1. 10 Jan, 2018 8 commits
  2. 13 Dec, 2017 4 commits
  3. 11 Dec, 2017 2 commits
  4. 05 Dec, 2017 4 commits
    • Peter Maydell's avatar
      2babfe0c
    • Eric Farman's avatar
      vhost-scsi: add missing virtqueue_size parameter · 2994cb2e
      Eric Farman authored
      Commit 5c0919d0 ("virtio-scsi: Add virtqueue_size parameter allowing
      virtqueue size to be set.") introduced a new parameter to virtio-scsi.
      Later, commit 92003610
      
       ("vhost-user-scsi: add missing virtqueue_size
      param") added that parameter to the new vhost-user-scsi interface but
      neglected the existing vhost-scsi interface it was built on.
      
      Apply the same change to vhost-scsi, so that we can boot a guest with
      a device defined.  This also avoids crashing a guest when hotplugging
      a vhost-scsi device.
      Signed-off-by: default avatarEric Farman <farman@linux.vnet.ibm.com>
      Message-id: 20171201151538.6844-2-farman@linux.vnet.ibm.com
      Reviewed-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      Signed-off-by: default avatarPeter Maydell <peter.maydell@linaro.org>
      2994cb2e
    • Peter Maydell's avatar
      Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.11-20171205' into staging · 88f714aa
      Peter Maydell authored
      
      
      ppc patch queue 2017-12-05
      
      Alas, this is yet another fix for ppc that I think it's worth
      squeezing into 2.11.  It's a really ugly fix for some pretty ugly
      code, but it does seem to address a real problem.  It's also a problem
      that's appeared relatively recently, since it was either created by,
      or made much easier to trigger by, by the merge of MTTCG.
      
      # gpg: Signature made Tue 05 Dec 2017 05:24:04 GMT
      # gpg:                using RSA key 0x6C38CACA20D9B392
      # gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>"
      # gpg:                 aka "David Gibson (Red Hat) <dgibson@redhat.com>"
      # gpg:                 aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>"
      # gpg:                 aka "David Gibson (kernel.org) <dwg@kernel.org>"
      # Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 B392
      
      * remotes/dgibson/tags/ppc-for-2.11-20171205:
        target/ppc: Fix system lockups caused by interrupt_request state corruption
      Signed-off-by: default avatarPeter Maydell <peter.maydell@linaro.org>
      88f714aa
    • Richard Purdie's avatar
      target/ppc: Fix system lockups caused by interrupt_request state corruption · 044897ef
      Richard Purdie authored
      
      
      Occasionally in Linux guests on x86_64 we're seeing logs like:
      
      ppc_set_irq: 0x55b4e0d562f0 n_IRQ 8 level 1 => pending 00000100req 00000004
      
      when they should read:
      
      ppc_set_irq: 0x55b4e0d562f0 n_IRQ 8 level 1 => pending 00000100req 00000002
      
      The "00000004" is CPU_INTERRUPT_EXITTB yet the code calls
      cpu_interrupt(cs, CPU_INTERRUPT_HARD) ("00000002") in this function
      just before the log message. Something is causing the HARD bit setting
      to get lost.
      
      The knock on effect of losing that bit is the decrementer timer interrupts
      don't get delivered which causes the guest to sit idle in its idle handler
      and 'hang'.
      
      The issue occurs due to races from code which sets CPU_INTERRUPT_EXITTB.
      
      Rather than poking directly into cs->interrupt_request, that code needs to:
      
      a) hold BQL
      b) use the cpu_interrupt() helper
      
      This patch fixes the call sites to do this, fixing the hang. The calls
      are made from a variety of contexts so a helper function is added to handle
      the necessary locking. This can likely be improved and optimised in the future
      but it ensures the code is correct and doesn't lockup as it stands today.
      Signed-off-by: default avatarRichard Purdie <richard.purdie@linuxfoundation.org>
      Signed-off-by: default avatarDavid Gibson <david@gibson.dropbear.id.au>
      044897ef
  5. 04 Dec, 2017 5 commits
    • Peter Maydell's avatar
      Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging · 2a4c7e83
      Peter Maydell authored
      
      
      Block layer patches for 2.11.0-rc4
      
      # gpg: Signature made Mon 04 Dec 2017 16:46:07 GMT
      # gpg:                using RSA key 0x7F09B272C88F2FD6
      # gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"
      # Primary key fingerprint: DC3D EB15 9A9A F95D 3D74  56FE 7F09 B272 C88F 2FD6
      
      * remotes/kevin/tags/for-upstream:
        blockjob: Make block_job_pause_all() keep a reference to the jobs
      Signed-off-by: default avatarPeter Maydell <peter.maydell@linaro.org>
      2a4c7e83
    • Alberto Garcia's avatar
      blockjob: Make block_job_pause_all() keep a reference to the jobs · 3d5d319e
      Alberto Garcia authored
      Starting from commit 40840e41 we are
      pausing all block jobs during bdrv_reopen_multiple() to prevent any of
      them from finishing and removing nodes from the graph while they are
      being reopened.
      
      It turns out that pausing a block job doesn't necessarily prevent it
      from finishing: a paused block job can still run its exit function
      from the main loop and call block_job_completed(). The mirror block
      job in particular always goes to the main loop while it is paused (by
      virtue of the bdrv_drained_begin() call in mirror_run()).
      
      Destroying a paused block job during bdrv_reopen_multiple() has two
      consequences:
      
         1) The references to the nodes involved in the job are released,
            possibly destroying some of them. If those nodes were in the
            reopen queue this would trigger the problem originally described
            in commit 40840e41, crashing QEMU.
      
         2) At the end of bdrv_reopen_multiple(), bdrv_drain_all_end() would
            not be doing all necessary bdrv_parent_drained_end() calls.
      
      I can reproduce problem 1) easily with iotest 030 by increasing
      STREAM_BUFFER_SIZE from 512KB to 8MB in block/stream.c, or by tweaking
      the iotest like in this example:
      
         https://lists.gnu.org/archive/html/qemu-block/2017-11/msg00934.html
      
      
      
      This patch keeps an additional reference to all block jobs between
      block_job_pause_all() and block_job_resume_all(), guaranteeing that
      they are kept alive.
      Signed-off-by: default avatarAlberto Garcia <berto@igalia.com>
      Signed-off-by: default avatarKevin Wolf <kwolf@redhat.com>
      3d5d319e
    • Peter Maydell's avatar
      Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging · e80a2561
      Peter Maydell authored
      
      
      pc, pci, virtio: fixes for rc3
      
      A bunch of fixes all over the place.
      Signed-off-by: default avatarMichael S. Tsirkin <mst@redhat.com>
      
      # gpg: Signature made Fri 01 Dec 2017 17:06:33 GMT
      # gpg:                using RSA key 0x281F0DB8D28D5469
      # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
      # gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"
      # Primary key fingerprint: 0270 606B 6F3C DF3D 0B17  0970 C350 3912 AFBE 8E67
      #      Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA  8A0D 281F 0DB8 D28D 5469
      
      * remotes/mst/tags/for_upstream:
        pc: fix crash on attempted cpu unplug
        virtio: check VirtQueue Vring object is set
        vhost: fix error check in vhost_verify_ring_mappings()
        dump-guest-memory.py: fix No symbol "vmcoreinfo_find"
        vhost: restore avail index from vring used index on disconnection
        virtio: Add queue interface to restore avail index from vring used index
        i386/msi: Correct mask of destination ID in MSI address
      Signed-off-by: default avatarPeter Maydell <peter.maydell@linaro.org>
      e80a2561
    • Peter Maydell's avatar
      Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.11-20171204' into staging · 495566ec
      Peter Maydell authored
      
      
      ppc patch queue 2017-12-04
      
      We are, alas, not yet to the bottom of ppc bugs.  This pull request
      fixes several more.  I believe they're important enough to include in
      2.11. despite the late date.
      
      # gpg: Signature made Mon 04 Dec 2017 03:40:56 GMT
      # gpg:                using RSA key 0x6C38CACA20D9B392
      # gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>"
      # gpg:                 aka "David Gibson (Red Hat) <dgibson@redhat.com>"
      # gpg:                 aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>"
      # gpg:                 aka "David Gibson (kernel.org) <dwg@kernel.org>"
      # Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 B392
      
      * remotes/dgibson/tags/ppc-for-2.11-20171204:
        spapr: Include "pre-plugged" DIMMS in ram size calculation at reset
        target-ppc: Don't invalidate non-supported msr bits
        pseries: fix TCG migration
      Signed-off-by: default avatarPeter Maydell <peter.maydell@linaro.org>
      495566ec
    • David Gibson's avatar
      spapr: Include "pre-plugged" DIMMS in ram size calculation at reset · 768a20f3
      David Gibson authored
      
      
      At guest reset time, we allocate a hash page table (HPT) for the guest
      based on the guest's RAM size.  If dynamic HPT resizing is not available we
      use the maximum RAM size, if it is we use the current RAM size.
      
      But the "current RAM size" calculation is incorrect - we just use the
      "base" ram_size from the machine structure.  This doesn't include any
      pluggable DIMMs that are already plugged at reset time.
      
      This means that if you try to start a 'pseries' machine with a DIMM
      specified on the command line that's much larger than the "base" RAM size,
      then the guest will get a woefully inadequate HPT.  This can lead to a
      guest freeze during boot as it runs out of HPT space during initial MMU
      setup.
      Signed-off-by: default avatarDavid Gibson <david@gibson.dropbear.id.au>
      Reviewed-by: default avatarGreg Kurz <groug@kaod.org>
      Tested-by: default avatarGreg Kurz <groug@kaod.org>
      768a20f3
  6. 01 Dec, 2017 7 commits
  7. 30 Nov, 2017 2 commits
    • Kurban Mallachiev's avatar
      target-ppc: Don't invalidate non-supported msr bits · be1b21e8
      Kurban Mallachiev authored
      
      
      The msr invalidation code (commits 993eb and 2360b) inverts all
      bits except MSR_TGPR and MSR_HVB. On non PowerPC 601 processors
      this leads to incorrect change of excp_prefix in hreg_store_msr()
      function. The problem is that new msr value get multiplied by msr_mask
      and inverted msr does not, thus values of MSR_EP bit in new msr value
      and inverted msr are distinct, so that excp_prefix changes but should
      not.
      Signed-off-by: default avatarKurban Mallachiev <mallachiev@ispras.ru>
      Signed-off-by: default avatarDavid Gibson <david@gibson.dropbear.id.au>
      be1b21e8
    • Laurent Vivier's avatar
      pseries: fix TCG migration · 0c86b2df
      Laurent Vivier authored
      Migration of pseries is broken with TCG because
      QEMU tries to restore KVM MMU state unconditionally.
      
      The result is a SIGSEGV in kvm_vm_ioctl():
      
        #0  kvm_vm_ioctl (s=0x0, type=-2146390353)
            at qemu/accel/kvm/kvm-all.c:2032
        #1  0x00000001003e3e2c in kvmppc_configure_v3_mmu (cpu=<optimized out>,
            radix=<optimized out>, gtse=<optimized out>, proc_tbl=<optimized out>)
            at qemu/target/ppc/kvm.c:396
        #2  0x00000001002f8b88 in spapr_post_load (opaque=0x1019103c0,
            version_id=<optimized out>) at qemu/hw/ppc/spapr.c:1578
        #3  0x000000010059e4cc in vmstate_load_state (f=0x106230000,
            vmsd=0x1009479e0 <vmstate_spapr>, opaque=0x1019103c0,
            version_id=<optimized out>) at qemu/migration/vmstate.c:165
        #4  0x00000001005987e0 in vmstate_load (f=<optimized out>, se=<optimized out>)
            at qemu/migration/savevm.c:748
      
      This patch fixes the problem by not calling the KVM function with the
      TCG mode.
      
      Fixes: d39c90f5
      
       ("spapr: Fix migration of Radix guests")
      Signed-off-by: default avatarLaurent Vivier <lvivier@redhat.com>
      Reviewed-by: default avatarSuraj Jitindar Singh <sjitindarsingh@gmail.com>
      Signed-off-by: default avatarDavid Gibson <david@gibson.dropbear.id.au>
      0c86b2df
  8. 29 Nov, 2017 8 commits