Hello community, here is the log from the commit of package qemu for openSUSE:Leap:15.2 checked in at 2020-03-17 04:15:11 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/qemu (Old) and /work/SRC/openSUSE:Leap:15.2/.qemu.new.3160 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "qemu" Tue Mar 17 04:15:11 2020 rev:101 rq:784744 version:4.2.0 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/qemu/qemu.changes 2020-02-25 12:16:58.600406795 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.qemu.new.3160/qemu.changes 2020-03-17 04:15:13.432962050 +0100 @@ -1,0 +2,36 @@ +Thu Mar 12 16:27:03 UTC 2020 - Bruce Rogers <[email protected]> + +- Include upstream patches targeted for the next stable release + (bug fixes only) + audio-oss-fix-buffer-pos-calculation.patch + blkdebug-Allow-taking-unsharing-permissi.patch + block-Add-bdrv_qapi_perm_to_blk_perm.patch + block-backup-top-fix-failure-path.patch + block-block-copy-fix-progress-calculatio.patch + block-fix-crash-on-zero-length-unaligned.patch + block-fix-memleaks-in-bdrv_refresh_filen.patch + block-Fix-VM-size-field-width-in-snapsho.patch + block-nbd-extract-the-common-cleanup-cod.patch + block-nbd-fix-memory-leak-in-nbd_open.patch + block-qcow2-threads-fix-qcow2_decompress.patch + hw-arm-cubieboard-use-ARM-Cortex-A8-as-t.patch + hw-intc-arm_gicv3_kvm-Stop-wrongly-progr.patch + iotests-add-test-for-backup-top-failure-.patch + iotests-Fix-nonportable-use-of-od-endian.patch + job-refactor-progress-to-separate-object.patch + target-arm-Correct-definition-of-PMCRDP.patch + target-arm-fix-TCG-leak-for-fcvt-half-do.patch + tpm-ppi-page-align-PPI-RAM.patch + vhost-user-blk-delete-virtioqueues-in-un.patch + virtio-add-ability-to-delete-vq-through-.patch + virtio-crypto-do-delete-ctrl_vq-in-virti.patch + virtio-pmem-do-delete-rq_vq-in-virtio_pm.patch + +------------------------------------------------------------------- +Thu Feb 20 18:55:15 UTC 2020 - Bruce Rogers <[email protected]> + +- Add Obsoletes directive for qemu-audio-sdl and qemu-ui-sdl since + for a qemu package upgrade from SLE12-SP5, support for SDL is + dropped + +------------------------------------------------------------------- New: ---- audio-oss-fix-buffer-pos-calculation.patch blkdebug-Allow-taking-unsharing-permissi.patch block-Add-bdrv_qapi_perm_to_blk_perm.patch block-Fix-VM-size-field-width-in-snapsho.patch block-backup-top-fix-failure-path.patch block-block-copy-fix-progress-calculatio.patch block-fix-crash-on-zero-length-unaligned.patch block-fix-memleaks-in-bdrv_refresh_filen.patch block-nbd-extract-the-common-cleanup-cod.patch block-nbd-fix-memory-leak-in-nbd_open.patch block-qcow2-threads-fix-qcow2_decompress.patch hw-arm-cubieboard-use-ARM-Cortex-A8-as-t.patch hw-intc-arm_gicv3_kvm-Stop-wrongly-progr.patch iotests-Fix-nonportable-use-of-od-endian.patch iotests-add-test-for-backup-top-failure-.patch job-refactor-progress-to-separate-object.patch target-arm-Correct-definition-of-PMCRDP.patch target-arm-fix-TCG-leak-for-fcvt-half-do.patch tpm-ppi-page-align-PPI-RAM.patch vhost-user-blk-delete-virtioqueues-in-un.patch virtio-add-ability-to-delete-vq-through-.patch virtio-crypto-do-delete-ctrl_vq-in-virti.patch virtio-pmem-do-delete-rq_vq-in-virtio_pm.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ qemu.spec ++++++ --- /var/tmp/diff_new_pack.n4vv6G/_old 2020-03-17 04:15:17.724964540 +0100 +++ /var/tmp/diff_new_pack.n4vv6G/_new 2020-03-17 04:15:17.736964546 +0100 @@ -149,78 +149,101 @@ Patch00019: hw-arm-smmuv3-Align-stream-table-base-ad.patch Patch00020: hw-arm-smmuv3-Use-correct-bit-positions-.patch Patch00021: hw-arm-smmuv3-Report-F_STE_FETCH-fault-a.patch -Patch00022: virtio-update-queue-size-on-guest-write.patch -Patch00023: virtio-don-t-enable-notifications-during.patch -Patch00024: numa-Extend-CLI-to-provide-initiator-inf.patch -Patch00025: numa-Extend-CLI-to-provide-memory-latenc.patch -Patch00026: numa-Extend-CLI-to-provide-memory-side-c.patch -Patch00027: hmat-acpi-Build-Memory-Proximity-Domain-.patch -Patch00028: hmat-acpi-Build-System-Locality-Latency-.patch -Patch00029: hmat-acpi-Build-Memory-Side-Cache-Inform.patch -Patch00030: tests-numa-Add-case-for-QMP-build-HMAT.patch -Patch00031: qcow2-bitmaps-fix-qcow2_can_store_new_di.patch -Patch00032: backup-top-Begin-drain-earlier.patch -Patch00033: virtio-mmio-update-queue-size-on-guest-w.patch -Patch00034: virtio-net-delete-also-control-queue-whe.patch -Patch00035: intel_iommu-a-fix-to-vtd_find_as_from_bu.patch -Patch00036: target-i386-Add-new-bit-definitions-of-M.patch -Patch00037: target-i386-Add-missed-features-to-Coope.patch -Patch00038: hw-i386-pc-fix-regression-in-parsing-vga.patch -Patch00039: migration-test-ppc64-fix-FORTH-test-prog.patch -Patch00040: target-arm-Return-correct-IL-bit-in-merg.patch -Patch00041: target-arm-Set-ISSIs16Bit-in-make_issinf.patch -Patch00042: runstate-ignore-finishmigrate-prelaunch-.patch -Patch00043: migration-Rate-limit-inside-host-pages.patch -Patch00044: m68k-Fix-regression-causing-Single-Step-.patch -Patch00045: Revert-vnc-allow-fall-back-to-RAW-encodi.patch -Patch00046: vnc-prioritize-ZRLE-compression-over-ZLI.patch -Patch00047: target-i386-kvm-initialize-feature-MSRs-.patch -Patch00048: s390x-adapter-routes-error-handling.patch -Patch00049: XXX-dont-dump-core-on-sigabort.patch -Patch00050: qemu-binfmt-conf-Modify-default-path.patch -Patch00051: qemu-cvs-gettimeofday.patch -Patch00052: qemu-cvs-ioctl_debug.patch -Patch00053: qemu-cvs-ioctl_nodirection.patch -Patch00054: linux-user-add-binfmt-wrapper-for-argv-0.patch -Patch00055: PPC-KVM-Disable-mmu-notifier-check.patch -Patch00056: linux-user-binfmt-support-host-binaries.patch -Patch00057: linux-user-Fake-proc-cpuinfo.patch -Patch00058: linux-user-use-target_ulong.patch -Patch00059: Make-char-muxer-more-robust-wrt-small-FI.patch -Patch00060: linux-user-lseek-explicitly-cast-non-set.patch -Patch00061: AIO-Reduce-number-of-threads-for-32bit-h.patch -Patch00062: xen_disk-Add-suse-specific-flush-disable.patch -Patch00063: qemu-bridge-helper-reduce-security-profi.patch -Patch00064: qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch -Patch00065: linux-user-properly-test-for-infinite-ti.patch -Patch00066: roms-Makefile-pass-a-packaging-timestamp.patch -Patch00067: Raise-soft-address-space-limit-to-hard-l.patch -Patch00068: increase-x86_64-physical-bits-to-42.patch -Patch00069: vga-Raise-VRAM-to-16-MiB-for-pc-0.15-and.patch -Patch00070: i8254-Fix-migration-from-SLE11-SP2.patch -Patch00071: acpi_piix4-Fix-migration-from-SLE11-SP2.patch -Patch00072: Switch-order-of-libraries-for-mpath-supp.patch -Patch00073: Make-installed-scripts-explicitly-python.patch -Patch00074: hw-smbios-handle-both-file-formats-regar.patch -Patch00075: xen-add-block-resize-support-for-xen-dis.patch -Patch00076: tests-qemu-iotests-Triple-timeout-of-i-o.patch -Patch00077: tests-Fix-block-tests-to-be-compatible-w.patch -Patch00078: xen-ignore-live-parameter-from-xen-save-.patch -Patch00079: Conditionalize-ui-bitmap-installation-be.patch -Patch00080: tests-change-error-message-in-test-162.patch -Patch00081: hw-usb-hcd-xhci-Fix-GCC-9-build-warning.patch -Patch00082: hw-usb-dev-mtp-Fix-GCC-9-build-warning.patch -Patch00083: hw-intc-exynos4210_gic-provide-more-room.patch -Patch00084: configure-only-populate-roms-if-softmmu.patch -Patch00085: pc-bios-s390-ccw-net-avoid-warning-about.patch -Patch00086: roms-change-cross-compiler-naming-to-be-.patch -Patch00087: tests-Disable-some-block-tests-for-now.patch -Patch00088: test-add-mapping-from-arch-of-i686-to-qe.patch -Patch00089: roms-Makefile-enable-cross-compile-for-b.patch -Patch00090: iscsi-Cap-block-count-from-GET-LBA-STATU.patch -Patch00091: block-backup-fix-memory-leak-in-bdrv_bac.patch -Patch00092: target-arm-monitor-query-cpu-model-expan.patch -Patch00093: hw-i386-disable-smbus-migration-for-xenf.patch +Patch00022: block-Add-bdrv_qapi_perm_to_blk_perm.patch +Patch00023: blkdebug-Allow-taking-unsharing-permissi.patch +Patch00024: virtio-add-ability-to-delete-vq-through-.patch +Patch00025: virtio-update-queue-size-on-guest-write.patch +Patch00026: virtio-don-t-enable-notifications-during.patch +Patch00027: numa-Extend-CLI-to-provide-initiator-inf.patch +Patch00028: numa-Extend-CLI-to-provide-memory-latenc.patch +Patch00029: numa-Extend-CLI-to-provide-memory-side-c.patch +Patch00030: hmat-acpi-Build-Memory-Proximity-Domain-.patch +Patch00031: hmat-acpi-Build-System-Locality-Latency-.patch +Patch00032: hmat-acpi-Build-Memory-Side-Cache-Inform.patch +Patch00033: tests-numa-Add-case-for-QMP-build-HMAT.patch +Patch00034: qcow2-bitmaps-fix-qcow2_can_store_new_di.patch +Patch00035: backup-top-Begin-drain-earlier.patch +Patch00036: virtio-mmio-update-queue-size-on-guest-w.patch +Patch00037: virtio-net-delete-also-control-queue-whe.patch +Patch00038: intel_iommu-a-fix-to-vtd_find_as_from_bu.patch +Patch00039: target-i386-Add-new-bit-definitions-of-M.patch +Patch00040: target-i386-Add-missed-features-to-Coope.patch +Patch00041: hw-i386-pc-fix-regression-in-parsing-vga.patch +Patch00042: migration-test-ppc64-fix-FORTH-test-prog.patch +Patch00043: target-arm-Return-correct-IL-bit-in-merg.patch +Patch00044: target-arm-Set-ISSIs16Bit-in-make_issinf.patch +Patch00045: runstate-ignore-finishmigrate-prelaunch-.patch +Patch00046: migration-Rate-limit-inside-host-pages.patch +Patch00047: m68k-Fix-regression-causing-Single-Step-.patch +Patch00048: Revert-vnc-allow-fall-back-to-RAW-encodi.patch +Patch00049: vnc-prioritize-ZRLE-compression-over-ZLI.patch +Patch00050: target-i386-kvm-initialize-feature-MSRs-.patch +Patch00051: s390x-adapter-routes-error-handling.patch +Patch00052: iscsi-Cap-block-count-from-GET-LBA-STATU.patch +Patch00053: block-backup-fix-memory-leak-in-bdrv_bac.patch +Patch00054: tpm-ppi-page-align-PPI-RAM.patch +Patch00055: hw-intc-arm_gicv3_kvm-Stop-wrongly-progr.patch +Patch00056: target-arm-fix-TCG-leak-for-fcvt-half-do.patch +Patch00057: block-fix-memleaks-in-bdrv_refresh_filen.patch +Patch00058: block-backup-top-fix-failure-path.patch +Patch00059: iotests-add-test-for-backup-top-failure-.patch +Patch00060: audio-oss-fix-buffer-pos-calculation.patch +Patch00061: block-fix-crash-on-zero-length-unaligned.patch +Patch00062: block-Fix-VM-size-field-width-in-snapsho.patch +Patch00063: target-arm-Correct-definition-of-PMCRDP.patch +Patch00064: block-nbd-extract-the-common-cleanup-cod.patch +Patch00065: block-nbd-fix-memory-leak-in-nbd_open.patch +Patch00066: virtio-crypto-do-delete-ctrl_vq-in-virti.patch +Patch00067: virtio-pmem-do-delete-rq_vq-in-virtio_pm.patch +Patch00068: vhost-user-blk-delete-virtioqueues-in-un.patch +Patch00069: hw-arm-cubieboard-use-ARM-Cortex-A8-as-t.patch +Patch00070: iotests-Fix-nonportable-use-of-od-endian.patch +Patch00071: block-qcow2-threads-fix-qcow2_decompress.patch +Patch00072: job-refactor-progress-to-separate-object.patch +Patch00073: block-block-copy-fix-progress-calculatio.patch +Patch00074: XXX-dont-dump-core-on-sigabort.patch +Patch00075: qemu-binfmt-conf-Modify-default-path.patch +Patch00076: qemu-cvs-gettimeofday.patch +Patch00077: qemu-cvs-ioctl_debug.patch +Patch00078: qemu-cvs-ioctl_nodirection.patch +Patch00079: linux-user-add-binfmt-wrapper-for-argv-0.patch +Patch00080: PPC-KVM-Disable-mmu-notifier-check.patch +Patch00081: linux-user-binfmt-support-host-binaries.patch +Patch00082: linux-user-Fake-proc-cpuinfo.patch +Patch00083: linux-user-use-target_ulong.patch +Patch00084: Make-char-muxer-more-robust-wrt-small-FI.patch +Patch00085: linux-user-lseek-explicitly-cast-non-set.patch +Patch00086: AIO-Reduce-number-of-threads-for-32bit-h.patch +Patch00087: xen_disk-Add-suse-specific-flush-disable.patch +Patch00088: qemu-bridge-helper-reduce-security-profi.patch +Patch00089: qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch +Patch00090: linux-user-properly-test-for-infinite-ti.patch +Patch00091: roms-Makefile-pass-a-packaging-timestamp.patch +Patch00092: Raise-soft-address-space-limit-to-hard-l.patch +Patch00093: increase-x86_64-physical-bits-to-42.patch +Patch00094: vga-Raise-VRAM-to-16-MiB-for-pc-0.15-and.patch +Patch00095: i8254-Fix-migration-from-SLE11-SP2.patch +Patch00096: acpi_piix4-Fix-migration-from-SLE11-SP2.patch +Patch00097: Switch-order-of-libraries-for-mpath-supp.patch +Patch00098: Make-installed-scripts-explicitly-python.patch +Patch00099: hw-smbios-handle-both-file-formats-regar.patch +Patch00100: xen-add-block-resize-support-for-xen-dis.patch +Patch00101: tests-qemu-iotests-Triple-timeout-of-i-o.patch +Patch00102: tests-Fix-block-tests-to-be-compatible-w.patch +Patch00103: xen-ignore-live-parameter-from-xen-save-.patch +Patch00104: Conditionalize-ui-bitmap-installation-be.patch +Patch00105: tests-change-error-message-in-test-162.patch +Patch00106: hw-usb-hcd-xhci-Fix-GCC-9-build-warning.patch +Patch00107: hw-usb-dev-mtp-Fix-GCC-9-build-warning.patch +Patch00108: hw-intc-exynos4210_gic-provide-more-room.patch +Patch00109: configure-only-populate-roms-if-softmmu.patch +Patch00110: pc-bios-s390-ccw-net-avoid-warning-about.patch +Patch00111: roms-change-cross-compiler-naming-to-be-.patch +Patch00112: tests-Disable-some-block-tests-for-now.patch +Patch00113: test-add-mapping-from-arch-of-i686-to-qe.patch +Patch00114: roms-Makefile-enable-cross-compile-for-b.patch +Patch00115: target-arm-monitor-query-cpu-model-expan.patch +Patch00116: hw-i386-disable-smbus-migration-for-xenf.patch # Patches applied in roms/seabios/: Patch01000: seabios-use-python2-explicitly-as-needed.patch Patch01001: seabios-switch-to-python3-as-needed.patch @@ -452,6 +475,9 @@ Recommends: qemu-ui-gtk %if 0%{?is_opensuse} Recommends: qemu-ui-sdl +%else +Obsoletes: qemu-audio-sdl <= %{qemuver} +Obsoletes: qemu-ui-sdl <= %{qemuver} %endif Recommends: qemu-ui-spice-app Recommends: qemu-x86 @@ -1021,6 +1047,29 @@ %patch00091 -p1 %patch00092 -p1 %patch00093 -p1 +%patch00094 -p1 +%patch00095 -p1 +%patch00096 -p1 +%patch00097 -p1 +%patch00098 -p1 +%patch00099 -p1 +%patch00100 -p1 +%patch00101 -p1 +%patch00102 -p1 +%patch00103 -p1 +%patch00104 -p1 +%patch00105 -p1 +%patch00106 -p1 +%patch00107 -p1 +%patch00108 -p1 +%patch00109 -p1 +%patch00110 -p1 +%patch00111 -p1 +%patch00112 -p1 +%patch00113 -p1 +%patch00114 -p1 +%patch00115 -p1 +%patch00116 -p1 %patch01000 -p1 %patch01001 -p1 %patch01002 -p1 ++++++ audio-oss-fix-buffer-pos-calculation.patch ++++++ From: Gerd Hoffmann <[email protected]> Date: Mon, 20 Jan 2020 11:18:04 +0100 Subject: audio/oss: fix buffer pos calculation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Git-commit: 7a4ede0047a8613b0e3b72c9d351038f013dd357 Fixes: 3ba4066d085f ("ossaudio: port to the new audio backend api") Reported-by: ziming zhang <[email protected]> Signed-off-by: Gerd Hoffmann <[email protected]> Message-Id: <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Signed-off-by: Bruce Rogers <[email protected]> --- audio/ossaudio.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/audio/ossaudio.c b/audio/ossaudio.c index c43faeeea4aa208c9729cc760dcd..94564916fbf03c4783a5fdf5c403 100644 --- a/audio/ossaudio.c +++ b/audio/ossaudio.c @@ -420,7 +420,7 @@ static size_t oss_write(HWVoiceOut *hw, void *buf, size_t len) size_t to_copy = MIN(len, hw->size_emul - hw->pos_emul); memcpy(hw->buf_emul + hw->pos_emul, buf, to_copy); - hw->pos_emul = (hw->pos_emul + to_copy) % hw->pos_emul; + hw->pos_emul = (hw->pos_emul + to_copy) % hw->size_emul; buf += to_copy; len -= to_copy; } ++++++ blkdebug-Allow-taking-unsharing-permissi.patch ++++++ From: Max Reitz <[email protected]> Date: Fri, 8 Nov 2019 13:34:53 +0100 Subject: blkdebug: Allow taking/unsharing permissions Git-commit: 69c6449ff10fe4e3219e960549307096d5366bd0 Sometimes it is useful to be able to add a node to the block graph that takes or unshare a certain set of permissions for debugging purposes. This patch adds this capability to blkdebug. (Note that you cannot make blkdebug release or share permissions that it needs to take or cannot share, because this might result in assertion failures in the block layer. But if the blkdebug node has no parents, it will not take any permissions and share everything by default, so you can then freely choose what permissions to take and share.) Signed-off-by: Max Reitz <[email protected]> Message-id: [email protected] Reviewed-by: Vladimir Sementsov-Ogievskiy <[email protected]> Signed-off-by: Max Reitz <[email protected]> Signed-off-by: Bruce Rogers <[email protected]> --- block/blkdebug.c | 93 +++++++++++++++++++++++++++++++++++++++++++- qapi/block-core.json | 14 ++++++- 2 files changed, 105 insertions(+), 2 deletions(-) diff --git a/block/blkdebug.c b/block/blkdebug.c index 5ae96c52b0733fc37bd5f485e124..af44aa973fd1855a48317ff7fd3f 100644 --- a/block/blkdebug.c +++ b/block/blkdebug.c @@ -28,10 +28,14 @@ #include "qemu/cutils.h" #include "qemu/config-file.h" #include "block/block_int.h" +#include "block/qdict.h" #include "qemu/module.h" #include "qemu/option.h" +#include "qapi/qapi-visit-block-core.h" #include "qapi/qmp/qdict.h" +#include "qapi/qmp/qlist.h" #include "qapi/qmp/qstring.h" +#include "qapi/qobject-input-visitor.h" #include "sysemu/qtest.h" typedef struct BDRVBlkdebugState { @@ -44,6 +48,9 @@ typedef struct BDRVBlkdebugState { uint64_t opt_discard; uint64_t max_discard; + uint64_t take_child_perms; + uint64_t unshare_child_perms; + /* For blkdebug_refresh_filename() */ char *config_file; @@ -344,6 +351,69 @@ static void blkdebug_parse_filename(const char *filename, QDict *options, qdict_put_str(options, "x-image", filename); } +static int blkdebug_parse_perm_list(uint64_t *dest, QDict *options, + const char *prefix, Error **errp) +{ + int ret = 0; + QDict *subqdict = NULL; + QObject *crumpled_subqdict = NULL; + Visitor *v = NULL; + BlockPermissionList *perm_list = NULL, *element; + Error *local_err = NULL; + + *dest = 0; + + qdict_extract_subqdict(options, &subqdict, prefix); + if (!qdict_size(subqdict)) { + goto out; + } + + crumpled_subqdict = qdict_crumple(subqdict, errp); + if (!crumpled_subqdict) { + ret = -EINVAL; + goto out; + } + + v = qobject_input_visitor_new(crumpled_subqdict); + visit_type_BlockPermissionList(v, NULL, &perm_list, &local_err); + if (local_err) { + error_propagate(errp, local_err); + ret = -EINVAL; + goto out; + } + + for (element = perm_list; element; element = element->next) { + *dest |= bdrv_qapi_perm_to_blk_perm(element->value); + } + +out: + qapi_free_BlockPermissionList(perm_list); + visit_free(v); + qobject_unref(subqdict); + qobject_unref(crumpled_subqdict); + return ret; +} + +static int blkdebug_parse_perms(BDRVBlkdebugState *s, QDict *options, + Error **errp) +{ + int ret; + + ret = blkdebug_parse_perm_list(&s->take_child_perms, options, + "take-child-perms.", errp); + if (ret < 0) { + return ret; + } + + ret = blkdebug_parse_perm_list(&s->unshare_child_perms, options, + "unshare-child-perms.", errp); + if (ret < 0) { + return ret; + } + + return 0; +} + static QemuOptsList runtime_opts = { .name = "blkdebug", .head = QTAILQ_HEAD_INITIALIZER(runtime_opts.head), @@ -419,6 +489,12 @@ static int blkdebug_open(BlockDriverState *bs, QDict *options, int flags, /* Set initial state */ s->state = 1; + /* Parse permissions modifiers before opening the image file */ + ret = blkdebug_parse_perms(s, options, errp); + if (ret < 0) { + goto out; + } + /* Open the image file */ bs->file = bdrv_open_child(qemu_opt_get(opts, "x-image"), options, "image", bs, &child_file, false, &local_err); @@ -916,6 +992,21 @@ static int blkdebug_reopen_prepare(BDRVReopenState *reopen_state, return 0; } +static void blkdebug_child_perm(BlockDriverState *bs, BdrvChild *c, + const BdrvChildRole *role, + BlockReopenQueue *reopen_queue, + uint64_t perm, uint64_t shared, + uint64_t *nperm, uint64_t *nshared) +{ + BDRVBlkdebugState *s = bs->opaque; + + bdrv_filter_default_perms(bs, c, role, reopen_queue, perm, shared, + nperm, nshared); + + *nperm |= s->take_child_perms; + *nshared &= ~s->unshare_child_perms; +} + static const char *const blkdebug_strong_runtime_opts[] = { "config", "inject-error.", @@ -940,7 +1031,7 @@ static BlockDriver bdrv_blkdebug = { .bdrv_file_open = blkdebug_open, .bdrv_close = blkdebug_close, .bdrv_reopen_prepare = blkdebug_reopen_prepare, - .bdrv_child_perm = bdrv_filter_default_perms, + .bdrv_child_perm = blkdebug_child_perm, .bdrv_getlength = blkdebug_getlength, .bdrv_refresh_filename = blkdebug_refresh_filename, diff --git a/qapi/block-core.json b/qapi/block-core.json index 0cf68fea1450e6cb739863d2367c..bcf77d496289480b86b1c9d80374 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -3450,6 +3450,16 @@ # # @set-state: array of state-change descriptions # +# @take-child-perms: Permissions to take on @image in addition to what +# is necessary anyway (which depends on how the +# blkdebug node is used). Defaults to none. +# (since 5.0) +# +# @unshare-child-perms: Permissions not to share on @image in addition +# to what cannot be shared anyway (which depends +# on how the blkdebug node is used). Defaults +# to none. (since 5.0) +# # Since: 2.9 ## { 'struct': 'BlockdevOptionsBlkdebug', @@ -3459,7 +3469,9 @@ '*opt-write-zero': 'int32', '*max-write-zero': 'int32', '*opt-discard': 'int32', '*max-discard': 'int32', '*inject-error': ['BlkdebugInjectErrorOptions'], - '*set-state': ['BlkdebugSetStateOptions'] } } + '*set-state': ['BlkdebugSetStateOptions'], + '*take-child-perms': ['BlockPermission'], + '*unshare-child-perms': ['BlockPermission'] } } ## # @BlockdevOptionsBlklogwrites: ++++++ block-Add-bdrv_qapi_perm_to_blk_perm.patch ++++++ From: Max Reitz <[email protected]> Date: Fri, 8 Nov 2019 13:34:51 +0100 Subject: block: Add bdrv_qapi_perm_to_blk_perm() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Git-commit: 7b1d9c4df0603fbc526226a9c5ef91118aa6c957 We need some way to correlate QAPI BlockPermission values with BLK_PERM_* flags. We could: (1) have the same order in the QAPI definition as the the BLK_PERM_* flags are in LSb-first order. However, then there is no guarantee that they actually match (e.g. when someone modifies the QAPI schema without thinking of the BLK_PERM_* definitions). We could add static assertions, but these would break what’s good about this solution, namely its simplicity. (2) define the BLK_PERM_* flags based on the BlockPermission values. But this way whenever someone were to modify the QAPI order (perfectly sensible in theory), the BLK_PERM_* values would change. Because these values are used for file locking, this might break file locking between different qemu versions. Therefore, go the slightly more cumbersome way: Add a function to translate from the QAPI constants to the BLK_PERM_* flags. Signed-off-by: Max Reitz <[email protected]> Message-id: [email protected] Reviewed-by: Vladimir Sementsov-Ogievskiy <[email protected]> Signed-off-by: Max Reitz <[email protected]> Signed-off-by: Bruce Rogers <[email protected]> --- block.c | 18 ++++++++++++++++++ include/block/block.h | 1 + 2 files changed, 19 insertions(+) diff --git a/block.c b/block.c index 2e5e8b639a88d430e52ef40973c7..2cc16f99b352623272491c1cf254 100644 --- a/block.c +++ b/block.c @@ -2227,6 +2227,24 @@ void bdrv_format_default_perms(BlockDriverState *bs, BdrvChild *c, *nshared = shared; } +uint64_t bdrv_qapi_perm_to_blk_perm(BlockPermission qapi_perm) +{ + static const uint64_t permissions[] = { + [BLOCK_PERMISSION_CONSISTENT_READ] = BLK_PERM_CONSISTENT_READ, + [BLOCK_PERMISSION_WRITE] = BLK_PERM_WRITE, + [BLOCK_PERMISSION_WRITE_UNCHANGED] = BLK_PERM_WRITE_UNCHANGED, + [BLOCK_PERMISSION_RESIZE] = BLK_PERM_RESIZE, + [BLOCK_PERMISSION_GRAPH_MOD] = BLK_PERM_GRAPH_MOD, + }; + + QEMU_BUILD_BUG_ON(ARRAY_SIZE(permissions) != BLOCK_PERMISSION__MAX); + QEMU_BUILD_BUG_ON(1UL << ARRAY_SIZE(permissions) != BLK_PERM_ALL + 1); + + assert(qapi_perm < BLOCK_PERMISSION__MAX); + + return permissions[qapi_perm]; +} + static void bdrv_replace_child_noperm(BdrvChild *child, BlockDriverState *new_bs) { diff --git a/include/block/block.h b/include/block/block.h index 1df9848e7436eec47e6251118a2f..e9dcfef7fa463e7655b4ec4a0d7c 100644 --- a/include/block/block.h +++ b/include/block/block.h @@ -280,6 +280,7 @@ enum { }; char *bdrv_perm_names(uint64_t perm); +uint64_t bdrv_qapi_perm_to_blk_perm(BlockPermission qapi_perm); /* disk I/O throttling */ void bdrv_init(void); ++++++ block-Fix-VM-size-field-width-in-snapsho.patch ++++++ From: Max Reitz <[email protected]> Date: Fri, 17 Jan 2020 11:58:58 +0100 Subject: block: Fix VM size field width in snapshot dump Git-commit: 804359b8b90f76d9d8fbe8d85a6544b68f107f10 When printing the snapshot list (e.g. with qemu-img snapshot -l), the VM size field is only seven characters wide. As of de38b5005e9, this is not necessarily sufficient: We generally print three digits, and this may require a decimal point. Also, the unit field grew from something as plain as "M" to " MiB". This means that number and unit may take up eight characters in total; but we also want spaces in front. Considering previously the maximum width was four characters and the field width was chosen to be three characters wider, let us adjust the field width to be eleven now. Fixes: de38b5005e946aa3714963ea4c501e279e7d3666 Buglink: https://bugs.launchpad.net/qemu/+bug/1859989 Signed-off-by: Max Reitz <[email protected]> Message-Id: <[email protected]> Reviewed-by: Eric Blake <[email protected]> Signed-off-by: Max Reitz <[email protected]> Signed-off-by: Bruce Rogers <[email protected]> --- block/qapi.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/block/qapi.c b/block/qapi.c index 9a5d0c9b27d85d77f3c6d49dcd0e..ffa539250dc8f0d01374517e8e5b 100644 --- a/block/qapi.c +++ b/block/qapi.c @@ -657,7 +657,7 @@ void bdrv_snapshot_dump(QEMUSnapshotInfo *sn) char *sizing = NULL; if (!sn) { - qemu_printf("%-10s%-20s%7s%20s%15s", + qemu_printf("%-10s%-20s%11s%20s%15s", "ID", "TAG", "VM SIZE", "DATE", "VM CLOCK"); } else { ti = sn->date_sec; @@ -672,7 +672,7 @@ void bdrv_snapshot_dump(QEMUSnapshotInfo *sn) (int)(secs % 60), (int)((sn->vm_clock_nsec / 1000000) % 1000)); sizing = size_to_str(sn->vm_state_size); - qemu_printf("%-10s%-20s%7s%20s%15s", + qemu_printf("%-10s%-20s%11s%20s%15s", sn->id_str, sn->name, sizing, date_buf, ++++++ block-backup-top-fix-failure-path.patch ++++++ From: Vladimir Sementsov-Ogievskiy <[email protected]> Date: Tue, 21 Jan 2020 17:28:01 +0300 Subject: block/backup-top: fix failure path Git-commit 0df62f45c1de6c020f1e6fba4eeafd248209b003 We can't access top after call bdrv_backup_top_drop, as it is already freed at this time. Also, no needs to unref target child by hand, it will be unrefed on bdrv_close() automatically. So, just do bdrv_backup_top_drop if append succeed and one bdrv_unref otherwise. Note, that in !appended case bdrv_unref(top) moved into drained section on source. It doesn't really matter, but just for code simplicity. Fixes: 7df7868b96404 Cc: [email protected] # v4.2.0 Signed-off-by: Vladimir Sementsov-Ogievskiy <[email protected]> Reviewed-by: Max Reitz <[email protected]> Message-id: [email protected] Signed-off-by: Max Reitz <[email protected]> Signed-off-by: Bruce Rogers <[email protected]> --- block/backup-top.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/block/backup-top.c b/block/backup-top.c index 64e9e4f576ab27889fb4c0d8aa0a..d214139a4d2f2694df7610394003 100644 --- a/block/backup-top.c +++ b/block/backup-top.c @@ -190,6 +190,7 @@ BlockDriverState *bdrv_backup_top_append(BlockDriverState *source, BlockDriverState *top = bdrv_new_open_driver(&bdrv_backup_top_filter, filter_node_name, BDRV_O_RDWR, errp); + bool appended = false; if (!top) { return NULL; @@ -212,8 +213,9 @@ BlockDriverState *bdrv_backup_top_append(BlockDriverState *source, bdrv_append(top, source, &local_err); if (local_err) { error_prepend(&local_err, "Cannot append backup-top filter: "); - goto append_failed; + goto fail; } + appended = true; /* * bdrv_append() finished successfully, now we can require permissions @@ -224,14 +226,14 @@ BlockDriverState *bdrv_backup_top_append(BlockDriverState *source, if (local_err) { error_prepend(&local_err, "Cannot set permissions for backup-top filter: "); - goto failed_after_append; + goto fail; } state->bcs = block_copy_state_new(top->backing, state->target, cluster_size, write_flags, &local_err); if (local_err) { error_prepend(&local_err, "Cannot create block-copy-state: "); - goto failed_after_append; + goto fail; } *bcs = state->bcs; @@ -239,14 +241,15 @@ BlockDriverState *bdrv_backup_top_append(BlockDriverState *source, return top; -failed_after_append: - state->active = false; - bdrv_backup_top_drop(top); +fail: + if (appended) { + state->active = false; + bdrv_backup_top_drop(top); + } else { + bdrv_unref(top); + } -append_failed: bdrv_drained_end(source); - bdrv_unref_child(top, state->target); - bdrv_unref(top); error_propagate(errp, local_err); return NULL; ++++++ block-block-copy-fix-progress-calculatio.patch ++++++ From: Vladimir Sementsov-Ogievskiy <[email protected]> Date: Wed, 11 Mar 2020 13:29:57 +0300 Subject: block/block-copy: fix progress calculation Git-commit: d0ebeca14a585f352938062ef8ddde47fe4d39f9 Assume we have two regions, A and B, and region B is in-flight now, region A is not yet touched, but it is unallocated and should be skipped. Correspondingly, as progress we have total = A + B current = 0 If we reset unallocated region A and call progress_reset_callback, it will calculate 0 bytes dirty in the bitmap and call job_progress_set_remaining, which will set total = current + 0 = 0 + 0 = 0 So, B bytes are actually removed from total accounting. When job finishes we'll have total = 0 current = B , which doesn't sound good. This is because we didn't considered in-flight bytes, actually when calculating remaining, we should have set (in_flight + dirty_bytes) as remaining, not only dirty_bytes. To fix it, let's refactor progress calculation, moving it to block-copy itself instead of fixing callback. And, of course, track in_flight bytes count. We still have to keep one callback, to maintain backup job bytes_read calculation, but it will go on soon, when we turn the whole backup process into one block_copy call. Cc: [email protected] Signed-off-by: Vladimir Sementsov-Ogievskiy <[email protected]> Reviewed-by: Andrey Shinkevich <[email protected]> Message-Id: <[email protected]> Signed-off-by: Max Reitz <[email protected]> Signed-off-by: Bruce Rogers <[email protected]> --- block/backup.c | 13 ++----------- block/block-copy.c | 16 ++++++++++++---- include/block/block-copy.h | 15 +++++---------- 3 files changed, 19 insertions(+), 25 deletions(-) diff --git a/block/backup.c b/block/backup.c index cf62b1a38ceacaa6785f0ec0d197..5f3bd2415a125e845441deafe3b5 100644 --- a/block/backup.c +++ b/block/backup.c @@ -57,15 +57,6 @@ static void backup_progress_bytes_callback(int64_t bytes, void *opaque) BackupBlockJob *s = opaque; s->bytes_read += bytes; - job_progress_update(&s->common.job, bytes); -} - -static void backup_progress_reset_callback(void *opaque) -{ - BackupBlockJob *s = opaque; - uint64_t estimate = bdrv_get_dirty_count(s->bcs->copy_bitmap); - - job_progress_set_remaining(&s->common.job, estimate); } static int coroutine_fn backup_do_cow(BackupBlockJob *job, @@ -461,8 +452,8 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs, job->cluster_size = cluster_size; job->len = len; - block_copy_set_callbacks(bcs, backup_progress_bytes_callback, - backup_progress_reset_callback, job); + block_copy_set_progress_callback(bcs, backup_progress_bytes_callback, job); + block_copy_set_progress_meter(bcs, &job->common.job.progress); /* Required permissions are already taken by backup-top target */ block_job_add_bdrv(&job->common, "target", target, 0, BLK_PERM_ALL, diff --git a/block/block-copy.c b/block/block-copy.c index 79798a1567b10d8b59b6bb045ca4..e2d7b3b887198b40a12a42073ac9 100644 --- a/block/block-copy.c +++ b/block/block-copy.c @@ -127,17 +127,20 @@ BlockCopyState *block_copy_state_new(BdrvChild *source, BdrvChild *target, return s; } -void block_copy_set_callbacks( +void block_copy_set_progress_callback( BlockCopyState *s, ProgressBytesCallbackFunc progress_bytes_callback, - ProgressResetCallbackFunc progress_reset_callback, void *progress_opaque) { s->progress_bytes_callback = progress_bytes_callback; - s->progress_reset_callback = progress_reset_callback; s->progress_opaque = progress_opaque; } +void block_copy_set_progress_meter(BlockCopyState *s, ProgressMeter *pm) +{ + s->progress = pm; +} + /* * block_copy_do_copy * @@ -269,7 +272,9 @@ int64_t block_copy_reset_unallocated(BlockCopyState *s, if (!ret) { bdrv_reset_dirty_bitmap(s->copy_bitmap, offset, bytes); - s->progress_reset_callback(s->progress_opaque); + progress_set_remaining(s->progress, + bdrv_get_dirty_count(s->copy_bitmap) + + s->in_flight_bytes); } *count = bytes; @@ -331,15 +336,18 @@ int coroutine_fn block_copy(BlockCopyState *s, trace_block_copy_process(s, start); bdrv_reset_dirty_bitmap(s->copy_bitmap, start, chunk_end - start); + s->in_flight_bytes += chunk_end - start; co_get_from_shres(s->mem, chunk_end - start); ret = block_copy_do_copy(s, start, chunk_end, error_is_read); co_put_to_shres(s->mem, chunk_end - start); + s->in_flight_bytes -= chunk_end - start; if (ret < 0) { bdrv_set_dirty_bitmap(s->copy_bitmap, start, chunk_end - start); break; } + progress_work_done(s->progress, chunk_end - start); s->progress_bytes_callback(chunk_end - start, s->progress_opaque); start = chunk_end; ret = 0; diff --git a/include/block/block-copy.h b/include/block/block-copy.h index 0a161724d77bddbb2e8bcfd0e913..9def00068c5ad12044cae0331853 100644 --- a/include/block/block-copy.h +++ b/include/block/block-copy.h @@ -26,7 +26,6 @@ typedef struct BlockCopyInFlightReq { } BlockCopyInFlightReq; typedef void (*ProgressBytesCallbackFunc)(int64_t bytes, void *opaque); -typedef void (*ProgressResetCallbackFunc)(void *opaque); typedef struct BlockCopyState { /* * BdrvChild objects are not owned or managed by block-copy. They are @@ -36,6 +35,7 @@ typedef struct BlockCopyState { BdrvChild *source; BdrvChild *target; BdrvDirtyBitmap *copy_bitmap; + int64_t in_flight_bytes; int64_t cluster_size; bool use_copy_range; int64_t copy_size; @@ -60,15 +60,9 @@ typedef struct BlockCopyState { */ bool skip_unallocated; + ProgressMeter *progress; /* progress_bytes_callback: called when some copying progress is done. */ ProgressBytesCallbackFunc progress_bytes_callback; - - /* - * progress_reset_callback: called when some bytes reset from copy_bitmap - * (see @skip_unallocated above). The callee is assumed to recalculate how - * many bytes remain based on the dirty bit count of copy_bitmap. - */ - ProgressResetCallbackFunc progress_reset_callback; void *progress_opaque; SharedResource *mem; @@ -79,12 +73,13 @@ BlockCopyState *block_copy_state_new(BdrvChild *source, BdrvChild *target, BdrvRequestFlags write_flags, Error **errp); -void block_copy_set_callbacks( +void block_copy_set_progress_callback( BlockCopyState *s, ProgressBytesCallbackFunc progress_bytes_callback, - ProgressResetCallbackFunc progress_reset_callback, void *progress_opaque); +void block_copy_set_progress_meter(BlockCopyState *s, ProgressMeter *pm); + void block_copy_state_free(BlockCopyState *s); int64_t block_copy_reset_unallocated(BlockCopyState *s, ++++++ block-fix-crash-on-zero-length-unaligned.patch ++++++ From: Vladimir Sementsov-Ogievskiy <[email protected]> Date: Thu, 6 Feb 2020 19:42:45 +0300 Subject: block: fix crash on zero-length unaligned write and read Git-commit: ac9d00bf7b47acae6b0e42910d9ed55fef3af5b8 Commit 7a3f542fbd "block/io: refactor padding" occasionally dropped aligning for zero-length request: bdrv_init_padding() blindly return false if bytes == 0, like there is nothing to align. This leads the following command to crash: ./qemu-io --image-opts -c 'write 1 0' \ driver=blkdebug,align=512,image.driver=null-co,image.size=512 >> qemu-io: block/io.c:1955: bdrv_aligned_pwritev: Assertion `(offset & (align - 1)) == 0' failed. >> Aborted (core dumped) Prior to 7a3f542fbd we does aligning of such zero requests. Instead of recovering this behavior let's just do nothing on such requests as it is useless. Note that driver may have special meaning of zero-length reqeusts, like qcow2_co_pwritev_compressed_part, so we can't skip any zero-length operation. But for unaligned ones, we can't pass it to driver anyway. This commit also fixes crash in iotest 80 running with -nocache: ./check -nocache -qcow2 80 which crashes on same assertion due to trying to read empty extra data in qcow2_do_read_snapshots(). Cc: [email protected] # v4.2 Fixes: 7a3f542fbd Signed-off-by: Vladimir Sementsov-Ogievskiy <[email protected]> Reviewed-by: Max Reitz <[email protected]> Message-id: [email protected] Signed-off-by: Stefan Hajnoczi <[email protected]> Signed-off-by: Bruce Rogers <[email protected]> --- block/io.c | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/block/io.c b/block/io.c index f75777f5ea744aac5c9b5872f203..d1f1ee9138c7af82352e9277f22b 100644 --- a/block/io.c +++ b/block/io.c @@ -1567,10 +1567,12 @@ static bool bdrv_init_padding(BlockDriverState *bs, pad->tail = align - pad->tail; } - if ((!pad->head && !pad->tail) || !bytes) { + if (!pad->head && !pad->tail) { return false; } + assert(bytes); /* Nothing good in aligning zero-length requests */ + sum = pad->head + bytes + pad->tail; pad->buf_len = (sum > align && pad->head && pad->tail) ? 2 * align : align; pad->buf = qemu_blockalign(bs, pad->buf_len); @@ -1708,6 +1710,18 @@ int coroutine_fn bdrv_co_preadv_part(BdrvChild *child, return ret; } + if (bytes == 0 && !QEMU_IS_ALIGNED(offset, bs->bl.request_alignment)) { + /* + * Aligning zero request is nonsense. Even if driver has special meaning + * of zero-length (like qcow2_co_pwritev_compressed_part), we can't pass + * it to driver due to request_alignment. + * + * Still, no reason to return an error if someone do unaligned + * zero-length read occasionally. + */ + return 0; + } + bdrv_inc_in_flight(bs); /* Don't do copy-on-read if we read data before write operation */ @@ -2115,6 +2129,18 @@ int coroutine_fn bdrv_co_pwritev_part(BdrvChild *child, return -ENOTSUP; } + if (bytes == 0 && !QEMU_IS_ALIGNED(offset, bs->bl.request_alignment)) { + /* + * Aligning zero request is nonsense. Even if driver has special meaning + * of zero-length (like qcow2_co_pwritev_compressed_part), we can't pass + * it to driver due to request_alignment. + * + * Still, no reason to return an error if someone do unaligned + * zero-length write occasionally. + */ + return 0; + } + bdrv_inc_in_flight(bs); /* * Align write if necessary by performing a read-modify-write cycle. ++++++ block-fix-memleaks-in-bdrv_refresh_filen.patch ++++++ From: Pan Nengyuan <[email protected]> Date: Thu, 16 Jan 2020 16:56:00 +0800 Subject: block: fix memleaks in bdrv_refresh_filename Git-commit: cb8956144ccaccf23d5cc4167677e2c84fa5a9f8 If we call the qmp 'query-block' while qemu is working on 'block-commit', it will cause memleaks, the memory leak stack is as follow: Indirect leak of 12360 byte(s) in 3 object(s) allocated from: #0 0x7f80f0b6d970 in __interceptor_calloc (/lib64/libasan.so.5+0xef970) #1 0x7f80ee86049d in g_malloc0 (/lib64/libglib-2.0.so.0+0x5249d) #2 0x55ea95b5bb67 in qdict_new /mnt/sdb/qemu-4.2.0-rc0/qobject/qdict.c:29 #3 0x55ea956cd043 in bdrv_refresh_filename /mnt/sdb/qemu-4.2.0-rc0/block.c:6427 #4 0x55ea956cc950 in bdrv_refresh_filename /mnt/sdb/qemu-4.2.0-rc0/block.c:6399 #5 0x55ea956cc950 in bdrv_refresh_filename /mnt/sdb/qemu-4.2.0-rc0/block.c:6399 #6 0x55ea956cc950 in bdrv_refresh_filename /mnt/sdb/qemu-4.2.0-rc0/block.c:6399 #7 0x55ea958818ea in bdrv_block_device_info /mnt/sdb/qemu-4.2.0-rc0/block/qapi.c:56 #8 0x55ea958879de in bdrv_query_info /mnt/sdb/qemu-4.2.0-rc0/block/qapi.c:392 #9 0x55ea9588b58f in qmp_query_block /mnt/sdb/qemu-4.2.0-rc0/block/qapi.c:578 #10 0x55ea95567392 in qmp_marshal_query_block qapi/qapi-commands-block-core.c:95 Indirect leak of 4120 byte(s) in 1 object(s) allocated from: #0 0x7f80f0b6d970 in __interceptor_calloc (/lib64/libasan.so.5+0xef970) #1 0x7f80ee86049d in g_malloc0 (/lib64/libglib-2.0.so.0+0x5249d) #2 0x55ea95b5bb67 in qdict_new /mnt/sdb/qemu-4.2.0-rc0/qobject/qdict.c:29 #3 0x55ea956cd043 in bdrv_refresh_filename /mnt/sdb/qemu-4.2.0-rc0/block.c:6427 #4 0x55ea956cc950 in bdrv_refresh_filename /mnt/sdb/qemu-4.2.0-rc0/block.c:6399 #5 0x55ea956cc950 in bdrv_refresh_filename /mnt/sdb/qemu-4.2.0-rc0/block.c:6399 #6 0x55ea9569f301 in bdrv_backing_attach /mnt/sdb/qemu-4.2.0-rc0/block.c:1064 #7 0x55ea956a99dd in bdrv_replace_child_noperm /mnt/sdb/qemu-4.2.0-rc0/block.c:2283 #8 0x55ea956b9b53 in bdrv_replace_node /mnt/sdb/qemu-4.2.0-rc0/block.c:4196 #9 0x55ea956b9e49 in bdrv_append /mnt/sdb/qemu-4.2.0-rc0/block.c:4236 #10 0x55ea958c3472 in commit_start /mnt/sdb/qemu-4.2.0-rc0/block/commit.c:306 #11 0x55ea94b68ab0 in qmp_block_commit /mnt/sdb/qemu-4.2.0-rc0/blockdev.c:3459 #12 0x55ea9556a7a7 in qmp_marshal_block_commit qapi/qapi-commands-block-core.c:407 Fixes: bb808d5f5c0978828a974d547e6032402c339555 Reported-by: Euler Robot <[email protected]> Signed-off-by: Pan Nengyuan <[email protected]> Message-id: [email protected] Signed-off-by: Max Reitz <[email protected]> Signed-off-by: Bruce Rogers <[email protected]> --- block.c | 1 + 1 file changed, 1 insertion(+) diff --git a/block.c b/block.c index 2cc16f99b352623272491c1cf254..8539f99ac47cdbf0e9b823751074 100644 --- a/block.c +++ b/block.c @@ -6426,6 +6426,7 @@ void bdrv_refresh_filename(BlockDriverState *bs) child->bs->exact_filename); pstrcpy(bs->filename, sizeof(bs->filename), child->bs->filename); + qobject_unref(bs->full_open_options); bs->full_open_options = qobject_ref(child->bs->full_open_options); return; ++++++ block-nbd-extract-the-common-cleanup-cod.patch ++++++ From: Pan Nengyuan <[email protected]> Date: Thu, 5 Dec 2019 11:45:27 +0800 Subject: block/nbd: extract the common cleanup code Git-commit: 7f493662be4045146a8f45119d8834c9088a0ad6 The BDRVNBDState cleanup code is common in two places, add nbd_clear_bdrvstate() function to do these cleanups. Suggested-by: Stefano Garzarella <[email protected]> Signed-off-by: Pan Nengyuan <[email protected]> Reviewed-by: Vladimir Sementsov-Ogievskiy <[email protected]> Message-Id: <[email protected]> Reviewed-by: Eric Blake <[email protected]> [eblake: fix compilation error and commit message] Signed-off-by: Eric Blake <[email protected]> Signed-off-by: Bruce Rogers <[email protected]> --- block/nbd.c | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/block/nbd.c b/block/nbd.c index 5f18f78a9471b25c859bf8d4a743..6bb67152864954bb0e7b6f0145de 100644 --- a/block/nbd.c +++ b/block/nbd.c @@ -94,6 +94,19 @@ typedef struct BDRVNBDState { static int nbd_client_connect(BlockDriverState *bs, Error **errp); +static void nbd_clear_bdrvstate(BDRVNBDState *s) +{ + object_unref(OBJECT(s->tlscreds)); + qapi_free_SocketAddress(s->saddr); + s->saddr = NULL; + g_free(s->export); + s->export = NULL; + g_free(s->tlscredsid); + s->tlscredsid = NULL; + g_free(s->x_dirty_bitmap); + s->x_dirty_bitmap = NULL; +} + static void nbd_channel_error(BDRVNBDState *s, int ret) { if (ret == -EIO) { @@ -1864,11 +1877,7 @@ static int nbd_process_options(BlockDriverState *bs, QDict *options, error: if (ret < 0) { - object_unref(OBJECT(s->tlscreds)); - qapi_free_SocketAddress(s->saddr); - g_free(s->export); - g_free(s->tlscredsid); - g_free(s->x_dirty_bitmap); + nbd_clear_bdrvstate(s); } qemu_opts_del(opts); return ret; @@ -1947,12 +1956,7 @@ static void nbd_close(BlockDriverState *bs) BDRVNBDState *s = bs->opaque; nbd_client_close(bs); - - object_unref(OBJECT(s->tlscreds)); - qapi_free_SocketAddress(s->saddr); - g_free(s->export); - g_free(s->tlscredsid); - g_free(s->x_dirty_bitmap); + nbd_clear_bdrvstate(s); } static int64_t nbd_getlength(BlockDriverState *bs) ++++++ block-nbd-fix-memory-leak-in-nbd_open.patch ++++++ From: Pan Nengyuan <[email protected]> Date: Thu, 5 Dec 2019 11:45:28 +0800 Subject: block/nbd: fix memory leak in nbd_open() Git-commit: 8198cf5ef0ef98118b4176970d1cd998d93ec849 In currently implementation there will be a memory leak when nbd_client_connect() returns error status. Here is an easy way to reproduce: 1. run qemu-iotests as follow and check the result with asan: ./check -raw 143 Following is the asan output backtrack: Direct leak of 40 byte(s) in 1 object(s) allocated from: #0 0x7f629688a560 in calloc (/usr/lib64/libasan.so.3+0xc7560) #1 0x7f6295e7e015 in g_malloc0 (/usr/lib64/libglib-2.0.so.0+0x50015) #2 0x56281dab4642 in qobject_input_start_struct /mnt/sdb/qemu-4.2.0-rc0/qapi/qobject-input-visitor.c:295 #3 0x56281dab1a04 in visit_start_struct /mnt/sdb/qemu-4.2.0-rc0/qapi/qapi-visit-core.c:49 #4 0x56281dad1827 in visit_type_SocketAddress qapi/qapi-visit-sockets.c:386 #5 0x56281da8062f in nbd_config /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1716 #6 0x56281da8062f in nbd_process_options /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1829 #7 0x56281da8062f in nbd_open /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1873 Direct leak of 15 byte(s) in 1 object(s) allocated from: #0 0x7f629688a3a0 in malloc (/usr/lib64/libasan.so.3+0xc73a0) #1 0x7f6295e7dfbd in g_malloc (/usr/lib64/libglib-2.0.so.0+0x4ffbd) #2 0x7f6295e96ace in g_strdup (/usr/lib64/libglib-2.0.so.0+0x68ace) #3 0x56281da804ac in nbd_process_options /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1834 #4 0x56281da804ac in nbd_open /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1873 Indirect leak of 24 byte(s) in 1 object(s) allocated from: #0 0x7f629688a3a0 in malloc (/usr/lib64/libasan.so.3+0xc73a0) #1 0x7f6295e7dfbd in g_malloc (/usr/lib64/libglib-2.0.so.0+0x4ffbd) #2 0x7f6295e96ace in g_strdup (/usr/lib64/libglib-2.0.so.0+0x68ace) #3 0x56281dab41a3 in qobject_input_type_str_keyval /mnt/sdb/qemu-4.2.0-rc0/qapi/qobject-input-visitor.c:536 #4 0x56281dab2ee9 in visit_type_str /mnt/sdb/qemu-4.2.0-rc0/qapi/qapi-visit-core.c:297 #5 0x56281dad0fa1 in visit_type_UnixSocketAddress_members qapi/qapi-visit-sockets.c:141 #6 0x56281dad17b6 in visit_type_SocketAddress_members qapi/qapi-visit-sockets.c:366 #7 0x56281dad186a in visit_type_SocketAddress qapi/qapi-visit-sockets.c:393 #8 0x56281da8062f in nbd_config /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1716 #9 0x56281da8062f in nbd_process_options /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1829 #10 0x56281da8062f in nbd_open /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1873 Fixes: 8f071c9db506e03ab Reported-by: Euler Robot <[email protected]> Signed-off-by: Pan Nengyuan <[email protected]> Reviewed-by: Vladimir Sementsov-Ogievskiy <[email protected]> Cc: qemu-stable <[email protected]> Cc: Vladimir Sementsov-Ogievskiy <[email protected]> Message-Id: <[email protected]> Reviewed-by: Stefano Garzarella <[email protected]> Signed-off-by: Eric Blake <[email protected]> Signed-off-by: Bruce Rogers <[email protected]> --- block/nbd.c | 1 + 1 file changed, 1 insertion(+) diff --git a/block/nbd.c b/block/nbd.c index 6bb67152864954bb0e7b6f0145de..3d369fc8eb79df642bfd22cd8e88 100644 --- a/block/nbd.c +++ b/block/nbd.c @@ -1900,6 +1900,7 @@ static int nbd_open(BlockDriverState *bs, QDict *options, int flags, ret = nbd_client_connect(bs, errp); if (ret < 0) { + nbd_clear_bdrvstate(s); return ret; } /* successfully connected */ ++++++ block-qcow2-threads-fix-qcow2_decompress.patch ++++++ From: Vladimir Sementsov-Ogievskiy <[email protected]> Date: Mon, 2 Mar 2020 18:09:30 +0300 Subject: block/qcow2-threads: fix qcow2_decompress MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Git-commit: e7266570f2cf7b3ca2a156c677ee0a59d563458b On success path we return what inflate() returns instead of 0. And it most probably works for Z_STREAM_END as it is positive, but is definitely broken for Z_BUF_ERROR. While being here, switch to errno return code, to be closer to qcow2_compress API (and usual expectations). Revert condition in if to be more positive. Drop dead initialization of ret. Cc: [email protected] # v4.0 Fixes: 341926ab83e2b Signed-off-by: Vladimir Sementsov-Ogievskiy <[email protected]> Message-Id: <[email protected]> Reviewed-by: Alberto Garcia <[email protected]> Reviewed-by: Ján Tomko <[email protected]> Signed-off-by: Max Reitz <[email protected]> Signed-off-by: Bruce Rogers <[email protected]> --- block/qcow2-threads.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/block/qcow2-threads.c b/block/qcow2-threads.c index 8f5a0d1ebe7182151ba99d9aeeff..0d193d16147cf2fc6a8dac23d885 100644 --- a/block/qcow2-threads.c +++ b/block/qcow2-threads.c @@ -128,12 +128,12 @@ static ssize_t qcow2_compress(void *dest, size_t dest_size, * @src - source buffer, @src_size bytes * * Returns: 0 on success - * -1 on fail + * -EIO on fail */ static ssize_t qcow2_decompress(void *dest, size_t dest_size, const void *src, size_t src_size) { - int ret = 0; + int ret; z_stream strm; memset(&strm, 0, sizeof(strm)); @@ -144,17 +144,19 @@ static ssize_t qcow2_decompress(void *dest, size_t dest_size, ret = inflateInit2(&strm, -12); if (ret != Z_OK) { - return -1; + return -EIO; } ret = inflate(&strm, Z_FINISH); - if ((ret != Z_STREAM_END && ret != Z_BUF_ERROR) || strm.avail_out != 0) { + if ((ret == Z_STREAM_END || ret == Z_BUF_ERROR) && strm.avail_out == 0) { /* * We approve Z_BUF_ERROR because we need @dest buffer to be filled, but * @src buffer may be processed partly (because in qcow2 we know size of * compressed data with precision of one sector) */ - ret = -1; + ret = 0; + } else { + ret = -EIO; } inflateEnd(&strm); ++++++ bundles.tar.xz ++++++ Binary files old/b0ca999a43a22b38158a222233d3f5881648bb4f.bundle and new/b0ca999a43a22b38158a222233d3f5881648bb4f.bundle differ ++++++ hmat-acpi-Build-Memory-Proximity-Domain-.patch ++++++ --- /var/tmp/diff_new_pack.n4vv6G/_old 2020-03-17 04:15:20.460966126 +0100 +++ /var/tmp/diff_new_pack.n4vv6G/_new 2020-03-17 04:15:20.476966135 +0100 @@ -2,7 +2,7 @@ Date: Fri, 13 Dec 2019 09:19:25 +0800 Subject: hmat acpi: Build Memory Proximity Domain Attributes Structure(s) -Git commit: e6f123c3b81241be33f1b763d0ff8b36d1ae9c1e +Git-commit: e6f123c3b81241be33f1b763d0ff8b36d1ae9c1e References: jsc#SLE-8897 HMAT is defined in ACPI 6.3: 5.2.27 Heterogeneous Memory Attribute Table ++++++ hmat-acpi-Build-Memory-Side-Cache-Inform.patch ++++++ --- /var/tmp/diff_new_pack.n4vv6G/_old 2020-03-17 04:15:20.572966191 +0100 +++ /var/tmp/diff_new_pack.n4vv6G/_new 2020-03-17 04:15:20.584966198 +0100 @@ -2,7 +2,7 @@ Date: Fri, 13 Dec 2019 09:19:27 +0800 Subject: hmat acpi: Build Memory Side Cache Information Structure(s) -Git commit: a9c2b841af002db6e21e1297c9026b63fc22c875 +Git-commit: a9c2b841af002db6e21e1297c9026b63fc22c875 References: jsc#SLE-8897 This structure describes memory side cache information for memory ++++++ hmat-acpi-Build-System-Locality-Latency-.patch ++++++ --- /var/tmp/diff_new_pack.n4vv6G/_old 2020-03-17 04:15:20.624966221 +0100 +++ /var/tmp/diff_new_pack.n4vv6G/_new 2020-03-17 04:15:20.624966221 +0100 @@ -3,7 +3,7 @@ Subject: hmat acpi: Build System Locality Latency and Bandwidth Information Structure(s) -Git commit: 4586a2cb833f80b19c80ebe364a005ac2fa0974a +Git-commit: 4586a2cb833f80b19c80ebe364a005ac2fa0974a References: jsc#SLE-8897 This structure describes the memory access latency and bandwidth ++++++ hw-arm-cubieboard-use-ARM-Cortex-A8-as-t.patch ++++++ From: Niek Linnenbank <[email protected]> Date: Thu, 5 Mar 2020 16:09:19 +0000 Subject: hw/arm/cubieboard: use ARM Cortex-A8 as the default CPU in machine definition MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Git-commit: 2104df2a1fbf44b2564427aa72fd58d66ce290a7 The Cubieboard is a singleboard computer with an Allwinner A10 System-on-Chip [1]. As documented in the Allwinner A10 User Manual V1.5 [2], the SoC has an ARM Cortex-A8 processor. Currently the Cubieboard machine definition specifies the ARM Cortex-A9 in its description and as the default CPU. This patch corrects the Cubieboard machine definition to use the ARM Cortex-A8. The only user-visible effect is that our textual description of the machine was wrong, because hw/arm/allwinner-a10.c always creates a Cortex-A8 CPU regardless of the default value in the MachineClass struct. [1] http://docs.cubieboard.org/products/start#cubieboard1 [2] https://linux-sunxi.org/File:Allwinner_A10_User_manual_V1.5.pdf Fixes: 8a863c8120994981a099 Signed-off-by: Niek Linnenbank <[email protected]> Message-id: [email protected] Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Reviewed-by: Peter Maydell <[email protected]> [note in commit message that the bug didn't have much visible effect] Signed-off-by: Peter Maydell <[email protected]> Signed-off-by: Bruce Rogers <[email protected]> --- hw/arm/cubieboard.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/arm/cubieboard.c b/hw/arm/cubieboard.c index 6dc2f1d6b6f6c87e5241c6bb7718..d8e8919e796d43c9a8a2ca6aa836 100644 --- a/hw/arm/cubieboard.c +++ b/hw/arm/cubieboard.c @@ -78,8 +78,8 @@ static void cubieboard_init(MachineState *machine) static void cubieboard_machine_init(MachineClass *mc) { - mc->desc = "cubietech cubieboard (Cortex-A9)"; - mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-a9"); + mc->desc = "cubietech cubieboard (Cortex-A8)"; + mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-a8"); mc->init = cubieboard_init; mc->block_default_type = IF_IDE; mc->units_per_default_bus = 1; ++++++ hw-intc-arm_gicv3_kvm-Stop-wrongly-progr.patch ++++++ From: Zenghui Yu <[email protected]> Date: Thu, 30 Jan 2020 16:02:05 +0000 Subject: hw/intc/arm_gicv3_kvm: Stop wrongly programming GICR_PENDBASER.PTZ bit Git-commit: 618bacabd3c8c3360be795cd8763bacdf5bec101 If LPIs are disabled, KVM will just ignore the GICR_PENDBASER.PTZ bit when restoring GICR_CTLR. Setting PTZ here makes littlt sense in "reduce GIC initialization time". And what's worse, PTZ is generally programmed by guest to indicate to the Redistributor whether the LPI Pending table is zero when enabling LPIs. If migration is triggered when the PTZ has just been cleared by guest (and before enabling LPIs), we will see PTZ==1 on the destination side, which is not as expected. Let's just drop this hackish userspace behavior. Also take this chance to refine the comment a bit. Fixes: 367b9f527bec ("hw/intc/arm_gicv3_kvm: Implement get/put functions") Signed-off-by: Zenghui Yu <[email protected]> Message-id: [email protected] Reviewed-by: Peter Maydell <[email protected]> Signed-off-by: Peter Maydell <[email protected]> Signed-off-by: Bruce Rogers <[email protected]> --- hw/intc/arm_gicv3_kvm.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/hw/intc/arm_gicv3_kvm.c b/hw/intc/arm_gicv3_kvm.c index 9c7f4ab8711cd7ba780727089a1c..49304ca589d1f016cdfb217bf719 100644 --- a/hw/intc/arm_gicv3_kvm.c +++ b/hw/intc/arm_gicv3_kvm.c @@ -336,7 +336,10 @@ static void kvm_arm_gicv3_put(GICv3State *s) kvm_gicd_access(s, GICD_CTLR, ®, true); if (redist_typer & GICR_TYPER_PLPIS) { - /* Set base addresses before LPIs are enabled by GICR_CTLR write */ + /* + * Restore base addresses before LPIs are potentially enabled by + * GICR_CTLR write + */ for (ncpu = 0; ncpu < s->num_cpu; ncpu++) { GICv3CPUState *c = &s->cpu[ncpu]; @@ -347,12 +350,6 @@ static void kvm_arm_gicv3_put(GICv3State *s) kvm_gicr_access(s, GICR_PROPBASER + 4, ncpu, ®h, true); reg64 = c->gicr_pendbaser; - if (!(c->gicr_ctlr & GICR_CTLR_ENABLE_LPIS)) { - /* Setting PTZ is advised if LPIs are disabled, to reduce - * GIC initialization time. - */ - reg64 |= GICR_PENDBASER_PTZ; - } regl = (uint32_t)reg64; kvm_gicr_access(s, GICR_PENDBASER, ncpu, ®l, true); regh = (uint32_t)(reg64 >> 32); ++++++ i386-Add-MSR-feature-bit-for-MDS-NO.patch ++++++ --- /var/tmp/diff_new_pack.n4vv6G/_old 2020-03-17 04:15:20.780966311 +0100 +++ /var/tmp/diff_new_pack.n4vv6G/_new 2020-03-17 04:15:20.780966311 +0100 @@ -2,7 +2,7 @@ Date: Tue, 22 Oct 2019 15:35:26 +0800 Subject: i386: Add MSR feature bit for MDS-NO -Git commit: 77b168d221191156c47fcd8d1c47329dfdb9439e +Git-commit: 77b168d221191156c47fcd8d1c47329dfdb9439e References: jsc#SLE-7923 Define MSR_ARCH_CAP_MDS_NO in the IA32_ARCH_CAPABILITIES MSR to allow ++++++ i386-Add-macro-for-stibp.patch ++++++ --- /var/tmp/diff_new_pack.n4vv6G/_old 2020-03-17 04:15:20.784966314 +0100 +++ /var/tmp/diff_new_pack.n4vv6G/_new 2020-03-17 04:15:20.792966318 +0100 @@ -2,7 +2,7 @@ Date: Tue, 22 Oct 2019 15:35:27 +0800 Subject: i386: Add macro for stibp -Git commit: 5af514d0cb314f43bc53f2aefb437f6451d64d0c +Git-commit: 5af514d0cb314f43bc53f2aefb437f6451d64d0c References: jsc#SLE-7923 stibp feature is already added through the following commit. ++++++ i386-Add-new-CPU-model-Cooperlake.patch ++++++ --- /var/tmp/diff_new_pack.n4vv6G/_old 2020-03-17 04:15:20.820966335 +0100 +++ /var/tmp/diff_new_pack.n4vv6G/_new 2020-03-17 04:15:20.836966344 +0100 @@ -2,7 +2,7 @@ Date: Tue, 22 Oct 2019 15:35:28 +0800 Subject: i386: Add new CPU model Cooperlake -Git commit: 22a866b6166db5caa4abaa6e656c2a431fa60726 +Git-commit: 22a866b6166db5caa4abaa6e656c2a431fa60726 References: jsc#SLE-7923 Cooper Lake is intel's successor to Cascade Lake, the new ++++++ iotests-Fix-nonportable-use-of-od-endian.patch ++++++ From: Eric Blake <[email protected]> Date: Wed, 26 Feb 2020 06:54:24 -0600 Subject: iotests: Fix nonportable use of od --endian Git-commit: 69135eb30b9c3fca583737a96df015174dc8e6dd Tests 261 and 272 fail on RHEL 7 with coreutils 8.22, since od --endian was not added until coreutils 8.23. Fix this by manually constructing the final value one byte at a time. Fixes: fc8ba423 Reported-by: Andrey Shinkevich <[email protected]> Signed-off-by: Eric Blake <[email protected]> Reviewed-by: Max Reitz <[email protected]> Message-Id: <[email protected]> Signed-off-by: Max Reitz <[email protected]> Signed-off-by: Bruce Rogers <[email protected]> --- tests/qemu-iotests/common.rc | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/tests/qemu-iotests/common.rc b/tests/qemu-iotests/common.rc index 555c45391157d58534f0702094bc..315a9a8a4690d68abc0eb5fa83fd 100644 --- a/tests/qemu-iotests/common.rc +++ b/tests/qemu-iotests/common.rc @@ -56,18 +56,30 @@ poke_file() # peek_file_le 'test.img' 512 2 => 65534 peek_file_le() { - # Wrap in echo $() to strip spaces - echo $(od -j"$2" -N"$3" --endian=little -An -vtu"$3" "$1") + local val=0 shift=0 byte + + # coreutils' od --endian is not portable, so manually assemble bytes. + for byte in $(od -j"$2" -N"$3" -An -v -tu1 "$1"); do + val=$(( val | (byte << shift) )) + shift=$((shift + 8)) + done + printf %llu $val } # peek_file_be 'test.img' 512 2 => 65279 peek_file_be() { - # Wrap in echo $() to strip spaces - echo $(od -j"$2" -N"$3" --endian=big -An -vtu"$3" "$1") + local val=0 byte + + # coreutils' od --endian is not portable, so manually assemble bytes. + for byte in $(od -j"$2" -N"$3" -An -v -tu1 "$1"); do + val=$(( (val << 8) | byte )) + done + printf %llu $val } -# peek_file_raw 'test.img' 512 2 => '\xff\xfe' +# peek_file_raw 'test.img' 512 2 => '\xff\xfe'. Do not use if the raw data +# is likely to contain \0 or trailing \n. peek_file_raw() { dd if="$1" bs=1 skip="$2" count="$3" status=none ++++++ iotests-add-test-for-backup-top-failure-.patch ++++++ From: Vladimir Sementsov-Ogievskiy <[email protected]> Date: Tue, 21 Jan 2020 17:28:02 +0300 Subject: iotests: add test for backup-top failure on permission activation Git-commit: a541fcc27c98b96da187c7d4573f3270f3ddd283 This test checks that bug is really fixed by previous commit. Cc: [email protected] # v4.2.0 Signed-off-by: Vladimir Sementsov-Ogievskiy <[email protected]> Message-id: [email protected] Signed-off-by: Max Reitz <[email protected]> Signed-off-by: Bruce Rogers <[email protected]> --- tests/qemu-iotests/283 | 92 ++++++++++++++++++++++++++++++++++++++ tests/qemu-iotests/283.out | 8 ++++ tests/qemu-iotests/group | 1 + 3 files changed, 101 insertions(+) diff --git a/tests/qemu-iotests/283 b/tests/qemu-iotests/283 new file mode 100644 index 0000000000000000000000000000000000000000..293e557bd95f0553624fba89cd555614ff4a8c1b --- /dev/null +++ b/tests/qemu-iotests/283 @@ -0,0 +1,92 @@ +#!/usr/bin/env python +# +# Test for backup-top filter permission activation failure +# +# Copyright (c) 2019 Virtuozzo International GmbH. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +import iotests + +# The test is unrelated to formats, restrict it to qcow2 to avoid extra runs +iotests.verify_image_format(supported_fmts=['qcow2']) + +size = 1024 * 1024 + +""" Test description + +When performing a backup, all writes on the source subtree must go through the +backup-top filter so it can copy all data to the target before it is changed. +backup-top filter is appended above source node, to achieve this thing, so all +parents of source node are handled. A configuration with side parents of source +sub-tree with write permission is unsupported (we'd have append several +backup-top filter like nodes to handle such parents). The test create an +example of such configuration and checks that a backup is then not allowed +(blockdev-backup command should fail). + +The configuration: + + ┌────────┐ target ┌─────────────┐ + │ target │ ◀─────── │ backup_top │ + └────────┘ └─────────────┘ + │ + │ backing + ▼ + ┌─────────────┐ + │ source │ + └─────────────┘ + │ + │ file + ▼ + ┌─────────────┐ write perm ┌───────┐ + │ base │ ◀──────────── │ other │ + └─────────────┘ └───────┘ + +On activation (see .active field of backup-top state in block/backup-top.c), +backup-top is going to unshare write permission on its source child. Write +unsharing will be propagated to the "source->base" link and will conflict with +other node write permission. So permission update will fail and backup job will +not be started. + +Note, that the only thing which prevents backup of running on such +configuration is default permission propagation scheme. It may be altered by +different block drivers, so backup will run in invalid configuration. But +something is better than nothing. Also, before the previous commit (commit +preceding this test creation), starting backup on such configuration led to +crash, so current "something" is a lot better, and this test actual goal is +to check that crash is fixed :) +""" + +vm = iotests.VM() +vm.launch() + +vm.qmp_log('blockdev-add', **{'node-name': 'target', 'driver': 'null-co'}) + +vm.qmp_log('blockdev-add', **{ + 'node-name': 'source', + 'driver': 'blkdebug', + 'image': {'node-name': 'base', 'driver': 'null-co', 'size': size} +}) + +vm.qmp_log('blockdev-add', **{ + 'node-name': 'other', + 'driver': 'blkdebug', + 'image': 'base', + 'take-child-perms': ['write'] +}) + +vm.qmp_log('blockdev-backup', sync='full', device='source', target='target') + +vm.shutdown() diff --git a/tests/qemu-iotests/283.out b/tests/qemu-iotests/283.out new file mode 100644 index 0000000000000000000000000000000000000000..daaf5828c18ee463671ec916989846f94c9f4b31 --- /dev/null +++ b/tests/qemu-iotests/283.out @@ -0,0 +1,8 @@ +{"execute": "blockdev-add", "arguments": {"driver": "null-co", "node-name": "target"}} +{"return": {}} +{"execute": "blockdev-add", "arguments": {"driver": "blkdebug", "image": {"driver": "null-co", "node-name": "base", "size": 1048576}, "node-name": "source"}} +{"return": {}} +{"execute": "blockdev-add", "arguments": {"driver": "blkdebug", "image": "base", "node-name": "other", "take-child-perms": ["write"]}} +{"return": {}} +{"execute": "blockdev-backup", "arguments": {"device": "source", "sync": "full", "target": "target"}} +{"error": {"class": "GenericError", "desc": "Cannot set permissions for backup-top filter: Conflicts with use by other as 'image', which uses 'write' on base"}} diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group index 6b10a6a762143ec0d079b7fd6df2..1c1b69f0581c9a0043376b440600 100644 --- a/tests/qemu-iotests/group +++ b/tests/qemu-iotests/group @@ -286,3 +286,4 @@ 272 rw 273 backing quick 277 rw quick +283 auto quick ++++++ job-refactor-progress-to-separate-object.patch ++++++ From: Vladimir Sementsov-Ogievskiy <[email protected]> Date: Wed, 11 Mar 2020 13:29:56 +0300 Subject: job: refactor progress to separate object Git-commit: 01fe1ca945345d3dc420d70c69488143dc0451b1 We need it in separate to pass to the block-copy object in the next commit. Cc: [email protected] Signed-off-by: Vladimir Sementsov-Ogievskiy <[email protected]> Reviewed-by: Andrey Shinkevich <[email protected]> Reviewed-by: Max Reitz <[email protected]> Message-Id: <[email protected]> Signed-off-by: Max Reitz <[email protected]> Signed-off-by: Bruce Rogers <[email protected]> --- blockjob.c | 16 +++++----- include/qemu/job.h | 11 ++----- include/qemu/progress_meter.h | 58 +++++++++++++++++++++++++++++++++++ job-qmp.c | 4 +-- job.c | 6 ++-- qemu-img.c | 6 ++-- 6 files changed, 76 insertions(+), 25 deletions(-) diff --git a/blockjob.c b/blockjob.c index c6e20e2fcde53c82146cb45efd87..701bd2588d5ca58826bad00e498d 100644 --- a/blockjob.c +++ b/blockjob.c @@ -298,8 +298,8 @@ BlockJobInfo *block_job_query(BlockJob *job, Error **errp) info->device = g_strdup(job->job.id); info->busy = atomic_read(&job->job.busy); info->paused = job->job.pause_count > 0; - info->offset = job->job.progress_current; - info->len = job->job.progress_total; + info->offset = job->job.progress.current; + info->len = job->job.progress.total; info->speed = job->speed; info->io_status = job->iostatus; info->ready = job_is_ready(&job->job), @@ -329,8 +329,8 @@ static void block_job_event_cancelled(Notifier *n, void *opaque) qapi_event_send_block_job_cancelled(job_type(&job->job), job->job.id, - job->job.progress_total, - job->job.progress_current, + job->job.progress.total, + job->job.progress.current, job->speed); } @@ -349,8 +349,8 @@ static void block_job_event_completed(Notifier *n, void *opaque) qapi_event_send_block_job_completed(job_type(&job->job), job->job.id, - job->job.progress_total, - job->job.progress_current, + job->job.progress.total, + job->job.progress.current, job->speed, !!msg, msg); @@ -378,8 +378,8 @@ static void block_job_event_ready(Notifier *n, void *opaque) qapi_event_send_block_job_ready(job_type(&job->job), job->job.id, - job->job.progress_total, - job->job.progress_current, + job->job.progress.total, + job->job.progress.current, job->speed); } diff --git a/include/qemu/job.h b/include/qemu/job.h index bd59cd8944de41304d8f78dce94c..32aabb1c60009825ca4a921b7864 100644 --- a/include/qemu/job.h +++ b/include/qemu/job.h @@ -28,6 +28,7 @@ #include "qapi/qapi-types-job.h" #include "qemu/queue.h" +#include "qemu/progress_meter.h" #include "qemu/coroutine.h" #include "block/aio.h" @@ -117,15 +118,7 @@ typedef struct Job { /** True if this job should automatically dismiss itself */ bool auto_dismiss; - /** - * Current progress. The unit is arbitrary as long as the ratio between - * progress_current and progress_total represents the estimated percentage - * of work already done. - */ - int64_t progress_current; - - /** Estimated progress_current value at the completion of the job */ - int64_t progress_total; + ProgressMeter progress; /** * Return code from @run and/or @prepare callback(s). diff --git a/include/qemu/progress_meter.h b/include/qemu/progress_meter.h new file mode 100644 index 0000000000000000000000000000000000000000..9a23ff071c4c327c099eb5b4ec3e9d6505b298ef --- /dev/null +++ b/include/qemu/progress_meter.h @@ -0,0 +1,58 @@ +/* + * Helper functionality for some process progress tracking. + * + * Copyright (c) 2011 IBM Corp. + * Copyright (c) 2012, 2018 Red Hat, Inc. + * Copyright (c) 2020 Virtuozzo International GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#ifndef QEMU_PROGRESS_METER_H +#define QEMU_PROGRESS_METER_H + +typedef struct ProgressMeter { + /** + * Current progress. The unit is arbitrary as long as the ratio between + * current and total represents the estimated percentage + * of work already done. + */ + uint64_t current; + + /** Estimated current value at the completion of the process */ + uint64_t total; +} ProgressMeter; + +static inline void progress_work_done(ProgressMeter *pm, uint64_t done) +{ + pm->current += done; +} + +static inline void progress_set_remaining(ProgressMeter *pm, uint64_t remaining) +{ + pm->total = pm->current + remaining; +} + +static inline void progress_increase_remaining(ProgressMeter *pm, + uint64_t delta) +{ + pm->total += delta; +} + +#endif /* QEMU_PROGRESS_METER_H */ diff --git a/job-qmp.c b/job-qmp.c index fbfed25a00067c5035bfde3d7b89..fecc939ebd951aa3bb863400b71c 100644 --- a/job-qmp.c +++ b/job-qmp.c @@ -143,8 +143,8 @@ static JobInfo *job_query_single(Job *job, Error **errp) .id = g_strdup(job->id), .type = job_type(job), .status = job->status, - .current_progress = job->progress_current, - .total_progress = job->progress_total, + .current_progress = job->progress.current, + .total_progress = job->progress.total, .has_error = !!job->err, .error = job->err ? \ g_strdup(error_get_pretty(job->err)) : NULL, diff --git a/job.c b/job.c index 04409b40aab3545798414bda1a87..134a07b92e5ef05a52bee7e21a96 100644 --- a/job.c +++ b/job.c @@ -369,17 +369,17 @@ void job_unref(Job *job) void job_progress_update(Job *job, uint64_t done) { - job->progress_current += done; + progress_work_done(&job->progress, done); } void job_progress_set_remaining(Job *job, uint64_t remaining) { - job->progress_total = job->progress_current + remaining; + progress_set_remaining(&job->progress, remaining); } void job_progress_increase_remaining(Job *job, uint64_t delta) { - job->progress_total += delta; + progress_increase_remaining(&job->progress, delta); } void job_event_cancelled(Job *job) diff --git a/qemu-img.c b/qemu-img.c index 95a24b9762b0b00ef13f68cd4251..9ae07bbc80bd1fa0e6e20a04ec73 100644 --- a/qemu-img.c +++ b/qemu-img.c @@ -881,9 +881,9 @@ static void run_block_job(BlockJob *job, Error **errp) do { float progress = 0.0f; aio_poll(aio_context, true); - if (job->job.progress_total) { - progress = (float)job->job.progress_current / - job->job.progress_total * 100.f; + if (job->job.progress.total) { + progress = (float)job->job.progress.current / + job->job.progress.total * 100.f; } qemu_progress_print(progress, 0); } while (!job_is_ready(&job->job) && !job_is_completed(&job->job)); ++++++ numa-Extend-CLI-to-provide-initiator-inf.patch ++++++ --- /var/tmp/diff_new_pack.n4vv6G/_old 2020-03-17 04:15:20.948966409 +0100 +++ /var/tmp/diff_new_pack.n4vv6G/_new 2020-03-17 04:15:20.952966412 +0100 @@ -2,7 +2,7 @@ Date: Fri, 13 Dec 2019 09:19:22 +0800 Subject: numa: Extend CLI to provide initiator information for numa nodes -Git commit: 244b3f4485a07c7ce4b7123d6ce9d8c6012756e8 +Git-commit: 244b3f4485a07c7ce4b7123d6ce9d8c6012756e8 References: jsc#SLE-8897 In ACPI 6.3 chapter 5.2.27 Heterogeneous Memory Attribute Table (HMAT), ++++++ numa-Extend-CLI-to-provide-memory-latenc.patch ++++++ --- /var/tmp/diff_new_pack.n4vv6G/_old 2020-03-17 04:15:20.956966413 +0100 +++ /var/tmp/diff_new_pack.n4vv6G/_new 2020-03-17 04:15:20.956966413 +0100 @@ -2,7 +2,7 @@ Date: Fri, 13 Dec 2019 09:19:23 +0800 Subject: numa: Extend CLI to provide memory latency and bandwidth information -Git commit: 9b12dfa03a94d7f7a4b54eb67229a31e58193384 +Git-commit: 9b12dfa03a94d7f7a4b54eb67229a31e58193384 References: jsc#SLE-8897 Add -numa hmat-lb option to provide System Locality Latency and ++++++ numa-Extend-CLI-to-provide-memory-side-c.patch ++++++ --- /var/tmp/diff_new_pack.n4vv6G/_old 2020-03-17 04:15:21.004966441 +0100 +++ /var/tmp/diff_new_pack.n4vv6G/_new 2020-03-17 04:15:21.012966447 +0100 @@ -2,7 +2,7 @@ Date: Fri, 13 Dec 2019 09:19:24 +0800 Subject: numa: Extend CLI to provide memory side cache information -Git commit: c412a48d4d91e8f8b89aae02de0f44f1f0b729e5 +Git-commit: c412a48d4d91e8f8b89aae02de0f44f1f0b729e5 References: jsc#SLE-8897 Add -numa hmat-cache option to provide Memory Side Cache Information. ++++++ qemu-rpmlintrc ++++++ --- /var/tmp/diff_new_pack.n4vv6G/_old 2020-03-17 04:15:21.148966525 +0100 +++ /var/tmp/diff_new_pack.n4vv6G/_new 2020-03-17 04:15:21.164966534 +0100 @@ -2,4 +2,5 @@ from Config import * addFilter("arch-dependent-file-in-usr-share") +addFilter("obsolete-not-provided") addFilter("summary-not-capitalized") ++++++ qemu.spec.in ++++++ --- /var/tmp/diff_new_pack.n4vv6G/_old 2020-03-17 04:15:21.212966562 +0100 +++ /var/tmp/diff_new_pack.n4vv6G/_new 2020-03-17 04:15:21.216966564 +0100 @@ -337,6 +337,9 @@ Recommends: qemu-ui-gtk %if 0%{?is_opensuse} Recommends: qemu-ui-sdl +%else +Obsoletes: qemu-audio-sdl <= %{qemuver} +Obsoletes: qemu-ui-sdl <= %{qemuver} %endif Recommends: qemu-ui-spice-app Recommends: qemu-x86 ++++++ target-arm-Correct-definition-of-PMCRDP.patch ++++++ From: Peter Maydell <[email protected]> Date: Fri, 14 Feb 2020 17:51:11 +0000 Subject: target/arm: Correct definition of PMCRDP MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Git-commit: a1ed04dd79aabb9dbeeb5fa7d49f1a3de0357553 The PMCR_EL0.DP bit is bit 5, which is 0x20, not 0x10. 0x10 is 'X'. Correct our #define of PMCRDP and add the missing PMCRX. We do have the correct behaviour for handling the DP bit being set, so this fixes a guest-visible bug. Fixes: 033614c47de Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Reviewed-by: Richard Henderson <[email protected]> Signed-off-by: Peter Maydell <[email protected]> Message-id: [email protected] Signed-off-by: Bruce Rogers <[email protected]> --- target/arm/helper.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index 0bf8f53d4b8d80ba1edb69c2c759..886ffaba82d36da9acc36f1596f5 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -1016,7 +1016,8 @@ static const ARMCPRegInfo v6_cp_reginfo[] = { #define PMCRN_MASK 0xf800 #define PMCRN_SHIFT 11 #define PMCRLC 0x40 -#define PMCRDP 0x10 +#define PMCRDP 0x20 +#define PMCRX 0x10 #define PMCRD 0x8 #define PMCRC 0x4 #define PMCRP 0x2 ++++++ target-arm-fix-TCG-leak-for-fcvt-half-do.patch ++++++ From: =?UTF-8?q?Alex=20Benn=C3=A9e?= <[email protected]> Date: Fri, 31 Jan 2020 15:34:39 +0000 Subject: target/arm: fix TCG leak for fcvt half->double MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Git-commit: aeab8e5eb220cc5ff84b0b68b9afccc611bf0fcd When support for the AHP flag was added we inexplicably only freed the new temps in one of the two legs. Move those tcg_temp_free to the same level as the allocation to fix that leak. Fixes: 486624fcd3eac Signed-off-by: Alex Bennée <[email protected]> Message-id: [email protected] Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Reviewed-by: Peter Maydell <[email protected]> Signed-off-by: Peter Maydell <[email protected]> Signed-off-by: Bruce Rogers <[email protected]> --- target/arm/translate-a64.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c index d4bebbe62958ed2264e8db880bac..045da9266717203d85258110ed10 100644 --- a/target/arm/translate-a64.c +++ b/target/arm/translate-a64.c @@ -5778,8 +5778,6 @@ static void handle_fp_fcvt(DisasContext *s, int opcode, TCGv_i32 tcg_rd = tcg_temp_new_i32(); gen_helper_vfp_fcvt_f16_to_f32(tcg_rd, tcg_rn, tcg_fpst, tcg_ahp); write_fp_sreg(s, rd, tcg_rd); - tcg_temp_free_ptr(tcg_fpst); - tcg_temp_free_i32(tcg_ahp); tcg_temp_free_i32(tcg_rd); } else { /* Half to double */ @@ -5789,6 +5787,8 @@ static void handle_fp_fcvt(DisasContext *s, int opcode, tcg_temp_free_i64(tcg_rd); } tcg_temp_free_i32(tcg_rn); + tcg_temp_free_ptr(tcg_fpst); + tcg_temp_free_i32(tcg_ahp); break; } default: ++++++ tests-Disable-some-block-tests-for-now.patch ++++++ --- /var/tmp/diff_new_pack.n4vv6G/_old 2020-03-17 04:15:21.484966720 +0100 +++ /var/tmp/diff_new_pack.n4vv6G/_new 2020-03-17 04:15:21.484966720 +0100 @@ -22,7 +22,7 @@ 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group -index 6b10a6a762143ec0d079b7fd6df2..150800ce1cbdde74b76e9f43e1c7 100644 +index 1c1b69f0581c9a0043376b440600..d293735679e23235092c614e2206 100644 --- a/tests/qemu-iotests/group +++ b/tests/qemu-iotests/group @@ -86,7 +86,7 @@ ++++++ tests-numa-Add-case-for-QMP-build-HMAT.patch ++++++ --- /var/tmp/diff_new_pack.n4vv6G/_old 2020-03-17 04:15:21.492966724 +0100 +++ /var/tmp/diff_new_pack.n4vv6G/_new 2020-03-17 04:15:21.492966724 +0100 @@ -2,7 +2,7 @@ Date: Fri, 13 Dec 2019 09:19:28 +0800 Subject: tests/numa: Add case for QMP build HMAT -Git commit: d00817c944ed15fbe4a61d44fe7f9fe166c7df88 +Git-commit: d00817c944ed15fbe4a61d44fe7f9fe166c7df88 References: jsc#SLE-8897 Check configuring HMAT usecase ++++++ tpm-ppi-page-align-PPI-RAM.patch ++++++ From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <[email protected]> Date: Fri, 3 Jan 2020 11:39:59 +0400 Subject: tpm-ppi: page-align PPI RAM MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Git-commit: 71e415c8a75c130875f14d6b2136825789feb297 post-copy migration fails on destination with error such as: 2019-12-26T10:22:44.714644Z qemu-kvm: ram_block_discard_range: Unaligned start address: 0x559d2afae9a0 Use qemu_memalign() to constrain the PPI RAM memory alignment. Cc: [email protected] Signed-off-by: Marc-André Lureau <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Reviewed-by: Dr. David Alan Gilbert <[email protected]> Reviewed-by: Stefan Berger <[email protected]> Signed-off-by: Stefan Berger <[email protected]> Message-id: [email protected] Signed-off-by: Bruce Rogers <[email protected]> --- hw/tpm/tpm_ppi.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hw/tpm/tpm_ppi.c b/hw/tpm/tpm_ppi.c index ff314592b497b36853494c9600d7..6d9c1a3e40ee6f76d0b582d13f5b 100644 --- a/hw/tpm/tpm_ppi.c +++ b/hw/tpm/tpm_ppi.c @@ -43,7 +43,8 @@ void tpm_ppi_reset(TPMPPI *tpmppi) void tpm_ppi_init(TPMPPI *tpmppi, struct MemoryRegion *m, hwaddr addr, Object *obj) { - tpmppi->buf = g_malloc0(HOST_PAGE_ALIGN(TPM_PPI_ADDR_SIZE)); + tpmppi->buf = qemu_memalign(qemu_real_host_page_size, + HOST_PAGE_ALIGN(TPM_PPI_ADDR_SIZE)); memory_region_init_ram_device_ptr(&tpmppi->ram, obj, "tpm-ppi", TPM_PPI_ADDR_SIZE, tpmppi->buf); vmstate_register_ram(&tpmppi->ram, DEVICE(obj)); ++++++ vhost-user-blk-delete-virtioqueues-in-un.patch ++++++ From: Pan Nengyuan <[email protected]> Date: Mon, 24 Feb 2020 12:13:35 +0800 Subject: vhost-user-blk: delete virtioqueues in unrealize to fix memleaks Git-commit: 13e5468127111bf44c5dc314d1dd2ec5a65dfec4 virtio queues forgot to delete in unrealize, and aslo error path in realize, this patch fix these memleaks, the leak stack is as follow: Direct leak of 114688 byte(s) in 16 object(s) allocated from: #0 0x7f24024fdbf0 in calloc (/lib64/libasan.so.3+0xcabf0) #1 0x7f2401642015 in g_malloc0 (/lib64/libglib-2.0.so.0+0x50015) #2 0x55ad175a6447 in virtio_add_queue /mnt/sdb/qemu/hw/virtio/virtio.c:2327 #3 0x55ad17570cf9 in vhost_user_blk_device_realize /mnt/sdb/qemu/hw/block/vhost-user-blk.c:419 #4 0x55ad175a3707 in virtio_device_realize /mnt/sdb/qemu/hw/virtio/virtio.c:3509 #5 0x55ad176ad0d1 in device_set_realized /mnt/sdb/qemu/hw/core/qdev.c:876 #6 0x55ad1781ff9d in property_set_bool /mnt/sdb/qemu/qom/object.c:2080 #7 0x55ad178245ae in object_property_set_qobject /mnt/sdb/qemu/qom/qom-qobject.c:26 #8 0x55ad17821eb4 in object_property_set_bool /mnt/sdb/qemu/qom/object.c:1338 #9 0x55ad177aeed7 in virtio_pci_realize /mnt/sdb/qemu/hw/virtio/virtio-pci.c:1801 Reported-by: Euler Robot <[email protected]> Signed-off-by: Pan Nengyuan <[email protected]> Reviewed-by: Stefan Hajnoczi <[email protected]> Message-Id: <[email protected]> Reviewed-by: Stefan Hajnoczi <[email protected]> Reviewed-by: Michael S. Tsirkin <[email protected]> Signed-off-by: Michael S. Tsirkin <[email protected]> Signed-off-by: Bruce Rogers <[email protected]> --- hw/block/vhost-user-blk.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/hw/block/vhost-user-blk.c b/hw/block/vhost-user-blk.c index 63da9bb619ccb30d63fa548d3078..2e59cbaa0da1e05842a62d6daf14 100644 --- a/hw/block/vhost-user-blk.c +++ b/hw/block/vhost-user-blk.c @@ -455,6 +455,9 @@ reconnect: virtio_err: g_free(s->vqs); g_free(s->inflight); + for (i = 0; i < s->num_queues; i++) { + virtio_del_queue(vdev, i); + } virtio_cleanup(vdev); vhost_user_cleanup(&s->vhost_user); } @@ -463,6 +466,7 @@ static void vhost_user_blk_device_unrealize(DeviceState *dev, Error **errp) { VirtIODevice *vdev = VIRTIO_DEVICE(dev); VHostUserBlk *s = VHOST_USER_BLK(dev); + int i; virtio_set_status(vdev, 0); qemu_chr_fe_set_handlers(&s->chardev, NULL, NULL, NULL, @@ -471,6 +475,10 @@ static void vhost_user_blk_device_unrealize(DeviceState *dev, Error **errp) vhost_dev_free_inflight(s->inflight); g_free(s->vqs); g_free(s->inflight); + + for (i = 0; i < s->num_queues; i++) { + virtio_del_queue(vdev, i); + } virtio_cleanup(vdev); vhost_user_cleanup(&s->vhost_user); } ++++++ virtio-add-ability-to-delete-vq-through-.patch ++++++ From: "Michael S. Tsirkin" <[email protected]> Date: Mon, 9 Dec 2019 11:46:13 -0500 Subject: virtio: add ability to delete vq through a pointer Git-commit: 722f8c51d8af223751dfb1d02de40043e8ba067e Devices tend to maintain vq pointers, allow deleting them trough a vq pointer. Signed-off-by: Michael S. Tsirkin <[email protected]> Reviewed-by: David Hildenbrand <[email protected]> Reviewed-by: David Hildenbrand <[email protected]> Signed-off-by: Bruce Rogers <[email protected]> --- hw/virtio/virtio.c | 15 ++++++++++----- include/hw/virtio/virtio.h | 2 ++ 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c index 04716b5f6ce1ccfb3f21a5b81b77..31dd140990f784884b541b293105 100644 --- a/hw/virtio/virtio.c +++ b/hw/virtio/virtio.c @@ -2330,17 +2330,22 @@ VirtQueue *virtio_add_queue(VirtIODevice *vdev, int queue_size, return &vdev->vq[i]; } +void virtio_delete_queue(VirtQueue *vq) +{ + vq->vring.num = 0; + vq->vring.num_default = 0; + vq->handle_output = NULL; + vq->handle_aio_output = NULL; + g_free(vq->used_elems); +} + void virtio_del_queue(VirtIODevice *vdev, int n) { if (n < 0 || n >= VIRTIO_QUEUE_MAX) { abort(); } - vdev->vq[n].vring.num = 0; - vdev->vq[n].vring.num_default = 0; - vdev->vq[n].handle_output = NULL; - vdev->vq[n].handle_aio_output = NULL; - g_free(vdev->vq[n].used_elems); + virtio_delete_queue(&vdev->vq[n]); } static void virtio_set_isr(VirtIODevice *vdev, int value) diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h index c32a815303730700e60c2ddd06c4..e18756d50d21259dda81bf1d1b1d 100644 --- a/include/hw/virtio/virtio.h +++ b/include/hw/virtio/virtio.h @@ -183,6 +183,8 @@ VirtQueue *virtio_add_queue(VirtIODevice *vdev, int queue_size, void virtio_del_queue(VirtIODevice *vdev, int n); +void virtio_delete_queue(VirtQueue *vq); + void virtqueue_push(VirtQueue *vq, const VirtQueueElement *elem, unsigned int len); void virtqueue_flush(VirtQueue *vq, unsigned int count); ++++++ virtio-crypto-do-delete-ctrl_vq-in-virti.patch ++++++ From: Pan Nengyuan <[email protected]> Date: Tue, 25 Feb 2020 15:55:54 +0800 Subject: virtio-crypto: do delete ctrl_vq in virtio_crypto_device_unrealize Git-commit: d56e1c8256cb37e68f9b5d98c6cc4e6ca463f1fd Similar to other virtio-deivces, ctrl_vq forgot to delete in virtio_crypto_device_unrealize, this patch fix it. This device has aleardy maintained vq pointers. Thus, we use the new virtio_delete_queue function directly to do the cleanup. The leak stack: Direct leak of 10752 byte(s) in 3 object(s) allocated from: #0 0x7f4c024b1970 in __interceptor_calloc (/lib64/libasan.so.5+0xef970) #1 0x7f4c018be49d in g_malloc0 (/lib64/libglib-2.0.so.0+0x5249d) #2 0x55a2f8017279 in virtio_add_queue /mnt/sdb/qemu-new/qemu_test/qemu/hw/virtio/virtio.c:2333 #3 0x55a2f8057035 in virtio_crypto_device_realize /mnt/sdb/qemu-new/qemu_test/qemu/hw/virtio/virtio-crypto.c:814 #4 0x55a2f8005d80 in virtio_device_realize /mnt/sdb/qemu-new/qemu_test/qemu/hw/virtio/virtio.c:3531 #5 0x55a2f8497d1b in device_set_realized /mnt/sdb/qemu-new/qemu_test/qemu/hw/core/qdev.c:891 #6 0x55a2f8b48595 in property_set_bool /mnt/sdb/qemu-new/qemu_test/qemu/qom/object.c:2238 #7 0x55a2f8b54fad in object_property_set_qobject /mnt/sdb/qemu-new/qemu_test/qemu/qom/qom-qobject.c:26 #8 0x55a2f8b4de2c in object_property_set_bool /mnt/sdb/qemu-new/qemu_test/qemu/qom/object.c:1390 #9 0x55a2f80609c9 in virtio_crypto_pci_realize /mnt/sdb/qemu-new/qemu_test/qemu/hw/virtio/virtio-crypto-pci.c:58 Reported-by: Euler Robot <[email protected]> Signed-off-by: Pan Nengyuan <[email protected]> Cc: "Gonglei (Arei)" <[email protected]> Message-Id: <[email protected]> Reviewed-by: Michael S. Tsirkin <[email protected]> Signed-off-by: Michael S. Tsirkin <[email protected]> Signed-off-by: Bruce Rogers <[email protected]> --- hw/virtio/virtio-crypto.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c index 6d42f95a890b7a58f8ba0bc75eae..b2e01fc015133decbe2dc3ee9073 100644 --- a/hw/virtio/virtio-crypto.c +++ b/hw/virtio/virtio-crypto.c @@ -831,12 +831,13 @@ static void virtio_crypto_device_unrealize(DeviceState *dev, Error **errp) max_queues = vcrypto->multiqueue ? vcrypto->max_queues : 1; for (i = 0; i < max_queues; i++) { - virtio_del_queue(vdev, i); + virtio_delete_queue(vcrypto->vqs[i].dataq); q = &vcrypto->vqs[i]; qemu_bh_delete(q->dataq_bh); } g_free(vcrypto->vqs); + virtio_delete_queue(vcrypto->ctrl_vq); virtio_cleanup(vdev); cryptodev_backend_set_used(vcrypto->cryptodev, false); ++++++ virtio-don-t-enable-notifications-during.patch ++++++ --- /var/tmp/diff_new_pack.n4vv6G/_old 2020-03-17 04:15:21.524966743 +0100 +++ /var/tmp/diff_new_pack.n4vv6G/_new 2020-03-17 04:15:21.524966743 +0100 @@ -97,7 +97,7 @@ QTAILQ_FOREACH_SAFE(req, &reqs, next, next) { diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c -index 04716b5f6ce1ccfb3f21a5b81b77..3211135bc8beb0856e100bcbda58 100644 +index 31dd140990f784884b541b293105..d63a3691bf00e9d7951b2c85ef5f 100644 --- a/hw/virtio/virtio.c +++ b/hw/virtio/virtio.c @@ -432,6 +432,11 @@ static void virtio_queue_packed_set_notification(VirtQueue *vq, int enable) @@ -112,7 +112,7 @@ void virtio_queue_set_notification(VirtQueue *vq, int enable) { vq->notification = enable; -@@ -3384,17 +3389,12 @@ static bool virtio_queue_host_notifier_aio_poll(void *opaque) +@@ -3389,17 +3394,12 @@ static bool virtio_queue_host_notifier_aio_poll(void *opaque) { EventNotifier *n = opaque; VirtQueue *vq = container_of(n, VirtQueue, host_notifier); @@ -132,10 +132,10 @@ static void virtio_queue_host_notifier_aio_poll_end(EventNotifier *n) diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h -index c32a815303730700e60c2ddd06c4..6a2044246d63ba8a3f932086f9e8 100644 +index e18756d50d21259dda81bf1d1b1d..91167f609aca8f50948b1b28fdf2 100644 --- a/include/hw/virtio/virtio.h +++ b/include/hw/virtio/virtio.h -@@ -224,6 +224,7 @@ int virtio_load(VirtIODevice *vdev, QEMUFile *f, int version_id); +@@ -226,6 +226,7 @@ int virtio_load(VirtIODevice *vdev, QEMUFile *f, int version_id); void virtio_notify_config(VirtIODevice *vdev); ++++++ virtio-pmem-do-delete-rq_vq-in-virtio_pm.patch ++++++ From: Pan Nengyuan <[email protected]> Date: Tue, 25 Feb 2020 15:55:53 +0800 Subject: virtio-pmem: do delete rq_vq in virtio_pmem_unrealize MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Git-commit: 9861546e1dae05c5152de7d3bd14e341ecadc972 Similar to other virtio-devices, rq_vq forgot to delete in virtio_pmem_unrealize, this patch fix it. This device has already maintained a vq pointer, thus we use the new virtio_delete_queue function directly to do the cleanup. Reported-by: Euler Robot <[email protected]> Signed-off-by: Pan Nengyuan <[email protected]> Message-Id: <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Reviewed-by: Michael S. Tsirkin <[email protected]> Signed-off-by: Michael S. Tsirkin <[email protected]> Signed-off-by: Bruce Rogers <[email protected]> --- hw/virtio/virtio-pmem.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/virtio/virtio-pmem.c b/hw/virtio/virtio-pmem.c index c0c9395e559cf8b01878549b9f45..cad44fe0fc6231316e86c2317965 100644 --- a/hw/virtio/virtio-pmem.c +++ b/hw/virtio/virtio-pmem.c @@ -130,6 +130,7 @@ static void virtio_pmem_unrealize(DeviceState *dev, Error **errp) VirtIOPMEM *pmem = VIRTIO_PMEM(dev); host_memory_backend_set_mapped(pmem->memdev, false); + virtio_delete_queue(pmem->rq_vq); virtio_cleanup(vdev); }
