[Qemu-devel] Patch Round-up for stable 2.1.1, freeze on 2014-09-03

[Qemu-devel] Patch Round-up for stable 2.1.1, freeze on 2014-09-03

[Michael Roth]

Hi everyone,

The following new patches are queued for QEMU stable v2.1.1:

  https://github.com/mdroth/qemu/commits/stable-2.1-staging

The release is planned for 2014-09-08:

  http://wiki.qemu.org/Planning/2.1

Please respond here or CC qemu-stable@nongnu.org on any patches you
think should be included in the release.

Testing/feedback is greatly appreciated.

Thanks!

----------------------------------------------------------------
Alex Williamson (1):
      vfio: Fix MSI-X vector expansion

Ben Draper (1):
      vmxnet3: Pad short frames to minimum size (60 bytes)

Christoffer Dall (2):
      target-arm: Rename QEMU PSCI v0.1 definitions
      arm/virt: Use PSCI v0.2 function IDs in the DT when KVM uses PSCI v0.2

Fam Zheng (1):
      blkdebug: Delete BH in bdrv_aio_cancel

Gonglei (1):
      pcihp: fix possible array out of bounds

Hu Tao (3):
      hw:i386: typo fix: MEMORY_HOPTLUG_DEVICE -> MEMORY_HOTPLUG_DEVICE
      pc-dimm: validate node property
      numa: show hex number in error message for consistency and prefix them with 0x

Jan Kiszka (1):
      pci: Use bus master address space for delivering MSI/MSI-X messages

Michael S. Tsirkin (4):
      pc-dimm: fix up error message
      acpi: align RSDP
      hostmem: set MPOL_MF_MOVE
      pc: reserve more memory for ACPI for new machine types

Michael Tokarev (2):
      l2tpv3 (configure): it is linux-specific
      ide: only constrain read/write requests to drive size, not other types

Peter Lieven (1):
      block/iscsi: fix memory corruption on iscsi resize

Peter Maydell (1):
      target-arm: Fix return address for A64 BRK instructions

Stefan Hajnoczi (6):
      qmp: hide "hotplugged" device property from device-list-properties
      qdev-monitor: include QOM properties in -device FOO, help output
      raw-posix: fix O_DIRECT short reads
      qemu-iotests: add test case 101 for short file I/O
      thread-pool: avoid per-thread-pool EventNotifier
      thread-pool: avoid deadlock in nested aio_poll() calls

zhanghailiang (1):
      virtio-blk: fix reference a pointer which might be freed

 backends/hostmem.c              |  2 +-
 block/blkdebug.c                |  4 +++
 block/iscsi.c                   |  3 ++-
 block/raw-posix.c               |  9 +++++++
 configure                       |  1 +
 hw/acpi/pcihp.c                 |  2 +-
 hw/arm/virt.c                   | 31 ++++++++++++++++++----
 hw/block/virtio-blk.c           |  3 ++-
 hw/i386/acpi-build.c            |  2 +-
 hw/i386/acpi-dsdt.dsl           |  4 +--
 hw/i386/acpi-dsdt.hex.generated |  8 +++---
 hw/i386/pc.c                    | 12 ++++++---
 hw/i386/pc_piix.c               |  1 +
 hw/i386/pc_q35.c                |  1 +
 hw/i386/q35-acpi-dsdt.dsl       |  4 +--
 hw/i386/ssdt-mem.dsl            | 16 ++++++------
 hw/i386/ssdt-misc.dsl           |  2 +-
 hw/ide/core.c                   |  3 ++-
 hw/mem/pc-dimm.c                |  6 +++++
 hw/misc/vfio.c                  | 38 ++++++++++++++++++++-------
 hw/net/vmxnet3.c                | 10 +++++++
 hw/pci/msi.c                    |  2 +-
 hw/pci/msix.c                   |  2 +-
 include/hw/acpi/pc-hotplug.h    |  2 +-
 include/hw/i386/pc.h            |  2 ++
 numa.c                          |  4 +--
 qdev-monitor.c                  | 40 ++++++++++++----------------
 qmp.c                           |  1 +
 target-arm/kvm-consts.h         | 49 ++++++++++++++++++++++++++--------
 target-arm/translate-a64.c      |  2 +-
 tests/qemu-iotests/101          | 58 +++++++++++++++++++++++++++++++++++++++++
 tests/qemu-iotests/101.out      | 10 +++++++
 tests/qemu-iotests/group        |  1 +
 thread-pool.c                   | 27 ++++++++++---------
 34 files changed, 269 insertions(+), 93 deletions(-)
 create mode 100755 tests/qemu-iotests/101
 create mode 100644 tests/qemu-iotests/101.out

[Qemu-devel] [PATCH 01/25] qmp: hide "hotplugged" device property from device-list-properties

[Michael Roth]

From: Stefan Hajnoczi <stefanha@redhat.com>

The "hotplugged" device property was not reported before commit
f4eb32b590bf58c1c67570775eb78beb09964fad ("qmp: show QOM properties in
device-list-properties").  Fix this difference.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
(cherry picked from commit 4115dd6527fbdf49dbd1eba24ad68e0fae1e305a)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
 qmp.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/qmp.c b/qmp.c
index 0d2553a..c6767c4 100644
--- a/qmp.c
+++ b/qmp.c
@@ -509,6 +509,7 @@ DevicePropertyInfoList *qmp_device_list_properties(const char *typename,
         if (strcmp(prop->name, "type") == 0 ||
             strcmp(prop->name, "realized") == 0 ||
             strcmp(prop->name, "hotpluggable") == 0 ||
+            strcmp(prop->name, "hotplugged") == 0 ||
             strcmp(prop->name, "parent_bus") == 0) {
             continue;
         }
-- 
1.9.1

[Qemu-devel] [PATCH 02/25] qdev-monitor: include QOM properties in -device FOO, help output

[Michael Roth]

From: Stefan Hajnoczi <stefanha@redhat.com>

Update -device FOO,help to include QOM properties in addition to qdev
properties.  Devices are gradually adding more QOM properties that are
not reflected as qdev properties.

It is important to report all device properties since management tools
like libvirt use this information (and device-list-properties QMP) to
detect the presence of QEMU features.

This patch reuses the device-list-properties QMP machinery to avoid code
duplication.

Reported-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Tested-by: Cole Robinson <crobinso@redhat.com>
(cherry picked from commit ef523587da4f213ca17133a90402d0815ecf08ee)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
 qdev-monitor.c | 40 +++++++++++++++++-----------------------
 1 file changed, 17 insertions(+), 23 deletions(-)

diff --git a/qdev-monitor.c b/qdev-monitor.c
index f87f3d8..5fe5e75 100644
--- a/qdev-monitor.c
+++ b/qdev-monitor.c
@@ -182,9 +182,10 @@ static const char *find_typename_by_alias(const char *alias)
 
 int qdev_device_help(QemuOpts *opts)
 {
+    Error *local_err = NULL;
     const char *driver;
-    Property *prop;
-    ObjectClass *klass;
+    DevicePropertyInfoList *prop_list;
+    DevicePropertyInfoList *prop;
 
     driver = qemu_opt_get(opts, "driver");
     if (driver && is_help_option(driver)) {
@@ -196,35 +197,28 @@ int qdev_device_help(QemuOpts *opts)
         return 0;
     }
 
-    klass = object_class_by_name(driver);
-    if (!klass) {
+    if (!object_class_by_name(driver)) {
         const char *typename = find_typename_by_alias(driver);
 
         if (typename) {
             driver = typename;
-            klass = object_class_by_name(driver);
         }
     }
 
-    if (!object_class_dynamic_cast(klass, TYPE_DEVICE)) {
-        return 0;
+    prop_list = qmp_device_list_properties(driver, &local_err);
+    if (!prop_list) {
+        error_printf("%s\n", error_get_pretty(local_err));
+        error_free(local_err);
+        return 1;
     }
-    do {
-        for (prop = DEVICE_CLASS(klass)->props; prop && prop->name; prop++) {
-            /*
-             * TODO Properties without a parser are just for dirty hacks.
-             * qdev_prop_ptr is the only such PropertyInfo.  It's marked
-             * for removal.  This conditional should be removed along with
-             * it.
-             */
-            if (!prop->info->set) {
-                continue;           /* no way to set it, don't show */
-            }
-            error_printf("%s.%s=%s\n", driver, prop->name,
-                         prop->info->legacy_name ?: prop->info->name);
-        }
-        klass = object_class_get_parent(klass);
-    } while (klass != object_class_by_name(TYPE_DEVICE));
+
+    for (prop = prop_list; prop; prop = prop->next) {
+        error_printf("%s.%s=%s\n", driver,
+                     prop->value->name,
+                     prop->value->type);
+    }
+
+    qapi_free_DevicePropertyInfoList(prop_list);
     return 1;
 }
 
-- 
1.9.1

[Qemu-devel] [PATCH 03/25] vfio: Fix MSI-X vector expansion

[Michael Roth]

From: Alex Williamson <alex.williamson@redhat.com>

When new MSI-X vectors are enabled we need to disable MSI-X and
re-enable it with the correct number of vectors.  That means we need
to reprogram the eventfd triggers for each vector.  Prior to f4d45d47
vector->use tracked whether a vector was masked or unmasked and we
could always pick the KVM path when available for unmasked vectors.
Now vfio doesn't track mask state itself and vector->use and virq
remains configured even for masked vectors.  Therefore we need to ask
the MSI-X code whether a vector is masked in order to select the
correct signaling path.  As noted in the comment, MSI relies on
hardware to handle masking.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Cc: qemu-stable@nongnu.org # QEMU 2.1
(cherry picked from commit c048be5cc92ae201c339d46984476c4629275ed6)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
 hw/misc/vfio.c | 38 +++++++++++++++++++++++++++++---------
 1 file changed, 29 insertions(+), 9 deletions(-)

diff --git a/hw/misc/vfio.c b/hw/misc/vfio.c
index 0b9eba0..e88b610 100644
--- a/hw/misc/vfio.c
+++ b/hw/misc/vfio.c
@@ -120,11 +120,20 @@ typedef struct VFIOINTx {
 } VFIOINTx;
 
 typedef struct VFIOMSIVector {
-    EventNotifier interrupt; /* eventfd triggered on interrupt */
-    EventNotifier kvm_interrupt; /* eventfd triggered for KVM irqfd bypass */
+    /*
+     * Two interrupt paths are configured per vector.  The first, is only used
+     * for interrupts injected via QEMU.  This is typically the non-accel path,
+     * but may also be used when we want QEMU to handle masking and pending
+     * bits.  The KVM path bypasses QEMU and is therefore higher performance,
+     * but requires masking at the device.  virq is used to track the MSI route
+     * through KVM, thus kvm_interrupt is only available when virq is set to a
+     * valid (>= 0) value.
+     */
+    EventNotifier interrupt;
+    EventNotifier kvm_interrupt;
     struct VFIODevice *vdev; /* back pointer to device */
     MSIMessage msg; /* cache the MSI message so we know when it changes */
-    int virq; /* KVM irqchip route for QEMU bypass */
+    int virq;
     bool use;
 } VFIOMSIVector;
 
@@ -681,13 +690,24 @@ static int vfio_enable_vectors(VFIODevice *vdev, bool msix)
     fds = (int32_t *)&irq_set->data;
 
     for (i = 0; i < vdev->nr_vectors; i++) {
-        if (!vdev->msi_vectors[i].use) {
-            fds[i] = -1;
-        } else if (vdev->msi_vectors[i].virq >= 0) {
-            fds[i] = event_notifier_get_fd(&vdev->msi_vectors[i].kvm_interrupt);
-        } else {
-            fds[i] = event_notifier_get_fd(&vdev->msi_vectors[i].interrupt);
+        int fd = -1;
+
+        /*
+         * MSI vs MSI-X - The guest has direct access to MSI mask and pending
+         * bits, therefore we always use the KVM signaling path when setup.
+         * MSI-X mask and pending bits are emulated, so we want to use the
+         * KVM signaling path only when configured and unmasked.
+         */
+        if (vdev->msi_vectors[i].use) {
+            if (vdev->msi_vectors[i].virq < 0 ||
+                (msix && msix_is_masked(&vdev->pdev, i))) {
+                fd = event_notifier_get_fd(&vdev->msi_vectors[i].interrupt);
+            } else {
+                fd = event_notifier_get_fd(&vdev->msi_vectors[i].kvm_interrupt);
+            }
         }
+
+        fds[i] = fd;
     }
 
     ret = ioctl(vdev->fd, VFIO_DEVICE_SET_IRQS, irq_set);
-- 
1.9.1

[Qemu-devel] [PATCH 04/25] l2tpv3 (configure): it is linux-specific

[Michael Roth]

From: Michael Tokarev <mjt@tls.msk.ru>

Some non-linux systems, for example a system with
FreeBSD kernel and glibc, may declare struct mmsghdr
(in glibc) but may not have linux-specific header
file linux/ip.h.  The actual implementation in qemu
includes this linux-specific header file unconditionally,
so compilation fails if it is not present.  Include
this header in the configure test too.

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit bff6cb72961f1bd2c766efe85ff5850fd8d7e77d)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
 configure | 1 +
 1 file changed, 1 insertion(+)

diff --git a/configure b/configure
index f7685b5..f49e618 100755
--- a/configure
+++ b/configure
@@ -1723,6 +1723,7 @@ fi
 
 cat > $TMPC <<EOF
 #include <sys/socket.h>
+#include <linux/ip.h>
 int main(void) { return sizeof(struct mmsghdr); }
 EOF
 if compile_prog "" "" ; then
-- 
1.9.1

[Qemu-devel] [PATCH 05/25] ide: only constrain read/write requests to drive size, not other types

[Michael Roth]

From: Michael Tokarev <mjt@tls.msk.ru>

Commit 58ac321135a introduced a check to ide dma processing which
constrains all requests to drive size.  However, apparently, some
valid requests (like TRIM) does not fit in this constraint, and
fails in 2.1.  So check the range only for reads and writes.

Cc: qemu-stable@nongnu.org
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit d66168ed687325aa6d338ce3a3cff18ce3098ed6)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
 hw/ide/core.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/ide/core.c b/hw/ide/core.c
index db191a6..7256592 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -688,7 +688,8 @@ void ide_dma_cb(void *opaque, int ret)
            sector_num, n, s->dma_cmd);
 #endif
 
-    if (!ide_sect_range_ok(s, sector_num, n)) {
+    if ((s->dma_cmd == IDE_DMA_READ || s->dma_cmd == IDE_DMA_WRITE) &&
+        !ide_sect_range_ok(s, sector_num, n)) {
         dma_buf_commit(s);
         ide_dma_error(s);
         return;
-- 
1.9.1

[Qemu-devel] [PATCH 06/25] pci: Use bus master address space for delivering MSI/MSI-X messages

[Michael Roth]

From: Jan Kiszka <jan.kiszka@siemens.com>

The spec says (and real HW confirms this) that, if the bus master bit
is 0, the device will not generate any PCI accesses. MSI and MSI-X
messages fall among these, so we should use the corresponding address
space to deliver them. This will prevent delivery if bus master support
is disabled.

Cc: qemu-stable@nongnu.org
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit cc943c36faa192cd4b32af8fe5edb31894017d35)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
 hw/pci/msi.c  | 2 +-
 hw/pci/msix.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/pci/msi.c b/hw/pci/msi.c
index a4a3040..52d2313 100644
--- a/hw/pci/msi.c
+++ b/hw/pci/msi.c
@@ -291,7 +291,7 @@ void msi_notify(PCIDevice *dev, unsigned int vector)
                    "notify vector 0x%x"
                    " address: 0x%"PRIx64" data: 0x%"PRIx32"\n",
                    vector, msg.address, msg.data);
-    stl_le_phys(&address_space_memory, msg.address, msg.data);
+    stl_le_phys(&dev->bus_master_as, msg.address, msg.data);
 }
 
 /* Normally called by pci_default_write_config(). */
diff --git a/hw/pci/msix.c b/hw/pci/msix.c
index 5c49bfc..20ae476 100644
--- a/hw/pci/msix.c
+++ b/hw/pci/msix.c
@@ -439,7 +439,7 @@ void msix_notify(PCIDevice *dev, unsigned vector)
 
     msg = msix_get_message(dev, vector);
 
-    stl_le_phys(&address_space_memory, msg.address, msg.data);
+    stl_le_phys(&dev->bus_master_as, msg.address, msg.data);
 }
 
 void msix_reset(PCIDevice *dev)
-- 
1.9.1

[Qemu-devel] [PATCH 07/25] hw:i386: typo fix: MEMORY_HOPTLUG_DEVICE -> MEMORY_HOTPLUG_DEVICE

[Michael Roth]

From: Hu Tao <hutao@cn.fujitsu.com>

Cc: qemu-stable@nongnu.org
Signed-off-by: Hu Tao <hutao@cn.fujitsu.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 41d2f71376fe401a1fdb7deda023769207511790)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
 hw/i386/acpi-dsdt.dsl           |  4 ++--
 hw/i386/acpi-dsdt.hex.generated |  8 ++++----
 hw/i386/q35-acpi-dsdt.dsl       |  4 ++--
 hw/i386/ssdt-mem.dsl            | 16 ++++++++--------
 hw/i386/ssdt-misc.dsl           |  2 +-
 include/hw/acpi/pc-hotplug.h    |  2 +-
 6 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/hw/i386/acpi-dsdt.dsl b/hw/i386/acpi-dsdt.dsl
index 6ba0170..559f4b6 100644
--- a/hw/i386/acpi-dsdt.dsl
+++ b/hw/i386/acpi-dsdt.dsl
@@ -302,7 +302,7 @@ DefinitionBlock (
 /****************************************************************
  * General purpose events
  ****************************************************************/
-    External(\_SB.PCI0.MEMORY_HOPTLUG_DEVICE.MEMORY_SLOT_SCAN_METHOD, MethodObj)
+    External(\_SB.PCI0.MEMORY_HOTPLUG_DEVICE.MEMORY_SLOT_SCAN_METHOD, MethodObj)
 
     Scope(\_GPE) {
         Name(_HID, "ACPI0006")
@@ -321,7 +321,7 @@ DefinitionBlock (
         }
         Method(_E03) {
             // Memory hotplug event
-            \_SB.PCI0.MEMORY_HOPTLUG_DEVICE.MEMORY_SLOT_SCAN_METHOD()
+            \_SB.PCI0.MEMORY_HOTPLUG_DEVICE.MEMORY_SLOT_SCAN_METHOD()
         }
         Method(_L04) {
         }
diff --git a/hw/i386/acpi-dsdt.hex.generated b/hw/i386/acpi-dsdt.hex.generated
index 6c8a1fc..a21bf41 100644
--- a/hw/i386/acpi-dsdt.hex.generated
+++ b/hw/i386/acpi-dsdt.hex.generated
@@ -8,7 +8,7 @@ static unsigned char AcpiDsdtAmlCode[] = {
 0x0,
 0x0,
 0x1,
-0x2e,
+0x1f,
 0x42,
 0x58,
 0x50,
@@ -31,9 +31,9 @@ static unsigned char AcpiDsdtAmlCode[] = {
 0x4e,
 0x54,
 0x4c,
-0x13,
-0x9,
-0x12,
+0x28,
+0x5,
+0x10,
 0x20,
 0x10,
 0x49,
diff --git a/hw/i386/q35-acpi-dsdt.dsl b/hw/i386/q35-acpi-dsdt.dsl
index 8c3eae7..054b035 100644
--- a/hw/i386/q35-acpi-dsdt.dsl
+++ b/hw/i386/q35-acpi-dsdt.dsl
@@ -410,7 +410,7 @@ DefinitionBlock (
 /****************************************************************
  * General purpose events
  ****************************************************************/
-    External(\_SB.PCI0.MEMORY_HOPTLUG_DEVICE.MEMORY_SLOT_SCAN_METHOD, MethodObj)
+    External(\_SB.PCI0.MEMORY_HOTPLUG_DEVICE.MEMORY_SLOT_SCAN_METHOD, MethodObj)
 
     Scope(\_GPE) {
         Name(_HID, "ACPI0006")
@@ -425,7 +425,7 @@ DefinitionBlock (
         }
         Method(_E03) {
             // Memory hotplug event
-            \_SB.PCI0.MEMORY_HOPTLUG_DEVICE.MEMORY_SLOT_SCAN_METHOD()
+            \_SB.PCI0.MEMORY_HOTPLUG_DEVICE.MEMORY_SLOT_SCAN_METHOD()
         }
         Method(_L04) {
         }
diff --git a/hw/i386/ssdt-mem.dsl b/hw/i386/ssdt-mem.dsl
index 8e17bd1..22ff5dd 100644
--- a/hw/i386/ssdt-mem.dsl
+++ b/hw/i386/ssdt-mem.dsl
@@ -39,10 +39,10 @@ ACPI_EXTRACT_ALL_CODE ssdm_mem_aml
 DefinitionBlock ("ssdt-mem.aml", "SSDT", 0x02, "BXPC", "CSSDT", 0x1)
 {
 
-    External(\_SB.PCI0.MEMORY_HOPTLUG_DEVICE.MEMORY_SLOT_CRS_METHOD, MethodObj)
-    External(\_SB.PCI0.MEMORY_HOPTLUG_DEVICE.MEMORY_SLOT_STATUS_METHOD, MethodObj)
-    External(\_SB.PCI0.MEMORY_HOPTLUG_DEVICE.MEMORY_SLOT_OST_METHOD, MethodObj)
-    External(\_SB.PCI0.MEMORY_HOPTLUG_DEVICE.MEMORY_SLOT_PROXIMITY_METHOD, MethodObj)
+    External(\_SB.PCI0.MEMORY_HOTPLUG_DEVICE.MEMORY_SLOT_CRS_METHOD, MethodObj)
+    External(\_SB.PCI0.MEMORY_HOTPLUG_DEVICE.MEMORY_SLOT_STATUS_METHOD, MethodObj)
+    External(\_SB.PCI0.MEMORY_HOTPLUG_DEVICE.MEMORY_SLOT_OST_METHOD, MethodObj)
+    External(\_SB.PCI0.MEMORY_HOTPLUG_DEVICE.MEMORY_SLOT_PROXIMITY_METHOD, MethodObj)
 
     Scope(\_SB) {
 /*  v------------------ DO NOT EDIT ------------------v */
@@ -58,19 +58,19 @@ DefinitionBlock ("ssdt-mem.aml", "SSDT", 0x02, "BXPC", "CSSDT", 0x1)
             Name(_HID, EISAID("PNP0C80"))
 
             Method(_CRS, 0) {
-                Return(\_SB.PCI0.MEMORY_HOPTLUG_DEVICE.MEMORY_SLOT_CRS_METHOD(_UID))
+                Return(\_SB.PCI0.MEMORY_HOTPLUG_DEVICE.MEMORY_SLOT_CRS_METHOD(_UID))
             }
 
             Method(_STA, 0) {
-                Return(\_SB.PCI0.MEMORY_HOPTLUG_DEVICE.MEMORY_SLOT_STATUS_METHOD(_UID))
+                Return(\_SB.PCI0.MEMORY_HOTPLUG_DEVICE.MEMORY_SLOT_STATUS_METHOD(_UID))
             }
 
             Method(_PXM, 0) {
-                Return(\_SB.PCI0.MEMORY_HOPTLUG_DEVICE.MEMORY_SLOT_PROXIMITY_METHOD(_UID))
+                Return(\_SB.PCI0.MEMORY_HOTPLUG_DEVICE.MEMORY_SLOT_PROXIMITY_METHOD(_UID))
             }
 
             Method(_OST, 3) {
-                \_SB.PCI0.MEMORY_HOPTLUG_DEVICE.MEMORY_SLOT_OST_METHOD(_UID, Arg0, Arg1, Arg2)
+                \_SB.PCI0.MEMORY_HOTPLUG_DEVICE.MEMORY_SLOT_OST_METHOD(_UID, Arg0, Arg1, Arg2)
             }
         }
     }
diff --git a/hw/i386/ssdt-misc.dsl b/hw/i386/ssdt-misc.dsl
index d329b8b..0fd4480 100644
--- a/hw/i386/ssdt-misc.dsl
+++ b/hw/i386/ssdt-misc.dsl
@@ -120,7 +120,7 @@ DefinitionBlock ("ssdt-misc.aml", "SSDT", 0x01, "BXPC", "BXSSDTSUSP", 0x1)
 
     External(MEMORY_SLOT_NOTIFY_METHOD, MethodObj)
     Scope(\_SB.PCI0) {
-        Device(MEMORY_HOPTLUG_DEVICE) {
+        Device(MEMORY_HOTPLUG_DEVICE) {
             Name(_HID, "PNP0A06")
             Name(_UID, "Memory hotplug resources")
 
diff --git a/include/hw/acpi/pc-hotplug.h b/include/hw/acpi/pc-hotplug.h
index bf5157d..b9db295 100644
--- a/include/hw/acpi/pc-hotplug.h
+++ b/include/hw/acpi/pc-hotplug.h
@@ -32,7 +32,7 @@
 #define ACPI_MEMORY_HOTPLUG_IO_LEN 24
 #define ACPI_MEMORY_HOTPLUG_BASE 0x0a00
 
-#define MEMORY_HOPTLUG_DEVICE        MHPD
+#define MEMORY_HOTPLUG_DEVICE        MHPD
 #define MEMORY_SLOTS_NUMBER          MDNR
 #define MEMORY_HOTPLUG_IO_REGION     HPMR
 #define MEMORY_SLOT_ADDR_LOW         MRBL
-- 
1.9.1

[Qemu-devel] [PATCH 08/25] pc-dimm: validate node property

[Michael Roth]

From: Hu Tao <hutao@cn.fujitsu.com>

If user specifies a node number that exceeds the available numa nodes in
emulated system for pc-dimm device, the device will report an invalid _PXM
to OSPM. Fix this by checking the node property value.

Cc: qemu-stable@nongnu.org
Signed-off-by: Hu Tao <hutao@cn.fujitsu.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit cfe0ffd0272f1a6d34d27ac1a7072d1c42d33ad3)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
 hw/mem/pc-dimm.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/hw/mem/pc-dimm.c b/hw/mem/pc-dimm.c
index 08f49ed..92e276f 100644
--- a/hw/mem/pc-dimm.c
+++ b/hw/mem/pc-dimm.c
@@ -252,6 +252,11 @@ static void pc_dimm_realize(DeviceState *dev, Error **errp)
         error_setg(errp, "'" PC_DIMM_MEMDEV_PROP "' property is not set");
         return;
     }
+    if (dimm->node >= nb_numa_nodes) {
+        error_setg(errp, "'" PC_DIMM_NODE_PROP
+                   "' exceeds numa node number: %" PRId32, nb_numa_nodes);
+        return;
+    }
 }
 
 static MemoryRegion *pc_dimm_get_memory_region(PCDIMMDevice *dimm)
-- 
1.9.1

[Qemu-devel] [PATCH 09/25] pc-dimm: fix up error message

[Michael Roth]

From: "Michael S. Tsirkin" <mst@redhat.com>

- int should be printed using %d
- print actual wrong value for property

Cc: qemu-stable@nongnu.org
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 988eba0f681bd4f82e9e02998da8106f165ed82c)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
 hw/mem/pc-dimm.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/hw/mem/pc-dimm.c b/hw/mem/pc-dimm.c
index 92e276f..5bfc5b7 100644
--- a/hw/mem/pc-dimm.c
+++ b/hw/mem/pc-dimm.c
@@ -253,8 +253,9 @@ static void pc_dimm_realize(DeviceState *dev, Error **errp)
         return;
     }
     if (dimm->node >= nb_numa_nodes) {
-        error_setg(errp, "'" PC_DIMM_NODE_PROP
-                   "' exceeds numa node number: %" PRId32, nb_numa_nodes);
+        error_setg(errp, "'DIMM property " PC_DIMM_NODE_PROP " has value %"
+                   PRIu32 "' which exceeds the number of numa nodes: %d",
+                   dimm->node, nb_numa_nodes);
         return;
     }
 }
-- 
1.9.1

[Qemu-devel] [PATCH 10/25] numa: show hex number in error message for consistency and prefix them with 0x

[Michael Roth]

From: Hu Tao <hutao@cn.fujitsu.com>

The error messages before and after patch are:

before:
qemu-system-x86_64: total memory for NUMA nodes (134217728) should equal RAM size (20000000)

after:
qemu-system-x86_64: total memory for NUMA nodes (0x8000000) should equal RAM size (0x20000000)

Cc: qemu-stable@nongnu.org
Signed-off-by: Hu Tao <hutao@cn.fujitsu.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit c68233aee8ef47861b65f0d079c5b0b3816447e5)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
 numa.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/numa.c b/numa.c
index 7bf7834..c78cec9 100644
--- a/numa.c
+++ b/numa.c
@@ -210,8 +210,8 @@ void set_numa_nodes(void)
             numa_total += numa_info[i].node_mem;
         }
         if (numa_total != ram_size) {
-            error_report("total memory for NUMA nodes (%" PRIu64 ")"
-                         " should equal RAM size (" RAM_ADDR_FMT ")",
+            error_report("total memory for NUMA nodes (0x%" PRIx64 ")"
+                         " should equal RAM size (0x" RAM_ADDR_FMT ")",
                          numa_total, ram_size);
             exit(1);
         }
-- 
1.9.1

[Qemu-devel] [PATCH 11/25] acpi: align RSDP

[Michael Roth]

From: "Michael S. Tsirkin" <mst@redhat.com>

RSDP should be aligned at a 16-byte boundary.
This would by chance at the moment, fix up acpi build
to make it robust.

Cc: qemu-stable@nongnu.org
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit d67aadccfa0bd3330a7b8e7e0a1726117ba75cf1)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
 hw/i386/acpi-build.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index 816c6d9..10b84d0 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -1393,7 +1393,7 @@ build_rsdp(GArray *rsdp_table, GArray *linker, unsigned rsdt)
 {
     AcpiRsdpDescriptor *rsdp = acpi_data_push(rsdp_table, sizeof *rsdp);
 
-    bios_linker_loader_alloc(linker, ACPI_BUILD_RSDP_FILE, 1,
+    bios_linker_loader_alloc(linker, ACPI_BUILD_RSDP_FILE, 16,
                              true /* fseg memory */);
 
     memcpy(&rsdp->signature, "RSD PTR ", 8);
-- 
1.9.1

[Qemu-devel] [PATCH 12/25] virtio-blk: fix reference a pointer which might be freed

[Michael Roth]

From: zhanghailiang <zhang.zhanghailiang@huawei.com>

In function virtio_blk_handle_request, it may freed memory pointed by req,
So do not access member of req after calling this function.

Cc: qemu-stable@nongnu.org
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 1bdb176ac5add5dc9d54a230da7511b66851f1e7)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
 hw/block/virtio-blk.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c
index c241c50..0e3925b 100644
--- a/hw/block/virtio-blk.c
+++ b/hw/block/virtio-blk.c
@@ -469,8 +469,9 @@ static void virtio_blk_dma_restart_bh(void *opaque)
     s->rq = NULL;
 
     while (req) {
+        VirtIOBlockReq *next = req->next;
         virtio_blk_handle_request(req, &mrb);
-        req = req->next;
+        req = next;
     }
 
     virtio_submit_multiwrite(s->bs, &mrb);
-- 
1.9.1

[Qemu-devel] [PATCH 13/25] target-arm: Fix return address for A64 BRK instructions

[Michael Roth]

From: Peter Maydell <peter.maydell@linaro.org>

When we take an exception resulting from a BRK instruction,
the architecture requires that the "preferred return address"
reported to the exception handler is the address of the BRK
itself, not the following instruction (like undefined
insns, and in contrast with SVC, HVC and SMC). Follow this,
rather than incorrectly reporting the address of the following
insn.

(We do get this correct for the A32/T32 BKPT insns.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-stable@nongnu.org
(cherry picked from commit 229a138d740142885dd4e7063e25147d7f71fdef)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
 target-arm/translate-a64.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index 33b5025..fc319d5 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -1454,7 +1454,7 @@ static void disas_exc(DisasContext *s, uint32_t insn)
             break;
         }
         /* BRK */
-        gen_exception_insn(s, 0, EXCP_BKPT, syn_aa64_bkpt(imm16));
+        gen_exception_insn(s, 4, EXCP_BKPT, syn_aa64_bkpt(imm16));
         break;
     case 2:
         if (op2_ll != 0) {
-- 
1.9.1

[Qemu-devel] [PATCH 14/25] target-arm: Rename QEMU PSCI v0.1 definitions

[Michael Roth]

From: Christoffer Dall <christoffer.dall@linaro.org>

The function IDs for PSCI v0.1 are exported by KVM and defined as
KVM_PSCI_FN_<something>.  To build using these defines in non-KVM code,
QEMU defines these IDs locally and check their correctness against the
KVM headers when those are available.

However, the naming scheme used for QEMU (almost) clashes with the PSCI
v0.2 definitions from Linux so to avoid unfortunate naming when we
introduce local PSCI v0.2 defines, rename the current local defines with
QEMU_ prependend and clearly identify the PSCI version as v0.1 in the
defines.

Cc: qemu-stable@nongnu.org
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit a65c9c17cef16bcb98ec6cf4feb8676c1a2d1168)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
 hw/arm/virt.c           |  8 ++++----
 target-arm/kvm-consts.h | 22 +++++++++++-----------
 2 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 89532bd..a6fd5e6 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -204,10 +204,10 @@ static void fdt_add_psci_node(const VirtBoardInfo *vbi)
 
         qemu_fdt_setprop_string(fdt, "/psci", "method", "hvc");
         qemu_fdt_setprop_cell(fdt, "/psci", "cpu_suspend",
-                                  PSCI_FN_CPU_SUSPEND);
-        qemu_fdt_setprop_cell(fdt, "/psci", "cpu_off", PSCI_FN_CPU_OFF);
-        qemu_fdt_setprop_cell(fdt, "/psci", "cpu_on", PSCI_FN_CPU_ON);
-        qemu_fdt_setprop_cell(fdt, "/psci", "migrate", PSCI_FN_MIGRATE);
+                                  QEMU_PSCI_0_1_FN_CPU_SUSPEND);
+        qemu_fdt_setprop_cell(fdt, "/psci", "cpu_off", QEMU_PSCI_0_1_FN_CPU_OFF);
+        qemu_fdt_setprop_cell(fdt, "/psci", "cpu_on", QEMU_PSCI_0_1_FN_CPU_ON);
+        qemu_fdt_setprop_cell(fdt, "/psci", "migrate", QEMU_PSCI_0_1_FN_MIGRATE);
     }
 }
 
diff --git a/target-arm/kvm-consts.h b/target-arm/kvm-consts.h
index 6009a33..bcad7ba 100644
--- a/target-arm/kvm-consts.h
+++ b/target-arm/kvm-consts.h
@@ -38,17 +38,17 @@ MISMATCH_CHECK(CP_REG_SIZE_U64, KVM_REG_SIZE_U64)
 MISMATCH_CHECK(CP_REG_ARM, KVM_REG_ARM)
 MISMATCH_CHECK(CP_REG_ARCH_MASK, KVM_REG_ARCH_MASK)
 
-#define PSCI_FN_BASE 0x95c1ba5e
-#define PSCI_FN(n) (PSCI_FN_BASE + (n))
-#define PSCI_FN_CPU_SUSPEND PSCI_FN(0)
-#define PSCI_FN_CPU_OFF PSCI_FN(1)
-#define PSCI_FN_CPU_ON PSCI_FN(2)
-#define PSCI_FN_MIGRATE PSCI_FN(3)
-
-MISMATCH_CHECK(PSCI_FN_CPU_SUSPEND, KVM_PSCI_FN_CPU_SUSPEND)
-MISMATCH_CHECK(PSCI_FN_CPU_OFF, KVM_PSCI_FN_CPU_OFF)
-MISMATCH_CHECK(PSCI_FN_CPU_ON, KVM_PSCI_FN_CPU_ON)
-MISMATCH_CHECK(PSCI_FN_MIGRATE, KVM_PSCI_FN_MIGRATE)
+#define QEMU_PSCI_0_1_FN_BASE 0x95c1ba5e
+#define QEMU_PSCI_0_1_FN(n) (QEMU_PSCI_0_1_FN_BASE + (n))
+#define QEMU_PSCI_0_1_FN_CPU_SUSPEND QEMU_PSCI_0_1_FN(0)
+#define QEMU_PSCI_0_1_FN_CPU_OFF QEMU_PSCI_0_1_FN(1)
+#define QEMU_PSCI_0_1_FN_CPU_ON QEMU_PSCI_0_1_FN(2)
+#define QEMU_PSCI_0_1_FN_MIGRATE QEMU_PSCI_0_1_FN(3)
+
+MISMATCH_CHECK(QEMU_PSCI_0_1_FN_CPU_SUSPEND, KVM_PSCI_FN_CPU_SUSPEND)
+MISMATCH_CHECK(QEMU_PSCI_0_1_FN_CPU_OFF, KVM_PSCI_FN_CPU_OFF)
+MISMATCH_CHECK(QEMU_PSCI_0_1_FN_CPU_ON, KVM_PSCI_FN_CPU_ON)
+MISMATCH_CHECK(QEMU_PSCI_0_1_FN_MIGRATE, KVM_PSCI_FN_MIGRATE)
 
 /* Note that KVM uses overlapping values for AArch32 and AArch64
  * target CPU numbers. AArch32 targets:
-- 
1.9.1

[Qemu-devel] [PATCH 15/25] arm/virt: Use PSCI v0.2 function IDs in the DT when KVM uses PSCI v0.2

[Michael Roth]

From: Christoffer Dall <christoffer.dall@linaro.org>

The current code supplies the PSCI v0.1 function IDs in the DT even when
KVM uses PSCI v0.2.

This will break guest kernels that only support PSCI v0.1 as they will
use the IDs provided in the DT.  Guest kernels with PSCI v0.2 support
are not affected by this patch, because they ignore the function IDs in
the device tree and rely on the architecture definition.

Define QEMU versions of the constants and check that they correspond to
the Linux defines on Linux build hosts.  After this patch, both guest
kernels with PSCI v0.1 support and guest kernels with PSCI v0.2 should
work.

Tested on TC2 for 32-bit and APM Mustang for 64-bit (aarch64 guest
only).  Both cases tested with 3.14 and linus/master and verified I
could bring up 2 cpus with both guest kernels.  Also tested 32-bit with
a 3.14 host kernel with only PSCI v0.1 and both guests booted here as
well.

Cc: qemu-stable@nongnu.org
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 863714ba6cdc09d1a84069815dc67c8da66b0a29)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
 hw/arm/virt.c           | 31 ++++++++++++++++++++++++++-----
 target-arm/kvm-consts.h | 27 +++++++++++++++++++++++++++
 2 files changed, 53 insertions(+), 5 deletions(-)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index a6fd5e6..c8fdac4 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -194,20 +194,41 @@ static void fdt_add_psci_node(const VirtBoardInfo *vbi)
 
     /* No PSCI for TCG yet */
     if (kvm_enabled()) {
+        uint32_t cpu_suspend_fn;
+        uint32_t cpu_off_fn;
+        uint32_t cpu_on_fn;
+        uint32_t migrate_fn;
+
         qemu_fdt_add_subnode(fdt, "/psci");
         if (armcpu->psci_version == 2) {
             const char comp[] = "arm,psci-0.2\0arm,psci";
             qemu_fdt_setprop(fdt, "/psci", "compatible", comp, sizeof(comp));
+
+            cpu_off_fn = QEMU_PSCI_0_2_FN_CPU_OFF;
+            if (arm_feature(&armcpu->env, ARM_FEATURE_AARCH64)) {
+                cpu_suspend_fn = QEMU_PSCI_0_2_FN64_CPU_SUSPEND;
+                cpu_on_fn = QEMU_PSCI_0_2_FN64_CPU_ON;
+                migrate_fn = QEMU_PSCI_0_2_FN64_MIGRATE;
+            } else {
+                cpu_suspend_fn = QEMU_PSCI_0_2_FN_CPU_SUSPEND;
+                cpu_on_fn = QEMU_PSCI_0_2_FN_CPU_ON;
+                migrate_fn = QEMU_PSCI_0_2_FN_MIGRATE;
+            }
         } else {
             qemu_fdt_setprop_string(fdt, "/psci", "compatible", "arm,psci");
+
+            cpu_suspend_fn = QEMU_PSCI_0_1_FN_CPU_SUSPEND;
+            cpu_off_fn = QEMU_PSCI_0_1_FN_CPU_OFF;
+            cpu_on_fn = QEMU_PSCI_0_1_FN_CPU_ON;
+            migrate_fn = QEMU_PSCI_0_1_FN_MIGRATE;
         }
 
         qemu_fdt_setprop_string(fdt, "/psci", "method", "hvc");
-        qemu_fdt_setprop_cell(fdt, "/psci", "cpu_suspend",
-                                  QEMU_PSCI_0_1_FN_CPU_SUSPEND);
-        qemu_fdt_setprop_cell(fdt, "/psci", "cpu_off", QEMU_PSCI_0_1_FN_CPU_OFF);
-        qemu_fdt_setprop_cell(fdt, "/psci", "cpu_on", QEMU_PSCI_0_1_FN_CPU_ON);
-        qemu_fdt_setprop_cell(fdt, "/psci", "migrate", QEMU_PSCI_0_1_FN_MIGRATE);
+
+        qemu_fdt_setprop_cell(fdt, "/psci", "cpu_suspend", cpu_suspend_fn);
+        qemu_fdt_setprop_cell(fdt, "/psci", "cpu_off", cpu_off_fn);
+        qemu_fdt_setprop_cell(fdt, "/psci", "cpu_on", cpu_on_fn);
+        qemu_fdt_setprop_cell(fdt, "/psci", "migrate", migrate_fn);
     }
 }
 
diff --git a/target-arm/kvm-consts.h b/target-arm/kvm-consts.h
index bcad7ba..091c126 100644
--- a/target-arm/kvm-consts.h
+++ b/target-arm/kvm-consts.h
@@ -17,6 +17,7 @@
 #ifdef CONFIG_KVM
 #include "qemu/compiler.h"
 #include <linux/kvm.h>
+#include <linux/psci.h>
 
 #define MISMATCH_CHECK(X, Y) QEMU_BUILD_BUG_ON(X != Y)
 
@@ -50,6 +51,32 @@ MISMATCH_CHECK(QEMU_PSCI_0_1_FN_CPU_OFF, KVM_PSCI_FN_CPU_OFF)
 MISMATCH_CHECK(QEMU_PSCI_0_1_FN_CPU_ON, KVM_PSCI_FN_CPU_ON)
 MISMATCH_CHECK(QEMU_PSCI_0_1_FN_MIGRATE, KVM_PSCI_FN_MIGRATE)
 
+#define QEMU_PSCI_0_2_FN_BASE 0x84000000
+#define QEMU_PSCI_0_2_FN(n) (QEMU_PSCI_0_2_FN_BASE + (n))
+
+#define QEMU_PSCI_0_2_64BIT 0x40000000
+#define QEMU_PSCI_0_2_FN64_BASE \
+        (QEMU_PSCI_0_2_FN_BASE + QEMU_PSCI_0_2_64BIT)
+#define QEMU_PSCI_0_2_FN64(n) (QEMU_PSCI_0_2_FN64_BASE + (n))
+
+#define QEMU_PSCI_0_2_FN_CPU_SUSPEND QEMU_PSCI_0_2_FN(1)
+#define QEMU_PSCI_0_2_FN_CPU_OFF QEMU_PSCI_0_2_FN(2)
+#define QEMU_PSCI_0_2_FN_CPU_ON QEMU_PSCI_0_2_FN(3)
+#define QEMU_PSCI_0_2_FN_MIGRATE QEMU_PSCI_0_2_FN(5)
+
+#define QEMU_PSCI_0_2_FN64_CPU_SUSPEND QEMU_PSCI_0_2_FN64(1)
+#define QEMU_PSCI_0_2_FN64_CPU_OFF QEMU_PSCI_0_2_FN64(2)
+#define QEMU_PSCI_0_2_FN64_CPU_ON QEMU_PSCI_0_2_FN64(3)
+#define QEMU_PSCI_0_2_FN64_MIGRATE QEMU_PSCI_0_2_FN64(5)
+
+MISMATCH_CHECK(QEMU_PSCI_0_2_FN_CPU_SUSPEND, PSCI_0_2_FN_CPU_SUSPEND)
+MISMATCH_CHECK(QEMU_PSCI_0_2_FN_CPU_OFF, PSCI_0_2_FN_CPU_OFF)
+MISMATCH_CHECK(QEMU_PSCI_0_2_FN_CPU_ON, PSCI_0_2_FN_CPU_ON)
+MISMATCH_CHECK(QEMU_PSCI_0_2_FN_MIGRATE, PSCI_0_2_FN_MIGRATE)
+MISMATCH_CHECK(QEMU_PSCI_0_2_FN64_CPU_SUSPEND, PSCI_0_2_FN64_CPU_SUSPEND)
+MISMATCH_CHECK(QEMU_PSCI_0_2_FN64_CPU_ON, PSCI_0_2_FN64_CPU_ON)
+MISMATCH_CHECK(QEMU_PSCI_0_2_FN64_MIGRATE, PSCI_0_2_FN64_MIGRATE)
+
 /* Note that KVM uses overlapping values for AArch32 and AArch64
  * target CPU numbers. AArch32 targets:
  */
-- 
1.9.1

[Qemu-devel] [PATCH 16/25] block/iscsi: fix memory corruption on iscsi resize

[Michael Roth]

From: Peter Lieven <pl@kamp.de>

bs->total_sectors is not yet updated at this point. resulting
in memory corruption if the volume has grown and data is written
to the newly availble areas.

CC: qemu-stable@nongnu.org
Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit d832fb4d66ead62da4af7e44cce34cd939e865e1)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
 block/iscsi.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/block/iscsi.c b/block/iscsi.c
index a7bb697..ed883c3 100644
--- a/block/iscsi.c
+++ b/block/iscsi.c
@@ -1509,7 +1509,8 @@ static int iscsi_truncate(BlockDriverState *bs, int64_t offset)
     if (iscsilun->allocationmap != NULL) {
         g_free(iscsilun->allocationmap);
         iscsilun->allocationmap =
-            bitmap_new(DIV_ROUND_UP(bs->total_sectors,
+            bitmap_new(DIV_ROUND_UP(sector_lun2qemu(iscsilun->num_blocks,
+                                                    iscsilun),
                                     iscsilun->cluster_sectors));
     }
 
-- 
1.9.1

[Qemu-devel] [PATCH 17/25] raw-posix: fix O_DIRECT short reads

[Michael Roth]

From: Stefan Hajnoczi <stefanha@redhat.com>

The following O_DIRECT read from a <512 byte file fails:

  $ truncate -s 320 test.img
  $ qemu-io -n -c 'read -P 0 0 512' test.img
  qemu-io: can't open device test.img: Could not read image for determining its format: Invalid argument

Note that qemu-io completes successfully without the -n (O_DIRECT)
option.

This patch fixes qemu-iotests ./check -nocache -vmdk 059.

Cc: qemu-stable@nongnu.org
Suggested-by: Kevin Wolf <kwolf@redhat.com>
Reported-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 61ed73cff427206b3a959b18a4877952f566279b)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
 block/raw-posix.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/block/raw-posix.c b/block/raw-posix.c
index 8e9758e..87fc170 100644
--- a/block/raw-posix.c
+++ b/block/raw-posix.c
@@ -747,6 +747,15 @@ static ssize_t handle_aiocb_rw_linear(RawPosixAIOData *aiocb, char *buf)
         }
         if (len == -1 && errno == EINTR) {
             continue;
+        } else if (len == -1 && errno == EINVAL &&
+                   (aiocb->bs->open_flags & BDRV_O_NOCACHE) &&
+                   !(aiocb->aio_type & QEMU_AIO_WRITE) &&
+                   offset > 0) {
+            /* O_DIRECT pread() may fail with EINVAL when offset is unaligned
+             * after a short read.  Assume that O_DIRECT short reads only occur
+             * at EOF.  Therefore this is a short read, not an I/O error.
+             */
+            break;
         } else if (len == -1) {
             offset = -errno;
             break;
-- 
1.9.1

[Qemu-devel] [PATCH 18/25] qemu-iotests: add test case 101 for short file I/O

[Michael Roth]

From: Stefan Hajnoczi <stefanha@redhat.com>

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 8d9eb33ca0bbb8bca0f1775623ed3cf5f39760cd)

Conflicts:
	tests/qemu-iotests/group

*fix up context mismatches due to lack of 099 and 103 tests

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
 tests/qemu-iotests/101     | 58 ++++++++++++++++++++++++++++++++++++++++++++++
 tests/qemu-iotests/101.out | 10 ++++++++
 tests/qemu-iotests/group   |  1 +
 3 files changed, 69 insertions(+)
 create mode 100755 tests/qemu-iotests/101
 create mode 100644 tests/qemu-iotests/101.out

diff --git a/tests/qemu-iotests/101 b/tests/qemu-iotests/101
new file mode 100755
index 0000000..70fbf25
--- /dev/null
+++ b/tests/qemu-iotests/101
@@ -0,0 +1,58 @@
+#!/bin/bash
+#
+# Test short file I/O
+#
+# Copyright (C) 2014 Red Hat, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+# creator
+owner=stefanha@redhat.com
+
+seq=`basename $0`
+echo "QA output created by $seq"
+
+here=`pwd`
+tmp=/tmp/$$
+status=1	# failure is the default!
+
+_cleanup()
+{
+	_cleanup_test_img
+}
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+# get standard environment, filters and checks
+. ./common.rc
+. ./common.filter
+
+_supported_fmt raw
+_supported_proto file
+_supported_os Linux
+
+
+echo
+echo "== creating short image file =="
+dd if=/dev/zero of="$TEST_IMG" bs=1 count=320
+
+echo
+echo "== reading bytes beyond EOF gives zeroes =="
+$QEMU_IO -c "read -P 0 0 512" "$TEST_IMG" | _filter_qemu_io
+
+
+# success, all done
+echo "*** done"
+rm -f $seq.full
+status=0
diff --git a/tests/qemu-iotests/101.out b/tests/qemu-iotests/101.out
new file mode 100644
index 0000000..9a996e8
--- /dev/null
+++ b/tests/qemu-iotests/101.out
@@ -0,0 +1,10 @@
+QA output created by 101
+
+== creating short image file ==
+320+0 records in
+320+0 records out
+
+== reading bytes beyond EOF gives zeroes ==
+read 512/512 bytes at offset 0
+512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+*** done
diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group
index 6e67f61..e25e992 100644
--- a/tests/qemu-iotests/group
+++ b/tests/qemu-iotests/group
@@ -100,3 +100,4 @@
 091 rw auto quick
 092 rw auto quick
 095 rw auto quick
+101 rw auto quick
-- 
1.9.1

[Qemu-devel] [PATCH 19/25] blkdebug: Delete BH in bdrv_aio_cancel

[Michael Roth]

From: Fam Zheng <famz@redhat.com>

Otherwise error_callback_bh will access the already released acb.

Cc: qemu-stable@nongnu.org
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit cbf95a0b117461473f05ab3cce4d01ba2b29e60a)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
 block/blkdebug.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/block/blkdebug.c b/block/blkdebug.c
index f51407d..01b8e73 100644
--- a/block/blkdebug.c
+++ b/block/blkdebug.c
@@ -449,6 +449,10 @@ static void error_callback_bh(void *opaque)
 static void blkdebug_aio_cancel(BlockDriverAIOCB *blockacb)
 {
     BlkdebugAIOCB *acb = container_of(blockacb, BlkdebugAIOCB, common);
+    if (acb->bh) {
+        qemu_bh_delete(acb->bh);
+        acb->bh = NULL;
+    }
     qemu_aio_release(acb);
 }
 
-- 
1.9.1

[Qemu-devel] [PATCH 20/25] vmxnet3: Pad short frames to minimum size (60 bytes)

[Michael Roth]

From: Ben Draper <ben@xrsa.net>

When running VMware ESXi under qemu-kvm the guest discards frames
that are too short. Short ARP Requests will be dropped, this prevents
guests on the same bridge as VMware ESXi from communicating. This patch
simply adds the padding on the network device itself.

Signed-off-by: Ben Draper <ben@xrsa.net>
Reviewed-by: Dmitry Fleytman <dmitry@daynix.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit 40a87c6c9b11ef9c14e0301f76abf0eb2582f08e)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
 hw/net/vmxnet3.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
index 77bea6f..ae3e50f 100644
--- a/hw/net/vmxnet3.c
+++ b/hw/net/vmxnet3.c
@@ -34,6 +34,7 @@
 
 #define PCI_DEVICE_ID_VMWARE_VMXNET3_REVISION 0x1
 #define VMXNET3_MSIX_BAR_SIZE 0x2000
+#define MIN_BUF_SIZE 60
 
 #define VMXNET3_BAR0_IDX      (0)
 #define VMXNET3_BAR1_IDX      (1)
@@ -1871,12 +1872,21 @@ vmxnet3_receive(NetClientState *nc, const uint8_t *buf, size_t size)
 {
     VMXNET3State *s = qemu_get_nic_opaque(nc);
     size_t bytes_indicated;
+    uint8_t min_buf[MIN_BUF_SIZE];
 
     if (!vmxnet3_can_receive(nc)) {
         VMW_PKPRN("Cannot receive now");
         return -1;
     }
 
+    /* Pad to minimum Ethernet frame length */
+    if (size < sizeof(min_buf)) {
+        memcpy(min_buf, buf, size);
+        memset(&min_buf[size], 0, sizeof(min_buf) - size);
+        buf = min_buf;
+        size = sizeof(min_buf);
+    }
+
     if (s->peer_has_vhdr) {
         vmxnet_rx_pkt_set_vhdr(s->rx_pkt, (struct virtio_net_hdr *)buf);
         buf += sizeof(struct virtio_net_hdr);
-- 
1.9.1

[Qemu-devel] [PATCH 21/25] hostmem: set MPOL_MF_MOVE

[Michael Roth]

From: "Michael S. Tsirkin" <mst@redhat.com>

When memory is allocated on a wrong node, MPOL_MF_STRICT
doesn't move it - it just fails the allocation.
A simple way to reproduce the failure is with mlock=on
realtime feature.

The code comment actually says: "ensure policy won't be ignored"
so setting MPOL_MF_MOVE seems like a better way to do this.

Cc: qemu-stable@nongnu.org
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

(cherry picked from commit 288d3322022d6ad646407f3ca6f1a6a746565b9a)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
 backends/hostmem.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backends/hostmem.c b/backends/hostmem.c
index ca10c51..a9905c0 100644
--- a/backends/hostmem.c
+++ b/backends/hostmem.c
@@ -304,7 +304,7 @@ host_memory_backend_memory_complete(UserCreatable *uc, Error **errp)
         /* ensure policy won't be ignored in case memory is preallocated
          * before mbind(). note: MPOL_MF_STRICT is ignored on hugepages so
          * this doesn't catch hugepage case. */
-        unsigned flags = MPOL_MF_STRICT;
+        unsigned flags = MPOL_MF_STRICT | MPOL_MF_MOVE;
 
         /* check for invalid host-nodes and policies and give more verbose
          * error messages than mbind(). */
-- 
1.9.1

[Qemu-devel] [PATCH 22/25] pcihp: fix possible array out of bounds

[Michael Roth]

From: Gonglei <arei.gonglei@huawei.com>

Prevent out-of-bounds array access on
acpi_pcihp_pci_status.

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Cc: qemu-stable@nongnu.org
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
(cherry picked from commit fa365d7cd11185237471823a5a33d36765454e16)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
 hw/acpi/pcihp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/acpi/pcihp.c b/hw/acpi/pcihp.c
index fae663a..34dedf1 100644
--- a/hw/acpi/pcihp.c
+++ b/hw/acpi/pcihp.c
@@ -231,7 +231,7 @@ static uint64_t pci_read(void *opaque, hwaddr addr, unsigned int size)
     uint32_t val = 0;
     int bsel = s->hotplug_select;
 
-    if (bsel < 0 || bsel > ACPI_PCIHP_MAX_HOTPLUG_BUS) {
+    if (bsel < 0 || bsel >= ACPI_PCIHP_MAX_HOTPLUG_BUS) {
         return 0;
     }
 
-- 
1.9.1

[Qemu-devel] [PATCH 23/25] pc: reserve more memory for ACPI for new machine types

[Michael Roth]

From: "Michael S. Tsirkin" <mst@redhat.com>

commit 868270f23d8db2cce83e4f082fe75e8625a5fbf9
    acpi-build: tweak acpi migration limits
broke kernel loading with -kernel/-initrd: it doubled
the size of ACPI tables but did not reserve
enough memory.

As a result, issues on boot and halt are observed.

Fix this up by doubling reserved memory for new machine types.

Cc: qemu-stable@nongnu.org
Reported-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 927766c7d34275ecf586020cc5305e377cc4af10)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
 hw/i386/pc.c         | 12 +++++++++---
 hw/i386/pc_piix.c    |  1 +
 hw/i386/pc_q35.c     |  1 +
 include/hw/i386/pc.h |  2 ++
 4 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 2cf22b1..97932a6 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -73,7 +73,12 @@
 #endif
 
 /* Leave a chunk of memory at the top of RAM for the BIOS ACPI tables.  */
-#define ACPI_DATA_SIZE       0x10000
+unsigned acpi_data_size = 0x20000;
+void pc_set_legacy_acpi_data_size(void)
+{
+    acpi_data_size = 0x10000;
+}
+
 #define BIOS_CFG_IOPORT 0x510
 #define FW_CFG_ACPI_TABLES (FW_CFG_ARCH_LOCAL + 0)
 #define FW_CFG_SMBIOS_ENTRIES (FW_CFG_ARCH_LOCAL + 1)
@@ -811,8 +816,9 @@ static void load_linux(FWCfgState *fw_cfg,
         initrd_max = 0x37ffffff;
     }
 
-    if (initrd_max >= max_ram_size-ACPI_DATA_SIZE)
-    	initrd_max = max_ram_size-ACPI_DATA_SIZE-1;
+    if (initrd_max >= max_ram_size - acpi_data_size) {
+        initrd_max = max_ram_size - acpi_data_size - 1;
+    }
 
     fw_cfg_add_i32(fw_cfg, FW_CFG_CMDLINE_ADDR, cmdline_addr);
     fw_cfg_add_i32(fw_cfg, FW_CFG_CMDLINE_SIZE, strlen(kernel_cmdline)+1);
diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index 9694f88..8dc8290 100644
--- a/hw/i386/pc_piix.c
+++ b/hw/i386/pc_piix.c
@@ -318,6 +318,7 @@ static void pc_compat_2_0(MachineState *machine)
     legacy_acpi_table_size = 6652;
     smbios_legacy_mode = true;
     has_reserved_memory = false;
+    pc_set_legacy_acpi_data_size();
 }
 
 static void pc_compat_1_7(MachineState *machine)
diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
index c39ee98..4e2dd49 100644
--- a/hw/i386/pc_q35.c
+++ b/hw/i386/pc_q35.c
@@ -282,6 +282,7 @@ static void pc_compat_2_0(MachineState *machine)
 {
     smbios_legacy_mode = true;
     has_reserved_memory = false;
+    pc_set_legacy_acpi_data_size();
 }
 
 static void pc_compat_1_7(MachineState *machine)
diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index f4b9b2b..5f0a265 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -177,6 +177,8 @@ void pc_acpi_init(const char *default_dsdt);
 PcGuestInfo *pc_guest_info_init(ram_addr_t below_4g_mem_size,
                                 ram_addr_t above_4g_mem_size);
 
+void pc_set_legacy_acpi_data_size(void);
+
 #define PCI_HOST_PROP_PCI_HOLE_START   "pci-hole-start"
 #define PCI_HOST_PROP_PCI_HOLE_END     "pci-hole-end"
 #define PCI_HOST_PROP_PCI_HOLE64_START "pci-hole64-start"
-- 
1.9.1

[Qemu-devel] [PATCH 24/25] thread-pool: avoid per-thread-pool EventNotifier

[Michael Roth]

From: Stefan Hajnoczi <stefanha@redhat.com>

EventNotifier is implemented using an eventfd or pipe.  It therefore
consumes file descriptors, which can be limited by rlimits and should
therefore be used sparingly.

Switch from EventNotifier to QEMUBH in thread-pool.c.  Originally
EventNotifier was used because qemu_bh_schedule() was not thread-safe
yet.

Reported-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit c2e50e3d11a0bf4c973cc30478c1af0f2d5f8e81)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
 thread-pool.c | 21 ++++++++-------------
 1 file changed, 8 insertions(+), 13 deletions(-)

diff --git a/thread-pool.c b/thread-pool.c
index dfb699d..4cfd078 100644
--- a/thread-pool.c
+++ b/thread-pool.c
@@ -21,7 +21,6 @@
 #include "block/coroutine.h"
 #include "trace.h"
 #include "block/block_int.h"
-#include "qemu/event_notifier.h"
 #include "block/thread-pool.h"
 #include "qemu/main-loop.h"
 
@@ -57,8 +56,8 @@ struct ThreadPoolElement {
 };
 
 struct ThreadPool {
-    EventNotifier notifier;
     AioContext *ctx;
+    QEMUBH *completion_bh;
     QemuMutex lock;
     QemuCond check_cancel;
     QemuCond worker_stopped;
@@ -119,7 +118,7 @@ static void *worker_thread(void *opaque)
             qemu_cond_broadcast(&pool->check_cancel);
         }
 
-        event_notifier_set(&pool->notifier);
+        qemu_bh_schedule(pool->completion_bh);
     }
 
     pool->cur_threads--;
@@ -168,12 +167,11 @@ static void spawn_thread(ThreadPool *pool)
     }
 }
 
-static void event_notifier_ready(EventNotifier *notifier)
+static void thread_pool_completion_bh(void *opaque)
 {
-    ThreadPool *pool = container_of(notifier, ThreadPool, notifier);
+    ThreadPool *pool = opaque;
     ThreadPoolElement *elem, *next;
 
-    event_notifier_test_and_clear(notifier);
 restart:
     QLIST_FOREACH_SAFE(elem, &pool->head, all, next) {
         if (elem->state != THREAD_CANCELED && elem->state != THREAD_DONE) {
@@ -215,7 +213,7 @@ static void thread_pool_cancel(BlockDriverAIOCB *acb)
         qemu_sem_timedwait(&pool->sem, 0) == 0) {
         QTAILQ_REMOVE(&pool->request_list, elem, reqs);
         elem->state = THREAD_CANCELED;
-        event_notifier_set(&pool->notifier);
+        qemu_bh_schedule(pool->completion_bh);
     } else {
         pool->pending_cancellations++;
         while (elem->state != THREAD_CANCELED && elem->state != THREAD_DONE) {
@@ -224,7 +222,7 @@ static void thread_pool_cancel(BlockDriverAIOCB *acb)
         pool->pending_cancellations--;
     }
     qemu_mutex_unlock(&pool->lock);
-    event_notifier_ready(&pool->notifier);
+    thread_pool_completion_bh(pool);
 }
 
 static const AIOCBInfo thread_pool_aiocb_info = {
@@ -293,8 +291,8 @@ static void thread_pool_init_one(ThreadPool *pool, AioContext *ctx)
     }
 
     memset(pool, 0, sizeof(*pool));
-    event_notifier_init(&pool->notifier, false);
     pool->ctx = ctx;
+    pool->completion_bh = aio_bh_new(ctx, thread_pool_completion_bh, pool);
     qemu_mutex_init(&pool->lock);
     qemu_cond_init(&pool->check_cancel);
     qemu_cond_init(&pool->worker_stopped);
@@ -304,8 +302,6 @@ static void thread_pool_init_one(ThreadPool *pool, AioContext *ctx)
 
     QLIST_INIT(&pool->head);
     QTAILQ_INIT(&pool->request_list);
-
-    aio_set_event_notifier(ctx, &pool->notifier, event_notifier_ready);
 }
 
 ThreadPool *thread_pool_new(AioContext *ctx)
@@ -339,11 +335,10 @@ void thread_pool_free(ThreadPool *pool)
 
     qemu_mutex_unlock(&pool->lock);
 
-    aio_set_event_notifier(pool->ctx, &pool->notifier, NULL);
+    qemu_bh_delete(pool->completion_bh);
     qemu_sem_destroy(&pool->sem);
     qemu_cond_destroy(&pool->check_cancel);
     qemu_cond_destroy(&pool->worker_stopped);
     qemu_mutex_destroy(&pool->lock);
-    event_notifier_cleanup(&pool->notifier);
     g_free(pool);
 }
-- 
1.9.1

[Qemu-devel] [PATCH 25/25] thread-pool: avoid deadlock in nested aio_poll() calls

[Michael Roth]

From: Stefan Hajnoczi <stefanha@redhat.com>

The thread pool has a race condition if two elements complete before
thread_pool_completion_bh() runs:

  If element A's callback waits for element B using aio_poll() it will
  deadlock since pool->completion_bh is not marked scheduled when the
  nested aio_poll() runs.

Fix this by marking the BH scheduled while thread_pool_completion_bh()
is executing.  This way any nested aio_poll() loops will enter
thread_pool_completion_bh() and complete the remaining elements.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 3c80ca158c96ff902a30883a8933e755988948b1)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
 thread-pool.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/thread-pool.c b/thread-pool.c
index 4cfd078..23888dc 100644
--- a/thread-pool.c
+++ b/thread-pool.c
@@ -185,6 +185,12 @@ restart:
             QLIST_REMOVE(elem, all);
             /* Read state before ret.  */
             smp_rmb();
+
+            /* Schedule ourselves in case elem->common.cb() calls aio_poll() to
+             * wait for another request that completed at the same time.
+             */
+            qemu_bh_schedule(pool->completion_bh);
+
             elem->common.cb(elem->common.opaque, elem->ret);
             qemu_aio_release(elem);
             goto restart;
-- 
1.9.1

Re: [Qemu-devel] [Qemu-stable] [PATCH 06/25] pci: Use bus master address space for delivering MSI/MSI-X messages

[Greg Kurz]

On Wed, 27 Aug 2014 12:36:03 -0500
Michael Roth <mdroth@linux.vnet.ibm.com> wrote:
> From: Jan Kiszka <jan.kiszka@siemens.com>
> 
> The spec says (and real HW confirms this) that, if the bus master bit
> is 0, the device will not generate any PCI accesses. MSI and MSI-X
> messages fall among these, so we should use the corresponding address
> space to deliver them. This will prevent delivery if bus master support
> is disabled.
> 
> Cc: qemu-stable@nongnu.org
> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
> Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
> (cherry picked from commit cc943c36faa192cd4b32af8fe5edb31894017d35)
> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
> ---

Hi Michael,

This commit breaks virtio for spapr. A fix is available in Alex's ppc-next:

From: Greg Kurz <gkurz@linux.vnet.ibm.com>
spapr_pci: map the MSI window in each PHB 

https://github.com/agraf/qemu/commit/7af2868fc76857e19c232bbe9e99a95d61138213

Cheers.

--
Greg

>  hw/pci/msi.c  | 2 +-
>  hw/pci/msix.c | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/hw/pci/msi.c b/hw/pci/msi.c
> index a4a3040..52d2313 100644
> --- a/hw/pci/msi.c
> +++ b/hw/pci/msi.c
> @@ -291,7 +291,7 @@ void msi_notify(PCIDevice *dev, unsigned int vector)
>                     "notify vector 0x%x"
>                     " address: 0x%"PRIx64" data: 0x%"PRIx32"\n",
>                     vector, msg.address, msg.data);
> -    stl_le_phys(&address_space_memory, msg.address, msg.data);
> +    stl_le_phys(&dev->bus_master_as, msg.address, msg.data);
>  }
> 
>  /* Normally called by pci_default_write_config(). */
> diff --git a/hw/pci/msix.c b/hw/pci/msix.c
> index 5c49bfc..20ae476 100644
> --- a/hw/pci/msix.c
> +++ b/hw/pci/msix.c
> @@ -439,7 +439,7 @@ void msix_notify(PCIDevice *dev, unsigned vector)
> 
>      msg = msix_get_message(dev, vector);
> 
> -    stl_le_phys(&address_space_memory, msg.address, msg.data);
> +    stl_le_phys(&dev->bus_master_as, msg.address, msg.data);
>  }
> 
>  void msix_reset(PCIDevice *dev)



-- 
Gregory Kurz                                     kurzgreg@fr.ibm.com
                                                 gkurz@linux.vnet.ibm.com
Software Engineer @ IBM/Meiosys                  http://www.ibm.com
Tel +33 (0)562 165 496

"Anarchy is about taking complete responsibility for yourself."
        Alan Moore.

Re: [Qemu-devel] [Qemu-stable] [PATCH 06/25] pci: Use bus master address space for delivering MSI/MSI-X messages

[Michael Roth]

Quoting Greg Kurz (2014-08-28 05:18:06)
> On Wed, 27 Aug 2014 12:36:03 -0500
> Michael Roth <mdroth@linux.vnet.ibm.com> wrote:
> > From: Jan Kiszka <jan.kiszka@siemens.com>
> > 
> > The spec says (and real HW confirms this) that, if the bus master bit
> > is 0, the device will not generate any PCI accesses. MSI and MSI-X
> > messages fall among these, so we should use the corresponding address
> > space to deliver them. This will prevent delivery if bus master support
> > is disabled.
> > 
> > Cc: qemu-stable@nongnu.org
> > Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
> > Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
> > Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
> > (cherry picked from commit cc943c36faa192cd4b32af8fe5edb31894017d35)
> > Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
> > ---
> 
> Hi Michael,
> 
> This commit breaks virtio for spapr. A fix is available in Alex's ppc-next:
> 
> From: Greg Kurz <gkurz@linux.vnet.ibm.com>
> spapr_pci: map the MSI window in each PHB 
> 
> https://github.com/agraf/qemu/commit/7af2868fc76857e19c232bbe9e99a95d61138213

Thanks, I've gone ahead and applied it. Tested virtio + pseries before/after
and it seems to fix the issue.

> 
> Cheers.
> 
> --
> Greg
> 
> >  hw/pci/msi.c  | 2 +-
> >  hw/pci/msix.c | 2 +-
> >  2 files changed, 2 insertions(+), 2 deletions(-)
> > 
> > diff --git a/hw/pci/msi.c b/hw/pci/msi.c
> > index a4a3040..52d2313 100644
> > --- a/hw/pci/msi.c
> > +++ b/hw/pci/msi.c
> > @@ -291,7 +291,7 @@ void msi_notify(PCIDevice *dev, unsigned int vector)
> >                     "notify vector 0x%x"
> >                     " address: 0x%"PRIx64" data: 0x%"PRIx32"\n",
> >                     vector, msg.address, msg.data);
> > -    stl_le_phys(&address_space_memory, msg.address, msg.data);
> > +    stl_le_phys(&dev->bus_master_as, msg.address, msg.data);
> >  }
> > 
> >  /* Normally called by pci_default_write_config(). */
> > diff --git a/hw/pci/msix.c b/hw/pci/msix.c
> > index 5c49bfc..20ae476 100644
> > --- a/hw/pci/msix.c
> > +++ b/hw/pci/msix.c
> > @@ -439,7 +439,7 @@ void msix_notify(PCIDevice *dev, unsigned vector)
> > 
> >      msg = msix_get_message(dev, vector);
> > 
> > -    stl_le_phys(&address_space_memory, msg.address, msg.data);
> > +    stl_le_phys(&dev->bus_master_as, msg.address, msg.data);
> >  }
> > 
> >  void msix_reset(PCIDevice *dev)
> 
> 
> 
> -- 
> Gregory Kurz                                     kurzgreg@fr.ibm.com
>                                                  gkurz@linux.vnet.ibm.com
> Software Engineer @ IBM/Meiosys                  http://www.ibm.com
> Tel +33 (0)562 165 496
> 
> "Anarchy is about taking complete responsibility for yourself."
>         Alan Moore.

Re: [Qemu-devel] Patch Round-up for stable 2.1.1, freeze on 2014-09-03

[zhanghailiang]

On 2014/8/28 1:35, Michael Roth wrote:
> Hi everyone,
>
> The following new patches are queued for QEMU stable v2.1.1:
>
>    https://github.com/mdroth/qemu/commits/stable-2.1-staging
>
> The release is planned for 2014-09-08:
>
>    http://wiki.qemu.org/Planning/2.1
>
> Please respond here or CC qemu-stable@nongnu.org on any patches you
> think should be included in the release.
>

Hi Michael,

The Patch *[PATCH V4] net: Forbid dealing with packets when VM is not running*
has been reviewed by Jason Wang <jasowang@redhat.com>,
Juan Quintela <quintela@redhat.com> and Michael S. Tsirkin <mst@redhat.com>.

It is a bug fix patch, and should be include.

If you can not find this patch in your mailbox, i will send it once again:)

Thanks,
zhanghailiang

> Testing/feedback is greatly appreciated.
>
> Thanks!
>
> ----------------------------------------------------------------
> Alex Williamson (1):
>        vfio: Fix MSI-X vector expansion
>
> Ben Draper (1):
>        vmxnet3: Pad short frames to minimum size (60 bytes)
>
> Christoffer Dall (2):
>        target-arm: Rename QEMU PSCI v0.1 definitions
>        arm/virt: Use PSCI v0.2 function IDs in the DT when KVM uses PSCI v0.2
>
> Fam Zheng (1):
>        blkdebug: Delete BH in bdrv_aio_cancel
>
> Gonglei (1):
>        pcihp: fix possible array out of bounds
>
> Hu Tao (3):
>        hw:i386: typo fix: MEMORY_HOPTLUG_DEVICE ->  MEMORY_HOTPLUG_DEVICE
>        pc-dimm: validate node property
>        numa: show hex number in error message for consistency and prefix them with 0x
>
> Jan Kiszka (1):
>        pci: Use bus master address space for delivering MSI/MSI-X messages
>
> Michael S. Tsirkin (4):
>        pc-dimm: fix up error message
>        acpi: align RSDP
>        hostmem: set MPOL_MF_MOVE
>        pc: reserve more memory for ACPI for new machine types
>
> Michael Tokarev (2):
>        l2tpv3 (configure): it is linux-specific
>        ide: only constrain read/write requests to drive size, not other types
>
> Peter Lieven (1):
>        block/iscsi: fix memory corruption on iscsi resize
>
> Peter Maydell (1):
>        target-arm: Fix return address for A64 BRK instructions
>
> Stefan Hajnoczi (6):
>        qmp: hide "hotplugged" device property from device-list-properties
>        qdev-monitor: include QOM properties in -device FOO, help output
>        raw-posix: fix O_DIRECT short reads
>        qemu-iotests: add test case 101 for short file I/O
>        thread-pool: avoid per-thread-pool EventNotifier
>        thread-pool: avoid deadlock in nested aio_poll() calls
>
> zhanghailiang (1):
>        virtio-blk: fix reference a pointer which might be freed
>
>   backends/hostmem.c              |  2 +-
>   block/blkdebug.c                |  4 +++
>   block/iscsi.c                   |  3 ++-
>   block/raw-posix.c               |  9 +++++++
>   configure                       |  1 +
>   hw/acpi/pcihp.c                 |  2 +-
>   hw/arm/virt.c                   | 31 ++++++++++++++++++----
>   hw/block/virtio-blk.c           |  3 ++-
>   hw/i386/acpi-build.c            |  2 +-
>   hw/i386/acpi-dsdt.dsl           |  4 +--
>   hw/i386/acpi-dsdt.hex.generated |  8 +++---
>   hw/i386/pc.c                    | 12 ++++++---
>   hw/i386/pc_piix.c               |  1 +
>   hw/i386/pc_q35.c                |  1 +
>   hw/i386/q35-acpi-dsdt.dsl       |  4 +--
>   hw/i386/ssdt-mem.dsl            | 16 ++++++------
>   hw/i386/ssdt-misc.dsl           |  2 +-
>   hw/ide/core.c                   |  3 ++-
>   hw/mem/pc-dimm.c                |  6 +++++
>   hw/misc/vfio.c                  | 38 ++++++++++++++++++++-------
>   hw/net/vmxnet3.c                | 10 +++++++
>   hw/pci/msi.c                    |  2 +-
>   hw/pci/msix.c                   |  2 +-
>   include/hw/acpi/pc-hotplug.h    |  2 +-
>   include/hw/i386/pc.h            |  2 ++
>   numa.c                          |  4 +--
>   qdev-monitor.c                  | 40 ++++++++++++----------------
>   qmp.c                           |  1 +
>   target-arm/kvm-consts.h         | 49 ++++++++++++++++++++++++++--------
>   target-arm/translate-a64.c      |  2 +-
>   tests/qemu-iotests/101          | 58 +++++++++++++++++++++++++++++++++++++++++
>   tests/qemu-iotests/101.out      | 10 +++++++
>   tests/qemu-iotests/group        |  1 +
>   thread-pool.c                   | 27 ++++++++++---------
>   34 files changed, 269 insertions(+), 93 deletions(-)
>   create mode 100755 tests/qemu-iotests/101
>   create mode 100644 tests/qemu-iotests/101.out
>
>
>
>

Re: [Qemu-devel] Patch Round-up for stable 2.1.1, freeze on 2014-09-03

[Paolo Bonzini]

Il 27/08/2014 19:35, Michael Roth ha scritto:
> Hi everyone,
> 
> The following new patches are queued for QEMU stable v2.1.1:
> 
>   https://github.com/mdroth/qemu/commits/stable-2.1-staging
> 
> The release is planned for 2014-09-08:
> 
>   http://wiki.qemu.org/Planning/2.1
> 
> Please respond here or CC qemu-stable@nongnu.org on any patches you
> think should be included in the release.

These new ones just got into master yesterday:

1844e68ecabbdfdf0228774bcd5cf0f63ffc2e57    target-i386: Don't forbid NX bit on PAE PDEs and PTEs
d8b5c67b05420d966664664ff287af05b884bdd1    x86: Use common variable range MTRR counts
d1ae67f626c5ed5729e1d8212834291b409d26df    x86: kvm: Add MTRR support for kvm_get|put_msrs()
9db2efd95e13330075bff027cd682a063d725332    x86: Clear MTRRs on vCPU reset
9db693f76441e2fc7e1b05dc454e7db4d3298dcb    block/iscsi: fix memory corruption on iscsi resize
7b71758d79106a63a0b8aba02df752d9995ea50c    vl: process -object after other backend options

Paolo

Re: [Qemu-devel] Patch Round-up for stable 2.1.1, freeze on 2014-09-03

[Michael S. Tsirkin]

On Wed, Aug 27, 2014 at 12:35:57PM -0500, Michael Roth wrote:
> Hi everyone,
> 
> The following new patches are queued for QEMU stable v2.1.1:
> 
>   https://github.com/mdroth/qemu/commits/stable-2.1-staging
> 
> The release is planned for 2014-09-08:
> 
>   http://wiki.qemu.org/Planning/2.1
> 
> Please respond here or CC qemu-stable@nongnu.org on any patches you
> think should be included in the release.
> 
> Testing/feedback is greatly appreciated.
> 
> Thanks!

A bunch of other patches Cc stable were merged upstream
since then - could you please send an update
of what's in?

Re: [Qemu-devel] [Qemu-stable] Patch Round-up for stable 2.1.1, freeze on 2014-09-03

[Michael Roth]

Quoting Michael Roth (2014-08-27 12:35:57)
> Hi everyone,
> 
> The following new patches are queued for QEMU stable v2.1.1:
> 
>   https://github.com/mdroth/qemu/commits/stable-2.1-staging

As of now the following additional patches have been applied to
the 2.1.1 staging tree (see stable commit for upstream commit ref):

  a7f9ea2 qxl-render: add more sanity checks
  1511595 target-arm: Correct Cortex-A57 ISAR5 and AA64ISAR0 ID register values
  44a1530 target-arm: Fix regression that disabled VFP for ARMv5 CPUs
  95dcaa4 x86: Clear MTRRs on vCPU reset
  7fd25d3 x86: kvm: Add MTRR support for kvm_get|put_msrs()
  0f9c63b x86: Use common variable range MTRR counts
  0c69595 target-i386: Don't forbid NX bit on PAE PDEs and PTEs
  89713cb vl: process -object after other backend options
  93dcbd3 spapr_pci: map the MSI window in each PHB

The following patches have been Cc'd to qemu-stable and are still
pending upstream commit/merge:

  [PATCH] virtio-net: don't run bh on vm stopped (Michael S. Tsirkin)
    * pull just sent by Michael Tsirkin
  [PATCH] net: prevent sending packets while guest is stopped (Stefan Hajnoczi)
  [PATCH v2 2/4] pci: Avoid losing config updates to MSI/MSIX cap regs (Knut Omang)
  [PATCH V4] net: Forbid dealing with packets when VM is not running (zhanghailiang)
    * looks like Stefan has this queued for net
  [PATCH V2] acpi-build: Set FORCE_APIC_CLUSTER_MODEL bit for FADT flags (zhanghailiang)
  [RESEND v2 0/3] Fix some memory leaks about query memdev (Chen Fan)
    * looks like Michael Tokarev has this queued for trivial
  [PATCH] target-i386: Support migratable=no properly (Eduardo Habkost)
    * pinged
  [PATCH 1/3] pc: Fix disabling of vapic for compat PC models (Jan Kiszka)
    * pinged
  [PATCH] pty: Fix byte loss bug when connecting to pty (Sebastian Tanase)
    * pinged, presumably going through Gerd's tree

Let me know if anything is missing.

> 
> The release is planned for 2014-09-08:
> 
>   http://wiki.qemu.org/Planning/2.1
> 
> Please respond here or CC qemu-stable@nongnu.org on any patches you
> think should be included in the release.
> 
> Testing/feedback is greatly appreciated.
> 
> Thanks!
> 
> ----------------------------------------------------------------
> Alex Williamson (1):
>       vfio: Fix MSI-X vector expansion
> 
> Ben Draper (1):
>       vmxnet3: Pad short frames to minimum size (60 bytes)
> 
> Christoffer Dall (2):
>       target-arm: Rename QEMU PSCI v0.1 definitions
>       arm/virt: Use PSCI v0.2 function IDs in the DT when KVM uses PSCI v0.2
> 
> Fam Zheng (1):
>       blkdebug: Delete BH in bdrv_aio_cancel
> 
> Gonglei (1):
>       pcihp: fix possible array out of bounds
> 
> Hu Tao (3):
>       hw:i386: typo fix: MEMORY_HOPTLUG_DEVICE -> MEMORY_HOTPLUG_DEVICE
>       pc-dimm: validate node property
>       numa: show hex number in error message for consistency and prefix them with 0x
> 
> Jan Kiszka (1):
>       pci: Use bus master address space for delivering MSI/MSI-X messages
> 
> Michael S. Tsirkin (4):
>       pc-dimm: fix up error message
>       acpi: align RSDP
>       hostmem: set MPOL_MF_MOVE
>       pc: reserve more memory for ACPI for new machine types
> 
> Michael Tokarev (2):
>       l2tpv3 (configure): it is linux-specific
>       ide: only constrain read/write requests to drive size, not other types
> 
> Peter Lieven (1):
>       block/iscsi: fix memory corruption on iscsi resize
> 
> Peter Maydell (1):
>       target-arm: Fix return address for A64 BRK instructions
> 
> Stefan Hajnoczi (6):
>       qmp: hide "hotplugged" device property from device-list-properties
>       qdev-monitor: include QOM properties in -device FOO, help output
>       raw-posix: fix O_DIRECT short reads
>       qemu-iotests: add test case 101 for short file I/O
>       thread-pool: avoid per-thread-pool EventNotifier
>       thread-pool: avoid deadlock in nested aio_poll() calls
> 
> zhanghailiang (1):
>       virtio-blk: fix reference a pointer which might be freed
> 
>  backends/hostmem.c              |  2 +-
>  block/blkdebug.c                |  4 +++
>  block/iscsi.c                   |  3 ++-
>  block/raw-posix.c               |  9 +++++++
>  configure                       |  1 +
>  hw/acpi/pcihp.c                 |  2 +-
>  hw/arm/virt.c                   | 31 ++++++++++++++++++----
>  hw/block/virtio-blk.c           |  3 ++-
>  hw/i386/acpi-build.c            |  2 +-
>  hw/i386/acpi-dsdt.dsl           |  4 +--
>  hw/i386/acpi-dsdt.hex.generated |  8 +++---
>  hw/i386/pc.c                    | 12 ++++++---
>  hw/i386/pc_piix.c               |  1 +
>  hw/i386/pc_q35.c                |  1 +
>  hw/i386/q35-acpi-dsdt.dsl       |  4 +--
>  hw/i386/ssdt-mem.dsl            | 16 ++++++------
>  hw/i386/ssdt-misc.dsl           |  2 +-
>  hw/ide/core.c                   |  3 ++-
>  hw/mem/pc-dimm.c                |  6 +++++
>  hw/misc/vfio.c                  | 38 ++++++++++++++++++++-------
>  hw/net/vmxnet3.c                | 10 +++++++
>  hw/pci/msi.c                    |  2 +-
>  hw/pci/msix.c                   |  2 +-
>  include/hw/acpi/pc-hotplug.h    |  2 +-
>  include/hw/i386/pc.h            |  2 ++
>  numa.c                          |  4 +--
>  qdev-monitor.c                  | 40 ++++++++++++----------------
>  qmp.c                           |  1 +
>  target-arm/kvm-consts.h         | 49 ++++++++++++++++++++++++++--------
>  target-arm/translate-a64.c      |  2 +-
>  tests/qemu-iotests/101          | 58 +++++++++++++++++++++++++++++++++++++++++
>  tests/qemu-iotests/101.out      | 10 +++++++
>  tests/qemu-iotests/group        |  1 +
>  thread-pool.c                   | 27 ++++++++++---------
>  34 files changed, 269 insertions(+), 93 deletions(-)
>  create mode 100755 tests/qemu-iotests/101
>  create mode 100644 tests/qemu-iotests/101.out

Re: [Qemu-devel] [Qemu-stable] Patch Round-up for stable 2.1.1, freeze on 2014-09-03

[Michael S. Tsirkin]

On Tue, Sep 02, 2014 at 10:20:50AM -0500, Michael Roth wrote:
> Quoting Michael Roth (2014-08-27 12:35:57)
> > Hi everyone,
> > 
> > The following new patches are queued for QEMU stable v2.1.1:
> > 
> >   https://github.com/mdroth/qemu/commits/stable-2.1-staging
> 
> As of now the following additional patches have been applied to
> the 2.1.1 staging tree (see stable commit for upstream commit ref):
> 
>   a7f9ea2 qxl-render: add more sanity checks
>   1511595 target-arm: Correct Cortex-A57 ISAR5 and AA64ISAR0 ID register values
>   44a1530 target-arm: Fix regression that disabled VFP for ARMv5 CPUs
>   95dcaa4 x86: Clear MTRRs on vCPU reset
>   7fd25d3 x86: kvm: Add MTRR support for kvm_get|put_msrs()
>   0f9c63b x86: Use common variable range MTRR counts
>   0c69595 target-i386: Don't forbid NX bit on PAE PDEs and PTEs
>   89713cb vl: process -object after other backend options
>   93dcbd3 spapr_pci: map the MSI window in each PHB
> 
> The following patches have been Cc'd to qemu-stable and are still
> pending upstream commit/merge:
> 
>   [PATCH] virtio-net: don't run bh on vm stopped (Michael S. Tsirkin)
>     * pull just sent by Michael Tsirkin
>   [PATCH] net: prevent sending packets while guest is stopped (Stefan Hajnoczi)
>   [PATCH v2 2/4] pci: Avoid losing config updates to MSI/MSIX cap regs (Knut Omang)

	this is also in that pull

>   [PATCH V4] net: Forbid dealing with packets when VM is not running (zhanghailiang)
>     * looks like Stefan has this queued for net
>   [PATCH V2] acpi-build: Set FORCE_APIC_CLUSTER_MODEL bit for FADT flags (zhanghailiang)

	hmm I forgot to include that one. I'll redo the pull request.

>   [RESEND v2 0/3] Fix some memory leaks about query memdev (Chen Fan)
>     * looks like Michael Tokarev has this queued for trivial
>   [PATCH] target-i386: Support migratable=no properly (Eduardo Habkost)
>     * pinged
>   [PATCH 1/3] pc: Fix disabling of vapic for compat PC models (Jan Kiszka)
>     * pinged
>   [PATCH] pty: Fix byte loss bug when connecting to pty (Sebastian Tanase)
>     * pinged, presumably going through Gerd's tree
> 
> Let me know if anything is missing.
> 
> > 
> > The release is planned for 2014-09-08:
> > 
> >   http://wiki.qemu.org/Planning/2.1
> > 
> > Please respond here or CC qemu-stable@nongnu.org on any patches you
> > think should be included in the release.
> > 
> > Testing/feedback is greatly appreciated.
> > 
> > Thanks!
> > 
> > ----------------------------------------------------------------
> > Alex Williamson (1):
> >       vfio: Fix MSI-X vector expansion
> > 
> > Ben Draper (1):
> >       vmxnet3: Pad short frames to minimum size (60 bytes)
> > 
> > Christoffer Dall (2):
> >       target-arm: Rename QEMU PSCI v0.1 definitions
> >       arm/virt: Use PSCI v0.2 function IDs in the DT when KVM uses PSCI v0.2
> > 
> > Fam Zheng (1):
> >       blkdebug: Delete BH in bdrv_aio_cancel
> > 
> > Gonglei (1):
> >       pcihp: fix possible array out of bounds
> > 
> > Hu Tao (3):
> >       hw:i386: typo fix: MEMORY_HOPTLUG_DEVICE -> MEMORY_HOTPLUG_DEVICE
> >       pc-dimm: validate node property
> >       numa: show hex number in error message for consistency and prefix them with 0x
> > 
> > Jan Kiszka (1):
> >       pci: Use bus master address space for delivering MSI/MSI-X messages
> > 
> > Michael S. Tsirkin (4):
> >       pc-dimm: fix up error message
> >       acpi: align RSDP
> >       hostmem: set MPOL_MF_MOVE
> >       pc: reserve more memory for ACPI for new machine types
> > 
> > Michael Tokarev (2):
> >       l2tpv3 (configure): it is linux-specific
> >       ide: only constrain read/write requests to drive size, not other types
> > 
> > Peter Lieven (1):
> >       block/iscsi: fix memory corruption on iscsi resize
> > 
> > Peter Maydell (1):
> >       target-arm: Fix return address for A64 BRK instructions
> > 
> > Stefan Hajnoczi (6):
> >       qmp: hide "hotplugged" device property from device-list-properties
> >       qdev-monitor: include QOM properties in -device FOO, help output
> >       raw-posix: fix O_DIRECT short reads
> >       qemu-iotests: add test case 101 for short file I/O
> >       thread-pool: avoid per-thread-pool EventNotifier
> >       thread-pool: avoid deadlock in nested aio_poll() calls
> > 
> > zhanghailiang (1):
> >       virtio-blk: fix reference a pointer which might be freed
> > 
> >  backends/hostmem.c              |  2 +-
> >  block/blkdebug.c                |  4 +++
> >  block/iscsi.c                   |  3 ++-
> >  block/raw-posix.c               |  9 +++++++
> >  configure                       |  1 +
> >  hw/acpi/pcihp.c                 |  2 +-
> >  hw/arm/virt.c                   | 31 ++++++++++++++++++----
> >  hw/block/virtio-blk.c           |  3 ++-
> >  hw/i386/acpi-build.c            |  2 +-
> >  hw/i386/acpi-dsdt.dsl           |  4 +--
> >  hw/i386/acpi-dsdt.hex.generated |  8 +++---
> >  hw/i386/pc.c                    | 12 ++++++---
> >  hw/i386/pc_piix.c               |  1 +
> >  hw/i386/pc_q35.c                |  1 +
> >  hw/i386/q35-acpi-dsdt.dsl       |  4 +--
> >  hw/i386/ssdt-mem.dsl            | 16 ++++++------
> >  hw/i386/ssdt-misc.dsl           |  2 +-
> >  hw/ide/core.c                   |  3 ++-
> >  hw/mem/pc-dimm.c                |  6 +++++
> >  hw/misc/vfio.c                  | 38 ++++++++++++++++++++-------
> >  hw/net/vmxnet3.c                | 10 +++++++
> >  hw/pci/msi.c                    |  2 +-
> >  hw/pci/msix.c                   |  2 +-
> >  include/hw/acpi/pc-hotplug.h    |  2 +-
> >  include/hw/i386/pc.h            |  2 ++
> >  numa.c                          |  4 +--
> >  qdev-monitor.c                  | 40 ++++++++++++----------------
> >  qmp.c                           |  1 +
> >  target-arm/kvm-consts.h         | 49 ++++++++++++++++++++++++++--------
> >  target-arm/translate-a64.c      |  2 +-
> >  tests/qemu-iotests/101          | 58 +++++++++++++++++++++++++++++++++++++++++
> >  tests/qemu-iotests/101.out      | 10 +++++++
> >  tests/qemu-iotests/group        |  1 +
> >  thread-pool.c                   | 27 ++++++++++---------
> >  34 files changed, 269 insertions(+), 93 deletions(-)
> >  create mode 100755 tests/qemu-iotests/101
> >  create mode 100644 tests/qemu-iotests/101.out

Re: [Qemu-devel] [Qemu-stable] Patch Round-up for stable 2.1.1, freeze on 2014-09-03

[Michael S. Tsirkin]

On Tue, Sep 02, 2014 at 06:25:46PM +0300, Michael S. Tsirkin wrote:
> On Tue, Sep 02, 2014 at 10:20:50AM -0500, Michael Roth wrote:
> > Quoting Michael Roth (2014-08-27 12:35:57)
> > > Hi everyone,
> > > 
> > > The following new patches are queued for QEMU stable v2.1.1:
> > > 
> > >   https://github.com/mdroth/qemu/commits/stable-2.1-staging
> > 
> > As of now the following additional patches have been applied to
> > the 2.1.1 staging tree (see stable commit for upstream commit ref):
> > 
> >   a7f9ea2 qxl-render: add more sanity checks
> >   1511595 target-arm: Correct Cortex-A57 ISAR5 and AA64ISAR0 ID register values
> >   44a1530 target-arm: Fix regression that disabled VFP for ARMv5 CPUs
> >   95dcaa4 x86: Clear MTRRs on vCPU reset
> >   7fd25d3 x86: kvm: Add MTRR support for kvm_get|put_msrs()
> >   0f9c63b x86: Use common variable range MTRR counts
> >   0c69595 target-i386: Don't forbid NX bit on PAE PDEs and PTEs
> >   89713cb vl: process -object after other backend options
> >   93dcbd3 spapr_pci: map the MSI window in each PHB
> > 
> > The following patches have been Cc'd to qemu-stable and are still
> > pending upstream commit/merge:
> > 
> >   [PATCH] virtio-net: don't run bh on vm stopped (Michael S. Tsirkin)
> >     * pull just sent by Michael Tsirkin
> >   [PATCH] net: prevent sending packets while guest is stopped (Stefan Hajnoczi)
> >   [PATCH v2 2/4] pci: Avoid losing config updates to MSI/MSIX cap regs (Knut Omang)
> 
> 	this is also in that pull
> 
> >   [PATCH V4] net: Forbid dealing with packets when VM is not running (zhanghailiang)
> >     * looks like Stefan has this queued for net
> >   [PATCH V2] acpi-build: Set FORCE_APIC_CLUSTER_MODEL bit for FADT flags (zhanghailiang)
> 
> 	hmm I forgot to include that one. I'll redo the pull request.

or maybe not
I recalled why I didn't include it - I wanted someone else to review it
first

if it's ready, I'll send it separately tomorrow


> >   [RESEND v2 0/3] Fix some memory leaks about query memdev (Chen Fan)
> >     * looks like Michael Tokarev has this queued for trivial
> >   [PATCH] target-i386: Support migratable=no properly (Eduardo Habkost)
> >     * pinged
> >   [PATCH 1/3] pc: Fix disabling of vapic for compat PC models (Jan Kiszka)
> >     * pinged
> >   [PATCH] pty: Fix byte loss bug when connecting to pty (Sebastian Tanase)
> >     * pinged, presumably going through Gerd's tree
> > 
> > Let me know if anything is missing.
> > 
> > > 
> > > The release is planned for 2014-09-08:
> > > 
> > >   http://wiki.qemu.org/Planning/2.1
> > > 
> > > Please respond here or CC qemu-stable@nongnu.org on any patches you
> > > think should be included in the release.
> > > 
> > > Testing/feedback is greatly appreciated.
> > > 
> > > Thanks!
> > > 
> > > ----------------------------------------------------------------
> > > Alex Williamson (1):
> > >       vfio: Fix MSI-X vector expansion
> > > 
> > > Ben Draper (1):
> > >       vmxnet3: Pad short frames to minimum size (60 bytes)
> > > 
> > > Christoffer Dall (2):
> > >       target-arm: Rename QEMU PSCI v0.1 definitions
> > >       arm/virt: Use PSCI v0.2 function IDs in the DT when KVM uses PSCI v0.2
> > > 
> > > Fam Zheng (1):
> > >       blkdebug: Delete BH in bdrv_aio_cancel
> > > 
> > > Gonglei (1):
> > >       pcihp: fix possible array out of bounds
> > > 
> > > Hu Tao (3):
> > >       hw:i386: typo fix: MEMORY_HOPTLUG_DEVICE -> MEMORY_HOTPLUG_DEVICE
> > >       pc-dimm: validate node property
> > >       numa: show hex number in error message for consistency and prefix them with 0x
> > > 
> > > Jan Kiszka (1):
> > >       pci: Use bus master address space for delivering MSI/MSI-X messages
> > > 
> > > Michael S. Tsirkin (4):
> > >       pc-dimm: fix up error message
> > >       acpi: align RSDP
> > >       hostmem: set MPOL_MF_MOVE
> > >       pc: reserve more memory for ACPI for new machine types
> > > 
> > > Michael Tokarev (2):
> > >       l2tpv3 (configure): it is linux-specific
> > >       ide: only constrain read/write requests to drive size, not other types
> > > 
> > > Peter Lieven (1):
> > >       block/iscsi: fix memory corruption on iscsi resize
> > > 
> > > Peter Maydell (1):
> > >       target-arm: Fix return address for A64 BRK instructions
> > > 
> > > Stefan Hajnoczi (6):
> > >       qmp: hide "hotplugged" device property from device-list-properties
> > >       qdev-monitor: include QOM properties in -device FOO, help output
> > >       raw-posix: fix O_DIRECT short reads
> > >       qemu-iotests: add test case 101 for short file I/O
> > >       thread-pool: avoid per-thread-pool EventNotifier
> > >       thread-pool: avoid deadlock in nested aio_poll() calls
> > > 
> > > zhanghailiang (1):
> > >       virtio-blk: fix reference a pointer which might be freed
> > > 
> > >  backends/hostmem.c              |  2 +-
> > >  block/blkdebug.c                |  4 +++
> > >  block/iscsi.c                   |  3 ++-
> > >  block/raw-posix.c               |  9 +++++++
> > >  configure                       |  1 +
> > >  hw/acpi/pcihp.c                 |  2 +-
> > >  hw/arm/virt.c                   | 31 ++++++++++++++++++----
> > >  hw/block/virtio-blk.c           |  3 ++-
> > >  hw/i386/acpi-build.c            |  2 +-
> > >  hw/i386/acpi-dsdt.dsl           |  4 +--
> > >  hw/i386/acpi-dsdt.hex.generated |  8 +++---
> > >  hw/i386/pc.c                    | 12 ++++++---
> > >  hw/i386/pc_piix.c               |  1 +
> > >  hw/i386/pc_q35.c                |  1 +
> > >  hw/i386/q35-acpi-dsdt.dsl       |  4 +--
> > >  hw/i386/ssdt-mem.dsl            | 16 ++++++------
> > >  hw/i386/ssdt-misc.dsl           |  2 +-
> > >  hw/ide/core.c                   |  3 ++-
> > >  hw/mem/pc-dimm.c                |  6 +++++
> > >  hw/misc/vfio.c                  | 38 ++++++++++++++++++++-------
> > >  hw/net/vmxnet3.c                | 10 +++++++
> > >  hw/pci/msi.c                    |  2 +-
> > >  hw/pci/msix.c                   |  2 +-
> > >  include/hw/acpi/pc-hotplug.h    |  2 +-
> > >  include/hw/i386/pc.h            |  2 ++
> > >  numa.c                          |  4 +--
> > >  qdev-monitor.c                  | 40 ++++++++++++----------------
> > >  qmp.c                           |  1 +
> > >  target-arm/kvm-consts.h         | 49 ++++++++++++++++++++++++++--------
> > >  target-arm/translate-a64.c      |  2 +-
> > >  tests/qemu-iotests/101          | 58 +++++++++++++++++++++++++++++++++++++++++
> > >  tests/qemu-iotests/101.out      | 10 +++++++
> > >  tests/qemu-iotests/group        |  1 +
> > >  thread-pool.c                   | 27 ++++++++++---------
> > >  34 files changed, 269 insertions(+), 93 deletions(-)
> > >  create mode 100755 tests/qemu-iotests/101
> > >  create mode 100644 tests/qemu-iotests/101.out

Re: [Qemu-devel] [Qemu-stable] Patch Round-up for stable 2.1.1, freeze on 2014-09-03

[Andrey Korolyov]

On Tue, Sep 2, 2014 at 7:27 PM, Michael S. Tsirkin <mst@redhat.com> wrote:
> On Tue, Sep 02, 2014 at 06:25:46PM +0300, Michael S. Tsirkin wrote:
>> On Tue, Sep 02, 2014 at 10:20:50AM -0500, Michael Roth wrote:
>> > Quoting Michael Roth (2014-08-27 12:35:57)
>> > > Hi everyone,
>> > >
>> > > The following new patches are queued for QEMU stable v2.1.1:
>> > >
>> > >   https://github.com/mdroth/qemu/commits/stable-2.1-staging
>> >
>> > As of now the following additional patches have been applied to
>> > the 2.1.1 staging tree (see stable commit for upstream commit ref):
>> >
>> >   a7f9ea2 qxl-render: add more sanity checks
>> >   1511595 target-arm: Correct Cortex-A57 ISAR5 and AA64ISAR0 ID register values
>> >   44a1530 target-arm: Fix regression that disabled VFP for ARMv5 CPUs
>> >   95dcaa4 x86: Clear MTRRs on vCPU reset
>> >   7fd25d3 x86: kvm: Add MTRR support for kvm_get|put_msrs()
>> >   0f9c63b x86: Use common variable range MTRR counts
>> >   0c69595 target-i386: Don't forbid NX bit on PAE PDEs and PTEs
>> >   89713cb vl: process -object after other backend options
>> >   93dcbd3 spapr_pci: map the MSI window in each PHB
>> >
>> > The following patches have been Cc'd to qemu-stable and are still
>> > pending upstream commit/merge:
>> >
>> >   [PATCH] virtio-net: don't run bh on vm stopped (Michael S. Tsirkin)
>> >     * pull just sent by Michael Tsirkin
>> >   [PATCH] net: prevent sending packets while guest is stopped (Stefan Hajnoczi)
>> >   [PATCH v2 2/4] pci: Avoid losing config updates to MSI/MSIX cap regs (Knut Omang)
>>
>>       this is also in that pull
>>
>> >   [PATCH V4] net: Forbid dealing with packets when VM is not running (zhanghailiang)
>> >     * looks like Stefan has this queued for net
>> >   [PATCH V2] acpi-build: Set FORCE_APIC_CLUSTER_MODEL bit for FADT flags (zhanghailiang)
>>
>>       hmm I forgot to include that one. I'll redo the pull request.
>
> or maybe not
> I recalled why I didn't include it - I wanted someone else to review it
> first
>
> if it's ready, I'll send it separately tomorrow
>
>
>> >   [RESEND v2 0/3] Fix some memory leaks about query memdev (Chen Fan)
>> >     * looks like Michael Tokarev has this queued for trivial
>> >   [PATCH] target-i386: Support migratable=no properly (Eduardo Habkost)
>> >     * pinged
>> >   [PATCH 1/3] pc: Fix disabling of vapic for compat PC models (Jan Kiszka)
>> >     * pinged
>> >   [PATCH] pty: Fix byte loss bug when connecting to pty (Sebastian Tanase)
>> >     * pinged, presumably going through Gerd's tree
>> >
>> > Let me know if anything is missing.
>> >
>> > >
>> > > The release is planned for 2014-09-08:
>> > >
>> > >   http://wiki.qemu.org/Planning/2.1
>> > >
>> > > Please respond here or CC qemu-stable@nongnu.org on any patches you
>> > > think should be included in the release.
>> > >
>> > > Testing/feedback is greatly appreciated.
>> > >
>> > > Thanks!
>> > >
>> > > ----------------------------------------------------------------
>> > > Alex Williamson (1):
>> > >       vfio: Fix MSI-X vector expansion
>> > >
>> > > Ben Draper (1):
>> > >       vmxnet3: Pad short frames to minimum size (60 bytes)
>> > >
>> > > Christoffer Dall (2):
>> > >       target-arm: Rename QEMU PSCI v0.1 definitions
>> > >       arm/virt: Use PSCI v0.2 function IDs in the DT when KVM uses PSCI v0.2
>> > >
>> > > Fam Zheng (1):
>> > >       blkdebug: Delete BH in bdrv_aio_cancel
>> > >
>> > > Gonglei (1):
>> > >       pcihp: fix possible array out of bounds
>> > >
>> > > Hu Tao (3):
>> > >       hw:i386: typo fix: MEMORY_HOPTLUG_DEVICE -> MEMORY_HOTPLUG_DEVICE
>> > >       pc-dimm: validate node property
>> > >       numa: show hex number in error message for consistency and prefix them with 0x
>> > >
>> > > Jan Kiszka (1):
>> > >       pci: Use bus master address space for delivering MSI/MSI-X messages
>> > >
>> > > Michael S. Tsirkin (4):
>> > >       pc-dimm: fix up error message
>> > >       acpi: align RSDP
>> > >       hostmem: set MPOL_MF_MOVE
>> > >       pc: reserve more memory for ACPI for new machine types
>> > >
>> > > Michael Tokarev (2):
>> > >       l2tpv3 (configure): it is linux-specific
>> > >       ide: only constrain read/write requests to drive size, not other types
>> > >
>> > > Peter Lieven (1):
>> > >       block/iscsi: fix memory corruption on iscsi resize
>> > >
>> > > Peter Maydell (1):
>> > >       target-arm: Fix return address for A64 BRK instructions
>> > >
>> > > Stefan Hajnoczi (6):
>> > >       qmp: hide "hotplugged" device property from device-list-properties
>> > >       qdev-monitor: include QOM properties in -device FOO, help output
>> > >       raw-posix: fix O_DIRECT short reads
>> > >       qemu-iotests: add test case 101 for short file I/O
>> > >       thread-pool: avoid per-thread-pool EventNotifier
>> > >       thread-pool: avoid deadlock in nested aio_poll() calls
>> > >
>> > > zhanghailiang (1):
>> > >       virtio-blk: fix reference a pointer which might be freed
>> > >
>> > >  backends/hostmem.c              |  2 +-
>> > >  block/blkdebug.c                |  4 +++
>> > >  block/iscsi.c                   |  3 ++-
>> > >  block/raw-posix.c               |  9 +++++++
>> > >  configure                       |  1 +
>> > >  hw/acpi/pcihp.c                 |  2 +-
>> > >  hw/arm/virt.c                   | 31 ++++++++++++++++++----
>> > >  hw/block/virtio-blk.c           |  3 ++-
>> > >  hw/i386/acpi-build.c            |  2 +-
>> > >  hw/i386/acpi-dsdt.dsl           |  4 +--
>> > >  hw/i386/acpi-dsdt.hex.generated |  8 +++---
>> > >  hw/i386/pc.c                    | 12 ++++++---
>> > >  hw/i386/pc_piix.c               |  1 +
>> > >  hw/i386/pc_q35.c                |  1 +
>> > >  hw/i386/q35-acpi-dsdt.dsl       |  4 +--
>> > >  hw/i386/ssdt-mem.dsl            | 16 ++++++------
>> > >  hw/i386/ssdt-misc.dsl           |  2 +-
>> > >  hw/ide/core.c                   |  3 ++-
>> > >  hw/mem/pc-dimm.c                |  6 +++++
>> > >  hw/misc/vfio.c                  | 38 ++++++++++++++++++++-------
>> > >  hw/net/vmxnet3.c                | 10 +++++++
>> > >  hw/pci/msi.c                    |  2 +-
>> > >  hw/pci/msix.c                   |  2 +-
>> > >  include/hw/acpi/pc-hotplug.h    |  2 +-
>> > >  include/hw/i386/pc.h            |  2 ++
>> > >  numa.c                          |  4 +--
>> > >  qdev-monitor.c                  | 40 ++++++++++++----------------
>> > >  qmp.c                           |  1 +
>> > >  target-arm/kvm-consts.h         | 49 ++++++++++++++++++++++++++--------
>> > >  target-arm/translate-a64.c      |  2 +-
>> > >  tests/qemu-iotests/101          | 58 +++++++++++++++++++++++++++++++++++++++++
>> > >  tests/qemu-iotests/101.out      | 10 +++++++
>> > >  tests/qemu-iotests/group        |  1 +
>> > >  thread-pool.c                   | 27 ++++++++++---------
>> > >  34 files changed, 269 insertions(+), 93 deletions(-)
>> > >  create mode 100755 tests/qemu-iotests/101
>> > >  create mode 100644 tests/qemu-iotests/101.out
>


Hi, I`ve got assertion failure while testing upcoming tree with net
patches applied after start - boot - reset cycle of an i686 VM.

qemu-system-x86_64:
/tmp/buildd/qemu-2.1.0+f1/hw/net/virtio-net.c:1543:
virtio_net_guest_notifier_mask: Assertion `n->vhost_started' failed.

net patches applied:
383004 New          [V4] net: Forbid dealing with packets when VM is not  zhiang
385148 New          net: prevent sending packets while guest is stopped
385177 New          [PULL,09/13] vhost_net: cleanup start/stop condition
385180 New          [PULL,11/13] virtio-net: don't run bh on vm stopped
385179 New          [PULL,12/13] pci: avoid losing config updates to
MSI/MSIX cap regs
385181 New          [PULL,13/13] vhost_net: start/stop guest notifiers properly

bad one is the

Author: Jason Wang <jasowang@redhat.com>
Date:   Tue Sep 2 18:07:46 2014 +0300

    vhost_net: start/stop guest notifiers properly

Re: [Qemu-devel] [Qemu-stable] Patch Round-up for stable 2.1.1, freeze on 2014-09-03

[Michael Roth]

Quoting Andrey Korolyov (2014-09-02 12:33:13)
> On Tue, Sep 2, 2014 at 7:27 PM, Michael S. Tsirkin <mst@redhat.com> wrote:
> > On Tue, Sep 02, 2014 at 06:25:46PM +0300, Michael S. Tsirkin wrote:
> >> On Tue, Sep 02, 2014 at 10:20:50AM -0500, Michael Roth wrote:
> >> > Quoting Michael Roth (2014-08-27 12:35:57)
> >> > > Hi everyone,
> >> > >
> >> > > The following new patches are queued for QEMU stable v2.1.1:
> >> > >
> >> > >   https://github.com/mdroth/qemu/commits/stable-2.1-staging
> >> >
> >> > As of now the following additional patches have been applied to
> >> > the 2.1.1 staging tree (see stable commit for upstream commit ref):
> >> >
> >> >   a7f9ea2 qxl-render: add more sanity checks
> >> >   1511595 target-arm: Correct Cortex-A57 ISAR5 and AA64ISAR0 ID register values
> >> >   44a1530 target-arm: Fix regression that disabled VFP for ARMv5 CPUs
> >> >   95dcaa4 x86: Clear MTRRs on vCPU reset
> >> >   7fd25d3 x86: kvm: Add MTRR support for kvm_get|put_msrs()
> >> >   0f9c63b x86: Use common variable range MTRR counts
> >> >   0c69595 target-i386: Don't forbid NX bit on PAE PDEs and PTEs
> >> >   89713cb vl: process -object after other backend options
> >> >   93dcbd3 spapr_pci: map the MSI window in each PHB
> >> >
> >> > The following patches have been Cc'd to qemu-stable and are still
> >> > pending upstream commit/merge:
> >> >
> >> >   [PATCH] virtio-net: don't run bh on vm stopped (Michael S. Tsirkin)
> >> >     * pull just sent by Michael Tsirkin
> >> >   [PATCH] net: prevent sending packets while guest is stopped (Stefan Hajnoczi)
> >> >   [PATCH v2 2/4] pci: Avoid losing config updates to MSI/MSIX cap regs (Knut Omang)
> >>
> >>       this is also in that pull
> >>
> >> >   [PATCH V4] net: Forbid dealing with packets when VM is not running (zhanghailiang)
> >> >     * looks like Stefan has this queued for net
> >> >   [PATCH V2] acpi-build: Set FORCE_APIC_CLUSTER_MODEL bit for FADT flags (zhanghailiang)
> >>
> >>       hmm I forgot to include that one. I'll redo the pull request.
> >
> > or maybe not
> > I recalled why I didn't include it - I wanted someone else to review it
> > first
> >
> > if it's ready, I'll send it separately tomorrow
> >
> >
> >> >   [RESEND v2 0/3] Fix some memory leaks about query memdev (Chen Fan)
> >> >     * looks like Michael Tokarev has this queued for trivial
> >> >   [PATCH] target-i386: Support migratable=no properly (Eduardo Habkost)
> >> >     * pinged
> >> >   [PATCH 1/3] pc: Fix disabling of vapic for compat PC models (Jan Kiszka)
> >> >     * pinged
> >> >   [PATCH] pty: Fix byte loss bug when connecting to pty (Sebastian Tanase)
> >> >     * pinged, presumably going through Gerd's tree
> >> >
> >> > Let me know if anything is missing.
> >> >
> >> > >
> >> > > The release is planned for 2014-09-08:
> >> > >
> >> > >   http://wiki.qemu.org/Planning/2.1
> >> > >
> >> > > Please respond here or CC qemu-stable@nongnu.org on any patches you
> >> > > think should be included in the release.
> >> > >
> >> > > Testing/feedback is greatly appreciated.
> >> > >
> >> > > Thanks!
> >> > >
> >> > > ----------------------------------------------------------------
> >> > > Alex Williamson (1):
> >> > >       vfio: Fix MSI-X vector expansion
> >> > >
> >> > > Ben Draper (1):
> >> > >       vmxnet3: Pad short frames to minimum size (60 bytes)
> >> > >
> >> > > Christoffer Dall (2):
> >> > >       target-arm: Rename QEMU PSCI v0.1 definitions
> >> > >       arm/virt: Use PSCI v0.2 function IDs in the DT when KVM uses PSCI v0.2
> >> > >
> >> > > Fam Zheng (1):
> >> > >       blkdebug: Delete BH in bdrv_aio_cancel
> >> > >
> >> > > Gonglei (1):
> >> > >       pcihp: fix possible array out of bounds
> >> > >
> >> > > Hu Tao (3):
> >> > >       hw:i386: typo fix: MEMORY_HOPTLUG_DEVICE -> MEMORY_HOTPLUG_DEVICE
> >> > >       pc-dimm: validate node property
> >> > >       numa: show hex number in error message for consistency and prefix them with 0x
> >> > >
> >> > > Jan Kiszka (1):
> >> > >       pci: Use bus master address space for delivering MSI/MSI-X messages
> >> > >
> >> > > Michael S. Tsirkin (4):
> >> > >       pc-dimm: fix up error message
> >> > >       acpi: align RSDP
> >> > >       hostmem: set MPOL_MF_MOVE
> >> > >       pc: reserve more memory for ACPI for new machine types
> >> > >
> >> > > Michael Tokarev (2):
> >> > >       l2tpv3 (configure): it is linux-specific
> >> > >       ide: only constrain read/write requests to drive size, not other types
> >> > >
> >> > > Peter Lieven (1):
> >> > >       block/iscsi: fix memory corruption on iscsi resize
> >> > >
> >> > > Peter Maydell (1):
> >> > >       target-arm: Fix return address for A64 BRK instructions
> >> > >
> >> > > Stefan Hajnoczi (6):
> >> > >       qmp: hide "hotplugged" device property from device-list-properties
> >> > >       qdev-monitor: include QOM properties in -device FOO, help output
> >> > >       raw-posix: fix O_DIRECT short reads
> >> > >       qemu-iotests: add test case 101 for short file I/O
> >> > >       thread-pool: avoid per-thread-pool EventNotifier
> >> > >       thread-pool: avoid deadlock in nested aio_poll() calls
> >> > >
> >> > > zhanghailiang (1):
> >> > >       virtio-blk: fix reference a pointer which might be freed
> >> > >
> >> > >  backends/hostmem.c              |  2 +-
> >> > >  block/blkdebug.c                |  4 +++
> >> > >  block/iscsi.c                   |  3 ++-
> >> > >  block/raw-posix.c               |  9 +++++++
> >> > >  configure                       |  1 +
> >> > >  hw/acpi/pcihp.c                 |  2 +-
> >> > >  hw/arm/virt.c                   | 31 ++++++++++++++++++----
> >> > >  hw/block/virtio-blk.c           |  3 ++-
> >> > >  hw/i386/acpi-build.c            |  2 +-
> >> > >  hw/i386/acpi-dsdt.dsl           |  4 +--
> >> > >  hw/i386/acpi-dsdt.hex.generated |  8 +++---
> >> > >  hw/i386/pc.c                    | 12 ++++++---
> >> > >  hw/i386/pc_piix.c               |  1 +
> >> > >  hw/i386/pc_q35.c                |  1 +
> >> > >  hw/i386/q35-acpi-dsdt.dsl       |  4 +--
> >> > >  hw/i386/ssdt-mem.dsl            | 16 ++++++------
> >> > >  hw/i386/ssdt-misc.dsl           |  2 +-
> >> > >  hw/ide/core.c                   |  3 ++-
> >> > >  hw/mem/pc-dimm.c                |  6 +++++
> >> > >  hw/misc/vfio.c                  | 38 ++++++++++++++++++++-------
> >> > >  hw/net/vmxnet3.c                | 10 +++++++
> >> > >  hw/pci/msi.c                    |  2 +-
> >> > >  hw/pci/msix.c                   |  2 +-
> >> > >  include/hw/acpi/pc-hotplug.h    |  2 +-
> >> > >  include/hw/i386/pc.h            |  2 ++
> >> > >  numa.c                          |  4 +--
> >> > >  qdev-monitor.c                  | 40 ++++++++++++----------------
> >> > >  qmp.c                           |  1 +
> >> > >  target-arm/kvm-consts.h         | 49 ++++++++++++++++++++++++++--------
> >> > >  target-arm/translate-a64.c      |  2 +-
> >> > >  tests/qemu-iotests/101          | 58 +++++++++++++++++++++++++++++++++++++++++
> >> > >  tests/qemu-iotests/101.out      | 10 +++++++
> >> > >  tests/qemu-iotests/group        |  1 +
> >> > >  thread-pool.c                   | 27 ++++++++++---------
> >> > >  34 files changed, 269 insertions(+), 93 deletions(-)
> >> > >  create mode 100755 tests/qemu-iotests/101
> >> > >  create mode 100644 tests/qemu-iotests/101.out
> >
> 
> 
> Hi, I`ve got assertion failure while testing upcoming tree with net
> patches applied after start - boot - reset cycle of an i686 VM.

Thanks for testing! Is this a consistent failure? I'm unable to reproduce with
current 2.1.1 tree with these applied:

  0d33fef vhost_net: start/stop guest notifiers properly
  27066b6 pci: avoid losing config updates to MSI/MSIX cap regs
  64a953a virtio-net: don't run bh on vm stopped
  1dcb588 vhost_net: cleanup start/stop condition

I haven't tested with these but I don't see them coming into play in
this scenario:

  383004 New          [V4] net: Forbid dealing with packets when VM is not  zhiang
  385148 New          net: prevent sending packets while guest is stopped

I'm running a 32-bit fedora 15 guest via qemu x86_64, and confirmed vhost is
being started/stopped on each boot/reset. My command-line is:

./x86_64-softmmu/qemu-system-x86_64 -drive file=/home/mdroth/vm/fedora15_32.raw,if=virtio -smp 1 -m 512M -name vm3 -device virtio-net-pci,mac=52:54:00:12:34:03,netdev=netdev0,id=net0 -netdev tap,script=/etc/qemu-ifup,vhost=on,id=netdev0 -vnc :3 -device virtio-serial -balloon virtio -mon chardev=hmp0 -chardev socket,path=/tmp/vm3-hmp0.sock,server,nowait,id=hmp0 -mon chardev=qmp0,mode=control -chardev socket,path=/tmp/vm3-qmp0.sock,server,nowait,id=qmp0 -device virtserialport,chardev=vs0,name=vs0 -chardev socket,path=/tmp/vm3-vs0.sock,server,nowait,id=vs0 -device virtserialport,chardev=vs1,name=vs1 -chardev socket,path=/tmp/vm3-vs1.sock,server,nowait,id=vs1 -device virtserialport,chardev=qga,name=org.qemu.guest_agent.0 -chardev socket,path=/tmp/vm3-qga.sock,server,nowait,id=qga -device isa-serial,chardev=serial0 -chardev socket,path=/tmp/vm3-serial0.sock,server,nowait,id=serial0 -L ./pc-bios --enable-kvm

I've tried rebooting from within the guest as well as system_reset via
hmp and it doesn't seem to trigger on my end.

> 
> qemu-system-x86_64:
> /tmp/buildd/qemu-2.1.0+f1/hw/net/virtio-net.c:1543:
> virtio_net_guest_notifier_mask: Assertion `n->vhost_started' failed.
> 
> net patches applied:
> 383004 New          [V4] net: Forbid dealing with packets when VM is not  zhiang
> 385148 New          net: prevent sending packets while guest is stopped
> 385177 New          [PULL,09/13] vhost_net: cleanup start/stop condition
> 385180 New          [PULL,11/13] virtio-net: don't run bh on vm stopped
> 385179 New          [PULL,12/13] pci: avoid losing config updates to
> MSI/MSIX cap regs
> 385181 New          [PULL,13/13] vhost_net: start/stop guest notifiers properly
> 
> bad one is the
> 
> Author: Jason Wang <jasowang@redhat.com>
> Date:   Tue Sep 2 18:07:46 2014 +0300
> 
>     vhost_net: start/stop guest notifiers properly

Re: [Qemu-devel] [Qemu-stable] Patch Round-up for stable 2.1.1, freeze on 2014-09-03

[Michael S. Tsirkin]

On Tue, Sep 02, 2014 at 09:33:13PM +0400, Andrey Korolyov wrote:
> On Tue, Sep 2, 2014 at 7:27 PM, Michael S. Tsirkin <mst@redhat.com> wrote:
> > On Tue, Sep 02, 2014 at 06:25:46PM +0300, Michael S. Tsirkin wrote:
> >> On Tue, Sep 02, 2014 at 10:20:50AM -0500, Michael Roth wrote:
> >> > Quoting Michael Roth (2014-08-27 12:35:57)
> >> > > Hi everyone,
> >> > >
> >> > > The following new patches are queued for QEMU stable v2.1.1:
> >> > >
> >> > >   https://github.com/mdroth/qemu/commits/stable-2.1-staging
> >> >
> >> > As of now the following additional patches have been applied to
> >> > the 2.1.1 staging tree (see stable commit for upstream commit ref):
> >> >
> >> >   a7f9ea2 qxl-render: add more sanity checks
> >> >   1511595 target-arm: Correct Cortex-A57 ISAR5 and AA64ISAR0 ID register values
> >> >   44a1530 target-arm: Fix regression that disabled VFP for ARMv5 CPUs
> >> >   95dcaa4 x86: Clear MTRRs on vCPU reset
> >> >   7fd25d3 x86: kvm: Add MTRR support for kvm_get|put_msrs()
> >> >   0f9c63b x86: Use common variable range MTRR counts
> >> >   0c69595 target-i386: Don't forbid NX bit on PAE PDEs and PTEs
> >> >   89713cb vl: process -object after other backend options
> >> >   93dcbd3 spapr_pci: map the MSI window in each PHB
> >> >
> >> > The following patches have been Cc'd to qemu-stable and are still
> >> > pending upstream commit/merge:
> >> >
> >> >   [PATCH] virtio-net: don't run bh on vm stopped (Michael S. Tsirkin)
> >> >     * pull just sent by Michael Tsirkin
> >> >   [PATCH] net: prevent sending packets while guest is stopped (Stefan Hajnoczi)
> >> >   [PATCH v2 2/4] pci: Avoid losing config updates to MSI/MSIX cap regs (Knut Omang)
> >>
> >>       this is also in that pull
> >>
> >> >   [PATCH V4] net: Forbid dealing with packets when VM is not running (zhanghailiang)
> >> >     * looks like Stefan has this queued for net
> >> >   [PATCH V2] acpi-build: Set FORCE_APIC_CLUSTER_MODEL bit for FADT flags (zhanghailiang)
> >>
> >>       hmm I forgot to include that one. I'll redo the pull request.
> >
> > or maybe not
> > I recalled why I didn't include it - I wanted someone else to review it
> > first
> >
> > if it's ready, I'll send it separately tomorrow
> >
> >
> >> >   [RESEND v2 0/3] Fix some memory leaks about query memdev (Chen Fan)
> >> >     * looks like Michael Tokarev has this queued for trivial
> >> >   [PATCH] target-i386: Support migratable=no properly (Eduardo Habkost)
> >> >     * pinged
> >> >   [PATCH 1/3] pc: Fix disabling of vapic for compat PC models (Jan Kiszka)
> >> >     * pinged
> >> >   [PATCH] pty: Fix byte loss bug when connecting to pty (Sebastian Tanase)
> >> >     * pinged, presumably going through Gerd's tree
> >> >
> >> > Let me know if anything is missing.
> >> >
> >> > >
> >> > > The release is planned for 2014-09-08:
> >> > >
> >> > >   http://wiki.qemu.org/Planning/2.1
> >> > >
> >> > > Please respond here or CC qemu-stable@nongnu.org on any patches you
> >> > > think should be included in the release.
> >> > >
> >> > > Testing/feedback is greatly appreciated.
> >> > >
> >> > > Thanks!
> >> > >
> >> > > ----------------------------------------------------------------
> >> > > Alex Williamson (1):
> >> > >       vfio: Fix MSI-X vector expansion
> >> > >
> >> > > Ben Draper (1):
> >> > >       vmxnet3: Pad short frames to minimum size (60 bytes)
> >> > >
> >> > > Christoffer Dall (2):
> >> > >       target-arm: Rename QEMU PSCI v0.1 definitions
> >> > >       arm/virt: Use PSCI v0.2 function IDs in the DT when KVM uses PSCI v0.2
> >> > >
> >> > > Fam Zheng (1):
> >> > >       blkdebug: Delete BH in bdrv_aio_cancel
> >> > >
> >> > > Gonglei (1):
> >> > >       pcihp: fix possible array out of bounds
> >> > >
> >> > > Hu Tao (3):
> >> > >       hw:i386: typo fix: MEMORY_HOPTLUG_DEVICE -> MEMORY_HOTPLUG_DEVICE
> >> > >       pc-dimm: validate node property
> >> > >       numa: show hex number in error message for consistency and prefix them with 0x
> >> > >
> >> > > Jan Kiszka (1):
> >> > >       pci: Use bus master address space for delivering MSI/MSI-X messages
> >> > >
> >> > > Michael S. Tsirkin (4):
> >> > >       pc-dimm: fix up error message
> >> > >       acpi: align RSDP
> >> > >       hostmem: set MPOL_MF_MOVE
> >> > >       pc: reserve more memory for ACPI for new machine types
> >> > >
> >> > > Michael Tokarev (2):
> >> > >       l2tpv3 (configure): it is linux-specific
> >> > >       ide: only constrain read/write requests to drive size, not other types
> >> > >
> >> > > Peter Lieven (1):
> >> > >       block/iscsi: fix memory corruption on iscsi resize
> >> > >
> >> > > Peter Maydell (1):
> >> > >       target-arm: Fix return address for A64 BRK instructions
> >> > >
> >> > > Stefan Hajnoczi (6):
> >> > >       qmp: hide "hotplugged" device property from device-list-properties
> >> > >       qdev-monitor: include QOM properties in -device FOO, help output
> >> > >       raw-posix: fix O_DIRECT short reads
> >> > >       qemu-iotests: add test case 101 for short file I/O
> >> > >       thread-pool: avoid per-thread-pool EventNotifier
> >> > >       thread-pool: avoid deadlock in nested aio_poll() calls
> >> > >
> >> > > zhanghailiang (1):
> >> > >       virtio-blk: fix reference a pointer which might be freed
> >> > >
> >> > >  backends/hostmem.c              |  2 +-
> >> > >  block/blkdebug.c                |  4 +++
> >> > >  block/iscsi.c                   |  3 ++-
> >> > >  block/raw-posix.c               |  9 +++++++
> >> > >  configure                       |  1 +
> >> > >  hw/acpi/pcihp.c                 |  2 +-
> >> > >  hw/arm/virt.c                   | 31 ++++++++++++++++++----
> >> > >  hw/block/virtio-blk.c           |  3 ++-
> >> > >  hw/i386/acpi-build.c            |  2 +-
> >> > >  hw/i386/acpi-dsdt.dsl           |  4 +--
> >> > >  hw/i386/acpi-dsdt.hex.generated |  8 +++---
> >> > >  hw/i386/pc.c                    | 12 ++++++---
> >> > >  hw/i386/pc_piix.c               |  1 +
> >> > >  hw/i386/pc_q35.c                |  1 +
> >> > >  hw/i386/q35-acpi-dsdt.dsl       |  4 +--
> >> > >  hw/i386/ssdt-mem.dsl            | 16 ++++++------
> >> > >  hw/i386/ssdt-misc.dsl           |  2 +-
> >> > >  hw/ide/core.c                   |  3 ++-
> >> > >  hw/mem/pc-dimm.c                |  6 +++++
> >> > >  hw/misc/vfio.c                  | 38 ++++++++++++++++++++-------
> >> > >  hw/net/vmxnet3.c                | 10 +++++++
> >> > >  hw/pci/msi.c                    |  2 +-
> >> > >  hw/pci/msix.c                   |  2 +-
> >> > >  include/hw/acpi/pc-hotplug.h    |  2 +-
> >> > >  include/hw/i386/pc.h            |  2 ++
> >> > >  numa.c                          |  4 +--
> >> > >  qdev-monitor.c                  | 40 ++++++++++++----------------
> >> > >  qmp.c                           |  1 +
> >> > >  target-arm/kvm-consts.h         | 49 ++++++++++++++++++++++++++--------
> >> > >  target-arm/translate-a64.c      |  2 +-
> >> > >  tests/qemu-iotests/101          | 58 +++++++++++++++++++++++++++++++++++++++++
> >> > >  tests/qemu-iotests/101.out      | 10 +++++++
> >> > >  tests/qemu-iotests/group        |  1 +
> >> > >  thread-pool.c                   | 27 ++++++++++---------
> >> > >  34 files changed, 269 insertions(+), 93 deletions(-)
> >> > >  create mode 100755 tests/qemu-iotests/101
> >> > >  create mode 100644 tests/qemu-iotests/101.out
> >
> 
> 
> Hi, I`ve got assertion failure while testing upcoming tree with net
> patches applied after start - boot - reset cycle of an i686 VM.
> 
> qemu-system-x86_64:
> /tmp/buildd/qemu-2.1.0+f1/hw/net/virtio-net.c:1543:
> virtio_net_guest_notifier_mask: Assertion `n->vhost_started' failed.
> 
> net patches applied:
> 383004 New          [V4] net: Forbid dealing with packets when VM is not  zhiang
> 385148 New          net: prevent sending packets while guest is stopped
> 385177 New          [PULL,09/13] vhost_net: cleanup start/stop condition
> 385180 New          [PULL,11/13] virtio-net: don't run bh on vm stopped
> 385179 New          [PULL,12/13] pci: avoid losing config updates to
> MSI/MSIX cap regs
> 385181 New          [PULL,13/13] vhost_net: start/stop guest notifiers properly
> 
> bad one is the
> 
> Author: Jason Wang <jasowang@redhat.com>
> Date:   Tue Sep 2 18:07:46 2014 +0300
> 
>     vhost_net: start/stop guest notifiers properly



upstream has this (pull request sent today):
vhost_net: cleanup start/stop condition

Could you apply it and see if it helps please?

Michael, if it helps it should be before start/stop guest notifiers
ideally to avoid bisect problems.

-- 
MST

Re: [Qemu-devel] [Qemu-stable] Patch Round-up for stable 2.1.1, freeze on 2014-09-03

[Andrey Korolyov]

[-- Attachment #1: Type: text/plain, Size: 1086 bytes --]

On Wed, Sep 3, 2014 at 1:03 AM, Michael S. Tsirkin <mst@redhat.com> wrote:
>> bad one is the
>>
>> Author: Jason Wang <jasowang@redhat.com>
>> Date:   Tue Sep 2 18:07:46 2014 +0300
>>
>>     vhost_net: start/stop guest notifiers properly
>
>
>
> upstream has this (pull request sent today):
> vhost_net: cleanup start/stop condition
>
> Could you apply it and see if it helps please?
>
> Michael, if it helps it should be before start/stop guest notifiers
> ideally to avoid bisect problems.

It is already applied as shown from the list in the previous message
(there are some aio fixes too on top of 2.1 I picked before but they
should not impact vhost-net interaction in any mean). The symptoms are
a bit interesting - VM crashes only at PCI device initalization (e.g.
grub stage after reset and initrd unpacking are passing well, but then
things getting ugly). I am running 3.14 guest i686-pae kernel from
debian backports in guest, so it may be version-specific after all. If
it`ll be hard to reproduce, I can try 64bit, expecting same behavior.
Please find args in attached file.

[-- Attachment #2: launchstring.txt.gz --]
[-- Type: application/x-gzip, Size: 1059 bytes --]

Re: [Qemu-devel] [Qemu-stable] Patch Round-up for stable 2.1.1, freeze on 2014-09-03

[Michael S. Tsirkin]

On Wed, Sep 03, 2014 at 01:29:29AM +0400, Andrey Korolyov wrote:
> On Wed, Sep 3, 2014 at 1:03 AM, Michael S. Tsirkin <mst@redhat.com> wrote:
> >> bad one is the
> >>
> >> Author: Jason Wang <jasowang@redhat.com>
> >> Date:   Tue Sep 2 18:07:46 2014 +0300
> >>
> >>     vhost_net: start/stop guest notifiers properly
> >
> >
> >
> > upstream has this (pull request sent today):
> > vhost_net: cleanup start/stop condition
> >
> > Could you apply it and see if it helps please?
> >
> > Michael, if it helps it should be before start/stop guest notifiers
> > ideally to avoid bisect problems.
> 
> It is already applied as shown from the list in the previous message
> (there are some aio fixes too on top of 2.1 I picked before but they
> should not impact vhost-net interaction in any mean). The symptoms are
> a bit interesting - VM crashes only at PCI device initalization (e.g.
> grub stage after reset and initrd unpacking are passing well, but then
> things getting ugly). I am running 3.14 guest i686-pae kernel from
> debian backports in guest, so it may be version-specific after all. If
> it`ll be hard to reproduce, I can try 64bit, expecting same behavior.
> Please find args in attached file.



ok just to make sure - which tree do I clone exactly?

Re: [Qemu-devel] [Qemu-stable] Patch Round-up for stable 2.1.1, freeze on 2014-09-03

[Michael Roth]

Quoting Andrey Korolyov (2014-09-02 16:29:29)
> On Wed, Sep 3, 2014 at 1:03 AM, Michael S. Tsirkin <mst@redhat.com> wrote:
> >> bad one is the
> >>
> >> Author: Jason Wang <jasowang@redhat.com>
> >> Date:   Tue Sep 2 18:07:46 2014 +0300
> >>
> >>     vhost_net: start/stop guest notifiers properly
> >
> >
> >
> > upstream has this (pull request sent today):
> > vhost_net: cleanup start/stop condition
> >
> > Could you apply it and see if it helps please?
> >
> > Michael, if it helps it should be before start/stop guest notifiers
> > ideally to avoid bisect problems.
> 
> It is already applied as shown from the list in the previous message
> (there are some aio fixes too on top of 2.1 I picked before but they
> should not impact vhost-net interaction in any mean). The symptoms are

I also had it applied. Not sure what the main difference is with our
setups, but can't seem to reproduce it on my end. Also tried FC18 64-bit.

I have only 2.1.1 + the 4 commits mentioned in my previous email however,
so it may be worth retrying your test with only those applied as a sanity
check, or even just testing Michael's tree directly to confirm that the
right commit.

> a bit interesting - VM crashes only at PCI device initalization (e.g.
> grub stage after reset and initrd unpacking are passing well, but then
> things getting ugly). I am running 3.14 guest i686-pae kernel from
> debian backports in guest, so it may be version-specific after all. If
> it`ll be hard to reproduce, I can try 64bit, expecting same behavior.
> Please find args in attached file.

Re: [Qemu-devel] [Qemu-stable] Patch Round-up for stable 2.1.1, freeze on 2014-09-03

[Andrey Korolyov]

On Wed, Sep 3, 2014 at 1:51 AM, Michael S. Tsirkin <mst@redhat.com> wrote:
> On Wed, Sep 03, 2014 at 01:29:29AM +0400, Andrey Korolyov wrote:
>> On Wed, Sep 3, 2014 at 1:03 AM, Michael S. Tsirkin <mst@redhat.com> wrote:
>> >> bad one is the
>> >>
>> >> Author: Jason Wang <jasowang@redhat.com>
>> >> Date:   Tue Sep 2 18:07:46 2014 +0300
>> >>
>> >>     vhost_net: start/stop guest notifiers properly
>> >
>> >
>> >
>> > upstream has this (pull request sent today):
>> > vhost_net: cleanup start/stop condition
>> >
>> > Could you apply it and see if it helps please?
>> >
>> > Michael, if it helps it should be before start/stop guest notifiers
>> > ideally to avoid bisect problems.
>>
>> It is already applied as shown from the list in the previous message
>> (there are some aio fixes too on top of 2.1 I picked before but they
>> should not impact vhost-net interaction in any mean). The symptoms are
>> a bit interesting - VM crashes only at PCI device initalization (e.g.
>> grub stage after reset and initrd unpacking are passing well, but then
>> things getting ugly). I am running 3.14 guest i686-pae kernel from
>> debian backports in guest, so it may be version-specific after all. If
>> it`ll be hard to reproduce, I can try 64bit, expecting same behavior.
>> Please find args in attached file.
>
>
>
> ok just to make sure - which tree do I clone exactly?
>

https://github.com/mdroth/qemu.git stable-2.1-staging showing same
behavior for me with those patches

Re: [Qemu-devel] [Qemu-stable] Patch Round-up for stable 2.1.1, freeze on 2014-09-03

[Andrey Korolyov]

On Wed, Sep 3, 2014 at 2:09 AM, Andrey Korolyov <andrey@xdel.ru> wrote:
> On Wed, Sep 3, 2014 at 1:51 AM, Michael S. Tsirkin <mst@redhat.com> wrote:
>> On Wed, Sep 03, 2014 at 01:29:29AM +0400, Andrey Korolyov wrote:
>>> On Wed, Sep 3, 2014 at 1:03 AM, Michael S. Tsirkin <mst@redhat.com> wrote:
>>> >> bad one is the
>>> >>
>>> >> Author: Jason Wang <jasowang@redhat.com>
>>> >> Date:   Tue Sep 2 18:07:46 2014 +0300
>>> >>
>>> >>     vhost_net: start/stop guest notifiers properly
>>> >
>>> >
>>> >
>>> > upstream has this (pull request sent today):
>>> > vhost_net: cleanup start/stop condition
>>> >
>>> > Could you apply it and see if it helps please?
>>> >
>>> > Michael, if it helps it should be before start/stop guest notifiers
>>> > ideally to avoid bisect problems.
>>>
>>> It is already applied as shown from the list in the previous message
>>> (there are some aio fixes too on top of 2.1 I picked before but they
>>> should not impact vhost-net interaction in any mean). The symptoms are
>>> a bit interesting - VM crashes only at PCI device initalization (e.g.
>>> grub stage after reset and initrd unpacking are passing well, but then
>>> things getting ugly). I am running 3.14 guest i686-pae kernel from
>>> debian backports in guest, so it may be version-specific after all. If
>>> it`ll be hard to reproduce, I can try 64bit, expecting same behavior.
>>> Please find args in attached file.
>>
>>
>>
>> ok just to make sure - which tree do I clone exactly?
>>
>
> https://github.com/mdroth/qemu.git stable-2.1-staging showing same
> behavior for me with those patches

Forgot to mention important detail - I am playing with -mq now, so
actually virtio-net working in a bit different way than it may
expected (it also shown in args list from above, but someone may miss
it):
...
qemu-system-x86_64: unable to start vhost net: 95: falling back on
userspace virtio
qemu-system-x86_64: unable to start vhost net: 95: falling back on
userspace virtio
...

Re: [Qemu-devel] [Qemu-stable] Patch Round-up for stable 2.1.1, freeze on 2014-09-03

[Jason Wang]

On 09/03/2014 02:35 PM, Michael S. Tsirkin wrote:
> On Wed, Sep 03, 2014 at 02:17:02AM +0400, Andrey Korolyov wrote:
>> On Wed, Sep 3, 2014 at 2:09 AM, Andrey Korolyov <andrey@xdel.ru> wrote:
>>> On Wed, Sep 3, 2014 at 1:51 AM, Michael S. Tsirkin <mst@redhat.com> wrote:
>>>> On Wed, Sep 03, 2014 at 01:29:29AM +0400, Andrey Korolyov wrote:
>>>>> On Wed, Sep 3, 2014 at 1:03 AM, Michael S. Tsirkin <mst@redhat.com> wrote:
>>>>>>> bad one is the
>>>>>>>
>>>>>>> Author: Jason Wang <jasowang@redhat.com>
>>>>>>> Date:   Tue Sep 2 18:07:46 2014 +0300
>>>>>>>
>>>>>>>     vhost_net: start/stop guest notifiers properly
>>>>>>
>>>>>>
>>>>>> upstream has this (pull request sent today):
>>>>>> vhost_net: cleanup start/stop condition
>>>>>>
>>>>>> Could you apply it and see if it helps please?
>>>>>>
>>>>>> Michael, if it helps it should be before start/stop guest notifiers
>>>>>> ideally to avoid bisect problems.
>>>>> It is already applied as shown from the list in the previous message
>>>>> (there are some aio fixes too on top of 2.1 I picked before but they
>>>>> should not impact vhost-net interaction in any mean). The symptoms are
>>>>> a bit interesting - VM crashes only at PCI device initalization (e.g.
>>>>> grub stage after reset and initrd unpacking are passing well, but then
>>>>> things getting ugly). I am running 3.14 guest i686-pae kernel from
>>>>> debian backports in guest, so it may be version-specific after all. If
>>>>> it`ll be hard to reproduce, I can try 64bit, expecting same behavior.
>>>>> Please find args in attached file.
>>>>
>>>>
>>>> ok just to make sure - which tree do I clone exactly?
>>>>
>>> https://github.com/mdroth/qemu.git stable-2.1-staging showing same
>>> behavior for me with those patches
>> Forgot to mention important detail - I am playing with -mq now, so
>> actually virtio-net working in a bit different way than it may
>> expected (it also shown in args list from above, but someone may miss
>> it):
>> ...
>> qemu-system-x86_64: unable to start vhost net: 95: falling back on
>> userspace virtio
>> qemu-system-x86_64: unable to start vhost net: 95: falling back on
>> userspace virtio
>> ...
> Okay, so there's some bug in the error handling then.
> I'll dig into it - meanwhile can you please strace
> the binary to figure out which ioctl is failing?
>
> Or just trace it by hand: I am guessing vhost_net_start_one
> is the one failing here, add printfs there and check
> (note to self: we need more error messages in that function).
>
>

Looks like the issue was caused by this commit:

commit 2e6d46d77ed328d34a94688da8371bcbe243479b
Author: Nikolay Nikolaev <n.nikolaev@virtualopensystems.com>
Date:   Tue May 27 15:04:42 2014 +0300

    vhost: add vhost_get_features and vhost_ack_features

It remove the step of initialization of acked_features to
backend_features. This will result a unexpected value acked_features
which may fail during setting features.

Will post a patch for this.

Re: [Qemu-devel] [Qemu-stable] Patch Round-up for stable 2.1.1, freeze on 2014-09-03

[Michael S. Tsirkin]

On Wed, Sep 03, 2014 at 02:17:02AM +0400, Andrey Korolyov wrote:
> On Wed, Sep 3, 2014 at 2:09 AM, Andrey Korolyov <andrey@xdel.ru> wrote:
> > On Wed, Sep 3, 2014 at 1:51 AM, Michael S. Tsirkin <mst@redhat.com> wrote:
> >> On Wed, Sep 03, 2014 at 01:29:29AM +0400, Andrey Korolyov wrote:
> >>> On Wed, Sep 3, 2014 at 1:03 AM, Michael S. Tsirkin <mst@redhat.com> wrote:
> >>> >> bad one is the
> >>> >>
> >>> >> Author: Jason Wang <jasowang@redhat.com>
> >>> >> Date:   Tue Sep 2 18:07:46 2014 +0300
> >>> >>
> >>> >>     vhost_net: start/stop guest notifiers properly
> >>> >
> >>> >
> >>> >
> >>> > upstream has this (pull request sent today):
> >>> > vhost_net: cleanup start/stop condition
> >>> >
> >>> > Could you apply it and see if it helps please?
> >>> >
> >>> > Michael, if it helps it should be before start/stop guest notifiers
> >>> > ideally to avoid bisect problems.
> >>>
> >>> It is already applied as shown from the list in the previous message
> >>> (there are some aio fixes too on top of 2.1 I picked before but they
> >>> should not impact vhost-net interaction in any mean). The symptoms are
> >>> a bit interesting - VM crashes only at PCI device initalization (e.g.
> >>> grub stage after reset and initrd unpacking are passing well, but then
> >>> things getting ugly). I am running 3.14 guest i686-pae kernel from
> >>> debian backports in guest, so it may be version-specific after all. If
> >>> it`ll be hard to reproduce, I can try 64bit, expecting same behavior.
> >>> Please find args in attached file.
> >>
> >>
> >>
> >> ok just to make sure - which tree do I clone exactly?
> >>
> >
> > https://github.com/mdroth/qemu.git stable-2.1-staging showing same
> > behavior for me with those patches
> 
> Forgot to mention important detail - I am playing with -mq now, so
> actually virtio-net working in a bit different way than it may
> expected (it also shown in args list from above, but someone may miss
> it):
> ...
> qemu-system-x86_64: unable to start vhost net: 95: falling back on
> userspace virtio
> qemu-system-x86_64: unable to start vhost net: 95: falling back on
> userspace virtio
> ...


OK I see at least one obvious bug there: does the following fix the
crash for you?
Separately, we need to debug why mq vhost is broken for you.
Is this a regression?

diff --git a/hw/net/vhost_net.c b/hw/net/vhost_net.c
index ba5d544..1fe18c7 100644
--- a/hw/net/vhost_net.c
+++ b/hw/net/vhost_net.c
@@ -289,7 +289,7 @@ int vhost_net_start(VirtIODevice *dev, NetClientState *ncs,
     BusState *qbus = BUS(qdev_get_parent_bus(DEVICE(dev)));
     VirtioBusState *vbus = VIRTIO_BUS(qbus);
     VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(vbus);
-    int r, i = 0;
+    int r, i;
 
     if (!vhost_net_device_endian_ok(dev)) {
         error_report("vhost-net does not support cross-endian");
@@ -317,16 +317,22 @@ int vhost_net_start(VirtIODevice *dev, NetClientState *ncs,
         r = vhost_net_start_one(get_vhost_net(ncs[i].peer), dev);
 
         if (r < 0) {
-            goto err;
+            goto err_start;
         }
     }
 
     return 0;
 
-err:
+err_start:
     while (--i >= 0) {
         vhost_net_stop_one(get_vhost_net(ncs[i].peer), dev);
     }
+err:
+    r = k->set_guest_notifiers(qbus->parent, total_queues * 2, false);
+    if (r < 0) {
+        fprintf(stderr, "vhost guest notifier cleanup failed: %d\n", r);
+        fflush(stderr);
+    }
     return r;
 }
 

Re: [Qemu-devel] [Qemu-stable] Patch Round-up for stable 2.1.1, freeze on 2014-09-03

[Michael S. Tsirkin]

On Wed, Sep 03, 2014 at 02:17:02AM +0400, Andrey Korolyov wrote:
> On Wed, Sep 3, 2014 at 2:09 AM, Andrey Korolyov <andrey@xdel.ru> wrote:
> > On Wed, Sep 3, 2014 at 1:51 AM, Michael S. Tsirkin <mst@redhat.com> wrote:
> >> On Wed, Sep 03, 2014 at 01:29:29AM +0400, Andrey Korolyov wrote:
> >>> On Wed, Sep 3, 2014 at 1:03 AM, Michael S. Tsirkin <mst@redhat.com> wrote:
> >>> >> bad one is the
> >>> >>
> >>> >> Author: Jason Wang <jasowang@redhat.com>
> >>> >> Date:   Tue Sep 2 18:07:46 2014 +0300
> >>> >>
> >>> >>     vhost_net: start/stop guest notifiers properly
> >>> >
> >>> >
> >>> >
> >>> > upstream has this (pull request sent today):
> >>> > vhost_net: cleanup start/stop condition
> >>> >
> >>> > Could you apply it and see if it helps please?
> >>> >
> >>> > Michael, if it helps it should be before start/stop guest notifiers
> >>> > ideally to avoid bisect problems.
> >>>
> >>> It is already applied as shown from the list in the previous message
> >>> (there are some aio fixes too on top of 2.1 I picked before but they
> >>> should not impact vhost-net interaction in any mean). The symptoms are
> >>> a bit interesting - VM crashes only at PCI device initalization (e.g.
> >>> grub stage after reset and initrd unpacking are passing well, but then
> >>> things getting ugly). I am running 3.14 guest i686-pae kernel from
> >>> debian backports in guest, so it may be version-specific after all. If
> >>> it`ll be hard to reproduce, I can try 64bit, expecting same behavior.
> >>> Please find args in attached file.
> >>
> >>
> >>
> >> ok just to make sure - which tree do I clone exactly?
> >>
> >
> > https://github.com/mdroth/qemu.git stable-2.1-staging showing same
> > behavior for me with those patches
> 
> Forgot to mention important detail - I am playing with -mq now, so
> actually virtio-net working in a bit different way than it may
> expected (it also shown in args list from above, but someone may miss
> it):
> ...
> qemu-system-x86_64: unable to start vhost net: 95: falling back on
> userspace virtio
> qemu-system-x86_64: unable to start vhost net: 95: falling back on
> userspace virtio
> ...

Okay, so there's some bug in the error handling then.
I'll dig into it - meanwhile can you please strace
the binary to figure out which ioctl is failing?

Or just trace it by hand: I am guessing vhost_net_start_one
is the one failing here, add printfs there and check
(note to self: we need more error messages in that function).

Re: [Qemu-devel] [Qemu-stable] Patch Round-up for stable 2.1.1, freeze on 2014-09-03

[Michael S. Tsirkin]

On Wed, Sep 03, 2014 at 02:17:02AM +0400, Andrey Korolyov wrote:
> On Wed, Sep 3, 2014 at 2:09 AM, Andrey Korolyov <andrey@xdel.ru> wrote:
> > On Wed, Sep 3, 2014 at 1:51 AM, Michael S. Tsirkin <mst@redhat.com> wrote:
> >> On Wed, Sep 03, 2014 at 01:29:29AM +0400, Andrey Korolyov wrote:
> >>> On Wed, Sep 3, 2014 at 1:03 AM, Michael S. Tsirkin <mst@redhat.com> wrote:
> >>> >> bad one is the
> >>> >>
> >>> >> Author: Jason Wang <jasowang@redhat.com>
> >>> >> Date:   Tue Sep 2 18:07:46 2014 +0300
> >>> >>
> >>> >>     vhost_net: start/stop guest notifiers properly
> >>> >
> >>> >
> >>> >
> >>> > upstream has this (pull request sent today):
> >>> > vhost_net: cleanup start/stop condition
> >>> >
> >>> > Could you apply it and see if it helps please?
> >>> >
> >>> > Michael, if it helps it should be before start/stop guest notifiers
> >>> > ideally to avoid bisect problems.
> >>>
> >>> It is already applied as shown from the list in the previous message
> >>> (there are some aio fixes too on top of 2.1 I picked before but they
> >>> should not impact vhost-net interaction in any mean). The symptoms are
> >>> a bit interesting - VM crashes only at PCI device initalization (e.g.
> >>> grub stage after reset and initrd unpacking are passing well, but then
> >>> things getting ugly). I am running 3.14 guest i686-pae kernel from
> >>> debian backports in guest, so it may be version-specific after all. If
> >>> it`ll be hard to reproduce, I can try 64bit, expecting same behavior.
> >>> Please find args in attached file.
> >>
> >>
> >>
> >> ok just to make sure - which tree do I clone exactly?
> >>
> >
> > https://github.com/mdroth/qemu.git stable-2.1-staging showing same
> > behavior for me with those patches
> 
> Forgot to mention important detail - I am playing with -mq now, so
> actually virtio-net working in a bit different way than it may
> expected (it also shown in args list from above, but someone may miss
> it):
> ...
> qemu-system-x86_64: unable to start vhost net: 95: falling back on
> userspace virtio
> qemu-system-x86_64: unable to start vhost net: 95: falling back on
> userspace virtio
> ...

Also - does it work fine if you disable mq?

Re: [Qemu-devel] [Qemu-stable] Patch Round-up for stable 2.1.1, freeze on 2014-09-03

[Andrey Korolyov]

On Wed, Sep 3, 2014 at 10:10 AM, Michael S. Tsirkin <mst@redhat.com> wrote:
> On Wed, Sep 03, 2014 at 02:17:02AM +0400, Andrey Korolyov wrote:
>> On Wed, Sep 3, 2014 at 2:09 AM, Andrey Korolyov <andrey@xdel.ru> wrote:
>> > On Wed, Sep 3, 2014 at 1:51 AM, Michael S. Tsirkin <mst@redhat.com> wrote:
>> >> On Wed, Sep 03, 2014 at 01:29:29AM +0400, Andrey Korolyov wrote:
>> >>> On Wed, Sep 3, 2014 at 1:03 AM, Michael S. Tsirkin <mst@redhat.com> wrote:
>> >>> >> bad one is the
>> >>> >>
>> >>> >> Author: Jason Wang <jasowang@redhat.com>
>> >>> >> Date:   Tue Sep 2 18:07:46 2014 +0300
>> >>> >>
>> >>> >>     vhost_net: start/stop guest notifiers properly
>> >>> >
>> >>> >
>> >>> >
>> >>> > upstream has this (pull request sent today):
>> >>> > vhost_net: cleanup start/stop condition
>> >>> >
>> >>> > Could you apply it and see if it helps please?
>> >>> >
>> >>> > Michael, if it helps it should be before start/stop guest notifiers
>> >>> > ideally to avoid bisect problems.
>> >>>
>> >>> It is already applied as shown from the list in the previous message
>> >>> (there are some aio fixes too on top of 2.1 I picked before but they
>> >>> should not impact vhost-net interaction in any mean). The symptoms are
>> >>> a bit interesting - VM crashes only at PCI device initalization (e.g.
>> >>> grub stage after reset and initrd unpacking are passing well, but then
>> >>> things getting ugly). I am running 3.14 guest i686-pae kernel from
>> >>> debian backports in guest, so it may be version-specific after all. If
>> >>> it`ll be hard to reproduce, I can try 64bit, expecting same behavior.
>> >>> Please find args in attached file.
>> >>
>> >>
>> >>
>> >> ok just to make sure - which tree do I clone exactly?
>> >>
>> >
>> > https://github.com/mdroth/qemu.git stable-2.1-staging showing same
>> > behavior for me with those patches
>>
>> Forgot to mention important detail - I am playing with -mq now, so
>> actually virtio-net working in a bit different way than it may
>> expected (it also shown in args list from above, but someone may miss
>> it):
>> ...
>> qemu-system-x86_64: unable to start vhost net: 95: falling back on
>> userspace virtio
>> qemu-system-x86_64: unable to start vhost net: 95: falling back on
>> userspace virtio
>> ...
>
>
> OK I see at least one obvious bug there: does the following fix the
> crash for you?
> Separately, we need to debug why mq vhost is broken for you.
> Is this a regression?
>
> diff --git a/hw/net/vhost_net.c b/hw/net/vhost_net.c
> index ba5d544..1fe18c7 100644
> --- a/hw/net/vhost_net.c
> +++ b/hw/net/vhost_net.c
> @@ -289,7 +289,7 @@ int vhost_net_start(VirtIODevice *dev, NetClientState *ncs,
>      BusState *qbus = BUS(qdev_get_parent_bus(DEVICE(dev)));
>      VirtioBusState *vbus = VIRTIO_BUS(qbus);
>      VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(vbus);
> -    int r, i = 0;
> +    int r, i;
>
>      if (!vhost_net_device_endian_ok(dev)) {
>          error_report("vhost-net does not support cross-endian");
> @@ -317,16 +317,22 @@ int vhost_net_start(VirtIODevice *dev, NetClientState *ncs,
>          r = vhost_net_start_one(get_vhost_net(ncs[i].peer), dev);
>
>          if (r < 0) {
> -            goto err;
> +            goto err_start;
>          }
>      }
>
>      return 0;
>
> -err:
> +err_start:
>      while (--i >= 0) {
>          vhost_net_stop_one(get_vhost_net(ncs[i].peer), dev);
>      }
> +err:
> +    r = k->set_guest_notifiers(qbus->parent, total_queues * 2, false);
> +    if (r < 0) {
> +        fprintf(stderr, "vhost guest notifier cleanup failed: %d\n", r);
> +        fflush(stderr);
> +    }
>      return r;
>  }
>


another bits of information:
 - the userspace fallback is not specific to mq (very unfortunately
for me because I didn`t checked this exact regression week before when
I saw it for mq and it is not specific for queued patches for 2.1.1),
 - bug itself is not specific to mq, reproduces every time even with
more generic interface config without queues,
 - patch from above does not fix the issue.

Strace output for all threads is available at
http://xdel.ru/downloads/qemu.out.gz, attached just before reset.

Re: [Qemu-devel] [Qemu-stable] Patch Round-up for stable 2.1.1, freeze on 2014-09-03

[Michael S. Tsirkin]

On Wed, Sep 03, 2014 at 11:43:54AM +0400, Andrey Korolyov wrote:
> On Wed, Sep 3, 2014 at 10:10 AM, Michael S. Tsirkin <mst@redhat.com> wrote:
> > On Wed, Sep 03, 2014 at 02:17:02AM +0400, Andrey Korolyov wrote:
> >> On Wed, Sep 3, 2014 at 2:09 AM, Andrey Korolyov <andrey@xdel.ru> wrote:
> >> > On Wed, Sep 3, 2014 at 1:51 AM, Michael S. Tsirkin <mst@redhat.com> wrote:
> >> >> On Wed, Sep 03, 2014 at 01:29:29AM +0400, Andrey Korolyov wrote:
> >> >>> On Wed, Sep 3, 2014 at 1:03 AM, Michael S. Tsirkin <mst@redhat.com> wrote:
> >> >>> >> bad one is the
> >> >>> >>
> >> >>> >> Author: Jason Wang <jasowang@redhat.com>
> >> >>> >> Date:   Tue Sep 2 18:07:46 2014 +0300
> >> >>> >>
> >> >>> >>     vhost_net: start/stop guest notifiers properly
> >> >>> >
> >> >>> >
> >> >>> >
> >> >>> > upstream has this (pull request sent today):
> >> >>> > vhost_net: cleanup start/stop condition
> >> >>> >
> >> >>> > Could you apply it and see if it helps please?
> >> >>> >
> >> >>> > Michael, if it helps it should be before start/stop guest notifiers
> >> >>> > ideally to avoid bisect problems.
> >> >>>
> >> >>> It is already applied as shown from the list in the previous message
> >> >>> (there are some aio fixes too on top of 2.1 I picked before but they
> >> >>> should not impact vhost-net interaction in any mean). The symptoms are
> >> >>> a bit interesting - VM crashes only at PCI device initalization (e.g.
> >> >>> grub stage after reset and initrd unpacking are passing well, but then
> >> >>> things getting ugly). I am running 3.14 guest i686-pae kernel from
> >> >>> debian backports in guest, so it may be version-specific after all. If
> >> >>> it`ll be hard to reproduce, I can try 64bit, expecting same behavior.
> >> >>> Please find args in attached file.
> >> >>
> >> >>
> >> >>
> >> >> ok just to make sure - which tree do I clone exactly?
> >> >>
> >> >
> >> > https://github.com/mdroth/qemu.git stable-2.1-staging showing same
> >> > behavior for me with those patches
> >>
> >> Forgot to mention important detail - I am playing with -mq now, so
> >> actually virtio-net working in a bit different way than it may
> >> expected (it also shown in args list from above, but someone may miss
> >> it):
> >> ...
> >> qemu-system-x86_64: unable to start vhost net: 95: falling back on
> >> userspace virtio
> >> qemu-system-x86_64: unable to start vhost net: 95: falling back on
> >> userspace virtio
> >> ...
> >
> >
> > OK I see at least one obvious bug there: does the following fix the
> > crash for you?
> > Separately, we need to debug why mq vhost is broken for you.
> > Is this a regression?
> >
> > diff --git a/hw/net/vhost_net.c b/hw/net/vhost_net.c
> > index ba5d544..1fe18c7 100644
> > --- a/hw/net/vhost_net.c
> > +++ b/hw/net/vhost_net.c
> > @@ -289,7 +289,7 @@ int vhost_net_start(VirtIODevice *dev, NetClientState *ncs,
> >      BusState *qbus = BUS(qdev_get_parent_bus(DEVICE(dev)));
> >      VirtioBusState *vbus = VIRTIO_BUS(qbus);
> >      VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(vbus);
> > -    int r, i = 0;
> > +    int r, i;
> >
> >      if (!vhost_net_device_endian_ok(dev)) {
> >          error_report("vhost-net does not support cross-endian");
> > @@ -317,16 +317,22 @@ int vhost_net_start(VirtIODevice *dev, NetClientState *ncs,
> >          r = vhost_net_start_one(get_vhost_net(ncs[i].peer), dev);
> >
> >          if (r < 0) {
> > -            goto err;
> > +            goto err_start;
> >          }
> >      }
> >
> >      return 0;
> >
> > -err:
> > +err_start:
> >      while (--i >= 0) {
> >          vhost_net_stop_one(get_vhost_net(ncs[i].peer), dev);
> >      }
> > +err:
> > +    r = k->set_guest_notifiers(qbus->parent, total_queues * 2, false);
> > +    if (r < 0) {
> > +        fprintf(stderr, "vhost guest notifier cleanup failed: %d\n", r);
> > +        fflush(stderr);
> > +    }
> >      return r;
> >  }
> >
> 
> 
> another bits of information:
>  - the userspace fallback is not specific to mq (very unfortunately
> for me because I didn`t checked this exact regression week before when
> I saw it for mq and it is not specific for queued patches for 2.1.1),
>  - bug itself is not specific to mq, reproduces every time even with
> more generic interface config without queues,
>  - patch from above does not fix the issue.
> 
> Strace output for all threads is available at
> http://xdel.ru/downloads/qemu.out.gz, attached just before reset.



OK does my patch help?

Jason sent patches to fix the fallback to virtio bug -
does that work for you?

Re: [Qemu-devel] [Qemu-stable] Patch Round-up for stable 2.1.1, freeze on 2014-09-03

[Andrey Korolyov]

On Wed, Sep 3, 2014 at 12:13 PM, Michael S. Tsirkin <mst@redhat.com> wrote:
> On Wed, Sep 03, 2014 at 11:43:54AM +0400, Andrey Korolyov wrote:
>> On Wed, Sep 3, 2014 at 10:10 AM, Michael S. Tsirkin <mst@redhat.com> wrote:
>> > On Wed, Sep 03, 2014 at 02:17:02AM +0400, Andrey Korolyov wrote:
>> >> On Wed, Sep 3, 2014 at 2:09 AM, Andrey Korolyov <andrey@xdel.ru> wrote:
>> >> > On Wed, Sep 3, 2014 at 1:51 AM, Michael S. Tsirkin <mst@redhat.com> wrote:
>> >> >> On Wed, Sep 03, 2014 at 01:29:29AM +0400, Andrey Korolyov wrote:
>> >> >>> On Wed, Sep 3, 2014 at 1:03 AM, Michael S. Tsirkin <mst@redhat.com> wrote:
>> >> >>> >> bad one is the
>> >> >>> >>
>> >> >>> >> Author: Jason Wang <jasowang@redhat.com>
>> >> >>> >> Date:   Tue Sep 2 18:07:46 2014 +0300
>> >> >>> >>
>> >> >>> >>     vhost_net: start/stop guest notifiers properly
>> >> >>> >
>> >> >>> >
>> >> >>> >
>> >> >>> > upstream has this (pull request sent today):
>> >> >>> > vhost_net: cleanup start/stop condition
>> >> >>> >
>> >> >>> > Could you apply it and see if it helps please?
>> >> >>> >
>> >> >>> > Michael, if it helps it should be before start/stop guest notifiers
>> >> >>> > ideally to avoid bisect problems.
>> >> >>>
>> >> >>> It is already applied as shown from the list in the previous message
>> >> >>> (there are some aio fixes too on top of 2.1 I picked before but they
>> >> >>> should not impact vhost-net interaction in any mean). The symptoms are
>> >> >>> a bit interesting - VM crashes only at PCI device initalization (e.g.
>> >> >>> grub stage after reset and initrd unpacking are passing well, but then
>> >> >>> things getting ugly). I am running 3.14 guest i686-pae kernel from
>> >> >>> debian backports in guest, so it may be version-specific after all. If
>> >> >>> it`ll be hard to reproduce, I can try 64bit, expecting same behavior.
>> >> >>> Please find args in attached file.
>> >> >>
>> >> >>
>> >> >>
>> >> >> ok just to make sure - which tree do I clone exactly?
>> >> >>
>> >> >
>> >> > https://github.com/mdroth/qemu.git stable-2.1-staging showing same
>> >> > behavior for me with those patches
>> >>
>> >> Forgot to mention important detail - I am playing with -mq now, so
>> >> actually virtio-net working in a bit different way than it may
>> >> expected (it also shown in args list from above, but someone may miss
>> >> it):
>> >> ...
>> >> qemu-system-x86_64: unable to start vhost net: 95: falling back on
>> >> userspace virtio
>> >> qemu-system-x86_64: unable to start vhost net: 95: falling back on
>> >> userspace virtio
>> >> ...
>> >
>> >
>> > OK I see at least one obvious bug there: does the following fix the
>> > crash for you?
>> > Separately, we need to debug why mq vhost is broken for you.
>> > Is this a regression?
>> >
>> > diff --git a/hw/net/vhost_net.c b/hw/net/vhost_net.c
>> > index ba5d544..1fe18c7 100644
>> > --- a/hw/net/vhost_net.c
>> > +++ b/hw/net/vhost_net.c
>> > @@ -289,7 +289,7 @@ int vhost_net_start(VirtIODevice *dev, NetClientState *ncs,
>> >      BusState *qbus = BUS(qdev_get_parent_bus(DEVICE(dev)));
>> >      VirtioBusState *vbus = VIRTIO_BUS(qbus);
>> >      VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(vbus);
>> > -    int r, i = 0;
>> > +    int r, i;
>> >
>> >      if (!vhost_net_device_endian_ok(dev)) {
>> >          error_report("vhost-net does not support cross-endian");
>> > @@ -317,16 +317,22 @@ int vhost_net_start(VirtIODevice *dev, NetClientState *ncs,
>> >          r = vhost_net_start_one(get_vhost_net(ncs[i].peer), dev);
>> >
>> >          if (r < 0) {
>> > -            goto err;
>> > +            goto err_start;
>> >          }
>> >      }
>> >
>> >      return 0;
>> >
>> > -err:
>> > +err_start:
>> >      while (--i >= 0) {
>> >          vhost_net_stop_one(get_vhost_net(ncs[i].peer), dev);
>> >      }
>> > +err:
>> > +    r = k->set_guest_notifiers(qbus->parent, total_queues * 2, false);
>> > +    if (r < 0) {
>> > +        fprintf(stderr, "vhost guest notifier cleanup failed: %d\n", r);
>> > +        fflush(stderr);
>> > +    }
>> >      return r;
>> >  }
>> >
>>
>>
>> another bits of information:
>>  - the userspace fallback is not specific to mq (very unfortunately
>> for me because I didn`t checked this exact regression week before when
>> I saw it for mq and it is not specific for queued patches for 2.1.1),
>>  - bug itself is not specific to mq, reproduces every time even with
>> more generic interface config without queues,
>>  - patch from above does not fix the issue.
>>
>> Strace output for all threads is available at
>> http://xdel.ru/downloads/qemu.out.gz, attached just before reset.
>
>
>
> OK does my patch help?
>
> Jason sent patches to fix the fallback to virtio bug -
> does that work for you?
>

Whoops, missed patch from Jason, meant yours above. The acceleration
is fixed, thanks! Jason`s patch alone fixes both crash appearance and
accel initialization while yours fixed initialization (while intended
to fix assert appearance), with crash still in place.

Re: [Qemu-devel] [Qemu-stable] Patch Round-up for stable 2.1.1, freeze on 2014-09-03

[Michael S. Tsirkin]

On Wed, Sep 03, 2014 at 12:36:18PM +0400, Andrey Korolyov wrote:
> On Wed, Sep 3, 2014 at 12:13 PM, Michael S. Tsirkin <mst@redhat.com> wrote:
> > On Wed, Sep 03, 2014 at 11:43:54AM +0400, Andrey Korolyov wrote:
> >> On Wed, Sep 3, 2014 at 10:10 AM, Michael S. Tsirkin <mst@redhat.com> wrote:
> >> > On Wed, Sep 03, 2014 at 02:17:02AM +0400, Andrey Korolyov wrote:
> >> >> On Wed, Sep 3, 2014 at 2:09 AM, Andrey Korolyov <andrey@xdel.ru> wrote:
> >> >> > On Wed, Sep 3, 2014 at 1:51 AM, Michael S. Tsirkin <mst@redhat.com> wrote:
> >> >> >> On Wed, Sep 03, 2014 at 01:29:29AM +0400, Andrey Korolyov wrote:
> >> >> >>> On Wed, Sep 3, 2014 at 1:03 AM, Michael S. Tsirkin <mst@redhat.com> wrote:
> >> >> >>> >> bad one is the
> >> >> >>> >>
> >> >> >>> >> Author: Jason Wang <jasowang@redhat.com>
> >> >> >>> >> Date:   Tue Sep 2 18:07:46 2014 +0300
> >> >> >>> >>
> >> >> >>> >>     vhost_net: start/stop guest notifiers properly
> >> >> >>> >
> >> >> >>> >
> >> >> >>> >
> >> >> >>> > upstream has this (pull request sent today):
> >> >> >>> > vhost_net: cleanup start/stop condition
> >> >> >>> >
> >> >> >>> > Could you apply it and see if it helps please?
> >> >> >>> >
> >> >> >>> > Michael, if it helps it should be before start/stop guest notifiers
> >> >> >>> > ideally to avoid bisect problems.
> >> >> >>>
> >> >> >>> It is already applied as shown from the list in the previous message
> >> >> >>> (there are some aio fixes too on top of 2.1 I picked before but they
> >> >> >>> should not impact vhost-net interaction in any mean). The symptoms are
> >> >> >>> a bit interesting - VM crashes only at PCI device initalization (e.g.
> >> >> >>> grub stage after reset and initrd unpacking are passing well, but then
> >> >> >>> things getting ugly). I am running 3.14 guest i686-pae kernel from
> >> >> >>> debian backports in guest, so it may be version-specific after all. If
> >> >> >>> it`ll be hard to reproduce, I can try 64bit, expecting same behavior.
> >> >> >>> Please find args in attached file.
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >> ok just to make sure - which tree do I clone exactly?
> >> >> >>
> >> >> >
> >> >> > https://github.com/mdroth/qemu.git stable-2.1-staging showing same
> >> >> > behavior for me with those patches
> >> >>
> >> >> Forgot to mention important detail - I am playing with -mq now, so
> >> >> actually virtio-net working in a bit different way than it may
> >> >> expected (it also shown in args list from above, but someone may miss
> >> >> it):
> >> >> ...
> >> >> qemu-system-x86_64: unable to start vhost net: 95: falling back on
> >> >> userspace virtio
> >> >> qemu-system-x86_64: unable to start vhost net: 95: falling back on
> >> >> userspace virtio
> >> >> ...
> >> >
> >> >
> >> > OK I see at least one obvious bug there: does the following fix the
> >> > crash for you?
> >> > Separately, we need to debug why mq vhost is broken for you.
> >> > Is this a regression?
> >> >
> >> > diff --git a/hw/net/vhost_net.c b/hw/net/vhost_net.c
> >> > index ba5d544..1fe18c7 100644
> >> > --- a/hw/net/vhost_net.c
> >> > +++ b/hw/net/vhost_net.c
> >> > @@ -289,7 +289,7 @@ int vhost_net_start(VirtIODevice *dev, NetClientState *ncs,
> >> >      BusState *qbus = BUS(qdev_get_parent_bus(DEVICE(dev)));
> >> >      VirtioBusState *vbus = VIRTIO_BUS(qbus);
> >> >      VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(vbus);
> >> > -    int r, i = 0;
> >> > +    int r, i;
> >> >
> >> >      if (!vhost_net_device_endian_ok(dev)) {
> >> >          error_report("vhost-net does not support cross-endian");
> >> > @@ -317,16 +317,22 @@ int vhost_net_start(VirtIODevice *dev, NetClientState *ncs,
> >> >          r = vhost_net_start_one(get_vhost_net(ncs[i].peer), dev);
> >> >
> >> >          if (r < 0) {
> >> > -            goto err;
> >> > +            goto err_start;
> >> >          }
> >> >      }
> >> >
> >> >      return 0;
> >> >
> >> > -err:
> >> > +err_start:
> >> >      while (--i >= 0) {
> >> >          vhost_net_stop_one(get_vhost_net(ncs[i].peer), dev);
> >> >      }
> >> > +err:
> >> > +    r = k->set_guest_notifiers(qbus->parent, total_queues * 2, false);
> >> > +    if (r < 0) {
> >> > +        fprintf(stderr, "vhost guest notifier cleanup failed: %d\n", r);
> >> > +        fflush(stderr);
> >> > +    }
> >> >      return r;
> >> >  }
> >> >
> >>
> >>
> >> another bits of information:
> >>  - the userspace fallback is not specific to mq (very unfortunately
> >> for me because I didn`t checked this exact regression week before when
> >> I saw it for mq and it is not specific for queued patches for 2.1.1),
> >>  - bug itself is not specific to mq, reproduces every time even with
> >> more generic interface config without queues,
> >>  - patch from above does not fix the issue.
> >>
> >> Strace output for all threads is available at
> >> http://xdel.ru/downloads/qemu.out.gz, attached just before reset.
> >
> >
> >
> > OK does my patch help?
> >
> > Jason sent patches to fix the fallback to virtio bug -
> > does that work for you?
> >
> 
> Whoops, missed patch from Jason, meant yours above. The acceleration
> is fixed, thanks! Jason`s patch alone fixes both crash appearance and
> accel initialization while yours fixed initialization (while intended
> to fix assert appearance),

OK so my patch fixes initialization likely by luck.

> with crash still in place.

Hmm so something is still wrong with the userspace path.
Could you please apply this debugging patch on top of
all the stack that is now working for you, and see if
assert still surfaces?


diff --git a/hw/net/vhost_net.c b/hw/net/vhost_net.c
index 1fe18c7..a8f8826 100644
--- a/hw/net/vhost_net.c
+++ b/hw/net/vhost_net.c
@@ -314,7 +314,10 @@ int vhost_net_start(VirtIODevice *dev, NetClientState *ncs,
     }
 
     for (i = 0; i < total_queues; i++) {
-        r = vhost_net_start_one(get_vhost_net(ncs[i].peer), dev);
+        if (i > 0)
+            r = -11;
+        else
+            r = vhost_net_start_one(get_vhost_net(ncs[i].peer), dev);
 
         if (r < 0) {
             goto err_start;

Re: [Qemu-devel] [Qemu-stable] Patch Round-up for stable 2.1.1, freeze on 2014-09-03

[Andrey Korolyov]

>
> OK so my patch fixes initialization likely by luck.
>
>> with crash still in place.
>
> Hmm so something is still wrong with the userspace path.
> Could you please apply this debugging patch on top of
> all the stack that is now working for you, and see if
> assert still surfaces?
>
>
> diff --git a/hw/net/vhost_net.c b/hw/net/vhost_net.c
> index 1fe18c7..a8f8826 100644
> --- a/hw/net/vhost_net.c
> +++ b/hw/net/vhost_net.c
> @@ -314,7 +314,10 @@ int vhost_net_start(VirtIODevice *dev, NetClientState *ncs,
>      }
>
>      for (i = 0; i < total_queues; i++) {
> -        r = vhost_net_start_one(get_vhost_net(ncs[i].peer), dev);
> +        if (i > 0)
> +            r = -11;
> +        else
> +            r = vhost_net_start_one(get_vhost_net(ncs[i].peer), dev);
>
>          if (r < 0) {
>              goto err_start;
>

Yes, with Jason`s patch on the top and this one both acceleration and
re-initialization after reboot are broken, assert firing up again.
Will check if vhost_net: cleanup recovery works as intended and reply
to patch` thread.

Re: [Qemu-devel] [Qemu-stable] Patch Round-up for stable 2.1.1, freeze on 2014-09-03

[Michael S. Tsirkin]

On Wed, Sep 03, 2014 at 01:18:47PM +0400, Andrey Korolyov wrote:
> >
> > OK so my patch fixes initialization likely by luck.
> >
> >> with crash still in place.
> >
> > Hmm so something is still wrong with the userspace path.
> > Could you please apply this debugging patch on top of
> > all the stack that is now working for you, and see if
> > assert still surfaces?
> >
> >
> > diff --git a/hw/net/vhost_net.c b/hw/net/vhost_net.c
> > index 1fe18c7..a8f8826 100644
> > --- a/hw/net/vhost_net.c
> > +++ b/hw/net/vhost_net.c
> > @@ -314,7 +314,10 @@ int vhost_net_start(VirtIODevice *dev, NetClientState *ncs,
> >      }
> >
> >      for (i = 0; i < total_queues; i++) {
> > -        r = vhost_net_start_one(get_vhost_net(ncs[i].peer), dev);
> > +        if (i > 0)
> > +            r = -11;
> > +        else
> > +            r = vhost_net_start_one(get_vhost_net(ncs[i].peer), dev);
> >
> >          if (r < 0) {
> >              goto err_start;
> >
> 
> Yes, with Jason`s patch on the top and this one both acceleration and
> re-initialization after reboot are broken, assert firing up again.
> Will check if vhost_net: cleanup recovery works as intended and reply
> to patch` thread.

Please test v2 though - Jason found a bug in v1.
Thanks!

Re: [Qemu-devel] [Qemu-stable] Patch Round-up for stable 2.1.1, freeze on 2014-09-03

[Michael S. Tsirkin]

On Tue, Sep 02, 2014 at 04:58:04PM -0500, Michael Roth wrote:
> Quoting Andrey Korolyov (2014-09-02 16:29:29)
> > On Wed, Sep 3, 2014 at 1:03 AM, Michael S. Tsirkin <mst@redhat.com> wrote:
> > >> bad one is the
> > >>
> > >> Author: Jason Wang <jasowang@redhat.com>
> > >> Date:   Tue Sep 2 18:07:46 2014 +0300
> > >>
> > >>     vhost_net: start/stop guest notifiers properly
> > >
> > >
> > >
> > > upstream has this (pull request sent today):
> > > vhost_net: cleanup start/stop condition
> > >
> > > Could you apply it and see if it helps please?
> > >
> > > Michael, if it helps it should be before start/stop guest notifiers
> > > ideally to avoid bisect problems.
> > 
> > It is already applied as shown from the list in the previous message
> > (there are some aio fixes too on top of 2.1 I picked before but they
> > should not impact vhost-net interaction in any mean). The symptoms are
> 
> I also had it applied. Not sure what the main difference is with our
> setups, but can't seem to reproduce it on my end. Also tried FC18 64-bit.
> 
> I have only 2.1.1 + the 4 commits mentioned in my previous email however,
> so it may be worth retrying your test with only those applied as a sanity
> check, or even just testing Michael's tree directly to confirm that the
> right commit.

I replaced Jason's patch with one including a fix,
sent pull requests with all new patches that need to be
in 2.1.1 Cc to stable.

I know Stefan has important fixes for migration in his tree
as well.

I suspect we'll have to push freeze off by a day or maybe two.

Re: [Qemu-devel] [Qemu-stable] Patch Round-up for stable 2.1.1, freeze on 2014-09-03

[Michael Roth]

Quoting Michael S. Tsirkin (2014-09-03 12:57:24)
> On Tue, Sep 02, 2014 at 04:58:04PM -0500, Michael Roth wrote:
> > Quoting Andrey Korolyov (2014-09-02 16:29:29)
> > > On Wed, Sep 3, 2014 at 1:03 AM, Michael S. Tsirkin <mst@redhat.com> wrote:
> > > >> bad one is the
> > > >>
> > > >> Author: Jason Wang <jasowang@redhat.com>
> > > >> Date:   Tue Sep 2 18:07:46 2014 +0300
> > > >>
> > > >>     vhost_net: start/stop guest notifiers properly
> > > >
> > > >
> > > >
> > > > upstream has this (pull request sent today):
> > > > vhost_net: cleanup start/stop condition
> > > >
> > > > Could you apply it and see if it helps please?
> > > >
> > > > Michael, if it helps it should be before start/stop guest notifiers
> > > > ideally to avoid bisect problems.
> > > 
> > > It is already applied as shown from the list in the previous message
> > > (there are some aio fixes too on top of 2.1 I picked before but they
> > > should not impact vhost-net interaction in any mean). The symptoms are
> > 
> > I also had it applied. Not sure what the main difference is with our
> > setups, but can't seem to reproduce it on my end. Also tried FC18 64-bit.
> > 
> > I have only 2.1.1 + the 4 commits mentioned in my previous email however,
> > so it may be worth retrying your test with only those applied as a sanity
> > check, or even just testing Michael's tree directly to confirm that the
> > right commit.
> 
> I replaced Jason's patch with one including a fix,
> sent pull requests with all new patches that need to be
> in 2.1.1 Cc to stable.
> 
> I know Stefan has important fixes for migration in his tree
> as well.

AFAIK that would be these?

  virtio-net: don't run bh on vm stopped
  net: Forbid dealing with packets when VM is not running 
  net: prevent sending packets while guest is stopped

> 
> I suspect we'll have to push freeze off by a day or maybe two.

Okay, let's play it by ear then. If there's anything pending by EOD Thursday
(CDT) though we'll need to push out the 2.1.1 release accordingly.

Re: [Qemu-devel] [Qemu-stable] Patch Round-up for stable 2.1.1, freeze on 2014-09-03

[Michael Roth]

Quoting Michael Roth (2014-09-02 10:20:50)
> Quoting Michael Roth (2014-08-27 12:35:57)
> > Hi everyone,
> > 
> > The following new patches are queued for QEMU stable v2.1.1:
> > 
> >   https://github.com/mdroth/qemu/commits/stable-2.1-staging
> 
> As of now the following additional patches have been applied to
> the 2.1.1 staging tree (see stable commit for upstream commit ref):
> 
>   a7f9ea2 qxl-render: add more sanity checks
>   1511595 target-arm: Correct Cortex-A57 ISAR5 and AA64ISAR0 ID register values
>   44a1530 target-arm: Fix regression that disabled VFP for ARMv5 CPUs
>   95dcaa4 x86: Clear MTRRs on vCPU reset
>   7fd25d3 x86: kvm: Add MTRR support for kvm_get|put_msrs()
>   0f9c63b x86: Use common variable range MTRR counts
>   0c69595 target-i386: Don't forbid NX bit on PAE PDEs and PTEs
>   89713cb vl: process -object after other backend options
>   93dcbd3 spapr_pci: map the MSI window in each PHB
> 
> The following patches have been Cc'd to qemu-stable and are still
> pending upstream commit/merge:
> 
>   [PATCH] virtio-net: don't run bh on vm stopped (Michael S. Tsirkin)
>     * pull just sent by Michael Tsirkin
>   [PATCH] net: prevent sending packets while guest is stopped (Stefan Hajnoczi)
>   [PATCH v2 2/4] pci: Avoid losing config updates to MSI/MSIX cap regs (Knut Omang)
>   [PATCH V4] net: Forbid dealing with packets when VM is not running (zhanghailiang)
>     * looks like Stefan has this queued for net
>   [PATCH V2] acpi-build: Set FORCE_APIC_CLUSTER_MODEL bit for FADT flags (zhanghailiang)
>   [RESEND v2 0/3] Fix some memory leaks about query memdev (Chen Fan)
>     * looks like Michael Tokarev has this queued for trivial
>   [PATCH] target-i386: Support migratable=no properly (Eduardo Habkost)
>     * pinged
>   [PATCH 1/3] pc: Fix disabling of vapic for compat PC models (Jan Kiszka)
>     * pinged
>   [PATCH] pty: Fix byte loss bug when connecting to pty (Sebastian Tanase)
>     * pinged, presumably going through Gerd's tree
> 
> Let me know if anything is missing.

As of now the following new patches have been pushed to 2.1.1 staging:

  c15be66 virtio-net: purge outstanding packets when starting vhost
  0e913ff net: complete all queued packets on VM stop
  6c4dad0 net: invoke callback when purging queue
  20f2829 virtio: don't call device on !vm_running
  1f6582a net: Forbid dealing with packets when VM is not running
  b5d285f acpi-build: Set FORCE_APIC_CLUSTER_MODEL bit for FADT flags
  403899e vhost-scsi: init backend features earlier
  2807e70 vhost_net: init acked_features to backend_features
  f0b0a90 vhost_net: start/stop guest notifiers properly
  1838f13 pci: avoid losing config updates to MSI/MSIX cap regs
  8013d1f virtio-net: don't run bh on vm stopped

Currently holding on the following, which look like they'll
 be going in soon. Will update 2.1.1 release date once they
do, but looking like it's gonna get pushed to at least
Wednesday:

  [CVE-2014-3615 PATCH v2 0/3] vbe: bochs dispi interface fixes
    * Gerd planning on sending a PULL friday.
  target-i386: Support migratable=no properly
    * Andreas' "QOM CPUState" PULL was dropped, should be in next one

Will pull these in if they come in soon enough (I'll hold on them
if we think any are blockers but anything pending past friday EOD
will push the release out further):                                                                                                                                                 
  qdev: Use NULL instead of local_err for qbus_child unrealize
  qdev: Add cleanup logic in device_set_realized() to avoid resource leak
    * both in Andreas' "QOM devices" pull
  hw/machine: Free old values of string properties 
  virtio-pci: fix virtio-net child refcount in transports
    * Michael or Andreas?
  
Anything else?

> 
> > 
> > The release is planned for 2014-09-08:
> > 
> >   http://wiki.qemu.org/Planning/2.1
> > 
> > Please respond here or CC qemu-stable@nongnu.org on any patches you
> > think should be included in the release.
> > 
> > Testing/feedback is greatly appreciated.
> > 
> > Thanks!
> > 
> > ----------------------------------------------------------------
> > Alex Williamson (1):
> >       vfio: Fix MSI-X vector expansion
> > 
> > Ben Draper (1):
> >       vmxnet3: Pad short frames to minimum size (60 bytes)
> > 
> > Christoffer Dall (2):
> >       target-arm: Rename QEMU PSCI v0.1 definitions
> >       arm/virt: Use PSCI v0.2 function IDs in the DT when KVM uses PSCI v0.2
> > 
> > Fam Zheng (1):
> >       blkdebug: Delete BH in bdrv_aio_cancel
> > 
> > Gonglei (1):
> >       pcihp: fix possible array out of bounds
> > 
> > Hu Tao (3):
> >       hw:i386: typo fix: MEMORY_HOPTLUG_DEVICE -> MEMORY_HOTPLUG_DEVICE
> >       pc-dimm: validate node property
> >       numa: show hex number in error message for consistency and prefix them with 0x
> > 
> > Jan Kiszka (1):
> >       pci: Use bus master address space for delivering MSI/MSI-X messages
> > 
> > Michael S. Tsirkin (4):
> >       pc-dimm: fix up error message
> >       acpi: align RSDP
> >       hostmem: set MPOL_MF_MOVE
> >       pc: reserve more memory for ACPI for new machine types
> > 
> > Michael Tokarev (2):
> >       l2tpv3 (configure): it is linux-specific
> >       ide: only constrain read/write requests to drive size, not other types
> > 
> > Peter Lieven (1):
> >       block/iscsi: fix memory corruption on iscsi resize
> > 
> > Peter Maydell (1):
> >       target-arm: Fix return address for A64 BRK instructions
> > 
> > Stefan Hajnoczi (6):
> >       qmp: hide "hotplugged" device property from device-list-properties
> >       qdev-monitor: include QOM properties in -device FOO, help output
> >       raw-posix: fix O_DIRECT short reads
> >       qemu-iotests: add test case 101 for short file I/O
> >       thread-pool: avoid per-thread-pool EventNotifier
> >       thread-pool: avoid deadlock in nested aio_poll() calls
> > 
> > zhanghailiang (1):
> >       virtio-blk: fix reference a pointer which might be freed
> > 
> >  backends/hostmem.c              |  2 +-
> >  block/blkdebug.c                |  4 +++
> >  block/iscsi.c                   |  3 ++-
> >  block/raw-posix.c               |  9 +++++++
> >  configure                       |  1 +
> >  hw/acpi/pcihp.c                 |  2 +-
> >  hw/arm/virt.c                   | 31 ++++++++++++++++++----
> >  hw/block/virtio-blk.c           |  3 ++-
> >  hw/i386/acpi-build.c            |  2 +-
> >  hw/i386/acpi-dsdt.dsl           |  4 +--
> >  hw/i386/acpi-dsdt.hex.generated |  8 +++---
> >  hw/i386/pc.c                    | 12 ++++++---
> >  hw/i386/pc_piix.c               |  1 +
> >  hw/i386/pc_q35.c                |  1 +
> >  hw/i386/q35-acpi-dsdt.dsl       |  4 +--
> >  hw/i386/ssdt-mem.dsl            | 16 ++++++------
> >  hw/i386/ssdt-misc.dsl           |  2 +-
> >  hw/ide/core.c                   |  3 ++-
> >  hw/mem/pc-dimm.c                |  6 +++++
> >  hw/misc/vfio.c                  | 38 ++++++++++++++++++++-------
> >  hw/net/vmxnet3.c                | 10 +++++++
> >  hw/pci/msi.c                    |  2 +-
> >  hw/pci/msix.c                   |  2 +-
> >  include/hw/acpi/pc-hotplug.h    |  2 +-
> >  include/hw/i386/pc.h            |  2 ++
> >  numa.c                          |  4 +--
> >  qdev-monitor.c                  | 40 ++++++++++++----------------
> >  qmp.c                           |  1 +
> >  target-arm/kvm-consts.h         | 49 ++++++++++++++++++++++++++--------
> >  target-arm/translate-a64.c      |  2 +-
> >  tests/qemu-iotests/101          | 58 +++++++++++++++++++++++++++++++++++++++++
> >  tests/qemu-iotests/101.out      | 10 +++++++
> >  tests/qemu-iotests/group        |  1 +
> >  thread-pool.c                   | 27 ++++++++++---------
> >  34 files changed, 269 insertions(+), 93 deletions(-)
> >  create mode 100755 tests/qemu-iotests/101
> >  create mode 100644 tests/qemu-iotests/101.out

Re: [Qemu-devel] [Qemu-stable] [PATCH 06/25] pci: Use bus master address space for delivering MSI/MSI-X messages

[Greg Kurz]

On Thu, 28 Aug 2014 09:39:30 -0500
Michael Roth <mdroth@linux.vnet.ibm.com> wrote:
> Quoting Greg Kurz (2014-08-28 05:18:06)
> > On Wed, 27 Aug 2014 12:36:03 -0500
> > Michael Roth <mdroth@linux.vnet.ibm.com> wrote:
> > > From: Jan Kiszka <jan.kiszka@siemens.com>
> > > 
> > > The spec says (and real HW confirms this) that, if the bus master bit
> > > is 0, the device will not generate any PCI accesses. MSI and MSI-X
> > > messages fall among these, so we should use the corresponding address
> > > space to deliver them. This will prevent delivery if bus master support
> > > is disabled.
> > > 
> > > Cc: qemu-stable@nongnu.org
> > > Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
> > > Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
> > > Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
> > > (cherry picked from commit cc943c36faa192cd4b32af8fe5edb31894017d35)
> > > Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
> > > ---
> > 
> > Hi Michael,
> > 
> > This commit breaks virtio for spapr. A fix is available in Alex's ppc-next:
> > 
> > From: Greg Kurz <gkurz@linux.vnet.ibm.com>
> > spapr_pci: map the MSI window in each PHB 
> > 
> > https://github.com/agraf/qemu/commit/7af2868fc76857e19c232bbe9e99a95d61138213
> 
> Thanks, I've gone ahead and applied it. Tested virtio + pseries before/after
> and it seems to fix the issue.
> 

Michael,

We have a problem again with pseries guests...

Since commit cc943c36faa192cd4b32af8fe5edb31894017d35 was not applied
to stable, virtio PCI devices notify through the global address space.
Unfortunately, commit 7af2868fc76857e19c232bbe9e99a95d61138213 removes
the MSI window from the global address space... 

The result is that 2.1.1 is broken for pseries using virtio... Reverting
0824ca6bd126b97fac18d12d514823463f415bec from stable fixes the issue.
I guess we should do that and try again when we have it all fixed in
master.

Sorry for not having anticipated that for 2.1.1... :-\

Cheers.

--
Greg

> > 
> > Cheers.
> > 
> > --
> > Greg
> > 
> > >  hw/pci/msi.c  | 2 +-
> > >  hw/pci/msix.c | 2 +-
> > >  2 files changed, 2 insertions(+), 2 deletions(-)
> > > 
> > > diff --git a/hw/pci/msi.c b/hw/pci/msi.c
> > > index a4a3040..52d2313 100644
> > > --- a/hw/pci/msi.c
> > > +++ b/hw/pci/msi.c
> > > @@ -291,7 +291,7 @@ void msi_notify(PCIDevice *dev, unsigned int vector)
> > >                     "notify vector 0x%x"
> > >                     " address: 0x%"PRIx64" data: 0x%"PRIx32"\n",
> > >                     vector, msg.address, msg.data);
> > > -    stl_le_phys(&address_space_memory, msg.address, msg.data);
> > > +    stl_le_phys(&dev->bus_master_as, msg.address, msg.data);
> > >  }
> > > 
> > >  /* Normally called by pci_default_write_config(). */
> > > diff --git a/hw/pci/msix.c b/hw/pci/msix.c
> > > index 5c49bfc..20ae476 100644
> > > --- a/hw/pci/msix.c
> > > +++ b/hw/pci/msix.c
> > > @@ -439,7 +439,7 @@ void msix_notify(PCIDevice *dev, unsigned vector)
> > > 
> > >      msg = msix_get_message(dev, vector);
> > > 
> > > -    stl_le_phys(&address_space_memory, msg.address, msg.data);
> > > +    stl_le_phys(&dev->bus_master_as, msg.address, msg.data);
> > >  }
> > > 
> > >  void msix_reset(PCIDevice *dev)
> > 
> > 
> > 
> > -- 
> > Gregory Kurz                                     kurzgreg@fr.ibm.com
> >                                                  gkurz@linux.vnet.ibm.com
> > Software Engineer @ IBM/Meiosys                  http://www.ibm.com
> > Tel +33 (0)562 165 496
> > 
> > "Anarchy is about taking complete responsibility for yourself."
> >         Alan Moore.