OSDN Git Service

qmiga/qemu.git
5 years agoMerge remote-tracking branch 'remotes/cohuck/tags/s390x-20190118' into staging
Peter Maydell [Fri, 18 Jan 2019 16:56:15 +0000 (16:56 +0000)]
Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20190118' into staging

s390x updates:
- clang compilation fixes
- fixes in zpci hotplug code
- handle unimplemented diag 308 subcodes correctly
- add common fmb in zpci

# gpg: Signature made Fri 18 Jan 2019 12:13:26 GMT
# gpg:                using RSA key DECF6B93C6F02FAF
# gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>"
# gpg:                 aka "Cornelia Huck <huckc@linux.vnet.ibm.com>"
# gpg:                 aka "Cornelia Huck <cornelia.huck@de.ibm.com>"
# gpg:                 aka "Cornelia Huck <cohuck@kernel.org>"
# gpg:                 aka "Cornelia Huck <cohuck@redhat.com>"
# Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0  18CE DECF 6B93 C6F0 2FAF

* remotes/cohuck/tags/s390x-20190118:
  s390x/pci: add common function measurement block
  s390x/pci: Ignore the unplug call if we already have a release_timer
  s390x/pci: Always delete and free the release_timer
  s390x/pci: Move some hotplug checks to the pre_plug handler
  s390x/pci: Use hotplug_dev instead of looking up the host bridge
  s390x/pci: Set the iommu region size mpcifc request
  s390x/pci: Send correct event on hotplug
  configure: Only build the s390-ccw bios if the compiler supports -march=z900
  s390x: Return specification exception for unimplemented diag 308 subcodes
  pc-bios/s390-ccw: Use proper register names for Clang
  s390: avoid potential null dereference in s390_pcihost_unplug()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
5 years agoMerge remote-tracking branch 'remotes/ehabkost/tags/python-next-pull-request' into...
Peter Maydell [Fri, 18 Jan 2019 15:56:41 +0000 (15:56 +0000)]
Merge remote-tracking branch 'remotes/ehabkost/tags/python-next-pull-request' into staging

Python queue, 2019-01-17

Fixes:
* Actually test different Python versions on Travis CI
* Fix qemu.py error message when qemu dies from signal

Cleanups:
* Track Python version on config-host.mak
* Remove fixed crashes from scripts/device-crash-test
* Acceptance tests: Linux initrd checking test
* Fix utf-8 mangling at scripts/replay-dump.py
* Remove unused python imports from multiple scripts

# gpg: Signature made Thu 17 Jan 2019 20:16:41 GMT
# gpg:                using RSA key 2807936F984DC5A6
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>"
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF  D1AA 2807 936F 984D C5A6

* remotes/ehabkost/tags/python-next-pull-request:
  scripts/replay-dump.py: fix utf-8 mangling
  qemu.py: Fix error message when qemu dies from signal
  Acceptance tests: add Linux initrd checking test
  check-help: visual and content improvements
  Travis CI: make specified Python versions usable on jobs
  check-venv: use recorded Python version
  configure: keep track of Python version
  scripts: Remove unused python imports
  scripts/device-crash-test: Remove known crashes

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
5 years agoMerge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
Peter Maydell [Fri, 18 Jan 2019 14:58:57 +0000 (14:58 +0000)]
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

pci, pc, virtio: fixes, features

tpm physical presence interface
rsc support in virtio net
ivshmem is removed
misc cleanups and fixes all over the place

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Fri 18 Jan 2019 02:11:11 GMT
# gpg:                using RSA key 281F0DB8D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17  0970 C350 3912 AFBE 8E67
#      Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA  8A0D 281F 0DB8 D28D 5469

* remotes/mst/tags/for_upstream: (49 commits)
  migration: Use strnlen() for fixed-size string
  migration: Fix stringop-truncation warning
  hw/acpi: Use QEMU_NONSTRING for non NUL-terminated arrays
  block/sheepdog: Use QEMU_NONSTRING for non NUL-terminated arrays
  qemu/compiler: Define QEMU_NONSTRING
  acpi: update expected files
  hw: acpi: Fix memory hotplug AML generation error
  tpm: clear RAM when "memory overwrite" requested
  acpi: add ACPI memory clear interface
  acpi: build TPM Physical Presence interface
  acpi: expose TPM/PPI configuration parameters to firmware via fw_cfg
  tpm: allocate/map buffer for TPM Physical Presence interface
  tpm: add a "ppi" boolean property
  hw/misc/edu: add msi_uninit() for pci_edu_uninit()
  virtio: Make disable-legacy/disable-modern compat properties optional
  globals: Allow global properties to be optional
  virtio: virtio 9p really requires CONFIG_VIRTFS to work
  virtio: split virtio crypto bits from virtio-pci.h
  virtio: split virtio gpu bits from virtio-pci.h
  virtio: split virtio serial bits from virtio-pci
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
5 years agos390x/pci: add common function measurement block
Yi Min Zhao [Tue, 8 Jan 2019 17:37:30 +0000 (18:37 +0100)]
s390x/pci: add common function measurement block

Common function measurement block is used to report zPCI internal
counters of successful pcilg/stg/stb and rpcit instructions to
a memory location provided by the program.

This patch introduces a new ZpciFmb structure and schedules a timer
callback to copy the zPCI measures to the FMB in the guest memory
at an interval time set to 4s.

An error while attemping to update the FMB, would generate an error
event to the guest.

The pcilg/stg/stb and rpcit interception handlers increase the
related counter on a successful call.
The guest shall pass a null FMBA (FMB address) in the FIB (Function
Information Block) when it issues a Modify PCI Function Control
instruction to switch off FMB and stop the corresponding timer.

Signed-off-by: Yi Min Zhao <zyimin@linux.ibm.com>
Signed-off-by: Pierre Morel <pmorel@linux.ibm.com>
Message-Id: <1546969050-8884-2-git-send-email-pmorel@linux.ibm.com>
Acked-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Collin Walling <walling@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
5 years agos390x/pci: Ignore the unplug call if we already have a release_timer
David Hildenbrand [Mon, 14 Jan 2019 10:31:08 +0000 (11:31 +0100)]
s390x/pci: Ignore the unplug call if we already have a release_timer

... otherwise two successive calls to qdev_unplug() (e.g. by an impatient
user) will effectively overwrite pbdev->release_timer, resulting in a
memory leak. We are already processing the unplug.

If there is already a release_timer, the unplug will be performed after
the timeout.

Can be easily triggered by
(hmp) device_add virtio-mouse-pci,id=test
(hmp) stop
(hmp) device_del test
(hmp) device_del test

Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20190114103110.10909-5-david@redhat.com>
Reviewed-by: Collin Walling <walling@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
5 years agos390x/pci: Always delete and free the release_timer
David Hildenbrand [Mon, 14 Jan 2019 10:31:07 +0000 (11:31 +0100)]
s390x/pci: Always delete and free the release_timer

We should always get rid of it. I don't see a reason to keep the timer
alive if the devices are going away. This looks like a memory leak.

(hmp) device_add virtio-mouse-pci,id=test
(hmp) device_del test
-> guest notified, timer pending.
-> guest does not react for some reason (e.g. crash)
-> s390_pcihost_timer_cb(). Timer not pending anymore. qmp_unplug().

-> Device deleted. Timer expired (not pending) but not freed.

Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20190114103110.10909-4-david@redhat.com>
Reviewed-by: Collin Walling <walling@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
5 years agos390x/pci: Move some hotplug checks to the pre_plug handler
David Hildenbrand [Mon, 14 Jan 2019 10:31:06 +0000 (11:31 +0100)]
s390x/pci: Move some hotplug checks to the pre_plug handler

Let's move most of the checks to the new pre_plug handler. As a PCI
bridge is just a PCI device, we can simplify the code.

Notes: We cannot yet move the MSIX check or device ID creation +
zPCI device creation to the pre_plug handler as both parts are not
fixed before actual device realization (and therefore after pre_plug and
before plug). Once that part is factored out, we can move these parts to
the pre_plug handler, too and therefore remove all possible errors from
the plug handler.

Reviewed-by: Collin Walling <walling@linux.ibm.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20190114103110.10909-3-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
5 years agos390x/pci: Use hotplug_dev instead of looking up the host bridge
David Hildenbrand [Mon, 14 Jan 2019 10:31:05 +0000 (11:31 +0100)]
s390x/pci: Use hotplug_dev instead of looking up the host bridge

We directly have it in our hands.

Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20190114103110.10909-2-david@redhat.com>
Reviewed-by: Collin Walling <walling@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
5 years agos390x/pci: Set the iommu region size mpcifc request
Pierre Morel [Thu, 10 Jan 2019 13:00:07 +0000 (14:00 +0100)]
s390x/pci: Set the iommu region size mpcifc request

The size of the accessible iommu memory region in the guest
is given to the IOMMU by the guest through the mpcifc request
specifying the PCI Base Address and the PCI Address Limit.

Let's set the size of the IOMMU region to:
    (PCI Address Limit) - (PCI Base Address) + 1.

Fixes: f7c40aa1e7 ("s390x/pci: fix failures of dma map/unmap")
Signed-off-by: Pierre Morel <pmorel@linux.ibm.com>
Message-Id: <1547125207-16907-2-git-send-email-pmorel@linux.ibm.com>
Acked-by: Collin Walling <walling@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
5 years agos390x/pci: Send correct event on hotplug
David Hildenbrand [Thu, 10 Jan 2019 21:03:58 +0000 (22:03 +0100)]
s390x/pci: Send correct event on hotplug

Comit 2c28c490571f ("s390x/pci: let pci devices start in configured mode")
changed the initial state of zPCI devices from ZPCI_FS_STANDBY to
ZPCI_FS_DISABLED (a.k.a. configured). However we still only send a
HP_EVENT_RESERVED_TO_STANDBY event to the guest, indicating a wrong
state.

Let's send a HP_EVENT_TO_CONFIGURED event instead, to match the actual
state the device is in.

This fixes hotplugged devices having to be enabled explicitly in the
guest e.g. via echo 1 > /sys/bus/pci/slots/00000000/power.

On real HW, a PCI device always pops up in the STANDBY state. In QEMU,
we decided to let it show up directly in the configured state (as
configuring it is otherwise just an extra burden for the admin). We can
safely bypass the STANDBY state when hotplugging PCI devices to a guest.

Fixes: 2c28c490571f ("s390x/pci: let pci devices start in configured mode")
Reported-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20190110210358.24035-1-david@redhat.com>
Tested-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Pierre Morel <pmorel@linux.ibm.com>
Reviewed-by: Collin Walling <walling@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
5 years agoconfigure: Only build the s390-ccw bios if the compiler supports -march=z900
Thomas Huth [Mon, 14 Jan 2019 12:52:26 +0000 (13:52 +0100)]
configure: Only build the s390-ccw bios if the compiler supports -march=z900

We want to build our s390-ccw bios with -march=z900 so that it also
works with the oldest s390x CPU that we support with TCG. However,
Clang on s390x does not support -march=z900 anymore, so we can not
use this compiler to build the s390-ccw bios. Thus add a proper test
to the configure script to see whether the compiler is usable.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <1547470346-18416-1-git-send-email-thuth@redhat.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
5 years agos390x: Return specification exception for unimplemented diag 308 subcodes
Janosch Frank [Fri, 11 Jan 2019 11:36:57 +0000 (12:36 +0100)]
s390x: Return specification exception for unimplemented diag 308 subcodes

The architecture specifies specification exceptions for all
unavailable subcodes.

The presence of subcodes is indicated by checking some query subcode.
For example 6 will indicate that 3-6 are available. So future systems
might call new subcodes to check for new features. This should not
trigger a hw error, instead we return the architectured specification
exception.

Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Cc: qemu-stable@nongnu.org
Message-Id: <20190111113657.66195-3-frankja@linux.ibm.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
5 years agopc-bios/s390-ccw: Use proper register names for Clang
Thomas Huth [Thu, 10 Jan 2019 12:32:39 +0000 (13:32 +0100)]
pc-bios/s390-ccw: Use proper register names for Clang

When compiling the s390-ccw firmware with Clang 7.0.1, I get the
following errors:

pc-bios/s390-ccw/start.S:62:19: error: invalid use of length addressing
        stctg 0,0,0(15)
                  ^
pc-bios/s390-ccw/start.S:63:12: error: invalid use of length addressing
        oi 6(15), 0x2
           ^
pc-bios/s390-ccw/start.S:64:19: error: invalid use of length addressing
        lctlg 0,0,0(15)
                  ^
pc-bios/s390-ccw/start.S:76:19: error: invalid use of length addressing
        stctg 0,0,0(15)
                  ^
pc-bios/s390-ccw/start.S:77:12: error: invalid use of length addressing
        ni 6(15), 0xfd
           ^
pc-bios/s390-ccw/start.S:78:19: error: invalid use of length addressing
        lctlg 0,0,0(15)
                  ^
pc-bios/s390-ccw/start.S:79:12: error: invalid operand for instruction
        br 14
           ^

Let's use proper register names like in the rest of this file to fix it.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <1547123559-30476-1-git-send-email-thuth@redhat.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
5 years agos390: avoid potential null dereference in s390_pcihost_unplug()
Li Qiang [Tue, 8 Jan 2019 15:11:14 +0000 (07:11 -0800)]
s390: avoid potential null dereference in s390_pcihost_unplug()

When getting the 'pbdev', the if...else has no default branch.
From Coverity, the 'pbdev' maybe null when the 'dev' is not
the TYPE_PCI_BRIDGE/TYPE_PCI_DEVICE/TYPE_S390_PCI_DEVICE.
This patch adds a default branch for device plug and unplug.

Spotted by Coverity: CID 1398593

Signed-off-by: Li Qiang <liq3ea@163.com>
Message-Id: <20190108151114.33140-1-liq3ea@163.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Halil Pasic <pasic@linux.ibm.com>
Reviewed-by: Collin Walling <walling@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
5 years agomigration: Use strnlen() for fixed-size string
Philippe Mathieu-Daudé [Thu, 3 Jan 2019 08:56:38 +0000 (09:56 +0100)]
migration: Use strnlen() for fixed-size string

GCC 8 introduced the -Wstringop-overflow, which detect buffer overflow
by string-modifying functions declared in <string.h>, such strncpy(),
used in global_state_store_running().

GCC indeed found an incorrect use of strlen(), because this array
is loaded by VMSTATE_BUFFER(runstate, GlobalState) then parsed
using qapi_enum_parse which does not get the buffer length.

Use strnlen() which returns sizeof(s->runstate) if the array is not
NUL-terminated, assert the size is within range, and enforce the array
to be NUL-terminated to avoid an overflow in qapi_enum_parse().

This fixes:

    CC      migration/global_state.o
  qemu/migration/global_state.c: In function 'global_state_pre_save':
  qemu/migration/global_state.c:109:15: error: 'strlen' argument 1 declared attribute 'nonstring' [-Werror=stringop-overflow=]
       s->size = strlen((char *)s->runstate) + 1;
                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~
  qemu/migration/global_state.c:24:13: note: argument 'runstate' declared here
       uint8_t runstate[100] QEMU_NONSTRING;
               ^~~~~~~~
  cc1: all warnings being treated as errors
  make: *** [qemu/rules.mak:69: migration/global_state.o] Error 1

Suggested-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
5 years agomigration: Fix stringop-truncation warning
Marc-André Lureau [Thu, 3 Jan 2019 08:56:37 +0000 (09:56 +0100)]
migration: Fix stringop-truncation warning

GCC 8 added a -Wstringop-truncation warning:

  The -Wstringop-truncation warning added in GCC 8.0 via r254630 for
  bug 81117 is specifically intended to highlight likely unintended
  uses of the strncpy function that truncate the terminating NUL
  character from the source string.

This new warning leads to compilation failures:

    CC      migration/global_state.o
  qemu/migration/global_state.c: In function 'global_state_store_running':
  qemu/migration/global_state.c:45:5: error: 'strncpy' specified bound 100 equals destination size [-Werror=stringop-truncation]
       strncpy((char *)global_state.runstate, state, sizeof(global_state.runstate));
       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  make: *** [qemu/rules.mak:69: migration/global_state.o] Error 1

Adding an assert is enough to silence GCC.

(alternatively, we could hard-code "running")

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
[PMD: More verbose commit message]
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
5 years agohw/acpi: Use QEMU_NONSTRING for non NUL-terminated arrays
Philippe Mathieu-Daudé [Thu, 3 Jan 2019 08:56:36 +0000 (09:56 +0100)]
hw/acpi: Use QEMU_NONSTRING for non NUL-terminated arrays

GCC 8 added a -Wstringop-truncation warning:

  The -Wstringop-truncation warning added in GCC 8.0 via r254630 for
  bug 81117 is specifically intended to highlight likely unintended
  uses of the strncpy function that truncate the terminating NUL
  character from the source string.

This new warning leads to compilation failures:

    CC      hw/acpi/core.o
  In function 'acpi_table_install', inlined from 'acpi_table_add' at qemu/hw/acpi/core.c:296:5:
  qemu/hw/acpi/core.c:184:9: error: 'strncpy' specified bound 4 equals destination size [-Werror=stringop-truncation]
           strncpy(ext_hdr->sig, hdrs->sig, sizeof ext_hdr->sig);
           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  make: *** [qemu/rules.mak:69: hw/acpi/core.o] Error 1

Use the QEMU_NONSTRING attribute, since ACPI tables don't require the
strings to be NUL-terminated.

Suggested-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
5 years agoblock/sheepdog: Use QEMU_NONSTRING for non NUL-terminated arrays
Philippe Mathieu-Daudé [Thu, 3 Jan 2019 08:56:35 +0000 (09:56 +0100)]
block/sheepdog: Use QEMU_NONSTRING for non NUL-terminated arrays

GCC 8 added a -Wstringop-truncation warning:

  The -Wstringop-truncation warning added in GCC 8.0 via r254630 for
  bug 81117 is specifically intended to highlight likely unintended
  uses of the strncpy function that truncate the terminating NUL
  character from the source string.

This new warning leads to compilation failures:

    CC      block/sheepdog.o
  qemu/block/sheepdog.c: In function 'find_vdi_name':
  qemu/block/sheepdog.c:1239:5: error: 'strncpy' specified bound 256 equals destination size [-Werror=stringop-truncation]
       strncpy(buf + SD_MAX_VDI_LEN, tag, SD_MAX_VDI_TAG_LEN);
       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  make: *** [qemu/rules.mak:69: block/sheepdog.o] Error 1

As described previous to the strncpy() calls, the use of strncpy() is
correct here:

    /* This pair of strncpy calls ensures that the buffer is zero-filled,
     * which is desirable since we'll soon be sending those bytes, and
     * don't want the send_req to read uninitialized data.
     */
    strncpy(buf, filename, SD_MAX_VDI_LEN);
    strncpy(buf + SD_MAX_VDI_LEN, tag, SD_MAX_VDI_TAG_LEN);

Use the QEMU_NONSTRING attribute, since this array is intended to store
character arrays that do not necessarily contain a terminating NUL.

Suggested-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
5 years agoqemu/compiler: Define QEMU_NONSTRING
Philippe Mathieu-Daudé [Thu, 3 Jan 2019 08:56:34 +0000 (09:56 +0100)]
qemu/compiler: Define QEMU_NONSTRING

GCC 8 introduced the -Wstringop-truncation checker to detect truncation by
the strncat and strncpy functions (closely related to -Wstringop-overflow,
which detect buffer overflow by string-modifying functions declared in
<string.h>).

In tandem of -Wstringop-truncation, the "nonstring" attribute was added:

  The nonstring variable attribute specifies that an object or member
  declaration with type array of char, signed char, or unsigned char,
  or pointer to such a type is intended to store character arrays that
  do not necessarily contain a terminating NUL. This is useful in detecting
  uses of such arrays or pointers with functions that expect NUL-terminated
  strings, and to avoid warnings when such an array or pointer is used as
  an argument to a bounded string manipulation function such as strncpy.

  From the GCC manual: https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html#index-nonstring-variable-attribute

Add the QEMU_NONSTRING macro which checks if the compiler supports this
attribute.

Suggested-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
5 years agoacpi: update expected files
Michael S. Tsirkin [Tue, 15 Jan 2019 00:29:32 +0000 (19:29 -0500)]
acpi: update expected files

Update expected files affected by:
hw: acpi: Fix memory hotplug AML generation error

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
5 years agohw: acpi: Fix memory hotplug AML generation error
Yang Zhong [Mon, 5 Nov 2018 01:40:39 +0000 (02:40 +0100)]
hw: acpi: Fix memory hotplug AML generation error

When using the generated memory hotplug AML, the iasl
compiler would give the following error:

dsdt.dsl 266: Return (MOST (_UID, Arg0, Arg1, Arg2))
Error 6080 - Called method returns no value ^

Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
5 years agotpm: clear RAM when "memory overwrite" requested
Marc-André Lureau [Mon, 14 Jan 2019 22:27:54 +0000 (02:27 +0400)]
tpm: clear RAM when "memory overwrite" requested

Note: the "Platform Reset Attack Mitigation" specification isn't
explicit about NVDIMM, since they could have different usages. It uses
the term "system memory" generally (and also "volatile memory RAM" in
its introduction). For initial support, I propose to consider
non-volatile memory as not being subject to the memory clear. There is
an on-going discussion in the TCG "pcclientwg" working group for
future revisions.

CPU cache clearing is done unconditionally in edk2 since commit
d20ae95a13e851 (edk2-stable201811).

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
5 years agoacpi: add ACPI memory clear interface
Marc-André Lureau [Mon, 14 Jan 2019 22:27:53 +0000 (02:27 +0400)]
acpi: add ACPI memory clear interface

The interface is described in the "TCG Platform Reset Attack
Mitigation Specification", chapter 6 "ACPI _DSM Function". According
to Laszlo, it's not so easy to implement in OVMF, he suggested to do
it in qemu instead.

See specification documentation for more details, and next commit for
memory clear on reset handling.

The underlying TCG specification is accessible from the following
page.

https://trustedcomputinggroup.org/resource/pc-client-work-group-platform-reset-attack-mitigation-specification-version-1-0/

This patch implements version 1.0.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Tested-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
5 years agoacpi: build TPM Physical Presence interface
Stefan Berger [Mon, 14 Jan 2019 22:27:52 +0000 (02:27 +0400)]
acpi: build TPM Physical Presence interface

The TPM Physical Presence interface consists of an ACPI part, a shared
memory part, and code in the firmware. Users can send messages to the
firmware by writing a code into the shared memory through invoking the
ACPI code. When a reboot happens, the firmware looks for the code and
acts on it by sending sequences of commands to the TPM.

This patch adds the ACPI code. It is similar to the one in EDK2 but doesn't
assume that SMIs are necessary to use. It uses a similar datastructure for
the shared memory as EDK2 does so that EDK2 and SeaBIOS could both make use
of it. I extended the shared memory data structure with an array of 256
bytes, one for each code that could be implemented. The array contains
flags describing the individual codes. This decouples the ACPI implementation
from the firmware implementation.

The underlying TCG specification is accessible from the following page.

https://trustedcomputinggroup.org/tcg-physical-presence-interface-specification/

This patch implements version 1.30.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
[ Marc-André - ACPI code improvements and windows fixes ]
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
5 years agoacpi: expose TPM/PPI configuration parameters to firmware via fw_cfg
Stefan Berger [Mon, 14 Jan 2019 22:27:51 +0000 (02:27 +0400)]
acpi: expose TPM/PPI configuration parameters to firmware via fw_cfg

To avoid having to hard code the base address of the PPI virtual
memory device we introduce a fw_cfg file etc/tpm/config that holds the
base address of the PPI device, the version of the PPI interface and
the version of the attached TPM.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
[ Marc-André: renamed to etc/tpm/config, made it static, document it ]
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
5 years agotpm: allocate/map buffer for TPM Physical Presence interface
Stefan Berger [Mon, 14 Jan 2019 22:27:50 +0000 (02:27 +0400)]
tpm: allocate/map buffer for TPM Physical Presence interface

Implement a virtual memory device for the TPM Physical Presence interface.
The memory is located at 0xFED45000 and used by ACPI to send messages to the
firmware (BIOS) and by the firmware to provide parameters for each one of
the supported codes.

This interface should be used by all TPM devices on x86 and can be
added by calling tpm_ppi_init_io().

Note: bios_linker cannot be used to allocate the PPI memory region,
since the reserved memory should stay stable across reboots, and might
be needed before the ACPI tables are installed.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
5 years agotpm: add a "ppi" boolean property
Marc-André Lureau [Mon, 14 Jan 2019 22:27:49 +0000 (02:27 +0400)]
tpm: add a "ppi" boolean property

The following patches implement the TPM Physical Presence Interface,
make use of a new memory region and a fw_cfg entry. Enable PPI by
default with >=4.0 machine type, to avoid migration issues.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
5 years agohw/misc/edu: add msi_uninit() for pci_edu_uninit()
Fei Li [Mon, 14 Jan 2019 13:10:15 +0000 (21:10 +0800)]
hw/misc/edu: add msi_uninit() for pci_edu_uninit()

Let's supplement the msi_uninit() when failing to realize
the pci edu device.

Reported-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Fei Li <shirley17fei@gmail.com>
Reviewed-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
5 years agovirtio: Make disable-legacy/disable-modern compat properties optional
Eduardo Habkost [Thu, 10 Jan 2019 18:04:58 +0000 (16:04 -0200)]
virtio: Make disable-legacy/disable-modern compat properties optional

The disable-legacy and disable-modern properties apply only to
some virtio-pci devices.  Make those properties optional.

This fixes the crash introduced by commit f6e501a28ef9 ("virtio: Provide
version-specific variants of virtio PCI devices"):

  $ qemu-system-x86_64 -machine pc-i440fx-2.6 \
    -device virtio-net-pci-non-transitional
  Unexpected error in object_property_find() at qom/object.c:1092:
  qemu-system-x86_64: -device virtio-net-pci-non-transitional: can't apply \
  global virtio-pci.disable-modern=on: Property '.disable-modern' not found
  Aborted (core dumped)

Reported-by: Thomas Huth <thuth@redhat.com>
Fixes: f6e501a28ef9 ("virtio: Provide version-specific variants of virtio PCI devices")
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
5 years agoglobals: Allow global properties to be optional
Eduardo Habkost [Thu, 10 Jan 2019 18:04:57 +0000 (16:04 -0200)]
globals: Allow global properties to be optional

Making some global properties optional will let us simplify
compat code when a given property works on most (but not all)
subclasses of a given type.

Device types will be able to opt out from optional compat
properties by simply not registering those properties.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
5 years agovirtio: virtio 9p really requires CONFIG_VIRTFS to work
Juan Quintela [Thu, 3 Jan 2019 14:10:13 +0000 (15:10 +0100)]
virtio: virtio 9p really requires CONFIG_VIRTFS to work

Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
5 years agovirtio: split virtio crypto bits from virtio-pci.h
Juan Quintela [Thu, 3 Jan 2019 14:10:12 +0000 (15:10 +0100)]
virtio: split virtio crypto bits from virtio-pci.h

Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
5 years agovirtio: split virtio gpu bits from virtio-pci.h
Juan Quintela [Thu, 3 Jan 2019 14:10:11 +0000 (15:10 +0100)]
virtio: split virtio gpu bits from virtio-pci.h

Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
5 years agovirtio: split virtio serial bits from virtio-pci
Juan Quintela [Thu, 3 Jan 2019 14:10:10 +0000 (15:10 +0100)]
virtio: split virtio serial bits from virtio-pci

Virtio console and qga tests also depend on CONFIG_VIRTIO_SERIAL.

Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
5 years agovirtio: split virtio net bits from virtio-pci
Juan Quintela [Thu, 3 Jan 2019 14:10:09 +0000 (15:10 +0100)]
virtio: split virtio net bits from virtio-pci

Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
5 years agovirtio: split virtio blk bits from virtio-pci
Juan Quintela [Thu, 3 Jan 2019 14:10:08 +0000 (15:10 +0100)]
virtio: split virtio blk bits from virtio-pci

Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
5 years agovirtio: split virtio scsi bits from virtio-pci
Juan Quintela [Thu, 3 Jan 2019 14:10:07 +0000 (15:10 +0100)]
virtio: split virtio scsi bits from virtio-pci

Notice that we can't still run tests with it disabled.  Both cdrom-test and
drive_del-test use virtio-scsi without checking if it is enabled.

Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
5 years agovirtio: split vhost scsi bits from virtio-pci
Juan Quintela [Thu, 3 Jan 2019 14:10:06 +0000 (15:10 +0100)]
virtio: split vhost scsi bits from virtio-pci

Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
5 years agovirtio: split vhost user scsi bits from virtio-pci
Juan Quintela [Thu, 3 Jan 2019 14:10:05 +0000 (15:10 +0100)]
virtio: split vhost user scsi bits from virtio-pci

Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
5 years agovirtio: split vhost user blk bits from virtio-pci
Juan Quintela [Thu, 3 Jan 2019 14:10:04 +0000 (15:10 +0100)]
virtio: split vhost user blk bits from virtio-pci

Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
5 years agovirtio: split virtio 9p bits from virtio-pci
Juan Quintela [Thu, 3 Jan 2019 14:10:03 +0000 (15:10 +0100)]
virtio: split virtio 9p bits from virtio-pci

Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Acked-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
5 years agovirtio: split virtio balloon bits from virtio-pci
Juan Quintela [Thu, 3 Jan 2019 14:10:02 +0000 (15:10 +0100)]
virtio: split virtio balloon bits from virtio-pci

Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
5 years agovirtio: split virtio rng bits from virtio-pci
Juan Quintela [Thu, 3 Jan 2019 14:10:01 +0000 (15:10 +0100)]
virtio: split virtio rng bits from virtio-pci

Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
5 years agovirtio: split virtio input bits from virtio-pci
Juan Quintela [Thu, 3 Jan 2019 14:10:00 +0000 (15:10 +0100)]
virtio: split virtio input bits from virtio-pci

Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
5 years agovirtio: split virtio input host bits from virtio-pci
Juan Quintela [Thu, 3 Jan 2019 14:09:59 +0000 (15:09 +0100)]
virtio: split virtio input host bits from virtio-pci

For consistency with other devices, rename
virtio_host_{initfn,pci_info} to virtio_input_host_{initfn,info}.

Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
5 years agovirtio: split vhost vsock bits from virtio-pci
Juan Quintela [Thu, 3 Jan 2019 14:09:58 +0000 (15:09 +0100)]
virtio: split vhost vsock bits from virtio-pci

Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
5 years agovirtio-net: changed VIRTIO_NET_F_RSC_EXT to be 61
Yuri Benditovich [Thu, 3 Jan 2019 13:12:30 +0000 (15:12 +0200)]
virtio-net: changed VIRTIO_NET_F_RSC_EXT to be 61

Allocated feature bit changed in spec draft per TC request.

Signed-off-by: Yuri Benditovich <yuri.benditovich@daynix.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
5 years agovirtio-net: support RSC v4/v6 tcp traffic for Windows HCK
Yuri Benditovich [Thu, 3 Jan 2019 13:12:29 +0000 (15:12 +0200)]
virtio-net: support RSC v4/v6 tcp traffic for Windows HCK

This commit adds implementation of RX packets
coalescing, compatible with requirements of Windows
Hardware compatibility kit.

The device enables feature VIRTIO_NET_F_RSC_EXT in
host features if it supports extended RSC functionality
as defined in the specification.
This feature requires at least one of VIRTIO_NET_F_GUEST_TSO4,
VIRTIO_NET_F_GUEST_TSO6. Windows guest driver acks
this feature only if VIRTIO_NET_F_CTRL_GUEST_OFFLOADS
is also present.

If the guest driver acks VIRTIO_NET_F_RSC_EXT feature,
the device coalesces TCPv4 and TCPv6 packets (if
respective VIRTIO_NET_F_GUEST_TSO feature is on,
populates extended RSC information in virtio header
and sets VIRTIO_NET_HDR_F_RSC_INFO bit in header flags.
The device does not recalculate checksums in the coalesced
packet, so they are not valid.

In this case:
All the data packets in a tcp connection are cached
to a single buffer in every receive interval, and will
be sent out via a timer, the 'virtio_net_rsc_timeout'
controls the interval, this value may impact the
performance and response time of tcp connection,
50000(50us) is an experience value to gain a performance
improvement, since the whql test sends packets every 100us,
so '300000(300us)' passes the test case, it is the default
value as well, tune it via the command line parameter
'rsc_interval' within 'virtio-net-pci' device, for example,
to launch a guest with interval set as '500000':

'virtio-net-pci,netdev=hostnet1,bus=pci.0,id=net1,mac=00,
guest_rsc_ext=on,rsc_interval=500000'

The timer will only be triggered if the packets pool is not empty,
and it'll drain off all the cached packets.

'NetRscChain' is used to save the segments of IPv4/6 in a
VirtIONet device.

A new segment becomes a 'Candidate' as well as it passed sanity check,
the main handler of TCP includes TCP window update, duplicated
ACK check and the real data coalescing.

An 'Candidate' segment means:
1. Segment is within current window and the sequence is the expected one.
2. 'ACK' of the segment is in the valid window.

Sanity check includes:
1. Incorrect version in IP header
2. An IP options or IP fragment
3. Not a TCP packet
4. Sanity size check to prevent buffer overflow attack.
5. An ECN packet

Even though, there might more cases should be considered such as
ip identification other flags, while it breaks the test because
windows set it to the same even it's not a fragment.

Normally it includes 2 typical ways to handle a TCP control flag,
'bypass' and 'finalize', 'bypass' means should be sent out directly,
while 'finalize' means the packets should also be bypassed, but this
should be done after search for the same connection packets in the
pool and drain all of them out, this is to avoid out of order fragment.

All the 'SYN' packets will be bypassed since this always begin a new'
connection, other flags such 'URG/FIN/RST/CWR/ECE' will trigger a
finalization, because this normally happens upon a connection is going
to be closed, an 'URG' packet also finalize current coalescing unit.

Statistics can be used to monitor the basic coalescing status, the
'out of order' and 'out of window' means how many retransmitting packets,
thus describe the performance intuitively.

Difference between ip v4 and v6 processing:
 Fragment length in ipv4 header includes itself, while it's not
 included for ipv6, thus means ipv6 can carry a real 65535 payload.

Note that main goal of implementing this feature in software
is to create reference setup for certification tests. In such
setups guest migration is not required, so the coalesced packets
not yet delivered to the guest will be lost in case of migration.

Signed-off-by: Wei Xu <wexu@redhat.com>
Signed-off-by: Yuri Benditovich <yuri.benditovich@daynix.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
5 years agotests: acpi: use AcpiSdtTable::aml instead of AcpiSdtTable::header::signature
Igor Mammedov [Thu, 27 Dec 2018 14:13:34 +0000 (15:13 +0100)]
tests: acpi: use AcpiSdtTable::aml instead of AcpiSdtTable::header::signature

AcpiSdtTable::header::signature is the only remained field from
AcpiTableHeader structure used by tests. Instead of using packed
structure to access signature, just read it directly from table
blob and remove no longer used AcpiSdtTable::header / union and
keep only AcpiSdtTable::aml byte array.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Acked-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
5 years agotests: acpi: squash sanitize_fadt_ptrs() into test_acpi_fadt_table()
Igor Mammedov [Thu, 27 Dec 2018 14:13:33 +0000 (15:13 +0100)]
tests: acpi: squash sanitize_fadt_ptrs() into test_acpi_fadt_table()

some parts of sanitize_fadt_ptrs() do redundant job
  - locating FADT
  - checking original checksum

There is no need to do it as test_acpi_fadt_table() already does that,
so drop duplicate code and move remaining fixup code into
test_acpi_fadt_table().

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Acked-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
5 years agotests: smbios: fetch whole table in one step instead of reading it step by step
Igor Mammedov [Thu, 27 Dec 2018 14:13:32 +0000 (15:13 +0100)]
tests: smbios: fetch whole table in one step instead of reading it step by step

replace a bunch of ACPI_READ_ARRAY/ACPI_READ_FIELD macro, that read
SMBIOS table field by field with one memread() to fetch whole table
at once and drop no longer used ACPI_READ_ARRAY/ACPI_READ_FIELD macro.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Acked-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
5 years agotests: acpi: reuse fetch_table() in vmgenid-test
Igor Mammedov [Thu, 27 Dec 2018 14:13:31 +0000 (15:13 +0100)]
tests: acpi: reuse fetch_table() in vmgenid-test

Move fetch_table() into acpi-utils.c renaming it to acpi_fetch_table()
and reuse it in vmgenid-test that reads RSDT and then tables it references,
to find and parse VMGNEID SSDT.
While at it wrap RSDT referenced tables enumeration into FOREACH macro
(similar to what we do with QLIST_FOREACH & co) to reuse it with bios and
vmgenid tests.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Acked-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
5 years agoscripts/replay-dump.py: fix utf-8 mangling
Alex Bennée [Thu, 17 Jan 2019 15:33:38 +0000 (15:33 +0000)]
scripts/replay-dump.py: fix utf-8 mangling

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20190117153338.11820-1-alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Cleber Rosa <crosa@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
5 years agoqemu.py: Fix error message when qemu dies from signal
Eric Blake [Fri, 11 Jan 2019 20:13:30 +0000 (14:13 -0600)]
qemu.py: Fix error message when qemu dies from signal

When qemu dies from a signal, the python code gets a negative
value for exitcode; but signal numbers are positive.  Copy the
pattern used in qemu-iotests/iotests.py for reporting a positive
value.

CC: qemu-trivial@nongnu.org
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20190111201330.14473-1-eblake@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
5 years agoAcceptance tests: add Linux initrd checking test
Wainer dos Santos Moschetta [Fri, 9 Nov 2018 18:21:53 +0000 (13:21 -0500)]
Acceptance tests: add Linux initrd checking test

QEMU used to exits with a not accurate error message when
an initrd > 2GiB was passed. That was fixed on patch:

commit f3839fda5771596152b75dd1e1a6d050e6e6e380
Author: Li Zhijian <lizhijian@cn.fujitsu.com>
Date:   Thu Sep 13 18:07:13 2018 +0800

     change get_image_size return type to int64_t

This change adds a regression test for that fix. It starts
QEMU with a 2GiB dummy initrd, and checks that it evaluates the
file size correctly and prints an accurate message.

Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Reviewed-by: Caio Carrara <ccarrara@redhat.com>
Reviewed-by: Cleber Rosa <crosa@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20181109182153.5390-1-wainersm@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
5 years agocheck-help: visual and content improvements
Cleber Rosa [Fri, 9 Nov 2018 15:07:10 +0000 (10:07 -0500)]
check-help: visual and content improvements

The "check" target is not a target that will run all other tests
listed, so in order to be accurate it's necessary to list those that
will run.  The same is true for "check-clean".

Then, to give a better visual impression of the differences in the
various targets, let's add empty lines.

Finally, a small (and hopeful) grammar fix from a non-native speaker.

Signed-off-by: Cleber Rosa <crosa@redhat.com>
Message-Id: <20181109150710.31085-5-crosa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
5 years agoTravis CI: make specified Python versions usable on jobs
Cleber Rosa [Fri, 9 Nov 2018 15:07:09 +0000 (10:07 -0500)]
Travis CI: make specified Python versions usable on jobs

For the two Python jobs, which seem to have the goal of making sure
QEMU builds successfully on the 3.0-3.6 spectrum of Python 3 versions,
the specified version is only applicable if a Python virtual
environment is used.  To do that, it's necessary to define the
(primary?) language of the job to be Python.

Also, Travis doesn't have a 3.0 Python installation available for the
chosen distro, 3.4 being the lower version available.

Reference: https://docs.travis-ci.com/user/languages/python/#specifying-python-versions
Signed-off-by: Cleber Rosa <crosa@redhat.com>
Message-Id: <20181109150710.31085-4-crosa@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
[ehabkost: Now 3.4 is the lowest Python version available]
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
fixup! Travis CI: make specified Python versions usable on jobs

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
5 years agocheck-venv: use recorded Python version
Cleber Rosa [Fri, 9 Nov 2018 15:07:08 +0000 (10:07 -0500)]
check-venv: use recorded Python version

The current approach works fine, but it runs Python on every make
command (even if it's not related to the venv usage).

This is just an optimization, and not a change of behavior.

Signed-off-by: Cleber Rosa <crosa@redhat.com>
Message-Id: <20181109150710.31085-3-crosa@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
5 years agoconfigure: keep track of Python version
Cleber Rosa [Fri, 9 Nov 2018 15:07:07 +0000 (10:07 -0500)]
configure: keep track of Python version

Some functionality is dependent on the Python version
detected/configured on configure.  While it's possible to run the
Python version later and check for the version, doing it once is
preferable.  Also, it's a relevant information to keep in build logs,
as the overall behavior of the build can be affected by it.

Signed-off-by: Cleber Rosa <crosa@redhat.com>
Message-Id: <20181109150710.31085-2-crosa@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
5 years agoscripts: Remove unused python imports
Philippe Mathieu-Daudé [Thu, 8 Nov 2018 14:34:22 +0000 (15:34 +0100)]
scripts: Remove unused python imports

Reported-by: LGTM code review
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20181108143422.15955-1-philmd@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
5 years agoscripts/device-crash-test: Remove known crashes
Thomas Huth [Tue, 6 Nov 2018 13:27:06 +0000 (14:27 +0100)]
scripts/device-crash-test: Remove known crashes

Looks like we've fixed them all already in the past months, e.g. with:

 f7d6bfcdc0fe49040aac3ac131a319cb5427957e
 spapr_pci: fail gracefully with non-pseries machine types

 2363d5ee231bf047479422d56d3b85b7d37a7c23
 hw/ppc/spapr_cpu_core: Add a proper check for spapr machine

 ef0e8fc768a561dd13a86420b3268f6f3d5d0621
 iommu: Don't crash if machine is not PC_MACHINE

 8929fc3a55f33a103adddf9cfd010bcf2b255c7d
 hw/block/pflash_cfi*.c: fix confusing assert fail message

... so we can remove these entries from the ERROR_WHITELIST now.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <1541510826-21031-1-git-send-email-thuth@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
5 years agoMerge remote-tracking branch 'remotes/jnsnow/tags/bitmaps-pull-request' into staging
Peter Maydell [Thu, 17 Jan 2019 12:48:42 +0000 (12:48 +0000)]
Merge remote-tracking branch 'remotes/jnsnow/tags/bitmaps-pull-request' into staging

Pull request

# gpg: Signature made Wed 16 Jan 2019 01:00:25 GMT
# gpg:                using RSA key 7DEF8106AAFC390E
# gpg: Good signature from "John Snow (John Huston) <jsnow@redhat.com>"
# Primary key fingerprint: FAEB 9711 A12C F475 812F  18F2 88A9 064D 1835 61EB
#      Subkey fingerprint: F9B7 ABDB BCAC DF95 BE76  CBD0 7DEF 8106 AAFC 390E

* remotes/jnsnow/tags/bitmaps-pull-request:
  Revert "hbitmap: Add @advance param to hbitmap_iter_next()"
  Revert "test-hbitmap: Add non-advancing iter_next tests"
  Revert "block/dirty-bitmap: Add bdrv_dirty_iter_next_area"
  block/mirror: fix and improve do_sync_target_write
  tests: add tests for hbitmap_next_dirty_area
  dirty-bitmap: add bdrv_dirty_bitmap_next_dirty_area
  tests: add tests for hbitmap_next_zero with specified end parameter
  dirty-bitmap: improve bdrv_dirty_bitmap_next_zero

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
5 years agoRevert "hbitmap: Add @advance param to hbitmap_iter_next()"
Vladimir Sementsov-Ogievskiy [Tue, 15 Jan 2019 23:26:50 +0000 (18:26 -0500)]
Revert "hbitmap: Add @advance param to hbitmap_iter_next()"

This reverts commit a33fbb4f8b64226becf502a123733776ce319b24.

The functionality is unused.

Note: in addition to automatic revert, drop second parameter in
hbitmap_iter_next() call from hbitmap_next_dirty_area() too.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: John Snow <jsnow@redhat.com>
5 years agoRevert "test-hbitmap: Add non-advancing iter_next tests"
Vladimir Sementsov-Ogievskiy [Tue, 15 Jan 2019 23:26:50 +0000 (18:26 -0500)]
Revert "test-hbitmap: Add non-advancing iter_next tests"

This reverts commit 269576848ec3d57d2d958cf5ac69b08c44adf816.

The functionality is unused. Drop tests.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: John Snow <jsnow@redhat.com>
5 years agoRevert "block/dirty-bitmap: Add bdrv_dirty_iter_next_area"
Vladimir Sementsov-Ogievskiy [Tue, 15 Jan 2019 23:26:50 +0000 (18:26 -0500)]
Revert "block/dirty-bitmap: Add bdrv_dirty_iter_next_area"

This reverts commit 72d10a94213a954ad569095cb4491f2ae0853c40.

The function is unused now.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: John Snow <jsnow@redhat.com>
5 years agoblock/mirror: fix and improve do_sync_target_write
Vladimir Sementsov-Ogievskiy [Tue, 15 Jan 2019 23:26:50 +0000 (18:26 -0500)]
block/mirror: fix and improve do_sync_target_write

Use bdrv_dirty_bitmap_next_dirty_area() instead of
bdrv_dirty_iter_next_area(), because of the following problems of
bdrv_dirty_iter_next_area():

1. Using HBitmap iterators we should carefully handle unaligned offset,
as first call to hbitmap_iter_next() may return a value less than
original offset (actually, it will be original offset rounded down to
bitmap granularity). This handling is not done in
do_sync_target_write().

2. bdrv_dirty_iter_next_area() handles unaligned max_offset
incorrectly:

look at the code:
    if (max_offset == iter->bitmap->size) {
        /* If max_offset points to the image end, round it up by the
         * bitmap granularity */
        gran_max_offset = ROUND_UP(max_offset, granularity);
    } else {
        gran_max_offset = max_offset;
    }

    ret = hbitmap_iter_next(&iter->hbi, false);
    if (ret < 0 || ret + granularity > gran_max_offset) {
        return false;
    }

and assume that max_offset != iter->bitmap->size but still unaligned.
if 0 < ret < max_offset we found dirty area, but the function can
return false in this case (if ret + granularity > max_offset).

3. bdrv_dirty_iter_next_area() uses inefficient loop to find the end of
the dirty area. Let's use more efficient hbitmap_next_zero instead
(bdrv_dirty_bitmap_next_dirty_area() do so)

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
5 years agotests: add tests for hbitmap_next_dirty_area
Vladimir Sementsov-Ogievskiy [Tue, 15 Jan 2019 23:26:50 +0000 (18:26 -0500)]
tests: add tests for hbitmap_next_dirty_area

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
5 years agodirty-bitmap: add bdrv_dirty_bitmap_next_dirty_area
Vladimir Sementsov-Ogievskiy [Tue, 15 Jan 2019 23:26:50 +0000 (18:26 -0500)]
dirty-bitmap: add bdrv_dirty_bitmap_next_dirty_area

The function alters bdrv_dirty_iter_next_area(), which is wrong and
less efficient (see further commit
"block/mirror: fix and improve do_sync_target_write" for description).

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
5 years agotests: add tests for hbitmap_next_zero with specified end parameter
Vladimir Sementsov-Ogievskiy [Tue, 15 Jan 2019 23:26:49 +0000 (18:26 -0500)]
tests: add tests for hbitmap_next_zero with specified end parameter

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
5 years agodirty-bitmap: improve bdrv_dirty_bitmap_next_zero
Vladimir Sementsov-Ogievskiy [Tue, 15 Jan 2019 23:26:49 +0000 (18:26 -0500)]
dirty-bitmap: improve bdrv_dirty_bitmap_next_zero

Add bytes parameter to the function, to limit searched range.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
5 years agoMerge remote-tracking branch 'remotes/thibault/tags/samuel-thibault' into staging
Peter Maydell [Tue, 15 Jan 2019 18:32:57 +0000 (18:32 +0000)]
Merge remote-tracking branch 'remotes/thibault/tags/samuel-thibault' into staging

slirp updates

Gerd Hoffmann (1):
  slirp: add tftp tracing

Marc-André Lureau (61):
  slirp: associate slirp_output callback with the Slirp context
  slirp: remove do_pty from fork_exec()
  slirp: replace ex_pty with ex_chardev
  slirp: use a dedicated field for chardev pointer
  slirp: remove unused EMU_RSH
  slirp: rename /extra/chardev
  slirp: move internal function declarations
  slirp: remove Monitor dependency, return a string for info
  slirp: fix slirp_add_exec() leaks
  slirp: replace the poor-man string split with g_strsplit()
  slirp: remove dead declarations
  slirp: move socket pair creation in helper function
  slirp: remove unused M_TRAILINGSPACE
  slirp: use a callback structure to interface with qemu
  slirp: remove PROBE_CONN dead-code
  slirp: remove FULL_BOLT
  slirp: remove the disabled readv()/writev() code path
  slirp: remove HAVE_SYS_SIGNAL_H
  slirp: remove unused HAVE_SYS_BITYPES_H
  slirp: remove NO_UNIX_SOCKETS
  slirp: remove unused HAVE_SYS_STROPTS_H
  slirp: remove unused HAVE_ARPA_INET_H
  slirp: remove unused HAVE_SYS_WAIT_H
  slirp: remove unused HAVE_SYS_SELECT_H
  slirp: remove HAVE_SYS_IOCTL_H
  slirp: remove HAVE_SYS_FILIO_H
  slirp: remove unused DECLARE_IOVEC
  slirp: remove unused HAVE_INET_ATON
  slirp: replace HOST_WORDS_BIGENDIAN with glib equivalent
  slirp: replace SIZEOF_CHAR_P with glib equivalent
  slirp: replace compile time DO_KEEPALIVE
  slirp: remove unused global slirp_instance
  slirp: replace error_report() with g_critical()
  slirp: improve a bit the debug macros
  slirp: add a callback to log guest errors
  slirp: remove #if notdef dead code
  slirp: remove unused sbflush()
  slirp: NULL is defined by stddef.h
  slirp: remove dead TCP_ACK_HACK code
  slirp: replace ARRAY_SIZE with G_N_ELEMENTS
  net: do not depend on slirp internals
  glib-compat: add g_spawn_async_with_fds() fallback
  slirp: simplify fork_exec()
  slirp: replace error_report() with g_critical()
  slirp: drop <Vista compatibility
  slirp: rename exec_list
  slirp: use virtual time for packet expiration
  slirp: replace a fprintf with g_critical()
  slirp: replace some fprintf() with DEBUG_MISC
  slirp: replace a DEBUG block with WITH_ICMP_ERROR_MSG
  slirp: no need to make DPRINTF conditional on DEBUG
  slirp: always build with debug statements
  slirp: introduce SLIRP_DEBUG environment variable
  slirp: use %p for pointers format
  slirp: remove remaining DEBUG blocks
  slirp: replace DEBUG_ARGS with DEBUG_ARG
  slirp: factor out guestfwd addition checks
  slirp: add clock_get_ns() callback
  build-sys: use a separate slirp-obj-y && slirp.mo
  slirp: set G_LOG_DOMAIN
  slirp: call into g_debug() for DEBUG macros

Prasad J Pandit (1):
  slirp: check data length while emulating ident function

Samuel Thibault (2):
  slirp: Enable fork_exec support on Windows
  slirp: Mark debugging calls as unlikely

 Makefile              |   5 +-
 Makefile.objs         |   4 +-
 Makefile.target       |   5 +-
 include/glib-compat.h |  56 +++++++++
 net/colo-compare.c    |  11 +-
 net/colo.c            |   1 +
 net/colo.h            |   7 +-
 net/filter-rewriter.c |   9 +-
 net/slirp.c           |  61 +++++----
 net/util.h            |  55 ++++++++
 slirp/Makefile.objs   |  37 +++++-
 slirp/arp_table.c     |  12 +-
 slirp/bootp.c         |  10 +-
 slirp/cksum.c         |   8 +-
 slirp/debug.h         |  47 ++++---
 slirp/dhcpv6.c        |  17 ++-
 slirp/if.c            |   4 +-
 slirp/ip.h            |  10 +-
 slirp/ip6.h           |   3 +-
 slirp/ip6_icmp.c      |  27 ++--
 slirp/ip6_icmp.h      |   6 +-
 slirp/ip6_input.c     |   2 +-
 slirp/ip6_output.c    |   4 +-
 slirp/ip_icmp.c       |  31 ++---
 slirp/ip_input.c      | 200 -----------------------------
 slirp/libslirp.h      |  27 ++--
 slirp/main.h          |  33 -----
 slirp/mbuf.c          |   2 +-
 slirp/mbuf.h          |   1 -
 slirp/misc.c          | 286 +++++++++++++++++-------------------------
 slirp/misc.h          |  13 +-
 slirp/ncsi.c          |   4 +-
 slirp/ndp_table.c     |  32 +++--
 slirp/sbuf.h          |   1 -
 slirp/slirp.c         | 177 +++++++++++++-------------
 slirp/slirp.h         |  45 ++-----
 slirp/slirp_config.h  |  86 -------------
 slirp/socket.c        |  53 +++-----
 slirp/socket.h        |   2 +-
 slirp/tcp.h           |   4 +-
 slirp/tcp_input.c     |  84 ++-----------
 slirp/tcp_output.c    |   2 +-
 slirp/tcp_subr.c      |  22 ++--
 slirp/tcp_timer.c     |   2 +-
 slirp/tftp.c          |   7 +-
 slirp/trace-events    |   5 +
 slirp/udp.c           |   5 +-
 slirp/udp6.c          |  11 +-
 stubs/slirp.c         |   2 +-
 49 files changed, 603 insertions(+), 935 deletions(-)
 delete mode 100644 slirp/slirp_config.h
 create mode 100644 slirp/trace-events

--
2.20.1

# gpg: Signature made Mon 14 Jan 2019 22:52:32 GMT
# gpg:                using RSA key DB550E89F0FA54F3
# gpg: Good signature from "Samuel Thibault <samuel.thibault@aquilenet.fr>"
# gpg:                 aka "Samuel Thibault <sthibault@debian.org>"
# gpg:                 aka "Samuel Thibault <samuel.thibault@gnu.org>"
# gpg:                 aka "Samuel Thibault <samuel.thibault@inria.fr>"
# gpg:                 aka "Samuel Thibault <samuel.thibault@labri.fr>"
# gpg:                 aka "Samuel Thibault <samuel.thibault@ens-lyon.org>"
# gpg:                 aka "Samuel Thibault <samuel.thibault@u-bordeaux.fr>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 900C B024 B679 31D4 0F82  304B D017 8C76 7D06 9EE6
#      Subkey fingerprint: E61D BB15 D417 2BDE C97E  92D9 DB55 0E89 F0FA 54F3

* remotes/thibault/tags/samuel-thibault: (65 commits)
  slirp: check data length while emulating ident function
  slirp: Mark debugging calls as unlikely
  slirp: call into g_debug() for DEBUG macros
  slirp: set G_LOG_DOMAIN
  build-sys: use a separate slirp-obj-y && slirp.mo
  slirp: add clock_get_ns() callback
  slirp: factor out guestfwd addition checks
  slirp: replace DEBUG_ARGS with DEBUG_ARG
  slirp: remove remaining DEBUG blocks
  slirp: use %p for pointers format
  slirp: introduce SLIRP_DEBUG environment variable
  slirp: always build with debug statements
  slirp: no need to make DPRINTF conditional on DEBUG
  slirp: replace a DEBUG block with WITH_ICMP_ERROR_MSG
  slirp: replace some fprintf() with DEBUG_MISC
  slirp: replace a fprintf with g_critical()
  slirp: use virtual time for packet expiration
  slirp: rename exec_list
  slirp: drop <Vista compatibility
  slirp: Enable fork_exec support on Windows
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
5 years agoMerge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging
Peter Maydell [Tue, 15 Jan 2019 17:24:00 +0000 (17:24 +0000)]
Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging

Pull request

No user-visible changes.

# gpg: Signature made Mon 14 Jan 2019 16:32:19 GMT
# gpg:                using RSA key 9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35  775A 9CA4 ABB3 81AB 73C8

* remotes/stefanha/tags/block-pull-request:
  aio-posix: Fix concurrent aio_poll/set_fd_handler.
  aio-posix: Unregister fd from ctx epoll when removing fd_handler.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
5 years agoMerge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2019-01-14' into staging
Peter Maydell [Tue, 15 Jan 2019 14:19:18 +0000 (14:19 +0000)]
Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2019-01-14' into staging

nbd patches for 2019-01-14

Promote bitmap/NBD interfaces to stable for use in incremental
backups. Add 'qemu-nbd --bitmap'.

- John Snow: 0/11 bitmaps: remove x- prefix from QMP api
- Philippe Mathieu-Daudé: qemu-nbd: Rename 'exp' variable clashing with math::exp() symbol
- Eric Blake: 0/8 Promote x-nbd-server-add-bitmap to stable

# gpg: Signature made Mon 14 Jan 2019 16:13:45 GMT
# gpg:                using RSA key A7A16B4A2527436A
# gpg: Good signature from "Eric Blake <eblake@redhat.com>"
# gpg:                 aka "Eric Blake (Free Software Programmer) <ebb9@byu.net>"
# gpg:                 aka "[jpeg image of size 6874]"
# Primary key fingerprint: 71C2 CC22 B1C4 6029 27D2  F3AA A7A1 6B4A 2527 436A

* remotes/ericb/tags/pull-nbd-2019-01-14:
  qemu-nbd: Add --bitmap=NAME option
  nbd: Merge nbd_export_bitmap into nbd_export_new
  nbd: Remove x-nbd-server-add-bitmap
  nbd: Allow bitmap export during QMP nbd-server-add
  nbd: Merge nbd_export_set_name into nbd_export_new
  nbd: Only require disabled bitmap for read-only exports
  nbd: Forbid nbd-server-stop when server is not running
  nbd: Add some error case testing to iotests 223
  qemu-nbd: Rename 'exp' variable clashing with math::exp() symbol
  iotests: add iotest 236 for testing bitmap merge
  iotests: implement pretty-print for log and qmp_log
  iotests: change qmp_log filters to expect QMP objects only
  iotests: remove default filters from qmp_log
  iotests: add qmp recursive sorting function
  iotests: add filter_generated_node_ids
  iotests.py: don't abort if IMGKEYSECRET is undefined
  block: remove 'x' prefix from experimental bitmap APIs
  blockdev: n-ary bitmap merge
  block/dirty-bitmap: remove assertion from restore
  blockdev: abort transactions in reverse order

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
5 years agoMerge remote-tracking branch 'remotes/stsquad/tags/pull-misc-gitdm-next-140119-1...
Peter Maydell [Tue, 15 Jan 2019 13:16:58 +0000 (13:16 +0000)]
Merge remote-tracking branch 'remotes/stsquad/tags/pull-misc-gitdm-next-140119-1' into staging

gitdm updates with 2018 year end stats:

  git log --numstat --after="1/1/2018 00:00" --before="31/12/2018 23:59" | ~/src/gitdm.git/gitdm -n -l 10

  Top changeset contributors by employer
  Red Hat                   3091 (43.3%)
  Linaro                    1201 (16.8%)
  (None)                     484 (6.8%)
  IBM                        426 (6.0%)
  Academics (various)        186 (2.6%)
  Virtuozzo                  172 (2.4%)
  Wave Computing             118 (1.7%)
  Igalia                     109 (1.5%)
  Xilinx                     102 (1.4%)
  Cadence Design Systems      80 (1.1%)

  Top lines changed by employer
  Red Hat                   140523 (30.3%)
  Cadence Design Systems    81010 (17.5%)
  Linaro                    78098 (16.8%)
  Wave Computing            33134 (7.1%)
  IBM                       18918 (4.1%)
  SiFive                    14436 (3.1%)
  Academics (various)       11995 (2.6%)
  (None)                    11458 (2.5%)
  Virtuozzo                 10770 (2.3%)
  Oracle                    6698 (1.4%)

# gpg: Signature made Mon 14 Jan 2019 16:08:52 GMT
# gpg:                using RSA key FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>"
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8  DF35 FBD0 DB09 5A9E 2A44

* remotes/stsquad/tags/pull-misc-gitdm-next-140119-1:
  MAINTAINERS: add myself as a route for gitdm updates
  contrib/gitdm: add another name to WaveComp map
  contrib/gitdm: add two more IBM'ers to group-map-ibm
  contrib/gitdm: Add other IBMers
  contrib/gitdm: add Nokia and Proxmox to the domain-map

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
5 years agotests: acpi: reuse fetch_table() for fetching FACS and DSDT
Igor Mammedov [Thu, 27 Dec 2018 14:13:30 +0000 (15:13 +0100)]
tests: acpi: reuse fetch_table() for fetching FACS and DSDT

It allows to remove a bit more of code duplication and
reuse common utility to get ACPI tables from guest (modulo RSDP).

While at it, consolidate signature checking into fetch_table() instead
of open-codding it.

Considering FACS is special and doesn't have checksum, make checksum
validation optin, the same goes for signature verification.

PS:
By pure accident, patch also fixes FACS not being tested against
reference table since it wasn't added to data::tables list.
But we managed not to regress it since reference file was added
by commit
   (d25979380 acpi unit-test: add test files)
back in 2013

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Acked-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
5 years agotests: acpi: simplify rsdt handling
Igor Mammedov [Thu, 27 Dec 2018 14:13:29 +0000 (15:13 +0100)]
tests: acpi: simplify rsdt handling

RSDT referenced tables always have length at offset 4 and checksum at
offset 9, that's enough for reusing fetch_table() and replacing custom
RSDT fetching code with it.
While at it
 * merge fetch_rsdt_referenced_tables() into test_acpi_rsdt_table()
 * drop test_data::rsdt_table/rsdt_tables_addr/rsdt_tables_nr since
   we need this data only for duration of test_acpi_rsdt_table() to
   fetch other tables and use locals instead.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Acked-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
5 years agotests: acpi: make sure FADT is fetched only once
Igor Mammedov [Thu, 27 Dec 2018 14:13:28 +0000 (15:13 +0100)]
tests: acpi: make sure FADT is fetched only once

Whole FADT is fetched as part of RSDT referenced tables in
fetch_rsdt_referenced_tables() albeit a bit later than when FADT
is partially parsed in fadt_fetch_facs_and_dsdt_ptrs().
However there is no reason for calling fetch_rsdt_referenced_tables()
so late, just move it right after we fetched RSDT and before
fadt_fetch_facs_and_dsdt_ptrs(). That way we can reuse whole FADT
fetched by fetch_rsdt_referenced_tables() and avoid duplicate
custom fields fetching in fadt_fetch_facs_and_dsdt_ptrs().

While at it rename fadt_fetch_facs_and_dsdt_ptrs() to
test_acpi_fadt_table(). The follow up patch will merge
fadt_fetch_facs_and_dsdt_ptrs() into test_acpi_rsdt_table(),
so that we would end up calling only test_acpi_FOO_table()
for consistency for tables that require special processing.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Acked-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
5 years agotests: acpi: use AcpiSdtTable::aml in consistent way
Igor Mammedov [Thu, 27 Dec 2018 14:13:27 +0000 (15:13 +0100)]
tests: acpi: use AcpiSdtTable::aml in consistent way

Currently in the 1st case we store table body fetched from QEMU in
AcpiSdtTable::aml minus it's header but in the 2nd case when we
load reference aml from disk, it holds whole blob including header.
More over in the 1st case, we read header in separate AcpiSdtTable::header
structure and then jump over hoops to fixup tables and combine both.

Treat AcpiSdtTable::aml as whole table blob approach in both cases
and when fetching tables from QEMU, first get table length and then
fetch whole table into AcpiSdtTable::aml instead if doing it field
by field.

As result
 * AcpiSdtTable::aml is used in consistent manner
 * FADT fixups use offsets from spec instead of being shifted by
   header length
 * calculating checksums and dumping blobs becomes simpler

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Acked-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
5 years agoutil: check the return value of fcntl in qemu_set_{block, nonblock}
Li Qiang [Sat, 15 Dec 2018 12:03:53 +0000 (04:03 -0800)]
util: check the return value of fcntl in qemu_set_{block, nonblock}

Assert that the return value is not an error. This is like commit
7e6478e7d4f for qemu_set_cloexec.

Signed-off-by: Li Qiang <liq3ea@163.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
5 years agovhost-user: fix ioeventfd_enabled
Li Qiang [Sat, 15 Dec 2018 12:03:52 +0000 (04:03 -0800)]
vhost-user: fix ioeventfd_enabled

Currently, the vhost-user-test assumes the eventfd is available.
However it's not true because the accel is qtest. So the
'vhost_set_vring_file' will not add fds to the msg and the server
side of vhost-user-test will be broken. The bug is in 'ioeventfd_enabled'.
We should make this function return true if not using kvm accel.

Signed-off-by: Li Qiang <liq3ea@163.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
5 years agotests: vhost-user-test: initialize 'fd' in chr_read
Li Qiang [Sat, 15 Dec 2018 12:03:51 +0000 (04:03 -0800)]
tests: vhost-user-test: initialize 'fd' in chr_read

Currently when processing VHOST_USER_SET_VRING_CALL
if 'qemu_chr_fe_get_msgfds' get no fd, the 'fd' will
be a stack uninitialized value.

Signed-off-by: Li Qiang <liq3ea@163.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
5 years agoqemu: avoid memory leak while remove disk
Jian Wang [Sat, 22 Dec 2018 10:27:28 +0000 (18:27 +0800)]
qemu: avoid memory leak while remove disk

Memset vhost_dev to zero in the vhost_dev_cleanup function.
This causes dev.vqs to be NULL, so that
vqs does not free up space when calling the g_free function.
This will result in a memory leak. But you can't release vqs
directly in the vhost_dev_cleanup function, because vhost_net
will also call this function, and vhost_net's vqs is assigned by array.
In order to solve this problem, we first save the pointer of vqs,
and release the space of vqs after vhost_dev_cleanup is called.

Signed-off-by: Jian Wang <wangjian161@huawei.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
5 years agohw/misc/ivshmem: Remove deprecated "ivshmem" legacy device
Thomas Huth [Wed, 19 Dec 2018 13:13:25 +0000 (14:13 +0100)]
hw/misc/ivshmem: Remove deprecated "ivshmem" legacy device

It's been marked as deprecated in QEMU v2.6.0 already, so really nobody
should use the legacy "ivshmem" device anymore (but use ivshmem-plain or
ivshmem-doorbell instead). Time to remove the deprecated device now.

Belatedly also update a mention of the deprecated "ivshmem" in the file
docs/specs/ivshmem-spec.txt to "ivshmem-doorbell". Missed in commit
5400c02b90b ("ivshmem: Split ivshmem-plain, ivshmem-doorbell off ivshmem").

Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
5 years agomsix: make pba size math more uniform
Dongli Zhang [Sun, 16 Dec 2018 23:34:39 +0000 (07:34 +0800)]
msix: make pba size math more uniform

In msix_exclusive_bar the bar_pba_size is more than what the pba is
expected to have, although this never affects the bar size.

Specifically, the math in msix_init_exclusive_bar allocates too much
memory in some cases.

For example consider nentries = 8.  msix_exclusive_bar will give us
bar_pba_size = 16.  So 16 bytes.  However 8 bytes would be enough - this
is all that the spec requires.

So in practice bar_pba_size sometimes allocates an extra 8 bytes but
never more.

Since each MSIX entry size is 16 bytes, and since we make sure that
table+pba is a power of two, this always leaves a multiple of 16 bytes
for the PBA, so extra 8 bytes have no effect.

However, its ugly to have pba size temporary variable have an incorrect
value.  For consistency switch to the formula used in msix_init.

Signed-off-by: Dongli Zhang <dongli.zhang@oracle.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
5 years agopci/pcie: stop plug/unplug if the slot is locked
David Hildenbrand [Wed, 12 Dec 2018 09:16:16 +0000 (10:16 +0100)]
pci/pcie: stop plug/unplug if the slot is locked

We better stop right away. For now, errors would be partially ignored
(so the guest might get informed or the device might get unplugged),
although actual plug/unplug will be reported as failed to the user.

While at it, properly move the check to the pre_plug handler for the plug
case, as we can test the slot state before the device will be realized.

Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
5 years agoslirp: check data length while emulating ident function
Prasad J Pandit [Sun, 13 Jan 2019 17:59:48 +0000 (23:29 +0530)]
slirp: check data length while emulating ident function

While emulating identification protocol, tcp_emu() does not check
available space in the 'sc_rcv->sb_data' buffer. It could lead to
heap buffer overflow issue. Add check to avoid it.

Reported-by: Kira <864786842@qq.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
5 years agoslirp: Mark debugging calls as unlikely
Samuel Thibault [Wed, 21 Nov 2018 22:40:34 +0000 (23:40 +0100)]
slirp: Mark debugging calls as unlikely

to get them out of the hot path.

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
5 years agoslirp: call into g_debug() for DEBUG macros
Marc-André Lureau [Wed, 21 Nov 2018 22:06:41 +0000 (02:06 +0400)]
slirp: call into g_debug() for DEBUG macros

Make slirp use GLib logging, instead of fprintf(), so that
applications can filter log, process it etc.

With recent versions of glib, G_MESSAGES_DEBUG must be set to "all" or
"Slirp" to see slirp debug messages.

Reformat DEBUG_MISC & DEBUG_ERROR calls to not need \n ending.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
5 years agoslirp: set G_LOG_DOMAIN
Marc-André Lureau [Wed, 21 Nov 2018 22:06:31 +0000 (02:06 +0400)]
slirp: set G_LOG_DOMAIN

We are moving to g_log() facilities to log errors and probably debug
messages too. Let's have the "Slirp" prefix on messages slirp produces.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
5 years agobuild-sys: use a separate slirp-obj-y && slirp.mo
Marc-André Lureau [Wed, 21 Nov 2018 22:06:30 +0000 (02:06 +0400)]
build-sys: use a separate slirp-obj-y && slirp.mo

This will allow to have cflags for the whole slirp.mo -objs.
It makes it possible to build tests that links only with
slirp-obj-y (and not the whole common-obj).

It is also a step towards building slirp as a shared library, although
this requires a bit more thoughts to build with
net/slirp.o (CONFIG_SLIRP would need to be 'm') and other build issues.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
5 years agoMerge remote-tracking branch 'remotes/stsquad/tags/pull-testing-next-140119-1' into...
Peter Maydell [Mon, 14 Jan 2019 19:28:12 +0000 (19:28 +0000)]
Merge remote-tracking branch 'remotes/stsquad/tags/pull-testing-next-140119-1' into staging

A bunch of fixes for testing:

  - Various Travis updates
  - "stable" SID snapshot for docker
  - avoid :latest docker tags
  - g_usleep fix for some tests

# gpg: Signature made Mon 14 Jan 2019 14:59:35 GMT
# gpg:                using RSA key FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>"
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8  DF35 FBD0 DB09 5A9E 2A44

* remotes/stsquad/tags/pull-testing-next-140119-1: (21 commits)
  Revert "tests: Disable qht-bench parallel test when using gprof"
  tests: use g_usleep instead of rem = sleep(time)
  tests/docker: remove SID_AGE test hack
  tests/docker: update our Travis image
  travis: bump to Xenial baseline
  docker: Use a stable snapshot for Debian Sid
  travis: remove matrix settings that duplicate global settings
  travis: run tests in verbose mode
  travis: stop using container based envs
  travis: stop redefining the script commands
  travis: use homebrew addon for MacOSX
  travis: don't clone git submodules upfront
  travis: standardize the syntax used for env variables
  travis: define all the build matrix entries in one place
  travis: add whitespace between each major section & matrix entry
  tests: use in-place sed magic for enabling deb-src in travis image
  tests: update Fedora i386 cross image to Fedora 29
  tests: update Fedora dockerfile to use Fedora 29
  tests: remove obsolete 'debian' dockerfile
  tests: run ldconfig after installing extra software
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
5 years agoMerge remote-tracking branch 'remotes/ehabkost/tags/x86-next-pull-request' into staging
Peter Maydell [Mon, 14 Jan 2019 17:35:00 +0000 (17:35 +0000)]
Merge remote-tracking branch 'remotes/ehabkost/tags/x86-next-pull-request' into staging

x86 queue, 2019-01-14

* Reenable RDTSCP support on Opteron_G[345] CPU models CPU models
  (Borislav Petkov)
* host-phys-bits-limit option for better control of 5-level EPT
  (Eduardo Habkost)
* Disable MPX support on named CPU models (Paolo Bonzini)
* expose HV_CPUID_ENLIGHTMENT_INFO.EAX and HV_CPUID_NESTED_FEATURES.EAX
  as feature words (Vitaly Kuznetsov)

# gpg: Signature made Mon 14 Jan 2019 14:33:55 GMT
# gpg:                using RSA key 2807936F984DC5A6
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>"
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF  D1AA 2807 936F 984D C5A6

* remotes/ehabkost/tags/x86-next-pull-request:
  i386/kvm: add a comment explaining why .feat_names are commented out for Hyper-V feature bits
  x86: host-phys-bits-limit option
  target/i386: Disable MPX support on named CPU models
  target-i386: Reenable RDTSCP support on Opteron_G[345] CPU models CPU models
  i386/kvm: expose HV_CPUID_ENLIGHTMENT_INFO.EAX and HV_CPUID_NESTED_FEATURES.EAX as feature words

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
5 years agoqemu-nbd: Add --bitmap=NAME option
Eric Blake [Fri, 11 Jan 2019 19:47:20 +0000 (13:47 -0600)]
qemu-nbd: Add --bitmap=NAME option

Having to fire up qemu, then use QMP commands for nbd-server-start
and nbd-server-add, just to expose a persistent dirty bitmap, is
rather tedious.  Make it possible to expose a dirty bitmap using
just qemu-nbd (of course, for now this only works when qemu-nbd is
visiting a BDS formatted as qcow2).

Of course, any good feature also needs unit testing, so expand
iotest 223 to cover it.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20190111194720.15671-9-eblake@redhat.com>

5 years agonbd: Merge nbd_export_bitmap into nbd_export_new
Eric Blake [Fri, 11 Jan 2019 19:47:19 +0000 (13:47 -0600)]
nbd: Merge nbd_export_bitmap into nbd_export_new

We only have one caller that wants to export a bitmap name,
which it does right after creation of the export. But there is
still a brief window of time where an NBD client could see the
export but not the dirty bitmap, which a robust client would
have to interpret as meaning the entire image should be treated
as dirty.  Better is to eliminate the window entirely, by
inlining nbd_export_bitmap() into nbd_export_new(), and refusing
to create the bitmap in the first place if the requested bitmap
can't be located.

We also no longer need logic for setting a different bitmap
name compared to the bitmap being exported.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <20190111194720.15671-8-eblake@redhat.com>

5 years agonbd: Remove x-nbd-server-add-bitmap
Eric Blake [Fri, 11 Jan 2019 19:47:18 +0000 (13:47 -0600)]
nbd: Remove x-nbd-server-add-bitmap

Now that nbd-server-add can do the same functionality (well, other
than making the exported bitmap name different than the underlying
bitamp - but we argued that was not essential, since it is just as
easy to create a new non-persistent bitmap with the desired name),
we no longer need the experimental separate command.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <20190111194720.15671-7-eblake@redhat.com>

5 years agonbd: Allow bitmap export during QMP nbd-server-add
Eric Blake [Fri, 11 Jan 2019 19:47:17 +0000 (13:47 -0600)]
nbd: Allow bitmap export during QMP nbd-server-add

With the experimental x-nbd-server-add-bitmap command, there was
a window of time where an NBD client could see the export but not
the associated dirty bitmap, which can cause a client that planned
on using the dirty bitmap to be forced to treat the entire image
as dirty as a safety fallback.  Furthermore, if the QMP client
successfully exports a disk but then fails to add the bitmap, it
has to take on the burden of removing the export.  Since we don't
allow changing the exposed dirty bitmap (whether to a different
bitmap, or removing advertisement of the bitmap), it is nicer to
make the bitmap tied to the export at the time the export is
created, with automatic failure to export if the bitmap is not
available.

The experimental command included an optional 'bitmap-export-name'
field for remapping the name exposed over NBD to be different from
the bitmap name stored on disk.  However, my libvirt demo code
for implementing differential backups on top of persistent bitmaps
did not need to take advantage of that feature (it is instead
possible to create a new temporary bitmap with the desired name,
use block-dirty-bitmap-merge to merge one or more persistent
bitmaps into the temporary, then associate the temporary with the
NBD export, if control is needed over the exported bitmap name).
Hence, I'm not copying that part of the experiment over to the
stable addition. For more details on the libvirt demo, see
https://www.redhat.com/archives/libvir-list/2018-October/msg01254.html,
https://kvmforum2018.sched.com/event/FzuB/facilitating-incremental-backup-eric-blake-red-hat

This patch focuses on the user interface, and reduces (but does
not completely eliminate) the window where an NBD client can see
the export but not the dirty bitmap, with less work to clean up
after errors.  Later patches will add further cleanups now that
this interface is declared stable via a single QMP command,
including removing the race window.

Update test 223 to use the new interface.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <20190111194720.15671-6-eblake@redhat.com>

5 years agonbd: Merge nbd_export_set_name into nbd_export_new
Eric Blake [Fri, 11 Jan 2019 19:47:16 +0000 (13:47 -0600)]
nbd: Merge nbd_export_set_name into nbd_export_new

The existing NBD code had a weird split where nbd_export_new()
created an export but did not add it to the list of exported
names until a later nbd_export_set_name() came along and grabbed
a second reference on the object; later, the first call to
nbd_export_close() drops the second reference while removing
the export from the list.  This is in part because the QAPI
NbdServerRemoveNode enum documents the possibility of adding a
mode where we could do a soft disconnect: preventing new clients,
but waiting for existing clients to gracefully quit, based on
the mode used when calling nbd_export_close().

But in spite of all that, note that we never change the name of
an NBD export while it is exposed, which means it is easier to
just inline the process of setting the name as part of creating
the export.

Inline the contents of nbd_export_set_name() and
nbd_export_set_description() into the two points in an export
lifecycle where they matter, then adjust both callers to pass
the name up front.  Note that for creation, all callers pass a
non-NULL name, (passing NULL at creation was for old style
servers, but we removed support for that in commit 7f7dfe2a),
so we can add an assert and do things unconditionally; but for
cleanup, because of the dual nature of nbd_export_close(), we
still have to be careful to avoid use-after-free.  Along the
way, add a comment reminding ourselves of the potential of
adding a middle mode disconnect.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <20190111194720.15671-5-eblake@redhat.com>

5 years agonbd: Only require disabled bitmap for read-only exports
Eric Blake [Fri, 11 Jan 2019 19:47:15 +0000 (13:47 -0600)]
nbd: Only require disabled bitmap for read-only exports

Our initial implementation of x-nbd-server-add-bitmap put
in a restriction because of incremental backups: in that
usage, we are exporting one qcow2 file (the temporary overlay
target of a blockdev-backup sync:none job) and a dirty bitmap
owned by a second qcow2 file (the source of the
blockdev-backup, which is the backing file of the temporary).
While both qcow2 files are still writable (the target in
order to capture copy-on-write of old contents, and the
source in order to track live guest writes in the meantime),
the NBD client expects to see constant data, including the
dirty bitmap.  An enabled bitmap in the source would be
modified by guest writes, which is at odds with the NBD
export being a read-only constant view, hence the initial
code choice of enforcing a disabled bitmap (the intent is
that the exposed bitmap was disabled in the same transaction
that started the blockdev-backup job, although we don't want
to track enough state to actually enforce that).

However, consider the case of a bitmap contained in a read-only
node (including when the bitmap is found in a backing layer of
the active image).  Because the node can't be modified, the
bitmap won't change due to writes, regardless of whether it is
still enabled.  Forbidding the export unless the bitmap is
disabled is awkward, paritcularly since we can't change the
bitmap to be disabled (because the node is read-only).

Alternatively, consider the case of live storage migration,
where management directs the destination to create a writable
NBD server, then performs a drive-mirror from the source to
the target, prior to doing the rest of the live migration.
Since storage migration can be time-consuming, it may be wise
to let the destination include a dirty bitmap to track which
portions it has already received, where even if the migration
is interrupted and restarted, the source can query the
destination block status in order to potentially minimize
re-sending data that has not changed in the meantime on a
second attempt. Such code has not been written, and might not
be trivial (after all, a cluster being marked dirty in the
bitmap does not necessarily guarantee it has the desired
contents), but it makes sense that letting an active dirty
bitmap be exposed and changing alongside writes may prove
useful in the future.

Solve both issues by gating the restriction against a
disabled bitmap to only happen when the caller has requested
a read-only export, and where the BDS that owns the bitmap
(whether or not it is the BDS handed to nbd_export_new() or
from its backing chain) is still writable.  We could drop
the check altogether (if management apps are prepared to
deal with a changing bitmap even on a read-only image), but
for now keeping a check for the read-only case still stands
a chance of preventing management errors.

Update iotest 223 to show the looser behavior by leaving
a bitmap enabled the whole run; note that we have to tear
down and re-export a node when handling an error.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20190111194720.15671-4-eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
5 years agonbd: Forbid nbd-server-stop when server is not running
Eric Blake [Fri, 11 Jan 2019 19:47:14 +0000 (13:47 -0600)]
nbd: Forbid nbd-server-stop when server is not running

Since we already forbid other nbd-server commands when not
in the right state, it is unlikely that any caller was relying
on a second stop to behave as a silent no-op.  Update iotest
223 to show the improved behavior.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20190111194720.15671-3-eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
5 years agonbd: Add some error case testing to iotests 223
Eric Blake [Fri, 11 Jan 2019 19:47:13 +0000 (13:47 -0600)]
nbd: Add some error case testing to iotests 223

Testing success paths is important, but it's also nice to highlight
expected failure handling, to show that we don't crash, and so that
upcoming tests that change behavior can demonstrate the resulting
effects on error paths.

Add the following errors:
Attempting to export without a running server
Attempting to start a second server
Attempting to export a bad node name
Attempting to export a name that is already exported
Attempting to export an enabled bitmap
Attempting to remove an already removed export
Attempting to quit server a second time

All of these properly complain except for a second server-stop,
which will be fixed next.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20190111194720.15671-2-eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>