[Bug 1880225] Re: Emulation of some arm programs fail with "Assertion `have_guest_base' failed."
It appear that there is no problem on Intel 64-bit hosts.
Perhaps the problem is manifested on all 32-bit hosts. I currently don't
have access to any other 320bit host due to remote work.
The arm is the only target were I noticed this happens. I checked hppa,
mips, mipsel, m68k, ppc, and sh4, they ae all fine, with the same
program/example, on the same 32-bit Intel host. I did not checked other
target except those I just mentioned.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1880225
Title:
Emulation of some arm programs fail with "Assertion `have_guest_base'
failed."
Status in QEMU:
New
Bug description:
This issue is observer with QEMU ToT, checked out around May 15th (but
I believe it is present in current master too), and wasn't present in
QEMU v5.0.0.
I am using 32-bit Intel(R) Pentium(R) M processor 1.73GHz host.
Arm cross-compiler is a standard cross-compiler that comes with
Debian-based distributions, and gcc version is:
$ arm-linux-gnueabi-gcc --version
arm-linux-gnueabi-gcc (Debian 8.3.0-2) 8.3.0
Compile this program with cross compiler:
$ arm-linux-gnueabi-gcc -O2 -static toupper_string.c -o
toupper_string-arm
Emulation with QEMU v5.0.0 is correct, and gives expected output:
$ ~/Build/qemu-5.0.0/build-gcc/arm-linux-user/qemu-arm ./toupper_string-arm
CONTROL RESULT: (toupper_string)
nwlrbbmqbhcdarz owkkyhiddqscdxr jmowfrxsjybldbe fsarcbynecdyggx
xpklorellnmpapq
NWLRBBMQBHCDARZ OWKKYHIDDQSCDXR JMOWFRXSJYBLDBE FSARCBYNECDYGGX
XPKLORELLNMPAPQ
While, in case of QEMU master it fails:
$ ~/Build/qemu-master/build-gcc/arm-linux-user/qemu-arm ./toupper_string-arm
qemu-arm: /home/rtrk/Build/qemu-master/linux-user/elfload.c:2294:
probe_guest_base: Assertion `have_guest_base' failed.
Aborted
There are many other programs that exibit the same behavior. The
failure is arm-sprecific.
-
source code: (let's call this file toupper_string.c) (similar file is
also in attachment)
#include
#include
#include
#include
#define MAX_STRING_LENGHT 15
#define NUMBER_OF_RANDOM_STRINGS 100
#define DEFAULT_NUMBER_OF_REPETITIONS 3
#define MAX_NUMBER_OF_REPETITIONS 10
#define NUMBER_OF_CONTROL_PRINT_ITEMS 5
/* Structure for keeping an array of strings */
struct StringStruct {
char chars[MAX_STRING_LENGHT + 1];
};
/**
* Sets characters of the given string to random small letters a-z.
* @param s String to get random characters.
* @len Length of the input string.
*/
static void gen_random_string(char *chars, const int len)
{
static const char letters[] = "abcdefghijklmnopqrstuvwxyz";
for (size_t i = 0; i < len; i++) {
chars[i] = letters[rand() % (sizeof(letters) - 1)];
}
chars[len] = 0;
}
void main (int argc, char* argv[])
{
struct StringStruct random_strings[NUMBER_OF_RANDOM_STRINGS];
struct StringStruct strings_to_be_uppercased[NUMBER_OF_RANDOM_STRINGS];
int32_t number_of_repetitions = DEFAULT_NUMBER_OF_REPETITIONS;
int32_t option;
/* Parse command line options */
while ((option = getopt(argc, argv, "n:")) != -1) {
if (option == 'n') {
int32_t user_number_of_repetitions = atoi(optarg);
/* Check if the value is a negative number */
if (user_number_of_repetitions < 1) {
fprintf(stderr, "Error ... Value for option '-n' cannot be a "
"negative number.\n");
exit(EXIT_FAILURE);
}
/* Check if the value is a string or zero */
if (user_number_of_repetitions == 0) {
fprintf(stderr, "Error ... Invalid value for option '-n'.\n");
exit(EXIT_FAILURE);
}
/* Check if the value is too large */
if (user_number_of_repetitions > MAX_NUMBER_OF_REPETITIONS) {
fprintf(stderr, "Error ... Value for option '-n' cannot be "
"more than %d.\n", MAX_NUMBER_OF_REPETITIONS);
exit(EXIT_FAILURE);
}
number_of_repetitions = user_number_of_repetitions;
} else {
exit(EXIT_FAILURE);
}
}
/* Create an array of strings with random content */
srand(1);
for (size_t i = 0; i < NUMBER_OF_RANDOM_STRINGS; i++) {
gen_random_string(random_strings[i].chars, MAX_STRING_LENGHT);
}
/* Perform uppercasing of a set of random strings multiple times */
for (size_t j = 0; j < number_of_repetitions; j++) {
/* Copy initial set of random strings to the set to be uppercased */
memcpy(strings_to_be_uppercased, random_strings,
NUMBER_
[Bug 1880225] Re: Emulation of some arm programs fail with "Assertion `have_guest_base' failed."
I just want to stress once again that the test was performed on a 32-bit
Intel host.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1880225
Title:
Emulation of some arm programs fail with "Assertion `have_guest_base'
failed."
Status in QEMU:
New
Bug description:
This issue is observer with QEMU ToT, checked out around May 15th (but
I believe it is present in current master too), and wasn't present in
QEMU v5.0.0.
I am using 32-bit Intel(R) Pentium(R) M processor 1.73GHz host.
Arm cross-compiler is a standard cross-compiler that comes with
Debian-based distributions, and gcc version is:
$ arm-linux-gnueabi-gcc --version
arm-linux-gnueabi-gcc (Debian 8.3.0-2) 8.3.0
Compile this program with cross compiler:
$ arm-linux-gnueabi-gcc -O2 -static toupper_string.c -o
toupper_string-arm
Emulation with QEMU v5.0.0 is correct, and gives expected output:
$ ~/Build/qemu-5.0.0/build-gcc/arm-linux-user/qemu-arm ./toupper_string-arm
CONTROL RESULT: (toupper_string)
nwlrbbmqbhcdarz owkkyhiddqscdxr jmowfrxsjybldbe fsarcbynecdyggx
xpklorellnmpapq
NWLRBBMQBHCDARZ OWKKYHIDDQSCDXR JMOWFRXSJYBLDBE FSARCBYNECDYGGX
XPKLORELLNMPAPQ
While, in case of QEMU master it fails:
$ ~/Build/qemu-master/build-gcc/arm-linux-user/qemu-arm ./toupper_string-arm
qemu-arm: /home/rtrk/Build/qemu-master/linux-user/elfload.c:2294:
probe_guest_base: Assertion `have_guest_base' failed.
Aborted
There are many other programs that exibit the same behavior. The
failure is arm-sprecific.
-
source code: (let's call this file toupper_string.c) (similar file is
also in attachment)
#include
#include
#include
#include
#define MAX_STRING_LENGHT 15
#define NUMBER_OF_RANDOM_STRINGS 100
#define DEFAULT_NUMBER_OF_REPETITIONS 3
#define MAX_NUMBER_OF_REPETITIONS 10
#define NUMBER_OF_CONTROL_PRINT_ITEMS 5
/* Structure for keeping an array of strings */
struct StringStruct {
char chars[MAX_STRING_LENGHT + 1];
};
/**
* Sets characters of the given string to random small letters a-z.
* @param s String to get random characters.
* @len Length of the input string.
*/
static void gen_random_string(char *chars, const int len)
{
static const char letters[] = "abcdefghijklmnopqrstuvwxyz";
for (size_t i = 0; i < len; i++) {
chars[i] = letters[rand() % (sizeof(letters) - 1)];
}
chars[len] = 0;
}
void main (int argc, char* argv[])
{
struct StringStruct random_strings[NUMBER_OF_RANDOM_STRINGS];
struct StringStruct strings_to_be_uppercased[NUMBER_OF_RANDOM_STRINGS];
int32_t number_of_repetitions = DEFAULT_NUMBER_OF_REPETITIONS;
int32_t option;
/* Parse command line options */
while ((option = getopt(argc, argv, "n:")) != -1) {
if (option == 'n') {
int32_t user_number_of_repetitions = atoi(optarg);
/* Check if the value is a negative number */
if (user_number_of_repetitions < 1) {
fprintf(stderr, "Error ... Value for option '-n' cannot be a "
"negative number.\n");
exit(EXIT_FAILURE);
}
/* Check if the value is a string or zero */
if (user_number_of_repetitions == 0) {
fprintf(stderr, "Error ... Invalid value for option '-n'.\n");
exit(EXIT_FAILURE);
}
/* Check if the value is too large */
if (user_number_of_repetitions > MAX_NUMBER_OF_REPETITIONS) {
fprintf(stderr, "Error ... Value for option '-n' cannot be "
"more than %d.\n", MAX_NUMBER_OF_REPETITIONS);
exit(EXIT_FAILURE);
}
number_of_repetitions = user_number_of_repetitions;
} else {
exit(EXIT_FAILURE);
}
}
/* Create an array of strings with random content */
srand(1);
for (size_t i = 0; i < NUMBER_OF_RANDOM_STRINGS; i++) {
gen_random_string(random_strings[i].chars, MAX_STRING_LENGHT);
}
/* Perform uppercasing of a set of random strings multiple times */
for (size_t j = 0; j < number_of_repetitions; j++) {
/* Copy initial set of random strings to the set to be uppercased */
memcpy(strings_to_be_uppercased, random_strings,
NUMBER_OF_RANDOM_STRINGS * (MAX_STRING_LENGHT + 1));
/* Do actual changing case to uppercase */
for (size_t i = 0; i < NUMBER_OF_RANDOM_STRINGS; i++) {
int k = 0;
while (strings_to_be_uppercased[i].chars[k]) {
char ch = strings_to_be_uppercased[i].chars[k] - 32;
memcpy(
[Bug 1880225] Re: Emulation of some arm programs fail with "Assertion `have_guest_base' failed."
Using bisection, it can be deduced that this behavior appears to be
caused by this commit:
commit ee94743034bfb443cf246eda4971bdc15d8ee066 (HEAD)
Author: Alex Bennée
Date: Wed May 13 18:51:28 2020 +0100
linux-user: completely re-write init_guest_space
First we ensure all guest space initialisation logic comes through
probe_guest_base once we understand the nature of the binary we are
loading. The convoluted init_guest_space routine is removed and
replaced with a number of pgb_* helpers which are called depending on
what requirements we have when loading the binary.
We first try to do what is requested by the host. Failing that we try
and satisfy the guest requested base address. If all those options
fail we fall back to finding a space in the memory map using our
recently written read_self_maps() helper.
There are some additional complications we try and take into account
when looking for holes in the address space. We try not to go directly
after the system brk() space so there is space for a little growth. We
also don't want to have to use negative offsets which would result in
slightly less efficient code on x86 when it's unable to use the
segment offset register.
Less mind-binding gotos and hopefully clearer logic throughout.
Signed-off-by: Alex Bennée
Acked-by: Laurent Vivier
Message-Id: <20200513175134.19619-5-alex.ben...@linaro.org>
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1880225
Title:
Emulation of some arm programs fail with "Assertion `have_guest_base'
failed."
Status in QEMU:
New
Bug description:
This issue is observer with QEMU ToT, checked out around May 15th (but
I believe it is present in current master too), and wasn't present in
QEMU v5.0.0.
I am using 32-bit Intel(R) Pentium(R) M processor 1.73GHz host.
Arm cross-compiler is a standard cross-compiler that comes with
Debian-based distributions, and gcc version is:
$ arm-linux-gnueabi-gcc --version
arm-linux-gnueabi-gcc (Debian 8.3.0-2) 8.3.0
Compile this program with cross compiler:
$ arm-linux-gnueabi-gcc -O2 -static toupper_string.c -o
toupper_string-arm
Emulation with QEMU v5.0.0 is correct, and gives expected output:
$ ~/Build/qemu-5.0.0/build-gcc/arm-linux-user/qemu-arm ./toupper_string-arm
CONTROL RESULT: (toupper_string)
nwlrbbmqbhcdarz owkkyhiddqscdxr jmowfrxsjybldbe fsarcbynecdyggx
xpklorellnmpapq
NWLRBBMQBHCDARZ OWKKYHIDDQSCDXR JMOWFRXSJYBLDBE FSARCBYNECDYGGX
XPKLORELLNMPAPQ
While, in case of QEMU master it fails:
$ ~/Build/qemu-master/build-gcc/arm-linux-user/qemu-arm ./toupper_string-arm
qemu-arm: /home/rtrk/Build/qemu-master/linux-user/elfload.c:2294:
probe_guest_base: Assertion `have_guest_base' failed.
Aborted
There are many other programs that exibit the same behavior. The
failure is arm-sprecific.
-
source code: (let's call this file toupper_string.c) (similar file is
also in attachment)
#include
#include
#include
#include
#define MAX_STRING_LENGHT 15
#define NUMBER_OF_RANDOM_STRINGS 100
#define DEFAULT_NUMBER_OF_REPETITIONS 3
#define MAX_NUMBER_OF_REPETITIONS 10
#define NUMBER_OF_CONTROL_PRINT_ITEMS 5
/* Structure for keeping an array of strings */
struct StringStruct {
char chars[MAX_STRING_LENGHT + 1];
};
/**
* Sets characters of the given string to random small letters a-z.
* @param s String to get random characters.
* @len Length of the input string.
*/
static void gen_random_string(char *chars, const int len)
{
static const char letters[] = "abcdefghijklmnopqrstuvwxyz";
for (size_t i = 0; i < len; i++) {
chars[i] = letters[rand() % (sizeof(letters) - 1)];
}
chars[len] = 0;
}
void main (int argc, char* argv[])
{
struct StringStruct random_strings[NUMBER_OF_RANDOM_STRINGS];
struct StringStruct strings_to_be_uppercased[NUMBER_OF_RANDOM_STRINGS];
int32_t number_of_repetitions = DEFAULT_NUMBER_OF_REPETITIONS;
int32_t option;
/* Parse command line options */
while ((option = getopt(argc, argv, "n:")) != -1) {
if (option == 'n') {
int32_t user_number_of_repetitions = atoi(optarg);
/* Check if the value is a negative number */
if (user_number_of_repetitions < 1) {
fprintf(stderr, "Error ... Value for option '-n' cannot be a "
"negative number.\n");
exit(EXIT_FAILURE);
}
/* Check if the value is a string or zero */
if (user_number_of_repetitions == 0) {
fprintf(stderr, "Error ... Invalid value for option '-n'.\n");
Re: [PATCH v3 1/3] block/io: refactor coroutine wrappers
23.05.2020 00:33, Eric Blake wrote:
On 5/22/20 11:19 AM, Vladimir Sementsov-Ogievskiy wrote:
Most of coroutine wrappers already follow this notation:
s/of/of our/
s/notation/convention/
We have coroutine_fn bdrv_co_(), which
is the core functions, and wrapper, which does polling loope is called
bdrv_().
We have 'coroutine_fn bdrv_co_()' as the core function,
and a wrapper 'bdrv_()' which does a polling loop.
The only outsiders are bdrv_prwv_co and bdrv_common_block_status_above
s/are/are the/
wrappers. Let's refactor the to behave as the others, it simplifies
s/the/them/
further conversion of coroutine wrappers.
Signed-off-by: Vladimir Sementsov-Ogievskiy
---
block/io.c | 61 +-
1 file changed, 33 insertions(+), 28 deletions(-)
diff --git a/block/io.c b/block/io.c
index 121ce17a49..bd00a70b47 100644
--- a/block/io.c
+++ b/block/io.c
@@ -900,28 +900,32 @@ typedef struct RwCo {
BdrvRequestFlags flags;
} RwCo;
+static int coroutine_fn bdrv_co_prwv(BdrvChild *child, int64_t offset,
+ QEMUIOVector *qiov, bool is_write,
+ BdrvRequestFlags flags)
+{
+ if (is_write) {
+ return bdrv_co_pwritev(child, offset, qiov->size, qiov, flags);
+ } else {
+ return bdrv_co_preadv(child, offset, qiov->size, qiov, flags);
+ }
+}
+
If we're trying to avoid needless indirection, wouldn't it be simpler to quit
trying to slam reads and writes through a single prwv function that then has to
split back out, and instead make two separate coroutine wrappers, one for just
reads, and the other for just writes, without having to mess with a 'bool
is_write' parameter?
Yes, and it's simpler after the transformation than before. I even wanted to do
it but forget.. Will do as a follow-up, or with next version.
static void coroutine_fn bdrv_rw_co_entry(void *opaque)
{
That is, should we have bdrv_co_preadv_entry and bdrv_co_pwritev_entry instead
of just one bdrv_rw_co_entry?
At any rate, the renames done here are mechanical enough that if we make
further changes, it could be a separate commit.
Reviewed-by: Eric Blake
--
Best regards,
Vladimir
Re: [PATCH 18/19] target/arm: Fix tsan warning in cpu.c
On Fri, 22 May 2020 at 22:33, Robert Foley wrote: > On Fri, 22 May 2020 at 13:44, Peter Maydell wrote: > > Every target's has_work function seems to access > > cs->interrupt_request without using atomic_read() : > > why does Arm need to do something special here? > > > > More generally, the only place that currently > > uses atomic_read() on the interrupt_request field > > is cpu_handle_interrupt(), so if this field needs > > special precautions to access then a lot of code > > needs updating. > > TSan flagged this case as a potential data race. It does not mean > necessarily that there is an issue here, just that two threads were > accessing the data > without TSan detecting the synchronization. TSan gives a few options > to silence the > warning, such as changing the locking, making it atomic, or adding > various types > of annotations to tell TSan to ignore it. So in this case we had a > few options, such as > to change it to atomic or to simply annotate it and silence it. > > We started our TSan testing using arm, and have been working to iron out the > TSan warnings there, and there alone initially. Assuming that we are OK > with making this particular change, to silence the TSan warning, > then certainly it is a good point that we need to consider changing the > other places that access this field, since they will all see similar > TSan warnings. So is this: (a) a TSan false positive, because we've analysed the use of this struct field and know it's not a race because [details], but which we're choosing to silence in this way (b) an actual race for which the correct fix is to make the accesses atomic because [details] ? Either way, the important part is the analysis which fills in the "[details]" part, which should be in the commit message... thanks -- PMM
Re: [PATCH v2 5/9] target/arm: Convert Neon narrowing shifts with op==8 to decodetree
On Fri, 22 May 2020 at 15:55, Peter Maydell wrote: > > Convert the Neon narrowing shifts where op==8 to decodetree: > * VSHRN > * VRSHRN > * VQSHRUN > * VQRSHRUN > > Signed-off-by: Peter Maydell > --- > +// todo expand out the shift-narrow and the narrow-op Oops. I fixed this todo item but forgot to delete the comment. The code should be correct, though. -- PMM
Re: [PATCH v3 2/3] block: declare some coroutine functions in block/coroutines.h
On 5/22/20 11:19 AM, Vladimir Sementsov-Ogievskiy wrote: We are going to keep coroutine-wrappers code (structure-packing parameters, BDRV_POLL wrapper functions) in a separate auto-generated files. So, we'll need a header with declaration of original _co_ functions, for those which are static now. As well, we'll need declarations for wrapper functions. Do these declarations now, as a preparation step. Signed-off-by: Vladimir Sementsov-Ogievskiy --- block/coroutines.h | 43 +++ block.c| 8 block/io.c | 34 +- 3 files changed, 64 insertions(+), 21 deletions(-) create mode 100644 block/coroutines.h diff --git a/block/coroutines.h b/block/coroutines.h new file mode 100644 index 00..23ea6fd5b3 --- /dev/null +++ b/block/coroutines.h @@ -0,0 +1,43 @@ +#ifndef BLOCK_COROUTINES_INT_H +#define BLOCK_COROUTINES_INT_H Should have a copyright header. Otherwise makes sense. -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3226 Virtualization: qemu.org | libvirt.org
Re: [PATCH 18/19] target/arm: Fix tsan warning in cpu.c
On Fri, 22 May 2020 at 13:44, Peter Maydell wrote: > > On Fri, 22 May 2020 at 17:15, Robert Foley wrote: > > > > For example: > > WARNING: ThreadSanitizer: data race (pid=11134) > > Atomic write of size 4 at 0x7bbce0ac by main thread (mutexes: write > > M875): > > #0 __tsan_atomic32_store (qemu-system-aarch64+0x394d84) > > #1 cpu_reset_interrupt hw/core/cpu.c:107:5 > > (qemu-system-aarch64+0x842f90) > > #2 arm_cpu_set_irq target/arm/cpu.c (qemu-system-aarch64+0x615a55) > > > > Previous read of size 4 at 0x7bbce0ac by thread T7: > > #0 arm_cpu_has_work target/arm/cpu.c:78:16 > > (qemu-system-aarch64+0x6178ba) > > #1 cpu_has_work include/hw/core/cpu.h:700:12 > > (qemu-system-aarch64+0x68be2e) > > > > Cc: Peter Maydell > > Cc: Richard Henderson > > Signed-off-by: Robert Foley > > --- > > target/arm/cpu.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/target/arm/cpu.c b/target/arm/cpu.c > > index 32bec156f2..cdb90582ee 100644 > > --- a/target/arm/cpu.c > > +++ b/target/arm/cpu.c > > @@ -75,7 +75,7 @@ static bool arm_cpu_has_work(CPUState *cs) > > ARMCPU *cpu = ARM_CPU(cs); > > > > return (cpu->power_state != PSCI_OFF) > > -&& cs->interrupt_request & > > +&& atomic_read(&cs->interrupt_request) & > > (CPU_INTERRUPT_FIQ | CPU_INTERRUPT_HARD > > | CPU_INTERRUPT_VFIQ | CPU_INTERRUPT_VIRQ > > | CPU_INTERRUPT_EXITTB); > > Every target's has_work function seems to access > cs->interrupt_request without using atomic_read() : > why does Arm need to do something special here? > > More generally, the only place that currently > uses atomic_read() on the interrupt_request field > is cpu_handle_interrupt(), so if this field needs > special precautions to access then a lot of code > needs updating. TSan flagged this case as a potential data race. It does not mean necessarily that there is an issue here, just that two threads were accessing the data without TSan detecting the synchronization. TSan gives a few options to silence the warning, such as changing the locking, making it atomic, or adding various types of annotations to tell TSan to ignore it. So in this case we had a few options, such as to change it to atomic or to simply annotate it and silence it. We started our TSan testing using arm, and have been working to iron out the TSan warnings there, and there alone initially. Assuming that we are OK with making this particular change, to silence the TSan warning, then certainly it is a good point that we need to consider changing the other places that access this field, since they will all see similar TSan warnings. Of course if we are not OK with these changes to silence the TSan tool, that's OK too :). In that case we can certainly just add an annotation either in the code or via our suppressions/blacklist and leave the code functionally unchanged. Thanks & Regards, -Rob > > thanks > -- PMM
Re: [PATCH v3 1/3] block/io: refactor coroutine wrappers
On 5/22/20 11:19 AM, Vladimir Sementsov-Ogievskiy wrote:
Most of coroutine wrappers already follow this notation:
s/of/of our/
s/notation/convention/
We have coroutine_fn bdrv_co_(), which
is the core functions, and wrapper, which does polling loope is called
bdrv_().
We have 'coroutine_fn bdrv_co_()' as
the core function, and a wrapper 'bdrv_(list>)' which does a polling loop.
The only outsiders are bdrv_prwv_co and bdrv_common_block_status_above
s/are/are the/
wrappers. Let's refactor the to behave as the others, it simplifies
s/the/them/
further conversion of coroutine wrappers.
Signed-off-by: Vladimir Sementsov-Ogievskiy
---
block/io.c | 61 +-
1 file changed, 33 insertions(+), 28 deletions(-)
diff --git a/block/io.c b/block/io.c
index 121ce17a49..bd00a70b47 100644
--- a/block/io.c
+++ b/block/io.c
@@ -900,28 +900,32 @@ typedef struct RwCo {
BdrvRequestFlags flags;
} RwCo;
+static int coroutine_fn bdrv_co_prwv(BdrvChild *child, int64_t offset,
+ QEMUIOVector *qiov, bool is_write,
+ BdrvRequestFlags flags)
+{
+if (is_write) {
+return bdrv_co_pwritev(child, offset, qiov->size, qiov, flags);
+} else {
+return bdrv_co_preadv(child, offset, qiov->size, qiov, flags);
+}
+}
+
If we're trying to avoid needless indirection, wouldn't it be simpler to
quit trying to slam reads and writes through a single prwv function that
then has to split back out, and instead make two separate coroutine
wrappers, one for just reads, and the other for just writes, without
having to mess with a 'bool is_write' parameter?
static void coroutine_fn bdrv_rw_co_entry(void *opaque)
{
That is, should we have bdrv_co_preadv_entry and bdrv_co_pwritev_entry
instead of just one bdrv_rw_co_entry?
At any rate, the renames done here are mechanical enough that if we make
further changes, it could be a separate commit.
Reviewed-by: Eric Blake
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization: qemu.org | libvirt.org
Re: [PATCH v3 0/3] coroutines: generate wrapper code
Patchew URL: https://patchew.org/QEMU/20200522161950.2839-1-vsement...@virtuozzo.com/ Hi, This series failed the docker-mingw@fedora build test. Please find the testing commands and their output below. If you have Docker installed, you can probably reproduce it locally. === TEST SCRIPT BEGIN === #! /bin/bash export ARCH=x86_64 make docker-image-fedora V=1 NETWORK=1 time make docker-test-mingw@fedora J=14 NETWORK=1 === TEST SCRIPT END === /tmp/qemu-test/src/block/io.c:1025: undefined reference to `bdrv_flush' block/io.o: In function `bdrv_flush_all': /tmp/qemu-test/src/block/io.c:2170: undefined reference to `bdrv_flush' block/collect2: error: ld returned 1 exit status io.o: In function `bdrv_block_status_above': /tmp/qemu-test/src/block/io.c:2435: undefined reference to `bdrv_common_block_status_above' /tmp/qemu-test/src/block/io.c:2435: undefined reference to `bdrv_common_block_status_above' --- /tmp/qemu-test/src/block/io.c:2584: undefined reference to `bdrv_rw_vmstate' nbd/server.o: In function `nbd_export_new': /tmp/qemu-test/src/nbd/server.c:1504: undefined reference to `bdrv_invalidate_cache' collect2: error: ld returned 1 exit status make: *** [/tmp/qemu-test/src/rules.mak:124: qemu-io.exe] Error 1 make: *** Waiting for unfinished jobs make: *** [/tmp/qemu-test/src/rules.mak:124: qemu-img.exe] Error 1 GEN x86_64-softmmu/hmp-commands.h GEN x86_64-softmmu/hmp-commands-info.h GEN x86_64-softmmu/config-devices.h --- /tmp/qemu-test/src/block/io.c:2584: undefined reference to `bdrv_rw_vmstate' ../nbd/server.o: In function `nbd_export_new': /tmp/qemu-test/src/nbd/server.c:1504: undefined reference to `bdrv_invalidate_cache' collect2: error: ld returned 1 exit status make[1]: *** [Makefile:208: qemu-system-x86_64w.exe] Error 1 make: *** [Makefile:533: x86_64-softmmu/all] Error 2 LINKaarch64-softmmu/qemu-system-aarch64w.exe ../blockdev.o: In function `external_snapshot_prepare': /tmp/qemu-test/src/blockdev.c:1480: undefined reference to `bdrv_flush' --- /tmp/qemu-test/src/block/io.c:2584: undefined reference to `bdrv_rw_vmstate' ../nbd/server.o: In function `nbd_export_new': /tmp/qemu-test/src/nbd/server.c:1504: undefined reference to `bdrv_invalidate_cache' collect2: error: ld returned 1 exit status make[1]: *** [Makefile:208: qemu-system-aarch64w.exe] Error 1 make: *** [Makefile:533: aarch64-softmmu/all] Error 2 Traceback (most recent call last): File "./tests/docker/docker.py", line 664, in sys.exit(main()) --- raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command '['sudo', '-n', 'docker', 'run', '--label', 'com.qemu.instance.uuid=5a1f0334f43e44cea93b4f1fa85d7a08', '-u', '1003', '--security-opt', 'seccomp=unconfined', '--rm', '-e', 'TARGET_LIST=', '-e', 'EXTRA_CONFIGURE_OPTS=', '-e', 'V=', '-e', 'J=14', '-e', 'DEBUG=', '-e', 'SHOW_ENV=', '-e', 'CCACHE_DIR=/var/tmp/ccache', '-v', '/home/patchew2/.cache/qemu-docker-ccache:/var/tmp/ccache:z', '-v', '/var/tmp/patchew-tester-tmp-y0bd7no0/src/docker-src.2020-05-22-17.25.42.8055:/var/tmp/qemu:z,ro', 'qemu:fedora', '/var/tmp/qemu/run', 'test-mingw']' returned non-zero exit status 2. filter=--filter=label=com.qemu.instance.uuid=5a1f0334f43e44cea93b4f1fa85d7a08 make[1]: *** [docker-run] Error 1 make[1]: Leaving directory `/var/tmp/patchew-tester-tmp-y0bd7no0/src' make: *** [docker-run-test-mingw@fedora] Error 2 real4m15.085s user0m8.269s The full log is available at http://patchew.org/logs/20200522161950.2839-1-vsement...@virtuozzo.com/testing.docker-mingw@fedora/?type=message. --- Email generated automatically by Patchew [https://patchew.org/]. Please send your feedback to patchew-de...@redhat.com
Re: [PATCH v3 0/3] coroutines: generate wrapper code
Patchew URL: https://patchew.org/QEMU/20200522161950.2839-1-vsement...@virtuozzo.com/ Hi, This series failed the asan build test. Please find the testing commands and their output below. If you have Docker installed, you can probably reproduce it locally. === TEST SCRIPT BEGIN === #!/bin/bash export ARCH=x86_64 make docker-image-fedora V=1 NETWORK=1 time make docker-test-debug@fedora TARGET_LIST=x86_64-softmmu J=14 NETWORK=1 === TEST SCRIPT END === /tmp/qemu-test/src/nbd/server.c:1504: undefined reference to `bdrv_invalidate_cache' /usr/bin/ld: qemu-img.o: in function `collect_image_check': /tmp/qemu-test/src/qemu-img.c:695: undefined reference to `bdrv_check' clang-8: error: linker command failed with exit code 1 (use -v to see invocation) make: *** [/tmp/qemu-test/src/rules.mak:124: qemu-io] Error 1 make: *** Waiting for unfinished jobs /usr/bin/ld: CC x86_64-softmmu/accel/stubs/hax-stub.o block.o: in function `bdrv_reopen_prepare': --- /usr/bin/ld: block/vhdx-log.o: in function `vhdx_log_write_and_flush': /tmp/qemu-test/src/block/vhdx-log.c:1049: undefined reference to `bdrv_flush' /usr/bin/ld: /tmp/qemu-test/src/block/vhdx-log.c:1061: undefined reference to `bdrv_flush' clang-8: error: linker command failed with exit code 1 (use -v to see invocation) make: *** [/tmp/qemu-test/src/rules.mak:124: qemu-storage-daemon] Error 1 /usr/bin/ld: block/parallels.o: in function `parallels_close': /tmp/qemu-test/src/block/parallels.c:898: undefined reference to `bdrv_truncate' /usr/bin/ld: block/parallels.o: in function `parallels_co_check': --- /tmp/qemu-test/src/block/io.c:2584: undefined reference to `bdrv_rw_vmstate' /usr/bin/ld: nbd/server.o: in function `nbd_export_new': /tmp/qemu-test/src/nbd/server.c:1504: undefined reference to `bdrv_invalidate_cache' clang-8: error: linker command failed with exit code 1 (use -v to see invocation) make: *** [/tmp/qemu-test/src/rules.mak:124: qemu-nbd] Error 1 CC x86_64-softmmu/accel/tcg/tcg-runtime-gvec.o CC x86_64-softmmu/accel/tcg/cpu-exec.o clang-8: error: linker command failed with exit code 1 (use -v to see invocation) make: *** [/tmp/qemu-test/src/rules.mak:124: qemu-img] Error 1 CC x86_64-softmmu/accel/tcg/cpu-exec-common.o CC x86_64-softmmu/accel/tcg/translate-all.o CC x86_64-softmmu/accel/tcg/translator.o --- /tmp/qemu-test/src/block/io.c:2584: undefined reference to `bdrv_rw_vmstate' /usr/bin/ld: ../nbd/server.o: in function `nbd_export_new': /tmp/qemu-test/src/nbd/server.c:1504: undefined reference to `bdrv_invalidate_cache' clang-8: error: linker command failed with exit code 1 (use -v to see invocation) make[1]: *** [Makefile:208: qemu-system-x86_64] Error 1 make: *** [Makefile:533: x86_64-softmmu/all] Error 2 Traceback (most recent call last): File "./tests/docker/docker.py", line 664, in sys.exit(main()) --- raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command '['sudo', '-n', 'docker', 'run', '--label', 'com.qemu.instance.uuid=0ae44f45ff214aacb698f382c823422b', '-u', '1001', '--security-opt', 'seccomp=unconfined', '--rm', '-e', 'TARGET_LIST=x86_64-softmmu', '-e', 'EXTRA_CONFIGURE_OPTS=', '-e', 'V=', '-e', 'J=14', '-e', 'DEBUG=', '-e', 'SHOW_ENV=', '-e', 'CCACHE_DIR=/var/tmp/ccache', '-v', '/home/patchew/.cache/qemu-docker-ccache:/var/tmp/ccache:z', '-v', '/var/tmp/patchew-tester-tmp-dwg_9cv4/src/docker-src.2020-05-22-17.19.04.31012:/var/tmp/qemu:z,ro', 'qemu:fedora', '/var/tmp/qemu/run', 'test-debug']' returned non-zero exit status 2. filter=--filter=label=com.qemu.instance.uuid=0ae44f45ff214aacb698f382c823422b make[1]: *** [docker-run] Error 1 make[1]: Leaving directory `/var/tmp/patchew-tester-tmp-dwg_9cv4/src' make: *** [docker-run-test-debug@fedora] Error 2 real4m51.712s user0m9.298s The full log is available at http://patchew.org/logs/20200522161950.2839-1-vsement...@virtuozzo.com/testing.asan/?type=message. --- Email generated automatically by Patchew [https://patchew.org/]. Please send your feedback to patchew-de...@redhat.com
Re: [PATCH v3 0/3] coroutines: generate wrapper code
Patchew URL: https://patchew.org/QEMU/20200522161950.2839-1-vsement...@virtuozzo.com/ Hi, This series failed the docker-quick@centos7 build test. Please find the testing commands and their output below. If you have Docker installed, you can probably reproduce it locally. === TEST SCRIPT BEGIN === #!/bin/bash make docker-image-centos7 V=1 NETWORK=1 time make docker-test-quick@centos7 SHOW_ENV=1 J=14 NETWORK=1 === TEST SCRIPT END === block/vhdx-log.o: In function `vhdx_log_write_and_flush': /tmp/qemu-test/src/block/vhdx-log.c:1049: undefined reference to `bdrv_flush' /tmp/qemu-test/src/block/vhdx-log.c:1061: undefined reference to `bdrv_flush' collect2: error: ld returned 1 exit status make: *** [qemu-nbd] Error 1 make: *** Waiting for unfinished jobs block.o: In function `bdrv_invalidate_cache_all': /tmp/qemu-test/src/block.c:5697: undefined reference to `bdrv_invalidate_cache' --- block/vhdx-log.o: In function `vhdx_log_write_and_flush': /tmp/qemu-test/src/block/vhdx-log.c:1049: undefined reference to `bdrv_flush' /tmp/qemu-test/src/block/vhdx-log.c:1061: undefined reference to `bdrv_flush' collect2: error: ld returned 1 exit status make: *** [qemu-storage-daemon] Error 1 block.o: In function `bdrv_invalidate_cache_all': /tmp/qemu-test/src/block.c:5697: undefined reference to `bdrv_invalidate_cache' block.o: In function `bdrv_close': --- block/vhdx-log.o: In function `vhdx_log_write_and_flush': /tmp/qemu-test/src/block/vhdx-log.c:1049: undefined reference to `bdrv_flush' /tmp/qemu-test/src/block/vhdx-log.c:1061: undefined reference to `bdrv_flush' collect2: error: ld returned 1 exit status make: *** [qemu-io] Error 1 GEN x86_64-softmmu/config-target.h GEN x86_64-softmmu/hmp-commands.h GEN x86_64-softmmu/hmp-commands-info.h --- ../block/vhdx-log.o: In function `vhdx_log_write_and_flush': /tmp/qemu-test/src/block/vhdx-log.c:1049: undefined reference to `bdrv_flush' /tmp/qemu-test/src/block/vhdx-log.c:1061: undefined reference to `bdrv_flush' collect2: error: ld returned 1 exit status make[1]: *** [qemu-system-x86_64] Error 1 make: *** [x86_64-softmmu/all] Error 2 ../blockdev.o: In function `external_snapshot_prepare': /tmp/qemu-test/src/blockdev.c:1480: undefined reference to `bdrv_flush' ../block.o: In function `bdrv_invalidate_cache_all': --- ../block/vhdx-log.o: In function `vhdx_log_write_and_flush': /tmp/qemu-test/src/block/vhdx-log.c:1049: undefined reference to `bdrv_flush' /tmp/qemu-test/src/block/vhdx-log.c:1061: undefined reference to `bdrv_flush' collect2: error: ld returned 1 exit status make[1]: *** [qemu-system-aarch64] Error 1 make: *** [aarch64-softmmu/all] Error 2 Traceback (most recent call last): File "./tests/docker/docker.py", line 664, in sys.exit(main()) --- raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command '['sudo', '-n', 'docker', 'run', '--label', 'com.qemu.instance.uuid=4d6dd8af9e3d41618b3eefc6134b03c2', '-u', '1001', '--security-opt', 'seccomp=unconfined', '--rm', '-e', 'TARGET_LIST=', '-e', 'EXTRA_CONFIGURE_OPTS=', '-e', 'V=', '-e', 'J=14', '-e', 'DEBUG=', '-e', 'SHOW_ENV=1', '-e', 'CCACHE_DIR=/var/tmp/ccache', '-v', '/home/patchew/.cache/qemu-docker-ccache:/var/tmp/ccache:z', '-v', '/var/tmp/patchew-tester-tmp-fojaep43/src/docker-src.2020-05-22-17.15.05.18871:/var/tmp/qemu:z,ro', 'qemu:centos7', '/var/tmp/qemu/run', 'test-quick']' returned non-zero exit status 2. filter=--filter=label=com.qemu.instance.uuid=4d6dd8af9e3d41618b3eefc6134b03c2 make[1]: *** [docker-run] Error 1 make[1]: Leaving directory `/var/tmp/patchew-tester-tmp-fojaep43/src' make: *** [docker-run-test-quick@centos7] Error 2 real3m17.180s user0m8.686s The full log is available at http://patchew.org/logs/20200522161950.2839-1-vsement...@virtuozzo.com/testing.docker-quick@centos7/?type=message. --- Email generated automatically by Patchew [https://patchew.org/]. Please send your feedback to patchew-de...@redhat.com
Re: [PATCH 00/19] Add Thread Sanitizer support to QEMU
Patchew URL: https://patchew.org/QEMU/20200522160755.886-1-robert.fo...@linaro.org/ Hi, This series seems to have some coding style problems. See output below for more information: Message-id: 20200522160755.886-1-robert.fo...@linaro.org Subject: [PATCH 00/19] Add Thread Sanitizer support to QEMU Type: series === TEST SCRIPT BEGIN === #!/bin/bash git rev-parse base > /dev/null || exit 0 git config --local diff.renamelimit 0 git config --local diff.renames True git config --local diff.algorithm histogram ./scripts/checkpatch.pl --mailback base.. === TEST SCRIPT END === Switched to a new branch 'test' 1737663 docs: Added details on TSan to testing.rst 82aa460 target/arm: Fix tsan warning in cpu.c 4a3bd5a util: Added tsan annotate for thread name. f2614bb util: fixed tsan warnings in thread_pool.c 56529c7 qht: Fix tsan warnings. 128f63c util/async: Fixed tsan warnings f86c38c accel/tcg: Fixed tsan warnings. 0d7ee16 configure: added tsan support for blacklist. cfb2d34 accel/tcg: Fixed tsan warnings related to parallel_cpus 1ef1ed2 include/qemu: Added tsan.h for annotations. bd287e9 tests/docker: Added docker build support for TSan. 6baf0d3 thread: add tsan annotations to QemuSpin bbf88d9 translate-all: call qemu_spin_destroy for PageDesc 5f0a213 tcg: call qemu_spin_destroy for tb->jmp_lock fb19649 qht: call qemu_spin_destroy for head buckets 688ca64 cputlb: destroy CPUTLB with tlb_destroy be8d1f8 thread: add qemu_spin_destroy 2a326b6 cpu: convert queued work to a QSIMPLEQ 7fb7830 configure: add --enable-tsan flag + fiber annotations for coroutine-ucontext === OUTPUT BEGIN === 1/19 Checking commit 7fb7830797be (configure: add --enable-tsan flag + fiber annotations for coroutine-ucontext) 2/19 Checking commit 2a326b6f7215 (cpu: convert queued work to a QSIMPLEQ) 3/19 Checking commit be8d1f8ff517 (thread: add qemu_spin_destroy) 4/19 Checking commit 688ca64764bf (cputlb: destroy CPUTLB with tlb_destroy) 5/19 Checking commit fb19649f7025 (qht: call qemu_spin_destroy for head buckets) 6/19 Checking commit 5f0a21365e6e (tcg: call qemu_spin_destroy for tb->jmp_lock) 7/19 Checking commit bbf88d92575a (translate-all: call qemu_spin_destroy for PageDesc) 8/19 Checking commit 6baf0d37cfdf (thread: add tsan annotations to QemuSpin) 9/19 Checking commit bd287e96cf4a (tests/docker: Added docker build support for TSan.) WARNING: added, moved or deleted file(s), does MAINTAINERS need updating? #74: new file mode 100644 total: 0 errors, 1 warnings, 118 lines checked Patch 9/19 has style problems, please review. If any of these errors are false positives report them to the maintainer, see CHECKPATCH in MAINTAINERS. 10/19 Checking commit 1ef1ed22be4b (include/qemu: Added tsan.h for annotations.) WARNING: added, moved or deleted file(s), does MAINTAINERS need updating? #18: new file mode 100644 total: 0 errors, 1 warnings, 48 lines checked Patch 10/19 has style problems, please review. If any of these errors are false positives report them to the maintainer, see CHECKPATCH in MAINTAINERS. 11/19 Checking commit cfb2d343b6ed (accel/tcg: Fixed tsan warnings related to parallel_cpus) 12/19 Checking commit 0d7ee16ffe83 (configure: added tsan support for blacklist.) WARNING: added, moved or deleted file(s), does MAINTAINERS need updating? #28: new file mode 100644 total: 0 errors, 1 warnings, 14 lines checked Patch 12/19 has style problems, please review. If any of these errors are false positives report them to the maintainer, see CHECKPATCH in MAINTAINERS. 13/19 Checking commit f86c38c6aa87 (accel/tcg: Fixed tsan warnings.) 14/19 Checking commit 128f63c37b76 (util/async: Fixed tsan warnings) 15/19 Checking commit 56529c7ff837 (qht: Fix tsan warnings.) 16/19 Checking commit f2614bbafdb4 (util: fixed tsan warnings in thread_pool.c) 17/19 Checking commit 4a3bd5a64414 (util: Added tsan annotate for thread name.) 18/19 Checking commit 82aa460722b3 (target/arm: Fix tsan warning in cpu.c) 19/19 Checking commit 17376630a146 (docs: Added details on TSan to testing.rst) ERROR: trailing whitespace #34: FILE: docs/devel/testing.rst:413: + $ ERROR: trailing whitespace #40: FILE: docs/devel/testing.rst:419: +the files with TSan warnings. $ total: 2 errors, 0 warnings, 78 lines checked Patch 19/19 has style problems, please review. If any of these errors are false positives report them to the maintainer, see CHECKPATCH in MAINTAINERS. === OUTPUT END === Test command exited with code: 1 The full log is available at http://patchew.org/logs/20200522160755.886-1-robert.fo...@linaro.org/testing.checkpatch/?type=message. --- Email generated automatically by Patchew [https://patchew.org/]. Please send your feedback to patchew-de...@redhat.com
Re: [PATCH v2 1/1] virtio-ccw: auto-manage VIRTIO_F_IOMMU_PLATFORM if PV
On Wed, 20 May 2020 12:23:24 -0400
"Michael S. Tsirkin" wrote:
> On Fri, May 15, 2020 at 12:11:55AM +0200, Halil Pasic wrote:
> > The virtio specification tells that the device is to present
> > VIRTIO_F_ACCESS_PLATFORM (a.k.a. VIRTIO_F_IOMMU_PLATFORM) when the
> > device "can only access certain memory addresses with said access
> > specified and/or granted by the platform". This is the case for a
> > protected VMs, as the device can access only memory addresses that are
> > in pages that are currently shared (only the guest can share/unsare its
> > pages).
> >
> > No VM, however, starts out as a protected VM, but some VMs may be
> > converted to protected VMs if the guest decides so.
> >
> > Making the end user explicitly manage the VIRTIO_F_ACCESS_PLATFORM via
> > the property iommu_on is a minor disaster. Since the correctness of the
> > paravirtualized virtio devices depends (and thus in a sense the
> > correctness of the hypervisor) it, then the hypervisor should have the
> > last word about whether VIRTIO_F_ACCESS_PLATFORM is to be presented or
> > not.
>
> So, how about this: switch iommu to on/off/auto.
Many thanks for the reveiw, and sorry about the delay on my side. We
have holidays here in Germany and I was not motivated enough up until
now to check on my mails.
I've actually played with the thought of switching iommu_platform to
'on/off/auto', but I didn't find an easy way to do it. I will look
again. This would be the first property of this kind in QEMU, or?
The 'on/off/auto' would be certainly much cleaner form user-interface
perspective. The downsides are that it is more invasive, and more
complicated. I'm afraid that it would also leave more possibilities for
user error.
> Add a property with a
> reasonable name "allow protected"? If set allow switch to protected
> memory and also set iommu auto to on by default. If not set then don't.
>
I think we have "allow protected" already expressed via cpu models. I'm
also not sure how libvirt would react to the idea of a new machine
property for this. You did mean "allow protected" as machine property,
or?
AFAIU "allow protected" would be required for the !PV to PV switch, and
we would have to reject paravirtualized devices with iommu_platform='off'
on VM construction or hotplug (iommu_platform='auto/on' would be fine).
Could you please confirm that I understood this correctly?
> This will come handy for other things like migrating to hosts without
> protected memory support.
>
This is already covered by cpu model AFAIK.
>
> Also, virtio now calls this PLATFORM_ACCESS, maybe we should rename
> the property (keeping old one around for compat)?
You mean the like rename 'iommu_platform' to 'platform_access'? I like
the idea, but I'm not sure libvirt will like it as well. Boris any
opinions?
> I feel this will address lots of complaints ...
>
> > Currently presenting a PV guest with a (paravirtualized) virtio-ccw
> > device has catastrophic consequences for the VM (after the hypervisors
> > access to protected memory). This is especially grave in case of device
> > hotplug (because in this case the guest is more likely to be in the
> > middle of something important).
> >
> > Let us manage the VIRTIO_F_ACCESS_PLATFORM virtio feature automatically
> > for virtio-ccw devices, i.e. force it before we start the protected VM.
> > If the VM should cease to be protected, the original value is restored.
> >
> > Signed-off-by: Halil Pasic
>
>
> I don't really understand things fully but it looks like you are
> changing features of a device. If so this bothers me, resets
> happen at random times while driver is active, and we never
> expect features to change.
>
Changing the device features is IMHO all right because the features can
change only immediately after a system reset and before the first vCPU
is run. That is ensured by two facts.
First, the feature can only change when ms->pv changes. That is on the
first reset after the VM entered or left the "protected virtualization"
mode of operation. And that switch requires a system reset. Because the
PV switch is initiated by the guest, and the guest is rebooted as a
consequence, the guest will never observe the change in features.
By the way, when switching between PV and !PV the features of the
cpu (model) also change.
Second, virtio_ccw_reset() -- the function that is modified -- does
not get called on a reset that is initiated via the transport. We have
virtio_ccw_reset_virtio() for that.
[..]
> > VirtIOCCWDeviceClass *vdc = VIRTIO_CCW_DEVICE_GET_CLASS(dev);
> > +S390CcwMachineState *ms = S390_CCW_MACHINE(qdev_get_machine());
> > +
> > +/*
> > + * An attempt to use a paravirt device without
> > VIRTIO_F_IOMMU_PLATFORM
> > + * in PV, has catastrophic consequences for the VM. Let's force
> > + * VIRTIO_F_IOMMU_PLATFORM not already specified.
> > + */
> > +if (ms->pv && !virtio_host_has_feature(vdev,
> > VIRTIO_F_IOMMU_PLATFORM)) {
> > +
Re: [PATCH v7 12/12] tests/vm: Add workaround to consume console
On Fri, 22 May 2020 at 12:31, Alex Bennée wrote:
>
>
> Robert Foley writes:
>
> I think you need to look at adding:
>
> [sendemail]
> cccmd = scripts/get_maintainer.pl --nogit-fallback
>
> to your .git/config to ensure maintainers get pinged when you touch
> their subsystems. Eduardo and Cleber CC'd
Thanks for pointing this out! We will definitely add it and use it.
> > The ConsoleSocket object provides a socket interface
> > which will consume all arriving characters on the
> > socket, but will provide those chars via recv() as
> > would a regular socket.
> > This is a workaround we found was needed since
> > there is a known issue where QEMU will hang waiting
> > for console characters to be consumed.
> > We also add the option of logging the console to a file.
> >
> > Signed-off-by: Robert Foley
> > Reviewed-by: Peter Puhov
> > ---
> > python/qemu/console_socket.py | 162 ++
> > python/qemu/machine.py| 23 -
> > tests/vm/Makefile.include | 4 +
> > tests/vm/basevm.py| 19 +++-
> > 4 files changed, 202 insertions(+), 6 deletions(-)
> > create mode 100644 python/qemu/console_socket.py
> >
> > diff --git a/python/qemu/console_socket.py b/python/qemu/console_socket.py
> > +import traceback
>
> Left over debug?
This is getting used here in a try except in handle_read, to display
the exception information.
> > +def handle_read(self):
> > +"""process arriving characters into in memory _buffer"""
> > +try:
> > +data = asyncore.dispatcher.recv(self, 1)
> > +# latin1 is needed since there are some chars
> > +# we are receiving that cannot be encoded to utf-8
> > +# such as 0xe2, 0x80, 0xA6.
> > +string = data.decode("latin1")
> > +except:
> > +print("Exception seen.")
> > +traceback.print_exc()
> > +return
> > +if self._logfile:
> > +self._logfile.write("{}".format(string))
> > +self._logfile.flush()
> > +for c in string:
> > +self._buffer.append(c)
> > +if __name__ == '__main__':
>
> If the module is meant to be executable then you need to +x the file.
> However since 8f8fd9edba I think everything is meant to be doing things
> the pythonic way as a proper module. I'm not sure where unit tests for
> the modules are meant to sit in this case.
That is a good point. I see the other modules at this level do not have
tests like this, so I am going to remove this for now, as I think it adds
limited value at this point.
>
> > +# Brief test to exercise the above code.
> > +# The ConsoleSocket will ship some data to the server,
> > +# the server will echo it back and the client will echo what it
> > received.
> > +
> > +# First remove the socket.
> > +address = "./test_console_socket"
> > +if os.path.exists(address):
> > +os.unlink(address)
> > +
> > +# Create the server side.
> > +server_socket = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
> > +server_socket.bind(address)
> > +server_socket.listen(1)
> > +
> > +# Create the object we are trying to test.
> > +console_socket = ConsoleSocket(address, file="./logfile.txt")
> > +
> > +# Generate some data and ship it over the socket.
> > +send_data = ""
> > +for i in range(10):
> > +send_data += "this is a test message {}\n".format(i)
> > +console_socket.send(send_data.encode('latin1'))
> > +connection, client_address = server_socket.accept()
> > +
> > +# Process the data on the server and ship it back.
> > +data = connection.recv(len(send_data))
> > +print("server received: {}".format(data))
> > +print("server: sending data back to the client")
> > +connection.sendall(data)
> > +
> > +# Client receives teh bytes and displays them.
>
> s/teh/the/
>
> > +print("client: receiving bytes")
> > +bytes = console_socket.recv(len(data))
> > +recv_data = bytes.decode('latin1')
> > +print("client received: {}".format(recv_data))
> > +assert(recv_data == send_data)
> > +# Close console connection first, then close server.
> > +console_socket.close()
> > +connection.close()
> > +server_socket.close()
> > +print("test successful.")
> > +
>
> I think in this case it might be worth splitting introducing the
> functionally into the python library from the actual usage of it in the
> wider machines.
OK, I'll split this out into a separate patch.
Thanks & Regards,
-Rob
>
> Otherwise it seems to work well enough for me. I'd like the proper
> python gurus to have a look over it though.
>
> Acked-by: Alex Bennée
>
> --
> Alex Bennée
Re: Fwd: simple qemu command not working
On 5/22/20 4:32 AM, haris iqbal wrote: > Hi, > > I am having some trouble with spinning up a VM using qemu. The > description is below. Can someone please point me in the right > direction? > > -- > > Regards > -Haris > > > -- Forwarded message - > From: haris iqbal > Date: Wed, May 20, 2020 at 5:10 PM > Subject: simple qemu command not working > To: > Cc: Danil Kipnis > > > Hi, > > I am trying to install ubuntu in one of the qcow2 images I have > created, using the below command > > sudo qemu-system-x86_64 -enable-kvm -nographic -smp 8 -m 8G -cpu > qemu64 -cdrom ubuntu-19.10-live-server-amd64.iso -boot d > ubuntu-19.10-live-server-amd64.qcow2 > > First it spits out a warning, and then just hangs at "Initializing gfx > code...". > > qemu-system-x86_64: warning: host doesn't support requested > feature: CPUID.8001H:ECX.svm [bit 2] > qemu-system-x86_64: warning: host doesn't support requested > feature: CPUID.8001H:ECX.svm [bit 2] > qemu-system-x86_64: warning: host doesn't support requested > feature: CPUID.8001H:ECX.svm [bit 2] > qemu-system-x86_64: warning: host doesn't support requested > feature: CPUID.8001H:ECX.svm [bit 2] > qemu-system-x86_64: warning: host doesn't support requested > feature: CPUID.8001H:ECX.svm [bit 2] > qemu-system-x86_64: warning: host doesn't support requested > feature: CPUID.8001H:ECX.svm [bit 2] > qemu-system-x86_64: warning: host doesn't support requested > feature: CPUID.8001H:ECX.svm [bit 2] > qemu-system-x86_64: warning: host doesn't support requested > feature: CPUID.8001H:ECX.svm [bit 2] > SeaBIOS (version 1.13.0-1ubuntu1) > > > iPXE (http://ipxe.org) 00:03.0 CA00 PCI2.10 PnP PMM+BFF8C9F0+BFECC9F0 CA00 > > > > Booting from DVD/CD... > > ISOLINUX 6.04 20190226 ETCD Copyright (C) 1994-2015 H. Peter Anvin et al > Loading bootlogo... > > Initializing gfx code... > > I have searched a lot and got a number of solutions and possible > problems but none worked. > > 1) Have tried with Ubuntu 20 also, but same error. > > 2) VT-x not enabled. > > It is enabled, `lscpu` shows > > Virtualization: VT-x > Hypervisor vendor: KVM > Flags: .. vmx .. > > 3) Tried with `-cpu qemu64`. Did not work > > 4) used `qemu-system-i386` instead of `qemu-system-x86_64`. But that > fails with a different error > > This kernel requires an x86-64 CPU, but only detected an i686 CPU. > Unable to boot - please use a kernel appropriate for your CPU. > > 5) I have asked the same question online, but no answers. > https://stackoverflow.com/questions/61864520/qemu-installating-ubuntu-through-iso-gets-stuck-shows-svm-cpu-bit-warning > > 6) Have tried without the -nographics option, same story. > > 7) I did find out that the "SVM" CPU bit corresponds to "AMD Secure > Virtual Machine", which confused me since my CPU is Haswell. > > The host system on which I am running this command is an ubuntu. > I have tried this on 2 separate ubuntu machines, one running on > virtualbox as a VM with host OS windows 10. > The other also running on a virtualized hypervisor (not sure which > one), as a VM. > So *both* the Ubuntu machines you've tried to run QEMU on are themselves virtual machines? You'll need to go all the way down to the baremetal level and enable nested KVM if that's your goal. For a HyperV root, I think there are similar steps you need to take to enable KVM inside a guest. For VirtualBox, I have no idea.
Re: [PATCH v3] spapr: Add a new level of NUMA for GPUs
On Fri, May 22, 2020 at 02:53:33PM -0500, Reza Arbab wrote:
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -889,10 +889,16 @@ static int spapr_dt_rng(void *fdt)
static void spapr_dt_rtas(SpaprMachineState *spapr, void *fdt)
{
MachineState *ms = MACHINE(spapr);
+SpaprMachineClass *smc = SPAPR_MACHINE_GET_CLASS(ms);
int rtas;
GString *hypertas = g_string_sized_new(256);
GString *qemu_hypertas = g_string_sized_new(256);
-uint32_t refpoints[] = { cpu_to_be32(0x4), cpu_to_be32(0x4) };
+uint32_t refpoints[] = {
+cpu_to_be32(0x4),
+cpu_to_be32(0x4),
+cpu_to_be32(0x2),
+};
+uint32_t nr_refpoints = 3;
Gah, I soon as I hit send I realize this should be
uint32_t nr_refpoints = ARRAY_SIZE(refpoints);
Can you fixup or should I send a v4?
--
Reza Arbab
[PATCH v3] spapr: Add a new level of NUMA for GPUs
NUMA nodes corresponding to GPU memory currently have the same
affinity/distance as normal memory nodes. Add a third NUMA associativity
reference point enabling us to give GPU nodes more distance.
This is guest visible information, which shouldn't change under a
running guest across migration between different qemu versions, so make
the change effective only in new (pseries > 5.0) machine types.
Before, `numactl -H` output in a guest with 4 GPUs (nodes 2-5):
node distances:
node 0 1 2 3 4 5
0: 10 40 40 40 40 40
1: 40 10 40 40 40 40
2: 40 40 10 40 40 40
3: 40 40 40 10 40 40
4: 40 40 40 40 10 40
5: 40 40 40 40 40 10
After:
node distances:
node 0 1 2 3 4 5
0: 10 40 80 80 80 80
1: 40 10 80 80 80 80
2: 80 80 10 80 80 80
3: 80 80 80 10 80 80
4: 80 80 80 80 10 80
5: 80 80 80 80 80 10
These are the same distances as on the host, mirroring the change made
to host firmware in skiboot commit f845a648b8cb ("numa/associativity:
Add a new level of NUMA for GPU's").
Signed-off-by: Reza Arbab
---
v3:
* Squash into one patch
* Add PHB compat property
---
hw/ppc/spapr.c | 21 +++--
hw/ppc/spapr_pci.c | 2 ++
hw/ppc/spapr_pci_nvlink2.c | 7 ++-
include/hw/pci-host/spapr.h | 1 +
include/hw/ppc/spapr.h | 1 +
5 files changed, 29 insertions(+), 3 deletions(-)
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index c18eab0a2305..7c304b6c389d 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -889,10 +889,16 @@ static int spapr_dt_rng(void *fdt)
static void spapr_dt_rtas(SpaprMachineState *spapr, void *fdt)
{
MachineState *ms = MACHINE(spapr);
+SpaprMachineClass *smc = SPAPR_MACHINE_GET_CLASS(ms);
int rtas;
GString *hypertas = g_string_sized_new(256);
GString *qemu_hypertas = g_string_sized_new(256);
-uint32_t refpoints[] = { cpu_to_be32(0x4), cpu_to_be32(0x4) };
+uint32_t refpoints[] = {
+cpu_to_be32(0x4),
+cpu_to_be32(0x4),
+cpu_to_be32(0x2),
+};
+uint32_t nr_refpoints = 3;
uint64_t max_device_addr = MACHINE(spapr)->device_memory->base +
memory_region_size(&MACHINE(spapr)->device_memory->mr);
uint32_t lrdr_capacity[] = {
@@ -944,8 +950,12 @@ static void spapr_dt_rtas(SpaprMachineState *spapr, void
*fdt)
qemu_hypertas->str, qemu_hypertas->len));
g_string_free(qemu_hypertas, TRUE);
+if (smc->pre_5_1_assoc_refpoints) {
+nr_refpoints = 2;
+}
+
_FDT(fdt_setprop(fdt, rtas, "ibm,associativity-reference-points",
- refpoints, sizeof(refpoints)));
+ refpoints, nr_refpoints * sizeof(refpoints[0])));
_FDT(fdt_setprop(fdt, rtas, "ibm,max-associativity-domains",
maxdomains, sizeof(maxdomains)));
@@ -4607,8 +4617,15 @@ DEFINE_SPAPR_MACHINE(5_1, "5.1", true);
*/
static void spapr_machine_5_0_class_options(MachineClass *mc)
{
+SpaprMachineClass *smc = SPAPR_MACHINE_CLASS(mc);
+static GlobalProperty compat[] = {
+{ TYPE_SPAPR_PCI_HOST_BRIDGE, "pre-5.1-associativity", "on" },
+};
+
spapr_machine_5_1_class_options(mc);
compat_props_add(mc->compat_props, hw_compat_5_0, hw_compat_5_0_len);
+compat_props_add(mc->compat_props, compat, G_N_ELEMENTS(compat));
+smc->pre_5_1_assoc_refpoints = true;
}
DEFINE_SPAPR_MACHINE(5_0, "5.0", false);
diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
index 61b84a392d65..bcdf1a25ae8b 100644
--- a/hw/ppc/spapr_pci.c
+++ b/hw/ppc/spapr_pci.c
@@ -2092,6 +2092,8 @@ static Property spapr_phb_properties[] = {
pcie_ecs, true),
DEFINE_PROP_UINT64("gpa", SpaprPhbState, nv2_gpa_win_addr, 0),
DEFINE_PROP_UINT64("atsd", SpaprPhbState, nv2_atsd_win_addr, 0),
+DEFINE_PROP_BOOL("pre-5.1-associativity", SpaprPhbState,
+ pre_5_1_assoc, false),
DEFINE_PROP_END_OF_LIST(),
};
diff --git a/hw/ppc/spapr_pci_nvlink2.c b/hw/ppc/spapr_pci_nvlink2.c
index 8332d5694e46..3394ac425eee 100644
--- a/hw/ppc/spapr_pci_nvlink2.c
+++ b/hw/ppc/spapr_pci_nvlink2.c
@@ -362,7 +362,7 @@ void spapr_phb_nvgpu_ram_populate_dt(SpaprPhbState *sphb,
void *fdt)
uint32_t associativity[] = {
cpu_to_be32(0x4),
SPAPR_GPU_NUMA_ID,
-SPAPR_GPU_NUMA_ID,
+cpu_to_be32(nvslot->numa_id),
SPAPR_GPU_NUMA_ID,
cpu_to_be32(nvslot->numa_id)
};
@@ -374,6 +374,11 @@ void spapr_phb_nvgpu_ram_populate_dt(SpaprPhbState *sphb,
void *fdt)
_FDT(off);
_FDT((fdt_setprop_string(fdt, off, "device_type", "memory")));
_FDT((fdt_setprop(fdt, off, "reg", mem_reg, sizeof(mem_reg;
+
+if (sphb->pre_5_1_assoc) {
+associativity[2] = SPAPR_GPU_NUMA_ID;
+}
+
_FDT((fdt_setprop(fdt, off, "ibm,associativity", associativity,
sizeof(
Re: [PATCH v7 10/12] tests/vm: Added a new script for centos.aarch64.
On Fri, 22 May 2020 at 11:59, Alex Bennée wrote: > > > Robert Foley writes: > > > centos.aarch64 creates a CentOS 8 image. > > Also added a new kickstart script used to build the centos.aarch64 image. > > > > Signed-off-by: Robert Foley > > Reviewed-by: Peter Puhov > > --- > > > --- /dev/null > > +++ b/tests/vm/centos.aarch64 > > @@ -0,0 +1,227 @@ > > +#!/usr/bin/env python3 > > +# > > +# Centos aarch64 image > > +# > > +# Copyright 2020 Linaro > > +# > > +# Authors: > > +# Robert Foley > > +# Originally based on ubuntu.aarch64 > > +# > > +# This code is licensed under the GPL version 2 or later. See > > +# the COPYING file in the top-level directory. > > +# > > + > > +import os > > +import sys > > +import subprocess > > +import basevm > > +import time > > +import traceback > > left over debug? This traceback is getting used as part of a try, except, here in wait_for_shutdown() to print out the exception info. Thanks & Regards, -Rob > > > > Otherwise: > > Reviewed-by: Alex Bennée > > -- > Alex Bennée
[Bug 1693649] Re: x86 pause misbehaves with -cpu haswell
Ok, thanks for checking again! So I'm closing this ticket now. ** Changed in: qemu Status: Incomplete => Fix Released -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1693649 Title: x86 pause misbehaves with -cpu haswell Status in QEMU: Fix Released Bug description: Using qemu-2.9.0 When booting NetBSD using '-cpu haswell -smp 4', the system fails to initialize the additional CPUs. It appears as though the "application processor" enters routine x86_pause() but never returns. x86_pause() is simply two assembler instructions: 'pause; ret;' Replacing the routine with 'nop; nop; ret;' allows the system to proceed, of course without the benefit of the pause instruction on spin-loops! Additionally, booting with '-cpu phenom -smp 4' also works, although the system does seem confused about the type of CPU being used. To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1693649/+subscriptions
[Bug 1880225] Re: Emulation of some arm programs fail with "Assertion `have_guest_base' failed."
** Tags added: testcase
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1880225
Title:
Emulation of some arm programs fail with "Assertion `have_guest_base'
failed."
Status in QEMU:
New
Bug description:
This issue is observer with QEMU ToT, checked out around May 15th (but
I believe it is present in current master too), and wasn't present in
QEMU v5.0.0.
I am using 32-bit Intel(R) Pentium(R) M processor 1.73GHz host.
Arm cross-compiler is a standard cross-compiler that comes with
Debian-based distributions, and gcc version is:
$ arm-linux-gnueabi-gcc --version
arm-linux-gnueabi-gcc (Debian 8.3.0-2) 8.3.0
Compile this program with cross compiler:
$ arm-linux-gnueabi-gcc -O2 -static toupper_string.c -o
toupper_string-arm
Emulation with QEMU v5.0.0 is correct, and gives expected output:
$ ~/Build/qemu-5.0.0/build-gcc/arm-linux-user/qemu-arm ./toupper_string-arm
CONTROL RESULT: (toupper_string)
nwlrbbmqbhcdarz owkkyhiddqscdxr jmowfrxsjybldbe fsarcbynecdyggx
xpklorellnmpapq
NWLRBBMQBHCDARZ OWKKYHIDDQSCDXR JMOWFRXSJYBLDBE FSARCBYNECDYGGX
XPKLORELLNMPAPQ
While, in case of QEMU master it fails:
$ ~/Build/qemu-master/build-gcc/arm-linux-user/qemu-arm ./toupper_string-arm
qemu-arm: /home/rtrk/Build/qemu-master/linux-user/elfload.c:2294:
probe_guest_base: Assertion `have_guest_base' failed.
Aborted
There are many other programs that exibit the same behavior. The
failure is arm-sprecific.
-
source code: (let's call this file toupper_string.c) (similar file is
also in attachment)
#include
#include
#include
#include
#define MAX_STRING_LENGHT 15
#define NUMBER_OF_RANDOM_STRINGS 100
#define DEFAULT_NUMBER_OF_REPETITIONS 3
#define MAX_NUMBER_OF_REPETITIONS 10
#define NUMBER_OF_CONTROL_PRINT_ITEMS 5
/* Structure for keeping an array of strings */
struct StringStruct {
char chars[MAX_STRING_LENGHT + 1];
};
/**
* Sets characters of the given string to random small letters a-z.
* @param s String to get random characters.
* @len Length of the input string.
*/
static void gen_random_string(char *chars, const int len)
{
static const char letters[] = "abcdefghijklmnopqrstuvwxyz";
for (size_t i = 0; i < len; i++) {
chars[i] = letters[rand() % (sizeof(letters) - 1)];
}
chars[len] = 0;
}
void main (int argc, char* argv[])
{
struct StringStruct random_strings[NUMBER_OF_RANDOM_STRINGS];
struct StringStruct strings_to_be_uppercased[NUMBER_OF_RANDOM_STRINGS];
int32_t number_of_repetitions = DEFAULT_NUMBER_OF_REPETITIONS;
int32_t option;
/* Parse command line options */
while ((option = getopt(argc, argv, "n:")) != -1) {
if (option == 'n') {
int32_t user_number_of_repetitions = atoi(optarg);
/* Check if the value is a negative number */
if (user_number_of_repetitions < 1) {
fprintf(stderr, "Error ... Value for option '-n' cannot be a "
"negative number.\n");
exit(EXIT_FAILURE);
}
/* Check if the value is a string or zero */
if (user_number_of_repetitions == 0) {
fprintf(stderr, "Error ... Invalid value for option '-n'.\n");
exit(EXIT_FAILURE);
}
/* Check if the value is too large */
if (user_number_of_repetitions > MAX_NUMBER_OF_REPETITIONS) {
fprintf(stderr, "Error ... Value for option '-n' cannot be "
"more than %d.\n", MAX_NUMBER_OF_REPETITIONS);
exit(EXIT_FAILURE);
}
number_of_repetitions = user_number_of_repetitions;
} else {
exit(EXIT_FAILURE);
}
}
/* Create an array of strings with random content */
srand(1);
for (size_t i = 0; i < NUMBER_OF_RANDOM_STRINGS; i++) {
gen_random_string(random_strings[i].chars, MAX_STRING_LENGHT);
}
/* Perform uppercasing of a set of random strings multiple times */
for (size_t j = 0; j < number_of_repetitions; j++) {
/* Copy initial set of random strings to the set to be uppercased */
memcpy(strings_to_be_uppercased, random_strings,
NUMBER_OF_RANDOM_STRINGS * (MAX_STRING_LENGHT + 1));
/* Do actual changing case to uppercase */
for (size_t i = 0; i < NUMBER_OF_RANDOM_STRINGS; i++) {
int k = 0;
while (strings_to_be_uppercased[i].chars[k]) {
char ch = strings_to_be_uppercased[i].chars[k] - 32;
memcpy((void *)strings_to_be_uppercased[i].chars + k,
Re: [PATCH v3 09/17] block/io: support int64_t bytes in bdrv_co_p{read,write}v_part()
On 4/30/20 6:10 AM, Vladimir Sementsov-Ogievskiy wrote:
We are generally moving to int64_t for both offset and bytes parameters
on all io paths.
Main motivation is realization of 64-bit write_zeroes operation for
fast zeroing large disk chunks, up to the whole disk.
We chose signed type, to be consistent with off_t (which is signed) and
with possibility for signed return type (where negative value means
error).
So, prepare bdrv_co_preadv_part() and bdrv_co_pwritev_part() and their
remaining dependencies now.
Series: 64bit-block-status
Signed-off-by: Vladimir Sementsov-Ogievskiy
---
include/block/block_int.h | 4 ++--
block/io.c| 16
block/trace-events| 4 ++--
3 files changed, 12 insertions(+), 12 deletions(-)
diff --git a/include/block/block_int.h b/include/block/block_int.h
index c8daba608b..3c2a1d741a 100644
--- a/include/block/block_int.h
+++ b/include/block/block_int.h
@@ -975,13 +975,13 @@ int coroutine_fn bdrv_co_preadv(BdrvChild *child,
int64_t offset, unsigned int bytes, QEMUIOVector *qiov,
BdrvRequestFlags flags);
int coroutine_fn bdrv_co_preadv_part(BdrvChild *child,
-int64_t offset, unsigned int bytes,
+int64_t offset, int64_t bytes,
QEMUIOVector *qiov, size_t qiov_offset, BdrvRequestFlags flags);
int coroutine_fn bdrv_co_pwritev(BdrvChild *child,
int64_t offset, unsigned int bytes, QEMUIOVector *qiov,
BdrvRequestFlags flags);
int coroutine_fn bdrv_co_pwritev_part(BdrvChild *child,
-int64_t offset, unsigned int bytes,
+int64_t offset, int64_t bytes,
QEMUIOVector *qiov, size_t qiov_offset, BdrvRequestFlags flags);
Callers for these two functions:
block-backend.c:blk_do_pwritev_part() - currently passes unsigned int
filter-compress.c:compress_co_preadv_part() - passes uint64_t from
.bdrv_co_preadv_part, which in turn is called from:
- io.c:bdrv_driver_preadv() - callers analyzed earlier this series,
where we know we are currently capped at <2G
- qcow2-cluster.c:do_perform_cow_read() - passes size_t qiov->size,
but we further know qcow2 cow is limited to cluster size of 2M
- qcow2.c:qcow2_load_vmstate() - passes size_t qiov->size, tracing
whether that ever exceeds 32 bits (on 64-bit platforms) is harder
filter-compress.c:compress_co_pwritev_part() - ditto, but for
.bdrv_co_pwritev_part, which in turn is called from:
- io.c:bdrv_driver_pwritev() - callers analyzed earlier this series,
where we know we are currently capped at <2G
- qcow2.c:qcow2_save_vmstate() - passes size_t qiov->size, tracing
whether that ever exceeds 32 bits (on 64-bit platforms) is harder
io.c:bdrv_co_preadv() - currently passes unsigned int
io.c:bdrv_co_pwritev() - currently passes unsigned int
qcow2.c:qcow2_co_preadv_task() - passes uint64_t from
qcow2_co_preadv_part(), which in turn is called from:
- .bdrv_co_preadv_part - analyzed above
qcow2.c:qcow2_co_pwritev_task() - passes uint64_t from
qcow2_co_pwritev_part(), which in turn is called from:
- .bdrv_co_pwritev_part - analyzed above
- qcow2_co_truncate() - passes uint64_t but it is clamped to 1
cluster, at most 2M
In summary, it looks like even with our new 64-bit bytes parameter, most
(all?) callers are still clamped to 32 bits. But if we later relax
callers, we want to see how bytes is used within these functions.
static inline int coroutine_fn bdrv_co_pread(BdrvChild *child,
diff --git a/block/io.c b/block/io.c
index d336e4e691..d7fd429345 100644
--- a/block/io.c
+++ b/block/io.c
@@ -1488,7 +1488,7 @@ static void bdrv_padding_destroy(BdrvRequestPadding *pad)
*/
static bool bdrv_pad_request(BlockDriverState *bs,
QEMUIOVector **qiov, size_t *qiov_offset,
- int64_t *offset, unsigned int *bytes,
+ int64_t *offset, int64_t *bytes,
BdrvRequestPadding *pad)
{
if (!bdrv_init_padding(bs, *offset, *bytes, pad)) {
Callers:
bdrv_do_preadv_part() - adjusted to int64_t in this patch
bdrv_do_pwritev_part() - adjusted to int64_t in this patch
Usage:
if (!bdrv_init_padding(bs, *offset, *bytes, pad)) {
- takes int64_t, but now has to be checked for 64-bit safety below
qemu_iovec_init_extended(&pad->local_qiov, pad->buf, pad->head,
*qiov, *qiov_offset, *bytes,
pad->buf + pad->buf_len - pad->tail,
pad->tail);
- takes size_t, risky on 32-bit platforms if any of our callers ever
pass in a value larger than 32 bits. I'd feel much better with an
assertion that bytes <= SIZE_MAX.
*bytes += pad->head + pad->tail;
- corner-case risk of overflow for an image near 63-bit limits (nbdkit
can generate such an image, but real images do not tickle this); the
risk can be mitigated if we insist that no images are larger than
QEMU_ALIGN_DOWN(INT64_MAX, request_alignment), as we would be unable to
access the unaligned tail bytes of such
Re: [PATCH v7 09/12] tests/vm: Added a new script for ubuntu.aarch64.
On Fri, 22 May 2020 at 11:34, Alex Bennée wrote:
>
>
> Robert Foley writes:
> >
> > +
> > +# efi-aarch64 probe
> > +# Check for efi files needed by aarch64 VMs.
> > +# By default we will use the efi included with QEMU.
> > +# Allow user to override the path for efi also.
> > +qemu_efi_aarch64=$PWD/pc-bios/edk2-aarch64-code.fd
>
> as you only define this once there is no harm in just having a long line
> bellow rather than running the potential confusion when looking at the
> variables.
OK, makes sense, will change to just go for the longer line.
> > +for fd in $efi_aarch64_arg $qemu_efi_aarch64
> > +do
> > +if test -f $fd; then
> > +efi_aarch64=$fd
> > +break
> > +fi
> > +done
>
> This only detects the pc-bios bundled version of edk on a directory
> which has already been built. Maybe we need to do a straight forward:
>
> if not test -f $efi_aarch64; then
> if test -f $SRC/pc-bios/edk2-aarch64-code.fd.bz2; then
> # valid after build
> efi_aarch64=$PWD/pc-bios/edk2-aarch64-code.fd
> else
> efi_aarch64=""
> fi
> fi
>
> what do you think?
I agree. The straight up if check is easier to read. Will change to this.
>
> > +
> > +def build_image(self, img):
> > +os_img = self._download_with_cache(self.image_link)
> > +img_tmp = img + ".tmp"
> > +subprocess.check_call(["cp", "-f", os_img, img_tmp])
> > +subprocess.check_call(["qemu-img", "resize", img_tmp, "+50G"])
> > +ci_img = self.gen_cloud_init_iso()
> > +
> > +self.boot(img_tmp, extra_args = ["-cdrom", ci_img])
> > +if self.debug:
> > +self.wait_boot()
> > +# First command we issue is fix for slow ssh login.
> > +self.wait_ssh(wait_root=True,
> > + cmd="chmod -x /etc/update-motd.d/*")
> > +# Wait for cloud init to finish
> > +self.wait_ssh(wait_root=True,
> > + cmd="ls /var/lib/cloud/instance/boot-finished")
> > +self.ssh_root("touch /etc/cloud/cloud-init.disabled")
> > +# Disable auto upgrades.
> > +# We want to keep the VM system state stable.
> > +self.ssh_root('sed -ie \'s/"1"/"0"/g\'
> > /etc/apt/apt.conf.d/20auto-upgrades')
> > +# If the user chooses *not* to do the second phase,
> > +# then we will jump right to the graceful shutdown
> > +if self._config['install_cmds'] != "":
> > +self.ssh_root("sync")
> > +# Shutdown and then boot it again.
> > +# Allows us to know for sure it is booting (not shutting down)
> > +# before we call wait_ssh().
> > +self.graceful_shutdown()
> > +self.boot(img_tmp)
> > +if self.debug:
> > +self.wait_boot()
> > +self.wait_ssh(wait_root=True)
> > +self.wait_ssh(wait_root=True, cmd="locale")
>
> Why do we need to shutdown before proceeding with the install commands?
> I see ubuntu.i386 does it as well although with a slightly hackier
> approach.
The reboot was carried over from the way i386 did things.
I have a guess as to why the reboot is there, it is just after the
install of cloud-initramfs-growroot, which does require a reboot.
So I assume that we wanted to grow the root, reboot, and then
begin installation of all the new packages.
However, at this point, it looks like even without installing that package,
(with i386 or aarch64) the root is growing to fill the new size of the image,
so it seems that package and the reboot is no longer needed.
Will plan to remove these as part of making build_image common
(discussed below).
> > +# The previous update sometimes doesn't survive a reboot, so
> > do it again
> > +self.ssh_root("sed -ie s/^#\ deb-src/deb-src/g
> > /etc/apt/sources.list")
> > +
> > +# Issue the install commands.
> > +# This can be overriden by the user in the config .yml.
> > +install_cmds = self._config['install_cmds'].split(',')
> > +for cmd in install_cmds:
> > +self.ssh_root(cmd)
> > +self.graceful_shutdown()
> > +self.wait()
> > +os.rename(img_tmp, img)
> > +return 0
>
> How come we are diverging from the ubuntu.i386 install here? You've
> moved all the complications for aarch64 into a it's own handling so
> these steps are almost but not quite the same. Couldn't the ubuntu
> build_img code be common and then just have a slightly different set of
> install commands?
I'm glad you brought this up. I was noticing the commonality here especially if
we wanted to add another architecture of Ubuntu VM.
For example, we brought up a ppc64 Ubuntu VM script the other day and it really
cried out for creating a common Ubuntu module here since most of the
code is the same.
As suggested, I will plan to create a common Ubuntu module here and share
t
Re: [PATCH 1/5] tests/libqos: mask out VIRTIO_F_RING_PACKED for now
> From: "Stefan Hajnoczi"
> Sent: Friday, May 22, 2020 7:17:22 PM
>
> The libqos VIRTIO code does not implement the packed virtqueue layout
> yet. Mask out the feature bit for now because tests have a habit of
> enabling all device feature
Sounds like we should rather fix these tests in the long run - they
should really only enable the bits that they support...
> bits and we don't want packed virtqueues to
> be enabled.
>
> Later patches will enable VIRTIO_F_RING_PACKED so prepare libqos now.
>
> Cc: Thomas Huth
> Signed-off-by: Stefan Hajnoczi
> ---
> tests/qtest/libqos/virtio.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/tests/qtest/libqos/virtio.c b/tests/qtest/libqos/virtio.c
> index 9aa360620c..1c3f4a0c8b 100644
> --- a/tests/qtest/libqos/virtio.c
> +++ b/tests/qtest/libqos/virtio.c
> @@ -96,7 +96,8 @@ uint64_t qvirtio_config_readq(QVirtioDevice *d, uint64_t
> addr)
>
> uint64_t qvirtio_get_features(QVirtioDevice *d)
> {
> -return d->bus->get_features(d);
> +/* qvirtio does not support packed virtqueues yet */
> +return d->bus->get_features(d) & ~(1ull << VIRTIO_F_RING_PACKED);
> }
... but as a temporary work-around, that should be fine, too.
(in case you respin, maybe add a TODO comment here, too, to remind us to fix
the tests later).
Acked-by: Thomas Huth
Re: [PATCH v2 0/9] target/arm: Convert 2-reg-shift and 1-reg-imm Neon insns to decodetree
Patchew URL: https://patchew.org/QEMU/20200522145520.6778-1-peter.mayd...@linaro.org/ Hi, This series seems to have some coding style problems. See output below for more information: Message-id: 20200522145520.6778-1-peter.mayd...@linaro.org Subject: [PATCH v2 0/9] target/arm: Convert 2-reg-shift and 1-reg-imm Neon insns to decodetree Type: series === TEST SCRIPT BEGIN === #!/bin/bash git rev-parse base > /dev/null || exit 0 git config --local diff.renamelimit 0 git config --local diff.renames True git config --local diff.algorithm histogram ./scripts/checkpatch.pl --mailback base.. === TEST SCRIPT END === Switched to a new branch 'test' bbfdb6d target/arm: Convert Neon one-register-and-immediate insns to decodetree e12ab4f target/arm: Convert VCVT fixed-point ops to decodetree e32ffd0 target/arm: Convert Neon VSHLL, VMOVL to decodetree 09f9294 target/arm: Convert Neon narrowing shifts with op==9 to decodetree 7235981 target/arm: Convert Neon narrowing shifts with op==8 to decodetree 1df57d5 target/arm: Convert VQSHLU, VQSHL 2-reg-shift insns to decodetree c2b6277 target/arm: Convert Neon VSRA, VSRI, VRSHR, VRSRA 2-reg-shift insns to decodetree f48b59c target/arm: Convert Neon VSHR 2-reg-shift insns to decodetree 2a2d74c target/arm: Convert Neon VSHL and VSLI 2-reg-shift insn to decodetree === OUTPUT BEGIN === 1/9 Checking commit 2a2d74c89bb5 (target/arm: Convert Neon VSHL and VSLI 2-reg-shift insn to decodetree) ERROR: spaces required around that '*' (ctx:WxV) #55: FILE: target/arm/translate-neon.inc.c:1314: +static bool do_vector_2sh(DisasContext *s, arg_2reg_shift *a, GVecGen2iFn *fn) ^ ERROR: spaces required around that '*' (ctx:WxV) #85: FILE: target/arm/translate-neon.inc.c:1344: +static bool trans_##INSN##_2sh(DisasContext *s, arg_2reg_shift *a) \ ^ total: 2 errors, 0 warnings, 99 lines checked Patch 1/9 has style problems, please review. If any of these errors are false positives report them to the maintainer, see CHECKPATCH in MAINTAINERS. 2/9 Checking commit f48b59c62b8a (target/arm: Convert Neon VSHR 2-reg-shift insns to decodetree) ERROR: spaces required around that '*' (ctx:WxV) #93: FILE: target/arm/translate-neon.inc.c:1370: +static bool trans_VSHR_S_2sh(DisasContext *s, arg_2reg_shift *a) ^ total: 1 errors, 0 warnings, 120 lines checked Patch 2/9 has style problems, please review. If any of these errors are false positives report them to the maintainer, see CHECKPATCH in MAINTAINERS. 3/9 Checking commit c2b6277a4e9c (target/arm: Convert Neon VSRA, VSRI, VRSHR, VRSRA 2-reg-shift insns to decodetree) 4/9 Checking commit 1df57d58e551 (target/arm: Convert VQSHLU, VQSHL 2-reg-shift insns to decodetree) 5/9 Checking commit 7235981fbe43 (target/arm: Convert Neon narrowing shifts with op==8 to decodetree) ERROR: do not use C99 // comments #170: FILE: target/arm/translate-neon.inc.c:1611: +// todo expand out the shift-narrow and the narrow-op total: 1 errors, 0 warnings, 214 lines checked Patch 5/9 has style problems, please review. If any of these errors are false positives report them to the maintainer, see CHECKPATCH in MAINTAINERS. 6/9 Checking commit 09f9294fe86a (target/arm: Convert Neon narrowing shifts with op==9 to decodetree) 7/9 Checking commit e32ffd0ffb35 (target/arm: Convert Neon VSHLL, VMOVL to decodetree) 8/9 Checking commit e12ab4f9bff6 (target/arm: Convert VCVT fixed-point ops to decodetree) 9/9 Checking commit bbfdb6dcc6d8 (target/arm: Convert Neon one-register-and-immediate insns to decodetree) === OUTPUT END === Test command exited with code: 1 The full log is available at http://patchew.org/logs/20200522145520.6778-1-peter.mayd...@linaro.org/testing.checkpatch/?type=message. --- Email generated automatically by Patchew [https://patchew.org/]. Please send your feedback to patchew-de...@redhat.com
Re: [Bug 1880225] [NEW] Emulation of some arm programs fail with "Assertion `have_guest_base' failed."
Aleksandar Markovic <1880...@bugs.launchpad.net> writes: > Public bug reported: > > This issue is observer with QEMU ToT, checked out around May 15th (but I > believe it is present in current master too), and wasn't present in QEMU > v5.0.0. > > I am using 32-bit Intel(R) Pentium(R) M processor 1.73GHz host. > > Arm cross-compiler is a standard cross-compiler that comes with Debian- > based distributions, and gcc version is: > > $ arm-linux-gnueabi-gcc --version > arm-linux-gnueabi-gcc (Debian 8.3.0-2) 8.3.0 > > Compile this program with cross compiler: > > $ arm-linux-gnueabi-gcc -O2 -static toupper_string.c -o toupper_string- > arm > > Emulation with QEMU v5.0.0 is correct, and gives expected output: > > $ ~/Build/qemu-5.0.0/build-gcc/arm-linux-user/qemu-arm ./toupper_string-arm > CONTROL RESULT: (toupper_string) > nwlrbbmqbhcdarz owkkyhiddqscdxr jmowfrxsjybldbe fsarcbynecdyggx > xpklorellnmpapq > NWLRBBMQBHCDARZ OWKKYHIDDQSCDXR JMOWFRXSJYBLDBE FSARCBYNECDYGGX > XPKLORELLNMPAPQ > > While, in case of QEMU master it fails: > > $ ~/Build/qemu-master/build-gcc/arm-linux-user/qemu-arm ./toupper_string-arm > qemu-arm: /home/rtrk/Build/qemu-master/linux-user/elfload.c:2294: > probe_guest_base: Assertion `have_guest_base' failed. > Aborted Works for me in our TCG tests on master: 20:15:43 [alex@zen:~/l/q/b/user.static] review/aarch64-vms-v7|… + ./arm-linux-user/qemu-arm ./tests/tcg/arm-linux-user/toupper CONTROL RESULT: (toupper_string) nwlrbbmqbhcdarz owkkyhiddqscdxr jmowfrxsjybldbe fsarcbynecdyggx xpklorellnmpapq NWLRBBMQBHCDARZ OWKKYHIDDQSCDXR JMOWFRXSJYBLDBE FSARCBYNECDYGGX XPKLORELLNMPAPQ I have submitted a fix to the list that affected programs that couldn't see /proc/self/maps but I guess that isn't the case here. -- Alex Bennée
Re: [PATCH v3 02/17] block: use int64_t as bytes type in tracked requests
On 4/30/20 6:10 AM, Vladimir Sementsov-Ogievskiy wrote:
We are generally moving to int64_t for both offset and bytes parameters
on all io paths.
Main motivation is realization of 64-bit write_zeroes operation for
fast zeroing large disk chunks, up to the whole disk.
We chose signed type, to be consistent with off_t (which is signed) and
with possibility for signed return type (where negative value means
error).
So, convert tracked requests now.
Series: 64bit-block-status
Signed-off-by: Vladimir Sementsov-Ogievskiy
Reviewed-by: Stefan Hajnoczi
Reviewed-by: Eric Blake
---
static void tracked_request_begin(BdrvTrackedRequest *req,
BlockDriverState *bs,
int64_t offset,
- uint64_t bytes,
+ int64_t bytes,
enum BdrvTrackedRequestType type)
{
-assert(bytes <= INT64_MAX && offset <= INT64_MAX - bytes);
+assert(offset >= 0 && bytes >= 0 &&
+ bytes <= INT64_MAX && offset <= INT64_MAX - bytes);
'bytes <= INT64_MAX' was previously a real runtime check, but is now a
tautology and therefore a dead branch; a picky compiler might complain.
This assert could be compressed to:
assert(offset >= 0 && (uint64_t) bytes <= INT64_MAX - offset);
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization: qemu.org | libvirt.org
[Bug 1878915] Re: util/fdmon-io_uring.c:95: get_sqe: Assertion `ret > 1' failed.
Confirming that I can no longer reproduce the bug with the latest master (ae3aa5da96f4ccf0c2a28851449d92db9fcfad71). I have not bisected the bug, though; at the moment I am not quite able to afford the time. -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1878915 Title: util/fdmon-io_uring.c:95: get_sqe: Assertion `ret > 1' failed. Status in QEMU: Fix Committed Bug description: qemu 5.0.0, liburing1 0.6-3, Linux 5.6.0-1-686-pae (Debian) Stack trace: Stack trace of thread 31002: #0 0xb7faf1cd __kernel_vsyscall (linux-gate.so.1 + 0x11cd) #1 0xb6c618e2 __libc_signal_restore_set (libc.so.6 + 0x348e2) #2 0xb6c4a309 __GI_abort (libc.so.6 + 0x1d309) #3 0xb6c4a1d1 __assert_fail_base (libc.so.6 + 0x1d1d1) #4 0xb6c59929 __GI___assert_fail (libc.so.6 + 0x2c929) #5 0x00ba80be get_sqe (qemu-system-i386 + 0x6d00be) #6 0x00ba80cb add_poll_add_sqe (qemu-system-i386 + 0x6d00cb) #7 0x00ba820c fill_sq_ring (qemu-system-i386 + 0x6d020c) #8 0x00ba7145 aio_poll (qemu-system-i386 + 0x6cf145) #9 0x00aede63 blk_prw (qemu-system-i386 + 0x615e63) #10 0x00aeef95 blk_pread (qemu-system-i386 + 0x616f95) #11 0x008abbfa fdctrl_transfer_handler (qemu-system-i386 + 0x3d3bfa) #12 0x00906c3d i8257_channel_run (qemu-system-i386 + 0x42ec3d) #13 0x008ac119 fdctrl_start_transfer (qemu-system-i386 + 0x3d4119) #14 0x008ab233 fdctrl_write_data (qemu-system-i386 + 0x3d3233) #15 0x00708ae7 memory_region_write_accessor (qemu-system-i386 + 0x230ae7) #16 0x007059e1 access_with_adjusted_size (qemu-system-i386 + 0x22d9e1) #17 0x0070b931 memory_region_dispatch_write (qemu-system-i386 + 0x233931) #18 0x006a87a2 address_space_stb (qemu-system-i386 + 0x1d07a2) #19 0x00829216 helper_outb (qemu-system-i386 + 0x351216) #20 0xb06d9fdc n/a (n/a + 0x0) Steps: 0. qemu-img create -f raw fda.img 3840K 1. mformat -i fda.img -n 48 -t 80 -h 2 2. qemu-system-i386 -fda fda.img -hda freedos.qcow2 3. Attempt to run 'dosfsck a:' in the guest According to hw/block/fdc.c, a 3840K image should result in a virtual floppy with a geometry of 48 sectors/track x 80 tracks x 2 sides. The assert seems bogus either way. To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1878915/+subscriptions
Re: [PATCH v7 07/12] tests/vm: Add ability to select QEMU from current build.
Hi,
These changes all seem like a good idea. I will add them in the next
version of the patch.
Thanks & Regards,
-Rob
On Fri, 22 May 2020 at 10:40, Alex Bennée wrote:
>
>
> Robert Foley writes:
>
> > Added a new special variable QEMU_LOCAL=1, which
> > will indicate to take the QEMU binary from the current
> > build.
> >
> > Signed-off-by: Robert Foley
> > Reviewed-by: Peter Puhov
> > ---
> > tests/vm/Makefile.include | 4
> > tests/vm/basevm.py| 25 ++---
> > 2 files changed, 26 insertions(+), 3 deletions(-)
> >
> > diff --git a/tests/vm/Makefile.include b/tests/vm/Makefile.include
> > index e22c391a2a..83a33b1044 100644
> > --- a/tests/vm/Makefile.include
> > +++ b/tests/vm/Makefile.include
> > @@ -41,6 +41,7 @@ endif
> > @echo "J=[0..9]* - Override the -jN parameter
> > for make commands"
> > @echo "DEBUG=1 - Enable verbose output on
> > host and interactive debugging"
> > @echo "V=1 - Enable verbose ouput on
> > host and guest commands"
> > + @echo "QEMU_LOCAL=1 - Use QEMU binary local to
> > this build."
> > @echo "QEMU=/path/to/qemu- Change path to QEMU binary"
> > @echo "QEMU_IMG=/path/to/qemu-img- Change path to qemu-img
> > tool"
> > ifeq ($(PYTHON_YAML),yes)
> > @@ -63,6 +64,7 @@ $(IMAGES_DIR)/%.img:$(SRC_PATH)/tests/vm/% \
> > $(PYTHON) $< \
> > $(if $(V)$(DEBUG), --debug) \
> > $(if $(GENISOIMAGE),--genisoimage $(GENISOIMAGE)) \
> > + --build-path $(BUILD_DIR)\
>
> We can do:
>
> $(if $(QEMU_LOCAL), --build-path $(BUILD_DIR)) \
>
> here and at the other points, then
>
> > + --build-path $(BUILD_DIR)\
> > --image "$<" \
> > $(if $(BUILD_TARGET),--build-target $(BUILD_TARGET)) \
> > --snapshot \
> > @@ -98,6 +101,7 @@ vm-boot-ssh-%: $(IMAGES_DIR)/%.img
> > $(PYTHON) $(SRC_PATH)/tests/vm/$* \
> > $(if $(J),--jobs $(J)) \
> > $(if $(V)$(DEBUG), --debug) \
> > + --build-path $(BUILD_DIR)\
> > --image "$<" \
> > --interactive \
> > false, \
> > diff --git a/tests/vm/basevm.py b/tests/vm/basevm.py
> > index 0bc1bad839..d717b967ca 100644
> > --- a/tests/vm/basevm.py
> > +++ b/tests/vm/basevm.py
> > @@ -89,6 +89,7 @@ class BaseVM(object):
> > def __init__(self, args, config=None):
> > self._guest = None
> > self._genisoimage = args.genisoimage
> > +self._build_path = args.build_path
> > # Allow input config to override defaults.
> > self._config = DEFAULT_CONFIG.copy()
> > if config != None:
> > @@ -273,15 +274,15 @@ class BaseVM(object):
> > args = self._args + boot_params.split(' ')
> > args += self._data_args + extra_args + self._config['extra_args']
> > logging.debug("QEMU args: %s", " ".join(args))
> > -qemu_bin = os.environ.get("QEMU", "qemu-system-" + self.arch)
> > -guest = QEMUMachine(binary=qemu_bin, args=args)
> > +qemu_path = get_qemu_path(self.arch, self._build_path)
> > +guest = QEMUMachine(binary=qemu_path, args=args)
> > guest.set_machine(self._config['machine'])
> > guest.set_console()
> > try:
> > guest.launch()
> > except:
> > logging.error("Failed to launch QEMU, command line:")
> > -logging.error(" ".join([qemu_bin] + args))
> > +logging.error(" ".join([qemu_path] + args))
> > logging.error("Log:")
> > logging.error(guest.get_log())
> > logging.error("QEMU version >= 2.10 is required")
> > @@ -480,6 +481,22 @@ class BaseVM(object):
> >stderr=self._stdout)
> > return os.path.join(cidir, "cloud-init.iso")
> >
> > +def get_qemu_path(arch, build_path=None):
> > +"""Fetch the path to the qemu binary."""
> > +qemu_local = os.environ.get("QEMU_LOCAL", 0)
>
> drop the enviroment test here because...
>
> > +# If QEMU environment variable set, it takes precedence
> > +if "QEMU" in os.environ:
> > +qemu_path = os.environ["QEMU"]
> > +elif qemu_local:
> > +if not build_path:
> > +raise Exception("--build-path option required with
> > QEMU_LOCAL")
>
> If we can't do it without build_path anyway we may as well make it a
> single option.
>
> > +qemu_path = os.path.join(build_path, arch + "-softmmu")
> > +qemu_path = os.path.join(qemu_path, "qemu-system-" + arch)
> > +else:
> > +# Default is to use system path for qemu.
> > +qemu_path = "qemu-system-" + arch
> > +return qemu_path
> > +
> > def parse_config(config, args):
> > """ Parse yaml config and populate our config structure.
> > The yaml config allo
[Bug 1880225] [NEW] Emulation of some arm programs fail with "Assertion `have_guest_base' failed."
Public bug reported:
This issue is observer with QEMU ToT, checked out around May 15th (but I
believe it is present in current master too), and wasn't present in QEMU
v5.0.0.
I am using 32-bit Intel(R) Pentium(R) M processor 1.73GHz host.
Arm cross-compiler is a standard cross-compiler that comes with Debian-
based distributions, and gcc version is:
$ arm-linux-gnueabi-gcc --version
arm-linux-gnueabi-gcc (Debian 8.3.0-2) 8.3.0
Compile this program with cross compiler:
$ arm-linux-gnueabi-gcc -O2 -static toupper_string.c -o toupper_string-
arm
Emulation with QEMU v5.0.0 is correct, and gives expected output:
$ ~/Build/qemu-5.0.0/build-gcc/arm-linux-user/qemu-arm ./toupper_string-arm
CONTROL RESULT: (toupper_string)
nwlrbbmqbhcdarz owkkyhiddqscdxr jmowfrxsjybldbe fsarcbynecdyggx xpklorellnmpapq
NWLRBBMQBHCDARZ OWKKYHIDDQSCDXR JMOWFRXSJYBLDBE FSARCBYNECDYGGX XPKLORELLNMPAPQ
While, in case of QEMU master it fails:
$ ~/Build/qemu-master/build-gcc/arm-linux-user/qemu-arm ./toupper_string-arm
qemu-arm: /home/rtrk/Build/qemu-master/linux-user/elfload.c:2294:
probe_guest_base: Assertion `have_guest_base' failed.
Aborted
There are many other programs that exibit the same behavior. The failure
is arm-sprecific.
-
source code: (let's call this file toupper_string.c) (similar file is
also in attachment)
#include
#include
#include
#include
#define MAX_STRING_LENGHT 15
#define NUMBER_OF_RANDOM_STRINGS 100
#define DEFAULT_NUMBER_OF_REPETITIONS 3
#define MAX_NUMBER_OF_REPETITIONS 10
#define NUMBER_OF_CONTROL_PRINT_ITEMS 5
/* Structure for keeping an array of strings */
struct StringStruct {
char chars[MAX_STRING_LENGHT + 1];
};
/**
* Sets characters of the given string to random small letters a-z.
* @param s String to get random characters.
* @len Length of the input string.
*/
static void gen_random_string(char *chars, const int len)
{
static const char letters[] = "abcdefghijklmnopqrstuvwxyz";
for (size_t i = 0; i < len; i++) {
chars[i] = letters[rand() % (sizeof(letters) - 1)];
}
chars[len] = 0;
}
void main (int argc, char* argv[])
{
struct StringStruct random_strings[NUMBER_OF_RANDOM_STRINGS];
struct StringStruct strings_to_be_uppercased[NUMBER_OF_RANDOM_STRINGS];
int32_t number_of_repetitions = DEFAULT_NUMBER_OF_REPETITIONS;
int32_t option;
/* Parse command line options */
while ((option = getopt(argc, argv, "n:")) != -1) {
if (option == 'n') {
int32_t user_number_of_repetitions = atoi(optarg);
/* Check if the value is a negative number */
if (user_number_of_repetitions < 1) {
fprintf(stderr, "Error ... Value for option '-n' cannot be a "
"negative number.\n");
exit(EXIT_FAILURE);
}
/* Check if the value is a string or zero */
if (user_number_of_repetitions == 0) {
fprintf(stderr, "Error ... Invalid value for option '-n'.\n");
exit(EXIT_FAILURE);
}
/* Check if the value is too large */
if (user_number_of_repetitions > MAX_NUMBER_OF_REPETITIONS) {
fprintf(stderr, "Error ... Value for option '-n' cannot be "
"more than %d.\n", MAX_NUMBER_OF_REPETITIONS);
exit(EXIT_FAILURE);
}
number_of_repetitions = user_number_of_repetitions;
} else {
exit(EXIT_FAILURE);
}
}
/* Create an array of strings with random content */
srand(1);
for (size_t i = 0; i < NUMBER_OF_RANDOM_STRINGS; i++) {
gen_random_string(random_strings[i].chars, MAX_STRING_LENGHT);
}
/* Perform uppercasing of a set of random strings multiple times */
for (size_t j = 0; j < number_of_repetitions; j++) {
/* Copy initial set of random strings to the set to be uppercased */
memcpy(strings_to_be_uppercased, random_strings,
NUMBER_OF_RANDOM_STRINGS * (MAX_STRING_LENGHT + 1));
/* Do actual changing case to uppercase */
for (size_t i = 0; i < NUMBER_OF_RANDOM_STRINGS; i++) {
int k = 0;
while (strings_to_be_uppercased[i].chars[k]) {
char ch = strings_to_be_uppercased[i].chars[k] - 32;
memcpy((void *)strings_to_be_uppercased[i].chars + k,
&ch, 1);
k++;
}
}
}
/* Control printing */
printf("CONTROL RESULT: (toupper_string)\n");
for (size_t i = 0; i < NUMBER_OF_CONTROL_PRINT_ITEMS; i++) {
printf(" %s", random_strings[i].chars);
}
printf("\n");
for (size_t i = 0; i < NUMBER_OF_CONTROL_PRINT_ITEMS; i++) {
printf(" %s", strings_to_be_uppercased[i].chars);
}
printf("\n");
}
** Affects: qemu
Importance: Undecided
Stat
[PULL 4/4] hw/block/pflash: Check return value of blk_pwrite()
From: Mansour Ahmadi
When updating the PFLASH file contents, we should check for a
possible failure of blk_pwrite(). Similar to commit 3a688294e.
Reported-by: Coverity (CID 1357678 CHECKED_RETURN)
Signed-off-by: Mansour Ahmadi
Message-Id: <20200408003552.58095-1-mansour...@gmail.com>
[PMD: Add missing "qemu/error-report.h" include and TODO comment]
Signed-off-by: Philippe Mathieu-Daudé
---
hw/block/pflash_cfi01.c | 8 +++-
hw/block/pflash_cfi02.c | 8 +++-
2 files changed, 14 insertions(+), 2 deletions(-)
diff --git a/hw/block/pflash_cfi01.c b/hw/block/pflash_cfi01.c
index 2ca173aa46..11922c0f96 100644
--- a/hw/block/pflash_cfi01.c
+++ b/hw/block/pflash_cfi01.c
@@ -42,6 +42,7 @@
#include "hw/qdev-properties.h"
#include "sysemu/block-backend.h"
#include "qapi/error.h"
+#include "qemu/error-report.h"
#include "qemu/bitops.h"
#include "qemu/error-report.h"
#include "qemu/host-utils.h"
@@ -389,13 +390,18 @@ static void pflash_update(PFlashCFI01 *pfl, int offset,
int size)
{
int offset_end;
+int ret;
if (pfl->blk) {
offset_end = offset + size;
/* widen to sector boundaries */
offset = QEMU_ALIGN_DOWN(offset, BDRV_SECTOR_SIZE);
offset_end = QEMU_ALIGN_UP(offset_end, BDRV_SECTOR_SIZE);
-blk_pwrite(pfl->blk, offset, pfl->storage + offset,
+ret = blk_pwrite(pfl->blk, offset, pfl->storage + offset,
offset_end - offset, 0);
+if (ret < 0) {
+/* TODO set error bit in status */
+error_report("Could not update PFLASH: %s", strerror(-ret));
+}
}
}
diff --git a/hw/block/pflash_cfi02.c b/hw/block/pflash_cfi02.c
index c277b0309d..ac7e34ecbf 100644
--- a/hw/block/pflash_cfi02.c
+++ b/hw/block/pflash_cfi02.c
@@ -37,6 +37,7 @@
#include "hw/block/flash.h"
#include "hw/qdev-properties.h"
#include "qapi/error.h"
+#include "qemu/error-report.h"
#include "qemu/bitmap.h"
#include "qemu/timer.h"
#include "sysemu/block-backend.h"
@@ -393,13 +394,18 @@ static uint64_t pflash_read(void *opaque, hwaddr offset,
unsigned int width)
static void pflash_update(PFlashCFI02 *pfl, int offset, int size)
{
int offset_end;
+int ret;
if (pfl->blk) {
offset_end = offset + size;
/* widen to sector boundaries */
offset = QEMU_ALIGN_DOWN(offset, BDRV_SECTOR_SIZE);
offset_end = QEMU_ALIGN_UP(offset_end, BDRV_SECTOR_SIZE);
-blk_pwrite(pfl->blk, offset, pfl->storage + offset,
+ret = blk_pwrite(pfl->blk, offset, pfl->storage + offset,
offset_end - offset, 0);
+if (ret < 0) {
+/* TODO set error bit in status */
+error_report("Could not update PFLASH: %s", strerror(-ret));
+}
}
}
--
2.21.3
[PULL 2/4] hw/block/pflash_cfi01: Document use of non-CFI compliant command '0x00'
The command 0x00 is used by this model since its origin (commit
05ee37ebf630). In this commit the command is described with a
amusing '/* ??? */' comment, probably meaning 'FIXME'.
switch (cmd) {
case 0x00: /* ??? */
...
This comment survived 12 years because the 0x00 value is indeed
not specified by the CFI open standard (as of this commit).
The 'cmd' field is transfered during migration. To keep the
migration feature working with older QEMU version, we have to
take a lot of care with migrated field. We figured out it is
too late to remove a non-specified value from this model
(this would make migration review very complex). It is however
not too late to improve the documentation.
Add few comments to remember this is a special value related
to QEMU, and we won't find information about it on the CFI
spec.
Reviewed-by: Alistair Francis
Message-Id: <20190716221555.11145-3-phi...@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé
---
hw/block/pflash_cfi01.c | 18 +-
1 file changed, 13 insertions(+), 5 deletions(-)
diff --git a/hw/block/pflash_cfi01.c b/hw/block/pflash_cfi01.c
index d67f84d655..3cd483d26a 100644
--- a/hw/block/pflash_cfi01.c
+++ b/hw/block/pflash_cfi01.c
@@ -278,9 +278,13 @@ static uint32_t pflash_read(PFlashCFI01 *pfl, hwaddr
offset,
/* This should never happen : reset state & treat it as a read */
DPRINTF("%s: unknown command state: %x\n", __func__, pfl->cmd);
pfl->wcycle = 0;
-pfl->cmd = 0;
+/*
+ * The command 0x00 is not assigned by the CFI open standard,
+ * but QEMU historically uses it for the READ_ARRAY command (0xff).
+ */
+pfl->cmd = 0x00;
/* fall through to read code */
-case 0x00:
+case 0x00: /* This model reset value for READ_ARRAY (not CFI compliant) */
/* Flash area read */
ret = pflash_data_read(pfl, offset, width, be);
break;
@@ -449,7 +453,7 @@ static void pflash_write(PFlashCFI01 *pfl, hwaddr offset,
case 0:
/* read mode */
switch (cmd) {
-case 0x00: /* ??? */
+case 0x00: /* This model reset value for READ_ARRAY (not CFI) */
goto reset_flash;
case 0x10: /* Single Byte Program */
case 0x40: /* Single Byte Program */
@@ -646,7 +650,7 @@ static void pflash_write(PFlashCFI01 *pfl, hwaddr offset,
trace_pflash_reset();
memory_region_rom_device_set_romd(&pfl->mem, true);
pfl->wcycle = 0;
-pfl->cmd = 0;
+pfl->cmd = 0x00; /* This model reset value for READ_ARRAY (not CFI) */
}
@@ -762,7 +766,11 @@ static void pflash_cfi01_realize(DeviceState *dev, Error
**errp)
}
pfl->wcycle = 0;
-pfl->cmd = 0;
+/*
+ * The command 0x00 is not assigned by the CFI open standard,
+ * but QEMU historically uses it for the READ_ARRAY command (0xff).
+ */
+pfl->cmd = 0x00;
pfl->status = 0x80; /* WSM ready */
/* Hardcoded CFI table */
/* Standard "QRY" string */
--
2.21.3
[PULL 0/4] pflash-next patches for 2020-05-22
The following changes since commit d19f1ab0de8b763159513e3eaa12c5bc68122361: Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-2020052= 1-1' into staging (2020-05-21 22:06:56 +0100) are available in the Git repository at: https://gitlab.com/philmd/qemu.git tags/pflash-next-20200522 for you to fetch changes up to 1857b9db49770590483be44eb90993c42b2a5a99: hw/block/pflash: Check return value of blk_pwrite() (2020-05-22 19:38:14 +0= 200) - Remove unused timer in CFI01 flash, - Clean up code documentation, - Silent a long-standing Coverity warning (2016-07-15). Mansour Ahmadi (1): hw/block/pflash: Check return value of blk_pwrite() Philippe Mathieu-Daud=C3=A9 (3): hw/block/pflash_cfi01: Removed an unused timer hw/block/pflash_cfi01: Document use of non-CFI compliant command '0x00' hw/block/pflash_cfi01: Rename 'reset_flash' label as 'mode_read_array' hw/block/pflash_cfi01.c | 71 - hw/block/pflash_cfi02.c | 8 - 2 files changed, 42 insertions(+), 37 deletions(-) --=20 2.21.3
[PULL 3/4] hw/block/pflash_cfi01: Rename 'reset_flash' label as 'mode_read_array'
Rename the 'reset_flash' as 'mode_read_array' to make explicit we
do not reset the device, we simply set its internal state machine
in the READ_ARRAY mode. We do not reset the status register error
bits, as a device reset would do.
Reviewed-by: John Snow
Reviewed-by: Alistair Francis
Message-Id: <20190716221555.11145-5-phi...@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé
---
hw/block/pflash_cfi01.c | 30 +++---
1 file changed, 15 insertions(+), 15 deletions(-)
diff --git a/hw/block/pflash_cfi01.c b/hw/block/pflash_cfi01.c
index 3cd483d26a..2ca173aa46 100644
--- a/hw/block/pflash_cfi01.c
+++ b/hw/block/pflash_cfi01.c
@@ -454,7 +454,7 @@ static void pflash_write(PFlashCFI01 *pfl, hwaddr offset,
/* read mode */
switch (cmd) {
case 0x00: /* This model reset value for READ_ARRAY (not CFI) */
-goto reset_flash;
+goto mode_read_array;
case 0x10: /* Single Byte Program */
case 0x40: /* Single Byte Program */
DPRINTF("%s: Single Byte Program\n", __func__);
@@ -477,7 +477,7 @@ static void pflash_write(PFlashCFI01 *pfl, hwaddr offset,
case 0x50: /* Clear status bits */
DPRINTF("%s: Clear status bits\n", __func__);
pfl->status = 0x0;
-goto reset_flash;
+goto mode_read_array;
case 0x60: /* Block (un)lock */
DPRINTF("%s: Block unlock\n", __func__);
break;
@@ -502,10 +502,10 @@ static void pflash_write(PFlashCFI01 *pfl, hwaddr offset,
break;
case 0xf0: /* Probe for AMD flash */
DPRINTF("%s: Probe for AMD flash\n", __func__);
-goto reset_flash;
-case 0xff: /* Read array mode */
+goto mode_read_array;
+case 0xff: /* Read Array */
DPRINTF("%s: Read array mode\n", __func__);
-goto reset_flash;
+goto mode_read_array;
default:
goto error_flash;
}
@@ -531,8 +531,8 @@ static void pflash_write(PFlashCFI01 *pfl, hwaddr offset,
if (cmd == 0xd0) { /* confirm */
pfl->wcycle = 0;
pfl->status |= 0x80;
-} else if (cmd == 0xff) { /* read array mode */
-goto reset_flash;
+} else if (cmd == 0xff) { /* Read Array */
+goto mode_read_array;
} else
goto error_flash;
@@ -558,16 +558,16 @@ static void pflash_write(PFlashCFI01 *pfl, hwaddr offset,
} else if (cmd == 0x01) {
pfl->wcycle = 0;
pfl->status |= 0x80;
-} else if (cmd == 0xff) {
-goto reset_flash;
+} else if (cmd == 0xff) { /* Read Array */
+goto mode_read_array;
} else {
DPRINTF("%s: Unknown (un)locking command\n", __func__);
-goto reset_flash;
+goto mode_read_array;
}
break;
case 0x98:
-if (cmd == 0xff) {
-goto reset_flash;
+if (cmd == 0xff) { /* Read Array */
+goto mode_read_array;
} else {
DPRINTF("%s: leaving query mode\n", __func__);
}
@@ -627,7 +627,7 @@ static void pflash_write(PFlashCFI01 *pfl, hwaddr offset,
" the data is already written to storage!\n"
"Flash device reset into READ mode.\n",
__func__);
-goto reset_flash;
+goto mode_read_array;
}
break;
default:
@@ -637,7 +637,7 @@ static void pflash_write(PFlashCFI01 *pfl, hwaddr offset,
default:
/* Should never happen */
DPRINTF("%s: invalid write state\n", __func__);
-goto reset_flash;
+goto mode_read_array;
}
return;
@@ -646,7 +646,7 @@ static void pflash_write(PFlashCFI01 *pfl, hwaddr offset,
"(offset " TARGET_FMT_plx ", wcycle 0x%x cmd 0x%x value
0x%x)"
"\n", __func__, offset, pfl->wcycle, pfl->cmd, value);
- reset_flash:
+ mode_read_array:
trace_pflash_reset();
memory_region_rom_device_set_romd(&pfl->mem, true);
pfl->wcycle = 0;
--
2.21.3
[PULL 1/4] hw/block/pflash_cfi01: Removed an unused timer
The 'CFI02' NOR flash was introduced in commit 29133e9a0fff, with
timing modelled. One year later, the CFI01 model was introduced
(commit 05ee37ebf630) based on the CFI02 model. As noted in the
header, "It does not support timings". 12 years later, we never
had to model the device timings. Time to remove the unused timer,
we can still add it back if required.
Suggested-by: Laszlo Ersek
Reviewed-by: Wei Yang
Reviewed-by: Laszlo Ersek
Reviewed-by: Alistair Francis
Tested-by: Laszlo Ersek
[Laszlo Ersek: Regression tested EDK2 OVMF IA32X64, ArmVirtQemu Aarch64
https://lists.gnu.org/archive/html/qemu-devel/2019-07/msg04373.html]
Message-Id: <20190716221555.11145-2-phi...@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé
---
hw/block/pflash_cfi01.c | 15 ---
1 file changed, 15 deletions(-)
diff --git a/hw/block/pflash_cfi01.c b/hw/block/pflash_cfi01.c
index 8e8887253d..d67f84d655 100644
--- a/hw/block/pflash_cfi01.c
+++ b/hw/block/pflash_cfi01.c
@@ -42,7 +42,6 @@
#include "hw/qdev-properties.h"
#include "sysemu/block-backend.h"
#include "qapi/error.h"
-#include "qemu/timer.h"
#include "qemu/bitops.h"
#include "qemu/error-report.h"
#include "qemu/host-utils.h"
@@ -91,7 +90,6 @@ struct PFlashCFI01 {
uint8_t cfi_table[0x52];
uint64_t counter;
unsigned int writeblock_size;
-QEMUTimer *timer;
MemoryRegion mem;
char *name;
void *storage;
@@ -115,18 +113,6 @@ static const VMStateDescription vmstate_pflash = {
}
};
-static void pflash_timer (void *opaque)
-{
-PFlashCFI01 *pfl = opaque;
-
-trace_pflash_timer_expired(pfl->cmd);
-/* Reset flash */
-pfl->status ^= 0x80;
-memory_region_rom_device_set_romd(&pfl->mem, true);
-pfl->wcycle = 0;
-pfl->cmd = 0;
-}
-
/* Perform a CFI query based on the bank width of the flash.
* If this code is called we know we have a device_width set for
* this flash.
@@ -775,7 +761,6 @@ static void pflash_cfi01_realize(DeviceState *dev, Error
**errp)
pfl->max_device_width = pfl->device_width;
}
-pfl->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, pflash_timer, pfl);
pfl->wcycle = 0;
pfl->cmd = 0;
pfl->status = 0x80; /* WSM ready */
--
2.21.3
Re: [PATCH 18/19] target/arm: Fix tsan warning in cpu.c
On Fri, 22 May 2020 at 17:15, Robert Foley wrote: > > For example: > WARNING: ThreadSanitizer: data race (pid=11134) > Atomic write of size 4 at 0x7bbce0ac by main thread (mutexes: write > M875): > #0 __tsan_atomic32_store (qemu-system-aarch64+0x394d84) > #1 cpu_reset_interrupt hw/core/cpu.c:107:5 (qemu-system-aarch64+0x842f90) > #2 arm_cpu_set_irq target/arm/cpu.c (qemu-system-aarch64+0x615a55) > > Previous read of size 4 at 0x7bbce0ac by thread T7: > #0 arm_cpu_has_work target/arm/cpu.c:78:16 (qemu-system-aarch64+0x6178ba) > #1 cpu_has_work include/hw/core/cpu.h:700:12 > (qemu-system-aarch64+0x68be2e) > > Cc: Peter Maydell > Cc: Richard Henderson > Signed-off-by: Robert Foley > --- > target/arm/cpu.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/target/arm/cpu.c b/target/arm/cpu.c > index 32bec156f2..cdb90582ee 100644 > --- a/target/arm/cpu.c > +++ b/target/arm/cpu.c > @@ -75,7 +75,7 @@ static bool arm_cpu_has_work(CPUState *cs) > ARMCPU *cpu = ARM_CPU(cs); > > return (cpu->power_state != PSCI_OFF) > -&& cs->interrupt_request & > +&& atomic_read(&cs->interrupt_request) & > (CPU_INTERRUPT_FIQ | CPU_INTERRUPT_HARD > | CPU_INTERRUPT_VFIQ | CPU_INTERRUPT_VIRQ > | CPU_INTERRUPT_EXITTB); Every target's has_work function seems to access cs->interrupt_request without using atomic_read() : why does Arm need to do something special here? More generally, the only place that currently uses atomic_read() on the interrupt_request field is cpu_handle_interrupt(), so if this field needs special precautions to access then a lot of code needs updating. thanks -- PMM
[PATCH v4 10/13] target/i386: Restrict CpuClass::get_crash_info() to system-mode
Reviewed-by: Richard Henderson
Reviewed-by: Laurent Vivier
Tested-by: Laurent Vivier
Signed-off-by: Philippe Mathieu-Daudé
---
target/i386/cpu.c | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 7a4a8e3847..dd31c1de5f 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -6843,6 +6843,7 @@ static void x86_cpu_register_feature_bit_props(X86CPU
*cpu,
x86_cpu_register_bit_prop(cpu, name, w, bitnr);
}
+#if !defined(CONFIG_USER_ONLY)
static GuestPanicInformation *x86_cpu_get_crash_info(CPUState *cs)
{
X86CPU *cpu = X86_CPU(cs);
@@ -6886,6 +6887,7 @@ static void x86_cpu_get_crash_info_qom(Object *obj,
Visitor *v,
errp);
qapi_free_GuestPanicInformation(panic_info);
}
+#endif /* !CONFIG_USER_ONLY */
static void x86_cpu_initfn(Object *obj)
{
@@ -6932,8 +6934,10 @@ static void x86_cpu_initfn(Object *obj)
x86_cpu_get_unavailable_features,
NULL, NULL, NULL);
+#if !defined(CONFIG_USER_ONLY)
object_property_add(obj, "crash-information", "GuestPanicInformation",
x86_cpu_get_crash_info_qom, NULL, NULL, NULL);
+#endif
for (w = 0; w < FEATURE_WORDS; w++) {
int bitnr;
@@ -7245,7 +7249,6 @@ static void x86_cpu_common_class_init(ObjectClass *oc,
void *data)
cc->cpu_exec_interrupt = x86_cpu_exec_interrupt;
#endif
cc->dump_state = x86_cpu_dump_state;
-cc->get_crash_info = x86_cpu_get_crash_info;
cc->set_pc = x86_cpu_set_pc;
cc->synchronize_from_tb = x86_cpu_synchronize_from_tb;
cc->gdb_read_register = x86_cpu_gdb_read_register;
@@ -7256,6 +7259,7 @@ static void x86_cpu_common_class_init(ObjectClass *oc,
void *data)
cc->asidx_from_attrs = x86_asidx_from_attrs;
cc->get_memory_mapping = x86_cpu_get_memory_mapping;
cc->get_phys_page_attrs_debug = x86_cpu_get_phys_page_attrs_debug;
+cc->get_crash_info = x86_cpu_get_crash_info;
cc->write_elf64_note = x86_cpu_write_elf64_note;
cc->write_elf64_qemunote = x86_cpu_write_elf64_qemunote;
cc->write_elf32_note = x86_cpu_write_elf32_note;
--
2.21.3
[PATCH v4 13/13] stubs: Restrict ui/win32-kbd-hook to system-mode
In Makefile.objs, the ui/ directory is restricted to system-mode: 43 ifeq ($(CONFIG_SOFTMMU),y) ... 65 common-obj-y += ui/ 66 common-obj-m += ui/ ... 82 endif # CONFIG_SOFTMMU Restrict the ui/ stub added in commit 2df9f5718df to only build it for system-mode emulation. Signed-off-by: Philippe Mathieu-Daudé --- Cc: Volker Rümelin Cc: Gerd Hoffmann --- stubs/Makefile.objs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stubs/Makefile.objs b/stubs/Makefile.objs index f54125de31..c1e43ac68f 100644 --- a/stubs/Makefile.objs +++ b/stubs/Makefile.objs @@ -23,7 +23,7 @@ stub-obj-y += sysbus.o stub-obj-y += tpm.o stub-obj-y += trace-control.o stub-obj-y += vmstate.o -stub-obj-y += win32-kbd-hook.o +stub-obj-$(CONFIG_SOFTMMU) += win32-kbd-hook.o ### # code used by both qemu system emulation and qemu-img -- 2.21.3
[PATCH v4 12/13] hw/core: Restrict CpuClass::get_crash_info() to system-mode
Reviewed-by: Richard Henderson
Reviewed-by: Laurent Vivier
Tested-by: Laurent Vivier
Signed-off-by: Philippe Mathieu-Daudé
---
include/hw/core/cpu.h | 7 ++-
hw/core/cpu.c | 2 ++
2 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index 07f7698155..497600c49e 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -490,6 +490,8 @@ bool cpu_paging_enabled(const CPUState *cpu);
void cpu_get_memory_mapping(CPUState *cpu, MemoryMappingList *list,
Error **errp);
+#if !defined(CONFIG_USER_ONLY)
+
/**
* cpu_write_elf64_note:
* @f: pointer to a function that writes memory to a file
@@ -539,6 +541,8 @@ int cpu_write_elf32_qemunote(WriteCoreDumpFunction f,
CPUState *cpu,
*/
GuestPanicInformation *cpu_get_crash_info(CPUState *cpu);
+#endif /* !CONFIG_USER_ONLY */
+
/**
* CPUDumpFlags:
* @CPU_DUMP_CODE:
@@ -632,7 +636,8 @@ static inline int cpu_asidx_from_attrs(CPUState *cpu,
MemTxAttrs attrs)
}
return ret;
}
-#endif
+
+#endif /* CONFIG_USER_ONLY */
/**
* cpu_list_add:
diff --git a/hw/core/cpu.c b/hw/core/cpu.c
index 5284d384fb..f31ec48ee6 100644
--- a/hw/core/cpu.c
+++ b/hw/core/cpu.c
@@ -209,6 +209,7 @@ static bool cpu_common_exec_interrupt(CPUState *cpu, int
int_req)
return false;
}
+#if !defined(CONFIG_USER_ONLY)
GuestPanicInformation *cpu_get_crash_info(CPUState *cpu)
{
CPUClass *cc = CPU_GET_CLASS(cpu);
@@ -219,6 +220,7 @@ GuestPanicInformation *cpu_get_crash_info(CPUState *cpu)
}
return res;
}
+#endif
void cpu_dump_state(CPUState *cpu, FILE *f, int flags)
{
--
2.21.3
[PATCH v4 09/13] arch_init: Remove unused 'qapi-commands-misc.h' include
Commit ffaee83bcb2 moved qmp_query_target but forgot to remove this include. Reviewed-by: Alistair Francis Reviewed-by: Richard Henderson Reviewed-by: Laurent Vivier Tested-by: Laurent Vivier Signed-off-by: Philippe Mathieu-Daudé --- arch_init.c | 1 - 1 file changed, 1 deletion(-) diff --git a/arch_init.c b/arch_init.c index d9eb0ec1dd..8afea4748b 100644 --- a/arch_init.c +++ b/arch_init.c @@ -27,7 +27,6 @@ #include "sysemu/arch_init.h" #include "hw/pci/pci.h" #include "hw/audio/soundhw.h" -#include "qapi/qapi-commands-misc.h" #include "qapi/error.h" #include "qemu/config-file.h" #include "qemu/error-report.h" -- 2.21.3
[PATCH v4 08/13] exec: Assert CPU migration is not used on user-only build
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
Reviewed-by: Laurent Vivier
Tested-by: Laurent Vivier
Signed-off-by: Philippe Mathieu-Daudé
---
exec.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/exec.c b/exec.c
index 5162f0d12f..6dfd314469 100644
--- a/exec.c
+++ b/exec.c
@@ -946,7 +946,9 @@ void cpu_exec_realizefn(CPUState *cpu, Error **errp)
qemu_plugin_vcpu_init_hook(cpu);
-#ifndef CONFIG_USER_ONLY
+#ifdef CONFIG_USER_ONLY
+assert(cc->vmsd == NULL);
+#else /* !CONFIG_USER_ONLY */
if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
vmstate_register(NULL, cpu->cpu_index, &vmstate_cpu_common, cpu);
}
--
2.21.3
[PATCH v4 11/13] target/s390x: Restrict CpuClass::get_crash_info() to system-mode
Reviewed-by: Richard Henderson
Reviewed-by: Cornelia Huck
Reviewed-by: Laurent Vivier
Tested-by: Laurent Vivier
Signed-off-by: Philippe Mathieu-Daudé
---
target/s390x/cpu.c | 12 +---
1 file changed, 5 insertions(+), 7 deletions(-)
diff --git a/target/s390x/cpu.c b/target/s390x/cpu.c
index ca50b70451..08eb674d22 100644
--- a/target/s390x/cpu.c
+++ b/target/s390x/cpu.c
@@ -247,6 +247,7 @@ out:
error_propagate(errp, err);
}
+#if !defined(CONFIG_USER_ONLY)
static GuestPanicInformation *s390_cpu_get_crash_info(CPUState *cs)
{
GuestPanicInformation *panic_info;
@@ -256,11 +257,7 @@ static GuestPanicInformation
*s390_cpu_get_crash_info(CPUState *cs)
panic_info = g_malloc0(sizeof(GuestPanicInformation));
panic_info->type = GUEST_PANIC_INFORMATION_TYPE_S390;
-#if !defined(CONFIG_USER_ONLY)
panic_info->u.s390.core = cpu->env.core_id;
-#else
-panic_info->u.s390.core = 0; /* sane default for non system emulation */
-#endif
panic_info->u.s390.psw_mask = cpu->env.psw.mask;
panic_info->u.s390.psw_addr = cpu->env.psw.addr;
panic_info->u.s390.reason = cpu->env.crash_reason;
@@ -286,6 +283,7 @@ static void s390_cpu_get_crash_info_qom(Object *obj,
Visitor *v,
errp);
qapi_free_GuestPanicInformation(panic_info);
}
+#endif
static void s390_cpu_initfn(Object *obj)
{
@@ -295,16 +293,16 @@ static void s390_cpu_initfn(Object *obj)
cpu_set_cpustate_pointers(cpu);
cs->halted = 1;
cs->exception_index = EXCP_HLT;
+#if !defined(CONFIG_USER_ONLY)
object_property_add(obj, "crash-information", "GuestPanicInformation",
s390_cpu_get_crash_info_qom, NULL, NULL, NULL);
-s390_cpu_model_register_props(obj);
-#if !defined(CONFIG_USER_ONLY)
cpu->env.tod_timer =
timer_new_ns(QEMU_CLOCK_VIRTUAL, s390x_tod_timer, cpu);
cpu->env.cpu_timer =
timer_new_ns(QEMU_CLOCK_VIRTUAL, s390x_cpu_timer, cpu);
s390_cpu_set_state(S390_CPU_STATE_STOPPED, cpu);
#endif
+s390_cpu_model_register_props(obj);
}
static void s390_cpu_finalize(Object *obj)
@@ -488,13 +486,13 @@ static void s390_cpu_class_init(ObjectClass *oc, void
*data)
cc->do_interrupt = s390_cpu_do_interrupt;
#endif
cc->dump_state = s390_cpu_dump_state;
-cc->get_crash_info = s390_cpu_get_crash_info;
cc->set_pc = s390_cpu_set_pc;
cc->gdb_read_register = s390_cpu_gdb_read_register;
cc->gdb_write_register = s390_cpu_gdb_write_register;
#ifndef CONFIG_USER_ONLY
cc->get_phys_page_debug = s390_cpu_get_phys_page_debug;
cc->vmsd = &vmstate_s390_cpu;
+cc->get_crash_info = s390_cpu_get_crash_info;
cc->write_elf64_note = s390_cpu_write_elf64_note;
#ifdef CONFIG_TCG
cc->cpu_exec_interrupt = s390_cpu_exec_interrupt;
--
2.21.3
[PATCH v4 07/13] target/riscv/cpu: Restrict CPU migration to system-mode
Reviewed-by: Alistair Francis
Reviewed-by: Richard Henderson
Reviewed-by: Laurent Vivier
Tested-by: Laurent Vivier
Signed-off-by: Philippe Mathieu-Daudé
---
target/riscv/cpu.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index 059d71f2c7..6c78337858 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -485,10 +485,12 @@ static void riscv_cpu_init(Object *obj)
cpu_set_cpustate_pointers(cpu);
}
+#ifndef CONFIG_USER_ONLY
static const VMStateDescription vmstate_riscv_cpu = {
.name = "cpu",
.unmigratable = 1,
};
+#endif
static Property riscv_cpu_properties[] = {
DEFINE_PROP_BOOL("i", RISCVCPU, cfg.ext_i, true),
@@ -544,13 +546,13 @@ static void riscv_cpu_class_init(ObjectClass *c, void
*data)
cc->do_transaction_failed = riscv_cpu_do_transaction_failed;
cc->do_unaligned_access = riscv_cpu_do_unaligned_access;
cc->get_phys_page_debug = riscv_cpu_get_phys_page_debug;
+/* For now, mark unmigratable: */
+cc->vmsd = &vmstate_riscv_cpu;
#endif
#ifdef CONFIG_TCG
cc->tcg_initialize = riscv_translate_init;
cc->tlb_fill = riscv_cpu_tlb_fill;
#endif
-/* For now, mark unmigratable: */
-cc->vmsd = &vmstate_riscv_cpu;
device_class_set_props(dc, riscv_cpu_properties);
}
--
2.21.3
[PATCH v4 05/13] util/Makefile: Reduce the user-mode object list
These objects are not required when configured with --disable-system. Reviewed-by: Richard Henderson Reviewed-by: Laurent Vivier Tested-by: Laurent Vivier Signed-off-by: Philippe Mathieu-Daudé --- util/Makefile.objs | 59 +- 1 file changed, 38 insertions(+), 21 deletions(-) diff --git a/util/Makefile.objs b/util/Makefile.objs index fe339c2636..cc5e37177a 100644 --- a/util/Makefile.objs +++ b/util/Makefile.objs @@ -1,8 +1,4 @@ util-obj-y = osdep.o cutils.o unicode.o qemu-timer-common.o -util-obj-y += bufferiszero.o -util-obj-y += lockcnt.o -util-obj-y += aiocb.o async.o aio-wait.o thread-pool.o qemu-timer.o -util-obj-y += main-loop.o util-obj-$(call lnot,$(CONFIG_ATOMIC64)) += atomic64.o util-obj-$(CONFIG_POSIX) += aio-posix.o util-obj-$(CONFIG_POSIX) += fdmon-poll.o @@ -21,31 +17,20 @@ util-obj-$(CONFIG_WIN32) += oslib-win32.o util-obj-$(CONFIG_WIN32) += qemu-thread-win32.o util-obj-y += envlist.o path.o module.o util-obj-y += host-utils.o -util-obj-y += bitmap.o bitops.o hbitmap.o +util-obj-y += bitmap.o bitops.o util-obj-y += fifo8.o -util-obj-y += nvdimm-utils.o util-obj-y += cacheinfo.o util-obj-y += error.o qemu-error.o util-obj-y += qemu-print.o util-obj-y += id.o -util-obj-y += iov.o qemu-config.o qemu-sockets.o uri.o notify.o +util-obj-y += qemu-config.o notify.o util-obj-y += qemu-option.o qemu-progress.o util-obj-y += keyval.o -util-obj-y += hexdump.o util-obj-y += crc32c.o util-obj-y += uuid.o -util-obj-y += throttle.o util-obj-y += getauxval.o -util-obj-y += readline.o util-obj-y += rcu.o util-obj-$(CONFIG_MEMBARRIER) += sys_membarrier.o -util-obj-y += qemu-coroutine.o qemu-coroutine-lock.o qemu-coroutine-io.o -util-obj-y += qemu-coroutine-sleep.o -util-obj-y += qemu-co-shared-resource.o -util-obj-y += coroutine-$(CONFIG_COROUTINE_BACKEND).o -util-obj-y += buffer.o -util-obj-y += timed-average.o -util-obj-y += base64.o util-obj-y += log.o util-obj-y += pagesize.o util-obj-y += qdist.o @@ -54,13 +39,45 @@ util-obj-y += qsp.o util-obj-y += range.o util-obj-y += stats64.o util-obj-y += systemd.o -util-obj-y += iova-tree.o -util-obj-$(CONFIG_INOTIFY1) += filemonitor-inotify.o -util-obj-$(call lnot,$(CONFIG_INOTIFY1)) += filemonitor-stub.o -util-obj-$(CONFIG_LINUX) += vfio-helpers.o util-obj-$(CONFIG_POSIX) += drm.o util-obj-y += guest-random.o util-obj-$(CONFIG_GIO) += dbus.o dbus.o-cflags = $(GIO_CFLAGS) dbus.o-libs = $(GIO_LIBS) util-obj-$(CONFIG_USER_ONLY) += selfmap.o + +### +# code used by both qemu system emulation and qemu-img + +ifeq ($(call lor,$(CONFIG_SOFTMMU),$(CONFIG_TOOLS)),y) + +util-obj-y += aio-wait.o +util-obj-y += aiocb.o +util-obj-y += async.o +util-obj-y += base64.o +util-obj-y += buffer.o +util-obj-y += bufferiszero.o +util-obj-y += coroutine-$(CONFIG_COROUTINE_BACKEND).o +util-obj-y += hexdump.o +util-obj-y += lockcnt.o +util-obj-y += iov.o +util-obj-y += iova-tree.o +util-obj-y += hbitmap.o +util-obj-y += main-loop.o +util-obj-y += nvdimm-utils.o +util-obj-y += qemu-coroutine.o qemu-coroutine-lock.o qemu-coroutine-io.o +util-obj-y += qemu-coroutine-sleep.o +util-obj-y += qemu-co-shared-resource.o +util-obj-y += qemu-sockets.o +util-obj-y += qemu-timer.o +util-obj-y += thread-pool.o +util-obj-y += throttle.o +util-obj-y += timed-average.o +util-obj-y += uri.o + +util-obj-$(CONFIG_LINUX) += vfio-helpers.o +util-obj-$(CONFIG_INOTIFY1) += filemonitor-inotify.o +util-obj-$(call lnot,$(CONFIG_INOTIFY1)) += filemonitor-stub.o +util-obj-$(CONFIG_BLOCK) += readline.o + +endif # CONFIG_SOFTMMU || CONFIG_TOOLS -- 2.21.3
[PATCH v4 02/13] configure: Avoid building TCG when not needed
Avoid building TCG when building only tools: ./configure --enable-tools --disable-system --disable-user This saves us from running the soft-float tests enabled since commit 76170102508. Reviewed-by: Richard Henderson Reviewed-by: Alistair Francis Reviewed-by: Laurent Vivier Tested-by: Laurent Vivier Signed-off-by: Philippe Mathieu-Daudé --- configure | 4 1 file changed, 4 insertions(+) diff --git a/configure b/configure index 2fc05c4465..35e7951b95 100755 --- a/configure +++ b/configure @@ -1663,6 +1663,10 @@ if [ "$ARCH" = "unknown" ]; then linux_user="no" fi +if [ "$bsd_user" = "no" -a "$linux_user" = "no" -a "$softmmu" = "no" ] ; then + tcg="no" +fi + default_target_list="" mak_wilds="" -- 2.21.3
[PATCH v4 06/13] stubs/Makefile: Reduce the user-mode object list
These stubs are not required when configured with --disable-system. Reviewed-by: Richard Henderson Reviewed-by: Laurent Vivier Tested-by: Laurent Vivier Signed-off-by: Philippe Mathieu-Daudé --- stubs/Makefile.objs | 52 ++--- 1 file changed, 30 insertions(+), 22 deletions(-) diff --git a/stubs/Makefile.objs b/stubs/Makefile.objs index 6a9e3135e8..f54125de31 100644 --- a/stubs/Makefile.objs +++ b/stubs/Makefile.objs @@ -1,47 +1,55 @@ -stub-obj-y += arch_type.o -stub-obj-y += bdrv-next-monitor-owned.o stub-obj-y += blk-commit-all.o -stub-obj-y += blockdev-close-all-bdrv-states.o -stub-obj-y += clock-warp.o stub-obj-y += cpu-get-clock.o stub-obj-y += cpu-get-icount.o stub-obj-y += dump.o stub-obj-y += error-printf.o stub-obj-y += fdset.o stub-obj-y += gdbstub.o -stub-obj-y += get-vm-name.o -stub-obj-y += iothread.o stub-obj-y += iothread-lock.o stub-obj-y += is-daemonized.o stub-obj-$(CONFIG_LINUX_AIO) += linux-aio.o stub-obj-$(CONFIG_LINUX_IO_URING) += io_uring.o -stub-obj-y += machine-init-done.o -stub-obj-y += migr-blocker.o -stub-obj-y += change-state-handler.o -stub-obj-y += monitor.o stub-obj-y += monitor-core.o stub-obj-y += notify-event.o +stub-obj-y += qmp_memory_device.o stub-obj-y += qtest.o +stub-obj-y += ramfb.o stub-obj-y += replay.o -stub-obj-y += replay-user.o stub-obj-y += runstate-check.o +stub-obj-$(CONFIG_SOFTMMU) += semihost.o stub-obj-y += set-fd-handler.o +stub-obj-y += vmgenid.o stub-obj-y += sysbus.o stub-obj-y += tpm.o stub-obj-y += trace-control.o -stub-obj-y += uuid.o -stub-obj-y += vm-stop.o stub-obj-y += vmstate.o stub-obj-y += win32-kbd-hook.o + +### +# code used by both qemu system emulation and qemu-img + +ifeq ($(call lor,$(CONFIG_SOFTMMU),$(CONFIG_TOOLS)),y) + +stub-obj-y += arch_type.o +stub-obj-y += bdrv-next-monitor-owned.o +stub-obj-y += blockdev-close-all-bdrv-states.o +stub-obj-y += change-state-handler.o +stub-obj-y += clock-warp.o stub-obj-y += fd-register.o -stub-obj-y += qmp_memory_device.o -stub-obj-y += target-monitor-defs.o -stub-obj-y += target-get-monitor-def.o -stub-obj-y += vmgenid.o -stub-obj-y += xen-common.o -stub-obj-y += xen-hvm.o +stub-obj-y += fw_cfg.o +stub-obj-y += get-vm-name.o +stub-obj-y += iothread.o +stub-obj-y += machine-init-done.o +stub-obj-y += migr-blocker.o +stub-obj-y += monitor.o stub-obj-y += pci-host-piix.o stub-obj-y += ram-block.o -stub-obj-y += ramfb.o -stub-obj-y += fw_cfg.o -stub-obj-$(CONFIG_SOFTMMU) += semihost.o +stub-obj-y += replay-user.o +stub-obj-y += target-get-monitor-def.o +stub-obj-y += target-monitor-defs.o +stub-obj-y += uuid.o +stub-obj-y += vm-stop.o +stub-obj-y += xen-common.o +stub-obj-y += xen-hvm.o + +endif # CONFIG_SOFTMMU || CONFIG_TOOLS -- 2.21.3
[PATCH v4 03/13] tests/Makefile: Only display TCG-related tests when TCG is available
Reviewed-by: Alistair Francis Reviewed-by: Richard Henderson Reviewed-by: Laurent Vivier Tested-by: Laurent Vivier Signed-off-by: Philippe Mathieu-Daudé --- tests/Makefile.include | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/Makefile.include b/tests/Makefile.include index 03a74b60f6..6bc3d1096b 100644 --- a/tests/Makefile.include +++ b/tests/Makefile.include @@ -12,8 +12,10 @@ check-help: @echo " $(MAKE) check-speed Run qobject speed tests" @echo " $(MAKE) check-qapi-schemaRun QAPI schema tests" @echo " $(MAKE) check-block Run block tests" +ifeq ($(CONFIG_TCG),y) @echo " $(MAKE) check-tcgRun TCG tests" @echo " $(MAKE) check-softfloat Run FPU emulation tests" +endif @echo " $(MAKE) check-acceptance Run all acceptance (functional) tests" @echo @echo " $(MAKE) check-report.tap Generates an aggregated TAP test report" -- 2.21.3
[PATCH v4 04/13] tests/Makefile: Restrict some softmmu-only tests
In the next commit we are going to remove some objects from the util-obj-y variable (objects which are not used by user-mode, when configured with --disable-system). Then some system-mode tests are going to fail, due to the missing objects: $ make check-unit -k LINKtests/test-iov /usr/bin/ld: tests/test-iov.o: in function `iov_from_buf': include/qemu/iov.h:49: undefined reference to `iov_from_buf_full' make: *** [rules.mak:124: tests/test-iov] Error 1 LINKtests/test-timed-average /usr/bin/ld: tests/test-timed-average.o: in function `account': tests/test-timed-average.c:27: undefined reference to `timed_average_account' make: *** [rules.mak:124: tests/test-timed-average] Error 1 LINKtests/test-util-filemonitor /usr/bin/ld: tests/test-util-filemonitor.o: in function `qemu_file_monitor_test_event_loop': tests/test-util-filemonitor.c:83: undefined reference to `main_loop_wait' make: *** [rules.mak:124: tests/test-util-filemonitor] Error 1 LINKtests/test-util-sockets /usr/bin/ld: tests/test-util-sockets.o: in function `test_socket_fd_pass_name_good': tests/test-util-sockets.c:91: undefined reference to `socket_connect' make: *** [rules.mak:124: tests/test-util-sockets] Error 1 LINKtests/test-base64 /usr/bin/ld: tests/test-base64.o: in function `test_base64_good': tests/test-base64.c:35: undefined reference to `qbase64_decode' collect2: error: ld returned 1 exit status make: *** [rules.mak:124: tests/test-base64] Error 1 LINKtests/test-bufferiszero /usr/bin/ld: tests/test-bufferiszero.o: in function `test_1': tests/test-bufferiszero.c:31: undefined reference to `buffer_is_zero' make: *** [rules.mak:124: tests/test-bufferiszero] Error 1 make: Target 'check-unit' not remade because of errors. Instead, restrict these tests to system-mode, by using the $(CONFIG_SOFTMMU) variable. Reviewed-by: Richard Henderson Tested-by: Richard Henderson Reviewed-by: Laurent Vivier Tested-by: Laurent Vivier Signed-off-by: Philippe Mathieu-Daudé --- tests/Makefile.include | 16 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/Makefile.include b/tests/Makefile.include index 6bc3d1096b..0cb58aad26 100644 --- a/tests/Makefile.include +++ b/tests/Makefile.include @@ -66,14 +66,14 @@ check-unit-y += tests/check-qlit$(EXESUF) check-unit-y += tests/test-qobject-output-visitor$(EXESUF) check-unit-y += tests/test-clone-visitor$(EXESUF) check-unit-y += tests/test-qobject-input-visitor$(EXESUF) -check-unit-y += tests/test-qmp-cmds$(EXESUF) +check-unit-$(CONFIG_SOFTMMU) += tests/test-qmp-cmds$(EXESUF) check-unit-y += tests/test-string-input-visitor$(EXESUF) check-unit-y += tests/test-string-output-visitor$(EXESUF) check-unit-y += tests/test-qmp-event$(EXESUF) check-unit-y += tests/test-opts-visitor$(EXESUF) check-unit-$(CONFIG_BLOCK) += tests/test-coroutine$(EXESUF) check-unit-y += tests/test-visitor-serialization$(EXESUF) -check-unit-y += tests/test-iov$(EXESUF) +check-unit-$(CONFIG_SOFTMMU) += tests/test-iov$(EXESUF) check-unit-y += tests/test-bitmap$(EXESUF) check-unit-$(CONFIG_BLOCK) += tests/test-aio$(EXESUF) check-unit-$(CONFIG_BLOCK) += tests/test-aio-multithread$(EXESUF) @@ -108,7 +108,7 @@ check-unit-y += tests/test-qht$(EXESUF) check-unit-y += tests/test-qht-par$(EXESUF) check-unit-y += tests/test-bitops$(EXESUF) check-unit-y += tests/test-bitcnt$(EXESUF) -check-unit-y += tests/test-qdev-global-props$(EXESUF) +check-unit-$(CONFIG_SOFTMMU) += tests/test-qdev-global-props$(EXESUF) check-unit-y += tests/check-qom-interface$(EXESUF) check-unit-y += tests/check-qom-proplist$(EXESUF) check-unit-y += tests/test-qemu-opts$(EXESUF) @@ -126,9 +126,9 @@ check-unit-$(call land,$(CONFIG_BLOCK),$(CONFIG_GNUTLS)) += tests/test-crypto-tl ifneq (,$(findstring qemu-ga,$(TOOLS))) check-unit-$(call land,$(CONFIG_LINUX),$(CONFIG_VIRTIO_SERIAL)) += tests/test-qga$(EXESUF) endif -check-unit-y += tests/test-timed-average$(EXESUF) -check-unit-$(CONFIG_INOTIFY1) += tests/test-util-filemonitor$(EXESUF) -check-unit-y += tests/test-util-sockets$(EXESUF) +check-unit-$(CONFIG_SOFTMMU) += tests/test-timed-average$(EXESUF) +check-unit-$(call land,$(CONFIG_SOFTMMU),$(CONFIG_INOTIFY1)) += tests/test-util-filemonitor$(EXESUF) +check-unit-$(CONFIG_SOFTMMU) += tests/test-util-sockets$(EXESUF) check-unit-$(CONFIG_BLOCK) += tests/test-authz-simple$(EXESUF) check-unit-$(CONFIG_BLOCK) += tests/test-authz-list$(EXESUF) check-unit-$(CONFIG_BLOCK) += tests/test-authz-listfile$(EXESUF) @@ -139,7 +139,7 @@ check-unit-$(CONFIG_BLOCK) += tests/test-io-channel-file$(EXESUF) check-unit-$(call land,$(CONFIG_BLOCK),$(CONFIG_GNUTLS)) += tests/test-io-channel-tls$(EXESUF) check-unit-$(CONFIG_BLOCK) += tests/test-io-channel-command$(EXESUF) check-unit-$(CONFIG_BLOCK) += tests/test-io-channel-buffer$(EXESUF) -check-unit-y += tests/test-base64$(EXESUF) +check-unit-$(CONFIG_SOFTMMU) += tests/test-base64$(EXESUF) check-unit-$(
[PATCH v4 01/13] Makefile: Only build virtiofsd if system-mode is enabled
Do not build the virtiofsd helper when configured with --disable-system. Reviewed-by: Richard Henderson Acked-by: Dr. David Alan Gilbert Reviewed-by: Laurent Vivier Tested-by: Laurent Vivier Signed-off-by: Philippe Mathieu-Daudé --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 40e4f7677b..d1af126ea1 100644 --- a/Makefile +++ b/Makefile @@ -345,7 +345,7 @@ HELPERS-y += vhost-user-gpu$(EXESUF) vhost-user-json-y += contrib/vhost-user-gpu/50-qemu-gpu.json endif -ifeq ($(CONFIG_LINUX)$(CONFIG_SECCOMP)$(CONFIG_LIBCAP_NG),yyy) +ifeq ($(CONFIG_SOFTMMU)$(CONFIG_LINUX)$(CONFIG_SECCOMP)$(CONFIG_LIBCAP_NG),) HELPERS-y += virtiofsd$(EXESUF) vhost-user-json-y += tools/virtiofsd/50-qemu-virtiofsd.json endif -- 2.21.3
[PATCH v4 00/13] user-mode: Prune build dependencies (part 1)
This is the first part of a series reducing user-mode dependencies. By stripping out unused code, the build and testing time is reduced (as is space used by objects). Part 1 (generic): - reduce user-mode object list - remove some migration code from user-mode - remove cpu_get_crash_info() Patches 1-12 are fully reviewed. Since v3: - Rebased due to (trivial) conflicts after: . commit 2df9f5718df7722924699a3754f99165e2f4ae35 ui/win32-kbd-hook: handle AltGr in a hook procedure . commit b69c3c21a5d11075d42100d5cfe0a736593fae6b qdev: Unrealize must not fail . commit d2623129a7dec1d3041ad1221dda1ca49c667532 qom: Drop parameter @errp of object_property_add() & friends - Added patch #13 'Restrict ui/win32-kbd-hook to system-mode' Since v2: - Rebased due to conflict when applying patch: "util/Makefile: Reduce the user-mode object list" because commit 01ef6b9e4e modified util/Makefile.objs: "linux-user: factor out reading of /proc/self/maps" Since v1: - Addressed Laurent/Richard review comments - Removed 'exec: Drop redundant #ifdeffery' - Removed 'target: Restrict write_elfXX_note() handlers to system-mode' $ git backport-diff -u v2 -r v3 Key: [] : patches are identical [] : number of functional differences between upstream/downstream patch [down] : patch is downstream-only The flags [FC] indicate (F)unctional and (C)ontextual differences, respectively 001/13:[] [--] 'Makefile: Only build virtiofsd if system-mode is enabled' 002/13:[] [--] 'configure: Avoid building TCG when not needed' 003/13:[] [--] 'tests/Makefile: Only display TCG-related tests when TCG is available' 004/13:[] [--] 'tests/Makefile: Restrict some softmmu-only tests' 005/13:[] [--] 'util/Makefile: Reduce the user-mode object list' 006/13:[] [-C] 'stubs/Makefile: Reduce the user-mode object list' 007/13:[] [--] 'target/riscv/cpu: Restrict CPU migration to system-mode' 008/13:[] [--] 'exec: Assert CPU migration is not used on user-only build' 009/13:[] [--] 'arch_init: Remove unused 'qapi-commands-misc.h' include' 010/13:[] [-C] 'target/i386: Restrict CpuClass::get_crash_info() to system-mode' 011/13:[] [-C] 'target/s390x: Restrict CpuClass::get_crash_info() to system-mode' 012/13:[] [--] 'hw/core: Restrict CpuClass::get_crash_info() to system-mode' 013/13:[down] 'stubs: Restrict ui/win32-kbd-hook to system-mode' Philippe Mathieu-Daudé (13): Makefile: Only build virtiofsd if system-mode is enabled configure: Avoid building TCG when not needed tests/Makefile: Only display TCG-related tests when TCG is available tests/Makefile: Restrict some softmmu-only tests util/Makefile: Reduce the user-mode object list stubs/Makefile: Reduce the user-mode object list target/riscv/cpu: Restrict CPU migration to system-mode exec: Assert CPU migration is not used on user-only build arch_init: Remove unused 'qapi-commands-misc.h' include target/i386: Restrict CpuClass::get_crash_info() to system-mode target/s390x: Restrict CpuClass::get_crash_info() to system-mode hw/core: Restrict CpuClass::get_crash_info() to system-mode stubs: Restrict ui/win32-kbd-hook to system-mode configure | 4 +++ Makefile | 2 +- include/hw/core/cpu.h | 7 - arch_init.c| 1 - exec.c | 4 ++- hw/core/cpu.c | 2 ++ target/i386/cpu.c | 6 - target/riscv/cpu.c | 6 +++-- target/s390x/cpu.c | 12 - stubs/Makefile.objs| 54 ++ tests/Makefile.include | 18 +++-- util/Makefile.objs | 59 +++--- 12 files changed, 109 insertions(+), 66 deletions(-) -- 2.21.3
[PATCH 5/5] virtio: enable VIRTIO_F_RING_PACKED for all devices
The packed virtqueue layout was introduced in VIRTIO 1.1. It is a single
ring instead of a split avail/used ring design. There are CPU cache
advantages to this layout and it is also suited better to hardware
implementation.
The vhost-net backend has already supported packed virtqueues for some
time. Performance benchmarks show that virtio-blk performance on NVMe
drives is also improved.
Go ahead and enable this feature for all VIRTIO devices. Keep it
disabled for QEMU 5.0 and earlier machine types.
Signed-off-by: Stefan Hajnoczi
---
include/hw/virtio/virtio.h | 2 +-
hw/core/machine.c | 18 +-
2 files changed, 18 insertions(+), 2 deletions(-)
diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h
index b69d517496..fd5b4a2044 100644
--- a/include/hw/virtio/virtio.h
+++ b/include/hw/virtio/virtio.h
@@ -292,7 +292,7 @@ typedef struct VirtIORNGConf VirtIORNGConf;
DEFINE_PROP_BIT64("iommu_platform", _state, _field, \
VIRTIO_F_IOMMU_PLATFORM, false), \
DEFINE_PROP_BIT64("packed", _state, _field, \
- VIRTIO_F_RING_PACKED, false)
+ VIRTIO_F_RING_PACKED, true)
hwaddr virtio_queue_get_desc_addr(VirtIODevice *vdev, int n);
bool virtio_queue_enabled(VirtIODevice *vdev, int n);
diff --git a/hw/core/machine.c b/hw/core/machine.c
index bb3a7b18b1..3598c3c825 100644
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
@@ -28,7 +28,23 @@
#include "hw/mem/nvdimm.h"
#include "migration/vmstate.h"
-GlobalProperty hw_compat_5_0[] = {};
+GlobalProperty hw_compat_5_0[] = {
+{ "vhost-user-blk", "packed", "off" },
+{ "vhost-user-fs-device", "packed", "off" },
+{ "vhost-vsock-device", "packed", "off" },
+{ "virtio-9p-device", "packed", "off" },
+{ "virtio-balloon-device", "packed", "off" },
+{ "virtio-blk-device", "packed", "off" },
+{ "virtio-crypto-device", "packed", "off" },
+{ "virtio-gpu-device", "packed", "off" },
+{ "virtio-input-device", "packed", "off" },
+{ "virtio-iommu-device", "packed", "off" },
+{ "virtio-net-device", "packed", "off" },
+{ "virtio-pmem", "packed", "off" },
+{ "virtio-rng-device", "packed", "off" },
+{ "virtio-scsi-common", "packed", "off" },
+{ "virtio-serial-device", "packed", "off" },
+};
const size_t hw_compat_5_0_len = G_N_ELEMENTS(hw_compat_5_0);
GlobalProperty hw_compat_4_2[] = {
--
2.25.3
[PATCH 3/5] vhost-user-blk: add VIRTIO_F_RING_PACKED feature bit
Vhost devices have a list of feature bits that the device backend is
allowed to control. The VIRTIO_F_RING_PACKED feature is a feature that
must be negotiated through all the way to the device backend. Add it so
the device backend can declare whether or not it supports the packed
ring layout.
Signed-off-by: Stefan Hajnoczi
---
hw/block/vhost-user-blk.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/block/vhost-user-blk.c b/hw/block/vhost-user-blk.c
index 9d8c0b3909..10e114a19a 100644
--- a/hw/block/vhost-user-blk.c
+++ b/hw/block/vhost-user-blk.c
@@ -44,6 +44,7 @@ static const int user_feature_bits[] = {
VIRTIO_BLK_F_DISCARD,
VIRTIO_BLK_F_WRITE_ZEROES,
VIRTIO_F_VERSION_1,
+VIRTIO_F_RING_PACKED,
VIRTIO_RING_F_INDIRECT_DESC,
VIRTIO_RING_F_EVENT_IDX,
VIRTIO_F_NOTIFY_ON_EMPTY,
--
2.25.3
[PATCH 4/5] vhost-scsi: add VIRTIO_F_VERSION_1 and VIRTIO_F_RING_PACKED
Let vhost-scsi and vhost-user-scsi device backends determine whether
VIRTIO 1.0 and packed virtqueues are supported. It doesn't make sense to
handle these feature bits in QEMU since the device backend needs to
support them if we want to use them.
Signed-off-by: Stefan Hajnoczi
---
hw/scsi/vhost-scsi.c | 2 ++
hw/scsi/vhost-user-scsi.c | 2 ++
2 files changed, 4 insertions(+)
diff --git a/hw/scsi/vhost-scsi.c b/hw/scsi/vhost-scsi.c
index c1b012aea4..a7fb788af5 100644
--- a/hw/scsi/vhost-scsi.c
+++ b/hw/scsi/vhost-scsi.c
@@ -34,6 +34,8 @@
/* Features supported by host kernel. */
static const int kernel_feature_bits[] = {
+VIRTIO_F_VERSION_1,
+VIRTIO_F_RING_PACKED,
VIRTIO_F_NOTIFY_ON_EMPTY,
VIRTIO_RING_F_INDIRECT_DESC,
VIRTIO_RING_F_EVENT_IDX,
diff --git a/hw/scsi/vhost-user-scsi.c b/hw/scsi/vhost-user-scsi.c
index cbb5d97599..6aa0d5ded2 100644
--- a/hw/scsi/vhost-user-scsi.c
+++ b/hw/scsi/vhost-user-scsi.c
@@ -32,6 +32,8 @@
/* Features supported by the host application */
static const int user_feature_bits[] = {
+VIRTIO_F_VERSION_1,
+VIRTIO_F_RING_PACKED,
VIRTIO_F_NOTIFY_ON_EMPTY,
VIRTIO_RING_F_INDIRECT_DESC,
VIRTIO_RING_F_EVENT_IDX,
--
2.25.3
[PATCH 0/5] virtio: enable VIRTIO_F_RING_PACKED for all devices
The VIRTIO 1.1 packed virtqueue layout improves performance and guest driver support has been available since Linux v5.0. virtio-blk benchmarks show it is beneficial for non-net devices too so I wrote patches to enable it for all devices. It turned out to be trickier than I expected because vhost feature negotiation is currently not ready for new virtqueue feature bits like VIRTIO_F_RING_PACKED. Patches 2-4 solve this. Patch 5 then enables packed virtqueues. Stefan Hajnoczi (5): tests/libqos: mask out VIRTIO_F_RING_PACKED for now vhost: involve device backends in feature negotiation vhost-user-blk: add VIRTIO_F_RING_PACKED feature bit vhost-scsi: add VIRTIO_F_VERSION_1 and VIRTIO_F_RING_PACKED virtio: enable VIRTIO_F_RING_PACKED for all devices include/hw/virtio/vhost.h| 1 + include/hw/virtio/virtio-gpu.h | 2 ++ include/hw/virtio/virtio.h | 2 +- include/sysemu/cryptodev-vhost.h | 11 +++ backends/cryptodev-vhost.c | 19 +++ hw/block/vhost-user-blk.c| 1 + hw/core/machine.c| 18 +- hw/display/vhost-user-gpu.c | 17 + hw/display/virtio-gpu-base.c | 2 +- hw/input/vhost-user-input.c | 9 + hw/scsi/vhost-scsi.c | 2 ++ hw/scsi/vhost-user-scsi.c| 2 ++ hw/virtio/vhost-user-fs.c| 5 +++-- hw/virtio/vhost-vsock.c | 5 +++-- hw/virtio/vhost.c| 22 ++ hw/virtio/virtio-crypto.c| 3 ++- tests/qtest/libqos/virtio.c | 3 ++- 17 files changed, 115 insertions(+), 9 deletions(-) -- 2.25.3
[PATCH 1/5] tests/libqos: mask out VIRTIO_F_RING_PACKED for now
The libqos VIRTIO code does not implement the packed virtqueue layout
yet. Mask out the feature bit for now because tests have a habit of
enabling all device feature bits and we don't want packed virtqueues to
be enabled.
Later patches will enable VIRTIO_F_RING_PACKED so prepare libqos now.
Cc: Thomas Huth
Signed-off-by: Stefan Hajnoczi
---
tests/qtest/libqos/virtio.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/tests/qtest/libqos/virtio.c b/tests/qtest/libqos/virtio.c
index 9aa360620c..1c3f4a0c8b 100644
--- a/tests/qtest/libqos/virtio.c
+++ b/tests/qtest/libqos/virtio.c
@@ -96,7 +96,8 @@ uint64_t qvirtio_config_readq(QVirtioDevice *d, uint64_t addr)
uint64_t qvirtio_get_features(QVirtioDevice *d)
{
-return d->bus->get_features(d);
+/* qvirtio does not support packed virtqueues yet */
+return d->bus->get_features(d) & ~(1ull << VIRTIO_F_RING_PACKED);
}
void qvirtio_set_features(QVirtioDevice *d, uint64_t features)
--
2.25.3
[PATCH 2/5] vhost: involve device backends in feature negotiation
Many vhost devices in QEMU currently do not involve the device backend
in feature negotiation. This seems fine at first glance for device types
without their own feature bits (virtio-net has many but other device
types have none).
This overlooks the fact that QEMU's virtqueue implementation and the
device backend's implementation may support different features. QEMU
must not report features to the guest that the the device backend
doesn't support.
For example, QEMU supports VIRTIO 1.1 packed virtqueues while many
existing vhost device backends do not. When the user sets packed=on the
device backend breaks. This should have been handled gracefully by
feature negotiation instead.
Introduce vhost_get_default_features() and update all vhost devices in
QEMU to involve the device backend in feature negotiation.
This patch fixes the following error:
$ x86_64-softmmu/qemu-system-x86_64 \
-drive if=virtio,file=test.img,format=raw \
-chardev socket,path=/tmp/vhost-user-blk.sock,id=char0 \
-device vhost-user-blk-pci,chardev=char0,packed=on \
-object memory-backend-memfd,size=1G,share=on,id=ram0 \
-M accel=kvm,memory-backend=ram0
qemu-system-x86_64: Failed to set msg fds.
qemu-system-x86_64: vhost VQ 0 ring restore failed: -1: Success (0)
The vhost-user-blk backend failed as follows:
$ ./vhost-user-blk --socket-path=/tmp/vhost-user-blk.sock -b test2.img
vu_panic: virtio: zero sized buffers are not allowed
virtio-blk request missing headers
Signed-off-by: Stefan Hajnoczi
---
include/hw/virtio/vhost.h| 1 +
include/hw/virtio/virtio-gpu.h | 2 ++
include/sysemu/cryptodev-vhost.h | 11 +++
backends/cryptodev-vhost.c | 19 +++
hw/display/vhost-user-gpu.c | 17 +
hw/display/virtio-gpu-base.c | 2 +-
hw/input/vhost-user-input.c | 9 +
hw/virtio/vhost-user-fs.c| 5 +++--
hw/virtio/vhost-vsock.c | 5 +++--
hw/virtio/vhost.c| 22 ++
hw/virtio/virtio-crypto.c| 3 ++-
11 files changed, 90 insertions(+), 6 deletions(-)
diff --git a/include/hw/virtio/vhost.h b/include/hw/virtio/vhost.h
index 085450c6f8..d2e54dd4a8 100644
--- a/include/hw/virtio/vhost.h
+++ b/include/hw/virtio/vhost.h
@@ -112,6 +112,7 @@ void vhost_virtqueue_mask(struct vhost_dev *hdev,
VirtIODevice *vdev, int n,
bool mask);
uint64_t vhost_get_features(struct vhost_dev *hdev, const int *feature_bits,
uint64_t features);
+uint64_t vhost_get_default_features(struct vhost_dev *hdev, uint64_t features);
void vhost_ack_features(struct vhost_dev *hdev, const int *feature_bits,
uint64_t features);
bool vhost_has_free_slot(void);
diff --git a/include/hw/virtio/virtio-gpu.h b/include/hw/virtio/virtio-gpu.h
index 6dd57f2025..41d270d80e 100644
--- a/include/hw/virtio/virtio-gpu.h
+++ b/include/hw/virtio/virtio-gpu.h
@@ -192,6 +192,8 @@ bool virtio_gpu_base_device_realize(DeviceState *qdev,
void virtio_gpu_base_reset(VirtIOGPUBase *g);
void virtio_gpu_base_fill_display_info(VirtIOGPUBase *g,
struct virtio_gpu_resp_display_info *dpy_info);
+uint64_t virtio_gpu_base_get_features(VirtIODevice *vdev, uint64_t features,
+ Error **errp);
/* virtio-gpu.c */
void virtio_gpu_ctrl_response(VirtIOGPU *g,
diff --git a/include/sysemu/cryptodev-vhost.h b/include/sysemu/cryptodev-vhost.h
index f42824fbde..e629446bfb 100644
--- a/include/sysemu/cryptodev-vhost.h
+++ b/include/sysemu/cryptodev-vhost.h
@@ -122,6 +122,17 @@ int cryptodev_vhost_start(VirtIODevice *dev, int
total_queues);
*/
void cryptodev_vhost_stop(VirtIODevice *dev, int total_queues);
+/**
+ * cryptodev_vhost_get_features:
+ * @dev: the virtio crypto object
+ * @requested_features: the features being offered
+ *
+ * Returns: the requested features bits that are supported by the vhost device,
+ * or the original request feature bits if vhost is disabled
+ *
+ */
+uint64_t cryptodev_vhost_get_features(VirtIODevice *dev, uint64_t features);
+
/**
* cryptodev_vhost_virtqueue_mask:
* @dev: the virtio crypto object
diff --git a/backends/cryptodev-vhost.c b/backends/cryptodev-vhost.c
index 8337c9a495..5f5a4fda7b 100644
--- a/backends/cryptodev-vhost.c
+++ b/backends/cryptodev-vhost.c
@@ -266,6 +266,20 @@ void cryptodev_vhost_stop(VirtIODevice *dev, int
total_queues)
assert(r >= 0);
}
+uint64_t cryptodev_vhost_get_features(VirtIODevice *dev, uint64_t features)
+{
+VirtIOCrypto *vcrypto = VIRTIO_CRYPTO(dev);
+CryptoDevBackend *b = vcrypto->cryptodev;
+CryptoDevBackendClient *cc = b->conf.peers.ccs[0];
+CryptoDevBackendVhost *vhost_crypto = cryptodev_get_vhost(cc, b, 0);
+
+if (!vhost_crypto) {
+return features; /* vhost disabled */
+}
+
+return vhost_get_default_features(&vhost_crypto->dev, features);
+}
+
void cryptodev_vhost_virtqueu
Re: [PULL 01/11] ui/win32-kbd-hook: handle AltGr in a hook procedure
On 5/20/20 10:43 AM, Gerd Hoffmann wrote: > From: Volker Rümelin > > Import win32 keyboard hooking code from project spice-gtk. This > patch removes the extra left control key up/down input events > inserted by Windows for the right alt key up/down input events > with international keyboard layouts. Additionally there's some > code to grab the keyboard. > > The next patches will use this code. > > Only Windows needs this. > > Signed-off-by: Volker Rümelin > Message-id: 20200516072014.7766-1-vr_q...@t-online.de This patch content doesn't match exactly the content of the message-id. There are some build-sys changes. > Signed-off-by: Gerd Hoffmann > --- > include/ui/win32-kbd-hook.h | 14 + > stubs/win32-kbd-hook.c | 18 +++ > ui/win32-kbd-hook.c | 102 > stubs/Makefile.objs | 1 + > ui/Makefile.objs| 3 ++ > 5 files changed, 138 insertions(+) > create mode 100644 include/ui/win32-kbd-hook.h > create mode 100644 stubs/win32-kbd-hook.c > create mode 100644 ui/win32-kbd-hook.c [...] > diff --git a/stubs/Makefile.objs b/stubs/Makefile.objs > index 45be5dc0ed78..6a9e3135e8f9 100644 > --- a/stubs/Makefile.objs > +++ b/stubs/Makefile.objs > @@ -32,6 +32,7 @@ stub-obj-y += trace-control.o > stub-obj-y += uuid.o > stub-obj-y += vm-stop.o > stub-obj-y += vmstate.o > +stub-obj-y += win32-kbd-hook.o > stub-obj-y += fd-register.o > stub-obj-y += qmp_memory_device.o > stub-obj-y += target-monitor-defs.o > diff --git a/ui/Makefile.objs b/ui/Makefile.objs > index e6da6ff047fd..504b19647977 100644 > --- a/ui/Makefile.objs > +++ b/ui/Makefile.objs > @@ -15,6 +15,9 @@ common-obj-$(CONFIG_SPICE) += spice-core.o spice-input.o > spice-display.o > common-obj-$(CONFIG_COCOA) += cocoa.o > common-obj-$(CONFIG_VNC) += $(vnc-obj-y) > common-obj-$(call lnot,$(CONFIG_VNC)) += vnc-stubs.o > +ifneq (,$(findstring m,$(CONFIG_SDL)$(CONFIG_GTK))) If we limit this object compilation, shouldn't we also limit the stub? > +common-obj-$(CONFIG_WIN32) += win32-kbd-hook.o > +endif > > # ui-sdl module > common-obj-$(CONFIG_SDL) += sdl.mo >
[RFC v2 2/3] cpu-timers, icount: new modules
refactoring of cpus.c continues with two new modules extracted from it.
cpu-timers: responsible for the cpu timers state, and for access to
cpu clocks and ticks.
icount: counts the TCG instructions executed. As such it is specific to
the TCG accelerator. Therefore, it is built only under CONFIG_TCG.
One complication is due to qtest, which misuses icount to warp time
(qtest_clock_warp). In order to solve this problem, detach instead qtest
from icount, and use a trivial separate counter for it. This also
removes the need for the strange icount option generation when
initializing accel/qtest.c
No functionality change.
Signed-off-by: Claudio Fontana
---
MAINTAINERS | 1 +
Makefile.target | 2 +
accel/qtest.c| 6 +-
accel/tcg/cpu-exec.c | 43 ++-
accel/tcg/tcg-all.c | 7 +-
accel/tcg/translate-all.c| 3 +-
cpu-timers.c | 267
cpus.c | 731 +--
docs/replay.txt | 6 +-
exec.c | 4 -
hw/core/ptimer.c | 6 +-
hw/i386/x86.c| 1 +
icount.c | 496 +
include/exec/cpu-all.h | 4 +
include/exec/exec-all.h | 4 +-
include/qemu/timer.h | 22 +-
include/sysemu/cpu-timers.h | 72 +
include/sysemu/cpus.h| 12 +-
include/sysemu/qtest.h | 2 +
include/sysemu/replay.h | 4 +-
qtest.c | 34 +-
replay/replay.c | 6 +-
softmmu/vl.c | 8 +-
stubs/Makefile.objs | 3 +-
stubs/clock-warp.c | 4 +-
stubs/cpu-get-clock.c| 3 +-
stubs/cpu-get-icount.c | 21 --
stubs/icount.c | 22 ++
stubs/qemu-timer-notify-cb.c | 8 +
stubs/qtest.c| 5 +
target/alpha/translate.c | 3 +-
target/arm/helper.c | 7 +-
target/riscv/csr.c | 8 +-
tests/ptimer-test-stubs.c| 6 +-
tests/test-timed-average.c | 2 +-
timers-state.h | 45 +++
util/main-loop.c | 4 +-
util/qemu-timer.c| 12 +-
38 files changed, 1063 insertions(+), 831 deletions(-)
create mode 100644 cpu-timers.c
create mode 100644 icount.c
create mode 100644 include/sysemu/cpu-timers.h
delete mode 100644 stubs/cpu-get-icount.c
create mode 100644 stubs/icount.c
create mode 100644 stubs/qemu-timer-notify-cb.c
create mode 100644 timers-state.h
diff --git a/MAINTAINERS b/MAINTAINERS
index 95be18c0b5..d8df7130ef 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -2149,6 +2149,7 @@ M: Paolo Bonzini
S: Maintained
F: cpus.c
F: cpu-throttle.c
+F: cpu-timers.c
F: include/qemu/main-loop.h
F: include/sysemu/runstate.h
F: util/main-loop.c
diff --git a/Makefile.target b/Makefile.target
index 60cfa2a78b..4e9197d3cf 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -155,6 +155,8 @@ ifdef CONFIG_SOFTMMU
obj-y += arch_init.o
obj-y += cpus.o
obj-y += cpu-throttle.o
+obj-y += cpu-timers.o
+obj-$(CONFIG_TCG) += icount.o
obj-y += gdbstub.o
obj-y += balloon.o
obj-y += ioport.o
diff --git a/accel/qtest.c b/accel/qtest.c
index 5b88f55921..119d0f16a4 100644
--- a/accel/qtest.c
+++ b/accel/qtest.c
@@ -19,14 +19,10 @@
#include "sysemu/accel.h"
#include "sysemu/qtest.h"
#include "sysemu/cpus.h"
+#include "sysemu/cpu-timers.h"
static int qtest_init_accel(MachineState *ms)
{
-QemuOpts *opts = qemu_opts_create(qemu_find_opts("icount"), NULL, 0,
- &error_abort);
-qemu_opt_set(opts, "shift", "0", &error_abort);
-configure_icount(opts, &error_abort);
-qemu_opts_del(opts);
return 0;
}
diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index d95c4848a4..82155c1db3 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -19,6 +19,7 @@
#include "qemu/osdep.h"
#include "qemu-common.h"
+#include "qemu/qemu-print.h"
#include "cpu.h"
#include "trace.h"
#include "disas/disas.h"
@@ -36,6 +37,8 @@
#include "hw/i386/apic.h"
#endif
#include "sysemu/cpus.h"
+#include "exec/cpu-all.h"
+#include "sysemu/cpu-timers.h"
#include "sysemu/replay.h"
/* -icount align implementation. */
@@ -56,6 +59,9 @@ typedef struct SyncClocks {
#define MAX_DELAY_PRINT_RATE 20LL
#define MAX_NB_PRINTS 100
+static int64_t max_delay;
+static int64_t max_advance;
+
static void align_clocks(SyncClocks *sc, CPUState *cpu)
{
int64_t cpu_icount;
@@ -65,7 +71,7 @@ static void align_clocks(SyncClocks *sc, CPUState *cpu)
}
cpu_icount = cpu->icount_extra + cpu_neg(cpu)->icount_decr.u16.low;
-sc->diff_clk += cpu_icount_to_ns(sc->last_cpu_icount - cpu_icount);
+sc->diff_clk += icount_to_ns(sc->last_cpu_icount - cpu_icount);
sc->last_cpu_icount = cpu_icount;
if (sc->diff_clk > VM_CLOCK_ADVANCE) {
@@ -98,9 +104,9 @@ static void print_delay(const SyncClocks *sc)
[RFC v2 1/3] cpu-throttle: new module, extracted from cpus.c
move the vcpu throttling functionality into its own module.
This functionality is not specific to any accelerator,
and it is used currently by migration to slow down guests to try to
have migrations converge, and by the cocoa MacOS UI to throttle speed.
cpu-throttle contains the controls to adjust and inspect throttle
settings, start (set) and stop vcpu throttling, and the throttling
function itself that is run periodically on vcpus to make them take a nap.
Execution of the throttling function on all vcpus is triggered by a timer,
registered at module initialization.
No functionality change.
Signed-off-by: Claudio Fontana
---
MAINTAINERS | 1 +
Makefile.target | 8 ++-
cpu-throttle.c| 122 ++
cpus.c| 95 +++-
include/hw/core/cpu.h | 37 -
include/qemu/main-loop.h | 5 ++
include/sysemu/cpu-throttle.h | 50 +
migration/migration.c | 1 +
migration/ram.c | 1 +
9 files changed, 195 insertions(+), 125 deletions(-)
create mode 100644 cpu-throttle.c
create mode 100644 include/sysemu/cpu-throttle.h
diff --git a/MAINTAINERS b/MAINTAINERS
index 3690f313c3..95be18c0b5 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -2148,6 +2148,7 @@ Main loop
M: Paolo Bonzini
S: Maintained
F: cpus.c
+F: cpu-throttle.c
F: include/qemu/main-loop.h
F: include/sysemu/runstate.h
F: util/main-loop.c
diff --git a/Makefile.target b/Makefile.target
index 8ed1eba95b..60cfa2a78b 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -152,7 +152,13 @@ endif #CONFIG_BSD_USER
#
# System emulator target
ifdef CONFIG_SOFTMMU
-obj-y += arch_init.o cpus.o gdbstub.o balloon.o ioport.o
+obj-y += arch_init.o
+obj-y += cpus.o
+obj-y += cpu-throttle.o
+obj-y += gdbstub.o
+obj-y += balloon.o
+obj-y += ioport.o
+
obj-y += qtest.o
obj-y += dump/
obj-y += hw/
diff --git a/cpu-throttle.c b/cpu-throttle.c
new file mode 100644
index 00..4e6b2818ca
--- /dev/null
+++ b/cpu-throttle.c
@@ -0,0 +1,122 @@
+/*
+ * QEMU System Emulator
+ *
+ * Copyright (c) 2003-2008 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "qemu/thread.h"
+#include "hw/core/cpu.h"
+#include "qemu/main-loop.h"
+#include "sysemu/cpus.h"
+#include "sysemu/cpu-throttle.h"
+
+/* vcpu throttling controls */
+static QEMUTimer *throttle_timer;
+static unsigned int throttle_percentage;
+
+#define CPU_THROTTLE_PCT_MIN 1
+#define CPU_THROTTLE_PCT_MAX 99
+#define CPU_THROTTLE_TIMESLICE_NS 1000
+
+static void cpu_throttle_thread(CPUState *cpu, run_on_cpu_data opaque)
+{
+double pct;
+double throttle_ratio;
+int64_t sleeptime_ns, endtime_ns;
+
+if (!cpu_throttle_get_percentage()) {
+return;
+}
+
+pct = (double)cpu_throttle_get_percentage() / 100;
+throttle_ratio = pct / (1 - pct);
+/* Add 1ns to fix double's rounding error (like 0.999...) */
+sleeptime_ns = (int64_t)(throttle_ratio * CPU_THROTTLE_TIMESLICE_NS + 1);
+endtime_ns = qemu_clock_get_ns(QEMU_CLOCK_REALTIME) + sleeptime_ns;
+while (sleeptime_ns > 0 && !cpu->stop) {
+if (sleeptime_ns > SCALE_MS) {
+qemu_cond_timedwait_iothread(cpu->halt_cond,
+ sleeptime_ns / SCALE_MS);
+} else {
+qemu_mutex_unlock_iothread();
+g_usleep(sleeptime_ns / SCALE_US);
+qemu_mutex_lock_iothread();
+}
+sleeptime_ns = endtime_ns - qemu_clock_get_ns(QEMU_CLOCK_REALTIME);
+}
+atomic_set(&cpu->throttle_thread_scheduled, 0);
+}
+
+static void cpu_throttle_timer_tick(void *opaque)
+{
+CPUState *cpu;
+double pct;
+
+/* Stop the timer if needed */
+if (!cpu_throttle_get_percenta
[RFC v2 0/3] QEMU cpus.c refactoring
Motivation and higher level steps: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg04628.html v1 -> v2: * 1/3 (cpu-throttle): provide a description in the commit message * 2/3 (cpu-timers, icount): in this v2 separate icount from cpu-timers, as icount is actually TCG-specific. Only build it under CONFIG_TCG. To do this, qtest had to be detached from icount. To this end, a trivial global counter for qtest has been introduced. * 3/3 (CpuAccelInterface): provided a description. This is point 8) in that plan. The idea is to extract the unrelated parts in cpus, and register interfaces from each single accelerator to the main cpus module (cpus.c). While doing this RFC, I noticed some assumptions about Windows being either TCG or HAX (not considering WHPX) that might need to be revisited. I added a comment there. The thing builds successfully based on Linux cross-compilations for windows/hax, windows/whpx, and I got a good build on Darwin/hvf. Tests run successully for tcg and kvm configurations, but did not test on windows or darwin. Welcome your feedback and help on this, Claudio Claudio Fontana (3): cpu-throttle: new module, extracted from cpus.c cpu-timers: new module extracted from cpus.c cpus: implement cpus interfaces for per-accelerator threads MAINTAINERS |3 + Makefile.target |9 +- accel/kvm/Makefile.objs |2 + accel/kvm/kvm-all.c | 15 +- accel/kvm/kvm-cpus-interface.c | 94 ++ accel/kvm/kvm-cpus-interface.h |8 + accel/qtest.c| 85 +- accel/stubs/kvm-stub.c |3 +- accel/tcg/Makefile.objs |1 + accel/tcg/cpu-exec.c | 43 +- accel/tcg/tcg-all.c | 19 +- accel/tcg/tcg-cpus-interface.c | 523 + accel/tcg/tcg-cpus-interface.h |8 + accel/tcg/translate-all.c|3 +- cpu-throttle.c | 122 ++ cpu-timers.c | 776 + cpus.c | 2015 -- docs/replay.txt |6 +- exec.c |4 - hw/core/cpu.c|1 + hw/core/ptimer.c |6 +- hw/i386/x86.c|1 + include/exec/cpu-all.h |4 + include/exec/exec-all.h |4 +- include/hw/core/cpu.h| 37 - include/qemu/main-loop.h |5 + include/qemu/timer.h | 20 - include/sysemu/cpu-throttle.h| 50 + include/sysemu/cpu-timers.h | 73 ++ include/sysemu/cpus.h| 56 +- include/sysemu/hw_accel.h| 57 +- include/sysemu/kvm.h |2 +- include/sysemu/replay.h |4 +- migration/migration.c|1 + migration/ram.c |1 + qtest.c |2 +- replay/replay.c |6 +- softmmu/vl.c |8 +- stubs/Makefile.objs |1 + stubs/clock-warp.c |4 +- stubs/cpu-get-clock.c|2 +- stubs/cpu-get-icount.c | 14 +- stubs/cpu-synchronize-state.c| 15 + target/alpha/translate.c |3 +- target/arm/helper.c |7 +- target/i386/Makefile.objs|7 +- target/i386/hax-all.c|6 +- target/i386/hax-cpus-interface.c | 85 ++ target/i386/hax-cpus-interface.h |8 + target/i386/hax-i386.h |2 + target/i386/hax-posix.c | 12 + target/i386/hax-windows.c| 20 + target/i386/hvf/Makefile.objs|2 +- target/i386/hvf/hvf-cpus-interface.c | 83 ++ target/i386/hvf/hvf-cpus-interface.h |8 + target/i386/hvf/hvf.c|5 +- target/i386/kvm.c|4 +- target/i386/whpx-all.c |3 + target/i386/whpx-cpus-interface.c| 96 ++ target/i386/whpx-cpus-interface.h|8 + target/riscv/csr.c |8 +- tests/ptimer-test-stubs.c|6 + tests/test-timed-average.c |2 +- util/main-loop.c |4 +- util/qemu-timer.c|9 +- 65 files changed, 2524 insertions(+), 1977 deletions(-) create mode 100644 accel/kvm/kvm-cpus-interface.c create mode 100644 accel/kvm/kvm-cpus-interface.h create mode 100644 accel/tcg/tcg-cpus-interface.c create mode 100644 accel/tcg/tcg-cpus-interface.h create mode 100644 cpu-throttle.c create mode 100644 cpu-timers.c create mode 100644 include/sysemu/cpu-throttle.h create mode 100644 include/sysemu/cpu-timers.h create mode 100644 stubs/cpu-synchronize-state.c create mode 100644 target/i386/hax-cpus-interface.c create mode 100644 tar
[RFC v2 3/3] cpus: extract out accel-specific code to each accel
each accelerator registers a new "CpusAccelInterface"
on initialization, providing functions for starting a vcpu,
kicking a vcpu, and sychronizing state.
This way the code in cpus.cc is now all general softmmu code,
nothing (or almost nothing) accelerator-specific anymore.
Signed-off-by: Claudio Fontana
---
MAINTAINERS | 1 +
accel/kvm/Makefile.objs | 2 +
accel/kvm/kvm-all.c | 15 +-
accel/kvm/kvm-cpus-interface.c | 94
accel/kvm/kvm-cpus-interface.h | 8 +
accel/qtest.c| 82
accel/stubs/kvm-stub.c | 3 +-
accel/tcg/Makefile.objs | 1 +
accel/tcg/tcg-all.c | 12 +-
accel/tcg/tcg-cpus-interface.c | 523
accel/tcg/tcg-cpus-interface.h | 8 +
cpus.c | 911 +++
hw/core/cpu.c| 1 +
include/sysemu/cpus.h| 44 ++
include/sysemu/hvf.h | 1 -
include/sysemu/hw_accel.h| 57 +--
include/sysemu/kvm.h | 2 +-
stubs/Makefile.objs | 1 +
stubs/cpu-synchronize-state.c| 15 +
target/i386/Makefile.objs| 7 +-
target/i386/hax-all.c| 6 +-
target/i386/hax-cpus-interface.c | 85
target/i386/hax-cpus-interface.h | 8 +
target/i386/hax-i386.h | 2 +
target/i386/hax-posix.c | 12 +
target/i386/hax-windows.c| 20 +
target/i386/hvf/Makefile.objs| 2 +-
target/i386/hvf/hvf-cpus-interface.c | 92
target/i386/hvf/hvf-cpus-interface.h | 8 +
target/i386/hvf/hvf.c| 5 +-
target/i386/whpx-all.c | 3 +
target/i386/whpx-cpus-interface.c| 96
target/i386/whpx-cpus-interface.h| 8 +
33 files changed, 1232 insertions(+), 903 deletions(-)
create mode 100644 accel/kvm/kvm-cpus-interface.c
create mode 100644 accel/kvm/kvm-cpus-interface.h
create mode 100644 accel/tcg/tcg-cpus-interface.c
create mode 100644 accel/tcg/tcg-cpus-interface.h
create mode 100644 stubs/cpu-synchronize-state.c
create mode 100644 target/i386/hax-cpus-interface.c
create mode 100644 target/i386/hax-cpus-interface.h
create mode 100644 target/i386/hvf/hvf-cpus-interface.c
create mode 100644 target/i386/hvf/hvf-cpus-interface.h
create mode 100644 target/i386/whpx-cpus-interface.c
create mode 100644 target/i386/whpx-cpus-interface.h
diff --git a/MAINTAINERS b/MAINTAINERS
index d8df7130ef..d86af5188f 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -426,6 +426,7 @@ WHPX CPUs
M: Sunil Muthuswamy
S: Supported
F: target/i386/whpx-all.c
+F: target/i386/whpx-cpus-interface.c
F: target/i386/whp-dispatch.h
F: accel/stubs/whpx-stub.c
F: include/sysemu/whpx.h
diff --git a/accel/kvm/Makefile.objs b/accel/kvm/Makefile.objs
index fdfa481578..4babbf7796 100644
--- a/accel/kvm/Makefile.objs
+++ b/accel/kvm/Makefile.objs
@@ -1,2 +1,4 @@
obj-y += kvm-all.o
+obj-y += kvm-cpus-interface.o
+
obj-$(call lnot,$(CONFIG_SEV)) += sev-stub.o
diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index d06cc04079..c9cbbb1184 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -45,6 +45,10 @@
#include "qapi/qapi-types-common.h"
#include "qapi/qapi-visit-common.h"
#include "sysemu/reset.h"
+#include "qemu/guest-random.h"
+
+#include "sysemu/hw_accel.h"
+#include "kvm-cpus-interface.h"
#include "hw/boards.h"
@@ -329,7 +333,7 @@ err:
return ret;
}
-int kvm_destroy_vcpu(CPUState *cpu)
+static int do_kvm_destroy_vcpu(CPUState *cpu)
{
KVMState *s = kvm_state;
long mmap_size;
@@ -363,6 +367,14 @@ err:
return ret;
}
+void kvm_destroy_vcpu(CPUState *cpu)
+{
+if (do_kvm_destroy_vcpu(cpu) < 0) {
+error_report("kvm_destroy_vcpu failed");
+exit(EXIT_FAILURE);
+}
+}
+
static int kvm_get_vcpu(KVMState *s, unsigned long vcpu_id)
{
struct KVMParkedVcpu *cpu;
@@ -2146,6 +2158,7 @@ static int kvm_init(MachineState *ms)
qemu_balloon_inhibit(true);
}
+cpus_register_accel_interface(&kvm_cpus_interface);
return 0;
err:
diff --git a/accel/kvm/kvm-cpus-interface.c b/accel/kvm/kvm-cpus-interface.c
new file mode 100644
index 00..fd3d117364
--- /dev/null
+++ b/accel/kvm/kvm-cpus-interface.c
@@ -0,0 +1,94 @@
+/*
+ * QEMU KVM support
+ *
+ * Copyright IBM, Corp. 2008
+ * Red Hat, Inc. 2008
+ *
+ * Authors:
+ * Anthony Liguori
+ * Glauber Costa
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/error-report.h"
+#include "qemu/main-loop.h"
+#include "sysemu/kvm_int.h"
+#include "sysemu/runstate.h"
+#include "sysemu/cpus.h"
+#include "qemu/guest-random.h"
+
+#include "kvm-cpus-interface.h"
+
+static void kvm_kick_vcpu_thread(CP
RE: Simplifying the Hexagon frontend
I made the change discussed below. > #ifdef fGEN_TCG_ > fGEN_TCG_(); > #else > gen_helper_(); > #endif In addition, here's a list of changes since I submitted v2 of the patch series - Use Laurent's gensyscall.sh script to generate linux-user/hexagon/syscall_nr.h - Handle mem_noshuf - Helper overrides for all store (and predicated store) instructions - Remove "RsV = RsV" per review feedback - Fix bug in GP relative addressing mode - Fix bugs in 64-bit add/sub with carry - Simplify include file structure - Fix vhist instructions - Add directed tests in /tests/tcg/hexagon - Change fWRAP_* macros to fGEN_TCG_* Are there other changes I should make before submitting v3 of the patch series? Much appreciated, Taylor > -Original Message- > From: Taylor Simpson > Sent: Monday, May 18, 2020 9:42 PM > To: Alessandro Di Federico ; qemu-devel@nongnu.org > Developers > Cc: Niccolò Izzo ; Brian Cain > Subject: RE: Simplifying the Hexagon frontend > > > > > -Original Message- > > From: Alessandro Di Federico > > Sent: Monday, May 18, 2020 4:15 PM > > To: qemu-devel@nongnu.org Developers > > Cc: Taylor Simpson ; Niccolò Izzo ; > > Brian Cain > > Subject: Simplifying the Hexagon frontend > > > > Hi, this e-mail is intended to bootstrap a public discussion on how to > > improve the Hexagon frontend implementation. At rev.ng, Niccolò and I, > > developed an Hexagon frontend, and we're (finally!) joining forces with > > the QuIC guys to merge our efforts (did you see our talk [1]?). > > > > The status is as follows: > > > > * QuIC has its own fully working implementation that has been submitted > > for review. > > * We're working to integrate in their implementation our mechanism to > > automatically generate code to generate tiny code. But this will take > > some more work. > > > > In the following, some initial considerations on how the latest > > patchset could be simplified. > > > > Here you can find a graph I've put together of the build process: > > > > https://rev.ng/downloads/qemu-hexagon/temporary/graph.svg > > https://rev.ng/downloads/qemu-hexagon/temporary/graph.dot > > > > Colors indicate language. > > Oval nodes are generated. > > Rectangles are hand-written. > > > > Taylor, I think some simplifications can be made to the process in order > > to ease the review process. > > > > * As far as I understand, from he "Source of Truth" set of files > > (`alu.idef`, `encode_pp.def`...), through `gen_semantics`, you > > generate `semantics_generated.pyinc`, which is then included by > > `do_qemu.py` script, which does the real job. > > > > I would suggest to keep `gen_semantics` and all its inputs > > out-of-tree. It increases complexity in a non-negligible way, while > > bringing a reduced benefit in terms of automation. > > I'm not a lawyer, but I believe the original sources are required to conform > to > the license. > > > > > I'd suggest replace `gen_semantics`'s output > > (`semantics_generated.pyinc`) with a human readable JSON file that > > could be manipulated by hand and is then parsed by `do_qemu.py`. I > > think JSON is more appropriate than generating executable python code > > that is then imported. > > I'm not married to python, but we need something that is executable. The > python code looks at the semantics of each instruction to determine the > number and types of the helper arguments. It also looks at some of the > attributes to decide if certain things are needed (e.g., FPOP_START) and it > scans the semantics (see need_part1 and need_ea_functions in > do_qemu.py). > > > > > * I suggest to switch to the decoding approach developed by Richard. > > That would simplify the build process and reduce the code that has to > > be reviewed. > > I'm not 100% of the effort required to do this, maybe Richard can > > weigh on this. > > > > I agree in principal, but I haven't looked into it. One thing to consider is > that > we'll need to reorder the instructions in a packet so that .new producer > instructions are ahead of the consumer. > > > * The current implementation can generate a helper function for each > > Hexagon instruction and, for a subset of instructions, it has an > > "override" mechanism to directly generate tiny code instructions > > corresponding to the semantics of the original instruction (i.e., > > without using helpers). > > > > This override mechanism is implemented with the `fWRAP` macros. They > > have benefits, but they are quite convoluted. We should strive to > > minimize the number of macros and alternative macro implementations > > to what's strictly necessary in order to generate as much code as we > > can from the "Source of Truth", but no more than that. > > > > I think the problem is that fWRAP is a pretty generic name and it serves > multiple purposes. I'll change it to a single purpose. Each instruction will > check for fGEN_TCG_. If this macro is defined, we won't create a >
[PATCH v4 11/11] accel/tcg: Add stub for probe_access()
From: Philippe Mathieu-Daudé
The TCG helpers where added in b92e5a22ec3 in softmmu_template.h.
probe_write() was added in there in 3b4afc9e75a to be moved out
to accel/tcg/cputlb.c in 3b08f0a9254, and was later refactored
as probe_access() in c25c283df0f.
Since it is a TCG specific helper, add a stub to avoid failures
when building without TCG, such:
target/arm/helper.o: In function `probe_read':
include/exec/exec-all.h:362: undefined reference to `probe_access'
Reviewed-by: Richard Henderson
Signed-off-by: Philippe Mathieu-Daudé
---
Cc: Richard Henderson
Cc: Emilio G. Cota
Cc: Alex Bennée
Cc: David Hildenbrand
---
accel/stubs/tcg-stub.c | 7 +++
1 file changed, 7 insertions(+)
diff --git a/accel/stubs/tcg-stub.c b/accel/stubs/tcg-stub.c
index 677191a69c..e4bbf997aa 100644
--- a/accel/stubs/tcg-stub.c
+++ b/accel/stubs/tcg-stub.c
@@ -22,3 +22,10 @@ void tb_flush(CPUState *cpu)
void tlb_set_dirty(CPUState *cpu, target_ulong vaddr)
{
}
+
+void *probe_access(CPUArchState *env, target_ulong addr, int size,
+ MMUAccessType access_type, int mmu_idx, uintptr_t retaddr)
+{
+ /* Handled by hardware accelerator. */
+ g_assert_not_reached();
+}
--
2.21.3
Re: [PATCH v4 03/11] MAINTAINERS: Add an entry for the HAX accelerator
On 5/22/20 6:37 PM, Philippe Mathieu-Daudé wrote: > Signed-off-by: Philippe Mathieu-Daudé > --- > Cc: Sergio Andres Gomez Del Real > Cc: Vincent Palatin > Cc: Yu Ning > Cc: Tao Wu > Cc: haxm-t...@intel.com > Cc: Colin Xu > Cc: Hang Yuan > Cc: David Chou FYI Hang Yuan and David Chou emails are bouncing. > Cc: Wenchao Wang > --- > MAINTAINERS | 6 ++ > 1 file changed, 6 insertions(+) > > diff --git a/MAINTAINERS b/MAINTAINERS > index f7ee0c77f1..0377978201 100644 > --- a/MAINTAINERS > +++ b/MAINTAINERS > @@ -426,6 +426,12 @@ F: accel/accel.c > F: accel/Makefile.objs > F: accel/stubs/Makefile.objs > > +HAX Accelerator > +S: Orphan This patch has been posted 4 times, first time more than 2 months ago: https://www.mail-archive.com/qemu-devel@nongnu.org/msg689009.html > +F: accel/stubs/hax-stub.c > +F: target/i386/hax-all.c > +F: include/sysemu/hax.h > + > X86 HVF CPUs > M: Roman Bolshakov > S: Maintained >
[PATCH v4 08/11] accel/Kconfig: Extract accel selectors into their own config
Move the accel selectors from the global Kconfig.host to their own Kconfig file. Reviewed-by: Richard Henderson Signed-off-by: Philippe Mathieu-Daudé --- Makefile | 1 + Kconfig.host | 7 --- accel/Kconfig | 6 ++ 3 files changed, 7 insertions(+), 7 deletions(-) create mode 100644 accel/Kconfig diff --git a/Makefile b/Makefile index 7666f81e8a..648757f79a 100644 --- a/Makefile +++ b/Makefile @@ -419,6 +419,7 @@ MINIKCONF_ARGS = \ CONFIG_PVRDMA=$(CONFIG_PVRDMA) MINIKCONF_INPUTS = $(SRC_PATH)/Kconfig.host \ + $(SRC_PATH)/accel/Kconfig \ $(SRC_PATH)/hw/Kconfig MINIKCONF_DEPS = $(MINIKCONF_INPUTS) \ $(wildcard $(SRC_PATH)/hw/*/Kconfig) diff --git a/Kconfig.host b/Kconfig.host index 55136e037d..a6d871c399 100644 --- a/Kconfig.host +++ b/Kconfig.host @@ -2,9 +2,6 @@ # down to Kconfig. See also MINIKCONF_ARGS in the Makefile: # these two need to be kept in sync. -config KVM -bool - config LINUX bool @@ -31,10 +28,6 @@ config VHOST_KERNEL bool select VHOST -config XEN -bool -select FSDEV_9P if VIRTFS - config VIRTFS bool diff --git a/accel/Kconfig b/accel/Kconfig new file mode 100644 index 00..c21802bb49 --- /dev/null +++ b/accel/Kconfig @@ -0,0 +1,6 @@ +config KVM +bool + +config XEN +bool +select FSDEV_9P if VIRTFS -- 2.21.3
[PATCH v4 10/11] Makefile: Allow target-specific optional Kconfig
Allow use of target-specific Kconfig file. Reviewed-by: Richard Henderson Signed-off-by: Philippe Mathieu-Daudé --- v3: Use base-arch() to include TARGET_BASE_ARCH/Kconfig --- Makefile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index f8a45e1379..d5009cd304 100644 --- a/Makefile +++ b/Makefile @@ -423,11 +423,13 @@ MINIKCONF_INPUTS = $(SRC_PATH)/Kconfig.host \ $(SRC_PATH)/accel/Kconfig \ $(SRC_PATH)/hw/Kconfig MINIKCONF_DEPS = $(MINIKCONF_INPUTS) \ - $(wildcard $(SRC_PATH)/hw/*/Kconfig) + $(wildcard $(SRC_PATH)/hw/*/Kconfig) \ + $(wildcard $(SRC_PATH)/target/*/Kconfig) MINIKCONF = $(PYTHON) $(SRC_PATH)/scripts/minikconf.py $(SUBDIR_DEVICES_MAK): %/config-devices.mak: default-configs/%.mak $(MINIKCONF_DEPS) $(BUILD_DIR)/config-host.mak $(call quiet-command, $(MINIKCONF) $(MINIKCONF_ARGS) \ + $(wildcard $(SRC_PATH)/target/$(call base-arch, $(firstword $(subst -, ,$@)))/Kconfig) \ > $@.tmp, "GEN", "$@.tmp") $(call quiet-command, if test -f $@; then \ if cmp -s $@.old $@; then \ -- 2.21.3
[PATCH v4 09/11] accel/Kconfig: Add the TCG selector
Expose the CONFIG_TCG selector to let minikconf.py uses it. When building with --disable-tcg build, this helps to deselect devices that are TCG-dependent. Reviewed-by: Richard Henderson Signed-off-by: Philippe Mathieu-Daudé --- Makefile | 1 + accel/Kconfig | 3 +++ 2 files changed, 4 insertions(+) diff --git a/Makefile b/Makefile index 648757f79a..f8a45e1379 100644 --- a/Makefile +++ b/Makefile @@ -405,6 +405,7 @@ endif MINIKCONF_ARGS = \ $(CONFIG_MINIKCONF_MODE) \ $@ $*/config-devices.mak.d $< $(MINIKCONF_INPUTS) \ +CONFIG_TCG=$(CONFIG_TCG) \ CONFIG_KVM=$(CONFIG_KVM) \ CONFIG_SPICE=$(CONFIG_SPICE) \ CONFIG_IVSHMEM=$(CONFIG_IVSHMEM) \ diff --git a/accel/Kconfig b/accel/Kconfig index c21802bb49..2ad94a3839 100644 --- a/accel/Kconfig +++ b/accel/Kconfig @@ -1,3 +1,6 @@ +config TCG +bool + config KVM bool -- 2.21.3
[PATCH v4 03/11] MAINTAINERS: Add an entry for the HAX accelerator
Signed-off-by: Philippe Mathieu-Daudé --- Cc: Sergio Andres Gomez Del Real Cc: Vincent Palatin Cc: Yu Ning Cc: Tao Wu Cc: haxm-t...@intel.com Cc: Colin Xu Cc: Hang Yuan Cc: David Chou Cc: Wenchao Wang --- MAINTAINERS | 6 ++ 1 file changed, 6 insertions(+) diff --git a/MAINTAINERS b/MAINTAINERS index f7ee0c77f1..0377978201 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -426,6 +426,12 @@ F: accel/accel.c F: accel/Makefile.objs F: accel/stubs/Makefile.objs +HAX Accelerator +S: Orphan +F: accel/stubs/hax-stub.c +F: target/i386/hax-all.c +F: include/sysemu/hax.h + X86 HVF CPUs M: Roman Bolshakov S: Maintained -- 2.21.3
[PATCH v4 05/11] rules.mak: Add base-arch() rule
Add a rule to return the base architecture for a QEMU target. The current list of TARGET_BASE_ARCH is: $ git grep TARGET_BASE_ARCH configure configure:7785:TARGET_BASE_ARCH="" configure:7795:TARGET_BASE_ARCH=i386 configure:7813:TARGET_BASE_ARCH=arm configure:7846:TARGET_BASE_ARCH=mips configure:7854:TARGET_BASE_ARCH=mips configure:7864:TARGET_BASE_ARCH=openrisc configure:7871:TARGET_BASE_ARCH=ppc configure:7879:TARGET_BASE_ARCH=ppc configure:7887:TARGET_BASE_ARCH=ppc configure:7894:TARGET_BASE_ARCH=riscv configure:7900:TARGET_BASE_ARCH=riscv configure:7920:TARGET_BASE_ARCH=sparc configure:7925:TARGET_BASE_ARCH=sparc The rule can be tested calling 'print-base-arch-$TARGET': $ make \ print-base-arch-openrisc \ print-base-arch-aarch64 \ print-base-arch-x86_64 \ print-base-arch-mips64el \ print-base-arch-ppc64 openrisc=openrisc aarch64=arm x86_64=i386 mips64el=mips ppc64=ppc Signed-off-by: Philippe Mathieu-Daudé --- v4: - use startwith() - fix openrisc (rth) --- rules.mak | 27 +++ 1 file changed, 27 insertions(+) diff --git a/rules.mak b/rules.mak index e39bee93d5..2ce527e885 100644 --- a/rules.mak +++ b/rules.mak @@ -445,3 +445,30 @@ atomic = $(eval $1: $(call sentinel,$1) ; @:) \ print-%: @echo '$*=$($*)' + +# base-arch +# Usage: $(call base-arch, target) +# +# @target: the target architecture. +# +# This macro will return the base architecture for a target. +# +# As example, $(call base-arch, aarch64) returns 'arm'. +base-arch = $(strip \ + $(if $(call startwith,mips,$1),mips,\ + $(if $(call startwith,ppc,$1),ppc,\ + $(if $(call startwith,sparc,$1),sparc,\ + $(if $(call startwith,risc,$1),risc,\ + $(if $(call startwith,aarch64,$1),arm,\ + $(if $(call startwith,x86_64,$1),i386,\ + $1\ + )\ +)\ + )\ +)\ + )\ +)\ + ) + +print-base-arch-%: + @echo '$*=$(call base-arch, $*)' -- 2.21.3
[PATCH v4 07/11] Makefile: Write MINIKCONF variables as one entry per line
Having one entry per line helps reviews/refactors. As we are going to modify the MINIKCONF variables, split them now to ease further review. Reviewed-by: Richard Henderson Signed-off-by: Philippe Mathieu-Daudé --- Makefile | 9 ++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 6c9d718b2c..7666f81e8a 100644 --- a/Makefile +++ b/Makefile @@ -418,12 +418,15 @@ MINIKCONF_ARGS = \ CONFIG_LINUX=$(CONFIG_LINUX) \ CONFIG_PVRDMA=$(CONFIG_PVRDMA) -MINIKCONF_INPUTS = $(SRC_PATH)/Kconfig.host $(SRC_PATH)/hw/Kconfig -MINIKCONF_DEPS = $(MINIKCONF_INPUTS) $(wildcard $(SRC_PATH)/hw/*/Kconfig) +MINIKCONF_INPUTS = $(SRC_PATH)/Kconfig.host \ + $(SRC_PATH)/hw/Kconfig +MINIKCONF_DEPS = $(MINIKCONF_INPUTS) \ + $(wildcard $(SRC_PATH)/hw/*/Kconfig) MINIKCONF = $(PYTHON) $(SRC_PATH)/scripts/minikconf.py $(SUBDIR_DEVICES_MAK): %/config-devices.mak: default-configs/%.mak $(MINIKCONF_DEPS) $(BUILD_DIR)/config-host.mak - $(call quiet-command, $(MINIKCONF) $(MINIKCONF_ARGS) > $@.tmp, "GEN", "$@.tmp") + $(call quiet-command, $(MINIKCONF) $(MINIKCONF_ARGS) \ + > $@.tmp, "GEN", "$@.tmp") $(call quiet-command, if test -f $@; then \ if cmp -s $@.old $@; then \ mv $@.tmp $@; \ -- 2.21.3
[PATCH v4 01/11] MAINTAINERS: Fix KVM path expansion glob
The KVM files has been moved from target-ARCH to the target/ARCH/
folder in commit fcf5ef2a. Fix the pathname expansion.
Fixes: fcf5ef2a ("Move target-* CPU file into a target/ folder")
Reviewed-by: Richard Henderson
Reviewed-by: Thomas Huth
Signed-off-by: Philippe Mathieu-Daudé
---
MAINTAINERS | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/MAINTAINERS b/MAINTAINERS
index 12edb66dac..00c1c1ed8b 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -361,7 +361,7 @@ Overall KVM CPUs
M: Paolo Bonzini
L: k...@vger.kernel.org
S: Supported
-F: */kvm.*
+F: */*/kvm*
F: accel/kvm/
F: accel/stubs/kvm-stub.c
F: include/hw/kvm/
--
2.21.3
[PATCH v4 02/11] MAINTAINERS: Add an 'overall' entry for accelerators
Reviewed-by: Richard Henderson Signed-off-by: Philippe Mathieu-Daudé --- Cc: Paolo Bonzini v2: Cover accel/accel.c & accel/Makefile.objs (thuth) --- MAINTAINERS | 11 +++ 1 file changed, 11 insertions(+) diff --git a/MAINTAINERS b/MAINTAINERS index 00c1c1ed8b..f7ee0c77f1 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -415,6 +415,17 @@ S: Supported F: target/i386/kvm.c F: scripts/kvm/vmxcap +Guest CPU Cores (other accelerators) + +Overall +M: Richard Henderson +R: Paolo Bonzini +S: Maintained +F: include/sysemu/accel.h +F: accel/accel.c +F: accel/Makefile.objs +F: accel/stubs/Makefile.objs + X86 HVF CPUs M: Roman Bolshakov S: Maintained -- 2.21.3
[PATCH v4 04/11] rules.mak: Add startwith() rule
Add a rule to test if a string starts with a substring. Signed-off-by: Philippe Mathieu-Daudé --- rules.mak | 7 +++ 1 file changed, 7 insertions(+) diff --git a/rules.mak b/rules.mak index 694865b63e..e39bee93d5 100644 --- a/rules.mak +++ b/rules.mak @@ -191,6 +191,13 @@ ne = $(if $(subst $2,,$1)$(subst $1,,$2),y,n) isempty = $(if $1,n,y) notempty = $(if $1,y,n) +# startwith +# Usage: $(call startwith, startstr, fullstr) +# +# This macro returns a string (TRUE) when @fullstr starts with +# @startstr, else returns the empty string (FALSE) +startwith = $(findstring :$(strip $1),:$(strip $2)) + # Generate files with tracetool TRACETOOL=$(PYTHON) $(SRC_PATH)/scripts/tracetool.py -- 2.21.3
[PATCH v4 00/11] accel: Allow targets to use Kconfig
Missing review: - patch #4 'rules.mak: Add startwith rule' - patch #5 'rules.mak: Add base-arch rule'. This series include generic patches I took of the KVM/ARM specific series which will follow. - List orphan accelerators in MAINTAINERS - Add accel/Kconfig - Allow targets to use their how Kconfig Since v3: - Fixed base-arch() rule (rth) - Dropped 'semihosting: Make the feature depend of TCG' Since v2: - Addressed Thomas review comments - Fixed problem when including TARGET instead of BASE_TARGET Since v1: https://www.mail-archive.com/qemu-devel@nongnu.org/msg689024.html - Drop HVF MAINTAINERS patch (merged elsewhere) - Kconfig-select SEMIHOSTING (bonzini) - Drop user-mode selection patches - consider m68k/nios2/xtensa/riscv (pm215) - reword Kconfig SEMIHOSTING description (pm215) - reset some of rth R-b tags Previous RFC for semihosting posted earlier: https://www.mail-archive.com/qemu-devel@nongnu.org/msg631218.html $ git backport-diff -u v3 -r v4 Key: [] : patches are identical [] : number of functional differences between upstream/downstream patch [down] : patch is downstream-only The flags [FC] indicate (F)unctional and (C)ontextual differences, respectively 001/11:[] [--] 'MAINTAINERS: Fix KVM path expansion glob' 002/11:[] [--] 'MAINTAINERS: Add an 'overall' entry for accelerators' 003/11:[] [--] 'MAINTAINERS: Add an entry for the HAX accelerator' 004/11:[down] 'rules.mak: Add startwith() rule' 005/11:[0025] [FC] 'rules.mak: Add base-arch() rule' 006/11:[] [--] 'Makefile: Remove dangerous EOL trailing backslash' 007/11:[] [--] 'Makefile: Write MINIKCONF variables as one entry per line' 008/11:[] [--] 'accel/Kconfig: Extract accel selectors into their own config' 009/11:[] [--] 'accel/Kconfig: Add the TCG selector' 010/11:[] [--] 'Makefile: Allow target-specific optional Kconfig' 011/11:[] [--] 'accel/tcg: Add stub for probe_access()' Supersedes: <20200521195911.19685-1-phi...@redhat.com> Philippe Mathieu-Daudé (11): MAINTAINERS: Fix KVM path expansion glob MAINTAINERS: Add an 'overall' entry for accelerators MAINTAINERS: Add an entry for the HAX accelerator rules.mak: Add startwith() rule rules.mak: Add base-arch() rule Makefile: Remove dangerous EOL trailing backslash Makefile: Write MINIKCONF variables as one entry per line accel/Kconfig: Extract accel selectors into their own config accel/Kconfig: Add the TCG selector Makefile: Allow target-specific optional Kconfig accel/tcg: Add stub for probe_access() Makefile | 15 +++ rules.mak | 34 ++ accel/stubs/tcg-stub.c | 7 +++ Kconfig.host | 7 --- MAINTAINERS| 19 ++- accel/Kconfig | 9 + 6 files changed, 79 insertions(+), 12 deletions(-) create mode 100644 accel/Kconfig -- 2.21.3
[PATCH v4 06/11] Makefile: Remove dangerous EOL trailing backslash
One might get caught trying to understand unexpected Makefile behavior. Trailing backslash can help to split very long lines, but are rather dangerous when nothing follow. Preserve other developers debugging time by removing this one. Reviewed-by: Thomas Huth Reviewed-by: Alistair Francis Signed-off-by: Philippe Mathieu-Daudé --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 40e4f7677b..6c9d718b2c 100644 --- a/Makefile +++ b/Makefile @@ -420,7 +420,7 @@ MINIKCONF_ARGS = \ MINIKCONF_INPUTS = $(SRC_PATH)/Kconfig.host $(SRC_PATH)/hw/Kconfig MINIKCONF_DEPS = $(MINIKCONF_INPUTS) $(wildcard $(SRC_PATH)/hw/*/Kconfig) -MINIKCONF = $(PYTHON) $(SRC_PATH)/scripts/minikconf.py \ +MINIKCONF = $(PYTHON) $(SRC_PATH)/scripts/minikconf.py $(SUBDIR_DEVICES_MAK): %/config-devices.mak: default-configs/%.mak $(MINIKCONF_DEPS) $(BUILD_DIR)/config-host.mak $(call quiet-command, $(MINIKCONF) $(MINIKCONF_ARGS) > $@.tmp, "GEN", "$@.tmp") -- 2.21.3
Re: [PATCH v7 12/12] tests/vm: Add workaround to consume console
Robert Foley writes:
I think you need to look at adding:
[sendemail]
cccmd = scripts/get_maintainer.pl --nogit-fallback
to your .git/config to ensure maintainers get pinged when you touch
their subsystems. Eduardo and Cleber CC'd
> The ConsoleSocket object provides a socket interface
> which will consume all arriving characters on the
> socket, but will provide those chars via recv() as
> would a regular socket.
> This is a workaround we found was needed since
> there is a known issue where QEMU will hang waiting
> for console characters to be consumed.
> We also add the option of logging the console to a file.
>
> Signed-off-by: Robert Foley
> Reviewed-by: Peter Puhov
> ---
> python/qemu/console_socket.py | 162 ++
> python/qemu/machine.py| 23 -
> tests/vm/Makefile.include | 4 +
> tests/vm/basevm.py| 19 +++-
> 4 files changed, 202 insertions(+), 6 deletions(-)
> create mode 100644 python/qemu/console_socket.py
>
> diff --git a/python/qemu/console_socket.py b/python/qemu/console_socket.py
> new file mode 100644
> index 00..a1f74e60ac
> --- /dev/null
> +++ b/python/qemu/console_socket.py
> @@ -0,0 +1,162 @@
> +#!/usr/bin/env python3
> +#
> +# This python module implements a ConsoleSocket object which is
> +# designed always drain the socket itself, and place
> +# the bytes into a in memory buffer for later processing.
> +#
> +# Optionally a file path can be passed in and we will also
> +# dump the characters to this file for debug.
> +#
> +# Copyright 2020 Linaro
> +#
> +# Authors:
> +# Robert Foley
> +#
> +# This code is licensed under the GPL version 2 or later. See
> +# the COPYING file in the top-level directory.
> +#
> +import asyncore
> +import socket
> +import threading
> +import io
> +import os
> +import sys
> +from collections import deque
> +import time
> +import traceback
Left over debug?
> +
> +class ConsoleSocket(asyncore.dispatcher):
> +
> +def __init__(self, address, file=None):
> +self._recv_timeout_sec = 300
> +self._buffer = deque()
> +self._asyncore_thread = None
> +self._sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
> +self._sock.connect(address)
> +self._logfile = None
> +if file:
> +self._logfile = open(file, "w")
> +asyncore.dispatcher.__init__(self, sock=self._sock)
> +self._thread_start()
> +self._open = True
> +
> +def _thread_start(self):
> +"""Kick off a thread to wait on the asyncore.loop"""
> +if self._asyncore_thread is not None:
> +return
> +self._asyncore_thread = threading.Thread(target=asyncore.loop,
> + kwargs={'timeout':1})
> +self._asyncore_thread.daemon = True
> +self._asyncore_thread.start()
> +
> +def handle_close(self):
> +"""redirect close to base class"""
> +# Call the base class close, but not self.close() since
> +# handle_close() occurs in the context of the thread which
> +# self.close() attempts to join.
> +asyncore.dispatcher.close(self)
> +
> +def close(self):
> +"""Close the base object and wait for the thread to terminate"""
> +if self._open:
> +self._open = False
> +asyncore.dispatcher.close(self)
> +if self._asyncore_thread is not None:
> +thread, self._asyncore_thread = self._asyncore_thread, None
> +thread.join()
> +if self._logfile:
> +self._logfile.close()
> +self._logfile = None
> +
> +def handle_read(self):
> +"""process arriving characters into in memory _buffer"""
> +try:
> +data = asyncore.dispatcher.recv(self, 1)
> +# latin1 is needed since there are some chars
> +# we are receiving that cannot be encoded to utf-8
> +# such as 0xe2, 0x80, 0xA6.
> +string = data.decode("latin1")
> +except:
> +print("Exception seen.")
> +traceback.print_exc()
> +return
> +if self._logfile:
> +self._logfile.write("{}".format(string))
> +self._logfile.flush()
> +for c in string:
> +self._buffer.append(c)
> +
> +def recv(self, n=1):
> +"""Return chars from in memory buffer"""
> +start_time = time.time()
> +while len(self._buffer) < n:
> +time.sleep(0.1)
> +elapsed_sec = time.time() - start_time
> +if elapsed_sec > self._recv_timeout_sec:
> +raise socket.timeout
> +chars = ''.join([self._buffer.popleft() for i in range(n)])
> +# We choose to use latin1 to remain consistent with
> +# handle_read() and give back the same data as the user would
> +# receive if they were reading directly from the
> +#
[PATCH 18/19] target/arm: Fix tsan warning in cpu.c
For example: WARNING: ThreadSanitizer: data race (pid=11134) Atomic write of size 4 at 0x7bbce0ac by main thread (mutexes: write M875): #0 __tsan_atomic32_store (qemu-system-aarch64+0x394d84) #1 cpu_reset_interrupt hw/core/cpu.c:107:5 (qemu-system-aarch64+0x842f90) #2 arm_cpu_set_irq target/arm/cpu.c (qemu-system-aarch64+0x615a55) Previous read of size 4 at 0x7bbce0ac by thread T7: #0 arm_cpu_has_work target/arm/cpu.c:78:16 (qemu-system-aarch64+0x6178ba) #1 cpu_has_work include/hw/core/cpu.h:700:12 (qemu-system-aarch64+0x68be2e) Cc: Peter Maydell Cc: Richard Henderson Signed-off-by: Robert Foley --- target/arm/cpu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/arm/cpu.c b/target/arm/cpu.c index 32bec156f2..cdb90582ee 100644 --- a/target/arm/cpu.c +++ b/target/arm/cpu.c @@ -75,7 +75,7 @@ static bool arm_cpu_has_work(CPUState *cs) ARMCPU *cpu = ARM_CPU(cs); return (cpu->power_state != PSCI_OFF) -&& cs->interrupt_request & +&& atomic_read(&cs->interrupt_request) & (CPU_INTERRUPT_FIQ | CPU_INTERRUPT_HARD | CPU_INTERRUPT_VFIQ | CPU_INTERRUPT_VIRQ | CPU_INTERRUPT_EXITTB); -- 2.17.1
[PATCH v3 3/3] block: generate coroutine-wrapper code
We have a very frequent pattern of creating coroutine from function
with several arguments:
- create structure to pack parameters
- create _entry function to call original function taking parameters
from struct
- do different magic to handle completion: set ret to NOT_DONE or
EINPROGRESS, use separate bool for void functions
- fill the struct and create coroutine from _entry function and this
struct as a parameter
- do coroutine enter and BDRV_POLL_WHILE loop
Let's reduce code duplication. Here:
Functional part (BDRV_POLL_WHILE loop, aio_wait_kick()) moved to
(non-generated) block/block-gen.h
Mechanical part (arguments packing, different kind of needed wrappers)
are generated from template by scripts/coroutine-wrapper.py to
resulting file block/block-gen.c
Signed-off-by: Vladimir Sementsov-Ogievskiy
---
Makefile | 6 +
block/block-gen.h| 30
block/coroutines.h | 7 +-
include/block/block.h| 17 +-
include/block/generated-co-wrapper.h | 11 ++
block.c | 70
block/io.c | 260 ---
block/Makefile.objs | 1 +
scripts/coroutine-wrapper.py | 169 +
9 files changed, 232 insertions(+), 339 deletions(-)
create mode 100644 block/block-gen.h
create mode 100644 include/block/generated-co-wrapper.h
create mode 100755 scripts/coroutine-wrapper.py
diff --git a/Makefile b/Makefile
index 40e4f7677b..67b1c7852f 100644
--- a/Makefile
+++ b/Makefile
@@ -159,6 +159,8 @@ generated-files-$(CONFIG_TRACE_UST) += trace-ust-all.c
generated-files-y += module_block.h
+GENERATED_FILES += block/block-gen.c
+
TRACE_HEADERS = trace-root.h $(trace-events-subdirs:%=%/trace.h)
TRACE_SOURCES = trace-root.c $(trace-events-subdirs:%=%/trace.c)
TRACE_DTRACE =
@@ -175,6 +177,10 @@ generated-files-y += $(TRACE_SOURCES)
generated-files-y += $(BUILD_DIR)/trace-events-all
generated-files-y += .git-submodule-status
+COROUTINE_HEADERS = include/block/block.h block/coroutines.h
+block/block-gen.c: $(COROUTINE_HEADERS)
$(SRC_PATH)/scripts/coroutine-wrapper.py
+ $(call quiet-command, cat $(COROUTINE_HEADERS) |
$(SRC_PATH)/scripts/coroutine-wrapper.py > $@,"GEN","$(TARGET_DIR)$@")
+
trace-group-name = $(shell dirname $1 | sed -e 's/[^a-zA-Z0-9]/_/g')
tracetool-y = $(SRC_PATH)/scripts/tracetool.py
diff --git a/block/block-gen.h b/block/block-gen.h
new file mode 100644
index 00..79762cdda9
--- /dev/null
+++ b/block/block-gen.h
@@ -0,0 +1,30 @@
+#ifndef BLOCK_BLOCK_GEN_H
+#define BLOCK_BLOCK_GEN_H
+
+#include "block/block_int.h"
+
+/* This function is called at the end of generated coroutine entries. */
+static inline void bdrv_poll_co__on_exit(void)
+{
+aio_wait_kick();
+}
+
+/* Base structure for argument packing structures */
+typedef struct BdrvPollCo {
+BlockDriverState *bs;
+bool in_progress;
+int ret;
+Coroutine *co; /* Keep pointer here for debugging */
+} BdrvPollCo;
+
+static inline int bdrv_poll_co(BdrvPollCo *s)
+{
+assert(!qemu_in_coroutine());
+
+bdrv_coroutine_enter(s->bs, s->co);
+BDRV_POLL_WHILE(s->bs, s->in_progress);
+
+return s->ret;
+}
+
+#endif /* BLOCK_BLOCK_GEN_H */
diff --git a/block/coroutines.h b/block/coroutines.h
index 23ea6fd5b3..6eb32ac387 100644
--- a/block/coroutines.h
+++ b/block/coroutines.h
@@ -2,6 +2,7 @@
#define BLOCK_COROUTINES_INT_H
#include "block/block_int.h"
+#include "block/generated-co-wrapper.h"
int coroutine_fn bdrv_co_check(BlockDriverState *bs,
BdrvCheckResult *res, BdrvCheckMode fix);
@@ -10,7 +11,7 @@ void coroutine_fn bdrv_co_invalidate_cache(BlockDriverState
*bs, Error **errp);
int coroutine_fn
bdrv_co_prwv(BdrvChild *child, int64_t offset, QEMUIOVector *qiov,
bool is_write, BdrvRequestFlags flags);
-int
+int generated_co_wrapper
bdrv_prwv(BdrvChild *child, int64_t offset, QEMUIOVector *qiov,
bool is_write, BdrvRequestFlags flags);
@@ -23,7 +24,7 @@ bdrv_co_common_block_status_above(BlockDriverState *bs,
int64_t *pnum,
int64_t *map,
BlockDriverState **file);
-int
+int generated_co_wrapper
bdrv_common_block_status_above(BlockDriverState *bs,
BlockDriverState *base,
bool want_zero,
@@ -36,7 +37,7 @@ bdrv_common_block_status_above(BlockDriverState *bs,
int coroutine_fn
bdrv_co_rw_vmstate(BlockDriverState *bs, QEMUIOVector *qiov, int64_t pos,
bool is_read);
-int
+int generated_co_wrapper
bdrv_rw_vmstate(BlockDriverState *bs, QEMUIOVector *qiov, int64_t pos,
bool is_read);
diff --git a/include/block/block.h b/include/block/block.h
index 25e299605e..aed6ffcc4f 100644
--- a/include/block/block.h
+++ b/include/block/bl
[PATCH 19/19] docs: Added details on TSan to testing.rst
This includes details on how to build and test with TSan both inside a docker and outside. Signed-off-by: Robert Foley --- docs/devel/testing.rst | 72 ++ 1 file changed, 72 insertions(+) diff --git a/docs/devel/testing.rst b/docs/devel/testing.rst index 770a987ea4..5b0a828068 100644 --- a/docs/devel/testing.rst +++ b/docs/devel/testing.rst @@ -397,6 +397,78 @@ list is in the ``make docker`` help text. The frequently used ones are: * ``DEBUG=1``: enables debug. See the previous "Debugging a Docker test failure" section. +Thread Sanitizer + +TSan is currently supported in the ubuntu2004 docker. + +Just add the TSAN=1 argument to use TSan + +.. code:: + + make docker-test-build@ubuntu2004 TSAN=1 + +or + +.. code:: + + make docker-test-quick@ubuntu2004 TSAN=1 + +The runtime behavior or TSAN is controlled by the TSAN_OPTIONS environment +variable. We set this variable automatically to for example, maximize +the number of warnings TSan can find and also to specify the location of +the files with TSan warnings. + +TSan warnings are placed in files located at build/tsan/. + +We recommend using DEBUG=1 to allow launching the test from inside the docker, +and to allow review of the warnings generated by TSan. +A few important files to note are: + +tests/tsan/suppressions.tsan - Has TSan warnings we wish to suppress at runtime. +In some cases we choose to put suppressions here since the resolution is +slightly finer than the blacklist, since we can disable by warning type. + +tests/tsan/blacklist.tsan - Has TSan warnings we wish to disable +at compile time. + +include/qemu/tsan.h - Defines various annotations which can also be used +to give TSan more information some example uses are to allow suppressing +TSan warnings, or annotating thread names so they show up properly in +the TSan warnings. + +TSan without docker +--- + +It is possible to build and test with TSan outside of a docker, but with a +few additional steps required. +These steps are normally done automatically in the docker. + +First, to configure the build for TSan: + +.. code:: + + ../configure --enable-tsan --cc=clang-10 --cxx=clang++-10 \ + --disable-werror --extra-cflags="-O0" + +There is also a one time patch needed in clang-9 or clang-10: + +.. code:: + + sed -i 's/^const/static const/g' \ + /usr/lib/llvm-10/lib/clang/10.0.0/include/sanitizer/tsan_interface.h + +When running tests, the TSAN_OPTIONS environment variable needs to be set. + +.. code:: + + export TSAN_OPTIONS=suppressions=/tests/tsan/suppressions.tsan \ + detect_deadlocks=false history_size=7 exitcode=0 \ + log_path=/tsan/tsan_warnings.txt + +The above exitcode makes TSan continue without error if any warnings are found. +This allows for running the test and then checking the warnings afterwards. +If you want TSan to stop and exit with error on warnings, use exitcode=66. + VM testing == -- 2.17.1
[PATCH 17/19] util: Added tsan annotate for thread name.
This allows us to see the name of the thread in tsan warning reports such as this: Thread T7 'CPU 1/TCG' (tid=24317, running) created by main thread at: Signed-off-by: Robert Foley --- util/qemu-thread-posix.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/util/qemu-thread-posix.c b/util/qemu-thread-posix.c index 838980aaa5..dcbc82d80f 100644 --- a/util/qemu-thread-posix.c +++ b/util/qemu-thread-posix.c @@ -15,6 +15,7 @@ #include "qemu/atomic.h" #include "qemu/notify.h" #include "qemu-thread-common.h" +#include "qemu/tsan.h" static bool name_threads; @@ -513,6 +514,7 @@ static void *qemu_thread_start(void *args) # endif } #endif +TSAN_ANNOTATE_THREAD_NAME(qemu_thread_args->name); g_free(qemu_thread_args->name); g_free(qemu_thread_args); pthread_cleanup_push(qemu_thread_atexit_notify, NULL); -- 2.17.1
[PATCH v3 2/3] block: declare some coroutine functions in block/coroutines.h
We are going to keep coroutine-wrappers code (structure-packing
parameters, BDRV_POLL wrapper functions) in a separate auto-generated
files. So, we'll need a header with declaration of original _co_
functions, for those which are static now. As well, we'll need
declarations for wrapper functions. Do these declarations now, as a
preparation step.
Signed-off-by: Vladimir Sementsov-Ogievskiy
---
block/coroutines.h | 43 +++
block.c| 8
block/io.c | 34 +-
3 files changed, 64 insertions(+), 21 deletions(-)
create mode 100644 block/coroutines.h
diff --git a/block/coroutines.h b/block/coroutines.h
new file mode 100644
index 00..23ea6fd5b3
--- /dev/null
+++ b/block/coroutines.h
@@ -0,0 +1,43 @@
+#ifndef BLOCK_COROUTINES_INT_H
+#define BLOCK_COROUTINES_INT_H
+
+#include "block/block_int.h"
+
+int coroutine_fn bdrv_co_check(BlockDriverState *bs,
+ BdrvCheckResult *res, BdrvCheckMode fix);
+void coroutine_fn bdrv_co_invalidate_cache(BlockDriverState *bs, Error **errp);
+
+int coroutine_fn
+bdrv_co_prwv(BdrvChild *child, int64_t offset, QEMUIOVector *qiov,
+ bool is_write, BdrvRequestFlags flags);
+int
+bdrv_prwv(BdrvChild *child, int64_t offset, QEMUIOVector *qiov,
+ bool is_write, BdrvRequestFlags flags);
+
+int coroutine_fn
+bdrv_co_common_block_status_above(BlockDriverState *bs,
+ BlockDriverState *base,
+ bool want_zero,
+ int64_t offset,
+ int64_t bytes,
+ int64_t *pnum,
+ int64_t *map,
+ BlockDriverState **file);
+int
+bdrv_common_block_status_above(BlockDriverState *bs,
+ BlockDriverState *base,
+ bool want_zero,
+ int64_t offset,
+ int64_t bytes,
+ int64_t *pnum,
+ int64_t *map,
+ BlockDriverState **file);
+
+int coroutine_fn
+bdrv_co_rw_vmstate(BlockDriverState *bs, QEMUIOVector *qiov, int64_t pos,
+ bool is_read);
+int
+bdrv_rw_vmstate(BlockDriverState *bs, QEMUIOVector *qiov, int64_t pos,
+bool is_read);
+
+#endif /* BLOCK_COROUTINES_INT_H */
diff --git a/block.c b/block.c
index 8416376c9b..7f06e82880 100644
--- a/block.c
+++ b/block.c
@@ -48,6 +48,7 @@
#include "qemu/timer.h"
#include "qemu/cutils.h"
#include "qemu/id.h"
+#include "block/coroutines.h"
#ifdef CONFIG_BSD
#include
@@ -4625,8 +4626,8 @@ static void bdrv_delete(BlockDriverState *bs)
* free of errors) or -errno when an internal error occurred. The results of
the
* check are stored in res.
*/
-static int coroutine_fn bdrv_co_check(BlockDriverState *bs,
- BdrvCheckResult *res, BdrvCheckMode fix)
+int coroutine_fn bdrv_co_check(BlockDriverState *bs,
+ BdrvCheckResult *res, BdrvCheckMode fix)
{
if (bs->drv == NULL) {
return -ENOMEDIUM;
@@ -5643,8 +5644,7 @@ void bdrv_init_with_whitelist(void)
bdrv_init();
}
-static void coroutine_fn bdrv_co_invalidate_cache(BlockDriverState *bs,
- Error **errp)
+void coroutine_fn bdrv_co_invalidate_cache(BlockDriverState *bs, Error **errp)
{
BdrvChild *child, *parent;
uint64_t perm, shared_perm;
diff --git a/block/io.c b/block/io.c
index bd00a70b47..f5b6ce3bf6 100644
--- a/block/io.c
+++ b/block/io.c
@@ -29,6 +29,7 @@
#include "block/blockjob.h"
#include "block/blockjob_int.h"
#include "block/block_int.h"
+#include "block/coroutines.h"
#include "qemu/cutils.h"
#include "qapi/error.h"
#include "qemu/error-report.h"
@@ -900,9 +901,9 @@ typedef struct RwCo {
BdrvRequestFlags flags;
} RwCo;
-static int coroutine_fn bdrv_co_prwv(BdrvChild *child, int64_t offset,
- QEMUIOVector *qiov, bool is_write,
- BdrvRequestFlags flags)
+int coroutine_fn bdrv_co_prwv(BdrvChild *child, int64_t offset,
+ QEMUIOVector *qiov, bool is_write,
+ BdrvRequestFlags flags)
{
if (is_write) {
return bdrv_co_pwritev(child, offset, qiov->size, qiov, flags);
@@ -923,9 +924,9 @@ static void coroutine_fn bdrv_rw_co_entry(void *opaque)
/*
* Process a vectored synchronous request using coroutines
*/
-static int bdrv_prwv(BdrvChild *child, int64_t offset,
- QEMUIOVector *qiov, bool is_write,
- BdrvRequestFlags flags)
+int bdrv_prwv(BdrvChild *child, int64_t offset,
+ QEMUIOVector *qiov, bool is_write,
+ BdrvRequestFlags flags)
{
C
[PATCH v3 1/3] block/io: refactor coroutine wrappers
Most of coroutine wrappers already follow this notation:
We have coroutine_fn bdrv_co_(), which
is the core functions, and wrapper, which does polling loope is called
bdrv_().
The only outsiders are bdrv_prwv_co and bdrv_common_block_status_above
wrappers. Let's refactor the to behave as the others, it simplifies
further conversion of coroutine wrappers.
Signed-off-by: Vladimir Sementsov-Ogievskiy
---
block/io.c | 61 +-
1 file changed, 33 insertions(+), 28 deletions(-)
diff --git a/block/io.c b/block/io.c
index 121ce17a49..bd00a70b47 100644
--- a/block/io.c
+++ b/block/io.c
@@ -900,28 +900,32 @@ typedef struct RwCo {
BdrvRequestFlags flags;
} RwCo;
+static int coroutine_fn bdrv_co_prwv(BdrvChild *child, int64_t offset,
+ QEMUIOVector *qiov, bool is_write,
+ BdrvRequestFlags flags)
+{
+if (is_write) {
+return bdrv_co_pwritev(child, offset, qiov->size, qiov, flags);
+} else {
+return bdrv_co_preadv(child, offset, qiov->size, qiov, flags);
+}
+}
+
static void coroutine_fn bdrv_rw_co_entry(void *opaque)
{
RwCo *rwco = opaque;
-if (!rwco->is_write) {
-rwco->ret = bdrv_co_preadv(rwco->child, rwco->offset,
- rwco->qiov->size, rwco->qiov,
- rwco->flags);
-} else {
-rwco->ret = bdrv_co_pwritev(rwco->child, rwco->offset,
-rwco->qiov->size, rwco->qiov,
-rwco->flags);
-}
+rwco->ret = bdrv_co_prwv(rwco->child, rwco->offset, rwco->qiov,
+ rwco->is_write, rwco->flags);
aio_wait_kick();
}
/*
* Process a vectored synchronous request using coroutines
*/
-static int bdrv_prwv_co(BdrvChild *child, int64_t offset,
-QEMUIOVector *qiov, bool is_write,
-BdrvRequestFlags flags)
+static int bdrv_prwv(BdrvChild *child, int64_t offset,
+ QEMUIOVector *qiov, bool is_write,
+ BdrvRequestFlags flags)
{
Coroutine *co;
RwCo rwco = {
@@ -949,8 +953,7 @@ int bdrv_pwrite_zeroes(BdrvChild *child, int64_t offset,
{
QEMUIOVector qiov = QEMU_IOVEC_INIT_BUF(qiov, NULL, bytes);
-return bdrv_prwv_co(child, offset, &qiov, true,
-BDRV_REQ_ZERO_WRITE | flags);
+return bdrv_prwv(child, offset, &qiov, true, BDRV_REQ_ZERO_WRITE | flags);
}
/*
@@ -999,7 +1002,7 @@ int bdrv_preadv(BdrvChild *child, int64_t offset,
QEMUIOVector *qiov)
{
int ret;
-ret = bdrv_prwv_co(child, offset, qiov, false, 0);
+ret = bdrv_prwv(child, offset, qiov, false, 0);
if (ret < 0) {
return ret;
}
@@ -1023,7 +1026,7 @@ int bdrv_pwritev(BdrvChild *child, int64_t offset,
QEMUIOVector *qiov)
{
int ret;
-ret = bdrv_prwv_co(child, offset, qiov, true, 0);
+ret = bdrv_prwv(child, offset, qiov, true, 0);
if (ret < 0) {
return ret;
}
@@ -2443,14 +2446,15 @@ early_out:
return ret;
}
-static int coroutine_fn bdrv_co_block_status_above(BlockDriverState *bs,
- BlockDriverState *base,
- bool want_zero,
- int64_t offset,
- int64_t bytes,
- int64_t *pnum,
- int64_t *map,
- BlockDriverState **file)
+static int coroutine_fn
+bdrv_co_common_block_status_above(BlockDriverState *bs,
+ BlockDriverState *base,
+ bool want_zero,
+ int64_t offset,
+ int64_t bytes,
+ int64_t *pnum,
+ int64_t *map,
+ BlockDriverState **file)
{
BlockDriverState *p;
int ret = 0;
@@ -2488,10 +2492,11 @@ static void coroutine_fn
bdrv_block_status_above_co_entry(void *opaque)
{
BdrvCoBlockStatusData *data = opaque;
-data->ret = bdrv_co_block_status_above(data->bs, data->base,
- data->want_zero,
- data->offset, data->bytes,
- data->pnum, data->map, data->file);
+data->ret = bdrv_co_common_block_status_above(data->bs, data->base,
+ data->want_zero,
+ data->offset, data->bytes,
+ data->pnum, data->map,
+ data->file);
[PATCH 15/19] qht: Fix tsan warnings.
For example:
WARNING: ThreadSanitizer: data race (pid=23406)
Atomic read of size 4 at 0x7b13e3c8 by thread T7:
#0 __tsan_atomic32_load (qemu-system-aarch64+0x39a36c)
#1 qht_do_lookup util/qht.c:495:17 (qemu-system-aarch64+0xd82f7a)
#2 qht_lookup_custom util/qht.c:539:11 (qemu-system-aarch64+0xd82f7a)
Previous write of size 8 at 0x7b13e3c8 by thread T6 (mutexes: write
M166769147697783108, write M995435858420506688):
#0 posix_memalign (qemu-system-aarch64+0x350dd1)
#1 qemu_try_memalign util/oslib-posix.c:189:11
(qemu-system-aarch64+0xd59317)
#2 qemu_memalign util/oslib-posix.c:205:27 (qemu-system-aarch64+0xd5943e)
#3 qht_insert__locked util/qht.c:583:9 (qemu-system-aarch64+0xd837c5)
Signed-off-by: Robert Foley
---
util/qht.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/util/qht.c b/util/qht.c
index 67e5d5b916..739a53ced0 100644
--- a/util/qht.c
+++ b/util/qht.c
@@ -69,6 +69,7 @@
#include "qemu/qht.h"
#include "qemu/atomic.h"
#include "qemu/rcu.h"
+#include "qemu/tsan.h"
//#define QHT_DEBUG
@@ -580,10 +581,12 @@ static void *qht_insert__locked(const struct qht *ht,
struct qht_map *map,
b = b->next;
} while (b);
+TSAN_ANNOTATE_IGNORE_WRITES_BEGIN();
b = qemu_memalign(QHT_BUCKET_ALIGN, sizeof(*b));
memset(b, 0, sizeof(*b));
new = b;
i = 0;
+TSAN_ANNOTATE_IGNORE_WRITES_END();
atomic_inc(&map->n_added_buckets);
if (unlikely(qht_map_needs_resize(map)) && needs_resize) {
*needs_resize = true;
--
2.17.1
[PATCH 05/19] qht: call qemu_spin_destroy for head buckets
From: "Emilio G. Cota"
Signed-off-by: Robert Foley
---
util/qht.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/util/qht.c b/util/qht.c
index aa51be3c52..67e5d5b916 100644
--- a/util/qht.c
+++ b/util/qht.c
@@ -348,6 +348,7 @@ static inline void qht_chain_destroy(const struct
qht_bucket *head)
struct qht_bucket *curr = head->next;
struct qht_bucket *prev;
+qemu_spin_destroy(&head->lock);
while (curr) {
prev = curr;
curr = curr->next;
--
2.17.1
[PATCH v3 0/3] coroutines: generate wrapper code
Hi all! After a long delay (~year) here is a v3. The aim of the series is to reduce code-duplication and writing parameters structure-packing by hand around coroutine function wrappers. It's an alternative to "[PATCH v3] block: Factor out bdrv_run_co()" patch. Benefits: - no code duplication - less indirection Vladimir Sementsov-Ogievskiy (3): block/io: refactor coroutine wrappers block: declare some coroutine functions in block/coroutines.h block: generate coroutine-wrapper code Makefile | 6 + block/block-gen.h| 30 +++ block/coroutines.h | 44 include/block/block.h| 17 +- include/block/generated-co-wrapper.h | 11 + block.c | 78 +-- block/io.c | 295 ++- block/Makefile.objs | 1 + scripts/coroutine-wrapper.py | 169 +++ 9 files changed, 296 insertions(+), 355 deletions(-) create mode 100644 block/block-gen.h create mode 100644 block/coroutines.h create mode 100644 include/block/generated-co-wrapper.h create mode 100755 scripts/coroutine-wrapper.py -- 2.21.0
[PATCH 12/19] configure: added tsan support for blacklist.
Initially put several files into blacklist that were causing the most problems, namely bitops.c and bitmap.c. Signed-off-by: Robert Foley --- configure | 3 ++- tests/tsan/blacklist.tsan | 5 + 2 files changed, 7 insertions(+), 1 deletion(-) create mode 100644 tests/tsan/blacklist.tsan diff --git a/configure b/configure index c95c54fb48..8a86a0638d 100755 --- a/configure +++ b/configure @@ -6306,7 +6306,8 @@ if test "$have_asan" = "yes"; then fi if test "$have_tsan" = "yes" ; then if test "$have_tsan_iface_fiber" = "yes" ; then -QEMU_CFLAGS="-fsanitize=thread $QEMU_CFLAGS" +QEMU_CFLAGS="-fsanitize=thread -fsanitize-blacklist="\ + "\$(SRC_PATH)/tests/tsan/blacklist.tsan $QEMU_CFLAGS" QEMU_LDFLAGS="-fsanitize=thread $QEMU_LDFLAGS" else echo "Cannot enable TSAN due to missing fiber annotation interface." diff --git a/tests/tsan/blacklist.tsan b/tests/tsan/blacklist.tsan new file mode 100644 index 00..67dd809e96 --- /dev/null +++ b/tests/tsan/blacklist.tsan @@ -0,0 +1,5 @@ +# TSan is not happy about setting/getting of dirty bits, +# for example, cpu_physical_memory_set_dirty_range, +# and cpu_physical_memory_get_dirty. +src:bitops.c +src:bitmap.c -- 2.17.1
[PATCH 16/19] util: fixed tsan warnings in thread_pool.c
For example: WARNING: ThreadSanitizer: data race (pid=14665) Write of size 4 at 0x7b1c7890 by thread T99: #0 worker_thread util/thread-pool.c:112:20 (qemu-system-aarch64+0xd52108) #1 qemu_thread_start util/qemu-thread-posix.c:519:9 (qemu-system-aarch64+0xd5be30) Previous read of size 4 at 0x7b1c7890 by main thread (mutexes: write M875, write M897): #0 thread_pool_completion_bh util/thread-pool.c:177:19 (qemu-system-aarch64+0xd51a73) #1 aio_bh_call util/async.c:136:5 (qemu-system-aarch64+0xd4f98e) #2 aio_bh_poll util/async.c:164:13 (qemu-system-aarch64+0xd4f98e) Signed-off-by: Robert Foley --- util/thread-pool.c | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/util/thread-pool.c b/util/thread-pool.c index d763cea505..2403669827 100644 --- a/util/thread-pool.c +++ b/util/thread-pool.c @@ -21,6 +21,7 @@ #include "trace.h" #include "block/thread-pool.h" #include "qemu/main-loop.h" +#include "qemu/tsan.h" static void do_spawn_thread(ThreadPool *pool); @@ -97,7 +98,9 @@ static void *worker_thread(void *opaque) } req = QTAILQ_FIRST(&pool->request_list); +TSAN_ANNOTATE_IGNORE_WRITES_BEGIN(); QTAILQ_REMOVE(&pool->request_list, req, reqs); + req->state = THREAD_ACTIVE; qemu_mutex_unlock(&pool->lock); @@ -107,7 +110,7 @@ static void *worker_thread(void *opaque) /* Write ret before state. */ smp_wmb(); req->state = THREAD_DONE; - +TSAN_ANNOTATE_IGNORE_WRITES_END(); qemu_mutex_lock(&pool->lock); qemu_bh_schedule(pool->completion_bh); -- 2.17.1
[PATCH 13/19] accel/tcg: Fixed tsan warnings.
For example:
WARNING: ThreadSanitizer: data race (pid=35425)
Write of size 4 at 0x7bbc00ac by main thread (mutexes: write M875):
#0 cpu_reset_interrupt hw/core/cpu.c:107:28 (qemu-system-aarch64+0x843790)
#1 arm_cpu_set_irq target/arm/cpu.c (qemu-system-aarch64+0x616265)
#2 qemu_set_irq hw/core/irq.c:44:5 (qemu-system-aarch64+0x8462ca)
Previous atomic read of size 4 at 0x7bbc00ac by thread T6:
#0 __tsan_atomic32_load (qemu-system-aarch64+0x394c1c)
#1 cpu_handle_interrupt accel/tcg/cpu-exec.c:534:9
(qemu-system-aarch64+0x4b7e79)
#2 cpu_exec accel/tcg/cpu-exec.c:720:17 (qemu-system-aarch64+0x4b7e79)
or
WARNING: ThreadSanitizer: data race (pid=25425)
Read of size 8 at 0x7f8ad8e138d0 by thread T10:
#0 tb_lookup_cmp accel/tcg/cpu-exec.c:307:13 (qemu-system-aarch64+0x4ac4d2)
#1 qht_do_lookup util/qht.c:502:34 (qemu-system-aarch64+0xd05264)
Previous write of size 8 at 0x7f8ad8e138d0 by thread T15 (mutexes: write
M728311726235541804):
#0 tb_link_page accel/tcg/translate-all.c:1625:26
(qemu-system-aarch64+0x4b0bf2)
#1 tb_gen_code accel/tcg/translate-all.c:1865:19
(qemu-system-aarch64+0x4b0bf2)
#2 tb_find accel/tcg/cpu-exec.c:407:14 (qemu-system-aarch64+0x4ad77c)
Cc: Richard Henderson
Cc: Paolo Bonzini
Signed-off-by: Robert Foley
---
accel/tcg/tcg-all.c | 4 ++--
accel/tcg/tcg-runtime.c | 7 ++-
accel/tcg/translate-all.c | 6 +-
hw/core/cpu.c | 2 +-
4 files changed, 14 insertions(+), 5 deletions(-)
diff --git a/accel/tcg/tcg-all.c b/accel/tcg/tcg-all.c
index 3b4fda5640..f94ea4c4b3 100644
--- a/accel/tcg/tcg-all.c
+++ b/accel/tcg/tcg-all.c
@@ -54,8 +54,8 @@ static void tcg_handle_interrupt(CPUState *cpu, int mask)
int old_mask;
g_assert(qemu_mutex_iothread_locked());
-old_mask = cpu->interrupt_request;
-cpu->interrupt_request |= mask;
+old_mask = atomic_read(&cpu->interrupt_request);
+atomic_or(&cpu->interrupt_request, mask);
/*
* If called from iothread context, wake the target cpu in
diff --git a/accel/tcg/tcg-runtime.c b/accel/tcg/tcg-runtime.c
index 446465a09a..bd0cd77450 100644
--- a/accel/tcg/tcg-runtime.c
+++ b/accel/tcg/tcg-runtime.c
@@ -31,6 +31,7 @@
#include "disas/disas.h"
#include "exec/log.h"
#include "tcg/tcg.h"
+#include "qemu/tsan.h"
/* 32-bit helpers */
@@ -151,6 +152,7 @@ void *HELPER(lookup_tb_ptr)(CPUArchState *env)
TranslationBlock *tb;
target_ulong cs_base, pc;
uint32_t flags;
+void *tc_ptr;
tb = tb_lookup__cpu_state(cpu, &pc, &cs_base, &flags, curr_cflags());
if (tb == NULL) {
@@ -161,7 +163,10 @@ void *HELPER(lookup_tb_ptr)(CPUArchState *env)
TARGET_FMT_lx "/" TARGET_FMT_lx "/%#x] %s\n",
cpu->cpu_index, tb->tc.ptr, cs_base, pc, flags,
lookup_symbol(pc));
-return tb->tc.ptr;
+TSAN_ANNOTATE_IGNORE_READS_BEGIN();
+tc_ptr = tb->tc.ptr;
+TSAN_ANNOTATE_IGNORE_READS_END();
+return tc_ptr;
}
void HELPER(exit_atomic)(CPUArchState *env)
diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index 3fb71a1503..6c0e61994c 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -58,6 +58,7 @@
#include "exec/log.h"
#include "sysemu/cpus.h"
#include "sysemu/tcg.h"
+#include "qemu/tsan.h"
/* #define DEBUG_TB_INVALIDATE */
/* #define DEBUG_TB_FLUSH */
@@ -1704,6 +1705,7 @@ TranslationBlock *tb_gen_code(CPUState *cpu,
max_insns = 1;
}
+TSAN_ANNOTATE_IGNORE_WRITES_BEGIN();
buffer_overflow:
tb = tcg_tb_alloc(tcg_ctx);
if (unlikely(!tb)) {
@@ -1902,9 +1904,11 @@ TranslationBlock *tb_gen_code(CPUState *cpu,
orig_aligned -= ROUND_UP(sizeof(*tb), qemu_icache_linesize);
atomic_set(&tcg_ctx->code_gen_ptr, (void *)orig_aligned);
tb_destroy(tb);
+TSAN_ANNOTATE_IGNORE_WRITES_END();
return existing_tb;
}
tcg_tb_insert(tb);
+TSAN_ANNOTATE_IGNORE_WRITES_END();
return tb;
}
@@ -2409,7 +2413,7 @@ void dump_opcount_info(void)
void cpu_interrupt(CPUState *cpu, int mask)
{
g_assert(qemu_mutex_iothread_locked());
-cpu->interrupt_request |= mask;
+atomic_or(&cpu->interrupt_request, mask);
atomic_set(&cpu_neg(cpu)->icount_decr.u16.high, -1);
}
diff --git a/hw/core/cpu.c b/hw/core/cpu.c
index 77703d62b7..6c16ccc426 100644
--- a/hw/core/cpu.c
+++ b/hw/core/cpu.c
@@ -104,7 +104,7 @@ void cpu_reset_interrupt(CPUState *cpu, int mask)
if (need_lock) {
qemu_mutex_lock_iothread();
}
-cpu->interrupt_request &= ~mask;
+atomic_and(&cpu->interrupt_request, ~mask);
if (need_lock) {
qemu_mutex_unlock_iothread();
}
--
2.17.1
[PATCH 14/19] util/async: Fixed tsan warnings
For example:
Atomic write of size 8 at 0x7b4800113c28 by main thread (mutexes: write M30):
#0 __tsan_atomic64_exchange (qemu-system-aarch64+0x386f85)
#1 aio_bh_poll util/async.c:146:5 (qemu-system-aarch64+0xcd1f61)
#2 aio_dispatch util/aio-posix.c:380:5 (qemu-system-aarch64+0xcd8abb)
#3 aio_ctx_dispatch util/async.c:298:5 (qemu-system-aarch64+0xcd31b0)
#4 g_main_context_dispatch (libglib-2.0.so.0+0x4c416)
#5 qemu_main_loop softmmu/vl.c:1664:9 (qemu-system-aarch64+0x5cc6d6)
#6 main softmmu/main.c:49:5 (qemu-system-aarch64+0xc62857)
Previous read of size 8 at 0x7b4800113c28 by thread T3 (mutexes: write M81):
#0 aio_bh_enqueue util/async.c:81:9 (qemu-system-aarch64+0xcd2267)
#1 qemu_bh_schedule util/async.c:181:5 (qemu-system-aarch64+0xcd2267)
#2 worker_thread util/thread-pool.c:113:9 (qemu-system-aarch64+0xcd473c)
#3 qemu_thread_start util/qemu-thread-posix.c:519:9
(qemu-system-aarch64+0xcde280)
Cc: Stefan Hajnoczi
Cc: Fam Zheng
Signed-off-by: Robert Foley
---
util/async.c | 11 +--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/util/async.c b/util/async.c
index 1319eee3bc..51e306bf0c 100644
--- a/util/async.c
+++ b/util/async.c
@@ -33,6 +33,7 @@
#include "block/raw-aio.h"
#include "qemu/coroutine_int.h"
#include "trace.h"
+#include "qemu/tsan.h"
/***/
/* bottom halves (can be seen as timers which expire ASAP) */
@@ -76,10 +77,12 @@ static void aio_bh_enqueue(QEMUBH *bh, unsigned new_flags)
* 2. ctx is loaded before the callback has a chance to execute and bh
*could be freed.
*/
+TSAN_ANNOTATE_IGNORE_WRITES_BEGIN();
old_flags = atomic_fetch_or(&bh->flags, BH_PENDING | new_flags);
if (!(old_flags & BH_PENDING)) {
QSLIST_INSERT_HEAD_ATOMIC(&ctx->bh_list, bh, next);
}
+TSAN_ANNOTATE_IGNORE_WRITES_END();
aio_notify(ctx);
}
@@ -143,7 +146,9 @@ int aio_bh_poll(AioContext *ctx)
BHListSlice *s;
int ret = 0;
+TSAN_ANNOTATE_IGNORE_WRITES_BEGIN();
QSLIST_MOVE_ATOMIC(&slice.bh_list, &ctx->bh_list);
+TSAN_ANNOTATE_IGNORE_WRITES_END();
QSIMPLEQ_INSERT_TAIL(&ctx->bh_slice_list, &slice, next);
while ((s = QSIMPLEQ_FIRST(&ctx->bh_slice_list))) {
@@ -280,14 +285,16 @@ aio_ctx_check(GSource *source)
aio_notify_accept(ctx);
QSLIST_FOREACH_RCU(bh, &ctx->bh_list, next) {
-if ((bh->flags & (BH_SCHEDULED | BH_DELETED)) == BH_SCHEDULED) {
+if ((atomic_read(&bh->flags) & (BH_SCHEDULED | BH_DELETED))
+ == BH_SCHEDULED) {
return true;
}
}
QSIMPLEQ_FOREACH(s, &ctx->bh_slice_list, next) {
QSLIST_FOREACH_RCU(bh, &s->bh_list, next) {
-if ((bh->flags & (BH_SCHEDULED | BH_DELETED)) == BH_SCHEDULED) {
+if ((atomic_read(&bh->flags) & (BH_SCHEDULED | BH_DELETED))
+ == BH_SCHEDULED) {
return true;
}
}
--
2.17.1
[PATCH 10/19] include/qemu: Added tsan.h for annotations.
These annotations will allow us to give tsan additional hints. For example, we can inform tsan about reads/writes to ignore to silence certain classes of warnings. We can also annotate threads so that the proper thread naming shows up in tsan warning results. Signed-off-by: Robert Foley --- include/qemu/tsan.h | 48 + 1 file changed, 48 insertions(+) create mode 100644 include/qemu/tsan.h diff --git a/include/qemu/tsan.h b/include/qemu/tsan.h new file mode 100644 index 00..8b7d0acf3e --- /dev/null +++ b/include/qemu/tsan.h @@ -0,0 +1,48 @@ +#ifndef QEMU_TSAN_H +#define QEMU_TSAN_H +/* + * tsan.h + * + * This file defines macros used to give ThreadSanitizer + * additional information to help suppress warnings. + * This is necessary since TSan does not provide a header file + * for these annotations. The standard way to include these + * is via the below macros. + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + */ + +#ifdef CONFIG_TSAN +#define TSAN_ANNOTATE_HAPPENS_BEFORE(addr) \ +AnnotateHappensBefore(__FILE__, __LINE__, (void *)(addr)) +#define TSAN_ANNOTATE_HAPPENS_AFTER(addr) \ +AnnotateHappensAfter(__FILE__, __LINE__, (void *)(addr)) +#define TSAN_ANNOTATE_THREAD_NAME(name) \ +AnnotateThreadName(__FILE__, __LINE__, (void *)(name)) +#define TSAN_ANNOTATE_IGNORE_READS_BEGIN() \ +AnnotateIgnoreReadsBegin(__FILE__, __LINE__) +#define TSAN_ANNOTATE_IGNORE_READS_END() \ +AnnotateIgnoreReadsEnd(__FILE__, __LINE__) +#define TSAN_ANNOTATE_IGNORE_WRITES_BEGIN() \ +AnnotateIgnoreWritesBegin(__FILE__, __LINE__) +#define TSAN_ANNOTATE_IGNORE_WRITES_END() \ +AnnotateIgnoreWritesEnd(__FILE__, __LINE__) +#else +#define TSAN_ANNOTATE_HAPPENS_BEFORE(addr) +#define TSAN_ANNOTATE_HAPPENS_AFTER(addr) +#define TSAN_ANNOTATE_THREAD_NAME(name) +#define TSAN_ANNOTATE_IGNORE_READS_BEGIN() +#define TSAN_ANNOTATE_IGNORE_READS_END() +#define TSAN_ANNOTATE_IGNORE_WRITES_BEGIN() +#define TSAN_ANNOTATE_IGNORE_WRITES_END() +#endif + +void AnnotateHappensBefore(const char *f, int l, void *addr); +void AnnotateHappensAfter(const char *f, int l, void *addr); +void AnnotateThreadName(const char *f, int l, char *name); +void AnnotateIgnoreReadsBegin(const char *f, int l); +void AnnotateIgnoreReadsEnd(const char *f, int l); +void AnnotateIgnoreWritesBegin(const char *f, int l); +void AnnotateIgnoreWritesEnd(const char *f, int l); +#endif -- 2.17.1
[PATCH 09/19] tests/docker: Added docker build support for TSan.
Added a new docker for ubuntu 20.04.
This docker has support for Thread Sanitizer
including one patch we need in one of the header files.
https://github.com/llvm/llvm-project/commit/a72dc86cd
This command will build with tsan enabled:
make docker-test-build-ubuntu2004 V=1 TSAN=1
Also added the TSAN suppresion file to disable certain
cases of TSAN warnings.
Cc: Fam Zheng
Cc: Philippe Mathieu-Daudé
Signed-off-by: Robert Foley
---
tests/docker/Makefile.include | 2 +
tests/docker/common.rc | 19 +++
tests/docker/dockerfiles/ubuntu2004.docker | 65 ++
tests/tsan/suppressions.tsan | 14 +
4 files changed, 100 insertions(+)
create mode 100644 tests/docker/dockerfiles/ubuntu2004.docker
create mode 100644 tests/tsan/suppressions.tsan
diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include
index 43a8678688..e029e54b42 100644
--- a/tests/docker/Makefile.include
+++ b/tests/docker/Makefile.include
@@ -202,6 +202,7 @@ endif
@echo ' (default is 1)'
@echo 'DEBUG=1 Stop and drop to shell in the created
container'
@echo ' before running the command.'
+ @echo 'TSAN=1 Enable use of tsan during the
build/test.'
@echo 'NETWORK=1Enable virtual network interface with
default backend.'
@echo 'NETWORK=$$BACKEND Enable virtual network interface with
$$BACKEND.'
@echo 'NOUSER Define to disable adding current user
to containers passwd.'
@@ -239,6 +240,7 @@ docker-run: docker-qemu-src
-e EXTRA_CONFIGURE_OPTS="$(EXTRA_CONFIGURE_OPTS)" \
-e V=$V -e J=$J -e DEBUG=$(DEBUG) \
-e SHOW_ENV=$(SHOW_ENV) \
+ $(if $(TSAN),,-e TSAN=$(TSAN)) \
$(if $(NOUSER),,\
-e CCACHE_DIR=/var/tmp/ccache \
-v $(DOCKER_CCACHE_DIR):/var/tmp/ccache:z \
diff --git a/tests/docker/common.rc b/tests/docker/common.rc
index 02cd67a8c5..5df93c6326 100755
--- a/tests/docker/common.rc
+++ b/tests/docker/common.rc
@@ -27,6 +27,25 @@ requires()
configure_qemu()
{
+if test -z "$TSAN"; then
+requires clang tsan
+echo "Including TSan Support"
+tsan_log_dir="/tmp/qemu-test/build/tsan"
+mkdir -p $tsan_log_dir > /dev/null || true
+EXTRA_CONFIGURE_OPTS="${EXTRA_CONFIGURE_OPTS} --enable-tsan \
+ --cc=clang-10 --cxx=clang++-10 \
+ --disable-werror --extra-cflags=-O0"
+# detect deadlocks is false currently simply because
+# TSan crashes immediately with deadlock detecter enabled.
+# We have maxed out the history size to get the best chance of finding
+# warnings during testing.
+# Note, to get tsan to fail on warning, use exitcode=66 below.
+
tsan_opts="suppressions=/tmp/qemu-test/src/tests/tsan/suppressions.tsan\
+ detect_deadlocks=false history_size=7\
+ halt_on_error=0 exitcode=0 verbose=5\
+ log_path=$tsan_log_dir/tsan_warnings.txt"
+export TSAN_OPTIONS="$tsan_opts"
+fi
config_opts="--enable-werror \
${TARGET_LIST:+--target-list=${TARGET_LIST}} \
--prefix=$INSTALL_DIR \
diff --git a/tests/docker/dockerfiles/ubuntu2004.docker
b/tests/docker/dockerfiles/ubuntu2004.docker
new file mode 100644
index 00..6050ce7e8a
--- /dev/null
+++ b/tests/docker/dockerfiles/ubuntu2004.docker
@@ -0,0 +1,65 @@
+FROM ubuntu:20.04
+ENV PACKAGES flex bison \
+ccache \
+clang-10\
+gcc \
+gettext \
+git \
+glusterfs-common \
+libaio-dev \
+libattr1-dev \
+libbrlapi-dev \
+libbz2-dev \
+libcacard-dev \
+libcap-ng-dev \
+libcurl4-gnutls-dev \
+libdrm-dev \
+libepoxy-dev \
+libfdt-dev \
+libgbm-dev \
+libgtk-3-dev \
+libibverbs-dev \
+libiscsi-dev \
+libjemalloc-dev \
+libjpeg-turbo8-dev \
+liblzo2-dev \
+libncurses5-dev \
+libncursesw5-dev \
+libnfs-dev \
+libnss3-dev \
+libnuma-dev \
+libpixman-1-dev \
+librados-dev \
+librbd-dev \
+librdmacm-dev \
+libsasl2-dev \
+libsdl2-dev \
+libseccomp-dev \
+libsnappy-dev \
+libspice-protocol-dev \
+libspice-server-dev \
+libssh-dev \
+libusb-1.0-0-dev \
+libusbredirhost-dev \
+libvdeplug-dev \
+libvte-2.91-dev \
+libxen-dev \
+libzstd-dev \
+make \
+python3-yaml \
+python3-sphinx \
+sparse \
+texinfo \
+xfslibs-dev\
+vim
+RUN apt-get update && \
+DEBIAN_FRONTEND=noninteractive apt-get -y install $PACKAGES
+RUN dpkg -l $PACKAGES | sort > /p
[PATCH 07/19] translate-all: call qemu_spin_destroy for PageDesc
From: "Emilio G. Cota"
The radix tree is append-only, but we can fail to insert
a PageDesc if the insertion races with another thread.
Signed-off-by: Emilio G. Cota
Signed-off-by: Robert Foley
---
accel/tcg/translate-all.c | 9 +
1 file changed, 9 insertions(+)
diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index 3708aab36b..3fb71a1503 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -547,6 +547,15 @@ static PageDesc *page_find_alloc(tb_page_addr_t index, int
alloc)
#endif
existing = atomic_cmpxchg(lp, NULL, pd);
if (unlikely(existing)) {
+#ifndef CONFIG_USER_ONLY
+{
+int i;
+
+for (i = 0; i < V_L2_SIZE; i++) {
+qemu_spin_destroy(&pd[i].lock);
+}
+}
+#endif
g_free(pd);
pd = existing;
}
--
2.17.1
[PATCH 02/19] cpu: convert queued work to a QSIMPLEQ
From: "Emilio G. Cota"
Instead of open-coding it.
While at it, make sure that all accesses to the list are
performed while holding the list's lock.
Reviewed-by: Richard Henderson
Reviewed-by: Alex Bennée
Signed-off-by: Emilio G. Cota
Signed-off-by: Robert Foley
---
cpus-common.c | 25 -
cpus.c| 14 --
hw/core/cpu.c | 1 +
include/hw/core/cpu.h | 6 +++---
4 files changed, 24 insertions(+), 22 deletions(-)
diff --git a/cpus-common.c b/cpus-common.c
index 55d5df8923..210fc7fc39 100644
--- a/cpus-common.c
+++ b/cpus-common.c
@@ -97,7 +97,7 @@ void cpu_list_remove(CPUState *cpu)
}
struct qemu_work_item {
-struct qemu_work_item *next;
+QSIMPLEQ_ENTRY(qemu_work_item) node;
run_on_cpu_func func;
run_on_cpu_data data;
bool free, exclusive, done;
@@ -106,13 +106,7 @@ struct qemu_work_item {
static void queue_work_on_cpu(CPUState *cpu, struct qemu_work_item *wi)
{
qemu_mutex_lock(&cpu->work_mutex);
-if (cpu->queued_work_first == NULL) {
-cpu->queued_work_first = wi;
-} else {
-cpu->queued_work_last->next = wi;
-}
-cpu->queued_work_last = wi;
-wi->next = NULL;
+QSIMPLEQ_INSERT_TAIL(&cpu->work_list, wi, node);
wi->done = false;
qemu_mutex_unlock(&cpu->work_mutex);
@@ -306,17 +300,14 @@ void process_queued_cpu_work(CPUState *cpu)
{
struct qemu_work_item *wi;
-if (cpu->queued_work_first == NULL) {
+qemu_mutex_lock(&cpu->work_mutex);
+if (QSIMPLEQ_EMPTY(&cpu->work_list)) {
+qemu_mutex_unlock(&cpu->work_mutex);
return;
}
-
-qemu_mutex_lock(&cpu->work_mutex);
-while (cpu->queued_work_first != NULL) {
-wi = cpu->queued_work_first;
-cpu->queued_work_first = wi->next;
-if (!cpu->queued_work_first) {
-cpu->queued_work_last = NULL;
-}
+while (!QSIMPLEQ_EMPTY(&cpu->work_list)) {
+wi = QSIMPLEQ_FIRST(&cpu->work_list);
+QSIMPLEQ_REMOVE_HEAD(&cpu->work_list, node);
qemu_mutex_unlock(&cpu->work_mutex);
if (wi->exclusive) {
/* Running work items outside the BQL avoids the following
deadlock:
diff --git a/cpus.c b/cpus.c
index 5670c96bcf..af44027549 100644
--- a/cpus.c
+++ b/cpus.c
@@ -97,9 +97,19 @@ bool cpu_is_stopped(CPUState *cpu)
return cpu->stopped || !runstate_is_running();
}
+static inline bool cpu_work_list_empty(CPUState *cpu)
+{
+bool ret;
+
+qemu_mutex_lock(&cpu->work_mutex);
+ret = QSIMPLEQ_EMPTY(&cpu->work_list);
+qemu_mutex_unlock(&cpu->work_mutex);
+return ret;
+}
+
static bool cpu_thread_is_idle(CPUState *cpu)
{
-if (cpu->stop || cpu->queued_work_first) {
+if (cpu->stop || !cpu_work_list_empty(cpu)) {
return false;
}
if (cpu_is_stopped(cpu)) {
@@ -1498,7 +1508,7 @@ static void *qemu_tcg_rr_cpu_thread_fn(void *arg)
cpu = first_cpu;
}
-while (cpu && !cpu->queued_work_first && !cpu->exit_request) {
+while (cpu && cpu_work_list_empty(cpu) && !cpu->exit_request) {
atomic_mb_set(&tcg_current_rr_cpu, cpu);
current_cpu = cpu;
diff --git a/hw/core/cpu.c b/hw/core/cpu.c
index 5284d384fb..77703d62b7 100644
--- a/hw/core/cpu.c
+++ b/hw/core/cpu.c
@@ -368,6 +368,7 @@ static void cpu_common_initfn(Object *obj)
cpu->nr_threads = 1;
qemu_mutex_init(&cpu->work_mutex);
+QSIMPLEQ_INIT(&cpu->work_list);
QTAILQ_INIT(&cpu->breakpoints);
QTAILQ_INIT(&cpu->watchpoints);
diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index 07f7698155..d78ff1d165 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -331,8 +331,8 @@ struct qemu_work_item;
* @opaque: User data.
* @mem_io_pc: Host Program Counter at which the memory was accessed.
* @kvm_fd: vCPU file descriptor for KVM.
- * @work_mutex: Lock to prevent multiple access to queued_work_*.
- * @queued_work_first: First asynchronous work pending.
+ * @work_mutex: Lock to prevent multiple access to @work_list.
+ * @work_list: List of pending asynchronous work.
* @trace_dstate_delayed: Delayed changes to trace_dstate (includes all changes
*to @trace_dstate).
* @trace_dstate: Dynamic tracing state of events for this vCPU (bitmask).
@@ -376,7 +376,7 @@ struct CPUState {
sigjmp_buf jmp_env;
QemuMutex work_mutex;
-struct qemu_work_item *queued_work_first, *queued_work_last;
+QSIMPLEQ_HEAD(, qemu_work_item) work_list;
CPUAddressSpace *cpu_ases;
int num_ases;
--
2.17.1
[PATCH 06/19] tcg: call qemu_spin_destroy for tb->jmp_lock
From: "Emilio G. Cota"
Signed-off-by: Emilio G. Cota
Signed-off-by: Robert Foley
[RF: Minor changes to fix some checkpatch errors]
---
accel/tcg/translate-all.c | 10 +-
include/tcg/tcg.h | 3 ++-
tcg/tcg.c | 19 ---
3 files changed, 27 insertions(+), 5 deletions(-)
diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index 42ce1dfcff..3708aab36b 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -384,6 +384,11 @@ static int cpu_restore_state_from_tb(CPUState *cpu,
TranslationBlock *tb,
return 0;
}
+static void tb_destroy(TranslationBlock *tb)
+{
+qemu_spin_destroy(&tb->jmp_lock);
+}
+
bool cpu_restore_state(CPUState *cpu, uintptr_t host_pc, bool will_exit)
{
TranslationBlock *tb;
@@ -413,6 +418,7 @@ bool cpu_restore_state(CPUState *cpu, uintptr_t host_pc,
bool will_exit)
/* one-shot translation, invalidate it immediately */
tb_phys_invalidate(tb, -1);
tcg_tb_remove(tb);
+tb_destroy(tb);
}
r = true;
}
@@ -1230,7 +1236,7 @@ static void do_tb_flush(CPUState *cpu, run_on_cpu_data
tb_flush_count)
qht_reset_size(&tb_ctx.htable, CODE_GEN_HTABLE_SIZE);
page_flush_tb();
-tcg_region_reset_all();
+tcg_region_reset_all(tb_destroy);
/* XXX: flush processor icache at this point if cache flush is
expensive */
atomic_mb_set(&tb_ctx.tb_flush_count, tb_ctx.tb_flush_count + 1);
@@ -1886,6 +1892,7 @@ TranslationBlock *tb_gen_code(CPUState *cpu,
orig_aligned -= ROUND_UP(sizeof(*tb), qemu_icache_linesize);
atomic_set(&tcg_ctx->code_gen_ptr, (void *)orig_aligned);
+tb_destroy(tb);
return existing_tb;
}
tcg_tb_insert(tb);
@@ -2235,6 +2242,7 @@ void cpu_io_recompile(CPUState *cpu, uintptr_t retaddr)
tb_phys_invalidate(tb->orig_tb, -1);
}
tcg_tb_remove(tb);
+tb_destroy(tb);
}
/* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
diff --git a/include/tcg/tcg.h b/include/tcg/tcg.h
index c48bd76b0a..2c5997e14e 100644
--- a/include/tcg/tcg.h
+++ b/include/tcg/tcg.h
@@ -815,8 +815,9 @@ void *tcg_malloc_internal(TCGContext *s, int size);
void tcg_pool_reset(TCGContext *s);
TranslationBlock *tcg_tb_alloc(TCGContext *s);
+typedef void (*tb_destroy_func)(TranslationBlock *tb);
void tcg_region_init(void);
-void tcg_region_reset_all(void);
+void tcg_region_reset_all(tb_destroy_func tb_destroy);
size_t tcg_code_size(void);
size_t tcg_code_capacity(void);
diff --git a/tcg/tcg.c b/tcg/tcg.c
index a2268d9db0..2680968683 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -502,7 +502,16 @@ size_t tcg_nb_tbs(void)
return nb_tbs;
}
-static void tcg_region_tree_reset_all(void)
+static gboolean tcg_region_tree_traverse(gpointer k, gpointer v, gpointer data)
+{
+TranslationBlock *tb = v;
+tb_destroy_func tb_destroy = data;
+
+tb_destroy(tb);
+return FALSE;
+}
+
+static void tcg_region_tree_reset_all(tb_destroy_func tb_destroy)
{
size_t i;
@@ -510,6 +519,10 @@ static void tcg_region_tree_reset_all(void)
for (i = 0; i < region.n; i++) {
struct tcg_region_tree *rt = region_trees + i * tree_size;
+if (tb_destroy != NULL) {
+g_tree_foreach(rt->tree, tcg_region_tree_traverse, tb_destroy);
+}
+
/* Increment the refcount first so that destroy acts as a reset */
g_tree_ref(rt->tree);
g_tree_destroy(rt->tree);
@@ -586,7 +599,7 @@ static inline bool
tcg_region_initial_alloc__locked(TCGContext *s)
}
/* Call from a safe-work context */
-void tcg_region_reset_all(void)
+void tcg_region_reset_all(tb_destroy_func tb_destroy)
{
unsigned int n_ctxs = atomic_read(&n_tcg_ctxs);
unsigned int i;
@@ -603,7 +616,7 @@ void tcg_region_reset_all(void)
}
qemu_mutex_unlock(®ion.lock);
-tcg_region_tree_reset_all();
+tcg_region_tree_reset_all(tb_destroy);
}
#ifdef CONFIG_USER_ONLY
--
2.17.1
[PATCH 08/19] thread: add tsan annotations to QemuSpin
From: "Emilio G. Cota"
Signed-off-by: Emilio G. Cota
Signed-off-by: Robert Foley
---
include/qemu/thread.h | 39 ---
1 file changed, 36 insertions(+), 3 deletions(-)
diff --git a/include/qemu/thread.h b/include/qemu/thread.h
index e50a073889..43fc094b96 100644
--- a/include/qemu/thread.h
+++ b/include/qemu/thread.h
@@ -206,6 +206,10 @@ void qemu_thread_atexit_add(struct Notifier *notifier);
*/
void qemu_thread_atexit_remove(struct Notifier *notifier);
+#ifdef CONFIG_TSAN
+#include
+#endif
+
struct QemuSpin {
int value;
};
@@ -213,23 +217,46 @@ struct QemuSpin {
static inline void qemu_spin_init(QemuSpin *spin)
{
__sync_lock_release(&spin->value);
+#ifdef CONFIG_TSAN
+__tsan_mutex_create(spin, __tsan_mutex_not_static);
+#endif
}
-static inline void qemu_spin_destroy(QemuSpin *spin)
-{ }
+/* const parameter because the only purpose here is the TSAN annotation */
+static inline void qemu_spin_destroy(const QemuSpin *spin)
+{
+#ifdef CONFIG_TSAN
+__tsan_mutex_destroy((void *)spin, __tsan_mutex_not_static);
+#endif
+}
static inline void qemu_spin_lock(QemuSpin *spin)
{
+#ifdef CONFIG_TSAN
+__tsan_mutex_pre_lock(spin, 0);
+#endif
while (unlikely(__sync_lock_test_and_set(&spin->value, true))) {
while (atomic_read(&spin->value)) {
cpu_relax();
}
}
+#ifdef CONFIG_TSAN
+__tsan_mutex_post_lock(spin, 0, 0);
+#endif
}
static inline bool qemu_spin_trylock(QemuSpin *spin)
{
-return __sync_lock_test_and_set(&spin->value, true);
+#ifdef CONFIG_TSAN
+__tsan_mutex_pre_lock(spin, __tsan_mutex_try_lock);
+#endif
+bool busy = __sync_lock_test_and_set(&spin->value, true);
+#ifdef CONFIG_TSAN
+unsigned flags = __tsan_mutex_try_lock;
+flags |= busy ? __tsan_mutex_try_lock_failed : 0;
+__tsan_mutex_post_lock(spin, flags, 0);
+#endif
+return busy;
}
static inline bool qemu_spin_locked(QemuSpin *spin)
@@ -239,7 +266,13 @@ static inline bool qemu_spin_locked(QemuSpin *spin)
static inline void qemu_spin_unlock(QemuSpin *spin)
{
+#ifdef CONFIG_TSAN
+__tsan_mutex_pre_unlock(spin, 0);
+#endif
__sync_lock_release(&spin->value);
+#ifdef CONFIG_TSAN
+__tsan_mutex_post_unlock(spin, 0);
+#endif
}
struct QemuLockCnt {
--
2.17.1
[PATCH 11/19] accel/tcg: Fixed tsan warnings related to parallel_cpus
Fixed several tsan warnings. e.g.
WARNING: ThreadSanitizer: data race (pid=35425)
Read of size 1 at 0x557cd83aee28 by thread T7:
#0 curr_cflags include/exec/exec-all.h:460:13 (qemu-system-aarch64+0x4b7f27)
#1 cpu_exec accel/tcg/cpu-exec.c:730:26 (qemu-system-aarch64+0x4b7f27)
#2 tcg_cpu_exec cpus.c:1415:11 (qemu-system-aarch64+0x45b9b6)
#3 qemu_tcg_cpu_thread_fn cpus.c:1723:17 (qemu-system-aarch64+0x45b9b6)
#4 qemu_thread_start util/qemu-thread-posix.c:519:9
(qemu-system-aarch64+0xd431e0)
Previous write of size 1 at 0x557cd83aee28 by thread T6:
#0 cpu_exec_step_atomic accel/tcg/cpu-exec.c:254:23
(qemu-system-aarch64+0x4b6caa)
#1 qemu_tcg_cpu_thread_fn cpus.c:1741:17 (qemu-system-aarch64+0x45baca)
#2 qemu_thread_start util/qemu-thread-posix.c:519:9
(qemu-system-aarch64+0xd431e0)
Location is global 'parallel_cpus' of size 1 at 0x557cd83aee28
(qemu-system-aarch64+0x01fb3e28)
Cc: Richard Henderson
Cc: Paolo Bonzini
Signed-off-by: Robert Foley
---
accel/tcg/cpu-exec.c| 4 ++--
cpus.c | 2 +-
include/exec/exec-all.h | 2 +-
linux-user/syscall.c| 4 ++--
4 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index d95c4848a4..4cbdef1373 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -250,7 +250,7 @@ void cpu_exec_step_atomic(CPUState *cpu)
}
/* Since we got here, we know that parallel_cpus must be true. */
-parallel_cpus = false;
+atomic_set(¶llel_cpus, false);
cc->cpu_exec_enter(cpu);
/* execute the generated code */
trace_exec_tb(tb, pc);
@@ -278,7 +278,7 @@ void cpu_exec_step_atomic(CPUState *cpu)
* the execution.
*/
g_assert(cpu_in_exclusive_context(cpu));
-parallel_cpus = true;
+atomic_set(¶llel_cpus, true);
end_exclusive();
}
diff --git a/cpus.c b/cpus.c
index af44027549..c5d04486a8 100644
--- a/cpus.c
+++ b/cpus.c
@@ -1966,7 +1966,7 @@ static void qemu_tcg_init_vcpu(CPUState *cpu)
if (qemu_tcg_mttcg_enabled()) {
/* create a thread per vCPU with TCG (MTTCG) */
-parallel_cpus = true;
+atomic_set(¶llel_cpus, true);
snprintf(thread_name, VCPU_THREAD_NAME_SIZE, "CPU %d/TCG",
cpu->cpu_index);
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index 3cf88272df..3f2c0290e1 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -496,7 +496,7 @@ static inline uint32_t tb_cflags(const TranslationBlock *tb)
/* current cflags for hashing/comparison */
static inline uint32_t curr_cflags(void)
{
-return (parallel_cpus ? CF_PARALLEL : 0)
+return (atomic_read(¶llel_cpus) ? CF_PARALLEL : 0)
| (use_icount ? CF_USE_ICOUNT : 0);
}
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 05f03919ff..8e39c09c5d 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -6022,8 +6022,8 @@ static int do_fork(CPUArchState *env, unsigned int flags,
abi_ulong newsp,
/* If this is our first additional thread, we need to ensure we
* generate code for parallel execution and flush old translations.
*/
-if (!parallel_cpus) {
-parallel_cpus = true;
+if (!atomic_read(¶llel_cpus)) {
+atomic_set(¶llel_cpus, true);
tb_flush(cpu);
}
--
2.17.1
[PATCH 01/19] configure: add --enable-tsan flag + fiber annotations for coroutine-ucontext
From: Lingfeng Yang
We tried running QEMU under tsan in 2016, but tsan's lack of support for
longjmp-based fibers was a blocker:
https://groups.google.com/forum/#!topic/thread-sanitizer/se0YuzfWazw
Fortunately, thread sanitizer gained fiber support in early 2019:
https://reviews.llvm.org/D54889
This patch brings tsan support upstream by importing the patch that annotated
QEMU's coroutines as tsan fibers in Android's QEMU fork:
https://android-review.googlesource.com/c/platform/external/qemu/+/844675
Tested with '--enable-tsan --cc=clang-9 --cxx=clang++-9 --disable-werror'
configure flags.
Signed-off-by: Lingfeng Yang
Signed-off-by: Emilio G. Cota
[cota: minor modifications + configure changes]
Signed-off-by: Robert Foley
[RF: minor changes to clean up checkpatch warnings/errors]
---
configure | 39
util/coroutine-ucontext.c | 97 +++
2 files changed, 127 insertions(+), 9 deletions(-)
diff --git a/configure b/configure
index 26084fc53a..c95c54fb48 100755
--- a/configure
+++ b/configure
@@ -395,6 +395,7 @@ gprof="no"
debug_tcg="no"
debug="no"
sanitizers="no"
+tsan="no"
fortify_source=""
strip_opt="yes"
tcg_interpreter="no"
@@ -1150,6 +1151,10 @@ for opt do
;;
--disable-sanitizers) sanitizers="no"
;;
+ --enable-tsan) tsan="yes"
+ ;;
+ --disable-tsan) tsan="no"
+ ;;
--enable-sparse) sparse="yes"
;;
--disable-sparse) sparse="no"
@@ -1750,6 +1755,7 @@ Advanced options (experts only):
--with-pkgversion=VERS use specified string as sub-version of the package
--enable-debug enable common debug build options
--enable-sanitizers enable default sanitizers
+ --enable-tsanenable thread sanitizer
--disable-strip disable stripping binaries
--disable-werror disable compilation abort on warning
--disable-stack-protector disable compiler-provided stack protection
@@ -6176,6 +6182,27 @@ if test "$fuzzing" = "yes" ; then
fi
fi
+# Thread sanitizer is, for now, much noisier than the other sanitizers;
+# keep it separate until that is not the case.
+have_tsan=no
+have_tsan_iface_fiber=no
+if test "$tsan" = "yes" ; then
+ write_c_skeleton
+ if compile_prog "$CPU_CFLAGS -Werror -fsanitize=thread" "" ; then
+ have_tsan=yes
+ fi
+ cat > $TMPC << EOF
+#include
+int main(void) {
+ __tsan_create_fiber(0);
+ return 0;
+}
+EOF
+ if compile_prog "$CPU_CFLAGS -Werror -fsanitize=thread" "" ; then
+ have_tsan_iface_fiber=yes
+ fi
+fi
+
##
# check for libpmem
@@ -6277,6 +6304,14 @@ if test "$have_asan" = "yes"; then
"Without code annotation, the report may be inferior."
fi
fi
+if test "$have_tsan" = "yes" ; then
+ if test "$have_tsan_iface_fiber" = "yes" ; then
+QEMU_CFLAGS="-fsanitize=thread $QEMU_CFLAGS"
+QEMU_LDFLAGS="-fsanitize=thread $QEMU_LDFLAGS"
+ else
+echo "Cannot enable TSAN due to missing fiber annotation interface."
+ fi
+fi
if test "$have_ubsan" = "yes"; then
QEMU_CFLAGS="-fsanitize=undefined $QEMU_CFLAGS"
QEMU_LDFLAGS="-fsanitize=undefined $QEMU_LDFLAGS"
@@ -7365,6 +7400,10 @@ if test "$have_asan_iface_fiber" = "yes" ; then
echo "CONFIG_ASAN_IFACE_FIBER=y" >> $config_host_mak
fi
+if test "$have_tsan" = "yes" && test "$have_tsan_iface_fiber" = "yes" ; then
+echo "CONFIG_TSAN=y" >> $config_host_mak
+fi
+
if test "$has_environ" = "yes" ; then
echo "CONFIG_HAS_ENVIRON=y" >> $config_host_mak
fi
diff --git a/util/coroutine-ucontext.c b/util/coroutine-ucontext.c
index bd593e61bc..a3dc78e67a 100644
--- a/util/coroutine-ucontext.c
+++ b/util/coroutine-ucontext.c
@@ -37,18 +37,33 @@
#endif
#endif
+#ifdef CONFIG_TSAN
+#include
+#endif
+
typedef struct {
Coroutine base;
void *stack;
size_t stack_size;
sigjmp_buf env;
+void *tsan_co_fiber;
+void *tsan_caller_fiber;
+
#ifdef CONFIG_VALGRIND_H
unsigned int valgrind_stack_id;
#endif
} CoroutineUContext;
+#define UC_DEBUG 0
+#if UC_DEBUG && defined(CONFIG_TSAN)
+#define UC_TRACE(fmt, ...) fprintf(stderr, "%s:%d:%p " fmt "\n", \
+__func__, __LINE__, __tsan_get_current_fiber(), ##__VA_ARGS__);
+#else
+#define UC_TRACE(fmt, ...)
+#endif
+
/**
* Per-thread coroutine bookkeeping
*/
@@ -65,7 +80,20 @@ union cc_arg {
int i[2];
};
-static void finish_switch_fiber(void *fake_stack_save)
+/* QEMU_ALWAYS_INLINE only does so if __OPTIMIZE__, so we cannot use it. */
+static inline __attribute__((always_inline))
+void on_new_fiber(CoroutineUContext *co)
+{
+#ifdef CONFIG_TSAN
+co->tsan_co_fiber = __tsan_create_fiber(0); /* flags: sync on switch */
+co->tsan_caller_fiber = __tsan_get_current_fiber();
+UC_TRACE("Create new TSAN co fiber. co: %p co fiber: %p caller fiber: %p ",
+ co, co->tsan_co_fiber, co->tsan_caller_fiber);
+#endif
+}
+
+static inline __attribute__((always_inline))
+void finish_switch_fiber(void *fake_stack_s
[PATCH 04/19] cputlb: destroy CPUTLB with tlb_destroy
From: "Emilio G. Cota"
I was after adding qemu_spin_destroy calls, but while at
it I noticed that we are leaking some memory.
Signed-off-by: Emilio G. Cota
Signed-off-by: Robert Foley
---
accel/tcg/cputlb.c | 15 +++
exec.c | 1 +
include/exec/exec-all.h | 8
3 files changed, 24 insertions(+)
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index eb2cf9de5e..1e815357c7 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -270,6 +270,21 @@ void tlb_init(CPUState *cpu)
}
}
+void tlb_destroy(CPUState *cpu)
+{
+CPUArchState *env = cpu->env_ptr;
+int i;
+
+qemu_spin_destroy(&env_tlb(env)->c.lock);
+for (i = 0; i < NB_MMU_MODES; i++) {
+CPUTLBDesc *desc = &env_tlb(env)->d[i];
+CPUTLBDescFast *fast = &env_tlb(env)->f[i];
+
+g_free(fast->table);
+g_free(desc->iotlb);
+}
+}
+
/* flush_all_helper: run fn across all cpus
*
* If the wait flag is set then the src cpu's helper will be queued as
diff --git a/exec.c b/exec.c
index 5162f0d12f..da3d60b034 100644
--- a/exec.c
+++ b/exec.c
@@ -892,6 +892,7 @@ void cpu_exec_unrealizefn(CPUState *cpu)
{
CPUClass *cc = CPU_GET_CLASS(cpu);
+tlb_destroy(cpu);
cpu_list_remove(cpu);
if (cc->vmsd != NULL) {
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index 8792bea07a..3cf88272df 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -124,6 +124,11 @@ void cpu_address_space_init(CPUState *cpu, int asidx,
* @cpu: CPU whose TLB should be initialized
*/
void tlb_init(CPUState *cpu);
+/**
+ * tlb_destroy - destroy a CPU's TLB
+ * @cpu: CPU whose TLB should be destroyed
+ */
+void tlb_destroy(CPUState *cpu);
/**
* tlb_flush_page:
* @cpu: CPU whose TLB should be flushed
@@ -284,6 +289,9 @@ void tlb_set_page(CPUState *cpu, target_ulong vaddr,
static inline void tlb_init(CPUState *cpu)
{
}
+static inline void tlb_destroy(CPUState *cpu)
+{
+}
static inline void tlb_flush_page(CPUState *cpu, target_ulong addr)
{
}
--
2.17.1
[PATCH 03/19] thread: add qemu_spin_destroy
From: "Emilio G. Cota"
It will be used for TSAN annotations.
Signed-off-by: Emilio G. Cota
Signed-off-by: Robert Foley
---
include/qemu/thread.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/include/qemu/thread.h b/include/qemu/thread.h
index d22848138e..e50a073889 100644
--- a/include/qemu/thread.h
+++ b/include/qemu/thread.h
@@ -215,6 +215,9 @@ static inline void qemu_spin_init(QemuSpin *spin)
__sync_lock_release(&spin->value);
}
+static inline void qemu_spin_destroy(QemuSpin *spin)
+{ }
+
static inline void qemu_spin_lock(QemuSpin *spin)
{
while (unlikely(__sync_lock_test_and_set(&spin->value, true))) {
--
2.17.1
[PATCH 00/19] Add Thread Sanitizer support to QEMU
This patch series continues the work done by Emilio Cota and others to add Thread Sanitizer (TSan) support to QEMU. The starting point for this work was Emilio's branch here: https://github.com/cota/qemu/commits/tsan specifically this commit: 0be125fc0afd47218b34d2019abdd19b644f3199 The purpose of this patch is not to fix all the TSan warnings, but to enable the TSan support so that QEMU developers can start using the tool. We found this tool useful and even ran it on our recent changes in the cpu-locks series. Clearly there is work to do here to clean up all the warnings. :) We have made a start to cleaning up these warnings by getting a VM to boot cleanly with no TSan warnings. We have also made an effort to introduce enough of the TSan suppression mechanisms, so that others can continue this work. This series adds support for: - configure option for --enable-tsan. - testing.rst has the full details on how to use TSan with docker and also outside of docker. - Docker builds with TSan. - We added an Ubuntu 20.04 docker that supports TSan builds. - Something like this will build TSan make docker-test-build@ubuntu2004 DEBUG=1 TSAN=1 - Testing with TSan is also supported with docker, although, be forwarned that test-quick currently fails. See "Issues" section below for the current failures. make docker-test-quick@ubuntu2004 DEBUG=1 TSAN=1 - We recommend using the DEBUG=1 option and launching the test (like test-quick) from inside the docker so that when the test is done, you can review the warnings from inside the docker. - testing.rst has the full details on how to use TSan with docker. - We added a blacklist file for files/functions TSan should ignore at compile time. - And added a suppression file for TSan to suppress certain warnings at run time. We found both of these mechanisms are needed when suppressing warnings. - It is also worth mentioning that we were able to suppress/fix enough errors to allow an Ubuntu 18.04 aarch64 VM to boot with zero TSan warnings. When we started this effort, there were ~300 warnings reported by TSan during the same VM boot ! Issues: - When running docker-test-quick under TSan there are several tests which hang - The unit tests which seem to hang under TSan: test-char, test-qdev-global-props, and test-qga. - If we comment out those tests, check-unit finishes, albeit with a couple of warnings. :) Emilio G. Cota (7): cpu: convert queued work to a QSIMPLEQ thread: add qemu_spin_destroy cputlb: destroy CPUTLB with tlb_destroy qht: call qemu_spin_destroy for head buckets tcg: call qemu_spin_destroy for tb->jmp_lock translate-all: call qemu_spin_destroy for PageDesc thread: add tsan annotations to QemuSpin Lingfeng Yang (1): configure: add --enable-tsan flag + fiber annotations for coroutine-ucontext Robert Foley (11): tests/docker: Added docker build support for TSan. include/qemu: Added tsan.h for annotations. accel/tcg: Fixed tsan warnings related to parallel_cpus configure: added tsan support for blacklist. accel/tcg: Fixed tsan warnings. util/async: Fixed tsan warnings qht: Fix tsan warnings. util: fixed tsan warnings in thread_pool.c util: Added tsan annotate for thread name. target/arm: Fix tsan warning in cpu.c docs: Added details on TSan to testing.rst accel/tcg/cpu-exec.c | 4 +- accel/tcg/cputlb.c | 15 accel/tcg/tcg-all.c| 4 +- accel/tcg/tcg-runtime.c| 7 +- accel/tcg/translate-all.c | 25 +- configure | 40 + cpus-common.c | 25 ++ cpus.c | 16 +++- docs/devel/testing.rst | 72 exec.c | 1 + hw/core/cpu.c | 3 +- include/exec/exec-all.h| 10 ++- include/hw/core/cpu.h | 6 +- include/qemu/thread.h | 38 - include/qemu/tsan.h| 48 +++ include/tcg/tcg.h | 3 +- linux-user/syscall.c | 4 +- target/arm/cpu.c | 2 +- tcg/tcg.c | 19 - tests/docker/Makefile.include | 2 + tests/docker/common.rc | 19 + tests/docker/dockerfiles/ubuntu2004.docker | 65 +++ tests/tsan/blacklist.tsan | 5 ++ tests/tsan/suppressions.tsan | 14 util/async.c | 11 ++- util/coroutine-ucontext.c | 97 -- util/qemu-thread-posix.c | 2 + util/qht.c | 4 + util/thread-pool.c | 5 +- 29 files changed, 514 insert
