vhost: recheck dev state in the vhost_migration_log routine

vhost-user devices can get a disconnect in the middle of the VHOST-USER
handshake on the migration start. If disconnect event happened rig

vhost: recheck dev state in the vhost_migration_log routine

vhost-user devices can get a disconnect in the middle of the VHOST-USER
handshake on the migration start. If disconnect event happened right
before sending next VHOST-USER command, then the vhost_dev_set_log()
call in the vhost_migration_log() function will return error. This error
will lead to the assert() and close the QEMU migration source process.
For the vhost-user devices the disconnect event should not break the
migration process, because:
- the device will be in the stopped state, so it will not be changed
during migration
- if reconnect will be made the migration log will be reinitialized as
part of reconnect/init process:
#0 vhost_log_global_start (listener=0x563989cf7be0)
at hw/virtio/vhost.c:920
#1 0x000056398603d8bc in listener_add_address_space (listener=0x563989cf7be0,
as=0x563986ea4340 <address_space_memory>)
at softmmu/memory.c:2664
#2 0x000056398603dd30 in memory_listener_register (listener=0x563989cf7be0,
as=0x563986ea4340 <address_space_memory>)
at softmmu/memory.c:2740
#3 0x0000563985fd6956 in vhost_dev_init (hdev=0x563989cf7bd8,
opaque=0x563989cf7e30, backend_type=VHOST_BACKEND_TYPE_USER,
busyloop_timeout=0)
at hw/virtio/vhost.c:1385
#4 0x0000563985f7d0b8 in vhost_user_blk_connect (dev=0x563989cf7990)
at hw/block/vhost-user-blk.c:315
#5 0x0000563985f7d3f6 in vhost_user_blk_event (opaque=0x563989cf7990,
event=CHR_EVENT_OPENED)
at hw/block/vhost-user-blk.c:379
Update the vhost-user-blk device with the internal started_vu field which
will be used for initialization (vhost_user_blk_start) and clean up
(vhost_user_blk_stop). This additional flag in the VhostUserBlk structure
will be used to track whether the device really needs to be stopped and
cleaned up on a vhost-user level.
The disconnect event will set the overall VHOST device (not vhost-user) to
the stopped state, so it can be used by the general vhost_migration_log
routine.
Such approach could be propogated to the other vhost-user devices, but
better idea is just to make the same connect/disconnect code for all the
vhost-user devices.

This migration issue was slightly discussed earlier:
- https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg01509.html
- https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg05241.html

Signed-off-by: Dima Stepanov <dimastep@yandex-team.ru>
Reviewed-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
Message-Id: <9fbfba06791a87813fcee3e2315f0b904cc6789a.1599813294.git.dimastep@yandex-team.ru>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

show more ...

vhost: switch to use IOTLB v2 format

This patch tries to switch to use new kernel IOTLB format V2. Previous
version may have inconsistent ABI between 32bit and 64bit machines
because of the hole aft

vhost: switch to use IOTLB v2 format

This patch tries to switch to use new kernel IOTLB format V2. Previous
version may have inconsistent ABI between 32bit and 64bit machines
because of the hole after type field. Refer kernel commit
("429711aec282 vhost: switch to use new message format") for more
information.

To enable this feature, qemu need to use a new ioctl
VHOST_SET_BACKEND_FEATURE with VHOST_BACKEND_F_IOTLB_MSG_V2 bit. A new
vhost setting backend features ops was introduced. And when we try to
set features for vhost dev, we will examine the support of new IOTLB
format and enable it. This process is total transparent to guest,
which means we can have different IOTLB message type in src and dst
during migration.

The conversion of IOTLB message is straightforward, just check the
type and behave accordingly.

Signed-off-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20200907104903.31551-3-jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

show more ...

Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging

Pull request

This includes the atomic_ -> qatomic_ rename that touches many files and is
prone to conflicts.

#

Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging

Pull request

This includes the atomic_ -> qatomic_ rename that touches many files and is
prone to conflicts.

# gpg: Signature made Wed 23 Sep 2020 17:08:43 BST
# gpg: using RSA key 8695A8BFD3F97CDAAC35775A9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" [full]
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" [full]
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8

* remotes/stefanha/tags/block-pull-request:
qemu/atomic.h: rename atomic_ to qatomic_
tests: add test-fdmon-epoll
fdmon-poll: reset npfd when upgrading to fdmon-epoll
gitmodules: add qemu.org vbootrom submodule
gitmodules: switch to qemu.org meson mirror
gitmodules: switch to qemu.org qboot mirror
docs/system: clarify deprecation schedule
virtio-crypto: don't modify elem->in/out_sg
virtio-blk: undo destructive iov_discard_*() operations
util/iov: add iov_discard_undo()
virtio: add vhost-user-fs-ccw device
libvhost-user: handle endianness as mandated by the spec
MAINTAINERS: add Stefan Hajnoczi as block/nvme.c maintainer

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

qemu/atomic.h: rename atomic_ to qatomic_

clang's C11 atomic_fetch_*() functions only take a C11 atomic type
pointer argument. QEMU uses direct types (int, etc) and this causes a
compiler error when

qemu/atomic.h: rename atomic_ to qatomic_

clang's C11 atomic_fetch_*() functions only take a C11 atomic type
pointer argument. QEMU uses direct types (int, etc) and this causes a
compiler error when a QEMU code calls these functions in a source file
that also included <stdatomic.h> via a system header file:

$ CC=clang CXX=clang++ ./configure ... && make
../util/async.c:79:17: error: address argument to atomic operation must be a pointer to _Atomic type ('unsigned int *' invalid)

Avoid using atomic_*() names in QEMU's atomic.h since that namespace is
used by <stdatomic.h>. Prefix QEMU's APIs with 'q' so that atomic.h
and <stdatomic.h> can co-exist. I checked /usr/include on my machine and
searched GitHub for existing "qatomic_" users but there seem to be none.

This patch was generated using:

$ git grep -h -o '\<atomic\(64\)\?_[a-z0-9_]\+' include/qemu/atomic.h | \
sort -u >/tmp/changed_identifiers
$ for identifier in $(</tmp/changed_identifiers); do
sed -i "s%\<$identifier\>%q$identifier%g" \
$(git grep -I -l "\<$identifier\>")
done

I manually fixed line-wrap issues and misaligned rST tables.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200923105646.47864-1-stefanha@redhat.com>

show more ...

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

virtio,acpi: features, fixes, cleanups.

vdpa support
virtio-mem support
a handy script for disassembling acpi tables
misc f

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

virtio,acpi: features, fixes, cleanups.

vdpa support
virtio-mem support
a handy script for disassembling acpi tables
misc fixes and cleanups

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Tue 07 Jul 2020 13:00:35 BST
# gpg: using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469
# gpg: issuer "mst@redhat.com"
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full]
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>" [full]
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67
# Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469

* remotes/mst/tags/for_upstream: (41 commits)
vhost-vdpa: introduce vhost-vdpa net client
vhost-vdpa: introduce vhost-vdpa backend
vhost_net: introduce set_config & get_config
vhost: implement vhost_force_iommu method
vhost: introduce new VhostOps vhost_force_iommu
vhost: implement vhost_vq_get_addr method
vhost: introduce new VhostOps vhost_vq_get_addr
vhost: implement vhost_dev_start method
vhost: introduce new VhostOps vhost_dev_start
vhost: check the existence of vhost_set_iotlb_callback
virtio-pci: implement queue_enabled method
virtio-bus: introduce queue_enabled method
vhost_net: use the function qemu_get_peer
net: introduce qemu_get_peer
MAINTAINERS: add VT-d entry
docs: vhost-user: add Virtio status protocol feature
tests/acpi: remove stale allowed tables
numa: Auto-enable NUMA when any memory devices are possible
virtio-mem: Exclude unplugged memory during migration
virtio-mem: Add trace events
...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

# Conflicts:
# hw/arm/virt.c
# hw/virtio/trace-events

show more ...

vhost: implement vhost_force_iommu method

use the vhost_force_iommu callback to force enable feature bit VIRTIO_F_IOMMU_PLATFORM

Signed-off-by: Cindy Lu <lulu@redhat.com>
Message-Id: <2020070114553

vhost: implement vhost_force_iommu method

use the vhost_force_iommu callback to force enable feature bit VIRTIO_F_IOMMU_PLATFORM

Signed-off-by: Cindy Lu <lulu@redhat.com>
Message-Id: <20200701145538.22333-12-lulu@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>

show more ...

vhost: implement vhost_vq_get_addr method

use vhost_vq_get_addr callback to get the vq address from backend

Signed-off-by: Cindy Lu <lulu@redhat.com>
Message-Id: <20200701145538.22333-10-lulu@redha

vhost: implement vhost_vq_get_addr method

use vhost_vq_get_addr callback to get the vq address from backend

Signed-off-by: Cindy Lu <lulu@redhat.com>
Message-Id: <20200701145538.22333-10-lulu@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>

show more ...

vhost: implement vhost_dev_start method

use the vhost_dev_start callback to send the status to backend

Signed-off-by: Cindy Lu <lulu@redhat.com>
Message-Id: <20200701145538.22333-8-lulu@redhat.com>

vhost: implement vhost_dev_start method

use the vhost_dev_start callback to send the status to backend

Signed-off-by: Cindy Lu <lulu@redhat.com>
Message-Id: <20200701145538.22333-8-lulu@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>

show more ...

vhost: check the existence of vhost_set_iotlb_callback

Add the check of vhost_set_iotlb_callback
before calling

Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Cindy Lu <lulu@redhat.

vhost: check the existence of vhost_set_iotlb_callback

Add the check of vhost_set_iotlb_callback
before calling

Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Cindy Lu <lulu@redhat.com>
Message-Id: <20200701145538.22333-6-lulu@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>

show more ...

Fix parameter type in vhost migration log path

The ‘enable’ parameter to the vhost_migration_log() function is given as
an int, but "true"/"false" values are passed in wherever it is invoked.
Inside

Fix parameter type in vhost migration log path

The ‘enable’ parameter to the vhost_migration_log() function is given as
an int, but "true"/"false" values are passed in wherever it is invoked.
Inside the function itself it is only ever compared with bool values.
Therefore the parameter value itself should be changed to bool.

Signed-off-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
Message-Id: <CAFubqFtqNZw=Y-ar3N=3zTQi6LkKg_G-7W7OOHHbE7Y1fV7HAQ@mail.gmail.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

show more ...

Merge remote-tracking branch 'remotes/vivier2/tags/trivial-branch-for-5.1-pull-request' into staging

Trivial branch pull request 20200610

Convert DPRINTF() to traces or qemu_logs
Use IEC binary pre

Merge remote-tracking branch 'remotes/vivier2/tags/trivial-branch-for-5.1-pull-request' into staging

Trivial branch pull request 20200610

Convert DPRINTF() to traces or qemu_logs
Use IEC binary prefix definitions
Use qemu_semihosting_log_out() in target/unicore32
Some code and doc cleanup

# gpg: Signature made Wed 10 Jun 2020 14:08:36 BST
# gpg: using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C
# gpg: issuer "laurent@vivier.eu"
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full]
# gpg: aka "Laurent Vivier <laurent@vivier.eu>" [full]
# gpg: aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full]
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F 5173 F30C 38BD 3F2F BE3C

* remotes/vivier2/tags/trivial-branch-for-5.1-pull-request:
semihosting: remove the pthread include which seems unused
hw/openrisc/openrisc_sim: Add assertion to silence GCC warning
target/unicore32: Prefer qemu_semihosting_log_out() over curses
target/unicore32: Replace DPRINTF() by qemu_log_mask(GUEST_ERROR)
target/unicore32: Remove unused headers
target/i386/cpu: Use the IEC binary prefix definitions
hw/i386/xen/xen-hvm: Use the IEC binary prefix definitions
hw/hppa/dino: Use the IEC binary prefix definitions
hw/arm/aspeed: Correct DRAM container region size
qemu-img: Fix doc typo for 'bitmap' subcommand
hw/misc/auxbus: Use qemu_log_mask(UNIMP) instead of debug printf
hw/isa/apm: Convert debug printf()s to trace events
hw/unicore32/puv3: Use qemu_log_mask(ERROR) instead of debug printf()
.mailmap: Update Fred Konrad email address
net: Do not include a newline in the id of -nic devices
Fix parameter type in vhost migration log path

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

# Conflicts:
# .mailmap

show more ...

Merge remote-tracking branch 'remotes/stsquad/tags/pull-testing-and-misc-080620-1' into staging

Various testing and misc fixes:

- header cleanups for plugins
- support wider watchpoints
- twe

Merge remote-tracking branch 'remotes/stsquad/tags/pull-testing-and-misc-080620-1' into staging

Various testing and misc fixes:

- header cleanups for plugins
- support wider watchpoints
- tweaks for unreliable and broken CI
- docker image fixes and verion bumps
- linux-user guest_base fixes
- remove flex/bison from various test images

# gpg: Signature made Mon 08 Jun 2020 17:16:19 BST
# gpg: using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [full]
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8 DF35 FBD0 DB09 5A9E 2A44

* remotes/stsquad/tags/pull-testing-and-misc-080620-1:
scripts/coverity-scan: Remove flex/bison packages
cirrus-ci: Remove flex/bison packages
tests/vm: Remove flex/bison packages
tests/docker: Remove flex/bison packages
linux-user: detect overflow of MAP_FIXED mmap
tests/tcg: add simple commpage test case
linux-user: deal with address wrap for ARM_COMMPAGE on 32 bit
linux-user: provide fallback pgd_find_hole for bare chroots
hw/virtio/vhost: re-factor vhost-section and allow DIRTY_MEMORY_CODE
docker: update Ubuntu to 20.04
tests/docker: fix pre-requisite for debian-tricore-cross
.shippable: temporaily disable some cross builds
.travis.yml: allow failure for unreliable hosts
exec: flush the whole TLB if a watchpoint crosses a page boundary
tests/plugin: correctly honour io_count
scripts/clean-includes: Mark 'qemu/qemu-plugin.h' as special header
qemu-plugin.h: add missing include <stddef.h> to define size_t

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

Fix parameter type in vhost migration log path

The ‘enable’ parameter to the vhost_migration_log() function is given as
an int, but "true"/"false" values are passed in wherever it is invoked.
Inside

Fix parameter type in vhost migration log path

The ‘enable’ parameter to the vhost_migration_log() function is given as
an int, but "true"/"false" values are passed in wherever it is invoked.
Inside the function itself it is only ever compared with bool values.
Therefore the parameter value itself should be changed to bool.

Signed-off-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <CAFubqFtqNZw=Y-ar3N=3zTQi6LkKg_G-7W7OOHHbE7Y1fV7HAQ@mail.gmail.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>

show more ...

hw/virtio/vhost: re-factor vhost-section and allow DIRTY_MEMORY_CODE

The purpose of vhost_section is to identify RAM regions that need to
be made available to a vhost client. However when running un

hw/virtio/vhost: re-factor vhost-section and allow DIRTY_MEMORY_CODE

The purpose of vhost_section is to identify RAM regions that need to
be made available to a vhost client. However when running under TCG
all RAM sections have DIRTY_MEMORY_CODE set which leads to problems
down the line.

Re-factor the code so:

- steps are clearer to follow
- reason for rejection is recorded in the trace point
- we allow DIRTY_MEMORY_CODE

We expand the comment to explain that kernel based vhost has specific
support for migration tracking.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Fabiano Rosas <farosas@linux.ibm.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Dr. David Alan Gilbert <dgilbert@redhat.com>
Cc: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20200605154929.26910-11-alex.bennee@linaro.org>

show more ...

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

virtio,acpi,pci,pc: backlog from pre-5.0

Mostly fixes, cleanups, but also new features for arm/virt and pc acpi.

Signed-of

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

virtio,acpi,pci,pc: backlog from pre-5.0

Mostly fixes, cleanups, but also new features for arm/virt and pc acpi.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Mon 04 May 2020 15:27:06 BST
# gpg: using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469
# gpg: issuer "mst@redhat.com"
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full]
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>" [full]
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67
# Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469

* remotes/mst/tags/for_upstream: (29 commits)
hw/i386: Make vmmouse helpers static
hw/i386: Add 'vmport.h' local header
hw/i386/vmport: Remove unused 'hw/input/i8042.h' include
hw/i386/pc: Create 'vmport' device in place
acpi: unit-test: Update WAET ACPI Table expected binaries
acpi: Add Windows ACPI Emulated Device Table (WAET)
acpi: unit-test: Ignore diff in WAET ACPI table
Refactor vhost_user_set_mem_table functions
tests/acpi: add expected tables for bios-tables-test
bios-tables-test: test pc-dimm and nvdimm coldplug for arm/virt
tests: Update ACPI tables list for upcoming arm/virt test changes
hw/arm/virt: Add nvdimm hotplug support
hw/arm/virt: Add nvdimm hot-plug infrastructure
nvdimm: Use configurable ACPI IO base and size
hw/acpi/nvdimm: Fix for NVDIMM incorrect DSM output buffer length
acpi: DSDT without _STA
checkpatch: ignore allowed diff list
checkpatch: fix acpi check with multiple file name
vhost-user-blk: fix invalid memory access
virtio-pci: update virtio pci bar layout documentation
...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

vhost-user-blk: fix invalid memory access

when s->inflight is freed, vhost_dev_free_inflight may try to access
s->inflight->addr, it will retrigger the following issue.

==7309==ERROR: AddressSaniti

vhost-user-blk: fix invalid memory access

when s->inflight is freed, vhost_dev_free_inflight may try to access
s->inflight->addr, it will retrigger the following issue.

==7309==ERROR: AddressSanitizer: heap-use-after-free on address 0x604001020d18 at pc 0x555555ce948a bp 0x7fffffffb170 sp 0x7fffffffb160
READ of size 8 at 0x604001020d18 thread T0
#0 0x555555ce9489 in vhost_dev_free_inflight /root/smartx/qemu-el7/qemu-test/hw/virtio/vhost.c:1473
#1 0x555555cd86eb in virtio_reset /root/smartx/qemu-el7/qemu-test/hw/virtio/virtio.c:1214
#2 0x5555560d3eff in virtio_pci_reset hw/virtio/virtio-pci.c:1859
#3 0x555555f2ac53 in device_set_realized hw/core/qdev.c:893
#4 0x5555561d572c in property_set_bool qom/object.c:1925
#5 0x5555561de8de in object_property_set_qobject qom/qom-qobject.c:27
#6 0x5555561d99f4 in object_property_set_bool qom/object.c:1188
#7 0x555555e50ae7 in qdev_device_add /root/smartx/qemu-el7/qemu-test/qdev-monitor.c:626
#8 0x555555e51213 in qmp_device_add /root/smartx/qemu-el7/qemu-test/qdev-monitor.c:806
#9 0x555555e8ff40 in hmp_device_add /root/smartx/qemu-el7/qemu-test/hmp.c:1951
#10 0x555555be889a in handle_hmp_command /root/smartx/qemu-el7/qemu-test/monitor.c:3404
#11 0x555555beac8b in monitor_command_cb /root/smartx/qemu-el7/qemu-test/monitor.c:4296
#12 0x555556433eb7 in readline_handle_byte util/readline.c:393
#13 0x555555be89ec in monitor_read /root/smartx/qemu-el7/qemu-test/monitor.c:4279
#14 0x5555563285cc in tcp_chr_read chardev/char-socket.c:470
#15 0x7ffff670b968 in g_main_context_dispatch (/lib64/libglib-2.0.so.0+0x4a968)
#16 0x55555640727c in glib_pollfds_poll util/main-loop.c:215
#17 0x55555640727c in os_host_main_loop_wait util/main-loop.c:238
#18 0x55555640727c in main_loop_wait util/main-loop.c:497
#19 0x555555b2d0bf in main_loop /root/smartx/qemu-el7/qemu-test/vl.c:2013
#20 0x555555b2d0bf in main /root/smartx/qemu-el7/qemu-test/vl.c:4776
#21 0x7fffdd2eb444 in __libc_start_main (/lib64/libc.so.6+0x22444)
#22 0x555555b3767a (/root/smartx/qemu-el7/qemu-test/x86_64-softmmu/qemu-system-x86_64+0x5e367a)

0x604001020d18 is located 8 bytes inside of 40-byte region [0x604001020d10,0x604001020d38)
freed by thread T0 here:
#0 0x7ffff6f00508 in __interceptor_free (/lib64/libasan.so.4+0xde508)
#1 0x7ffff671107d in g_free (/lib64/libglib-2.0.so.0+0x5007d)

previously allocated by thread T0 here:
#0 0x7ffff6f00a88 in __interceptor_calloc (/lib64/libasan.so.4+0xdea88)
#1 0x7ffff6710fc5 in g_malloc0 (/lib64/libglib-2.0.so.0+0x4ffc5)

SUMMARY: AddressSanitizer: heap-use-after-free /root/smartx/qemu-el7/qemu-test/hw/virtio/vhost.c:1473 in vhost_dev_free_inflight
Shadow bytes around the buggy address:
0x0c08801fc150: fa fa 00 00 00 00 04 fa fa fa fd fd fd fd fd fa
0x0c08801fc160: fa fa fd fd fd fd fd fd fa fa 00 00 00 00 04 fa
0x0c08801fc170: fa fa 00 00 00 00 00 01 fa fa 00 00 00 00 04 fa
0x0c08801fc180: fa fa 00 00 00 00 00 01 fa fa 00 00 00 00 00 01
0x0c08801fc190: fa fa 00 00 00 00 00 fa fa fa 00 00 00 00 04 fa
=>0x0c08801fc1a0: fa fa fd[fd]fd fd fd fa fa fa fd fd fd fd fd fa
0x0c08801fc1b0: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
0x0c08801fc1c0: fa fa 00 00 00 00 00 fa fa fa fd fd fd fd fd fd
0x0c08801fc1d0: fa fa 00 00 00 00 00 01 fa fa fd fd fd fd fd fa
0x0c08801fc1e0: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fd
0x0c08801fc1f0: fa fa 00 00 00 00 00 01 fa fa fd fd fd fd fd fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==7309==ABORTING

Signed-off-by: Li Feng <fengli@smartx.com>
Message-Id: <20200417101707.14467-1-fengli@smartx.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Raphael Norwitz <raphael.norwitz@nutanix.com>

show more ...

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

virtio, pci, pc: fixes, cleanups, features

Bugfixes, cleanups all over the place.
Ability to disable hotplug for pci expres

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

virtio, pci, pc: fixes, cleanups, features

Bugfixes, cleanups all over the place.
Ability to disable hotplug for pci express ports.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Sun 08 Mar 2020 13:27:54 GMT
# gpg: using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469
# gpg: issuer "mst@redhat.com"
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full]
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>" [full]
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67
# Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469

* remotes/mst/tags/for_upstream:
hw/i386/intel_iommu: Simplify vtd_find_as_from_bus_num() logic
vhost-vsock: fix error message output
vhost: correctly turn on VIRTIO_F_IOMMU_PLATFORM
pcie_root_port: Add hotplug disabling option

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

vhost: correctly turn on VIRTIO_F_IOMMU_PLATFORM

We turn on device IOTLB via VIRTIO_F_IOMMU_PLATFORM unconditionally on
platform without IOMMU support. This can lead unnecessary IOTLB
transactions w

vhost: correctly turn on VIRTIO_F_IOMMU_PLATFORM

We turn on device IOTLB via VIRTIO_F_IOMMU_PLATFORM unconditionally on
platform without IOMMU support. This can lead unnecessary IOTLB
transactions which will damage the performance.

Fixing this by check whether the device is backed by IOMMU and disable
device IOTLB.

Reported-by: Halil Pasic <pasic@linux.ibm.com>
Tested-by: Halil Pasic <pasic@linux.ibm.com>
Reviewed-by: Halil Pasic <pasic@linux.ibm.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20200302042454.24814-1-jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

show more ...

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

* device_del fix (Julia)
* FXAM fix (myself)
* memdev refactoring (Igor)
* memory region API cleanups (Peter, Philippe)

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

* device_del fix (Julia)
* FXAM fix (myself)
* memdev refactoring (Igor)
* memory region API cleanups (Peter, Philippe)
* ioeventfd optimization (Stefan)
* new WHPX maintainer (Sunil)
* Large guest startup optimizations (Chen)

# gpg: Signature made Tue 25 Feb 2020 12:42:24 GMT
# gpg: using RSA key BFFBD25F78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream: (104 commits)
WHPX: Assigning maintainer for Windows Hypervisor Platform
accel/kvm: Check ioctl(KVM_SET_USER_MEMORY_REGION) return value
target/i386: check for empty register in FXAM
qdev-monitor: Forbid repeated device_del
mem-prealloc: optimize large guest startup
memory: batch allocate ioeventfds[] in address_space_update_ioeventfds()
Avoid cpu_physical_memory_rw() with a constant is_write argument
Let cpu_[physical]_memory() calls pass a boolean 'is_write' argument
exec: Let cpu_[physical]_memory API use a boolean 'is_write' argument
Avoid address_space_rw() with a constant is_write argument
Let address_space_rw() calls pass a boolean 'is_write' argument
exec: Let address_space_unmap() use a boolean 'is_write' argument
hw/virtio: Let vhost_memory_map() use a boolean 'is_write' argument
hw/virtio: Let virtqueue_map_iovec() use a boolean 'is_write' argument
hw/ide: Let the DMAIntFunc prototype use a boolean 'is_write' argument
hw/ide/internal: Remove unused DMARestartFunc typedef
Remove unnecessary cast when using the cpu_[physical]_memory API
exec: Let the cpu_[physical]_memory API use void pointer arguments
Remove unnecessary cast when using the address_space API
hw/net: Avoid casting non-const pointer, use address_space_write()
...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

Merge branch 'exec_rw_const_v4' of https://github.com/philmd/qemu into HEAD

hw/virtio: Let vhost_memory_map() use a boolean 'is_write' argument

The 'is_write' argument is either 0 or 1.
Convert it to a boolean type.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

virtio, pc: fixes, features

Bugfixes all over the place.
CPU hotplug with secureboot.

Signed-off-by: Michael S. Tsirkin <m

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

virtio, pc: fixes, features

Bugfixes all over the place.
CPU hotplug with secureboot.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Thu 23 Jan 2020 07:08:32 GMT
# gpg: using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469
# gpg: issuer "mst@redhat.com"
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full]
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>" [full]
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67
# Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469

* remotes/mst/tags/for_upstream:
vhost: coding style fix
i386:acpi: Remove _HID from the SMBus ACPI entry
vhost: Only align sections for vhost-user
vhost: Add names to section rounded warning
vhost-vsock: delete vqs in vhost_vsock_unrealize to avoid memleaks
virtio-scsi: convert to new virtio_delete_queue
virtio-scsi: delete vqs in unrealize to avoid memleaks
virtio-9p-device: convert to new virtio_delete_queue
virtio-9p-device: fix memleak in virtio_9p_device_unrealize
bios-tables-test: document expected file update
acpi: cpuhp: add CPHP_GET_CPU_ID_CMD command
acpi: cpuhp: spec: add typical usecases
acpi: cpuhp: introduce 'Command data 2' field
acpi: cpuhp: spec: clarify store into 'Command data' when 'Command field' == 0
acpi: cpuhp: spec: fix 'Command data' description
acpi: cpuhp: spec: clarify 'CPU selector' register usage and endianness
tests: q35: MCH: add default SMBASE SMRAM lock test
q35: implement 128K SMRAM at default SMBASE address

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

vhost: coding style fix

Drop a trailing whitespace. Make line shorter.

Fixes: 76525114736e8 ("vhost: Only align sections for vhost-user")
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

vhost: Only align sections for vhost-user

I added hugepage alignment code in c1ece84e7c9 to deal with
vhost-user + postcopy which needs aligned pages when using userfault.
However, on x86 the lower

vhost: Only align sections for vhost-user

I added hugepage alignment code in c1ece84e7c9 to deal with
vhost-user + postcopy which needs aligned pages when using userfault.
However, on x86 the lower 2MB of address space tends to be shotgun'd
with small fragments around the 512-640k range - e.g. video RAM, and
with HyperV synic pages tend to sit around there - again splitting
it up. The alignment code complains with a 'Section rounded to ...'
error and gives up.

Since vhost-user already filters out devices without an fd
(see vhost-user.c vhost_user_mem_section_filter) it shouldn't be
affected by those overlaps.

Turn the alignment off on vhost-kernel so that it doesn't try
and align, and thus won't hit the rounding issues.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <20200116202414.157959-3-dgilbert@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

vhost: Add names to section rounded warning

Add the memory region names to section rounding/alignment
warnings.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <202001162024

vhost: Add names to section rounded warning

Add the memory region names to section rounding/alignment
warnings.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <20200116202414.157959-2-dgilbert@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

show more ...