- 14 12月, 2018 8 次提交
-
-
由 Peter Maydell 提交于
Currently monitor.c reads physical memory using cpu_physical_memory_read(). This effectively hard-codes assuming that all CPUs have the same view of physical memory. Switch to address_space_read() instead, which lets us use the AddressSpace for the CPU we're reading memory for (falling back to address_space_memory if there is no CPU, as happens with the "none" board). As a bonus, this allows us to detect failures to read memory. Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Reviewed-by: NDr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20181122172653.3413-3-peter.maydell@linaro.org
-
由 Peter Maydell 提交于
Currently disas.c reads physical memory using cpu_physical_memory_read(). This effectively hard-codes assuming that all CPUs have the same view of physical memory. Switch to address_space_read() instead, which lets us use the AddressSpace for the CPU we're disassembling for. Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20181122172653.3413-2-peter.maydell@linaro.org
-
由 Peter Maydell 提交于
The API of cpu_physical_memory_write_rom() is odd, because it takes an AddressSpace, unlike all the other cpu_physical_memory_* access functions. Rename it to address_space_write_rom(), and bring its API into line with address_space_write(). Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com> Acked-by: NMichael S. Tsirkin <mst@redhat.com> Message-id: 20181122133507.30950-3-peter.maydell@linaro.org
-
由 Peter Maydell 提交于
Rename cpu_physical_memory_write_rom_internal() to address_space_write_rom_internal(), and make it take MemTxAttrs and return a MemTxResult. This brings its API into line with address_space_write(). This is an internal function to exec.c; fixing its API will allow us to change the global function cpu_physical_memory_write_rom(). Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com> Acked-by: NMichael S. Tsirkin <mst@redhat.com> Message-id: 20181122133507.30950-2-peter.maydell@linaro.org
-
由 Peter Maydell 提交于
We now require Linux-kernel-style multiline comments: /* * line one * line two */ Enforce this in checkpatch.pl, by backporting the relevant parts of the Linux kernel's checkpatch.pl. (The only changes needed are that Linux's checkpatch.pl WARN() function takes an extra argument that ours does not, and the kernel has a special case for networking code we don't want.)" The kernel's checkpatch does not enforce "leading /* on a line of its own, so that part is unique to QEMU's checkpatch. Sample warning output: WARNING: Block comments use a leading /* on a separate line #34: FILE: hw/intc/arm_gicv3_common.c:39: + /* Older versions of QEMU had a bug in the handling of state save/restore Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Acked-by: NThomas Huth <thuth@redhat.com> Reviewed-by: NMarkus Armbruster <armbru@redhat.com>
-
由 Peter Maydell 提交于
- Explicitly check for minimum compiler versions - Remove obsolete code for old compilers that is now not required anymore - Fix a duplicated typedef for Clang 3.4 # gpg: Signature made Wed 12 Dec 2018 09:05:50 GMT # gpg: using RSA key 2ED9D774FE702DB5 # gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" # gpg: aka "Thomas Huth <thuth@redhat.com>" # gpg: aka "Thomas Huth <huth@tuxfamily.org>" # gpg: aka "Thomas Huth <th.huth@posteo.de>" # Primary key fingerprint: 27B8 8847 EEE0 2501 18F3 EAB9 2ED9 D774 FE70 2DB5 * remotes/huth-gitlab/tags/pull-request-2018-12-12: i2c: Move typedef of bitbang_i2c_interface to i2c.h Remove QEMU_ARTIFICIAL macro includes: Replace QEMU_GNUC_PREREQ with "__has_builtin || !defined(__clang__)" audio/alsaaudio: Remove compiler check around pragma tcg/tcg.h: Remove GCC check for tcg_debug_assert() macro configure: Remove old -fno-gcse workaround for GCC 4.6.x and 4.7.[012] configure: Remove obsolete check for Clang < 3.2 configure: Add a test for the minimum compiler version Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
Merge crypto patches 2018/12/12 - Fix documentation about default LUKS algorithms - Support for multi-threaded block crypto # gpg: Signature made Wed 12 Dec 2018 11:21:52 GMT # gpg: using RSA key BE86EBB415104FDF # gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" # gpg: aka "Daniel P. Berrange <berrange@redhat.com>" # Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF * remotes/berrange/tags/qcrypto-next-pull-request: crypto: support multiple threads accessing one QCryptoBlock crypto/block: introduce qcrypto_block_*crypt_helper functions crypto/block: rename qcrypto_block_*crypt_helper crypto/block: refactor qcrypto_block_*crypt_helper functions crypto/block-luks: fix memory leak in qcrypto_block_luks_create crypto: Fix defaults in QCryptoBlockCreateOptionsLUKS Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
Pull request Minor tracing improvements. # gpg: Signature made Wed 12 Dec 2018 10:15:30 GMT # gpg: using RSA key 9CA4ABB381AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" # Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8 * remotes/stefanha/tags/tracing-pull-request: trace: simple style changes tracetool: Include thread id information in log backend Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 13 12月, 2018 5 次提交
-
-
由 Peter Maydell 提交于
Monitor patches for 2018-12-12 # gpg: Signature made Wed 12 Dec 2018 10:08:15 GMT # gpg: using RSA key 3870B400EB918653 # gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" # gpg: aka "Markus Armbruster <armbru@pond.sub.org>" # Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653 * remotes/armbru/tags/pull-monitor-2018-12-12: tests: add oob functional test for test-qmp-cmds Revert "tests: Add parameter to qtest_init_without_qmp_handshake" monitor: Remove "x-oob", offer capability "oob" unconditionally monitor: Suspend monitor instead dropping commands monitor: avoid potential dead-lock when cleaning up monitor: prevent inserting new monitors after cleanup colo: check chardev can switch context monitor: check if chardev can switch gcontext for OOB char: add a QEMU_CHAR_FEATURE_GCONTEXT flag monitor: accept chardev input from iothread monitor: inline ambiguous helper functions Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
s390x patches for 4.0: - add 4.0 machine type - various fixes and small changes # gpg: Signature made Wed 12 Dec 2018 09:52:04 GMT # gpg: using RSA key DECF6B93C6F02FAF # gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>" # gpg: aka "Cornelia Huck <huckc@linux.vnet.ibm.com>" # gpg: aka "Cornelia Huck <cornelia.huck@de.ibm.com>" # gpg: aka "Cornelia Huck <cohuck@kernel.org>" # gpg: aka "Cornelia Huck <cohuck@redhat.com>" # Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0 18CE DECF 6B93 C6F0 2FAF * remotes/cohuck/tags/s390x-20181212: hw/s390x/virtio-ccw.c: Don't take address of fields in packed structs vfio-ap: flag as compatible with balloon s390x/tod: Properly stop the KVM TOD while the guest is not running s390/MAINTAINERS: Add Halil as kvm and machine maintainer s390x: introduce 4.0 compat machine s390x/zpci: drop msix.available Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
Pull request Minor virtio-blk fixes. # gpg: Signature made Wed 12 Dec 2018 09:50:17 GMT # gpg: using RSA key 9CA4ABB381AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" # Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8 * remotes/stefanha/tags/block-pull-request: virtio-blk: fix comment for virtio_blk_rw_complete as nalloc is initially -1 virtio-blk: rename iov to out_iov in virtio_blk_handle_request() Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
Merge tpm 2018/12/04 v1 # gpg: Signature made Tue 04 Dec 2018 15:25:52 GMT # gpg: using RSA key 75AD65802A0B4211 # gpg: Good signature from "Stefan Berger <stefanb@linux.vnet.ibm.com>" # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: B818 B9CA DF90 89C2 D5CE C66B 75AD 6580 2A0B 4211 * remotes/stefanberger/tags/pull-tpm-2018-12-04-1: tpm: Make sure the locality received from backend is valid tpm: Make sure new locality passed to tpm_tis_prep_abort() is valid tpm: Remove unused locty parameter from tpm_tis_abort() Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
x86 queue, 2018-12-11 * New CPU features: MOVDIRI, MOVDIR64B (Liu Jingqi); STIBP (Eduardo Habkost) * Fix clang build warning (Peter Maydell) # gpg: Signature made Tue 11 Dec 2018 20:52:56 GMT # gpg: using RSA key 2807936F984DC5A6 # gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>" # Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF D1AA 2807 936F 984D C5A6 * remotes/ehabkost/tags/x86-next-pull-request: i386: Add "stibp" flag name target/i386/kvm.c: Don't mark cpuid_data as QEMU_PACKED x86/cpu: Enable MOVDIR64B cpu feature x86/cpu: Enable MOVDIRI cpu feature Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 12 12月, 2018 27 次提交
-
-
The two thing that should be handled are cipher and ivgen. For ivgen the solution is just mutex, as iv calculations should not be long in comparison with encryption/decryption. And for cipher let's just keep per-thread ciphers. Signed-off-by: NVladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Reviewed-by: NAlberto Garcia <berto@igalia.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
Introduce QCryptoBlock-based functions and use them where possible. This is needed to implement thread-safe encrypt/decrypt operations. Signed-off-by: NVladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Reviewed-by: NAlberto Garcia <berto@igalia.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
Rename qcrypto_block_*crypt_helper to qcrypto_block_cipher_*crypt_helper, as it's not about QCryptoBlock. This is needed to introduce qcrypto_block_*crypt_helper in the next commit, which will have QCryptoBlock pointer and than will be able to use additional fields of it, which in turn will be used to implement thread-safe QCryptoBlock operations. Signed-off-by: NVladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Reviewed-by: NAlberto Garcia <berto@igalia.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
qcrypto_block_encrypt_helper and qcrypto_block_decrypt_helper are almost identical, let's reduce code duplication and simplify further improvements. Signed-off-by: NVladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Reviewed-by: NAlberto Garcia <berto@igalia.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
Free block->cipher and block->ivgen on error path. Signed-off-by: NVladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Reviewed-by: NAlberto Garcia <berto@igalia.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Alberto Garcia 提交于
The values specified in the documentation don't match the actual defaults set in qcrypto_block_luks_create(). Signed-off-by: NAlberto Garcia <berto@igalia.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Larry Dewey 提交于
This changes two lines in simple.c that end with a comma, and replaces them with a semi-colon. Signed-off-by: NLarry Dewey <ldewey@suse.com> Reviewed-by: NJohn Snow <jsnow@redhat.com> Message-id: 20181127190849.10558-1-ldewey@suse.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Fabiano Rosas 提交于
Currently the log backend prints the process id of QEMU at the start of each output line, but since threads share the same PID there is no clear distinction between their outputs. Having the thread id present in the log makes it easier to see when output comes from different threads. E.g.: 12423@1538597569.672527:qemu_mutex_lock waiting on mutex 0x1103ee60 (/root/qemu/util/main-loop.c:236) ... 12430@1538597569.503928:qemu_mutex_unlock released mutex 0x1103ee60 (/root/qemu/cpus.c:1238) 12431@1538597569.503937:qemu_mutex_locked taken mutex 0x1103ee60 (/root/qemu/cpus.c:1257) ^here In the above, 12423 is the main process id and 12430 & 12431 are the two vcpu threads. (qemu) info cpus * CPU #0: thread_id=12430 CPU #1: thread_id=12431 Suggested-by: NMurilo Opsfelder Araujo <muriloo@linux.ibm.com> Signed-off-by: NFabiano Rosas <farosas@linux.ibm.com> Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Peter Maydell 提交于
Taking the address of a field in a packed struct is a bad idea, because it might not be actually aligned enough for that pointer type (and thus cause a crash on dereference on some host architectures). Newer versions of clang warn about this. Avoid the bug by not using the "modify in place" byte swapping functions. Patch produced with scripts/coccinelle/inplace-byteswaps.cocci (with a couple of long lines manually wrapped). Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Message-Id: <20181210120436.30522-1-peter.maydell@linaro.org> Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: NHalil Pasic <pasic@linux.ibm.com> Signed-off-by: NCornelia Huck <cohuck@redhat.com>
-
由 Cornelia Huck 提交于
vfio-ap devices do not pin any pages in the host. Therefore, they are compatible with memory ballooning. Flag them as compatible, so both vfio-ap and a balloon can be used simultaneously. Cc: qemu-stable@nongnu.org Acked-by: NChristian Borntraeger <borntraeger@de.ibm.com> Tested-by: NTony Krowiak <akrowiak@linux.ibm.com> Reviewed-by: NHalil Pasic <pasic@linux.ibm.com> Signed-off-by: NCornelia Huck <cohuck@redhat.com>
-
由 David Hildenbrand 提交于
Just like on other architectures, we should stop the clock while the guest is not running. This is already properly done for TCG. Right now, doing an offline migration (stop, migrate, cont) can easily trigger stalls in the guest. Even doing a (hmp) stop ... wait 2 minutes ... (hmp) cont will already trigger stalls. So whenever the guest stops, backup the KVM TOD. When continuing to run the guest, restore the KVM TOD. One special case is starting a simple VM: Reading the TOD from KVM to stop it right away until the guest is actually started means that the time of any simple VM will already differ to the host time. We can simply leave the TOD running and the guest won't be able to recognize it. For migration, we actually want to keep the TOD stopped until really starting the guest. To be able to catch most errors, we should however try to set the TOD in addition to simply storing it. So we can still catch basic migration problems. If anything goes wrong while backing up/restoring the TOD, we have to ignore it (but print a warning). This is then basically a fallback to old behavior (TOD remains running). I tested this very basically with an initrd: 1. Start a simple VM. Observed that the TOD is kept running. Old behavior. 2. Ordinary live migration. Observed that the TOD is temporarily stopped on the destination when setting the new value and correctly started when finally starting the guest. 3. Offline live migration. (stop, migrate, cont). Observed that the TOD will be stopped on the source with the "stop" command. On the destination, the TOD is temporarily stopped when setting the new value and correctly started when finally starting the guest via "cont". 4. Simple stop/cont correctly stops/starts the TOD. (multiple stops or conts in a row have no effect, so works as expected) In the future, we might want to send the guest a special kind of time sync interrupt under some conditions, so it can synchronize its tod to the host tod. This is interesting for migration scenarios but also when we get time sync interrupts ourselves. This however will most probably have to be handled in KVM (e.g. when the tods differ too much) and is not desired e.g. when debugging the guest (single stepping should not result in permanent time syncs). I consider something like that an add-on on top of this basic "don't break the guest" handling. Signed-off-by: NDavid Hildenbrand <david@redhat.com> Message-Id: <20181130094957.4121-1-david@redhat.com> Acked-by: NChristian Borntraeger <borntraeger@de.ibm.com> Reviewed-by: NThomas Huth <thuth@redhat.com> Signed-off-by: NCornelia Huck <cohuck@redhat.com>
-
由 Christian Borntraeger 提交于
Halil does more work in this area than I do right now. Lets add Halil. Signed-off-by: NChristian Borntraeger <borntraeger@de.ibm.com> Message-Id: <20181204133802.100998-1-borntraeger@de.ibm.com> Acked-by: NHalil Pasic <pasic@linux.ibm.com> Signed-off-by: NCornelia Huck <cohuck@redhat.com>
-
由 Cornelia Huck 提交于
Reviewed-by: NDavid Hildenbrand <david@redhat.com> Signed-off-by: NCornelia Huck <cohuck@redhat.com>
-
由 David Hildenbrand 提交于
I fail to see why this is useful as we require MSIX always and completely fail adding a device. Signed-off-by: NDavid Hildenbrand <david@redhat.com> Message-Id: <20181105110313.29312-2-david@redhat.com> Fixes: 4f6482bfReviewed-by: NThomas Huth <thuth@redhat.com> Reviewed-by: NCollin Walling <walling@linux.ibm.com> Signed-off-by: NCornelia Huck <cohuck@redhat.com>
-
由 Peter Xu 提交于
Straightforward test just to let the test-qmp-cmds be complete. Reviewed-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: NPeter Xu <peterx@redhat.com> Message-Id: <20181009062718.1914-6-peterx@redhat.com> Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
-
由 Peter Xu 提交于
This reverts commit ddee57e0. Meanwhile, revert one line from fa198ad9 to make sure qtest_init_without_qmp_handshake() will only pass in one parameter. Reviewed-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: NPeter Xu <peterx@redhat.com> Message-Id: <20181009062718.1914-5-peterx@redhat.com> Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
-
由 Peter Xu 提交于
Out-of-band command execution was introduced in commit cf869d53. Unfortunately, we ran into a regression, and had to turn it into an experimental option for 2.12 (commit be933ffc). http://lists.gnu.org/archive/html/qemu-devel/2018-03/msg06231.html The regression has since been fixed (commit 951702f3 "monitor: bind dispatch bh to iohandler context"). A thorough re-review of OOB commands led to a few more issues, which have also been addressed. This patch partly reverts be933ffc (monitor: new parameter "x-oob"), and makes QMP monitors again offer capability "oob" whenever they can provide it, i.e. when the monitor's character device is capable of running in an I/O thread. Some trivial touch-up in the test code is required to make sure qmp-test won't break. Reviewed-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: NPeter Xu <peterx@redhat.com> Message-Id: <20181009062718.1914-4-peterx@redhat.com> [Conflict with "monitor: check if chardev can switch gcontext for OOB" resolved, commit message updated] Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
-
由 Dongli Zhang 提交于
The initial value of nalloc is -1, but not 1. Signed-off-by: NDongli Zhang <dongli.zhang@oracle.com> Reviewed-by: NLaurent Vivier <laurent@vivier.eu> Message-id: 1541479952-32355-1-git-send-email-dongli.zhang@oracle.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Dongli Zhang 提交于
In virtio_blk_handle_request(), in_iov is used for input header while iov is used for output header. Rename iov to out_iov to pair output header's name with in_iov to avoid confusing people when reading source code. Signed-off-by: NDongli Zhang <dongli.zhang@oracle.com> Message-id: 1541520556-8334-1-git-send-email-dongli.zhang@oracle.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 BALATON Zoltan 提交于
Clang 3.4 considers duplicate typedef in ppc4xx_i2c.h and bitbang_i2c.h an error even if they are identical. Move it to a common place to allow building with this clang version. Reported-by: NThomas Huth <thuth@redhat.com> Signed-off-by: NBALATON Zoltan <balaton@eik.bme.hu> Acked-by: NDavid Gibson <david@gibson.dropbear.id.au> Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: NThomas Huth <thuth@redhat.com>
-
由 Thomas Huth 提交于
The code that used it has already been removed a while ago with commit dc41aa7d ("tcg: Remove GET_TCGV_* and MAKE_TCGV_*"). Reviewed-by: NRichard Henderson <richard.henderson@linaro.org> Signed-off-by: NThomas Huth <thuth@redhat.com>
-
由 Thomas Huth 提交于
Since we require GCC version 4.8 or newer now, we can be sure that the builtin functions are always available on GCC. And for Clang, we can check the availablility with __has_builtin instead. Reviewed-by: NRichard Henderson <richard.henderson@linaro.org> Signed-off-by: NThomas Huth <thuth@redhat.com>
-
由 Thomas Huth 提交于
Both GCC v4.8 and Clang v3.4 support the -Waddress option, so we do not need the compiler version check here anymore. Reviewed-by: NRichard Henderson <richard.henderson@linaro.org> Signed-off-by: NThomas Huth <thuth@redhat.com>
-
由 Thomas Huth 提交于
Both GCC v4.8 and Clang v3.4 (our minimum versions) support __builtin_unreachable(), so we can remove the version check here now. Reviewed-by: NRichard Henderson <richard.henderson@linaro.org> Signed-off-by: NThomas Huth <thuth@redhat.com>
-
由 Thomas Huth 提交于
Now that we require at least GCC 4.8, we don't need this als workaround for 4.6 and 4.7 anymore. Reviewed-by: NRichard Henderson <richard.henderson@linaro.org> Signed-off-by: NThomas Huth <thuth@redhat.com>
-
由 Peter Xu 提交于
When a QMP client sends in-band commands more quickly that we can process them, we can either queue them without limit (QUEUE), drop commands when the queue is full (DROP), or suspend receiving commands when the queue is full (SUSPEND). None of them is ideal: * QUEUE lets a misbehaving client make QEMU eat memory without bounds. Not such a hot idea. * With DROP, the client has to cope with dropped in-band commands. To inform the client, we send a COMMAND_DROPPED event then. The event is flawed by design in two ways: it's ambiguous (see commit d621cfe0), and it brings back the "eat memory without bounds" problem. * With SUSPEND, the client has to manage the flow of in-band commands to keep the monitor available for out-of-band commands. We currently DROP. Switch to SUSPEND. Managing the flow of in-band commands to keep the monitor available for out-of-band commands isn't really hard: just count the number of "outstanding" in-band commands (commands sent minus replies received), and if it exceeds the limit, hold back additional ones until it drops below the limit again. Note that we need to be careful pairing the suspend with a resume, or else the monitor will hang, possibly forever. And here since we need to make sure both: (1) popping request from the req queue, and (2) reading length of the req queue will be in the same critical section, we let the pop function take the corresponding queue lock when there is a request, then we release the lock from the caller. Reviewed-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: NPeter Xu <peterx@redhat.com> Message-Id: <20181009062718.1914-2-peterx@redhat.com> Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
-
由 Marc-André Lureau 提交于
When a monitor is connected to a Spice chardev, the monitor cleanup can dead-lock: #0 0x00007f43446637fd in __lll_lock_wait () at /lib64/libpthread.so.0 #1 0x00007f434465ccf4 in pthread_mutex_lock () at /lib64/libpthread.so.0 #2 0x0000556dd79f22ba in qemu_mutex_lock_impl (mutex=0x556dd81c9220 <monitor_lock>, file=0x556dd7ae3648 "/home/elmarco/src/qq/monitor.c", line=645) at /home/elmarco/src/qq/util/qemu-thread-posix.c:66 #3 0x0000556dd7431bd5 in monitor_qapi_event_queue (event=QAPI_EVENT_SPICE_DISCONNECTED, qdict=0x556dd9abc850, errp=0x7fffb7bbddd8) at /home/elmarco/src/qq/monitor.c:645 #4 0x0000556dd79d476b in qapi_event_send_spice_disconnected (server=0x556dd98ee760, client=0x556ddaaa8560, errp=0x556dd82180d0 <error_abort>) at qapi/qapi-events-ui.c:149 #5 0x0000556dd7870fc1 in channel_event (event=3, info=0x556ddad1b590) at /home/elmarco/src/qq/ui/spice-core.c:235 #6 0x00007f434560a6bb in reds_handle_channel_event (reds=<optimized out>, event=3, info=0x556ddad1b590) at reds.c:316 #7 0x00007f43455f393b in main_dispatcher_self_handle_channel_event (info=0x556ddad1b590, event=3, self=0x556dd9a7d8c0) at main-dispatcher.c:197 #8 0x00007f43455f393b in main_dispatcher_channel_event (self=0x556dd9a7d8c0, event=event@entry=3, info=0x556ddad1b590) at main-dispatcher.c:197 #9 0x00007f4345612833 in red_stream_push_channel_event (s=s@entry=0x556ddae2ef40, event=event@entry=3) at red-stream.c:414 #10 0x00007f434561286b in red_stream_free (s=0x556ddae2ef40) at red-stream.c:388 #11 0x00007f43455f9ddc in red_channel_client_finalize (object=0x556dd9bb21a0) at red-channel-client.c:347 #12 0x00007f434b5f9fb9 in g_object_unref () at /lib64/libgobject-2.0.so.0 #13 0x00007f43455fc212 in red_channel_client_push (rcc=0x556dd9bb21a0) at red-channel-client.c:1341 #14 0x0000556dd76081ba in spice_port_set_fe_open (chr=0x556dd9925e20, fe_open=0) at /home/elmarco/src/qq/chardev/spice.c:241 #15 0x0000556dd796d74a in qemu_chr_fe_set_open (be=0x556dd9a37c00, fe_open=0) at /home/elmarco/src/qq/chardev/char-fe.c:340 #16 0x0000556dd796d4d9 in qemu_chr_fe_set_handlers (b=0x556dd9a37c00, fd_can_read=0x0, fd_read=0x0, fd_event=0x0, be_change=0x0, opaque=0x0, context=0x0, set_open=true) at /home/elmarco/src/qq/chardev/char-fe.c:280 #17 0x0000556dd796d359 in qemu_chr_fe_deinit (b=0x556dd9a37c00, del=false) at /home/elmarco/src/qq/chardev/char-fe.c:233 #18 0x0000556dd7432240 in monitor_data_destroy (mon=0x556dd9a37c00) at /home/elmarco/src/qq/monitor.c:786 #19 0x0000556dd743b968 in monitor_cleanup () at /home/elmarco/src/qq/monitor.c:4683 #20 0x0000556dd75ce776 in main (argc=3, argv=0x7fffb7bbe458, envp=0x7fffb7bbe478) at /home/elmarco/src/qq/vl.c:4660 Because spice code tries to emit a "disconnected" signal on the monitors. Fix this dead-lock by releasing the monitor lock for flush/destroy. monitor_lock protects mon_list, monitor_qapi_event_state and monitor_destroyed. monitor_flush() and monitor_data_destroy() don't access any of those variables. monitor_cleanup()'s loop is safe because it uses QTAILQ_FOREACH_SAFE(), and no further monitor can be added after calling monitor_cleanup() thanks to monitor_destroyed check in monitor_list_append(). Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: NMarkus Armbruster <armbru@redhat.com> Message-Id: <20181205203737.9011-8-marcandre.lureau@redhat.com> Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
-