning to the client an Rerror response, rather than discarding the message entirely. As a result, the client is required to assume that said Rerror response is a result of the original request, not a result of the cancellation and thus passes the EINTR error back to user space. This is not the worst thing it could do, however as discussed above, the correct error code would have been ERESTARTSYS, such that user space programs with SA_RESTART set get correctly restarted upon completion of the signal handler. Instead, such programs get spurious EINTR results that they were not expecting to handle. It should be noted that there are plenty of user space programs that do not set SA_RESTART and do not correctly handle EINTR either. However, that is then a userspace bug. It should also be noted that this bug has been mitigated by a recent commit to the Linux kernel [2], which essentially prevents the kernel from sending Tflush requests unless the process is about to die (in which case the process likely doesn't care about the response). Nevertheless, for older kernels and to comply with the spec, I believe this change is beneficial. # Implementation The fix is fairly simple, just skipping notification of a reply if the pdu was previously cancelled. We do however, also notify the transport layer that we're doing this, so it can clean up any resources it may be holding. I also added a new trace event to distinguish operations that caused an error reply from those that were cancelled. One complication is that we only omit sending the message on EINTR errors in order to avoid confusing the rest of the code (which may assume that a client knows about a fid if it sucessfully passed it off to pud_complete without checking for cancellation status). This does mean that if the server acts upon the cancellation flag, it always needs to set err to EINTR. I believe this is true of the current code. [1] https://9fans.github.io/plan9port/man/man9/flush.html [2] https://github.com/torvalds/linux/commit/9523feac272ccad2ad8186ba4fcc891Signed-off-by: NKeno Fischer <keno@juliacomputing.com> Reviewed-by: NGreg Kurz <groug@kaod.org> [groug, send a zero-sized reply instead of detaching the buffer] Signed-off-by: NGreg Kurz <groug@kaod.org> Acked-by: NMichael S. Tsirkin <mst@redhat.com> Reviewed-by: NStefano Stabellini <sstabellini@kernel.org>
-
由 Greg Kurz 提交于
No good reasons to do this outside of v9fs_device_realize_common(). Signed-off-by: NGreg Kurz <groug@kaod.org> Reviewed-by: NStefano Stabellini <sstabellini@kernel.org>
-