* remotes/armbru/tags/pull-qapi-2020-04-30:
qapi: Generate simpler marshalling code when no arguments
qapi: Disallow qmp_marshal_FOO(NULL, ...)
qom: Simplify object_property_get_enum()
qapi: Only input visitors can actually fail
qapi: Assert non-input visitors see only valid alternate tags
qapi: Clean up visitor's recovery from input with invalid type
qapi: Assert non-input visitors see only valid narrow integers
qapi: Assert output visitors see only valid enum values
qapi: Fix Visitor contract for start_alternate()
qapi: Assert incomplete object occurs only in dealloc visitor
qapi: Polish prose in visitor.h
qapi: Document @errp usage more thoroughly in visitor.h
qapi: Fix typo in visit_start_list()'s contract
qapi: Fix the virtual walk example in visitor.h's big comment
qapi: Belatedly update visitor.h's big comment for QAPI modules
qemu-option: Clean up after the previous commit
qobject: Eliminate qdict_iter(), use qdict_first(), qdict_next()
qobject: Eliminate qlist_iter(), use QLIST_FOREACH_ENTRY() instead
qobject: Factor out helper json_pretty_newline()
qobject: Clean up QLIST_FOREACH_ENTRY()
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200424084338.26803-16-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
For QMP commands without arguments, gen_marshal() laboriously
generates a qmp_marshal_FOO() that copes with null @args. Turns
there's just one caller that passes null instead of an empty QDict.
Adjust that caller, and simplify gen_marshal().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200424084338.26803-15-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20200424084338.26803-14-armbru@redhat.com>
The previous few commits have made this more obvious, and removed the
one exception. Time to clarify the documentation, and drop dead error
checking.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20200424084338.26803-13-armbru@redhat.com>
qapi: Assert non-input visitors see only valid alternate tags
An alternate type's visit_type_FOO() fails when it runs into an
invalid ->type.
This is appropriate with an input visitor: visit_start_alternate()
sets ->type according to the input, and bad input can lead to bad
->type.
It should never happen with an output, clone or dealloc visitor: if it
did, the alternate being output, cloned or deallocated would be messed
up beyond repair. Assert that.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20200424084338.26803-12-armbru@redhat.com>
qapi: Clean up visitor's recovery from input with invalid type
An alternate type's visit_type_FOO() fails when it runs into an
invalid ->type. If it's an input visit, we then need to free the the
object we got from visit_start_alternate(). We do that with
qapi_free_FOO(), which uses the dealloc visitor.
Trouble is that object is in a bad state: its ->type is invalid. So
the dealloc visitor will run into the same error again, and the error
recovery skips deallocating the alternate's (invalid) alternative.
Works, because qapi_free_FOO() ignores the error.
Avoid it instead: free the messed up object with by g_free().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200424084338.26803-11-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
qapi: Assert non-input visitors see only valid narrow integers
visit_type_intN() and visit_type_uintN() fail when the value is out of
bounds.
This is appropriate with an input visitor: the value comes from input,
and input may be bad.
It should never happen with the other visitors: the value comes from
the caller, and callers must keep it within bounds. Assert that.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20200424084338.26803-10-armbru@redhat.com>
qapi: Assert output visitors see only valid enum values
output_type_enum() fails when *obj is not a valid value of the enum
type. Should not happen. Drop the check, along with its unit tests.
This unmasks qapi_enum_lookup()'s assertion.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20200424084338.26803-9-armbru@redhat.com>
[Commit message tweaked]
The contract demands v->start_alternate() for input and dealloc
visitors, but visit_start_alternate() actually requires it for input
and clone visitors. Fix the contract, and delete superfluous
qapi_dealloc_start_alternate().
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20200424084338.26803-8-armbru@redhat.com>
qapi: Assert incomplete object occurs only in dealloc visitor
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20200424084338.26803-7-armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20200424084338.26803-6-armbru@redhat.com>
qapi: Document @errp usage more thoroughly in visitor.h
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20200424084338.26803-5-armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20200424084338.26803-4-armbru@redhat.com>
qapi: Fix the virtual walk example in visitor.h's big comment
Call visit_check_list(). Missed in commit a4a1c70dc7 "qapi: Make
input visitors detect unvisited list tails".
Drop an irrelevant error_propagate() while there.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20200424084338.26803-3-armbru@redhat.com>
qapi: Belatedly update visitor.h's big comment for QAPI modules
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20200424084338.26803-2-armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200415083048.14339-6-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
qobject: Eliminate qdict_iter(), use qdict_first(), qdict_next()
qdict_iter() has just three uses and no test coverage. Replace by
qdict_first(), qdict_next() for more concise code and less type
punning.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200415083048.14339-5-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
qobject: Eliminate qlist_iter(), use QLIST_FOREACH_ENTRY() instead
qlist_iter() has just three uses outside tests/. Replace by
QLIST_FOREACH_ENTRY() for more concise code and less type punning.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200415083048.14339-4-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200415083048.14339-3-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
[Coding style in moved code tidied up]
QLIST_FOREACH_ENTRY() traverses a tail queue manually. Use
QTAILQ_FIRST() and QTAILQ_NEXT() instead.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200415083048.14339-2-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Peter Maydell [Wed, 29 Apr 2020 20:43:03 +0000 (21:43 +0100)]
Merge remote-tracking branch 'remotes/alistair/tags/pull-riscv-to-apply-20200429-2' into staging
RISC-V pull request for 5.1
This is the first pull request for the 5.1 development period. It
contains all of the patches that were sent during the 5.0 timeframe.
This is an assortment of fixes for RISC-V, including fixes for the
Hypervisor extension, the Spike machine and an update to OpenSBI.
# gpg: Signature made Wed 29 Apr 2020 21:17:17 BST
# gpg: using RSA key F6C4AC46D4934868D3B8CE8F21E10D29DF977054
# gpg: Good signature from "Alistair Francis <alistair@alistair23.me>" [full]
# Primary key fingerprint: F6C4 AC46 D493 4868 D3B8 CE8F 21E1 0D29 DF97 7054
* remotes/alistair/tags/pull-riscv-to-apply-20200429-2:
hw/riscv/spike: Allow more than one CPUs
hw/riscv/spike: Allow loading firmware separately using -bios option
hw/riscv: Add optional symbol callback ptr to riscv_load_firmware()
roms: opensbi: Upgrade from v0.6 to v0.7
linux-user/riscv: fix up struct target_ucontext definition
target/riscv: Add a sifive-e34 cpu type
riscv: sifive_e: Support changing CPU type
hw/riscv: Generate correct "mmu-type" for 32-bit machines
riscv: Fix Stage2 SV32 page table walk
riscv: AND stage-1 and stage-2 protection flags
riscv: Don't use stage-2 PTE lookup protection flags
riscv/sifive_u: Add a serial property to the sifive_u machine
riscv/sifive_u: Add a serial property to the sifive_u SoC
riscv/sifive_u: Fix up file ordering
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
hw/riscv: Add optional symbol callback ptr to riscv_load_firmware()
This patch adds an optional function pointer, "sym_cb", to
riscv_load_firmware() which provides the possibility to access
the symbol table during kernel loading.
The pointer is ignored, if supplied with flat (non-elf) firmware image.
The Spike board requires it locate the HTIF symbols from firmware ELF
passed via "-bios" option.
Signed-off-by: Anup Patel <anup.patel@wdc.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200427080644.168461-2-anup.patel@wdc.com
Message-Id: <20200427080644.168461-2-anup.patel@wdc.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Bin Meng [Mon, 20 Apr 2020 13:18:44 +0000 (21:18 +0800)]
roms: opensbi: Upgrade from v0.6 to v0.7
Upgrade OpenSBI from v0.6 to v0.7 and the pre-built bios images.
The v0.7 release includes the following commits:
f64f4b9 lib: Add a new platform feature to bringup secondary harts b677a9b lib: Implement hart hotplug 5b48240 lib: Add possible hart status values e3f69fc lib: Implement Hart State Management (HSM) SBI extension 6704216 lib: Check MSIP bit after returning from WFI 82ae8e8 makefile: Do setup of the install target more flexible e1a5b73 platform: sifive: fu540: allow sv32 as an mmu-type 8c83fb2 lib: Fix return type of sbi_hsm_hart_started() 00d332b include: Move bits related defines and macros to sbi_bitops.h a148996 include: sbi_bitops: More useful bit operations 4a603eb platform: kendryte/k210: Set per-HART stack size to 8KB 678c3c3 include: sbi_scratch: Set per-HART scratch size to 4KB 2abc55b lib: Sort build objects in alphabetical order 6e87507 platform: ae350: Sort build objects in alphabetical order 650c0e5 lib: sbi: Fix coding style issues 078686d lib: serial: Fix coding style issues 3226bd9 lib: Simple bitmap library c741abc include: Simple hartmask library d6d7e18 lib: sbi_init: Don't allow HARTID greater than SBI_HARTMASK_MAX_BITS a4a6a81 lib: Introduce SBI_TLB_INFO_INIT() helper macro d963164 lib: sbi_tlb: Use sbi_hartmask in sbi_tlb_info 71d2b83 lib: Move all coldboot wait APIs to sbi_init.c 2b945fc lib: sbi_init: Use hartmask for coldboot wait 44ce5b9 include: Remove disabled_hart_mask from sbi_platform 2db381f lib: Introduce sbi_hsm_hart_started_mask() API 61f7768 lib: sbi_ecall_legacy: Use sbi_hsm_hart_started_mask() API 466fecb lib: sbi_system: Use sbi_hsm_hart_started_mask() API 9aad831 lib: sbi_ipi: Use sbi_hsm_hart_started_mask() API eede1aa lib: sbi_hart: Remove HART available mask and related APIs 757bb44 docs: Remove out-of-date documentation 86d37bb lib: sbi: Fix misaligned trap handling ffdc858 platform: ariane-fpga: Change license for ariane-fpga from GPL-2.0 to BSD-2 4b2f594 sbi: Add definitions for true/false 0cfe49a libfdt: Add INT32_MAX and UINT32_MAX in libfdt_env.h baac7e0 libfdt: Upgrade to v1.5.1 release f92147c include: Make sbi_hart_id_to_scratch() as macro eeae3d9 firmware: fw_base: Optimize _hartid_to_scratch() implementation 16e7071 lib: sbi_hsm: Optimize sbi_hsm_hart_get_state() implementation 823345e include: Make sbi_current_hartid() as macro in riscv_asm.h 9aabba2 Makefile: Fix distclean make target 9275ed3 platform: ariane-fpga: Set per-HART stack size to 8KB 2343efd platform: Set per-HART stack size to 8KB in the template platform codes 72a0628 platform: Use one unified per-HART stack size macro for all platforms 327ba36 scripts: Cover sifive/fu540 in the 32-bit build 5fbcd62 lib: sbi: Update pmp_get() to return decoded size directly dce8846 libfdt: Compile fdt_addresses.c fcb1ded lib: utils: Add a fdt_reserved_memory_fixup() helper 666be6d platform: Clean up include header files 6af5576 lib: utils: Move PLIC DT fix up codes to fdt_helper.c e846ce1 platform: andes/ae350: Fix up DT for reserved memory 8135520 platform: ariane-fpga: Fix up DT for reserved memory c9a5268 platform: qemu/virt: Fix up DT for reserved memory 6f9bb83 platform: sifive/fu540: Fix up DT for reserved memory 1071f05 platform: sifive/fu540: Remove "stdout-path" fix-up dd9439f lib: utils: Add a fdt_cpu_fixup() helper 3f1c847 platform: sifive/fu540: Replace cpu0 node fix-up with the new helper db6a2b5 lib: utils: Add a general device tree fix-up helper 3f8d754 platform: Update to call general DT fix-up helper 87a7ef7 lib: sbi_scratch: Introduce HART id to scratch table e23d3ba include: Simplify HART id to scratch macro 19bd531 lib: sbi_hsm: Simplify hart_get_state() and hart_started() APIs 3ebfe0e lib: sbi_tlb: Simplify sbi_tlb_entry_process() function 209134d lib: Handle failure of sbi_hartid_to_scratch() API bd6ef02 include: sbi_platform: Improve sbi_platform_hart_disabled() API c9f60fc lib: sbi_scratch: Don't set hartid_to_scratch table for disabled HART 680b098 lib: sbi_hsm: Don't use sbi_platform_hart_count() API db187d6 lib: sbi_hsm: Remove scratch parameter from hart_started_mask() API 814f38d lib: sbi_hsm: Don't use sbi_platform_hart_disabled() API 75eec9d lib: Don't use sbi_platform_hart_count() API c51f02c include: sbi_platform: Introduce HART index to HART id table 315a877 platform: sifive/fu540: Remove FU540_ENABLED_HART_MASK option a0c88dd lib: Fix sbi_ecall_register_extension to prevent extension IDs overlap 9a74a64 lib: Check MSIP bit after returning from WFI 5968894 platform: Move ariane standalone fpga project to its own project ed265b4 platform: fpga/ariane: Remove redundant plic address macros fb84879 platform: Add OpenPiton platform support d1d6560 platform: fpga/common: Add a fdt parsing helper functions 040e4e2 lib: utils: Move fdt fixup helper routines to a different file 4c37451 platform: openpiton: Read the device configurations from device tree 4d93586 lib: prevent coldboot_lottery from overflowing 550ba88 scripts: Extend create-binary-archive.sh for unified binary tar ball 160c885 lib: utils: Improve fdt_cpu_fixup() implementation 1de66d1 lib: Optimize unpriv load/store implementation 626467c lib: Remove scratch parameter from unpriv load/store functions cb78a48 lib: sbi_trap: Remove scratch parameter from sbi_trap_redirect() d11c79c lib: sbi_emulate_csr: Remove scratch and hartid parameter 5a7bd0c lib: sbi_illegal_insn: Remove mcause, scratch and hartid parameters fe37d7d lib: sbi_misaligned_ldst: Remove mcause, scratch and hartid parameters 7487116 lib: sbi_ecall: Remove mcause, scratch and hartid parameters 40b221b lib: sbi_trap: Simplify sbi_trap_handler() API 7b211ff include: sbi_platform: Remove priv parameter from hart_start() callback 5b6957e include: Use more consistent name for atomic xchg() and cmpxchg() dd0f21c lib: sbi_scratch: Introduce sbi_scratch_last_hartid() API 54b2779 include: sbi_tlb: Remove scratch parameter from sbi_tlb_request() 9e52a45 include: sbi_ipi: Remove scratch parameter from most functions ec0d80f include: sbi_system: Remove scratch parameter and redundant functions 0a28ea5 include: sbi_timer: Remove scratch parameter from most funcitons 648507a include: sbi_console: Remove scratch parameter from sbi_dprintf() e5a7f55 platform: thead/c910: Use HSM extension to boot secondary cores f281de8 lib: irqchip/plic: Fix maximum priority threshold value 6c7922e lib: Support vector extension 615587c docs: Update README about supported SBI versions 66d0184 lib: Allow overriding SBI implementation ID 9f1b72c include: Bump-up version to 0.7
Signed-off-by: Bin Meng <bmeng.cn@gmail.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Corey Wharton [Fri, 13 Mar 2020 19:34:28 +0000 (12:34 -0700)]
riscv: sifive_e: Support changing CPU type
Allows the CPU to be changed from the default via the -cpu command
line option.
Signed-off-by: Corey Wharton <coreyw7@fb.com> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20200313193429.8035-2-coreyw7@fb.com
Message-Id: <20200313193429.8035-2-coreyw7@fb.com>
[ Changes by AF:
- Set "cpu-type" from the machine and not SoC
] Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Anup Patel [Mon, 30 Mar 2020 08:27:24 +0000 (13:57 +0530)]
riscv: Fix Stage2 SV32 page table walk
As-per RISC-V H-Extension v0.5 draft, the Stage2 SV32 page table has
12bits of VPN[1] and 10bits of VPN[0]. The additional 2bits in VPN[1]
is required to handle the 34bit intermediate physical address coming
from Stage1 SV32 page table. The 12bits of VPN[1] implies that Stage2
SV32 level-0 page table will be 16KB in size with total 4096 enteries
where each entry maps 4MB of memory (same as Stage1 SV32 page table).
The get_physical_address() function is broken for Stage2 SV32 level-0
page table because it incorrectly computes output physical address for
Stage2 SV32 level-0 page table entry.
The root cause of the issue is that get_physical_address() uses the
"widened" variable to compute level-0 physical address mapping which
changes level-0 mapping size (instead of 4MB). We should use the
"widened" variable only for computing index of Stage2 SV32 level-0
page table.
Signed-off-by: Anup Patel <anup.patel@wdc.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200330082724.120444-1-anup.patel@wdc.com
Message-Id: <20200330082724.120444-1-anup.patel@wdc.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Alistair Francis [Thu, 26 Mar 2020 22:44:09 +0000 (15:44 -0700)]
riscv: AND stage-1 and stage-2 protection flags
Take the result of stage-1 and stage-2 page table walks and AND the two
protection flags together. This way we require both to set permissions
instead of just stage-2.
Alistair Francis [Thu, 26 Mar 2020 22:44:07 +0000 (15:44 -0700)]
riscv: Don't use stage-2 PTE lookup protection flags
When doing the fist of a two stage lookup (Hypervisor extensions) don't
set the current protection flags from the second stage lookup of the
base address PTE.
Bin Meng [Sat, 16 Nov 2019 15:08:50 +0000 (07:08 -0800)]
riscv/sifive_u: Add a serial property to the sifive_u machine
At present the board serial number is hard-coded to 1, and passed
to OTP model during initialization. Firmware (FSBL, U-Boot) uses
the serial number to generate a unique MAC address for the on-chip
ethernet controller. When multiple QEMU 'sifive_u' instances are
created and connected to the same subnet, they all have the same
MAC address hence it creates a unusable network.
A new "serial" property is introduced to specify the board serial
number. When not given, the default serial number 1 is used.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com> Reviewed-by: Palmer Dabbelt <palmerdabbelt@google.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <1573916930-19068-1-git-send-email-bmeng.cn@gmail.com>
[ Changed by AF:
- Use the SoC's serial property to pass the info to the SoC
- Fixup commit title
- Rebase on file restructuring
] Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
riscv/sifive_u: Add a serial property to the sifive_u SoC
At present the board serial number is hard-coded to 1, and passed
to OTP model during initialization. Firmware (FSBL, U-Boot) uses
the serial number to generate a unique MAC address for the on-chip
ethernet controller. When multiple QEMU 'sifive_u' instances are
created and connected to the same subnet, they all have the same
MAC address hence it creates a unusable network.
A new "serial" property is introduced to the sifive_u SoC to specify
the board serial number. When not given, the default serial number
1 is used.
Suggested-by: Bin Meng <bmeng.cn@gmail.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Tested-by: Bin Meng <bmeng.cn@gmail.com>
s390x/s390-virtio-ccw: Fix build on systems without KVM
linux/kvm.h is not available on all platforms. Let us move
s390_machine_inject_pv_error into pv.c as it uses KVM structures.
Also rename the function to s390_pv_inject_reset_error.
While at it, ipl.h needs an include for "exec/address-spaces.h"
as it uses address_space_memory.
Fixes: c3347ed0d2ee ("s390x: protvirt: Support unpack facility") Reported-by: Bruce Rogers <brogers@suse.com> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Message-Id: <20200406100158.5940-2-borntraeger@de.ibm.com> Reviewed-by: David Hildenbrand <david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
PV_ENABLE (and maybe others) might return -EINTR when a signal is
pending. See the Linux kernel patch "s390/gmap: return proper error code
on ksm unsharing" for details. Let us retry the ioctl in that case.
Fixes: c3347ed0d2ee ("s390x: protvirt: Support unpack facility") Reported-by: Marc Hartmayer <mhartmay@linux.ibm.com> Acked-by: Janosch Frank <frankja@linux.vnet.ibm.com> Tested-by: Marc Hartmayer <mhartmay@linux.ibm.com> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Message-Id: <20200327124616.34866-1-borntraeger@de.ibm.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Janosch Frank [Thu, 26 Mar 2020 14:05:05 +0000 (10:05 -0400)]
s390x: protvirt: Fix stray error_report_err in s390_machine_protect
In case the protection of the machine fails at s390_pv_vm_enable(),
we'll currently report the local_error variable. Problem is that
there's no migration blocker error that we can report at this point so
the pointer is always NULL which leads to a SEGFAULT.
Let's remove the error report.
Signed-off-by: Janosch Frank <frankja@linux.ibm.com> Reported-by: Marc Hartmayer <mhartmay@linux.ibm.com> Fixes: 0141e1b47707 ("s390x: protvirt: Add migration blocker")
Message-Id: <20200326140505.2432-1-frankja@linux.ibm.com> Reviewed-by: David Hildenbrand <david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
The unpack facility is an indication that diagnose 308 subcodes 8-10
are available to the guest. That means, that the guest can put itself
into protected mode.
Once it is in protected mode, the hardware stops any attempt of VM
introspection by the hypervisor.
Some features are currently not supported in protected mode:
* vfio devices
* Migration
* Huge page backings
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Janosch Frank <frankja@linux.ibm.com> Reviewed-by: David Hildenbrand <david@redhat.com> Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Message-Id: <20200319131921.2367-17-frankja@linux.ibm.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Janosch Frank [Thu, 19 Mar 2020 13:19:17 +0000 (09:19 -0400)]
s390x: protvirt: Disable address checks for PV guest IO emulation
IO instruction data is routed through SIDAD for protected guests, so
adresses do not need to be checked, as this is kernel memory which is
always available.
Also the instruction data always starts at offset 0 of the SIDAD.
Signed-off-by: Janosch Frank <frankja@linux.ibm.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: David Hildenbrand <david@redhat.com> Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com> Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Message-Id: <20200319131921.2367-13-frankja@linux.ibm.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Janosch Frank [Thu, 19 Mar 2020 13:19:14 +0000 (09:19 -0400)]
s390x: protvirt: SCLP interpretation
SCLP for a protected guest is done over the SIDAD, so we need to use
the s390_cpu_pv_mem_* functions to access the SIDAD instead of guest
memory when reading/writing SCBs.
To not confuse the sclp emulation, we set 0x4000 as the SCCB address,
since the function that injects the sclp external interrupt would
reject a zero sccb address.
Signed-off-by: Janosch Frank <frankja@linux.ibm.com> Reviewed-by: David Hildenbrand <david@redhat.com> Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Message-Id: <20200319131921.2367-10-frankja@linux.ibm.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Janosch Frank [Thu, 19 Mar 2020 13:19:11 +0000 (09:19 -0400)]
s390x: protvirt: KVM intercept changes
Protected VMs no longer intercept with code 4 for an instruction
interception. Instead they have codes 104 and 108 for protected
instruction interception and protected instruction notification
respectively.
The 104 mirrors the 4 interception.
The 108 is a notification interception to let KVM and QEMU know that
something changed and we need to update tracking information or
perform specific tasks. It's currently taken for the following
instructions:
* spx (To inform about the changed prefix location)
* sclp (On incorrect SCCB values, so we can inject a IRQ)
* sigp (All but "stop and store status")
* diag308 (Subcodes 0/1)
Of these exits only sclp errors, state changing sigps and diag308 will
reach QEMU. QEMU will do its parts of the job, while the ultravisor
has done the instruction part of the job.
Signed-off-by: Janosch Frank <frankja@linux.ibm.com> Reviewed-by: David Hildenbrand <david@redhat.com> Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com> Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Message-Id: <20200319131921.2367-7-frankja@linux.ibm.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Janosch Frank [Thu, 19 Mar 2020 13:19:10 +0000 (09:19 -0400)]
s390x: protvirt: Inhibit balloon when switching to protected mode
Ballooning in protected VMs can only be done when the guest shares the
pages it gives to the host. If pages are not shared, the integrity
checks will fail once those pages have been altered and are given back
to the guest.
As we currently do not yet have a solution for this we will continue
like this:
1. We block ballooning now in QEMU (with this patch).
2. Later we will provide a change to virtio that removes the blocker
and adds VIRTIO_F_IOMMU_PLATFORM automatically by QEMU when doing the
protvirt switch. This is OK, as the balloon driver in Linux (the only
supported guest) will refuse to work with the IOMMU_PLATFORM feature
bit set.
3. Later, we can fix the guest balloon driver to accept the IOMMU
feature bit and correctly exercise sharing and unsharing of balloon
pages.
Signed-off-by: Janosch Frank <frankja@linux.ibm.com> Reviewed-by: David Hildenbrand <david@redhat.com> Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com> Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Message-Id: <20200319131921.2367-6-frankja@linux.ibm.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Janosch Frank [Mon, 23 Mar 2020 08:36:06 +0000 (04:36 -0400)]
s390x: protvirt: Support unpack facility
The unpack facility provides the means to setup a protected guest. A
protected guest cannot be introspected by the hypervisor or any
user/administrator of the machine it is running on.
Protected guests are encrypted at rest and need a special boot
mechanism via diag308 subcode 8 and 10.
Code 8 sets the PV specific IPLB which is retained separately from
those set via code 5.
Code 10 is used to unpack the VM into protected memory, verify its
integrity and start it.
Signed-off-by: Janosch Frank <frankja@linux.ibm.com> Co-developed-by: Christian Borntraeger <borntraeger@de.ibm.com> [Changes
to machine] Reviewed-by: David Hildenbrand <david@redhat.com> Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Message-Id: <20200323083606.24520-1-frankja@linux.ibm.com>
[CH: fixed up KVM_PV_VM_ -> KVM_PV_] Signed-off-by: Cornelia Huck <cohuck@redhat.com>
libqos: Give get_machine_allocator() internal linkage
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200424071142.3525-4-armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
fuzz: Simplify how we compute available machines and types
apply_to_qlist(), apply_to_node() work with QObjects. This is
designed for use by tests/qtest/qos-test.c, which gets the data in
that form via QMP. Goes back to commit fc281c8020 "tests: qgraph API
for the qtest driver framework".
Commit 275ab39d86 "fuzz: add support for qos-assisted fuzz targets"
added another user: qtest/fuzz/qos_fuzz.c. To get the data as
QObjects, it uses qmp_marshal_query_machines() and
qmp_marshal_qom_list_types().
All this code is rather cumbersome. Switch to working with generated
QAPI types instead:
* Replace apply_to_qlist() & friends by machines_apply_to_node() and
types_apply_to_node().
* Have qos_fuzz.c use qmp_query_machines() and qmp_qom_list_types()
instead.
* Have qos_test.c convert from QObject to the QAPI types.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200424071142.3525-3-armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Alexander Bulekov <alxndr@bu.edu>
Target recurse-fuzz depends on pc-bios/optionrom/fuzz, which can't be
made. It's not used anywhere. Added in commit c621dc3e01c, looks
like cargo cult. Delete.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200424071142.3525-2-armbru@redhat.com> Reviewed-by: Alexander Bulekov <alxndr@bu.edu>
Apply the obvious, minimal fix. I admit I'm tempted to rip out the
unused (and obviously untested) feature instead, because YAGNI.
Note that this is not the final result, as spd_data_generate() next
increases #banks from 1 to 2 if possible. This is done "to avoid a
bug in MIPS Malta firmware". We don't even use this function with
machine type malta. *Shrug*
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200422134815.1584-5-armbru@redhat.com>
smbus: Fix spd_data_generate() error API violation
The Error ** argument must be NULL, &error_abort, &error_fatal, or a
pointer to a variable containing NULL. Passing an argument of the
latter kind twice without clearing it in between is wrong: if the
first call sets an error, it no longer points to NULL for the second
call.
spd_data_generate() can pass @errp to error_setg() more than once when
it adjusts both memory size and type. Harmless, because no caller
passes anything that needs adjusting. Until the previous commit,
sam460ex passed types that needed adjusting, but not sizes.
spd_data_generate()'s contract is rather awkward:
If everything's fine, return non-null and don't set an error.
Else, if memory size or type need adjusting, return non-null and
set an error describing the adjustment.
Else, return null and set an error reporting why no data can be
generated.
Its callers treat the error as a warning even when null is returned.
They don't create the "smbus-eeprom" device then. Suspicious.
Since the previous commit, only "everything's fine" can actually
happen. Drop the unused code and simplify the callers. This gets rid
of the error API violation.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200422134815.1584-3-armbru@redhat.com>
sam460ex: Suppress useless warning on -m 32 and -m 64
Requesting 32 or 64 MiB of RAM with the sam460ex machine type produces
a useless warning:
qemu-system-ppc: warning: Memory size is too small for SDRAM type, adjusting type
This is because sam460ex_init() asks spd_data_generate() for DDR2,
which is impossible, so spd_data_generate() corrects it to DDR.
The warning goes back to commit 08fd99179a "sam460ex: Clean up SPD
EEPROM creation".
Make sam460ex_init() pass the correct SDRAM type to get rid of the
warning.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200422134815.1584-2-armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
The Error ** argument must be NULL, &error_abort, &error_fatal, or a
pointer to a variable containing NULL. Passing an argument of the
latter kind twice without clearing it in between is wrong: if the
first call sets an error, it no longer points to NULL for the second
qmp_guest_suspend_disk() and qmp_guest_suspend_ram() pass @local_err
first to check_suspend_mode(), then to acquire_privilege(), then to
execute_async(). Continuing after errors here can only end in tears.
For instance, we risk tripping error_setv()'s assertion.
Fixes: aa59637ea1c6a4c83430933f9c44c43e6c3f1b69 Fixes: f54603b6aa765514b2519e74114a2f417759d727 Cc: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200422130719.28225-15-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
The Error ** argument must be NULL, &error_abort, &error_fatal, or a
pointer to a variable containing NULL. Passing an argument of the
latter kind twice without clearing it in between is wrong: if the
first call sets an error, it no longer points to NULL for the second
call.
qmp_guest_get_memory_blocks() passes &local_err to
transfer_memory_block() in a loop. If this fails in more than one
iteration, it can trip error_setv()'s assertion.
Fix it to break the loop.
Cc: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200422130719.28225-14-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
The Error ** argument must be NULL, &error_abort, &error_fatal, or a
pointer to a variable containing NULL. Passing an argument of the
latter kind twice without clearing it in between is wrong: if the
first call sets an error, it no longer points to NULL for the second
call.
qmp_xen_colo_do_checkpoint() passes @errp first to
replication_do_checkpoint_all(), and then to
colo_notify_filters_event(). If both fail, this will trip the
assertion in error_setv().
Similar code in secondary_vm_do_failover() calls
colo_notify_filters_event() only after replication_do_checkpoint_all()
succeeded. Do the same here.
The Error ** argument must be NULL, &error_abort, &error_fatal, or a
pointer to a variable containing NULL. Passing an argument of the
latter kind twice without clearing it in between is wrong: if the
first call sets an error, it no longer points to NULL for the second
call.
qio_channel_socket_close() passes @errp first to
socket_listen_cleanup(), and then, if closesocket() fails, to
error_setg_errno(). If socket_listen_cleanup() failed, this will trip
the assertion in error_setv().
Fix by ignoring a second error.
Fixes: 73564c407caedf992a1c688b5fea776a8b56ba2a Cc: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20200422130719.28225-11-armbru@redhat.com>
The conversion of xen_pt_initfn() to xen_pt_realize() blindly replaced
XEN_PT_ERR() by error_setg(). Several error conditions that did not
fail xen_pt_initfn() now fail xen_pt_realize(). Unsurprisingly, the
cleanup on these errors looks highly suspicious.
Revert the inappropriate replacements.
Fixes: 5a11d0f7549e24a10e178a9dc8ff5e698031d9a6 Cc: Stefano Stabellini <sstabellini@kernel.org> Cc: Anthony Perard <anthony.perard@citrix.com> Cc: Paul Durrant <paul@xen.org> Cc: xen-devel@lists.xenproject.org Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Paul Durrant <paul@xen.org>
Message-Id: <20200422130719.28225-10-armbru@redhat.com>
virtio-net: Fix duplex=... and speed=... error handling
virtio_net_device_realize() rejects invalid duplex and speed values.
The error handling is broken:
$ ../qemu/bld-sani/x86_64-softmmu/qemu-system-x86_64 -S -display none -monitor stdio
QEMU 4.2.93 monitor - type 'help' for more information
(qemu) device_add virtio-net,duplex=x
Error: 'duplex' must be 'half' or 'full'
(qemu) c
=================================================================
==15654==ERROR: AddressSanitizer: heap-use-after-free on address 0x62e000014590 at pc 0x560b75c8dc13 bp 0x7fffdf1a6950 sp 0x7fffdf1a6940
READ of size 8 at 0x62e000014590 thread T0
#0 0x560b75c8dc12 in object_dynamic_cast_assert /work/armbru/qemu/qom/object.c:826
#1 0x560b74c38ac0 in virtio_vmstate_change /work/armbru/qemu/hw/virtio/virtio.c:3210
#2 0x560b74d9765e in vm_state_notify /work/armbru/qemu/softmmu/vl.c:1271
#3 0x560b7494ba72 in vm_prepare_start /work/armbru/qemu/cpus.c:2156
#4 0x560b7494bacd in vm_start /work/armbru/qemu/cpus.c:2162
#5 0x560b75a7d890 in qmp_cont /work/armbru/qemu/monitor/qmp-cmds.c:160
#6 0x560b75a8d70a in hmp_cont /work/armbru/qemu/monitor/hmp-cmds.c:1043
#7 0x560b75a799f2 in handle_hmp_command /work/armbru/qemu/monitor/hmp.c:1082
[...]
0x62e000014590 is located 33168 bytes inside of 42288-byte region [0x62e00000c400,0x62e000016930)
freed by thread T1 here:
#0 0x7feadd39491f in __interceptor_free (/lib64/libasan.so.5+0x10d91f)
#1 0x7feadcebcd7c in g_free (/lib64/libglib-2.0.so.0+0x55d7c)
#2 0x560b75c8fd40 in object_unref /work/armbru/qemu/qom/object.c:1128
#3 0x560b7498a625 in memory_region_unref /work/armbru/qemu/memory.c:1762
#4 0x560b74999fa4 in do_address_space_destroy /work/armbru/qemu/memory.c:2788
#5 0x560b762362fc in call_rcu_thread /work/armbru/qemu/util/rcu.c:283
#6 0x560b761c8884 in qemu_thread_start /work/armbru/qemu/util/qemu-thread-posix.c:519
#7 0x7fead9be34bf in start_thread (/lib64/libpthread.so.0+0x84bf)
previously allocated by thread T0 here:
#0 0x7feadd394d18 in __interceptor_malloc (/lib64/libasan.so.5+0x10dd18)
#1 0x7feadcebcc88 in g_malloc (/lib64/libglib-2.0.so.0+0x55c88)
#2 0x560b75c8cf8a in object_new /work/armbru/qemu/qom/object.c:699
#3 0x560b75010ad9 in qdev_device_add /work/armbru/qemu/qdev-monitor.c:654
#4 0x560b750120c2 in qmp_device_add /work/armbru/qemu/qdev-monitor.c:805
#5 0x560b75012c1b in hmp_device_add /work/armbru/qemu/qdev-monitor.c:905
[...]
==15654==ABORTING
Cause: virtio_net_device_realize() neglects to bail out after setting
the error. Fix that.
Fixes: 9473939ed7addcaaeb8fde5c093918fb7fa0919c Cc: "Michael S. Tsirkin" <mst@redhat.com> Cc: Jason Wang <jasowang@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200422130719.28225-9-armbru@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com>
arm/virt: Fix virt_machine_device_plug_cb() error API violation
The Error ** argument must be NULL, &error_abort, &error_fatal, or a
pointer to a variable containing NULL. Passing an argument of the
latter kind twice without clearing it in between is wrong: if the
first call sets an error, it no longer points to NULL for the second
call.
virt_machine_device_plug_cb() passes @errp to
cryptodev_builtin_sym_close_session() in a loop. Harmless, because
cryptodev_builtin_sym_close_session() can't actually fail. Fix by
dropping its Error ** parameter.
Cc: Peter Maydell <peter.maydell@linaro.org> Cc: qemu-arm@nongnu.org Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200422130719.28225-6-armbru@redhat.com>
timers_state.icount_time_shift must be in [0,63] to avoid undefined
behavior when shifting by it, e.g. in cpu_icount_to_ns().
icount_adjust() clamps it to [0,MAX_ICOUNT_SHIFT], with
MAX_ICOUNT_SHIFT = 10. configure_icount() doesn't. Fix that.
Fixes: a8bfac37085c3372366d722f131a7e18d664ee4d Cc: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200422130719.28225-5-armbru@redhat.com>
The Error ** argument must be NULL, &error_abort, &error_fatal, or a
pointer to a variable containing NULL. Passing an argument of the
latter kind twice without clearing it in between is wrong: if the
first call sets an error, it no longer points to NULL for the second
call.
configure_icount() is wrong that way. Harmless, because its @errp is
always &error_abort or &error_fatal.
Just as wrong (and just as harmless): when it fails, it can still
update global state.
Fix all that.
Cc: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200422130719.28225-4-armbru@redhat.com>
The Error ** argument must be NULL, &error_abort, &error_fatal, or a
pointer to a variable containing NULL. Passing an argument of the
latter kind twice without clearing it in between is wrong: if the
first call sets an error, it no longer points to NULL for the second
call.
check_cache_dropped() calls error_setg() in a loop. It fails to break
the loop in one instance. If a subsequent iteration error_setg()s
again, it trips error_setv()'s assertion.
Fix it to break the loop.
Fixes: 31be8a2a97ecba7d31a82932286489cac318e9e9 Cc: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20200422130719.28225-3-armbru@redhat.com>
cryptodev: Fix cryptodev_builtin_cleanup() error API violation
The Error ** argument must be NULL, &error_abort, &error_fatal, or a
pointer to a variable containing NULL. Passing an argument of the
latter kind twice without clearing it in between is wrong: if the
first call sets an error, it no longer points to NULL for the second
call.
cryptodev_builtin_cleanup() passes @errp to
cryptodev_builtin_sym_close_session() in a loop. Harmless, because
cryptodev_builtin_sym_close_session() can't actually fail. Fix it
anyway.
Cc: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200422130719.28225-2-armbru@redhat.com>
qemu-img create, convert, amend, and measure use accumulate_options()
to merge multiple -o options. This is broken for -o "":
$ qemu-img create -f qcow2 -o backing_file=a -o "" -o backing_fmt=raw,size=1M new.qcow2
qemu-img: warning: Could not verify backing image. This may become an error in future versions.
Could not open 'a,backing_fmt=raw': No such file or directory
Formatting 'new.qcow2', fmt=qcow2 size=1048576 backing_file=a,,backing_fmt=raw cluster_size=65536 lazy_refcounts=off refcount_bits=16
$ qemu-img info new.qcow2
image: new.qcow2
file format: qcow2
virtual size: 1 MiB (1048576 bytes)
disk size: 196 KiB
cluster_size: 65536
--> backing file: a,backing_fmt=raw
Format specific information:
compat: 1.1
lazy refcounts: false
refcount bits: 16
corrupt: false
Merging these three -o the obvious way is wrong, because it results in
an unwanted ',' escape:
backing_file=a,,backing_fmt=raw,size=1M
~~
We could silently drop -o "", but Kevin asked me to reject it instead.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200415074927.19897-10-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
qemu-img: Move is_valid_option_list() to qemu-img.c and rewrite
is_valid_option_list()'s purpose is ensuring qemu-img.c's can safely
join multiple parameter strings separated by ',' like this:
g_strdup_printf("%s,%s", params1, params2);
How it does that is anything but obvious. A close reading of the code
reveals that it fails exactly when its argument starts with ',' or
ends with an odd number of ','. Makes sense, actually, because when
the argument starts with ',', a separating ',' preceding it would get
escaped, and when it ends with an odd number of ',', a separating ','
following it would get escaped.
Move it to qemu-img.c and rewrite it the obvious way.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20200415074927.19897-9-armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20200415074927.19897-8-armbru@redhat.com>
qemu-option: Avoid has_help_option() in qemu_opts_parse_noisily()
When opts_parse() sets @invalidp to true, qemu_opts_parse_noisily()
uses has_help_option() to decide whether to print help. This parses
the input string a second time.
Easy to avoid: replace @invalidp by @help_wanted.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20200415074927.19897-7-armbru@redhat.com>
test-qemu-opts: Simplify test_has_help_option() after bug fix
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20200415074927.19897-6-armbru@redhat.com>
has_help_option() uses its own parser. It's inconsistent with
qemu_opts_parse(), as demonstrated by test-qemu-opts case
/qemu-opts/has_help_option. Fix by reusing the common parser.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200415074927.19897-5-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
qemu-option: Fix sloppy recognition of "id=..." after ",,"
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20200415074927.19897-4-armbru@redhat.com>
qemu-options: Factor out get_opt_name_value() helper
The next commits will put it to use.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20200415074927.19897-3-armbru@redhat.com>
The two turn out to be inconsistent for "a,b,,help". Test case
marked /* BUG */.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200415074927.19897-2-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
various: Remove suspicious '\' character outside of #define in C code
Fixes the following coccinelle warnings:
$ spatch --sp-file --verbose-parsing ... \
scripts/coccinelle/remove_local_err.cocci
...
SUSPICIOUS: a \ character appears outside of a #define at ./target/ppc/translate_init.inc.c:5213
SUSPICIOUS: a \ character appears outside of a #define at ./target/ppc/translate_init.inc.c:5261
SUSPICIOUS: a \ character appears outside of a #define at ./target/microblaze/cpu.c:166
SUSPICIOUS: a \ character appears outside of a #define at ./target/microblaze/cpu.c:167
SUSPICIOUS: a \ character appears outside of a #define at ./target/microblaze/cpu.c:169
SUSPICIOUS: a \ character appears outside of a #define at ./target/microblaze/cpu.c:170
SUSPICIOUS: a \ character appears outside of a #define at ./target/microblaze/cpu.c:171
SUSPICIOUS: a \ character appears outside of a #define at ./target/microblaze/cpu.c:172
SUSPICIOUS: a \ character appears outside of a #define at ./target/microblaze/cpu.c:173
SUSPICIOUS: a \ character appears outside of a #define at ./target/i386/cpu.c:5787
SUSPICIOUS: a \ character appears outside of a #define at ./target/i386/cpu.c:5789
SUSPICIOUS: a \ character appears outside of a #define at ./target/i386/cpu.c:5800
SUSPICIOUS: a \ character appears outside of a #define at ./target/i386/cpu.c:5801
SUSPICIOUS: a \ character appears outside of a #define at ./target/i386/cpu.c:5802
SUSPICIOUS: a \ character appears outside of a #define at ./target/i386/cpu.c:5804
SUSPICIOUS: a \ character appears outside of a #define at ./target/i386/cpu.c:5805
SUSPICIOUS: a \ character appears outside of a #define at ./target/i386/cpu.c:5806
SUSPICIOUS: a \ character appears outside of a #define at ./target/i386/cpu.c:6329
SUSPICIOUS: a \ character appears outside of a #define at ./hw/sd/sdhci.c:1133
SUSPICIOUS: a \ character appears outside of a #define at ./hw/scsi/scsi-disk.c:3081
SUSPICIOUS: a \ character appears outside of a #define at ./hw/net/virtio-net.c:1529
SUSPICIOUS: a \ character appears outside of a #define at ./hw/riscv/sifive_u.c:468
SUSPICIOUS: a \ character appears outside of a #define at ./dump/dump.c:1895
SUSPICIOUS: a \ character appears outside of a #define at ./block/vhdx.c:2209
SUSPICIOUS: a \ character appears outside of a #define at ./block/vhdx.c:2215
SUSPICIOUS: a \ character appears outside of a #define at ./block/vhdx.c:2221
SUSPICIOUS: a \ character appears outside of a #define at ./block/vhdx.c:2222
SUSPICIOUS: a \ character appears outside of a #define at ./block/replication.c:172
SUSPICIOUS: a \ character appears outside of a #define at ./block/replication.c:173
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20200412223619.11284-2-f4bug@amsat.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Acked-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com> # virtio/vhost parts Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Message-Id: <20200427102415.10915-3-cohuck@redhat.com>
Peter Maydell [Wed, 22 Apr 2020 12:45:01 +0000 (13:45 +0100)]
target/arm: Fix ID_MMFR4 value on AArch64 'max' CPU
In commit 41a4bf1feab098da4cd the added code to set the CNP
field in ID_MMFR4 for the AArch64 'max' CPU had a typo
where it used the wrong variable name, resulting in ID_MMFR4
fields AC2, XNX and LSM being wrong. Fix the typo.
Fixes: 41a4bf1feab098da4cd Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Message-id: 20200422124501.28015-1-peter.maydell@linaro.org
Peter Maydell [Mon, 20 Apr 2020 18:57:18 +0000 (19:57 +0100)]
Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-5.0-20200417' into staging
ppc patch queue for 2020-04-17
Here are a few late bugfixes for qemu-5.0 in the ppc target code.
Unless some really nasty last minute bug shows up, I expect this to be
the last ppc pull request for qemu-5.0.
* remotes/dgibson/tags/ppc-for-5.0-20200417:
target/ppc: Fix mtmsr(d) L=1 variant that loses interrupts
target/ppc: Fix wrong interpretation of the disposition flag.
linux-user/ppc: Fix padding in mcontext_t for ppc64
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
block/iscsi:fix heap-buffer-overflow in iscsi_aio_ioctl_cb
There is an overflow, the source 'datain.data[2]' is 100 bytes,
but the 'ss' is 252 bytes.This may cause a security issue because
we can access a lot of unrelated memory data.
The len for sbp copy data should take the minimum of mx_sb_len and
sb_len_wr, not the maximum.
If we use iscsi device for VM backend storage, ASAN show stack:
READ of size 252 at 0xfffd149dcfc4 thread T0
#0 0xaaad433d0d34 in __asan_memcpy (aarch64-softmmu/qemu-system-aarch64+0x2cb0d34)
#1 0xaaad45f9d6d0 in iscsi_aio_ioctl_cb /qemu/block/iscsi.c:996:9
#2 0xfffd1af0e2dc (/usr/lib64/iscsi/libiscsi.so.8+0xe2dc)
#3 0xfffd1af0d174 (/usr/lib64/iscsi/libiscsi.so.8+0xd174)
#4 0xfffd1af19fac (/usr/lib64/iscsi/libiscsi.so.8+0x19fac)
#5 0xaaad45f9acc8 in iscsi_process_read /qemu/block/iscsi.c:403:5
#6 0xaaad4623733c in aio_dispatch_handler /qemu/util/aio-posix.c:467:9
#7 0xaaad4622f350 in aio_dispatch_handlers /qemu/util/aio-posix.c:510:20
#8 0xaaad4622f350 in aio_dispatch /qemu/util/aio-posix.c:520
#9 0xaaad46215944 in aio_ctx_dispatch /qemu/util/async.c:298:5
#10 0xfffd1bed12f4 in g_main_context_dispatch (/lib64/libglib-2.0.so.0+0x512f4)
#11 0xaaad46227de0 in glib_pollfds_poll /qemu/util/main-loop.c:219:9
#12 0xaaad46227de0 in os_host_main_loop_wait /qemu/util/main-loop.c:242
#13 0xaaad46227de0 in main_loop_wait /qemu/util/main-loop.c:518
#14 0xaaad43d9d60c in qemu_main_loop /qemu/softmmu/vl.c:1662:9
#15 0xaaad4607a5b0 in main /qemu/softmmu/main.c:49:5
#16 0xfffd1a460b9c in __libc_start_main (/lib64/libc.so.6+0x20b9c)
#17 0xaaad43320740 in _start (aarch64-softmmu/qemu-system-aarch64+0x2c00740)
0xfffd149dcfc4 is located 0 bytes to the right of 100-byte region [0xfffd149dcf60,0xfffd149dcfc4)
allocated by thread T0 here:
#0 0xaaad433d1e70 in __interceptor_malloc (aarch64-softmmu/qemu-system-aarch64+0x2cb1e70)
#1 0xfffd1af0e254 (/usr/lib64/iscsi/libiscsi.so.8+0xe254)
#2 0xfffd1af0d174 (/usr/lib64/iscsi/libiscsi.so.8+0xd174)
#3 0xfffd1af19fac (/usr/lib64/iscsi/libiscsi.so.8+0x19fac)
#4 0xaaad45f9acc8 in iscsi_process_read /qemu/block/iscsi.c:403:5
#5 0xaaad4623733c in aio_dispatch_handler /qemu/util/aio-posix.c:467:9
#6 0xaaad4622f350 in aio_dispatch_handlers /qemu/util/aio-posix.c:510:20
#7 0xaaad4622f350 in aio_dispatch /qemu/util/aio-posix.c:520
#8 0xaaad46215944 in aio_ctx_dispatch /qemu/util/async.c:298:5
#9 0xfffd1bed12f4 in g_main_context_dispatch (/lib64/libglib-2.0.so.0+0x512f4)
#10 0xaaad46227de0 in glib_pollfds_poll /qemu/util/main-loop.c:219:9
#11 0xaaad46227de0 in os_host_main_loop_wait /qemu/util/main-loop.c:242
#12 0xaaad46227de0 in main_loop_wait /qemu/util/main-loop.c:518
#13 0xaaad43d9d60c in qemu_main_loop /qemu/softmmu/vl.c:1662:9
#14 0xaaad4607a5b0 in main /qemu/softmmu/main.c:49:5
#15 0xfffd1a460b9c in __libc_start_main (/lib64/libc.so.6+0x20b9c)
#16 0xaaad43320740 in _start (aarch64-softmmu/qemu-system-aarch64+0x2c00740)
Reported-by: Euler Robot <euler.robot@huawei.com> Signed-off-by: Chen Qun <kuhn.chenqun@huawei.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20200418062602.10776-1-kuhn.chenqun@huawei.com Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
More recently, Linux reduced the occurance of operations (e.g., rfi)
which stop translation and allow pending interrupts to be processed.
This started causing hangs in Linux boot in long-running kernel tests,
running with '-d int' shows the decrementer stops firing despite DEC
wrapping and MSR[EE]=1.
The cause is the broken mtmsr L=1 behaviour, which is contrary to the
architecture. From Power ISA v3.0B, p.977, Move To Machine State Register,
Programming Note states:
If MSR[EE]=0 and an External, Decrementer, or Performance Monitor
exception is pending, executing an mtmsrd instruction that sets
MSR[EE] to 1 will cause the interrupt to occur before the next
instruction is executed, if no higher priority exception exists
Fix this by handling L=1 exactly the same way as L=0, modulo the MSR
bits altered.
The confusion arises from L=0 being "context synchronizing" whereas L=1
is "execution synchronizing", which is a weaker semantic. However this
is not a relaxation of the requirement that these exceptions cause
interrupts when MSR[EE]=1 (e.g., when mtmsr executes to completion as
TCG is doing here), rather it specifies how a pipelined processor can
have multiple instructions in flight where one may influence how another
behaves.
Cc: qemu-stable@nongnu.org Reported-by: Anton Blanchard <anton@ozlabs.org> Reported-by: Nathan Chancellor <natechancellor@gmail.com> Tested-by: Nathan Chancellor <natechancellor@gmail.com> Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Message-Id: <20200414111131.465560-1-npiggin@gmail.com> Reviewed-by: Cédric Le Goater <clg@kaod.org> Tested-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
projects / thirdparty / qemu.git / log
