Dr. David Alan Gilbert [Thu, 5 Nov 2015 18:10:56 +0000 (18:10 +0000)]
migrate_start_postcopy: Command to trigger transition to postcopy
Once postcopy is enabled (with migrate_set_capability), the migration
will still start on precopy mode. To cause a transition into postcopy
the:
migrate_start_postcopy
command must be issued. Postcopy will start sometime after this
(when it's next checked in the migration loop).
Issuing the command before migration has started will error,
and issuing after it has finished is ignored.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Dr. David Alan Gilbert [Thu, 5 Nov 2015 18:10:55 +0000 (18:10 +0000)]
postcopy: OS support test
Provide a check to see if the OS we're running on has all the bits
needed for postcopy.
Creates postcopy-ram.c which will get most of the other helpers we need.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Dr. David Alan Gilbert [Thu, 5 Nov 2015 18:10:54 +0000 (18:10 +0000)]
Modify save_live_pending for postcopy
Modify save_live_pending to return separate postcopiable and
non-postcopiable counts.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Dr. David Alan Gilbert [Thu, 5 Nov 2015 18:10:53 +0000 (18:10 +0000)]
MIG_CMD_PACKAGED: Send a packaged chunk of migration stream
MIG_CMD_PACKAGED is a migration command that wraps a chunk of migration
stream inside a package whose length can be determined purely by reading
its header. The destination guarantees that the whole MIG_CMD_PACKAGED
is read off the stream prior to parsing the contents.
This is used by postcopy to load device state (from the package)
while leaving the main stream free to receive memory pages.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Dr. David Alan Gilbert [Thu, 5 Nov 2015 18:10:52 +0000 (18:10 +0000)]
Add wrappers and handlers for sending/receiving the postcopy-ram migration messages.
The state of the postcopy process is managed via a series of messages;
* Add wrappers and handlers for sending/receiving these messages
* Add state variable that track the current state of postcopy
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Dr. David Alan Gilbert [Thu, 5 Nov 2015 18:10:51 +0000 (18:10 +0000)]
Add migration-capability boolean for postcopy-ram.
The 'postcopy ram' capability allows postcopy migration of RAM;
note that the migration starts off in precopy mode until
postcopy mode is triggered (see the migrate_start_postcopy
patch later in the series).
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Dr. David Alan Gilbert [Thu, 5 Nov 2015 18:10:50 +0000 (18:10 +0000)]
Rework loadvm path for subloops
Postcopy needs to have two migration streams loading concurrently;
one from memory (with the device state) and the other from the fd
with the memory transactions.
Split the core of qemu_loadvm_state out so we can use it for both.
Allow the inner loadvm loop to quit and cause the parent loops to
exit as well.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Dr. David Alan Gilbert [Thu, 5 Nov 2015 18:10:49 +0000 (18:10 +0000)]
Return path: Source handling of return path
Open a return path, and handle messages that are received upon it.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Dr. David Alan Gilbert [Thu, 5 Nov 2015 18:10:48 +0000 (18:10 +0000)]
migration_is_setup_or_active
Add 'migration_is_setup_or_active' utility function to check state.
(It gets postcopy added to it's list later on in the series)
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Dr. David Alan Gilbert [Thu, 5 Nov 2015 18:10:47 +0000 (18:10 +0000)]
Return path: Send responses from destination to source
Add migrate_send_rp_message to send a message from destination to source along the return path.
(It uses a mutex to let it be called from multiple threads)
Add migrate_send_rp_shut to send a 'shut' message to indicate
the destination is finished with the RP.
Add migrate_send_rp_ack to send a 'PONG' message in response to a PING
Use it in the MSG_RP_PING handler
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Dr. David Alan Gilbert [Thu, 5 Nov 2015 18:10:46 +0000 (18:10 +0000)]
Return path: Control commands
Add two src->dest commands:
* OPEN_RETURN_PATH - To request that the destination open the return path
* PING - Request an acknowledge from the destination
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Dr. David Alan Gilbert [Thu, 5 Nov 2015 18:10:45 +0000 (18:10 +0000)]
Migration commands
Create QEMU_VM_COMMAND section type for sending commands from
source to destination. These commands are not intended to convey
guest state but to control the migration process.
For use in postcopy.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Dr. David Alan Gilbert [Thu, 5 Nov 2015 18:10:44 +0000 (18:10 +0000)]
Return path: socket_writev_buffer: Block even on non-blocking fd's
The destination sets the fd to non-blocking on incoming migrations;
this also affects the return path from the destination, and thus we
need to make sure we can safely write to the return path.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Dr. David Alan Gilbert [Thu, 5 Nov 2015 18:10:43 +0000 (18:10 +0000)]
Return path: Open a return path on QEMUFile for sockets
Postcopy needs a method to send messages from the destination back to
the source, this is the 'return path'.
Wire it up for 'socket' QEMUFile's.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Dr. David Alan Gilbert [Thu, 5 Nov 2015 18:10:42 +0000 (18:10 +0000)]
Add Linux userfaultfd.h header
Postcopy uses the userfaultfd.h feature in the Linux kernel; include
the header.
(In early versions of the patch series we had this, and then we dropped
this by only including it if the kernel headers defined the syscall
number; however
1842bdfd added the syscall definition to our
headers, which means we can't tell if the kernel has it or not)
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Dr. David Alan Gilbert [Thu, 5 Nov 2015 18:10:41 +0000 (18:10 +0000)]
Rename save_live_complete to save_live_complete_precopy
In postcopy we're going to need to perform the complete phase
for postcopiable devices at a different point, start out by
renaming all of the 'complete's to make the difference obvious.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Dr. David Alan Gilbert [Thu, 5 Nov 2015 18:10:40 +0000 (18:10 +0000)]
migrate_init: Call from savevm
Suspend to file is very much like a migrate, and it makes life
easier if we have the Migration state available, so initialise it
in the savevm.c code for suspending.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Reviewd-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Dr. David Alan Gilbert [Thu, 5 Nov 2015 18:10:39 +0000 (18:10 +0000)]
ram_load: Factor out host_from_stream_offset call and check
The main RAM load loop has a call to host_from_stream_offset for
each page type that actually loads data with the same test;
factor it out before the switch.
The host = NULL is to silence a bogus gcc warning of
an unitialised in the RAM_SAVE_COMPRESS_PAGE case, it
doesn't seem to realise that host is always initialised by the if at
the top in the cases the switch takes.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Dr. David Alan Gilbert [Thu, 5 Nov 2015 18:10:38 +0000 (18:10 +0000)]
ram_debug_dump_bitmap: Dump a migration bitmap as text
Useful for debugging the migration bitmap and other bitmaps
of the same format (including the sentmap in postcopy).
The bitmap is printed to stderr.
Lines that are all the expected value are excluded so the output
can be quite compact for many bitmaps.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Dr. David Alan Gilbert [Thu, 5 Nov 2015 18:10:37 +0000 (18:10 +0000)]
Add QEMU_MADV_NOHUGEPAGE
Add QEMU_MADV_NOHUGEPAGE as an OS-independent version of
MADV_NOHUGEPAGE.
We include sys/mman.h before making the test to ensure
that we pick up the system defines.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Dr. David Alan Gilbert [Thu, 5 Nov 2015 18:10:36 +0000 (18:10 +0000)]
Add wrapper for setting blocking status on a QEMUFile
Add a wrapper to change the blocking status on a QEMUFile
rather than having to use qemu_set_block(qemu_get_fd(f));
it seems best to avoid exposing the fd since not all QEMUFile's
really have one. With this wrapper we could move the implementation
down to be different on different transports.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Dr. David Alan Gilbert [Thu, 5 Nov 2015 18:10:35 +0000 (18:10 +0000)]
Add qemu_get_buffer_in_place to avoid copies some of the time
qemu_get_buffer always copies the data it reads to a users buffer,
however in many cases the file buffer inside qemu_file could be given
back to the caller, avoiding the copy. This isn't always possible
depending on the size and alignment of the data.
Thus 'qemu_get_buffer_in_place' either copies the data to a supplied
buffer or updates a pointer to the internal buffer if convenient.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Dr. David Alan Gilbert [Thu, 5 Nov 2015 18:10:34 +0000 (18:10 +0000)]
Rename mis->file to from_src_file
'file' becomes confusing when you have flows in each direction;
rename to make it clear.
This leaves just the main forward direction ms->file, which is used
in a lot of places and is probably not worth renaming given the churn.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Dr. David Alan Gilbert [Thu, 5 Nov 2015 18:10:33 +0000 (18:10 +0000)]
qemu_ram_block_by_name
Add a function to find a RAMBlock by name; use it in two
of the places that already open code that loop; we've
got another use later in postcopy.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Dr. David Alan Gilbert [Thu, 5 Nov 2015 18:10:32 +0000 (18:10 +0000)]
qemu_ram_block_from_host
Postcopy sends RAMBlock names and offsets over the wire (since it can't
rely on the order of ramaddr being the same), and it starts out with
HVA fault addresses from the kernel.
qemu_ram_block_from_host translates a HVA into a RAMBlock, an offset
in the RAMBlock and the global ram_addr_t value.
Rewrite qemu_ram_addr_from_host to use qemu_ram_block_from_host.
Provide qemu_ram_get_idstr since its the actual name text sent on the
wire.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Dr. David Alan Gilbert [Thu, 5 Nov 2015 18:10:31 +0000 (18:10 +0000)]
Move page_size_init earlier
The HOST_PAGE_ALIGN macros don't work until the page size variables
have been set up; later in postcopy I use those macros in the RAM
code, and it can be triggered using -object.
Fix this by initialising page_size_init() earlier - it's currently
initialised inside the accelerators, move it up into vl.c.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Dr. David Alan Gilbert [Thu, 5 Nov 2015 18:10:30 +0000 (18:10 +0000)]
Move configuration section writing
The vmstate_configuration is currently written
in 'qemu_savevm_state_begin', move it to
'qemu_savevm_state_header' since it's got a hard
requirement that it must be the 1st thing after
the header.
(In postcopy some 'command' sections get sent
early before the saving of the main sections
and hence before qemu_savevm_state_begin).
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Dr. David Alan Gilbert [Thu, 5 Nov 2015 18:10:29 +0000 (18:10 +0000)]
Provide runtime Target page information
The migration code generally is built target-independent, however
there are a few places where knowing the target page size would
avoid artificially moving stuff into migration/ram.c.
Provide 'qemu_target_page_bits()' that returns TARGET_PAGE_BITS
to other bits of code so that they can stay target-independent.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Dr. David Alan Gilbert [Thu, 5 Nov 2015 18:10:28 +0000 (18:10 +0000)]
Add postcopy documentation
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Peter Maydell [Tue, 10 Nov 2015 09:39:24 +0000 (09:39 +0000)]
Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2015-11-10' into staging
QAPI patches
# gpg: Signature made Tue 10 Nov 2015 07:12:25 GMT using RSA key ID
EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg: aka "Markus Armbruster <armbru@pond.sub.org>"
* remotes/armbru/tags/pull-qapi-2015-11-10:
qapi-introspect: Document lack of sorting
qapi: Provide nicer array names in introspection
qapi: More tests of input arrays
qapi: Test failure in middle of array parse
qapi: More tests of alternate output
qapi: Simplify error cleanup in test-qmp-*
qapi: Simplify non-error testing in test-qmp-*
qapi: Plug leaks in test-qmp-*
qapi: Share test_init code in test-qmp-input*
qobject: Protect against use-after-free in qobject_decref()
qapi: Strengthen test of TestStructList
qapi: Use generated TestStruct machinery in tests
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Eric Blake [Fri, 6 Nov 2015 06:35:36 +0000 (23:35 -0700)]
qapi-introspect: Document lack of sorting
qapi-code-gen.txt already claims that types, commands, and
events share a common namespace; set this in stone by further
documenting that our introspection output will never have
collisions with the same name tied to more than one meta-type.
Our largest QMP enum currently has 125 values, our largest
object type has 27 members, and the mean for each is less than
10. These sizes are small enough that the per-element overhead
of O(log n) binary searching probably outweighs the speed
possible with direct O(n) linear searching (a better algorithm
with more overhead will only beat a leaner naive algorithm only
as you scale to larger input sizes).
Arguably, the overall SchemaInfo array could be sorted by name;
there, we currently have 531 entities, large enough for a binary
search to be faster than linear. However, remember that we have
mutually-recursive types, which means there is no topological
ordering that will allow clients to learn all information about
that type in a single linear pass; thus clients will want to do
random access over the data, and they will probably read the
introspection output into a hashtable for O(1) lookup rather
than O(log n) binary searching, at which point, pre-sorting our
introspection output doesn't help the client.
It doesn't help that sorting can be subjective if you introduce
locales into the mix (I'm not experienced enough with Python
to know for sure, but at least it looks like it defaults to
sorting in the C locale even when run under a different locale).
And while our current introspection output is deterministic
(because we visit entities in a sorted order), we may want
to change that order in the future (such as using OrderedDict
to stick to .json declaration order).
For these reasons, we simply document that clients should not
rely on any particular order of items in introspection output.
And since it is now a documented part of the contract, we have
the freedom to later rearrange output if needed, without
worrying about breaking well-written clients.
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <
1446791754-23823-13-git-send-email-eblake@redhat.com>
[Commit message tweaked]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Eric Blake [Fri, 6 Nov 2015 06:35:35 +0000 (23:35 -0700)]
qapi: Provide nicer array names in introspection
For the sake of humans reading introspection output, it is nice
to have the name of implicit array types be recognizable as
arrays of the underlying type. However, while this patch allows
humans to skip from a command with return type "[123]" straight
to the definition of type "123" without having to first inspect
type "[123]", document that this shortcut should not be taken by
client apps.
This makes the resulting introspection string slightly larger by
default (just over 200 bytes), but it's in the noise (less than
0.3% of the overall 70k size of 'query-qmp-capabilities').
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <
1446791754-23823-12-git-send-email-eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Eric Blake [Fri, 6 Nov 2015 06:35:34 +0000 (23:35 -0700)]
qapi: More tests of input arrays
Our testsuite had no coverage of empty arrays, nor of what
happens when the input does not match the expected type.
Useful to have, especially if we start changing the visitor
contracts.
I did not think it worth duplicating these additions to
test-qmp-input-strict; since all strict mode does is add
the ability to reject JSON input that has more keys than
what the visitor expects, yet the additions in this patch
error out earlier than that point regardless of whether
strict mode was requested.
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <
1446791754-23823-11-git-send-email-eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Eric Blake [Fri, 6 Nov 2015 06:35:33 +0000 (23:35 -0700)]
qapi: Test failure in middle of array parse
Our generated list visitors have the same problem as has been
mentioned elsewhere (see commit 2f52e20): they allocate data
even on failure. An upcoming patch will correct things to
provide saner guarantees, but first we need to expose the
behavior in the testsuite to ensure we aren't introducing any
memory usage bugs.
There are more test cases throughout the test-qmp-input-* tests
that already deal with partial allocation; a later commit will
clean up all visit_type_FOO(), without marking all of the tests
with FIXME at this time.
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <
1446791754-23823-10-git-send-email-eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Eric Blake [Fri, 6 Nov 2015 06:35:32 +0000 (23:35 -0700)]
qapi: More tests of alternate output
The testsuite was only covering that we could output the 'int'
branch of an alternate (no additional allocation/cleanup required).
Add a test of the 'str' branch, to make sure that things still
work even when a branch involves allocation.
Update to modern style of g_new0() over g_malloc0() while
touching it.
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <
1446791754-23823-9-git-send-email-eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Eric Blake [Fri, 6 Nov 2015 06:35:31 +0000 (23:35 -0700)]
qapi: Simplify error cleanup in test-qmp-*
We have several tests that perform multiple sub-actions that are
expected to fail. Asserting that an error occurred, then clearing
it up to prepare for the next action, turned into enough
boilerplate that it was sometimes forgotten (for example, a number
of tests added to test-qmp-input-visitor.c in d88f5fd leaked err).
Worse, if an error is not reset to NULL, we risk invalidating
later use of that error (passing a non-NULL err into a function
is generally a bad idea). Encapsulate the boilerplate into a
single helper function error_free_or_abort(), and consistently
use it.
The new function is added into error.c for use everywhere,
although it is anticipated that testsuites will be the main
client.
Signed-off-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Peter Maydell [Mon, 9 Nov 2015 15:14:09 +0000 (15:14 +0000)]
configure: Don't disable optimization for non-fortify builds
Commit
b553a0428014636bc inadvertently disabled optimization
for all non-fortify builds. Fix this bug so we only do an
unoptimized build if we want debug.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id:
1447082049-25099-1-git-send-email-peter.maydell@linaro.org
Peter Maydell [Mon, 9 Nov 2015 14:56:31 +0000 (14:56 +0000)]
hw/timer/hpet.c: Avoid signed integer overflow which results in bugs on OSX
Signed integer overflow in C is undefined behaviour, and the compiler
is at liberty to assume it can never happen and optimize accordingly.
In particular, the subtractions in hpet_time_after() and hpet_time_after64()
were causing OSX clang to optimize the code such that it was prone to
hangs and complaints about the main loop stalling (presumably because
we were spending all our time trying to service very high frequency
HPET timer callbacks). The clang sanitizer confirms the UB:
hw/timer/hpet.c:119:26: runtime error: signed integer overflow: -
2146967296 -
2147003978 cannot be represented in type 'int'
Fix this by doing the subtraction as an unsigned operation and then
converting to signed for the comparison.
Reported-by: Aaron Elkins <threcius@yahoo.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id:
1447080991-24995-1-git-send-email-peter.maydell@linaro.org
Eric Blake [Fri, 6 Nov 2015 06:35:30 +0000 (23:35 -0700)]
qapi: Simplify non-error testing in test-qmp-*
By using &error_abort, we can avoid a local err variable in
situations where we expect success. It also has the nice
effect that if the test breaks, the error message from
error_abort tends to be nicer than that of g_assert().
This patch has an additional bonus of fixing several call sites that
were passing &err to two different functions without checking it in
between. In general that is unsafe practice; because if the first
function sets an error, the second function could abort() if it tries to
set a different error. We got away with it because we were asserting
that err was NULL through the entire chain, but switching to
&error_abort avoids the questionable practice up front.
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <
1446791754-23823-7-git-send-email-eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Eric Blake [Fri, 6 Nov 2015 06:35:29 +0000 (23:35 -0700)]
qapi: Plug leaks in test-qmp-*
Make valgrind happy with the current state of the tests, so that
it is easier to see if future patches introduce new memory problems
without being drowned in noise. Many of the leaks were due to
calling a second init without tearing down the data from an earlier
visit. But since teardown is already idempotent, and we already
register teardown as part of input_visitor_test_add(), it is nicer
to just make init() safe to call multiple times than it is to have
to make all tests call teardown.
Another common leak was forgetting to clean up an error object,
after testing that an error was raised.
Another leak was in test_visitor_in_struct_nested(), failing to
clean the base member of UserDefTwo. Cleaning that up left
check_and_free_str() as dead code (since using the qapi_free_*
takes care of recursion, and we don't want double frees).
A final leak was in test_visitor_out_any(), which was reassigning
the qobj local variable to a subset of the overall structure
needing freeing; it did not result in a use-after-free, but
was not cleaning up all the qdict.
test-qmp-event and test-qmp-commands were already clean.
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <
1446791754-23823-6-git-send-email-eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Eric Blake [Fri, 6 Nov 2015 06:35:28 +0000 (23:35 -0700)]
qapi: Share test_init code in test-qmp-input*
Rather than duplicate the body of two functions just to
decide between qobject_from_jsonv() and qobject_from_json(),
exploit the fact that qobject_from_jsonv() intentionally
takes 'va_list *' instead of the more common 'va_list', and
that qobject_from_json() just calls qobject_from_jsonv(,NULL).
For each file, our two existing init functions then become
thin wrappers around a new internal function, and future
updates to initialization don't have to be duplicated.
Suggested-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <
1446791754-23823-5-git-send-email-eblake@redhat.com>
[Two old comment typos fixed]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Eric Blake [Fri, 6 Nov 2015 06:35:27 +0000 (23:35 -0700)]
qobject: Protect against use-after-free in qobject_decref()
Adding an assertion to qobject_decref() will ensure that a
programming error causing use-after-free will result in
immediate failure (provided no other thread has started
using the memory) instead of silently attempting to wrap
refcnt around and leaving the problem to potentially bite
later at a harder point to diagnose.
Suggested-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <
1446791754-23823-4-git-send-email-eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Eric Blake [Fri, 6 Nov 2015 06:35:26 +0000 (23:35 -0700)]
qapi: Strengthen test of TestStructList
Make each list element different, to ensure that order is
preserved, and use the generated free function instead of
hand-rolling our own to ensure (under valgrind) that the
list is properly cleaned.
Suggested-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <
1446791754-23823-3-git-send-email-eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Eric Blake [Fri, 6 Nov 2015 06:35:25 +0000 (23:35 -0700)]
qapi: Use generated TestStruct machinery in tests
Commit d88f5fd and friends first introduced the various test-qmp-*
tests in 2011, with duplicated hand-rolled TestStruct machinery,
to make sure the qapi visitor interface was tested. Later, commit
4f193e3 in 2013 added a .json file for further testing use by the
files, but without consolidating any of the existing hand-rolled
visitors. And with four copies, subtle differences have crept in,
between the tests themselves (mainly whitespace differences, but
also a question of whether to use NULL or "TestStruct" when
calling visit_start_struct()) and from what the generator produces
(the hand-rolled versions did not cater to partially-allocated
objects, because they did not have a deallocation usage).
Of course, just because the visitor interface is tested does not
mean it is a sane interface; and future patches will be changing
some of the visitor contracts. Rather than having to duplicate
the cleanup work in each copy of the TestStruct visitor, and keep
each hand-rolled copy in sync with what the generator supplies, we
might as well just test what the generator should give us in the
first place.
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <
1446791754-23823-2-git-send-email-eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Peter Maydell [Mon, 9 Nov 2015 11:20:51 +0000 (11:20 +0000)]
Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging
# gpg: Signature made Mon 09 Nov 2015 10:08:17 GMT using RSA key ID
81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>"
* remotes/stefanha/tags/block-pull-request:
blockdev: acquire AioContext in hmp_commit()
monitor: add missed aio_context_acquire into vm_completion call
aio: Introduce aio-epoll.c
aio: Introduce aio_context_setup
aio: Introduce aio_external_disabled
dataplane: support non-contigious s/g
dataplane: simplify indirect descriptor read
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Stefan Hajnoczi [Wed, 4 Nov 2015 17:27:23 +0000 (20:27 +0300)]
blockdev: acquire AioContext in hmp_commit()
This one slipped through. Although we acquire AioContext when
committing all devices we don't for just a single device.
AioContext must be acquired before calling bdrv_*() functions to
synchronize access with other threads that may be using the AioContext.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Reviewed-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Denis V. Lunev [Wed, 4 Nov 2015 17:19:42 +0000 (20:19 +0300)]
monitor: add missed aio_context_acquire into vm_completion call
Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Stefan Hajnoczi <stefanha@redhat.com>
CC: Kevin Wolf <kwolf@redhat.com>
CC: Luiz Capitulino <lcapitulino@redhat.com>
CC: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Fam Zheng [Fri, 30 Oct 2015 04:06:29 +0000 (12:06 +0800)]
aio: Introduce aio-epoll.c
To minimize code duplication, epoll is hooked into aio-posix's
aio_poll() instead of rolling its own. This approach also has both
compile-time and run-time switchability.
1) When QEMU starts with a small number of fds in the event loop, ppoll
is used.
2) When QEMU starts with a big number of fds, or when more devices are
hot plugged, epoll kicks in when the number of fds hits the threshold.
3) Some fds may not support epoll, such as tty based stdio. In this
case, it falls back to ppoll.
A rough benchmark with scsi-disk on virtio-scsi dataplane (epoll gets
enabled from 64 onward). Numbers are in MB/s.
===============================================
| master | epoll
| |
scsi disks # | read randrw | read randrw
-------------|----------------|----------------
1 | 86 36 | 92 45
8 | 87 43 | 86 41
64 | 71 32 | 70 38
128 | 48 24 | 58 31
256 | 37 19 | 57 28
===============================================
To comply with aio_{disable,enable}_external, we always use ppoll when
aio_external_disabled() is true.
[Removed #ifdef CONFIG_EPOLL around AioContext epollfd field declaration
since the field is also referenced outside CONFIG_EPOLL code.
--Stefan]
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-id:
1446177989-6702-4-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Fam Zheng [Fri, 30 Oct 2015 04:06:28 +0000 (12:06 +0800)]
aio: Introduce aio_context_setup
This is the place to initialize platform specific bits of AioContext.
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-id:
1446177989-6702-3-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Fam Zheng [Fri, 30 Oct 2015 04:06:27 +0000 (12:06 +0800)]
aio: Introduce aio_external_disabled
This allows AioContext users to check the enable/disable state of
external clients.
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-id:
1446177989-6702-2-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Michael S. Tsirkin [Wed, 28 Oct 2015 15:48:04 +0000 (17:48 +0200)]
dataplane: support non-contigious s/g
bring_map currently fails if one of the entries it's mapping is
contigious in GPA but not HVA address space. Introduce a mapped_len
parameter so it can handle this, returning the actual mapped length.
This will still fail if there's no space left in the sg, but luckily max
queue size in use is currently 256, while max sg size is 1024, so we
should be OK even is all entries happen to cross a single DIMM boundary.
Won't work well with very small DIMM sizes, unfortunately:
e.g. this will fail with 4K DIMMs where a single
request might span a large number of DIMMs.
Let's hope these are uncommon - at least we are not breaking things.
Reported-by: Stefan Hajnoczi <stefanha@redhat.com>
Reported-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Igor Mammedov <imammedo@redhat.com>
Message-id:
1446047243-3221-2-git-send-email-mst@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Michael S. Tsirkin [Wed, 28 Oct 2015 15:48:02 +0000 (17:48 +0200)]
dataplane: simplify indirect descriptor read
Use address_space_read to make sure we handle the case of an indirect
descriptor crossing DIMM boundary correctly.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Tested-by: Igor Mammedov <imammedo@redhat.com>
Message-id:
1446047243-3221-1-git-send-email-mst@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Peter Maydell [Sat, 7 Nov 2015 21:41:33 +0000 (21:41 +0000)]
Merge remote-tracking branch 'remotes/ehabkost/tags/x86-pull-request' into staging
target-i386: tcg: Handle clflushopt/clwb/pcommit instructions
A small update to TCG code so it can handle the new
clflushopt/clwb/pcommit instructions.
# gpg: Signature made Sat 07 Nov 2015 14:50:54 GMT using RSA key ID
984DC5A6
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>"
* remotes/ehabkost/tags/x86-pull-request:
target-i386: Add clflushopt/clwb/pcommit to TCG_7_0_EBX_FEATURES
target-i386: tcg: Check right CPUID bits for clflushopt/pcommit
target-i386: tcg: Accept clwb instruction
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Sat, 7 Nov 2015 19:55:15 +0000 (19:55 +0000)]
Merge remote-tracking branch 'remotes/jnsnow/tags/ide-pull-request' into staging
# gpg: Signature made Fri 06 Nov 2015 20:01:44 GMT using RSA key ID
AAFC390E
# gpg: Good signature from "John Snow (John Huston) <jsnow@redhat.com>"
* remotes/jnsnow/tags/ide-pull-request:
arm: allwinner-a10: Add SATA
ahci: Add allwinner AHCI
ahci: split realize and init
ahci: Add some MMIO debug printfs
ide: remove hardcoded 2GiB transactional limit
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Crosthwaite [Fri, 6 Nov 2015 19:09:01 +0000 (14:09 -0500)]
arm: allwinner-a10: Add SATA
Add the Allwinner A10 AHCI controller module to the SoC.
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id:
69d6962f2d14a218bd07e9ac4ccd1947737cc30f.
1445917756.git.crosthwaite.peter@gmail.com
Signed-off-by: John Snow <jsnow@redhat.com>
Peter Crosthwaite [Fri, 6 Nov 2015 19:09:01 +0000 (14:09 -0500)]
ahci: Add allwinner AHCI
Add a Sysbus AHCI subclass for the Allwinner AHCI. It has a few extra
vendor specific registers which are used for phy and power init.
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id:
833b5b05ed5ade38bf69656679b0a7575e79492b.
1445917756.git.crosthwaite.peter@gmail.com
[resolved patch context on pull --js]
Signed-off-by: John Snow <jsnow@redhat.com>
Peter Crosthwaite [Fri, 6 Nov 2015 19:09:00 +0000 (14:09 -0500)]
ahci: split realize and init
Do the init level tasks asap and the realize later (mainly when
num_ports is available). This allows sub-class realize routines
to work with the device post-init.
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id:
1a7c7b2b32e5ccf49373a5065da5ece89730d3ac.
1445917756.git.crosthwaite.peter@gmail.com
Signed-off-by: John Snow <jsnow@redhat.com>
Peter Crosthwaite [Fri, 6 Nov 2015 19:09:00 +0000 (14:09 -0500)]
ahci: Add some MMIO debug printfs
These are useful for bringup of AHCI.
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id:
517ba413dce7deb4ab17c0cc1e8bbdaaace2a0db.
1445917756.git.crosthwaite.peter@gmail.com
Signed-off-by: John Snow <jsnow@redhat.com>
John Snow [Fri, 6 Nov 2015 19:09:00 +0000 (14:09 -0500)]
ide: remove hardcoded 2GiB transactional limit
Not that you can request a >2GiB transaction, but that's why checking
for it makes no sense anymore.
With the newer 'limit' parameter to prepare_buf, we no longer need a
static limit. The maximum limit is still 2GiB, but the limit parameter
is set to the current transaction size, which cannot surpass 32MiB
(512 * 65536). If the PRDT surpasses the transactional size, then,
we'll just carry out the normative underflow handling pathways instead
of needing an extra, strange pathway that worries about hitting some
logistical cap for the largest sglist we can support -- we'll never
even attempt to build one that big anymore.
Reported-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id:
1445902682-20051-1-git-send-email-jsnow@redhat.com
Xiao Guangrong [Thu, 29 Oct 2015 07:31:39 +0000 (15:31 +0800)]
target-i386: Add clflushopt/clwb/pcommit to TCG_7_0_EBX_FEATURES
Now these instructions are handled by TCG and can be added to the
TCG_7_0_EBX_FEATURES macro.
Signed-off-by: Xiao Guangrong <guangrong.xiao@linux.intel.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Eduardo Habkost [Wed, 4 Nov 2015 21:24:46 +0000 (19:24 -0200)]
target-i386: tcg: Check right CPUID bits for clflushopt/pcommit
Detect the clflushopt and pcommit instructions and check their
corresponding feature flags, instead of checking CPUID_SSE and
CPUID_CLFLUSH.
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Eduardo Habkost [Wed, 4 Nov 2015 21:24:45 +0000 (19:24 -0200)]
target-i386: tcg: Accept clwb instruction
Accept the clwb instruction (66 0F AE /6) if its corresponding feature
flag is enabled on CPUID[7].
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Peter Maydell [Fri, 6 Nov 2015 12:50:24 +0000 (12:50 +0000)]
Merge remote-tracking branch 'remotes/mjt/tags/pull-trivial-patches-2015-11-06' into staging
trivial patches for 2015-11-06
# gpg: Signature made Fri 06 Nov 2015 12:42:43 GMT using RSA key ID
A4C3D7DB
# gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>"
# gpg: aka "Michael Tokarev <mjt@corpit.ru>"
# gpg: aka "Michael Tokarev <mjt@debian.org>"
* remotes/mjt/tags/pull-trivial-patches-2015-11-06: (24 commits)
tap-bsd: use user-specified tap device if it already exists
qemu-sockets: do not test path with access() before unlinking
taget-ppc: Fix read access to IBAT registers higher than IBAT3
exec: avoid unnecessary cacheline bounce on ram_list.mru_block
target-alpha: fix uninitialized variable
ivshmem-server: fix possible OVERRUN
pci-assign: do not test path with access() before opening
qom/object: fix 2 comment typos
configure: remove help string for 'vnc-tls' option
usb: Use g_new() & friends where that makes obvious sense
qxl: Use g_new() & friends where that makes obvious sense
ui: Use g_new() & friends where that makes obvious sense
bt: fix use of uninitialized variable seqlen
hw/dma/pxa2xx: Remove superfluous memset
linux-user/syscall: Replace g_malloc0 + memcpy with g_memdup
tests/i44fx-test: No need for zeroing memory before memset
hw/input/tsc210x: Remove superfluous memset
xen: fix invalid assertion
tests: ignore test-qga
fix bad indentation in pcie_cap_slot_write_config()
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Ed Maste [Fri, 23 Oct 2015 15:53:55 +0000 (11:53 -0400)]
tap-bsd: use user-specified tap device if it already exists
Acked-by: Roger Pau Monné <roger.pau@citrix.com>
Signed-off-by: Ed Maste <emaste@freebsd.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Paolo Bonzini [Wed, 4 Nov 2015 13:48:47 +0000 (14:48 +0100)]
qemu-sockets: do not test path with access() before unlinking
Using access() is a time-of-check/time-of-use race condition. It is
okay to use them to provide better error messages, but that is pretty
much it.
This is not one such case; on the other hand, access() *will* skip
unlink() for a non-existent path, so ignore ENOENT return values from
the unlink() system call.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Julio Guerra [Wed, 14 Oct 2015 17:43:19 +0000 (19:43 +0200)]
taget-ppc: Fix read access to IBAT registers higher than IBAT3
Fix the index used to read the IBAT's vector which results in IBAT0..3 instead
of IBAT4..N.
The bug appeared by saving/restoring contexts including IBATs values.
Signed-off-by: Julio Guerra <julio@farjump.io>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Paolo Bonzini [Thu, 22 Oct 2015 11:51:30 +0000 (13:51 +0200)]
exec: avoid unnecessary cacheline bounce on ram_list.mru_block
Whenever the MRU cache hits for the list of RAM blocks, qemu_get_ram_block
does an unnecessary write that causes a processor cache line to bounce
from one core to another. This causes a performance hit.
Reported-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Paolo Bonzini [Mon, 19 Oct 2015 14:08:38 +0000 (16:08 +0200)]
target-alpha: fix uninitialized variable
I am not sure why the compiler does not catch it. There is no
semantic change since gen_excp returns EXIT_NORETURN, but the
old code is wrong.
Reported by Coverity.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Gonglei [Mon, 2 Nov 2015 01:13:48 +0000 (09:13 +0800)]
ivshmem-server: fix possible OVERRUN
>>> CID 1337991: Memory - illegal accesses (OVERRUN)
>>> Decrementing "i". The value of "i" is now 65534.
218 while (i--) {
219 event_notifier_cleanup(&peer->vectors[i]);
220 }
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Paolo Bonzini [Mon, 2 Nov 2015 14:17:37 +0000 (15:17 +0100)]
pci-assign: do not test path with access() before opening
Using access() is a time-of-check/time-of-use race condition. It is
okay to use them to provide better error messages, but that is pretty
much it.
In this case we can get the same error from fopen(), so just use
strerror and errno there---which actually improves the error
message most of the time.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Cao jin [Tue, 3 Nov 2015 02:36:42 +0000 (10:36 +0800)]
qom/object: fix 2 comment typos
Also change the misleading definition of macro OBJECT_CLASS_CHECK
Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Daniel P. Berrange [Tue, 3 Nov 2015 11:34:31 +0000 (11:34 +0000)]
configure: remove help string for 'vnc-tls' option
The '--enable-vnc-tls' option to configure was removed in
commit
3e305e4a4752f70c0b5c3cf5b43ec957881714f7
Author: Daniel P. Berrange <berrange@redhat.com>
Date: Thu Aug 6 14:39:32 2015 +0100
ui: convert VNC server to use QCryptoTLSSession
This removes the corresponding help string.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Markus Armbruster [Thu, 29 Oct 2015 15:55:22 +0000 (16:55 +0100)]
usb: Use g_new() & friends where that makes obvious sense
g_new(T, n) is neater than g_malloc(sizeof(T) * n). It's also safer,
for two reasons. One, it catches multiplication overflowing size_t.
Two, it returns T * rather than void *, which lets the compiler catch
more type errors.
This commit only touches allocations with size arguments of the form
sizeof(T). Same Coccinelle semantic patch as in commit b45c03f.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Markus Armbruster [Thu, 29 Oct 2015 15:55:21 +0000 (16:55 +0100)]
qxl: Use g_new() & friends where that makes obvious sense
g_new(T, n) is neater than g_malloc(sizeof(T) * n). It's also safer,
for two reasons. One, it catches multiplication overflowing size_t.
Two, it returns T * rather than void *, which lets the compiler catch
more type errors.
This commit only touches allocations with size arguments of the form
sizeof(T). Same Coccinelle semantic patch as in commit b45c03f.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Markus Armbruster [Tue, 3 Nov 2015 16:12:03 +0000 (17:12 +0100)]
ui: Use g_new() & friends where that makes obvious sense
g_new(T, n) is neater than g_malloc(sizeof(T) * n). It's also safer,
for two reasons. One, it catches multiplication overflowing size_t.
Two, it returns T * rather than void *, which lets the compiler catch
more type errors.
This commit only touches allocations with size arguments of the form
sizeof(T). Same Coccinelle semantic patch as in commit b45c03f.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Paolo Bonzini [Mon, 19 Oct 2015 14:08:40 +0000 (16:08 +0200)]
bt: fix use of uninitialized variable seqlen
sdp_svc_match, sdp_attr_match and sdp_svc_attr_match read the last
argument. The only sensible way to change the code is to make that last
argument "len" instead of "seqlen" which is the length of a subsequence
in the previous "if" branch.
To make the structure of the code clearer, use "else" instead of
"else if".
Reported by Coverity.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Thomas Huth [Fri, 9 Oct 2015 15:56:35 +0000 (17:56 +0200)]
hw/dma/pxa2xx: Remove superfluous memset
g_malloc0 already clears the memory, so no need for
the additional memset here. And while we're at it,
also convert the g_malloc0 to the preferred g_new0.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Thomas Huth [Fri, 9 Oct 2015 15:56:38 +0000 (17:56 +0200)]
linux-user/syscall: Replace g_malloc0 + memcpy with g_memdup
No need to use g_malloc0 to zero the memory if we memcpy to
the whole buffer afterwards anyway. Actually, there is even
a function which combines both steps, g_memdup, so let's use
this function here instead.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Thomas Huth [Fri, 9 Oct 2015 15:56:37 +0000 (17:56 +0200)]
tests/i44fx-test: No need for zeroing memory before memset
Change a g_malloc0 into g_malloc since the following
memset fills the whole buffer anyway.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Thomas Huth [Fri, 9 Oct 2015 15:56:36 +0000 (17:56 +0200)]
hw/input/tsc210x: Remove superfluous memset
g_malloc0 already clears the memory, so no need for additional
memsets here. And while we're at it, let's also remove the
superfluous typecasts for the return values of g_malloc0
and use the type-safe g_new0 instead.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Paolo Bonzini [Mon, 19 Oct 2015 14:08:39 +0000 (16:08 +0200)]
xen: fix invalid assertion
Asserting "true" is not that useful.
Reported by Coverity.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Eric Blake [Tue, 20 Oct 2015 19:41:33 +0000 (13:41 -0600)]
tests: ignore test-qga
Commit
62c39b30 added a new test, but did not mark it for
exclusion in .gitignore.
Signed-off-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Cao jin [Sun, 25 Oct 2015 08:23:28 +0000 (16:23 +0800)]
fix bad indentation in pcie_cap_slot_write_config()
bad indentation conflicts with CODING_STYLE doc
Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Eric Blake [Mon, 26 Oct 2015 20:27:31 +0000 (14:27 -0600)]
maint: Ignore ivshmem binaries
Commit
a75eb03b added ivshmem-client and ivshmem-server binaries,
but did not mark them for exclusion in .gitignore.
Signed-off-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Thomas Huth [Thu, 15 Oct 2015 08:54:15 +0000 (10:54 +0200)]
hw/display/tcx: Remove superfluous OBJECT() typecasts
The tcx_initfn() function is already supplied with an
Object *obj pointer, so there is no need to cast the
state pointer back to an Object pointer all over the
place. And while we're at it, also remove the superfluous
"return;" statement in this function.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Kevin Wolf [Tue, 13 Oct 2015 07:38:50 +0000 (09:38 +0200)]
gdbstub: Fix buffer overflows in gdb_handle_packet()
Some places in gdb_handle_packet() can get an arbitrary length (most
times directly from the client) and either didn't check it at all or
checked against the wrong value, potentially causing buffer overflows.
Cc: qemu-stable@nongnu.org
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Marc-André Lureau [Mon, 12 Oct 2015 10:54:57 +0000 (12:54 +0200)]
hw/acpi/aml-build: remove useless glib version check
2.22 is the minimum version required
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Peter Maydell [Fri, 6 Nov 2015 11:31:40 +0000 (11:31 +0000)]
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream-replay' into staging
So here it is, let's see what happens.
# gpg: Signature made Fri 06 Nov 2015 09:30:34 GMT using RSA key ID
78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>"
* remotes/bonzini/tags/for-upstream-replay:
replay: recording of the user input
replay: command line options
replay: replay blockers for devices
replay: initialization and deinitialization
replay: ptimer
bottom halves: introduce bh call function
replay: checkpoints
icount: improve counting for record/replay
replay: shutdown event
replay: recording and replaying clock ticks
replay: asynchronous events infrastructure
replay: interrupts and exceptions
cpu: replay instructions sequence
cpu-exec: allow temporary disabling icount
replay: introduce icount event
replay: introduce mutex to protect the replay log
replay: internal functions for replay log
replay: global variables and function stubs
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Stefan Hajnoczi [Mon, 2 Nov 2015 14:06:23 +0000 (14:06 +0000)]
configure: add missing --disable-modules option
According to ./configure all options should have both --enable-foo and
--disable-foo:
# Always add --enable-foo and --disable-foo command line args.
# Distributions want to ensure that several features are compiled in, and it
# is impossible without a --enable-foo that exits if a feature is not found.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-id:
1446473183-24250-1-git-send-email-stefanha@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Fri, 6 Nov 2015 10:10:15 +0000 (10:10 +0000)]
Merge remote-tracking branch 'remotes/ehabkost/tags/x86-pull-request' into staging
X86 queue, 2015-11-05
# gpg: Signature made Thu 05 Nov 2015 19:35:31 GMT using RSA key ID
984DC5A6
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>"
* remotes/ehabkost/tags/x86-pull-request:
target-i386: Enable clflushopt/clwb/pcommit instructions
target-i386: Remove POPCNT from qemu64 and qemu32 CPU models
target-i386: Remove ABM from qemu64 CPU model
target-i386: Remove SSE4a from qemu64 CPU model
target-i386: Set "check=off" by default on pc-*-2.4 and older
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Pavel Dovgalyuk [Thu, 17 Sep 2015 16:25:24 +0000 (19:25 +0300)]
replay: recording of the user input
This records user input (keyboard and mouse events) in record mode and replays
these input events in replay mode.
Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
Message-Id: <
20150917162524.8676.11696.stgit@PASHA-ISP.def.inno>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
Pavel Dovgalyuk [Thu, 17 Sep 2015 16:25:18 +0000 (19:25 +0300)]
replay: command line options
This patch introduces command line options for enabling recording or replaying
virtual machine behavior. These options are added to icount command line
parameter. They include 'rr' which switches between record and replay
and 'rrfile' for specifying the filename for replay log.
Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
Message-Id: <
20150917162518.8676.70792.stgit@PASHA-ISP.def.inno>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
Pavel Dovgalyuk [Thu, 17 Sep 2015 16:25:13 +0000 (19:25 +0300)]
replay: replay blockers for devices
Some devices are not supported by record/replay subsystem.
This patch introduces replay blocker which denies starting record/replay
if such devices are included into the configuration.
Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
Message-Id: <
20150917162512.8676.11367.stgit@PASHA-ISP.def.inno>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
Pavel Dovgalyuk [Thu, 17 Sep 2015 16:25:07 +0000 (19:25 +0300)]
replay: initialization and deinitialization
This patch introduces the functions for enabling the record/replay and for
freeing the resources when simulator closes.
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
Message-Id: <
20150917162507.8676.90232.stgit@PASHA-ISP.def.inno>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
Pavel Dovgalyuk [Thu, 17 Sep 2015 16:24:56 +0000 (19:24 +0300)]
replay: ptimer
This patch adds deterministic replay for hardware periodic countdown timers.
ptimer uses bottom halves layer to execute such an asynchronous callback.
We put this callback into the replay queue instead of bottom halves one.
When checkpoint is met by main loop thread, the replay queue is processed
and callback is executed. Binding callback moment to one of the checkpoints
makes it deterministic.
Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
Message-Id: <
20150917162456.8676.83366.stgit@PASHA-ISP.def.inno>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
Pavel Dovgalyuk [Thu, 17 Sep 2015 16:24:50 +0000 (19:24 +0300)]
bottom halves: introduce bh call function
This patch introduces aio_bh_call function. It is used to execute
bottom halves as callbacks without adding them to the queue.
Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
Message-Id: <
20150917162450.8676.56980.stgit@PASHA-ISP.def.inno>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
Pavel Dovgalyuk [Thu, 17 Sep 2015 16:24:44 +0000 (19:24 +0300)]
replay: checkpoints
This patch introduces checkpoints that synchronize cpu thread and iothread.
When checkpoint is met in the code all asynchronous events from the queue
are executed.
Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
Message-Id: <
20150917162444.8676.52916.stgit@PASHA-ISP.def.inno>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
Pavel Dovgalyuk [Thu, 17 Sep 2015 16:24:39 +0000 (19:24 +0300)]
icount: improve counting for record/replay
icount_warp_rt function is called by qemu_clock_warp and as
callback of icount_warp timer. This patch adds call to qemu_clock_warp
into main_loop_wait function, because icount warp may be missed
in record/replay mode, when CPU is sleeping.
This patch also disables of calling this function by timer, because
it is not needed after making modifications of main_loop_wait.
Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
Message-Id: <
20150917162439.8676.38290.stgit@PASHA-ISP.def.inno>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
Pavel Dovgalyuk [Thu, 17 Sep 2015 16:24:33 +0000 (19:24 +0300)]
replay: shutdown event
This patch records and replays simulator shutdown event.
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
Message-Id: <
20150917162433.8676.32262.stgit@PASHA-ISP.def.inno>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
Pavel Dovgalyuk [Thu, 17 Sep 2015 16:24:28 +0000 (19:24 +0300)]
replay: recording and replaying clock ticks
Clock ticks are considered as the sources of non-deterministic data for
virtual machine. This patch implements saving the clock values when they
are acquired (virtual, host clock).
When replaying the execution corresponding values are read from log and
transfered to the module, which wants to read the values.
Such a design required the clock polling to be synchronized. Sometimes
it is not true - e.g. when timeouts for timer lists are checked. In this case
we use a cached value of the clock, passing it to the client code.
Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
Message-Id: <
20150917162427.8676.36558.stgit@PASHA-ISP.def.inno>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
projects / sdk / emulator / qemu.git / log