[Qemu-devel] [PULL 0/6] QEMU patches for 2.8.0-rc0

[Qemu-devel] [PULL 0/6] QEMU patches for 2.8.0-rc0

[Paolo Bonzini]

The following changes since commit 207faf24c58859f5240f66bf6decc33b87a1776e:

  Merge remote-tracking branch 'pm215/tags/pull-target-arm-20161107' into staging (2016-11-07 14:02:15 +0000)

are available in the git repository at:


  git://github.com/bonzini/qemu.git tags/for-upstream

for you to fetch changes up to a5068244b4f0c994791303b6186b6f732adab6c2:

  nbd: Don't inf-loop on early EOF (2016-11-10 16:01:30 +0100)

----------------------------------------------------------------
Small fixes for hard freeze.

----------------------------------------------------------------
Doug Evans (1):
      target-i386: document how x86 gdb_num_core_regs is computed.

Eric Blake (1):
      nbd: Don't inf-loop on early EOF

Marc-André Lureau (1):
      qdev: fix use-after-free regression from becdfa00cfa

Michael Tokarev (1):
      vl.c: move pidfile creation up the line

Paolo Bonzini (1):
      target-i386: fix typo

ZhuangYanying (1):
      target-i386/machine: fix migrate faile because of Hyper-V HV_X64_MSR_VP_RUNTIME

 hw/core/qdev-properties-system.c |  8 ++------
 nbd/client.c                     | 13 +++++++------
 target-i386/cpu.c                |  3 +++
 target-i386/kvm.c                |  2 +-
 target-i386/machine.c            |  4 ++++
 vl.c                             | 10 +++++-----
 6 files changed, 22 insertions(+), 18 deletions(-)
-- 
1.8.3.1

[Qemu-devel] [PULL 1/6] target-i386: fix typo

[Paolo Bonzini]

The impact is small because kvm_get_vcpu_events fixes env->hflags, but
it is wrong and could cause INITs to be delayed arbitrarily with
-machine kernel_irqchip=off.

Reported-by: Achille Fouilleul <achille.fouilleul@gadz.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 target-i386/kvm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target-i386/kvm.c b/target-i386/kvm.c
index 1c0864e..f62264a 100644
--- a/target-i386/kvm.c
+++ b/target-i386/kvm.c
@@ -2855,7 +2855,7 @@ MemTxAttrs kvm_arch_post_run(CPUState *cpu, struct kvm_run *run)
     if (run->flags & KVM_RUN_X86_SMM) {
         env->hflags |= HF_SMM_MASK;
     } else {
-        env->hflags &= HF_SMM_MASK;
+        env->hflags &= ~HF_SMM_MASK;
     }
     if (run->if_flag) {
         env->eflags |= IF_MASK;
-- 
1.8.3.1

[Qemu-devel] [PULL 2/6] vl.c: move pidfile creation up the line

[Paolo Bonzini]

From: Michael Tokarev <mjt@tls.msk.ru>

With current code, pid file is open after various
sockets, chardevs, fsdevs and the like.  This causes
interesting effects, for example when monitor is a
unix-socket, and another qemu instance is already
running, new qemu first "damages" the socket and
next complain that it can't acquire the pid file and
exits, making running qemu unreachable.

Move pid file creation earlier, right after the call
to os_daemonize(), where we know our process id (pid).

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Message-Id: <1478096330-18081-1-git-send-email-mjt@msgid.tls.msk.ru>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 vl.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/vl.c b/vl.c
index 319f641..d77dd86 100644
--- a/vl.c
+++ b/vl.c
@@ -4063,6 +4063,11 @@ int main(int argc, char **argv, char **envp)
 
     os_daemonize();
 
+    if (pid_file && qemu_create_pidfile(pid_file) != 0) {
+        error_report("could not acquire pid file: %s", strerror(errno));
+        exit(1);
+    }
+
     if (qemu_init_main_loop(&main_loop_err)) {
         error_report_err(main_loop_err);
         exit(1);
@@ -4340,11 +4345,6 @@ int main(int argc, char **argv, char **envp)
     }
 #endif
 
-    if (pid_file && qemu_create_pidfile(pid_file) != 0) {
-        error_report("could not acquire pid file: %s", strerror(errno));
-        exit(1);
-    }
-
     if (qemu_opts_foreach(qemu_find_opts("device"),
                           device_help_func, NULL, NULL)) {
         exit(0);
-- 
1.8.3.1

[Qemu-devel] [PULL 3/6] target-i386/machine: fix migrate faile because of Hyper-V HV_X64_MSR_VP_RUNTIME

[Paolo Bonzini]

From: ZhuangYanying <ann.zhuangyanying@huawei.com>

Hyper-V HV_X64_MSR_VP_RUNTIME was introduced in linux-4.4 + qemu-2.5.

As long as the KVM module supports, qemu will save / load the
vmstate_msr_hyperv_runtime register during the migration.

Regardless of whether the hyperv_runtime configuration of x86_cpu_properties is
enabled.

The qemu-2.3 does not support this feature, of course, failed to migrate.

    linux-BGSfqC:/home/qemu # ./x86_64-softmmu/qemu-system-x86_64 --enable-kvm \
        -nodefaults -machine pc-i440fx-2.3,accel=kvm,usb=off -smp 4 -m 4096 -drive \
        file=/work/suse/sles11sp3.img.bak,format=raw,if=none,id=drive-virtio-disk0,cache=none \
        -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x5,drive=drive-virtio-disk0,id=virtio-disk0 \
        -vnc :99 -device cirrus-vga,id=video0,vgamem_mb=8,bus=pci.0,addr=0x2 -monitor vc

    save_section_header:se->section_id=3,se->idstr:ram,se->instance_id=0,se->version_id=4
    save_section_header:se->section_id=0,se->idstr:timer,se->instance_id=0,se->version_id=2
    save_section_header:se->section_id=4,se->idstr:cpu_common,se->instance_id=0,se->version_id=1
    save_section_header:se->section_id=5,se->idstr:cpu,se->instance_id=0,se->version_id=12
    vmstate_subsection_save:vmsd->name:cpu/async_pf_msr
    hyperv_runtime_enable_needed:env->msr_hv_runtime=128902811
    vmstate_subsection_save:vmsd->name:cpu/msr_hyperv_runtime

Since hyperv_runtime is false, vm will not use hv->runtime_offset, then
vmstate_msr_hyperv_runtime is no need to transfer while migrating.

Signed-off-by: ann.zhuangyanying@huawei.com
Message-Id: <1478247398-5016-1-git-send-email-ann.zhuangyanying@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 target-i386/machine.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/target-i386/machine.c b/target-i386/machine.c
index 48037f1..760f82b 100644
--- a/target-i386/machine.c
+++ b/target-i386/machine.c
@@ -709,6 +709,10 @@ static bool hyperv_runtime_enable_needed(void *opaque)
     X86CPU *cpu = opaque;
     CPUX86State *env = &cpu->env;
 
+    if (!cpu->hyperv_runtime) {
+        return false;
+    }
+
     return env->msr_hv_runtime != 0;
 }
 
-- 
1.8.3.1

[Qemu-devel] [PULL 4/6] qdev: fix use-after-free regression from becdfa00cfa

[Paolo Bonzini]

From: Marc-André Lureau <marcandre.lureau@redhat.com>

Spotted by Coverity, CID 1365383.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20161107095922.31676-1-marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 hw/core/qdev-properties-system.c | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/hw/core/qdev-properties-system.c b/hw/core/qdev-properties-system.c
index c35f0f5..1b7ea50 100644
--- a/hw/core/qdev-properties-system.c
+++ b/hw/core/qdev-properties-system.c
@@ -200,18 +200,14 @@ static void set_chr(Object *obj, Visitor *v, const char *name, void *opaque,
     }
 
     s = qemu_chr_find(str);
-    g_free(str);
     if (s == NULL) {
         error_setg(errp, "Property '%s.%s' can't find value '%s'",
                    object_get_typename(obj), prop->name, str);
-        return;
-    }
-
-    if (!qemu_chr_fe_init(be, s, errp)) {
+    } else if (!qemu_chr_fe_init(be, s, errp)) {
         error_prepend(errp, "Property '%s.%s' can't take value '%s': ",
                       object_get_typename(obj), prop->name, str);
-        return;
     }
+    g_free(str);
 }
 
 static void release_chr(Object *obj, const char *name, void *opaque)
-- 
1.8.3.1

[Qemu-devel] [PULL 5/6] target-i386: document how x86 gdb_num_core_regs is computed.

[Paolo Bonzini]

From: Doug Evans <dje@google.com>

It helps when reading the code to see how the number is arrived at.

Signed-off-by: Doug Evans <dje@google.com>
Message-Id: <94eb2c187eda43dba005406c86f7@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 target-i386/cpu.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index 14c5186..6eec5dc 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -3721,6 +3721,9 @@ static void x86_cpu_common_class_init(ObjectClass *oc, void *data)
     cc->write_elf32_qemunote = x86_cpu_write_elf32_qemunote;
     cc->vmsd = &vmstate_x86_cpu;
 #endif
+    /* CPU_NB_REGS * 2 = general regs + xmm regs
+     * 25 = eip, eflags, 6 seg regs, st[0-7], fctrl,...,fop, mxcsr.
+     */
     cc->gdb_num_core_regs = CPU_NB_REGS * 2 + 25;
 #ifndef CONFIG_USER_ONLY
     cc->debug_excp_handler = breakpoint_handler;
-- 
1.8.3.1

[Qemu-devel] [PULL 6/6] nbd: Don't inf-loop on early EOF

[Paolo Bonzini]

From: Eric Blake <eblake@redhat.com>

Commit 7d3123e converted a single read_sync() into a while loop
that assumed that read_sync() would either make progress or give
an error. But when the server hangs up early, the client sees
EOF (a read_sync() of 0) and never makes progress, which in turn
caused qemu-iotest './check -nbd 83' to go into an infinite loop.

Rework the loop to accomodate reads cut short by EOF.

Reported-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1478551093-32757-1-git-send-email-eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 nbd/client.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/nbd/client.c b/nbd/client.c
index 7db4301..ffb0743 100644
--- a/nbd/client.c
+++ b/nbd/client.c
@@ -90,20 +90,21 @@ static QTAILQ_HEAD(, NBDExport) exports = QTAILQ_HEAD_INITIALIZER(exports);
  * the amount of bytes consumed. */
 static ssize_t drop_sync(QIOChannel *ioc, size_t size)
 {
-    ssize_t ret, dropped = size;
+    ssize_t ret = 0;
     char small[1024];
     char *buffer;
 
     buffer = sizeof(small) < size ? small : g_malloc(MIN(65536, size));
     while (size > 0) {
-        ret = read_sync(ioc, buffer, MIN(65536, size));
-        if (ret < 0) {
+        ssize_t count = read_sync(ioc, buffer, MIN(65536, size));
+
+        if (count <= 0) {
             goto cleanup;
         }
-        assert(ret <= size);
-        size -= ret;
+        assert(count <= size);
+        size -= count;
+        ret += count;
     }
-    ret = dropped;
 
  cleanup:
     if (buffer != small) {
-- 
1.8.3.1

Re: [Qemu-devel] [PULL 0/6] QEMU patches for 2.8.0-rc0

[Stefan Hajnoczi]

[-- Attachment #1: Type: text/plain, Size: 1676 bytes --]

On Thu, Nov 10, 2016 at 06:52:36PM +0100, Paolo Bonzini wrote:
> The following changes since commit 207faf24c58859f5240f66bf6decc33b87a1776e:
> 
>   Merge remote-tracking branch 'pm215/tags/pull-target-arm-20161107' into staging (2016-11-07 14:02:15 +0000)
> 
> are available in the git repository at:
> 
> 
>   git://github.com/bonzini/qemu.git tags/for-upstream
> 
> for you to fetch changes up to a5068244b4f0c994791303b6186b6f732adab6c2:
> 
>   nbd: Don't inf-loop on early EOF (2016-11-10 16:01:30 +0100)
> 
> ----------------------------------------------------------------
> Small fixes for hard freeze.
> 
> ----------------------------------------------------------------
> Doug Evans (1):
>       target-i386: document how x86 gdb_num_core_regs is computed.
> 
> Eric Blake (1):
>       nbd: Don't inf-loop on early EOF
> 
> Marc-André Lureau (1):
>       qdev: fix use-after-free regression from becdfa00cfa
> 
> Michael Tokarev (1):
>       vl.c: move pidfile creation up the line
> 
> Paolo Bonzini (1):
>       target-i386: fix typo
> 
> ZhuangYanying (1):
>       target-i386/machine: fix migrate faile because of Hyper-V HV_X64_MSR_VP_RUNTIME
> 
>  hw/core/qdev-properties-system.c |  8 ++------
>  nbd/client.c                     | 13 +++++++------
>  target-i386/cpu.c                |  3 +++
>  target-i386/kvm.c                |  2 +-
>  target-i386/machine.c            |  4 ++++
>  vl.c                             | 10 +++++-----
>  6 files changed, 22 insertions(+), 18 deletions(-)
> -- 
> 1.8.3.1
> 
> 

Thanks, applied to my staging tree:
https://github.com/stefanha/qemu/commits/staging

Stefan

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 455 bytes --]