1. 15 8月, 2018 5 次提交
    • M
      monitor: fix oob command leak · cb9ec42f
      Marc-André Lureau 提交于
      Spotted by ASAN, during make check...
      
      Direct leak of 40 byte(s) in 1 object(s) allocated from:
          #0 0x7f8e27262c48 in malloc (/lib64/libasan.so.5+0xeec48)
          #1 0x7f8e26a5f3c5 in g_malloc (/lib64/libglib-2.0.so.0+0x523c5)
          #2 0x555ab67078a8 in qstring_from_str /home/elmarco/src/qq/qobject/qstring.c:67
          #3 0x555ab67071e4 in qstring_new /home/elmarco/src/qq/qobject/qstring.c:24
          #4 0x555ab6713fbf in qstring_from_escaped_str /home/elmarco/src/qq/qobject/json-parser.c:144
          #5 0x555ab671738c in parse_literal /home/elmarco/src/qq/qobject/json-parser.c:506
          #6 0x555ab67179c3 in parse_value /home/elmarco/src/qq/qobject/json-parser.c:569
          #7 0x555ab6715123 in parse_pair /home/elmarco/src/qq/qobject/json-parser.c:306
          #8 0x555ab6715483 in parse_object /home/elmarco/src/qq/qobject/json-parser.c:357
          #9 0x555ab671798b in parse_value /home/elmarco/src/qq/qobject/json-parser.c:561
          #10 0x555ab6717a6b in json_parser_parse_err /home/elmarco/src/qq/qobject/json-parser.c:592
          #11 0x555ab4fd4dcf in handle_qmp_command /home/elmarco/src/qq/monitor.c:4257
          #12 0x555ab6712c4d in json_message_process_token /home/elmarco/src/qq/qobject/json-streamer.c:105
          #13 0x555ab67e01e2 in json_lexer_feed_char /home/elmarco/src/qq/qobject/json-lexer.c:323
          #14 0x555ab67e0af6 in json_lexer_feed /home/elmarco/src/qq/qobject/json-lexer.c:373
          #15 0x555ab6713010 in json_message_parser_feed /home/elmarco/src/qq/qobject/json-streamer.c:124
          #16 0x555ab4fd58ec in monitor_qmp_read /home/elmarco/src/qq/monitor.c:4337
          #17 0x555ab6559df2 in qemu_chr_be_write_impl /home/elmarco/src/qq/chardev/char.c:175
          #18 0x555ab6559e95 in qemu_chr_be_write /home/elmarco/src/qq/chardev/char.c:187
          #19 0x555ab6560127 in fd_chr_read /home/elmarco/src/qq/chardev/char-fd.c:66
          #20 0x555ab65d9c73 in qio_channel_fd_source_dispatch /home/elmarco/src/qq/io/channel-watch.c:84
          #21 0x7f8e26a598ac in g_main_context_dispatch (/lib64/libglib-2.0.so.0+0x4c8ac)
      Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
      Message-Id: <20180809114417.28718-4-marcandre.lureau@redhat.com>
      [Screwed up in commit b2731456]
      Cc: qemu-stable@nongnu.org
      Reviewed-by: NMarkus Armbruster <armbru@redhat.com>
      Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
      cb9ec42f
    • M
      tests: fix crumple/recursive leak · 42478dac
      Marc-André Lureau 提交于
      Spotted by ASAN:
      
      =================================================================
      ==27907==ERROR: LeakSanitizer: detected memory leaks
      
      Direct leak of 4120 byte(s) in 1 object(s) allocated from:
          #0 0x7f913458ce50 in calloc (/lib64/libasan.so.5+0xeee50)
          #1 0x7f9133fd641d in g_malloc0 (/lib64/libglib-2.0.so.0+0x5241d)
          #2 0x5561c6643c95 in qdict_crumple_test_recursive /home/elmarco/src/qq/tests/check-block-qdict.c:438
          #3 0x7f9133ff7c49  (/lib64/libglib-2.0.so.0+0x73c49)
      Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
      Message-Id: <20180809114417.28718-2-marcandre.lureau@redhat.com>
      [Screwed up in commit 2860b2b2]
      Reviewed-by: NMarkus Armbruster <armbru@redhat.com>
      Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
      42478dac
    • M
      qapi: Fix some pycodestyle-3 complaints · b736e25a
      Markus Armbruster 提交于
      Fix the following issues:
      
          common.py:873:13: E129 visually indented line with same indent as next logical line
          common.py:1766:5: E741 ambiguous variable name 'l'
          common.py:1784:1: E305 expected 2 blank lines after class or function definition, found 1
          common.py:1833:1: E305 expected 2 blank lines after class or function definition, found 1
          common.py:1843:1: E305 expected 2 blank lines after class or function definition, found 1
          visit.py:181:18: E127 continuation line over-indented for visual indent
      Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
      Reviewed-by: NPhilippe Mathieu-Daudé <f4bug@amsat.org>
      Message-Id: <20180621083551.775-1-armbru@redhat.com>
      [Fixup squashed in:]
      Message-ID: <871sd0nzw9.fsf@dusky.pond.sub.org>
      Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
      b736e25a
    • M
      tests: change /0.15/* tests to /qmp/* · 214e4a5b
      Marc-André Lureau 提交于
      Presumably 0.15 was the version it was first introduced, but
      qmp keeps evolving. There is no point in having that version
      as test prefix, 'qmp' makes more sense here.
      Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
      Reviewed-by: NEric Blake <eblake@redhat.com>
      Message-Id: <20180326150916.9602-12-marcandre.lureau@redhat.com>
      Reviewed-by: NMarkus Armbruster <armbru@redhat.com>
      Reviewed-by: NThomas Huth <thuth@redhat.com>
      Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
      214e4a5b
    • M
      qmp-shell: learn to send commands with quoted arguments · fcfab754
      Marc-André Lureau 提交于
      Use shlex to split the CLI command, respecting quoted arguments, and
      also comments. This allows to call for ex:
      
      (QEMU) human-monitor-command command-line="screendump /dev/null"
      {"execute": "human-monitor-command", "arguments": {"command-line": "screendump /dev/null"}}
      Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
      Message-Id: <20180326150916.9602-3-marcandre.lureau@redhat.com>
      Reviewed-by: NEduardo Habkost <ehabkost@redhat.com>
      Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
      fcfab754
  2. 14 8月, 2018 1 次提交
  3. 08 8月, 2018 1 次提交
  4. 07 8月, 2018 3 次提交
  5. 06 8月, 2018 8 次提交
  6. 03 8月, 2018 5 次提交
    • M
      tests/acpi: update tables after memory hotplug changes · 1c707d69
      Michael S. Tsirkin 提交于
      Previous patch changes acpi tables, update expected
      files accordingly.
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      1c707d69
    • I
      pc: acpi: fix memory hotplug regression by reducing stub SRAT entry size · 10efd7e1
      Igor Mammedov 提交于
      Commit 848a1cc1 (hw/acpi-build: build SRAT memory affinity structures for DIMM devices)
      broke the first dimm hotplug in following cases:
      
       1: there is no coldplugged dimm in the last numa node
          but there is a coldplugged dimm in another node
      
        -m 4096,slots=4,maxmem=32G               \
        -object memory-backend-ram,id=m0,size=2G \
        -device pc-dimm,memdev=m0,node=0         \
        -numa node,nodeid=0                      \
        -numa node,nodeid=1
      
       2: if order of dimms on CLI is:
             1st plugged dimm in node1
             2nd plugged dimm in node0
      
        -m 4096,slots=4,maxmem=32G               \
        -object memory-backend-ram,size=2G,id=m0 \
        -device pc-dimm,memdev=m0,node=1         \
        -object memory-backend-ram,id=m1,size=2G \
        -device pc-dimm,memdev=m1,node=0         \
        -numa node,nodeid=0                      \
        -numa node,nodeid=1
      
      (qemu) object_add memory-backend-ram,id=m2,size=1G
      (qemu) device_add pc-dimm,memdev=m2,node=0
      
      the first DIMM hotplug to any node except the last one
      fails (Windows is unable to online it).
      
      Length reduction of stub hotplug memory SRAT entry,
      fixes issue for some reason.
      
      RHBZ: 1609234
      Signed-off-by: NIgor Mammedov <imammedo@redhat.com>
      Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      10efd7e1
    • D
      tests/acpi-test: update ACPI tables test blobs · 16e2841d
      Dou Liyang 提交于
      Now, QEmu adds a new check for memory-less NUMA nodes in build_srat().
      
      It effects the ACPI test.
      
      So, Update ACPI tables test blobs.
      Signed-off-by: NDou Liyang <douly.fnst@cn.fujitsu.com>
      Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      16e2841d
    • D
      hw/acpi-build: Add a check for memory-less NUMA nodes · 16b42263
      Dou Liyang 提交于
      Currently, Qemu ACPI builder doesn't consider the memory-less NUMA nodes, eg:
      
        -m 4G,slots=4,maxmem=8G \
        -numa node,nodeid=0 \
        -numa node,nodeid=1,mem=2G \
        -numa node,nodeid=2,mem=2G \
        -numa node,nodeid=3\
      
      Guest Linux will report
      
        [    0.000000] ACPI: SRAT: Node 0 PXM 0 [mem 0x00000000-0xffffffffffffffff]
        [    0.000000] ACPI: SRAT: Node 1 PXM 1 [mem 0x00000000-0x0009ffff]
        [    0.000000] ACPI: SRAT: Node 1 PXM 1 [mem 0x00100000-0x7fffffff]
        [    0.000000] ACPI: SRAT: Node 2 PXM 2 [mem 0x80000000-0xbfffffff]
        [    0.000000] ACPI: SRAT: Node 2 PXM 2 [mem 0x100000000-0x13fffffff]
        [    0.000000] ACPI: SRAT: Node 3 PXM 3 [mem 0x140000000-0x13fffffff]
        [    0.000000] ACPI: SRAT: Node 3 PXM 3 [mem 0x140000000-0x33fffffff] hotplug
      
      [mem 0x00000000-0xffffffffffffffff] and [mem 0x140000000-0x13fffffff] are bogus.
      
      Add a check to avoid building srat memory for memory-less NUMA nodes, also update
      the test file. Now the info in guest linux will be
      
        [    0.000000] ACPI: SRAT: Node 1 PXM 1 [mem 0x00000000-0x0009ffff]
        [    0.000000] ACPI: SRAT: Node 1 PXM 1 [mem 0x00100000-0x7fffffff]
        [    0.000000] ACPI: SRAT: Node 2 PXM 2 [mem 0x80000000-0xbfffffff]
        [    0.000000] ACPI: SRAT: Node 2 PXM 2 [mem 0x100000000-0x13fffffff]
        [    0.000000] ACPI: SRAT: Node 3 PXM 3 [mem 0x140000000-0x33fffffff] hotplug
      Signed-off-by: NDou Liyang <douly.fnst@cn.fujitsu.com>
      Reviewed-by: NIgor Mammedov <imammedo@redhat.com>
      Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      16b42263
    • T
      vhost: check region type before casting · 388a86df
      Tiwei Bie 提交于
      Check region type first before casting the memory region
      to IOMMUMemoryRegion. Otherwise QEMU will abort with below
      error message when casting non-IOMMU memory region:
      
      vhost_iommu_region_add: Object 0x561f28bce4f0 is not an
      instance of type qemu:iommu-memory-region
      
      Fixes: cb1efcf4 ("iommu: Add IOMMU index argument to notifier APIs")
      Cc: Peter Maydell <peter.maydell@linaro.org>
      Signed-off-by: NTiwei Bie <tiwei.bie@intel.com>
      Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      388a86df
  7. 01 8月, 2018 4 次提交
  8. 31 7月, 2018 9 次提交
    • M
      monitor: temporary fix for dead-lock on event recursion · 9a105406
      Marc-André Lureau 提交于
      With a Spice port chardev, it is possible to reenter
      monitor_qapi_event_queue() (when the client disconnects for
      example). This will dead-lock on monitor_lock.
      
      Instead, use some TLS variables to check for recursion and queue the
      events.
      
      Fixes:
       (gdb) bt
       #0  0x00007fa69e7217fd in __lll_lock_wait () at /lib64/libpthread.so.0
       #1  0x00007fa69e71acf4 in pthread_mutex_lock () at /lib64/libpthread.so.0
       #2  0x0000563303567619 in qemu_mutex_lock_impl (mutex=0x563303d3e220 <monitor_lock>, file=0x5633036589a8 "/home/elmarco/src/qq/monitor.c", line=645) at /home/elmarco/src/qq/util/qemu-thread-posix.c:66
       #3  0x0000563302fa6c25 in monitor_qapi_event_queue (event=QAPI_EVENT_SPICE_DISCONNECTED, qdict=0x56330602bde0, errp=0x7ffc6ab5e728) at /home/elmarco/src/qq/monitor.c:645
       #4  0x0000563303549aca in qapi_event_send_spice_disconnected (server=0x563305afd630, client=0x563305745360, errp=0x563303d8d0f0 <error_abort>) at qapi/qapi-events-ui.c:149
       #5  0x00005633033e600f in channel_event (event=3, info=0x5633061b0050) at /home/elmarco/src/qq/ui/spice-core.c:235
       #6  0x00007fa69f6c86bb in reds_handle_channel_event (reds=<optimized out>, event=3, info=0x5633061b0050) at reds.c:316
       #7  0x00007fa69f6b193b in main_dispatcher_self_handle_channel_event (info=0x5633061b0050, event=3, self=0x563304e088c0) at main-dispatcher.c:197
       #8  0x00007fa69f6b193b in main_dispatcher_channel_event (self=0x563304e088c0, event=event@entry=3, info=0x5633061b0050) at main-dispatcher.c:197
       #9  0x00007fa69f6d0833 in red_stream_push_channel_event (s=s@entry=0x563305ad8f50, event=event@entry=3) at red-stream.c:414
       #10 0x00007fa69f6d086b in red_stream_free (s=0x563305ad8f50) at red-stream.c:388
       #11 0x00007fa69f6b7ddc in red_channel_client_finalize (object=0x563304df2360) at red-channel-client.c:347
       #12 0x00007fa6a56b7fb9 in g_object_unref () at /lib64/libgobject-2.0.so.0
       #13 0x00007fa69f6ba212 in red_channel_client_push (rcc=0x563304df2360) at red-channel-client.c:1341
       #14 0x00007fa69f68b259 in red_char_device_send_msg_to_client (client=<optimized out>, msg=0x5633059b6310, dev=0x563304e08bc0) at char-device.c:305
       #15 0x00007fa69f68b259 in red_char_device_send_msg_to_clients (msg=0x5633059b6310, dev=0x563304e08bc0) at char-device.c:305
       #16 0x00007fa69f68b259 in red_char_device_read_from_device (dev=0x563304e08bc0) at char-device.c:353
       #17 0x000056330317d01d in spice_chr_write (chr=0x563304cafe20, buf=0x563304cc50b0 "{\"timestamp\": {\"seconds\": 1532944763, \"microseconds\": 326636}, \"event\": \"SHUTDOWN\", \"data\": {\"guest\": false}}\r\n", len=111) at /home/elmarco/src/qq/chardev/spice.c:199
       #18 0x00005633034deee7 in qemu_chr_write_buffer (s=0x563304cafe20, buf=0x563304cc50b0 "{\"timestamp\": {\"seconds\": 1532944763, \"microseconds\": 326636}, \"event\": \"SHUTDOWN\", \"data\": {\"guest\": false}}\r\n", len=111, offset=0x7ffc6ab5ea70, write_all=false) at /home/elmarco/src/qq/chardev/char.c:112
       #19 0x00005633034df054 in qemu_chr_write (s=0x563304cafe20, buf=0x563304cc50b0 "{\"timestamp\": {\"seconds\": 1532944763, \"microseconds\": 326636}, \"event\": \"SHUTDOWN\", \"data\": {\"guest\": false}}\r\n", len=111, write_all=false) at /home/elmarco/src/qq/chardev/char.c:147
       #20 0x00005633034e1e13 in qemu_chr_fe_write (be=0x563304dbb800, buf=0x563304cc50b0 "{\"timestamp\": {\"seconds\": 1532944763, \"microseconds\": 326636}, \"event\": \"SHUTDOWN\", \"data\": {\"guest\": false}}\r\n", len=111) at /home/elmarco/src/qq/chardev/char-fe.c:42
       #21 0x0000563302fa6334 in monitor_flush_locked (mon=0x563304dbb800) at /home/elmarco/src/qq/monitor.c:425
       #22 0x0000563302fa6520 in monitor_puts (mon=0x563304dbb800, str=0x563305de7e9e "") at /home/elmarco/src/qq/monitor.c:468
       #23 0x0000563302fa680c in qmp_send_response (mon=0x563304dbb800, rsp=0x563304df5730) at /home/elmarco/src/qq/monitor.c:517
       #24 0x0000563302fa6905 in qmp_queue_response (mon=0x563304dbb800, rsp=0x563304df5730) at /home/elmarco/src/qq/monitor.c:538
       #25 0x0000563302fa6b5b in monitor_qapi_event_emit (event=QAPI_EVENT_SHUTDOWN, qdict=0x563304df5730) at /home/elmarco/src/qq/monitor.c:624
       #26 0x0000563302fa6c4b in monitor_qapi_event_queue (event=QAPI_EVENT_SHUTDOWN, qdict=0x563304df5730, errp=0x7ffc6ab5ed00) at /home/elmarco/src/qq/monitor.c:649
       #27 0x0000563303548cce in qapi_event_send_shutdown (guest=false, errp=0x563303d8d0f0 <error_abort>) at qapi/qapi-events-run-state.c:58
       #28 0x000056330313bcd7 in main_loop_should_exit () at /home/elmarco/src/qq/vl.c:1822
       #29 0x000056330313bde3 in main_loop () at /home/elmarco/src/qq/vl.c:1862
       #30 0x0000563303143781 in main (argc=3, argv=0x7ffc6ab5f068, envp=0x7ffc6ab5f088) at /home/elmarco/src/qq/vl.c:4644
      
      Note that error report is now moved to the first caller, which may
      receive an error for a recursed event. This is probably fine (95% of
      callers use &error_abort, the rest have NULL error and ignore it)
      Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
      Message-Id: <20180731150144.14022-1-marcandre.lureau@redhat.com>
      Reviewed-by: NMarkus Armbruster <armbru@redhat.com>
      [*_no_recurse renamed to *_no_reenter, local variables reordered]
      Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
      9a105406
    • P
      Merge remote-tracking branch 'remotes/vivier2/tags/linux-user-for-3.0-pull-request' into staging · 42e76456
      Peter Maydell 提交于
      Fix safe_syscall() on ppc64 host
      Fix mmap() 0 length error case
      
      # gpg: Signature made Tue 31 Jul 2018 09:41:07 BST
      # gpg:                using RSA key F30C38BD3F2FBE3C
      # gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>"
      # gpg:                 aka "Laurent Vivier <laurent@vivier.eu>"
      # gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>"
      # Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F  5173 F30C 38BD 3F2F BE3C
      
      * remotes/vivier2/tags/linux-user-for-3.0-pull-request:
        linux-user: ppc64: don't use volatile register during safe_syscall
        tests: add check_invalid_maps to test-mmap
        linux-user/mmap.c: handle invalid len maps correctly
      Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
      42e76456
    • P
      Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging · 45a505d0
      Peter Maydell 提交于
      Bug fixes.
      
      # gpg: Signature made Mon 30 Jul 2018 13:00:39 BST
      # gpg:                using RSA key BFFBD25F78C7AE83
      # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
      # gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
      # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
      #      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83
      
      * remotes/bonzini/tags/for-upstream:
        backends/cryptodev: remove dead code
        timer: remove replay clock probe in deadline calculation
        i386: implement MSR_SMI_COUNT for TCG
        i386: do not migrate MSR_SMI_COUNT on machine types <2.12
      Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
      45a505d0
    • P
      Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20180731' into staging · fd76fef8
      Peter Maydell 提交于
      fix large guests on s390x
      
      # gpg: Signature made Tue 31 Jul 2018 07:47:38 BST
      # gpg:                using RSA key DECF6B93C6F02FAF
      # gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>"
      # gpg:                 aka "Cornelia Huck <huckc@linux.vnet.ibm.com>"
      # gpg:                 aka "Cornelia Huck <cornelia.huck@de.ibm.com>"
      # gpg:                 aka "Cornelia Huck <cohuck@kernel.org>"
      # gpg:                 aka "Cornelia Huck <cohuck@redhat.com>"
      # Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0  18CE DECF 6B93 C6F0 2FAF
      
      * remotes/cohuck/tags/s390x-20180731:
        s390x/sclp: fix maxram calculation
      Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
      fd76fef8
    • S
      linux-user: ppc64: don't use volatile register during safe_syscall · 5d9f3ea0
      Shivaprasad G Bhat 提交于
      r11 is a volatile register on PPC as per calling conventions.
      The safe_syscall code uses it to check if the signal_pending
      is set during the safe_syscall. When a syscall is interrupted
      on return from signal handling, the r11 might be corrupted
      before we retry the syscall leading to a crash. The registers
      r0-r13 are not to be used here as they have
      volatile/designated/reserved usages.
      
      Change the code to use r14 which is non-volatile.
      Use SP+16 which is a slot for LR, for save/restore of previous value
      of r14. SP+16 can be used, as LR is preserved across the syscall.
      
      Steps to reproduce:
      On PPC host, issue `qemu-x86_64 /usr/bin/cc -E -`
      Attempt Ctrl-C, the issue is reproduced.
      
      Reference:
      https://refspecs.linuxfoundation.org/ELF/ppc64/PPC-elf64abi-1.9.html#REG
      https://openpowerfoundation.org/wp-content/uploads/2016/03/ABI64BitOpenPOWERv1.1_16July2015_pub4.pdfSigned-off-by: NShivaprasad G Bhat <sbhat@linux.vnet.ibm.com>
      Tested-by: NRichard Henderson <richard.henderson@linaro.org>
      Tested-by: NLaurent Vivier <laurent@vivier.eu>
      Reviewed-by: NRichard Henderson <richard.henderson@linaro.org>
      Reviewed-by: NLaurent Vivier <laurent@vivier.eu>
      Message-Id: <153301568965.30312.10498134581068746871.stgit@dhcp-9-109-246-16>
      Signed-off-by: NLaurent Vivier <laurent@vivier.eu>
      5d9f3ea0
    • A
      tests: add check_invalid_maps to test-mmap · 28cbb997
      Alex Bennée 提交于
      This adds a test to make sure we fail properly for a 0 length mmap.
      There are most likely other failure conditions we should also check.
      Signed-off-by: NAlex Bennée <alex.bennee@linaro.org>
      Reviewed-by: NRichard Henderson <richard.henderson@linaro.org>
      Cc: umarcor <1783362@bugs.launchpad.net>
      Message-Id: <20180730134321.19898-3-alex.bennee@linaro.org>
      Signed-off-by: NLaurent Vivier <laurent@vivier.eu>
      28cbb997
    • A
      linux-user/mmap.c: handle invalid len maps correctly · 38138fab
      Alex Bennée 提交于
      I've slightly re-organised the check to more closely match the
      sequence that the kernel uses in do_mmap(). We check for both the zero
      case (EINVAL) and the overflow length case (ENOMEM).
      Signed-off-by: NAlex Bennée <alex.bennee@linaro.org>
      Cc: umarcor <1783362@bugs.launchpad.net>
      Reviewed-by: NLaurent Vivier <laurent@vivier.eu>
      Message-Id: <20180730134321.19898-2-alex.bennee@linaro.org>
      Signed-off-by: NLaurent Vivier <laurent@vivier.eu>
      38138fab
    • P
      Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging · 7b799ec6
      Peter Maydell 提交于
      Block layer patches:
      
      - qemu-img convert -C is now required to enable copy offloading
      - file-posix: Fix write_zeroes with unmap on block devices (would fall
        back to explicit writes on recent kernels)
      - Fix query-blockstats interface for use with -blockdev
      - Minor fixes and documentation updates
      
      # gpg: Signature made Mon 30 Jul 2018 16:08:14 BST
      # gpg:                using RSA key 7F09B272C88F2FD6
      # gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"
      # Primary key fingerprint: DC3D EB15 9A9A F95D 3D74  56FE 7F09 B272 C88F 2FD6
      
      * remotes/kevin/tags/for-upstream:
        qemu-iotests: Test query-blockstats with -drive and -blockdev
        block/qapi: Include anonymous BBs in query-blockstats
        block/qapi: Add 'qdev' field to query-blockstats result
        file-posix: Fix write_zeroes with unmap on block devices
        block: Fix documentation for BDRV_REQ_MAY_UNMAP
        iotests: Add test for 'qemu-img convert -C' compatibility
        qemu-img: Add -C option for convert with copy offloading
        Revert "qemu-img: Document copy offloading implications with -S and -c"
        iotests: Don't lock /dev/null in 226
        docs: Describe using images in writing iotests
        file-posix: Handle EINTR in preallocation=full write
        qcow2: A grammar fix in conflicting cache sizing error message
        qcow: fix a reference leak
      Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
      7b799ec6
    • P
      Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20180730' into staging · 7aefc145
      Peter Maydell 提交于
      target-arm queue:
       * arm/smmuv3: Fix broken VM state migration
       * armv7m_nvic: Fix broken VM state migration
       * hw/arm/sysbus-fdt: Fix assertion in copy_properties_from_host()
       * hw/arm/iotkit: Fix IRQ number for timer1
       * hw/misc/tz-mpc: Zero the LUT on initialization, not just reset
       * target/arm: Remove duplicate 'host' entry in '-cpu ?' output
      
      # gpg: Signature made Mon 30 Jul 2018 15:16:01 BST
      # gpg:                using RSA key 3C2525ED14360CDE
      # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
      # gpg:                 aka "Peter Maydell <pmaydell@gmail.com>"
      # gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>"
      # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE
      
      * remotes/pmaydell/tags/pull-target-arm-20180730:
        target/arm: Remove duplicate 'host' entry in '-cpu ?' output
        hw/misc/tz-mpc: Zero the LUT on initialization, not just reset
        hw/arm/iotkit: Fix IRQ number for timer1
        armv7m_nvic: Fix m-security subsection name
        hw/arm/sysbus-fdt: Fix assertion in copy_properties_from_host()
        arm/smmuv3: Fix missing VMSD terminator
      Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
      7aefc145
  9. 30 7月, 2018 4 次提交
    • C
      s390x/sclp: fix maxram calculation · 408e5ace
      Christian Borntraeger 提交于
      We clamp down ram_size to match the sclp increment size. We do
      not do the same for maxram_size, which means for large guests
      with some sizes (e.g. -m 50000) maxram_size differs from ram_size.
      This can break other code (e.g. CMMA migration) which uses maxram_size
      to calculate the number of pages and then throws some errors.
      
      Fixes: 82fab5c5 ("s390x/sclp: remove memory hotplug support")
      Signed-off-by: NChristian Borntraeger <borntraeger@de.ibm.com>
      CC: qemu-stable@nongnu.org
      CC: David Hildenbrand <david@redhat.com>
      Message-Id: <1532959766-53343-1-git-send-email-borntraeger@de.ibm.com>
      Reviewed-by: NDavid Hildenbrand <david@redhat.com>
      Signed-off-by: NCornelia Huck <cohuck@redhat.com>
      408e5ace
    • P
      target/arm: Remove duplicate 'host' entry in '-cpu ?' output · 0261fb80
      Philippe Mathieu-Daudé 提交于
      Since 86f0a186 the TYPE_ARM_HOST_CPU is only compiled when CONFIG_KVM
      is enabled.
      
      Remove the now redundant special-case introduced in a96c0514, to avoid:
      
        $ qemu-system-aarch64 -machine virt -cpu \? | fgrep host
        host
        host (only available in KVM mode)
      Signed-off-by: NPhilippe Mathieu-Daudé <f4bug@amsat.org>
      Message-id: 20180727132311.2777-1-f4bug@amsat.org
      Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
      Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
      0261fb80
    • P
      hw/misc/tz-mpc: Zero the LUT on initialization, not just reset · 218fe5ce
      Peter Maydell 提交于
      In the tz-mpc device we allocate a data block for the LUT,
      which we then clear to zero in the device's reset method.
      This is conceptually fine, but unfortunately results in a
      valgrind complaint about use of uninitialized data on startup:
      
      ==30906== Conditional jump or move depends on uninitialised value(s)
      ==30906==    at 0x503609: tz_mpc_translate (tz-mpc.c:439)
      ==30906==    by 0x3F3D90: address_space_translate_iommu (exec.c:511)
      ==30906==    by 0x3F3FF8: flatview_do_translate (exec.c:584)
      ==30906==    by 0x3F4292: flatview_translate (exec.c:644)
      ==30906==    by 0x3F2120: address_space_translate (memory.h:1962)
      ==30906==    by 0x3FB753: address_space_ldl_internal (memory_ldst.inc.c:36)
      ==30906==    by 0x3FB8A6: address_space_ldl (memory_ldst.inc.c:80)
      ==30906==    by 0x619037: ldl_phys (memory_ldst_phys.inc.h:25)
      ==30906==    by 0x61985D: arm_cpu_reset (cpu.c:255)
      ==30906==    by 0x98791B: cpu_reset (cpu.c:249)
      ==30906==    by 0x57FFDB: armv7m_reset (armv7m.c:265)
      ==30906==    by 0x7B1775: qemu_devices_reset (reset.c:69)
      
      This is because of a reset ordering problem -- the TZ MPC
      resets after the CPU, but an M-profile CPU's reset function
      includes memory loads to get the initial PC and SP, which
      then go through an MPC that hasn't yet been reset.
      
      The simplest fix for this is to zero the LUT when we
      initialize the data, which will result in the MPC's
      translate function giving the right answers for these
      early memory accesses.
      Reported-by: NThomas Huth <thuth@redhat.com>
      Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
      Tested-by: NThomas Huth <thuth@redhat.com>
      Message-id: 20180724153616.32352-1-peter.maydell@linaro.org
      218fe5ce
    • P
      hw/arm/iotkit: Fix IRQ number for timer1 · 984b0c10
      Peter Maydell 提交于
      A cut-and-paste error meant we were incorrectly wiring up the timer1
      IRQ to IRQ3. IRQ3 is the interrupt for timer0 -- move timer0 to
      IRQ4 where it belongs.
      Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
      Reviewed-by: NPhilippe Mathieu-Daudé <f4bug@amsat.org>
      Message-id: 20180727113854.20283-3-peter.maydell@linaro.org
      984b0c10