qemu-commits
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-commits] [qemu/qemu] cd723b: scsi-disk: Cleaning up around tray op


From: GitHub
Subject: [Qemu-commits] [qemu/qemu] cd723b: scsi-disk: Cleaning up around tray open state
Date: Thu, 15 Sep 2016 11:30:12 -0700

  Branch: refs/heads/master
  Home:   https://github.com/qemu/qemu
  Commit: cd723b85601baa7a0eeffbac83421357a70d81ee
      
https://github.com/qemu/qemu/commit/cd723b85601baa7a0eeffbac83421357a70d81ee
  Author: Fam Zheng <address@hidden>
  Date:   2016-09-14 (Wed, 14 Sep 2016)

  Changed paths:
    M hw/scsi/scsi-disk.c

  Log Message:
  -----------
  scsi-disk: Cleaning up around tray open state

Even if tray is not open, it can be empty (blk_is_inserted() == false).
Handle both cases correctly by replacing the s->tray_open checks with
blk_is_available(), which is an AND of the two.

Also simplify successive checks of them into blk_is_available(), in a
couple cases.

Signed-off-by: Fam Zheng <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: 2a2d69f490c1b1dc6b6d2aef385ee7b654497a77
      
https://github.com/qemu/qemu/commit/2a2d69f490c1b1dc6b6d2aef385ee7b654497a77
  Author: Fam Zheng <address@hidden>
  Date:   2016-09-14 (Wed, 14 Sep 2016)

  Changed paths:
    M hw/scsi/virtio-scsi.c

  Log Message:
  -----------
  virtio-scsi: Don't abort when media is ejected

With an ejected block backend, blk_get_aio_context() would return
qemu_aio_context. In this case don't assert.

Signed-off-by: Fam Zheng <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: 670e56d3ed2918b3861d9216f2c0540d9e9ae0d5
      
https://github.com/qemu/qemu/commit/670e56d3ed2918b3861d9216f2c0540d9e9ae0d5
  Author: Li Qiang <address@hidden>
  Date:   2016-09-14 (Wed, 14 Sep 2016)

  Changed paths:
    M hw/scsi/mptsas.c

  Log Message:
  -----------
  scsi: mptsas: use g_new0 to allocate MPTSASRequest object

When processing IO request in mptsas, it uses g_new to allocate
a 'req' object. If an error occurs before 'req->sreq' is
allocated, It could lead to an OOB write in mptsas_free_request
function. Use g_new0 to avoid it.

Reported-by: Li Qiang <address@hidden>
Signed-off-by: Prasad J Pandit <address@hidden>
Message-Id: <address@hidden>
Cc: address@hidden
Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: d9911d14e01f5e97c6ac1fe681ef15334250d149
      
https://github.com/qemu/qemu/commit/d9911d14e01f5e97c6ac1fe681ef15334250d149
  Author: Richard Henderson <address@hidden>
  Date:   2016-09-14 (Wed, 14 Sep 2016)

  Changed paths:
    M util/bufferiszero.c

  Log Message:
  -----------
  cutils: Rewrite x86 buffer zero checking

Handle alignment of buffers, so that the vector paths
can be used more often.

Signed-off-by: Richard Henderson <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: 883e4f7624e10b98d16d9adaffb8b1795664d899
      
https://github.com/qemu/qemu/commit/883e4f7624e10b98d16d9adaffb8b1795664d899
  Author: Marc-André Lureau <address@hidden>
  Date:   2016-09-14 (Wed, 14 Sep 2016)

  Changed paths:
    M net/socket.c

  Log Message:
  -----------
  Change net/socket.c to use socket_*() functions

Use socket_*() functions from include/qemu/sockets.h instead of
listen()/bind()/connect()/parse_host_port(). socket_*() fucntions are
QAPI based and this patch  performs this api conversion since
everything will be using QAPI based sockets in the future. Also add a
helper function socket_address_to_string() in util/qemu-sockets.c
which returns the string representation of socket address. The task was
listed on http://wiki.qemu.org/BiteSizedTasks page.

Signed-off-by: Ashijeet Acharya <address@hidden>
Signed-off-by: Marc-André Lureau <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: 58268c8d3d051f7fe329dcd42a9284cb4e3b3e31
      
https://github.com/qemu/qemu/commit/58268c8d3d051f7fe329dcd42a9284cb4e3b3e31
  Author: Paolo Bonzini <address@hidden>
  Date:   2016-09-14 (Wed, 14 Sep 2016)

  Changed paths:
    M memory.c

  Log Message:
  -----------
  memory: remove memory_region_destructor_rom_device

It is equivalent to memory_region_destructor_ram, use that one.

Reviewed-by: Igor Mammedov <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: d251157ac1928191af851d199a9ff255d330bec9
      
https://github.com/qemu/qemu/commit/d251157ac1928191af851d199a9ff255d330bec9
  Author: Prasad J Pandit <address@hidden>
  Date:   2016-09-14 (Wed, 14 Sep 2016)

  Changed paths:
    M hw/scsi/vmw_pvscsi.c

  Log Message:
  -----------
  scsi: pvscsi: limit process IO loop to ring size

Vmware Paravirtual SCSI emulator while processing IO requests
could run into an infinite loop if 'pvscsi_ring_pop_req_descr'
always returned positive value. Limit IO loop to the ring size.

Cc: address@hidden
Reported-by: Li Qiang <address@hidden>
Signed-off-by: Prasad J Pandit <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: bb93e099888e8e7e959aa610ac783f41036bcc94
      
https://github.com/qemu/qemu/commit/bb93e099888e8e7e959aa610ac783f41036bcc94
  Author: Wanpeng Li <address@hidden>
  Date:   2016-09-14 (Wed, 14 Sep 2016)

  Changed paths:
    M hw/i386/pc.c

  Log Message:
  -----------
  pc: apic: fix touch LAPIC when irqchip is split

Add -kernel_irqchip=split
./x86-run x86/eventinj.flat

qemu-system-x86_64 -enable-kvm -machine kernel_irqchip=split -cpu host
-device pc-testdev -device isa-debug-exit,iobase=0xf4,iosize=0x4 -vnc
none -serial stdio -device pci-testdev -kernel x86/eventinj.flat
enabling apic
paging enabled
cr0 = 80010011
cr3 = 7fff000
cr4 = 20
Sending vec 33 and 62 and mask one with TPR
irq1 running
irq1 running
After 33/62 TPR test
FAIL: TPR
irq0 running
irq0 running

Both irq1 and irq0 are executing twice.

kvm_entry: vcpu 0
kvm_exit: reason MSR_WRITE rip 0x401f33 info 0 0
kvm_apic: apic_write APIC_EOI = 0x0
kvm_eoi: apicid 0 vector 62
kvm_msr: msr_write 80b = 0x0
kvm_entry: vcpu 0
kvm_exit: reason PENDING_INTERRUPT rip 0x401f35 info 0 0
kvm_userspace_exit: reason KVM_EXIT_IRQ_WINDOW_OPEN (7)
kvm_inj_virq: irq 62
kvm_entry: vcpu 0
kvm_exit: reason IO_INSTRUCTION rip 0x4016ec info 3fd0008 0

>From the trace we can see there is an interrupt window exit
after the first interrupt EOI(irq 62), and the same irq(62)
is injected duplicately after the interrupt window.

QEMU does KVM_INTERRUPT(62) ioctl after KVM exits with
KVM_EXIT_IRQ_WINDOW_OPEN, which QEMU requested while the
guest was printing.  The printing calls

serial_update_irq() -> qemu_irq_lower() -> qemu_set_irq() ->
gsi_handler() -> qemu_set_irq() -> pic_irq_request() ->
apic_deliver_pic_intr() -> kvm_handle_interrupt()

kvm_handle_interrupt() does

        interrupt_request |= CPU_INTERRUPT_HARD

which later calls cpu_get_pic_interrupt() in kvm_arch_pre_run(),
but that function uses stale information from APIC and injects
62 again. If we synchronized the APIC, then the test would #GP,
because there would be no injectable interrupt in LAPIC or PIC,
so pic_read_irq() would return 15, thinking it was spurious.

This patch fix it by don't touch LAPIC if LAPIC is in kernel.

Suggested-by: Paolo Bonzini <address@hidden>
Suggested-by: Radim Krčmář <address@hidden>
Cc: address@hidden
Cc: Paolo Bonzini <address@hidden>
Cc: Radim Krčmář <address@hidden>
Cc: Michael S. Tsirkin <address@hidden>
Cc: Eduardo Habkost <address@hidden>
Signed-off-by: Wanpeng Li <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: 7616f1c2da1c0f336a474a56ad6d32e15ccd666e
      
https://github.com/qemu/qemu/commit/7616f1c2da1c0f336a474a56ad6d32e15ccd666e
  Author: Paolo Bonzini <address@hidden>
  Date:   2016-09-14 (Wed, 14 Sep 2016)

  Changed paths:
    M target-i386/cpu.h

  Log Message:
  -----------
  target-i386: fix ordering of fields in CPUX86State

Make sure reset zeroes TSC_AUX, XCR0, PKRU.  Move XSTATE_BV from the
"vmstate only" section to the "KVM only" section.

Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: b8da57fa1537347f54a0864c61a68b14b02ce911
      
https://github.com/qemu/qemu/commit/b8da57fa1537347f54a0864c61a68b14b02ce911
  Author: Wei Jiangang <address@hidden>
  Date:   2016-09-14 (Wed, 14 Sep 2016)

  Changed paths:
    M linux-user/elfload.c

  Log Message:
  -----------
  linux-user: complete omission of removing uses of strdup

The 900cfbc just removed two unchecked uses of strdup
in fill_psinfo and missed the rest in core_dump_filename.
This patch fixes it.

Signed-off-by: Wei Jiangang <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: 0d8e065fc5f72462a4664cea501d45e508c5755c
      
https://github.com/qemu/qemu/commit/0d8e065fc5f72462a4664cea501d45e508c5755c
  Author: Marc-André Lureau <address@hidden>
  Date:   2016-09-14 (Wed, 14 Sep 2016)

  Changed paths:
    M Makefile

  Log Message:
  -----------
  build-sys: add make 'help' target

Add a make 'help', to print a summary of the main Makefile targets.
The format is loosely inspired by Linux make 'help' output.

Signed-off-by: Marc-André Lureau <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: 71200fb9664c2967a1cdd22b68b0da3a8b2b3eb7
      
https://github.com/qemu/qemu/commit/71200fb9664c2967a1cdd22b68b0da3a8b2b3eb7
  Author: Lin Ma <address@hidden>
  Date:   2016-09-14 (Wed, 14 Sep 2016)

  Changed paths:
    M backends/msmouse.c
    M qemu-char.c

  Log Message:
  -----------
  qemu-char: avoid segfault if user lacks of permisson of a given logfile

Function qemu_chr_alloc returns NULL if it failed to open logfile by any reason,
says no write permission. For backends tty, stdio and msmouse, They need to
check this return value to avoid segfault in this case.

Signed-off-by: Lin Ma <address@hidden>
Cc: qemu-stable <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: 89d0a64f496fb4248885ebf75216c49337951540
      
https://github.com/qemu/qemu/commit/89d0a64f496fb4248885ebf75216c49337951540
  Author: Daniel P. Berrange <address@hidden>
  Date:   2016-09-14 (Wed, 14 Sep 2016)

  Changed paths:
    M util/log.c

  Log Message:
  -----------
  log: fix parsing of multiple trace:PATTERN log args

If giving QEMU a log arg which asks to enable multiple
different trace event patterns such as

  $QEMU -d trace:qio*,trace:qcrypto*

the parser will then invoke

  trace_enable_events("qio*,trace:qcrypto*")
  trace_enable_events("qcrypto*")

as when finding a 'trace:' prefix, it is not clever
enough to strip anything after the next comma. As
a result only the last 'trace:' match ever works.

Rather than trying to be more clever with parsing the
command line arg in place, simplify the code by
using g_strsplit to break it into individual strings
on ','. These resulting pieces can be directly used
without worrying about trailing data from the next
option.

Signed-off-by: Daniel P. Berrange <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: 885b7c44e4f8b7a012a92770a0dba8b238662caa
      
https://github.com/qemu/qemu/commit/885b7c44e4f8b7a012a92770a0dba8b238662caa
  Author: Stanislav Shmarov <address@hidden>
  Date:   2016-09-14 (Wed, 14 Sep 2016)

  Changed paths:
    M target-i386/seg_helper.c

  Log Message:
  -----------
  target-i386: Fixed syscall posssible segfault

In user-mode emulation env->idt.base memory is
allocated in linux-user/main.c with
size 8*512 = 4096 (for 64-bit).
When fake interrupt EXCP_SYSCALL is thrown
do_interrupt_user checks destination privilege level
for this fake exception, and tries to read 4 bytes
at address base + (256 * 2^4)=4096, that causes
segfault.

Privlege level was checked only for int's, so lets
read dpl from memory only for this case.

Signed-off-by: Stanislav Shmarov <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: 927d5a1d98ff9177ec29e883c5361e0d247291d8
      
https://github.com/qemu/qemu/commit/927d5a1d98ff9177ec29e883c5361e0d247291d8
  Author: Wanpeng Li <address@hidden>
  Date:   2016-09-15 (Thu, 15 Sep 2016)

  Changed paths:
    M hw/intc/apic.c

  Log Message:
  -----------
  pc: apic: introduce APIC macro

Introduce a new APIC macro to replace APIC_COMMON macro in
hw/intc/apic.c in order to capture access LAPIC in qemu
even if LAPIC is emulated in kvm.

Suggested-by: Paolo Bonzini <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Cc: Paolo Bonzini <address@hidden>
Cc: Radim Krčmář <address@hidden>
Cc: Michael S. Tsirkin <address@hidden>
Cc: Eduardo Habkost <address@hidden>
Signed-off-by: Wanpeng Li <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: 46f5feaa0ac24c0dbe6e0d04d0b11ee1df7c3bfd
      
https://github.com/qemu/qemu/commit/46f5feaa0ac24c0dbe6e0d04d0b11ee1df7c3bfd
  Author: Pavel Dovgalyuk <address@hidden>
  Date:   2016-09-15 (Thu, 15 Sep 2016)

  Changed paths:
    M hw/i386/kvmvapic.c

  Log Message:
  -----------
  kvmvapic: fix state change handler

This patch fixes kvmvapic state change handler.
It clears vmsentry field to allow recreating it
at further vmstate loads.

Signed-off-by: Pavel Dovgalyuk <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: 39c88f56977f9ad2451444d70dd21d8189d74f99
      
https://github.com/qemu/qemu/commit/39c88f56977f9ad2451444d70dd21d8189d74f99
  Author: Pavel Dovgalyuk <address@hidden>
  Date:   2016-09-15 (Thu, 15 Sep 2016)

  Changed paths:
    M hw/audio/pcspk.c

  Log Message:
  -----------
  pcspk: adding vmstate for save/restore

VMState added by this patch preserves correct
loading of the PC speaker device state.

Signed-off-by: Pavel Dovgalyuk <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: 5f473241ac595452ae0638dc63e7af2a2294f5ec
      
https://github.com/qemu/qemu/commit/5f473241ac595452ae0638dc63e7af2a2294f5ec
  Author: Peter Maydell <address@hidden>
  Date:   2016-09-15 (Thu, 15 Sep 2016)

  Changed paths:
    M Makefile
    M backends/msmouse.c
    M hw/audio/pcspk.c
    M hw/i386/kvmvapic.c
    M hw/i386/pc.c
    M hw/intc/apic.c
    M hw/scsi/mptsas.c
    M hw/scsi/scsi-disk.c
    M hw/scsi/virtio-scsi.c
    M hw/scsi/vmw_pvscsi.c
    M linux-user/elfload.c
    M memory.c
    M net/socket.c
    M qemu-char.c
    M target-i386/cpu.h
    M target-i386/seg_helper.c
    M util/bufferiszero.c
    M util/log.c

  Log Message:
  -----------
  Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

* Support multiple -d trace:PATTERN arguments (Daniel)
* SCSI cleanups/fixes for removable meia (Fam)
* SCSI security fixes (Li Qiang, PJP)
* qemu-char segfault fix (Lin Ma)
* "make help" and qemu-socket cleanups (Marc-André)
* end of the buffer_is_zero reword (Richard)
* Fix target-i386 syscall segfault (Stanislav)
* split irqchip fix/robustification (Wanpeng)
* misc cleanups (me, Jiangang)
* x86 vmstate fixes (Pavel)

# gpg: Signature made Thu 15 Sep 2016 14:11:35 BST
# gpg:                using RSA key 0xBFFBD25F78C7AE83
# gpg: Good signature from "Paolo Bonzini <address@hidden>"
# gpg:                 aka "Paolo Bonzini <address@hidden>"
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream:
  pcspk: adding vmstate for save/restore
  kvmvapic: fix state change handler
  pc: apic: introduce APIC macro
  target-i386: Fixed syscall posssible segfault
  log: fix parsing of multiple trace:PATTERN log args
  qemu-char: avoid segfault if user lacks of permisson of a given logfile
  build-sys: add make 'help' target
  linux-user: complete omission of removing uses of strdup
  target-i386: fix ordering of fields in CPUX86State
  pc: apic: fix touch LAPIC when irqchip is split
  scsi: pvscsi: limit process IO loop to ring size
  memory: remove memory_region_destructor_rom_device
  Change net/socket.c to use socket_*() functions
  cutils: Rewrite x86 buffer zero checking
  scsi: mptsas: use g_new0 to allocate MPTSASRequest object
  virtio-scsi: Don't abort when media is ejected
  scsi-disk: Cleaning up around tray open state

Signed-off-by: Peter Maydell <address@hidden>


Compare: https://github.com/qemu/qemu/compare/518352b60199...5f473241ac59

reply via email to

[Prev in Thread] Current Thread [Next in Thread]