- 02 10月, 2019 2 次提交
-
-
由 Markus Armbruster 提交于
qemu-system-FOO's main() acts on command line arguments in its own idiosyncratic order. There's not much method to its madness. Whenever we find a case where one kind of command line argument needs to refer to something created for another kind later, we rejigger the order. Recent commit cda4aa9a "vl: Create block backends before setting machine properties" was such a rejigger. Block backends are now created before "delayed" objects. This broke persistent reservation management. Reproducer: $ qemu-system-x86_64 -object pr-manager-helper,id=pr-helper0,path=/tmp/pr-helper0.sock-drive -drive file=/dev/mapper/crypt,file.pr-manager=pr-helper0,format=raw,if=none,id=drive-scsi0-0-0-2 qemu-system-x86_64: -drive file=/dev/mapper/crypt,file.pr-manager=pr-helper0,format=raw,if=none,id=drive-scsi0-0-0-2: No persistent reservation manager with id 'pr-helper0' The delayed pr-manager-helper object is created too late for use by -drive or -blockdev. Normal objects are still created in time. pr-manager-helper has always been a delayed object (commit 7c9e5276 "scsi, file-posix: add support for persistent reservation management"). Turns out there's no real reason for that. Make it a normal object. Fixes: cda4aa9aSigned-off-by: NMarkus Armbruster <armbru@redhat.com> Message-Id: <20190604151251.9903-2-armbru@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com> Cc: qemu-stable@nongnu.org Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> (cherry picked from commit 9ea18ed2) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Alex Williamson 提交于
Backport of QEMU v4.1 commit for stable v4.0.1 release commit c87759ce Author: Alex Williamson <alex.williamson@redhat.com> Date: Tue May 14 14:14:41 2019 -0600 q35: Revert to kernel irqchip Commit b2fc91db ("q35: set split kernel irqchip as default") changed the default for the pc-q35-4.0 machine type to use split irqchip, which turned out to have disasterous effects on vfio-pci INTx support. KVM resampling irqfds are registered for handling these interrupts, but these are non-functional in split irqchip mode. We can't simply test for split irqchip in QEMU as userspace handling of this interrupt is a significant performance regression versus KVM handling (GeForce GPUs assigned to Windows VMs are non-functional without forcing MSI mode or re-enabling kernel irqchip). The resolution is to revert the change in default irqchip mode in the pc-q35-4.1 machine and create a pc-q35-4.0.1 machine for the 4.0-stable branch. The qemu-q35-4.0 machine type should not be used in vfio-pci configurations for devices requiring legacy INTx support without explicitly modifying the VM configuration to use kernel irqchip. Link: https://bugs.launchpad.net/qemu/+bug/1826422 Fixes: b2fc91db ("q35: set split kernel irqchip as default") Cc: qemu-stable@nongnu.org Reviewed-by: NPeter Xu <peterx@redhat.com> Signed-off-by: NAlex Williamson <alex.williamson@redhat.com> (upstream commit c87759ce) Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> *add comments regarding AML mismatch warnings from tests/bios-tables-test.c Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
- 18 9月, 2019 30 次提交
-
-
由 Anton Blanchard 提交于
During the conversion these instructions were incorrectly treated as stores. We need to use set_cpu_vsr* and not get_cpu_vsr*. Fixes: 8b3b2d75 ("introduce get_cpu_vsr{l,h}() and set_cpu_vsr{l,h}() helpers for VSR register access") Signed-off-by: NAnton Blanchard <anton@ozlabs.org> Reviewed-by: NMark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Tested-by: NGreg Kurz <groug@kaod.org> Reviewed-by: NGreg Kurz <groug@kaod.org> Message-Id: <20190524065345.25591-1-mark.cave-ayland@ilande.co.uk> Signed-off-by: NDavid Gibson <david@gibson.dropbear.id.au> (upstream commit 2a122435) Acked-by: NDavid Gibson <david@gibson.dropbear.id.au> Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Anton Blanchard 提交于
A recent cleanup changed the pre zeroing of the result from 64 bit to 32 bit operations: - result.u64[i] = 0; + result.VsrW(i) = 0; This corrupts the result. Fixes: 60594fea ("target/ppc: remove various HOST_WORDS_BIGENDIAN hacks in int_helper.c") Signed-off-by: NAnton Blanchard <anton@ozlabs.org> Message-Id: <20190507004811.29968-9-anton@ozlabs.org> Signed-off-by: NDavid Gibson <david@gibson.dropbear.id.au> (upstream commit 7fa0ddc1) Acked-by: NDavid Gibson <david@gibson.dropbear.id.au> Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Anton Blanchard 提交于
Fix a typo in xxbrq and xxbrw where we put both results into the lower doubleword. Fixes: 8b3b2d75 ("introduce get_cpu_vsr{l,h}() and set_cpu_vsr{l,h}() helpers for VSR register access") Signed-off-by: NAnton Blanchard <anton@ozlabs.org> Message-Id: <20190507004811.29968-3-anton@ozlabs.org> Signed-off-by: NDavid Gibson <david@gibson.dropbear.id.au> (upstream commit d47a751a) Acked-by: NDavid Gibson <david@gibson.dropbear.id.au> Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Anton Blanchard 提交于
Fix a typo in xvxsigdp where we put both results into the lower doubleword. Fixes: dd977e4f ("target/ppc: Optimize x[sv]xsigdp using deposit_i64()") Signed-off-by: NAnton Blanchard <anton@ozlabs.org> Message-Id: <20190507004811.29968-1-anton@ozlabs.org> Signed-off-by: NDavid Gibson <david@gibson.dropbear.id.au> (upstream commit cf4e9363) Acked-by: NDavid Gibson <david@gibson.dropbear.id.au> Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Anton Blanchard 提交于
We were using set_cpu_vsr*() when we should have used get_cpu_vsr*(). Fixes: 8b3b2d75 ("introduce get_cpu_vsr{l,h}() and set_cpu_vsr{l,h}() helpers for VSR register access") Signed-off-by: NAnton Blanchard <anton@ozlabs.org> Message-Id: <20190509104912.6b754dff@kryten> Reviewed-by: NMark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: NDavid Gibson <david@gibson.dropbear.id.au> (upstream commit 77bd8937) Acked-by: NDavid Gibson <david@gibson.dropbear.id.au> Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Li Hangjing 提交于
When a guest which doesn't support multiqueue is migrated with a multi queues vhost-user-blk deivce, a crash will occur like: 0 qemu_memfd_alloc (name=<value optimized out>, size=562949953421312, seals=<value optimized out>, fd=0x7f87171fe8b4, errp=0x7f87171fe8a8) at util/memfd.c:153 1 0x00007f883559d7cf in vhost_log_alloc (size=70368744177664, share=true) at hw/virtio/vhost.c:186 2 0x00007f88355a0758 in vhost_log_get (listener=0x7f8838bd7940, enable=1) at qemu-2-12/hw/virtio/vhost.c:211 3 vhost_dev_log_resize (listener=0x7f8838bd7940, enable=1) at hw/virtio/vhost.c:263 4 vhost_migration_log (listener=0x7f8838bd7940, enable=1) at hw/virtio/vhost.c:787 5 0x00007f88355463d6 in memory_global_dirty_log_start () at memory.c:2503 6 0x00007f8835550577 in ram_init_bitmaps (f=0x7f88384ce600, opaque=0x7f8836024098) at migration/ram.c:2173 7 ram_init_all (f=0x7f88384ce600, opaque=0x7f8836024098) at migration/ram.c:2192 8 ram_save_setup (f=0x7f88384ce600, opaque=0x7f8836024098) at migration/ram.c:2219 9 0x00007f88357a419d in qemu_savevm_state_setup (f=0x7f88384ce600) at migration/savevm.c:1002 10 0x00007f883579fc3e in migration_thread (opaque=0x7f8837530400) at migration/migration.c:2382 11 0x00007f8832447893 in start_thread () from /lib64/libpthread.so.0 12 0x00007f8832178bfd in clone () from /lib64/libc.so.6 This is because vhost_get_log_size() returns a overflowed vhost-log size. In this function, it uses the uninitialized variable vqs->used_phys and vqs->used_size to get the vhost-log size. Signed-off-by: NLi Hangjing <lihangjing@baidu.com> Reviewed-by: NXie Yongji <xieyongji@baidu.com> Reviewed-by: NChai Wen <chaiwen@baidu.com> Message-Id: <20190603061524.24076-1-lihangjing@baidu.com> Cc: qemu-stable@nongnu.org Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> (cherry picked from commit 240e647a) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 John Snow 提交于
Shift from looking at every root BDS to *every* BDS. This will migrate bitmaps that are attached to blockdev created nodes instead of just ones attached to emulated storage devices. Note that this will not migrate anonymous or internal-use bitmaps, as those are defined as having no name. This will also fix the Coverity issues Peter Maydell has been asking about for the past several releases, as well as fixing a real bug. Reported-by: NPeter Maydell <peter.maydell@linaro.org> Reported-by: Coverity
😅 Reported-by: Naihua liang <aliang@redhat.com> Reviewed-by: NVladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Signed-off-by: NJohn Snow <jsnow@redhat.com> Message-id: 20190514201926.10407-1-jsnow@redhat.com Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1652490 Fixes: Coverity CID 1390625 CC: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: NJohn Snow <jsnow@redhat.com> (cherry picked from commit 592203e7) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com> -
由 John Snow 提交于
Signed-off-by: NJohn Snow <jsnow@redhat.com> Message-id: 20190523170643.20794-6-jsnow@redhat.com Reviewed-by: NMax Reitz <mreitz@redhat.com> [mreitz: Moved from 250 to 256] Signed-off-by: NMax Reitz <mreitz@redhat.com> (cherry picked from commit ba7704f2) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 John Snow 提交于
Don't pull events out of the queue that don't belong to us; be choosier so that we can use this method to drive jobs that were launched by transactions that may have more jobs. Signed-off-by: NJohn Snow <jsnow@redhat.com> Message-id: 20190523170643.20794-5-jsnow@redhat.com Reviewed-by: NMax Reitz <mreitz@redhat.com> Signed-off-by: NMax Reitz <mreitz@redhat.com> (cherry picked from commit d6a79af0) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Max Reitz 提交于
log() is in the current module, there is no need to prefix it. In fact, doing so may make VM.run_job() unusable in tests that never use iotests.log() themselves. Signed-off-by: NMax Reitz <mreitz@redhat.com> Reviewed-by: NAlberto Garcia <berto@igalia.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com> (cherry picked from commit 86a4f599) *prereq for d6a79af0Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 John Snow 提交于
Instead of event_wait which looks for a single event, add an events_wait which can look for any number of events simultaneously. However, it will still only return one at a time, whichever happens first. Signed-off-by: NJohn Snow <jsnow@redhat.com> Message-id: 20190523170643.20794-4-jsnow@redhat.com Reviewed-by: NMax Reitz <mreitz@redhat.com> Signed-off-by: NMax Reitz <mreitz@redhat.com> (cherry picked from commit f6f4b3f0) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 John Snow 提交于
Cap waits to 60 seconds so that iotests can fail gracefully if something goes wrong. Signed-off-by: NJohn Snow <jsnow@redhat.com> Message-id: 20190523170643.20794-3-jsnow@redhat.com Reviewed-by: NMax Reitz <mreitz@redhat.com> Signed-off-by: NMax Reitz <mreitz@redhat.com> (cherry picked from commit 8b6f5f8b) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Kevin Wolf 提交于
This tests that concurrent requests are correctly drained before making graph modifications instead of running into assertions in bdrv_replace_node(). Signed-off-by: NKevin Wolf <kwolf@redhat.com> Reviewed-by: NMax Reitz <mreitz@redhat.com> (cherry picked from commit ac6fb43e) Conflicts: tests/qemu-iotests/group *prereq for d81e1efb tests Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Kevin Wolf 提交于
Instead of just asserting that no requests are in flight in bdrv_replace_node(), which is a requirement that most callers ignore, we can just drain the source node right there. This fixes at least starting a commit job while I/O is active on the backing chain, but probably other callers, too. Having requests in flight on the target node isn't a problem because the target just gets new parents, but the call path of running requests isn't modified. So we can just drop this assertion without a replacement. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1711643Signed-off-by: NKevin Wolf <kwolf@redhat.com> Reviewed-by: NMax Reitz <mreitz@redhat.com> (cherry picked from commit f871abd6) *prereq for d81e1efb tests Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 John Snow 提交于
in blockdev_backup_prepare, we check to make sure that the target is associated with a compatible aio context. However, do_blockdev_backup is called later and has some logic to move the target to a compatible aio_context. The transaction version will fail certain commands needlessly early as a result. Allow blockdev_backup_prepare to simply call do_blockdev_backup, which will ultimately decide if the contexts are compatible or not. Note: the transaction version has always disallowed this operation since its initial commit bd8baecd (2014), whereas the version of qmp_blockdev_backup at the time, from commit c29c1dd3, tried to enforce the aio_context switch instead. It's not clear, and I can't see from the mailing list archives at the time, why the two functions take a different approach. It wasn't until later in efd75567 (2016) that the standalone version tried to determine if it could set the context or not. Reported-by: Naihua liang <aliang@redhat.com> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1683498Signed-off-by: NJohn Snow <jsnow@redhat.com> Message-id: 20190523170643.20794-2-jsnow@redhat.com Reviewed-by: NMax Reitz <mreitz@redhat.com> Signed-off-by: NMax Reitz <mreitz@redhat.com> (cherry picked from commit d81e1efb) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Christian Borntraeger 提交于
csske will be removed in a future machine. Ignore it for expanding the cpu model. Otherwise qemu falls back to z9. Signed-off-by: NChristian Borntraeger <borntraeger@de.ibm.com> Cc: qemu-stable@nongnu.org Reviewed-by: NDavid Hildenbrand <david@redhat.com> Message-Id: <20190429090250.7648-3-borntraeger@de.ibm.com> Signed-off-by: NCornelia Huck <cohuck@redhat.com> (cherry picked from commit eaf6f642) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Max Reitz 提交于
We already have 221 for accesses through the page cache, but it is better to create a new file for O_DIRECT instead of integrating those test cases into 221. This way, we can make use of _supported_cache_modes (and _default_cache_mode) so the test is automatically skipped on filesystems that do not support O_DIRECT. As part of the split, add _supported_cache_modes to 221. With that, it no longer fails when run with -c none or -c directsync. Signed-off-by: NMax Reitz <mreitz@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com> (cherry picked from commit 2fab30c8) Conflicts: tests/qemu-iotests/group *fix context deps on test groups not in 4.0 Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Max Reitz 提交于
Currently, qemu crashes whenever someone queries the block status of an unaligned image tail of an O_DIRECT image: $ echo > foo $ qemu-img map --image-opts driver=file,filename=foo,cache.direct=on Offset Length Mapped to File qemu-img: block/io.c:2093: bdrv_co_block_status: Assertion `*pnum && QEMU_IS_ALIGNED(*pnum, align) && align > offset - aligned_offset' failed. This is because bdrv_co_block_status() checks that the result returned by the driver's implementation is aligned to the request_alignment, but file-posix can fail to do so, which is actually mentioned in a comment there: "[...] possibly including a partial sector at EOF". Fix this by rounding up those partial sectors. There are two possible alternative fixes: (1) We could refuse to open unaligned image files with O_DIRECT altogether. That sounds reasonable until you realize that qcow2 does necessarily not fill up its metadata clusters, and that nobody runs qemu-img create with O_DIRECT. Therefore, unpreallocated qcow2 files usually have an unaligned image tail. (2) bdrv_co_block_status() could ignore unaligned tails. It actually throws away everything past the EOF already, so that sounds reasonable. Unfortunately, the block layer knows file lengths only with a granularity of BDRV_SECTOR_SIZE, so bdrv_co_block_status() usually would have to guess whether its file length information is inexact or whether the driver is broken. Fixing what raw_co_block_status() returns is the safest thing to do. There seems to be no other block driver that sets request_alignment and does not make sure that it always returns aligned values. Cc: qemu-stable@nongnu.org Signed-off-by: NMax Reitz <mreitz@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com> (cherry picked from commit 9c3db310) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Gerd Hoffmann 提交于
s/kbd/tablet/, fixes cut+paste bug. Cc: qemu-stable@nongnu.org Reported-by: NDr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Reviewed-by: NDr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: NLaurent Vivier <lvivier@redhat.com> Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20190520081805.15019-1-kraxel@redhat.com (cherry picked from commit 442bac16) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Gerd Hoffmann 提交于
When allowing multiple down-events in a row (key autorepeat) we can't use change_bit() any more to update the state, because autorepeat events don't change the key state. We have to explicitly use set_bit() and clear_bit() instead. Cc: qemu-stable@nongnu.org Fixes: 35921860 kbd-state: don't block auto-repeat events Buglink: https://bugs.launchpad.net/qemu/+bug/1828272Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Message-id: 20190514042443.10735-1-kraxel@redhat.com (cherry picked from commit 5fff13f2) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Cédric Le Goater 提交于
The high order bits of the address of the OS event queue is stored in bits [4-31] of word2 of the XIVE END internal structures and the low order bits in word3. This structure is using Big Endian ordering and computing the value requires some simple arithmetic which happens to be wrong. The mask removing bits [0-3] of word2 is applied to the wrong value and the resulting address is bogus when above 64GB. Guests with more than 64GB of RAM will allocate pages for the OS event queues which will reside above the 64GB limit. In this case, the XIVE device model will wake up the CPUs in case of a notification, such as IPIs, but the update of the event queue will be written at the wrong place in memory. The result is uncertain as the guest memory is trashed and IPI are not delivered. Introduce a helper xive_end_qaddr() to compute this value correctly in all places where it is used. Signed-off-by: NCédric Le Goater <clg@kaod.org> Message-Id: <20190508171946.657-3-clg@kaod.org> Reviewed-by: NGreg Kurz <groug@kaod.org> Signed-off-by: NDavid Gibson <david@gibson.dropbear.id.au> (cherry picked from commit 13df9324) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 John Snow 提交于
This just about rewrites the entirety of the bitmaps.rst document to make it consistent with the 4.0 release. I have added new features seen in the 4.0 release, as well as tried to clarify some points that keep coming up when discussing this feature both in-house and upstream. It does not yet cover pull backups or migration details, but I intend to keep extending this document to cover those cases. Signed-off-by: NJohn Snow <jsnow@redhat.com> Reviewed-by: NVladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Message-id: 20190426221528.30293-3-jsnow@redhat.com [Adjusted commit message. --js] Signed-off-by: NJohn Snow <jsnow@redhat.com> (cherry picked from commit 90edef80) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 John Snow 提交于
If we add references that don't resolve (or accidentally remove them), it will be helpful to have warning messages alerting us to that. Further, turn those warnings into errors so we can be alerted to these problems sooner rather than later. Signed-off-by: NJohn Snow <jsnow@redhat.com> Reviewed-by: NVladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Message-id: 20190426221528.30293-2-jsnow@redhat.com [adjusted commit message. --js] Signed-off-by: NJohn Snow <jsnow@redhat.com> (cherry picked from commit 9e5b6cb8) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Eric Blake 提交于
When extracting a human-readable size formatter, we changed 'uint64_t div' pre-patch to 'unsigned long div' post-patch. Which breaks on 32-bit platforms, resulting in 'inf' instead of intended values larger than 999GB. Fixes: 22951aaa CC: qemu-stable@nongnu.org Reported-by: NMax Reitz <mreitz@redhat.com> Signed-off-by: NEric Blake <eblake@redhat.com> Reviewed-by: NMax Reitz <mreitz@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com> (cherry picked from commit 754da867) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Kevin Wolf 提交于
Even for block nodes with bs->drv == NULL, we can't just ignore a bdrv_set_aio_context() call. Leaving the node in its old context can mean that it's still in an iothread context in bdrv_close_all() during shutdown, resulting in an attempted unlock of the AioContext lock which we don't hold. This is an example stack trace of a related crash: #0 0x00007ffff59da57f in raise () at /lib64/libc.so.6 #1 0x00007ffff59c4895 in abort () at /lib64/libc.so.6 #2 0x0000555555b97b1e in error_exit (err=<optimized out>, msg=msg@entry=0x555555d386d0 <__func__.19059> "qemu_mutex_unlock_impl") at util/qemu-thread-posix.c:36 #3 0x0000555555b97f7f in qemu_mutex_unlock_impl (mutex=mutex@entry=0x5555568002f0, file=file@entry=0x555555d378df "util/async.c", line=line@entry=507) at util/qemu-thread-posix.c:97 #4 0x0000555555b92f55 in aio_context_release (ctx=ctx@entry=0x555556800290) at util/async.c:507 #5 0x0000555555b05cf8 in bdrv_prwv_co (child=child@entry=0x7fffc80012f0, offset=offset@entry=131072, qiov=qiov@entry=0x7fffffffd4f0, is_write=is_write@entry=true, flags=flags@entry=0) at block/io.c:833 #6 0x0000555555b060a9 in bdrv_pwritev (qiov=0x7fffffffd4f0, offset=131072, child=0x7fffc80012f0) at block/io.c:990 #7 0x0000555555b060a9 in bdrv_pwrite (child=0x7fffc80012f0, offset=131072, buf=<optimized out>, bytes=<optimized out>) at block/io.c:990 #8 0x0000555555ae172b in qcow2_cache_entry_flush (bs=bs@entry=0x555556810680, c=c@entry=0x5555568cc740, i=i@entry=0) at block/qcow2-cache.c:51 #9 0x0000555555ae18dd in qcow2_cache_write (bs=bs@entry=0x555556810680, c=0x5555568cc740) at block/qcow2-cache.c:248 #10 0x0000555555ae15de in qcow2_cache_flush (bs=0x555556810680, c=<optimized out>) at block/qcow2-cache.c:259 #11 0x0000555555ae16b1 in qcow2_cache_flush_dependency (c=0x5555568a1700, c=0x5555568a1700, bs=0x555556810680) at block/qcow2-cache.c:194 #12 0x0000555555ae16b1 in qcow2_cache_entry_flush (bs=bs@entry=0x555556810680, c=c@entry=0x5555568a1700, i=i@entry=0) at block/qcow2-cache.c:194 #13 0x0000555555ae18dd in qcow2_cache_write (bs=bs@entry=0x555556810680, c=0x5555568a1700) at block/qcow2-cache.c:248 #14 0x0000555555ae15de in qcow2_cache_flush (bs=bs@entry=0x555556810680, c=<optimized out>) at block/qcow2-cache.c:259 #15 0x0000555555ad242c in qcow2_inactivate (bs=bs@entry=0x555556810680) at block/qcow2.c:2124 #16 0x0000555555ad2590 in qcow2_close (bs=0x555556810680) at block/qcow2.c:2153 #17 0x0000555555ab0c62 in bdrv_close (bs=0x555556810680) at block.c:3358 #18 0x0000555555ab0c62 in bdrv_delete (bs=0x555556810680) at block.c:3542 #19 0x0000555555ab0c62 in bdrv_unref (bs=0x555556810680) at block.c:4598 #20 0x0000555555af4d72 in blk_remove_bs (blk=blk@entry=0x5555568103d0) at block/block-backend.c:785 #21 0x0000555555af4dbb in blk_remove_all_bs () at block/block-backend.c:483 #22 0x0000555555aae02f in bdrv_close_all () at block.c:3412 #23 0x00005555557f9796 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4776 The reproducer I used is a qcow2 image on gluster volume, where the virtual disk size (4 GB) is larger than the gluster volume size (64M), so we can easily trigger an ENOSPC. This backend is assigned to a virtio-blk device using an iothread, and then from the guest a 'dd if=/dev/zero of=/dev/vda bs=1G count=1' causes the VM to stop because of an I/O error. qemu_gluster_co_flush_to_disk() sets bs->drv = NULL on error, so when virtio-blk stops the dataplane, the block nodes stay in the iothread AioContext. A 'quit' monitor command issued from this paused state crashes the process. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1631227 Cc: qemu-stable@nongnu.org Signed-off-by: NKevin Wolf <kwolf@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Reviewed-by: NMax Reitz <mreitz@redhat.com> Reviewed-by: NStefano Garzarella <sgarzare@redhat.com> (cherry picked from commit 1bffe1ae) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Kevin Wolf 提交于
make_completely_empty() is an optimisated path for bdrv_make_empty() where completely new metadata is created inside the image file instead of going through all clusters and discarding them. For an external data file, however, we actually need to do discard operations on the data file; just overwriting the qcow2 file doesn't get rid of the data. The necessary slow path with an explicit discard operation already exists for other cases. Use it for external data files, too. Cc: qemu-stable@nongnu.org Signed-off-by: NKevin Wolf <kwolf@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> (cherry picked from commit db04524f) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Peter Lieven 提交于
the current value of 1024 bytes (16 * MFI_FRAME_SIZE) we map is not enough to hold the maximum number of scatter gather elements we advertise. We actually need a maximum of 2048 bytes. This is 128 max sg elements * 16 bytes (sizeof (union mfi_sgl)). Cc: qemu-stable@nongnu.org Signed-off-by: NPeter Lieven <pl@kamp.de> Message-Id: <20190404121015.28634-1-pl@kamp.de> Reviewed-by: NHannes Reinecke <hare@suse.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> (cherry picked from commit 2e56fbc8) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Kevin Wolf 提交于
preallocate_co() already gave the data file the full size without forwarding the requested preallocation mode to the protocol. When bdrv_co_truncate() was called later with the preallocation mode, the file didn't actually grow any more, so the data file stayed unallocated even if full preallocation was requested. Pass the right preallocation mode to preallocate_co() and remove the second bdrv_co_truncate() to fix this. As a side effect, the ugly one-byte write in preallocate_co() is replaced with a truncate call, now leaving the last block unallocated on the protocol level as it should be. Cc: qemu-stable@nongnu.org Signed-off-by: NKevin Wolf <kwolf@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> (cherry picked from commit 718c0fce) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Kevin Wolf 提交于
We'll add a bdrv_co_truncate() call in the next patch which can return an Error that we don't want to discard. So add an errp parameter to preallocate_co(). Cc: qemu-stable@nongnu.org Signed-off-by: NKevin Wolf <kwolf@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> (cherry picked from commit 360bd074) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Kevin Wolf 提交于
Limiting the allocation to INT_MAX bytes isn't particularly clever because it means that the final cluster will be a partial cluster which will be completed through a COW operation. This results in unnecessary data read and write requests which lead to an unwanted non-sparse filesystem block for metadata preallocation. Align the maximum allocation size down to the cluster size to avoid this situation. Cc: qemu-stable@nongnu.org Signed-off-by: NKevin Wolf <kwolf@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> (cherry picked from commit f29fbf7c) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
- 24 4月, 2019 1 次提交
-
-
由 Peter Maydell 提交于
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 17 4月, 2019 2 次提交
-
-
由 Peter Maydell 提交于
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Daniel P. Berrangé 提交于
The ObjectInfo struct has a variable length array containing the UTF-16 encoded filename. The number of characters of trailing data is given by the 'length' field in the struct and this must be validated against the size of the data packet received from the guest. Since the data is UTF-16, we must convert the byte count we have to a character count before validating. This must take care to truncate if a malicious guest sent an odd number of bytes. Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com> Reviewed-by: NPeter Maydell <peter.maydell@linaro.org> Reviewed-by: NBandan Das <bsd@redhat.com> Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 16 4月, 2019 5 次提交
-
-
由 Peter Maydell 提交于
Block layer patches: - qcow2: Fix potential corruption for preallocated resize with external data file # gpg: Signature made Tue 16 Apr 2019 15:23:35 BST # gpg: using RSA key 7F09B272C88F2FD6 # gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" [full] # Primary key fingerprint: DC3D EB15 9A9A F95D 3D74 56FE 7F09 B272 C88F 2FD6 * remotes/kevin/tags/for-upstream: qcow2: Fix preallocation bdrv_pwrite to wrong file Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Kevin Wolf 提交于
With an external data file, preallocate_co() must write the final byte to the external data file, not to the qcow2 image file. This is harmless for preallocation of newly created images (only the qcow2 file size is increased to the virtual disk size while it should be much smaller), but with preallocated resize, it could in theory cause visible corruption if the metadata of the image is larger than the data (e.g. lots of bitmaps). Signed-off-by: NKevin Wolf <kwolf@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com>
-
由 Marc-André Lureau 提交于
Commit 767abe7f ("chardev: forbid 'wait' option with client sockets") is a bit too strict. Current libvirt always set wait=false, and will thus fail to add client chardev. Make the code more permissive, allowing wait=false with client socket chardevs. Deprecate usage of 'wait' with client sockets. Fixes: 767abe7f Cc: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> Message-id: 20190415163337.2795-1-marcandre.lureau@redhat.com Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
Slirp updates Dr. David Alan Gilbert (1): slirp: Gcc 9 -O3 fix # gpg: Signature made Mon 15 Apr 2019 19:05:39 BST # gpg: using RSA key E61DBB15D4172BDEC97E92D9DB550E89F0FA54F3 # gpg: Good signature from "Samuel Thibault <samuel.thibault@aquilenet.fr>" [unknown] # gpg: aka "Samuel Thibault <sthibault@debian.org>" [marginal] # gpg: aka "Samuel Thibault <samuel.thibault@gnu.org>" [unknown] # gpg: aka "Samuel Thibault <samuel.thibault@inria.fr>" [marginal] # gpg: aka "Samuel Thibault <samuel.thibault@labri.fr>" [marginal] # gpg: aka "Samuel Thibault <samuel.thibault@ens-lyon.org>" [marginal] # gpg: aka "Samuel Thibault <samuel.thibault@u-bordeaux.fr>" [unknown] # gpg: WARNING: This key is not certified with sufficiently trusted signatures! # gpg: It is not certain that the signature belongs to the owner. # Primary key fingerprint: 900C B024 B679 31D4 0F82 304B D017 8C76 7D06 9EE6 # Subkey fingerprint: E61D BB15 D417 2BDE C97E 92D9 DB55 0E89 F0FA 54F3 * remotes/thibault/tags/samuel-thibault: slirp: Gcc 9 -O3 fix Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Dr. David Alan Gilbert 提交于
Gcc 9 needs some convincing that sopreprbuf really is going to fill in iov in the call from soreadbuf, even though the failure case shouldn't happen. Signed-off-by: NDr. David Alan Gilbert <dgilbert@redhat.com> Message-Id: <20190415121740.9881-1-dgilbert@redhat.com> Signed-off-by: NSamuel Thibault <samuel.thibault@ens-lyon.org>
-