* [Qemu-devel] [PATCH for-2.7 0/4] virtio-balloon: fix stats vq migration
@ 2016-08-12 15:32 Stefan Hajnoczi
2016-08-12 15:32 ` [Qemu-devel] [PATCH for-2.7 1/4] virtio: recalculate vq->inuse after migration Stefan Hajnoczi
` (5 more replies)
0 siblings, 6 replies; 15+ messages in thread
From: Stefan Hajnoczi @ 2016-08-12 15:32 UTC (permalink / raw)
To: qemu-devel; +Cc: Luiz Capitulino, Michael S. Tsirkin, gaudenz, Stefan Hajnoczi
Gaudenz Steinlin <gaudenz@debian.org> reported that virtqueue_pop() terminates
QEMU because the virtqueue size is exceeded following the CVE-2016-5403 fix. I
have been unable to reproduce this or understand the root cause by code
inspection. Along the way I did discover a few bugs in virtio-balloon and
virtio code.
Please see the individual patches for details.
Gaudenz: If you can reproduce the bug you reported, please try again with these
patches applied.
Stefan Hajnoczi (4):
virtio: recalculate vq->inuse after migration
virtio: decrement vq->inuse in virtqueue_discard()
virtio: add virtqueue_rewind()
virtio-balloon: fix stats vq migration
hw/virtio/virtio-balloon.c | 10 ++++++++++
hw/virtio/virtio.c | 37 +++++++++++++++++++++++++++++++++++++
include/hw/virtio/virtio.h | 1 +
3 files changed, 48 insertions(+)
--
2.7.4
^ permalink raw reply [flat|nested] 15+ messages in thread
* [Qemu-devel] [PATCH for-2.7 1/4] virtio: recalculate vq->inuse after migration
2016-08-12 15:32 [Qemu-devel] [PATCH for-2.7 0/4] virtio-balloon: fix stats vq migration Stefan Hajnoczi
@ 2016-08-12 15:32 ` Stefan Hajnoczi
2016-08-12 21:30 ` Michael S. Tsirkin
` (2 more replies)
2016-08-12 15:32 ` [Qemu-devel] [PATCH for-2.7 2/4] virtio: decrement vq->inuse in virtqueue_discard() Stefan Hajnoczi
` (4 subsequent siblings)
5 siblings, 3 replies; 15+ messages in thread
From: Stefan Hajnoczi @ 2016-08-12 15:32 UTC (permalink / raw)
To: qemu-devel; +Cc: Luiz Capitulino, Michael S. Tsirkin, gaudenz, Stefan Hajnoczi
The vq->inuse field is not migrated. Many devices don't hold
VirtQueueElements across migration so it doesn't matter that vq->inuse
starts at 0 on the destination QEMU.
At least virtio-serial, virtio-blk, and virtio-balloon migrate while
holding VirtQueueElements. For these devices we need to recalculate
vq->inuse upon load so the value is correct.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
hw/virtio/virtio.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index 15ee3a7..4df8274 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -1648,6 +1648,20 @@ int virtio_load(VirtIODevice *vdev, QEMUFile *f, int version_id)
}
vdev->vq[i].used_idx = vring_used_idx(&vdev->vq[i]);
vdev->vq[i].shadow_avail_idx = vring_avail_idx(&vdev->vq[i]);
+
+ /* Some devices migrate VirtQueueElements that have been popped
+ * from the avail ring but not yet returned to the used ring.
+ */
+ vdev->vq[i].inuse = vdev->vq[i].last_avail_idx -
+ vdev->vq[i].used_idx;
+ if (vdev->vq[i].inuse > vdev->vq[i].vring.num) {
+ error_report("VQ %d size 0x%x < last_avail_idx 0x%x - "
+ "used_idx 0x%x"
+ i, vdev->vq[i].vring.num,
+ vdev->vq[i].last_avail_idx,
+ vdev->vq[i].used_idx);
+ return -1;
+ }
}
}
--
2.7.4
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [Qemu-devel] [PATCH for-2.7 2/4] virtio: decrement vq->inuse in virtqueue_discard()
2016-08-12 15:32 [Qemu-devel] [PATCH for-2.7 0/4] virtio-balloon: fix stats vq migration Stefan Hajnoczi
2016-08-12 15:32 ` [Qemu-devel] [PATCH for-2.7 1/4] virtio: recalculate vq->inuse after migration Stefan Hajnoczi
@ 2016-08-12 15:32 ` Stefan Hajnoczi
2016-08-12 21:31 ` Michael S. Tsirkin
2016-08-15 8:24 ` Cornelia Huck
2016-08-12 15:32 ` [Qemu-devel] [PATCH for-2.7 3/4] virtio: add virtqueue_rewind() Stefan Hajnoczi
` (3 subsequent siblings)
5 siblings, 2 replies; 15+ messages in thread
From: Stefan Hajnoczi @ 2016-08-12 15:32 UTC (permalink / raw)
To: qemu-devel; +Cc: Luiz Capitulino, Michael S. Tsirkin, gaudenz, Stefan Hajnoczi
virtqueue_descard() moves vq->last_avail_idx back so the element can be
popped again. It's necessary to decrement vq->inuse to avoid "leaking"
the element count.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
hw/virtio/virtio.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index 4df8274..00158b6 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -268,6 +268,7 @@ void virtqueue_discard(VirtQueue *vq, const VirtQueueElement *elem,
unsigned int len)
{
vq->last_avail_idx--;
+ vq->inuse--;
virtqueue_unmap_sg(vq, elem, len);
}
--
2.7.4
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [Qemu-devel] [PATCH for-2.7 3/4] virtio: add virtqueue_rewind()
2016-08-12 15:32 [Qemu-devel] [PATCH for-2.7 0/4] virtio-balloon: fix stats vq migration Stefan Hajnoczi
2016-08-12 15:32 ` [Qemu-devel] [PATCH for-2.7 1/4] virtio: recalculate vq->inuse after migration Stefan Hajnoczi
2016-08-12 15:32 ` [Qemu-devel] [PATCH for-2.7 2/4] virtio: decrement vq->inuse in virtqueue_discard() Stefan Hajnoczi
@ 2016-08-12 15:32 ` Stefan Hajnoczi
2016-08-15 8:36 ` Cornelia Huck
2016-08-12 15:32 ` [Qemu-devel] [PATCH for-2.7 4/4] virtio-balloon: fix stats vq migration Stefan Hajnoczi
` (2 subsequent siblings)
5 siblings, 1 reply; 15+ messages in thread
From: Stefan Hajnoczi @ 2016-08-12 15:32 UTC (permalink / raw)
To: qemu-devel; +Cc: Luiz Capitulino, Michael S. Tsirkin, gaudenz, Stefan Hajnoczi
virtqueue_discard() requires a VirtQueueElement but virtio-balloon does
not migrate its in-use element. Introduce a new function that is
similar to virtqueue_discard() but doesn't require a VirtQueueElement.
This will allow virtio-balloon to access element again after migration
with the usual proviso that the guest may have modified the vring since
last time.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
hw/virtio/virtio.c | 22 ++++++++++++++++++++++
include/hw/virtio/virtio.h | 1 +
2 files changed, 23 insertions(+)
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index 00158b6..22727ba 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -272,6 +272,28 @@ void virtqueue_discard(VirtQueue *vq, const VirtQueueElement *elem,
virtqueue_unmap_sg(vq, elem, len);
}
+/* virtqueue_rewind:
+ * @vq: The #VirtQueue
+ * @num: Number of elements to push back
+ *
+ * Pretend that elements weren't popped from the virtqueue. The next
+ * virtqueue_pop() will refetch the oldest element.
+ *
+ * Use virtqueue_discard() instead if you have a VirtQueueElement.
+ *
+ * Returns: true on success, false if @num is greater than the number of in use
+ * elements.
+ */
+bool virtqueue_rewind(VirtQueue *vq, unsigned int num)
+{
+ if (num > vq->inuse) {
+ return false;
+ }
+ vq->last_avail_idx -= num;
+ vq->inuse -= num;
+ return true;
+}
+
void virtqueue_fill(VirtQueue *vq, const VirtQueueElement *elem,
unsigned int len, unsigned int idx)
{
diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h
index d2490c1..f05559d 100644
--- a/include/hw/virtio/virtio.h
+++ b/include/hw/virtio/virtio.h
@@ -154,6 +154,7 @@ void virtqueue_push(VirtQueue *vq, const VirtQueueElement *elem,
void virtqueue_flush(VirtQueue *vq, unsigned int count);
void virtqueue_discard(VirtQueue *vq, const VirtQueueElement *elem,
unsigned int len);
+bool virtqueue_rewind(VirtQueue *vq, unsigned int num);
void virtqueue_fill(VirtQueue *vq, const VirtQueueElement *elem,
unsigned int len, unsigned int idx);
--
2.7.4
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [Qemu-devel] [PATCH for-2.7 4/4] virtio-balloon: fix stats vq migration
2016-08-12 15:32 [Qemu-devel] [PATCH for-2.7 0/4] virtio-balloon: fix stats vq migration Stefan Hajnoczi
` (2 preceding siblings ...)
2016-08-12 15:32 ` [Qemu-devel] [PATCH for-2.7 3/4] virtio: add virtqueue_rewind() Stefan Hajnoczi
@ 2016-08-12 15:32 ` Stefan Hajnoczi
2016-08-12 19:43 ` [Qemu-devel] [PATCH for-2.7 0/4] " no-reply
2016-08-15 19:51 ` Gaudenz Steinlin
5 siblings, 0 replies; 15+ messages in thread
From: Stefan Hajnoczi @ 2016-08-12 15:32 UTC (permalink / raw)
To: qemu-devel; +Cc: Luiz Capitulino, Michael S. Tsirkin, gaudenz, Stefan Hajnoczi
The statistics virtqueue is not migrated properly because virtio-balloon
does not include s->stats_vq_elem in the migration stream.
After migration the statistics virtqueue hangs because the host never
completes the last element (s->stats_vq_elem is NULL on the destination
QEMU). Therefore the guest never submits new elements and the virtqueue
is hung.
Instead of changing the migration stream format in an incompatible way,
detect the migration case and rewind the virtqueue so the last element
can be completed.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
hw/virtio/virtio-balloon.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c
index 5af429a..a8d66b9 100644
--- a/hw/virtio/virtio-balloon.c
+++ b/hw/virtio/virtio-balloon.c
@@ -99,6 +99,16 @@ static void balloon_stats_poll_cb(void *opaque)
VirtIOBalloon *s = opaque;
VirtIODevice *vdev = VIRTIO_DEVICE(s);
+ /* After live migration we fetch the current element again */
+ if (s->stats_vq_elem == NULL && virtqueue_rewind(s->svq, 1)) {
+ VirtQueueElement *elem = virtqueue_pop(s->svq, sizeof(*elem));
+
+ if (elem) {
+ s->stats_vq_offset = iov_size(elem->out_sg, elem->out_num);
+ s->stats_vq_elem = elem;
+ }
+ }
+
if (s->stats_vq_elem == NULL || !balloon_stats_supported(s)) {
/* re-schedule */
balloon_stats_change_timer(s, s->stats_poll_interval);
--
2.7.4
^ permalink raw reply related [flat|nested] 15+ messages in thread
* Re: [Qemu-devel] [PATCH for-2.7 0/4] virtio-balloon: fix stats vq migration
2016-08-12 15:32 [Qemu-devel] [PATCH for-2.7 0/4] virtio-balloon: fix stats vq migration Stefan Hajnoczi
` (3 preceding siblings ...)
2016-08-12 15:32 ` [Qemu-devel] [PATCH for-2.7 4/4] virtio-balloon: fix stats vq migration Stefan Hajnoczi
@ 2016-08-12 19:43 ` no-reply
2016-08-15 19:51 ` Gaudenz Steinlin
5 siblings, 0 replies; 15+ messages in thread
From: no-reply @ 2016-08-12 19:43 UTC (permalink / raw)
To: stefanha; +Cc: famz, qemu-devel, gaudenz, mst, lcapitulino
Hi,
Your series failed automatic build test. Please find the testing commands and
their output below. If you have docker installed, you can probably reproduce it
locally.
Message-id: 1471015978-1123-1-git-send-email-stefanha@redhat.com
Subject: [Qemu-devel] [PATCH for-2.7 0/4] virtio-balloon: fix stats vq migration
Type: series
=== TEST SCRIPT BEGIN ===
#!/bin/bash
set -e
git submodule update --init dtc
make J=8 docker-test-quick@centos6
# we need CURL DPRINTF patch
# http://patchew.org/QEMU/1470027888-24381-1-git-send-email-famz%40redhat.com/
#make J=8 docker-test-mingw@fedora
=== TEST SCRIPT END ===
Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
65e5867 virtio-balloon: fix stats vq migration
c2514f9 virtio: add virtqueue_rewind()
b743840 virtio: decrement vq->inuse in virtqueue_discard()
eb5b274 virtio: recalculate vq->inuse after migration
=== OUTPUT BEGIN ===
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
Cloning into 'dtc'...
Submodule path 'dtc': checked out '65cc4d2748a2c2e6f27f1cf39e07a5dbabd80ebf'
BUILD centos6
ARCHIVE qemu.tgz
ARCHIVE dtc.tgz
COPY RUNNER
RUN test-quick in centos6
No C++ compiler available; disabling C++ specific optional code
Install prefix /tmp/qemu-test/src/tests/docker/install
BIOS directory /tmp/qemu-test/src/tests/docker/install/share/qemu
binary directory /tmp/qemu-test/src/tests/docker/install/bin
library directory /tmp/qemu-test/src/tests/docker/install/lib
module directory /tmp/qemu-test/src/tests/docker/install/lib/qemu
libexec directory /tmp/qemu-test/src/tests/docker/install/libexec
include directory /tmp/qemu-test/src/tests/docker/install/include
config directory /tmp/qemu-test/src/tests/docker/install/etc
local state directory /tmp/qemu-test/src/tests/docker/install/var
Manual directory /tmp/qemu-test/src/tests/docker/install/share/man
ELF interp prefix /usr/gnemul/qemu-%M
Source path /tmp/qemu-test/src
C compiler cc
Host C compiler cc
C++ compiler
Objective-C compiler cc
ARFLAGS rv
CFLAGS -O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -pthread -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -g
QEMU_CFLAGS -I/usr/include/pixman-1 -fPIE -DPIE -m64 -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes -fno-strict-aliasing -fno-common -Wendif-labels -Wmissing-include-dirs -Wempty-body -Wnested-externs -Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers -Wold-style-declaration -Wold-style-definition -Wtype-limits -fstack-protector-all
LDFLAGS -Wl,--warn-common -Wl,-z,relro -Wl,-z,now -pie -m64 -g
make make
install install
python python -B
smbd /usr/sbin/smbd
module support no
host CPU x86_64
host big endian no
target list x86_64-softmmu aarch64-softmmu
tcg debug enabled no
gprof enabled no
sparse enabled no
strip binaries yes
profiler no
static build no
pixman system
SDL support yes (1.2.14)
GTK support no
GTK GL support no
VTE support no
TLS priority NORMAL
GNUTLS support no
GNUTLS rnd no
libgcrypt no
libgcrypt kdf no
nettle no
nettle kdf no
libtasn1 no
curses support no
virgl support no
curl support no
mingw32 support no
Audio drivers oss
Block whitelist (rw)
Block whitelist (ro)
VirtFS support no
VNC support yes
VNC SASL support no
VNC JPEG support no
VNC PNG support no
xen support no
brlapi support no
bluez support no
Documentation no
PIE yes
vde support no
netmap support no
Linux AIO support no
ATTR/XATTR support yes
Install blobs yes
KVM support yes
RDMA support no
TCG interpreter no
fdt support yes
preadv support yes
fdatasync yes
madvise yes
posix_madvise yes
uuid support no
libcap-ng support no
vhost-net support yes
vhost-scsi support yes
Trace backends log
spice support no
rbd support no
xfsctl support no
smartcard support no
libusb no
usb net redir no
OpenGL support no
OpenGL dmabufs no
libiscsi support no
libnfs support no
build guest agent yes
QGA VSS support no
QGA w32 disk info no
QGA MSI support no
seccomp support no
coroutine backend ucontext
coroutine pool yes
GlusterFS support no
Archipelago support no
gcov gcov
gcov enabled no
TPM support yes
libssh2 support no
TPM passthrough yes
QOM debugging yes
vhdx no
lzo support no
snappy support no
bzip2 support no
NUMA host support no
tcmalloc support no
jemalloc support no
avx2 optimization no
GEN x86_64-softmmu/config-devices.mak.tmp
GEN aarch64-softmmu/config-devices.mak.tmp
GEN config-host.h
GEN qemu-options.def
GEN qmp-commands.h
GEN qapi-types.h
GEN qapi-visit.h
GEN qapi-event.h
GEN x86_64-softmmu/config-devices.mak
GEN aarch64-softmmu/config-devices.mak
GEN qmp-introspect.h
GEN tests/test-qapi-types.h
GEN tests/test-qapi-visit.h
GEN tests/test-qmp-commands.h
GEN tests/test-qapi-event.h
GEN tests/test-qmp-introspect.h
GEN config-all-devices.mak
GEN trace/generated-events.h
GEN trace/generated-tracers.h
GEN trace/generated-tcg-tracers.h
GEN trace/generated-helpers-wrappers.h
GEN trace/generated-helpers.h
CC tests/qemu-iotests/socket_scm_helper.o
GEN qga/qapi-generated/qga-qapi-types.h
GEN qga/qapi-generated/qga-qapi-visit.h
GEN qga/qapi-generated/qga-qmp-commands.h
GEN qga/qapi-generated/qga-qapi-types.c
GEN qga/qapi-generated/qga-qapi-visit.c
GEN qga/qapi-generated/qga-qmp-marshal.c
GEN qmp-introspect.c
GEN qapi-types.c
GEN qapi-visit.c
GEN qapi-event.c
CC qapi/qapi-visit-core.o
CC qapi/qapi-dealloc-visitor.o
CC qapi/qmp-input-visitor.o
CC qapi/qmp-output-visitor.o
CC qapi/qmp-registry.o
CC qapi/qmp-dispatch.o
CC qapi/string-input-visitor.o
CC qapi/string-output-visitor.o
CC qapi/opts-visitor.o
CC qapi/qapi-clone-visitor.o
CC qapi/qmp-event.o
CC qapi/qapi-util.o
CC qobject/qnull.o
CC qobject/qint.o
CC qobject/qstring.o
CC qobject/qdict.o
CC qobject/qlist.o
CC qobject/qfloat.o
CC qobject/qbool.o
CC qobject/qjson.o
CC qobject/qobject.o
CC qobject/json-lexer.o
CC qobject/json-streamer.o
CC qobject/json-parser.o
GEN trace/generated-events.c
CC trace/control.o
CC trace/qmp.o
CC util/osdep.o
CC util/cutils.o
CC util/unicode.o
CC util/qemu-timer-common.o
CC util/compatfd.o
CC util/event_notifier-posix.o
CC util/mmap-alloc.o
CC util/oslib-posix.o
CC util/qemu-openpty.o
CC util/qemu-thread-posix.o
CC util/memfd.o
CC util/envlist.o
CC util/path.o
CC util/module.o
CC util/bitmap.o
CC util/bitops.o
CC util/hbitmap.o
CC util/fifo8.o
CC util/acl.o
CC util/error.o
CC util/id.o
CC util/qemu-error.o
CC util/iov.o
CC util/qemu-config.o
CC util/qemu-sockets.o
CC util/uri.o
CC util/notify.o
CC util/qemu-option.o
CC util/qemu-progress.o
CC util/hexdump.o
CC util/crc32c.o
CC util/throttle.o
CC util/getauxval.o
CC util/readline.o
CC util/rfifolock.o
CC util/rcu.o
CC util/qemu-coroutine.o
CC util/qemu-coroutine-lock.o
CC util/coroutine-ucontext.o
CC util/qemu-coroutine-io.o
CC util/qemu-coroutine-sleep.o
CC util/buffer.o
CC util/timed-average.o
CC util/base64.o
CC util/log.o
CC util/qdist.o
CC util/qht.o
CC util/range.o
CC crypto/pbkdf-stub.o
CC stubs/arch-query-cpu-def.o
CC stubs/bdrv-next-monitor-owned.o
CC stubs/blk-commit-all.o
CC stubs/blockdev-close-all-bdrv-states.o
/tmp/qemu-test/src/util/qht.c: In function ‘qht_reset_size’:
/tmp/qemu-test/src/util/qht.c:413: warning: ‘new’ may be used uninitialized in this function
CC stubs/clock-warp.o
CC stubs/cpu-get-clock.o
CC stubs/cpu-get-icount.o
CC stubs/dump.o
CC stubs/fdset-add-fd.o
CC stubs/fdset-find-fd.o
CC stubs/fdset-get-fd.o
CC stubs/fdset-remove-fd.o
CC stubs/gdbstub.o
CC stubs/get-fd.o
CC stubs/get-next-serial.o
CC stubs/get-vm-name.o
CC stubs/iothread-lock.o
CC stubs/is-daemonized.o
CC stubs/machine-init-done.o
CC stubs/migr-blocker.o
CC stubs/mon-is-qmp.o
CC stubs/mon-printf.o
CC stubs/monitor-init.o
CC stubs/notify-event.o
CC stubs/qtest.o
CC stubs/replay.o
CC stubs/replay-user.o
CC stubs/reset.o
CC stubs/runstate-check.o
CC stubs/set-fd-handler.o
CC stubs/slirp.o
CC stubs/sysbus.o
CC stubs/trace-control.o
CC stubs/uuid.o
CC stubs/vm-stop.o
CC stubs/vmstate.o
CC stubs/cpus.o
CC stubs/kvm.o
CC stubs/qmp_pc_dimm_device_list.o
CC stubs/target-monitor-defs.o
CC stubs/target-get-monitor-def.o
CC stubs/vhost.o
CC stubs/iohandler.o
CC stubs/smbios_type_38.o
CC stubs/ipmi.o
CC stubs/pc_madt_cpu_entry.o
CC contrib/ivshmem-client/ivshmem-client.o
CC contrib/ivshmem-client/main.o
CC contrib/ivshmem-server/ivshmem-server.o
CC contrib/ivshmem-server/main.o
CC qemu-nbd.o
CC async.o
CC thread-pool.o
CC block.o
CC blockjob.o
CC main-loop.o
CC iohandler.o
CC qemu-timer.o
CC aio-posix.o
CC qemu-io-cmds.o
CC block/raw_bsd.o
CC block/qcow.o
CC block/vdi.o
CC block/vmdk.o
CC block/cloop.o
CC block/bochs.o
CC block/vpc.o
CC block/vvfat.o
CC block/qcow2.o
CC block/qcow2-refcount.o
CC block/qcow2-cluster.o
CC block/qcow2-snapshot.o
CC block/qcow2-cache.o
CC block/qed.o
CC block/qed-gencb.o
CC block/qed-l2-cache.o
CC block/qed-table.o
CC block/qed-cluster.o
CC block/qed-check.o
CC block/quorum.o
CC block/parallels.o
CC block/blkdebug.o
CC block/blkverify.o
CC block/blkreplay.o
CC block/block-backend.o
CC block/snapshot.o
CC block/qapi.o
CC block/raw-posix.o
CC block/null.o
CC block/commit.o
CC block/mirror.o
CC block/io.o
CC block/throttle-groups.o
CC block/nbd.o
CC block/nbd-client.o
CC block/sheepdog.o
CC block/accounting.o
CC block/dirty-bitmap.o
CC block/write-threshold.o
CC block/crypto.o
CC nbd/server.o
CC nbd/client.o
CC nbd/common.o
CC block/dmg.o
CC crypto/init.o
CC crypto/hash.o
CC crypto/hash-glib.o
CC crypto/aes.o
CC crypto/desrfb.o
CC crypto/cipher.o
CC crypto/tlscreds.o
CC crypto/tlscredsanon.o
CC crypto/tlscredsx509.o
CC crypto/tlssession.o
CC crypto/secret.o
CC crypto/random-platform.o
CC crypto/pbkdf.o
CC crypto/ivgen.o
CC crypto/ivgen-essiv.o
CC crypto/ivgen-plain.o
CC crypto/ivgen-plain64.o
CC crypto/afsplit.o
CC crypto/xts.o
CC crypto/block.o
CC crypto/block-qcow.o
CC crypto/block-luks.o
CC io/channel.o
CC io/channel-buffer.o
CC io/channel-command.o
CC io/channel-file.o
CC io/channel-socket.o
CC io/channel-tls.o
CC io/channel-watch.o
CC io/channel-websock.o
CC io/channel-util.o
CC io/task.o
CC qom/object.o
CC qom/container.o
CC qom/qom-qobject.o
CC qom/object_interfaces.o
GEN qemu-img-cmds.h
CC qemu-io.o
CC qemu-bridge-helper.o
CC blockdev.o
CC blockdev-nbd.o
CC iothread.o
CC qdev-monitor.o
CC device-hotplug.o
CC os-posix.o
CC qemu-char.o
CC page_cache.o
CC accel.o
CC bt-host.o
CC bt-vhci.o
CC dma-helpers.o
CC vl.o
CC tpm.o
CC device_tree.o
GEN qmp-marshal.c
CC qmp.o
CC hmp.o
CC tcg-runtime.o
CC audio/audio.o
CC audio/noaudio.o
CC audio/wavaudio.o
CC audio/mixeng.o
CC audio/sdlaudio.o
CC audio/ossaudio.o
CC audio/wavcapture.o
CC backends/rng.o
CC backends/rng-egd.o
CC backends/rng-random.o
CC backends/msmouse.o
CC backends/testdev.o
CC backends/tpm.o
CC backends/hostmem.o
CC backends/hostmem-ram.o
CC backends/hostmem-file.o
CC block/stream.o
CC block/backup.o
CC disas/arm.o
CC disas/i386.o
CC fsdev/qemu-fsdev-dummy.o
CC fsdev/qemu-fsdev-opts.o
CC hw/acpi/core.o
CC hw/acpi/piix4.o
CC hw/acpi/pcihp.o
CC hw/acpi/ich9.o
CC hw/acpi/tco.o
CC hw/acpi/cpu_hotplug.o
CC hw/acpi/memory_hotplug.o
CC hw/acpi/memory_hotplug_acpi_table.o
CC hw/acpi/cpu.o
CC hw/acpi/acpi_interface.o
CC hw/acpi/bios-linker-loader.o
CC hw/acpi/aml-build.o
CC hw/acpi/ipmi.o
CC hw/audio/sb16.o
CC hw/audio/es1370.o
CC hw/audio/ac97.o
CC hw/audio/fmopl.o
CC hw/audio/adlib.o
CC hw/audio/gus.o
CC hw/audio/gusemu_hal.o
CC hw/audio/gusemu_mixer.o
CC hw/audio/cs4231a.o
CC hw/audio/intel-hda.o
CC hw/audio/hda-codec.o
CC hw/audio/pcspk.o
CC hw/audio/wm8750.o
CC hw/audio/pl041.o
CC hw/audio/lm4549.o
CC hw/audio/marvell_88w8618.o
CC hw/block/block.o
CC hw/block/cdrom.o
CC hw/block/hd-geometry.o
CC hw/block/fdc.o
CC hw/block/m25p80.o
CC hw/block/nand.o
CC hw/block/pflash_cfi01.o
CC hw/block/pflash_cfi02.o
CC hw/block/ecc.o
CC hw/block/onenand.o
CC hw/block/nvme.o
CC hw/bt/core.o
CC hw/bt/l2cap.o
CC hw/bt/sdp.o
CC hw/bt/hci.o
CC hw/bt/hid.o
CC hw/bt/hci-csr.o
CC hw/char/ipoctal232.o
CC hw/char/parallel.o
CC hw/char/pl011.o
CC hw/char/serial.o
CC hw/char/serial-isa.o
CC hw/char/serial-pci.o
CC hw/char/virtio-console.o
CC hw/char/cadence_uart.o
CC hw/char/debugcon.o
CC hw/char/imx_serial.o
CC hw/core/qdev.o
CC hw/core/qdev-properties.o
CC hw/core/bus.o
CC hw/core/fw-path-provider.o
CC hw/core/irq.o
CC hw/core/hotplug.o
CC hw/core/ptimer.o
CC hw/core/sysbus.o
CC hw/core/machine.o
CC hw/core/null-machine.o
CC hw/core/loader.o
CC hw/core/qdev-properties-system.o
CC hw/core/register.o
CC hw/core/platform-bus.o
CC hw/display/ads7846.o
CC hw/display/cirrus_vga.o
CC hw/display/pl110.o
CC hw/display/ssd0303.o
CC hw/display/ssd0323.o
CC hw/display/vga-pci.o
CC hw/display/vga-isa.o
CC hw/display/vmware_vga.o
CC hw/display/blizzard.o
CC hw/display/exynos4210_fimd.o
CC hw/display/framebuffer.o
CC hw/display/tc6393xb.o
CC hw/dma/pl080.o
CC hw/dma/pl330.o
CC hw/dma/i8257.o
CC hw/dma/xlnx-zynq-devcfg.o
CC hw/gpio/pl061.o
CC hw/gpio/max7310.o
CC hw/gpio/zaurus.o
CC hw/gpio/gpio_key.o
CC hw/i2c/core.o
CC hw/i2c/smbus.o
CC hw/i2c/i2c-ddc.o
CC hw/i2c/smbus_eeprom.o
CC hw/i2c/versatile_i2c.o
CC hw/i2c/smbus_ich9.o
CC hw/i2c/pm_smbus.o
CC hw/i2c/bitbang_i2c.o
CC hw/i2c/exynos4210_i2c.o
CC hw/i2c/imx_i2c.o
CC hw/i2c/aspeed_i2c.o
CC hw/ide/core.o
CC hw/ide/atapi.o
CC hw/ide/qdev.o
CC hw/ide/pci.o
CC hw/ide/isa.o
CC hw/ide/piix.o
CC hw/ide/ahci.o
CC hw/ide/microdrive.o
CC hw/ide/ich.o
CC hw/input/hid.o
CC hw/input/lm832x.o
CC hw/input/pckbd.o
CC hw/input/pl050.o
CC hw/input/ps2.o
CC hw/input/stellaris_input.o
CC hw/input/tsc2005.o
CC hw/input/vmmouse.o
CC hw/input/virtio-input.o
CC hw/input/virtio-input-hid.o
CC hw/input/virtio-input-host.o
CC hw/intc/i8259_common.o
CC hw/intc/i8259.o
CC hw/intc/pl190.o
CC hw/intc/imx_avic.o
CC hw/intc/realview_gic.o
CC hw/intc/ioapic_common.o
CC hw/intc/arm_gic_common.o
CC hw/intc/arm_gic.o
CC hw/intc/arm_gicv2m.o
CC hw/intc/arm_gicv3_common.o
CC hw/intc/arm_gicv3.o
CC hw/intc/arm_gicv3_dist.o
CC hw/intc/arm_gicv3_redist.o
CC hw/ipack/ipack.o
CC hw/ipack/tpci200.o
CC hw/ipmi/ipmi.o
CC hw/ipmi/ipmi_bmc_sim.o
CC hw/ipmi/ipmi_bmc_extern.o
CC hw/ipmi/isa_ipmi_kcs.o
CC hw/ipmi/isa_ipmi_bt.o
CC hw/isa/isa-bus.o
CC hw/isa/apm.o
CC hw/mem/pc-dimm.o
CC hw/mem/nvdimm.o
CC hw/misc/applesmc.o
CC hw/misc/max111x.o
CC hw/misc/tmp105.o
CC hw/misc/debugexit.o
CC hw/misc/sga.o
CC hw/misc/pc-testdev.o
CC hw/misc/pci-testdev.o
CC hw/misc/arm_l2x0.o
CC hw/misc/arm_integrator_debug.o
CC hw/misc/a9scu.o
CC hw/misc/arm11scu.o
CC hw/net/ne2000.o
CC hw/net/eepro100.o
CC hw/net/pcnet-pci.o
CC hw/net/pcnet.o
CC hw/net/e1000.o
CC hw/net/e1000x_common.o
CC hw/net/net_tx_pkt.o
CC hw/net/net_rx_pkt.o
CC hw/net/e1000e.o
CC hw/net/e1000e_core.o
CC hw/net/vmxnet3.o
CC hw/net/rtl8139.o
CC hw/net/smc91c111.o
CC hw/net/lan9118.o
CC hw/net/ne2000-isa.o
CC hw/net/xgmac.o
CC hw/net/allwinner_emac.o
CC hw/net/imx_fec.o
CC hw/net/cadence_gem.o
CC hw/net/stellaris_enet.o
CC hw/net/rocker/rocker.o
CC hw/net/rocker/rocker_fp.o
CC hw/net/rocker/rocker_desc.o
CC hw/net/rocker/rocker_world.o
CC hw/net/rocker/rocker_of_dpa.o
CC hw/nvram/eeprom93xx.o
CC hw/nvram/fw_cfg.o
CC hw/pci-bridge/pci_bridge_dev.o
CC hw/pci-bridge/pci_expander_bridge.o
CC hw/pci-bridge/xio3130_upstream.o
CC hw/pci-bridge/xio3130_downstream.o
CC hw/pci-bridge/ioh3420.o
/tmp/qemu-test/src/hw/nvram/fw_cfg.c: In function ‘fw_cfg_dma_transfer’:
/tmp/qemu-test/src/hw/nvram/fw_cfg.c:330: warning: ‘read’ may be used uninitialized in this function
CC hw/pci-bridge/i82801b11.o
CC hw/pci-host/pam.o
CC hw/pci-host/versatile.o
CC hw/pci-host/piix.o
CC hw/pci-host/q35.o
CC hw/pci-host/gpex.o
CC hw/pci/pci.o
CC hw/pci/pci_bridge.o
CC hw/pci/msix.o
CC hw/pci/msi.o
CC hw/pci/shpc.o
CC hw/pci/slotid_cap.o
CC hw/pci/pci_host.o
CC hw/pci/pcie_host.o
CC hw/pci/pcie.o
CC hw/pci/pcie_aer.o
CC hw/pci/pcie_port.o
CC hw/pci/pci-stub.o
CC hw/pcmcia/pcmcia.o
CC hw/scsi/scsi-disk.o
CC hw/scsi/scsi-generic.o
CC hw/scsi/scsi-bus.o
CC hw/scsi/lsi53c895a.o
CC hw/scsi/mptsas.o
CC hw/scsi/mptconfig.o
CC hw/scsi/mptendian.o
CC hw/scsi/megasas.o
CC hw/scsi/vmw_pvscsi.o
CC hw/scsi/esp.o
CC hw/scsi/esp-pci.o
CC hw/sd/pl181.o
CC hw/sd/ssi-sd.o
CC hw/sd/sd.o
CC hw/sd/core.o
CC hw/sd/sdhci.o
CC hw/smbios/smbios.o
CC hw/smbios/smbios_type_38.o
CC hw/ssi/pl022.o
CC hw/ssi/ssi.o
CC hw/ssi/xilinx_spips.o
CC hw/ssi/aspeed_smc.o
CC hw/timer/arm_timer.o
CC hw/timer/arm_mptimer.o
CC hw/timer/a9gtimer.o
CC hw/timer/cadence_ttc.o
CC hw/timer/ds1338.o
CC hw/timer/hpet.o
CC hw/timer/i8254_common.o
CC hw/timer/i8254.o
CC hw/timer/pl031.o
CC hw/timer/twl92230.o
CC hw/timer/imx_epit.o
CC hw/timer/imx_gpt.o
CC hw/timer/stm32f2xx_timer.o
CC hw/timer/aspeed_timer.o
CC hw/tpm/tpm_tis.o
CC hw/tpm/tpm_passthrough.o
CC hw/tpm/tpm_util.o
CC hw/usb/core.o
CC hw/usb/combined-packet.o
CC hw/usb/bus.o
CC hw/usb/libhw.o
CC hw/usb/desc.o
CC hw/usb/desc-msos.o
CC hw/usb/hcd-uhci.o
CC hw/usb/hcd-ohci.o
CC hw/usb/hcd-ehci.o
CC hw/usb/hcd-ehci-pci.o
CC hw/usb/hcd-ehci-sysbus.o
CC hw/usb/hcd-xhci.o
CC hw/usb/hcd-musb.o
CC hw/usb/dev-hub.o
CC hw/usb/dev-hid.o
CC hw/usb/dev-wacom.o
CC hw/usb/dev-storage.o
CC hw/usb/dev-uas.o
CC hw/usb/dev-audio.o
CC hw/usb/dev-serial.o
CC hw/usb/dev-network.o
CC hw/usb/dev-bluetooth.o
CC hw/usb/dev-smartcard-reader.o
CC hw/usb/dev-mtp.o
CC hw/usb/host-stub.o
CC hw/virtio/virtio-rng.o
CC hw/virtio/virtio-pci.o
CC hw/virtio/virtio-bus.o
CC hw/virtio/virtio-mmio.o
CC hw/watchdog/watchdog.o
CC hw/watchdog/wdt_i6300esb.o
CC hw/watchdog/wdt_ib700.o
CC migration/migration.o
CC migration/socket.o
CC migration/fd.o
CC migration/exec.o
CC migration/tls.o
CC migration/vmstate.o
CC migration/qemu-file.o
CC migration/qemu-file-channel.o
CC migration/xbzrle.o
CC migration/postcopy-ram.o
CC migration/qjson.o
CC migration/block.o
CC net/net.o
CC net/queue.o
CC net/checksum.o
CC net/util.o
CC net/hub.o
CC net/socket.o
CC net/dump.o
CC net/eth.o
CC net/l2tpv3.o
CC net/tap.o
CC net/vhost-user.o
CC net/tap-linux.o
CC net/slirp.o
CC net/filter.o
CC net/filter-buffer.o
CC net/filter-mirror.o
CC qom/cpu.o
CC replay/replay.o
CC replay/replay-internal.o
/tmp/qemu-test/src/replay/replay-internal.c: In function ‘replay_put_array’:
/tmp/qemu-test/src/replay/replay-internal.c:68: warning: ignoring return value of ‘fwrite’, declared with attribute warn_unused_result
CC replay/replay-events.o
CC replay/replay-time.o
CC replay/replay-input.o
CC replay/replay-char.o
CC slirp/cksum.o
CC slirp/if.o
CC slirp/ip_icmp.o
CC slirp/ip6_icmp.o
CC slirp/ip6_input.o
CC slirp/ip6_output.o
CC slirp/ip_input.o
CC slirp/ip_output.o
CC slirp/dnssearch.o
CC slirp/dhcpv6.o
CC slirp/slirp.o
CC slirp/mbuf.o
CC slirp/misc.o
CC slirp/sbuf.o
CC slirp/socket.o
CC slirp/tcp_input.o
CC slirp/tcp_output.o
CC slirp/tcp_subr.o
CC slirp/tcp_timer.o
/tmp/qemu-test/src/slirp/tcp_input.c: In function ‘tcp_input’:
/tmp/qemu-test/src/slirp/tcp_input.c:219: warning: ‘save_ip.ip_p’ may be used uninitialized in this function
/tmp/qemu-test/src/slirp/tcp_input.c:219: warning: ‘save_ip.ip_len’ may be used uninitialized in this function
/tmp/qemu-test/src/slirp/tcp_input.c:219: warning: ‘save_ip.ip_tos’ may be used uninitialized in this function
/tmp/qemu-test/src/slirp/tcp_input.c:219: warning: ‘save_ip.ip_id’ may be used uninitialized in this function
/tmp/qemu-test/src/slirp/tcp_input.c:219: warning: ‘save_ip.ip_off’ may be used uninitialized in this function
/tmp/qemu-test/src/slirp/tcp_input.c:219: warning: ‘save_ip.ip_ttl’ may be used uninitialized in this function
/tmp/qemu-test/src/slirp/tcp_input.c:219: warning: ‘save_ip.ip_sum’ may be used uninitialized in this function
/tmp/qemu-test/src/slirp/tcp_input.c:219: warning: ‘save_ip.ip_src.s_addr’ may be used uninitialized in this function
/tmp/qemu-test/src/slirp/tcp_input.c:219: warning: ‘save_ip.ip_dst.s_addr’ may be used uninitialized in this function
/tmp/qemu-test/src/slirp/tcp_input.c:220: warning: ‘save_ip6.ip_nh’ may be used uninitialized in this function
CC slirp/udp.o
CC slirp/udp6.o
CC slirp/bootp.o
CC slirp/tftp.o
CC slirp/arp_table.o
CC slirp/ndp_table.o
CC ui/console.o
CC ui/keymaps.o
CC ui/cursor.o
CC ui/qemu-pixman.o
CC ui/input.o
CC ui/input-keymap.o
CC ui/input-legacy.o
CC ui/input-linux.o
CC ui/sdl.o
CC ui/sdl_zoom.o
CC ui/x_keymap.o
CC ui/vnc.o
CC ui/vnc-enc-zlib.o
CC ui/vnc-enc-hextile.o
CC ui/vnc-enc-tight.o
CC ui/vnc-palette.o
CC ui/vnc-enc-zrle.o
CC ui/vnc-auth-vencrypt.o
CC ui/vnc-ws.o
CC ui/vnc-jobs.o
LINK tests/qemu-iotests/socket_scm_helper
CC qga/commands.o
CC qga/guest-agent-command-state.o
CC qga/main.o
CC qga/commands-posix.o
CC qga/channel-posix.o
CC qga/qapi-generated/qga-qapi-types.o
CC qga/qapi-generated/qga-qapi-visit.o
CC qga/qapi-generated/qga-qmp-marshal.o
CC qmp-introspect.o
CC qapi-types.o
CC qapi-visit.o
CC qapi-event.o
AR libqemustub.a
CC qemu-img.o
CC qmp-marshal.o
CC trace/generated-events.o
AS optionrom/multiboot.o
AS optionrom/linuxboot.o
CC optionrom/linuxboot_dma.o
AS optionrom/kvmvapic.o
cc: unrecognized option '-no-integrated-as'
cc: unrecognized option '-no-integrated-as'
Building optionrom/linuxboot_dma.img
Building optionrom/linuxboot.img
Building optionrom/multiboot.img
Building optionrom/linuxboot_dma.raw
Building optionrom/linuxboot.raw
Building optionrom/multiboot.raw
Building optionrom/kvmvapic.img
Building optionrom/kvmvapic.raw
Signing optionrom/multiboot.bin
Signing optionrom/linuxboot.bin
Signing optionrom/linuxboot_dma.bin
Signing optionrom/kvmvapic.bin
AR libqemuutil.a
LINK qemu-ga
LINK ivshmem-client
LINK ivshmem-server
LINK qemu-nbd
LINK qemu-img
LINK qemu-io
LINK qemu-bridge-helper
GEN aarch64-softmmu/hmp-commands.h
GEN aarch64-softmmu/hmp-commands-info.h
GEN aarch64-softmmu/qmp-commands-old.h
GEN aarch64-softmmu/config-target.h
GEN x86_64-softmmu/hmp-commands.h
GEN x86_64-softmmu/hmp-commands-info.h
GEN x86_64-softmmu/qmp-commands-old.h
GEN x86_64-softmmu/config-target.h
CC aarch64-softmmu/translate-all.o
CC aarch64-softmmu/exec.o
CC aarch64-softmmu/cpu-exec.o
CC aarch64-softmmu/translate-common.o
CC aarch64-softmmu/cpu-exec-common.o
CC aarch64-softmmu/tcg/tcg.o
CC aarch64-softmmu/tcg/tcg-op.o
CC aarch64-softmmu/tcg/optimize.o
CC aarch64-softmmu/tcg/tcg-common.o
CC aarch64-softmmu/fpu/softfloat.o
CC aarch64-softmmu/disas.o
GEN aarch64-softmmu/gdbstub-xml.c
CC aarch64-softmmu/kvm-stub.o
CC aarch64-softmmu/arch_init.o
CC aarch64-softmmu/cpus.o
CC aarch64-softmmu/monitor.o
CC aarch64-softmmu/gdbstub.o
CC aarch64-softmmu/balloon.o
CC aarch64-softmmu/ioport.o
CC aarch64-softmmu/numa.o
CC aarch64-softmmu/qtest.o
CC aarch64-softmmu/bootdevice.o
CC aarch64-softmmu/memory.o
CC aarch64-softmmu/cputlb.o
CC aarch64-softmmu/memory_mapping.o
CC aarch64-softmmu/dump.o
CC x86_64-softmmu/exec.o
CC aarch64-softmmu/migration/ram.o
CC aarch64-softmmu/migration/savevm.o
CC aarch64-softmmu/xen-common-stub.o
CC aarch64-softmmu/xen-hvm-stub.o
CC x86_64-softmmu/translate-all.o
CC aarch64-softmmu/hw/block/virtio-blk.o
CC x86_64-softmmu/cpu-exec.o
CC x86_64-softmmu/translate-common.o
CC x86_64-softmmu/cpu-exec-common.o
CC x86_64-softmmu/tcg/tcg.o
CC aarch64-softmmu/hw/block/dataplane/virtio-blk.o
CC x86_64-softmmu/tcg/tcg-op.o
CC x86_64-softmmu/tcg/optimize.o
CC aarch64-softmmu/hw/char/exynos4210_uart.o
CC x86_64-softmmu/tcg/tcg-common.o
CC x86_64-softmmu/fpu/softfloat.o
CC aarch64-softmmu/hw/char/omap_uart.o
CC aarch64-softmmu/hw/char/digic-uart.o
CC x86_64-softmmu/disas.o
CC aarch64-softmmu/hw/char/stm32f2xx_usart.o
CC aarch64-softmmu/hw/char/bcm2835_aux.o
CC x86_64-softmmu/arch_init.o
CC aarch64-softmmu/hw/char/virtio-serial-bus.o
CC aarch64-softmmu/hw/core/nmi.o
CC aarch64-softmmu/hw/cpu/arm11mpcore.o
CC x86_64-softmmu/cpus.o
CC aarch64-softmmu/hw/cpu/realview_mpcore.o
CC aarch64-softmmu/hw/cpu/a9mpcore.o
CC x86_64-softmmu/monitor.o
CC aarch64-softmmu/hw/cpu/a15mpcore.o
CC aarch64-softmmu/hw/cpu/core.o
CC aarch64-softmmu/hw/display/omap_dss.o
CC aarch64-softmmu/hw/display/omap_lcdc.o
CC aarch64-softmmu/hw/display/pxa2xx_lcd.o
CC x86_64-softmmu/gdbstub.o
CC x86_64-softmmu/balloon.o
CC x86_64-softmmu/ioport.o
CC aarch64-softmmu/hw/display/bcm2835_fb.o
CC aarch64-softmmu/hw/display/vga.o
CC x86_64-softmmu/numa.o
CC aarch64-softmmu/hw/display/virtio-gpu.o
CC x86_64-softmmu/qtest.o
CC aarch64-softmmu/hw/display/virtio-gpu-3d.o
CC x86_64-softmmu/bootdevice.o
CC aarch64-softmmu/hw/display/virtio-gpu-pci.o
CC aarch64-softmmu/hw/display/dpcd.o
CC x86_64-softmmu/kvm-all.o
CC aarch64-softmmu/hw/display/xlnx_dp.o
CC aarch64-softmmu/hw/dma/xlnx_dpdma.o
CC x86_64-softmmu/memory.o
CC aarch64-softmmu/hw/dma/omap_dma.o
CC x86_64-softmmu/cputlb.o
CC aarch64-softmmu/hw/dma/soc_dma.o
CC aarch64-softmmu/hw/dma/pxa2xx_dma.o
CC x86_64-softmmu/memory_mapping.o
CC aarch64-softmmu/hw/dma/bcm2835_dma.o
CC x86_64-softmmu/dump.o
CC aarch64-softmmu/hw/gpio/omap_gpio.o
CC x86_64-softmmu/migration/ram.o
CC x86_64-softmmu/migration/savevm.o
CC x86_64-softmmu/xen-common-stub.o
CC aarch64-softmmu/hw/gpio/imx_gpio.o
CC x86_64-softmmu/xen-hvm-stub.o
CC aarch64-softmmu/hw/i2c/omap_i2c.o
CC x86_64-softmmu/hw/acpi/nvdimm.o
CC aarch64-softmmu/hw/input/pxa2xx_keypad.o
CC x86_64-softmmu/hw/block/virtio-blk.o
CC x86_64-softmmu/hw/block/dataplane/virtio-blk.o
CC aarch64-softmmu/hw/input/tsc210x.o
CC x86_64-softmmu/hw/char/virtio-serial-bus.o
CC aarch64-softmmu/hw/intc/armv7m_nvic.o
CC aarch64-softmmu/hw/intc/exynos4210_gic.o
CC aarch64-softmmu/hw/intc/exynos4210_combiner.o
CC aarch64-softmmu/hw/intc/omap_intc.o
CC x86_64-softmmu/hw/core/nmi.o
CC x86_64-softmmu/hw/cpu/core.o
CC x86_64-softmmu/hw/display/vga.o
CC x86_64-softmmu/hw/display/virtio-gpu.o
CC x86_64-softmmu/hw/display/virtio-gpu-3d.o
CC aarch64-softmmu/hw/intc/bcm2835_ic.o
CC aarch64-softmmu/hw/intc/bcm2836_control.o
CC x86_64-softmmu/hw/display/virtio-gpu-pci.o
CC aarch64-softmmu/hw/intc/allwinner-a10-pic.o
CC x86_64-softmmu/hw/display/virtio-vga.o
CC x86_64-softmmu/hw/intc/apic.o
CC aarch64-softmmu/hw/intc/aspeed_vic.o
CC x86_64-softmmu/hw/intc/apic_common.o
CC aarch64-softmmu/hw/intc/arm_gicv3_cpuif.o
CC x86_64-softmmu/hw/intc/ioapic.o
CC aarch64-softmmu/hw/misc/ivshmem.o
CC x86_64-softmmu/hw/isa/lpc_ich9.o
CC aarch64-softmmu/hw/misc/arm_sysctl.o
CC x86_64-softmmu/hw/misc/ivshmem.o
CC x86_64-softmmu/hw/misc/vmport.o
CC aarch64-softmmu/hw/misc/cbus.o
CC x86_64-softmmu/hw/misc/pvpanic.o
CC aarch64-softmmu/hw/misc/exynos4210_pmu.o
CC aarch64-softmmu/hw/misc/imx_ccm.o
CC x86_64-softmmu/hw/misc/edu.o
CC x86_64-softmmu/hw/misc/hyperv_testdev.o
CC x86_64-softmmu/hw/net/virtio-net.o
CC aarch64-softmmu/hw/misc/imx31_ccm.o
CC x86_64-softmmu/hw/scsi/virtio-scsi.o
CC x86_64-softmmu/hw/net/vhost_net.o
CC aarch64-softmmu/hw/misc/imx25_ccm.o
CC x86_64-softmmu/hw/scsi/virtio-scsi-dataplane.o
CC x86_64-softmmu/hw/scsi/vhost-scsi.o
CC aarch64-softmmu/hw/misc/imx6_ccm.o
CC aarch64-softmmu/hw/misc/imx6_src.o
CC aarch64-softmmu/hw/misc/mst_fpga.o
CC x86_64-softmmu/hw/timer/mc146818rtc.o
CC aarch64-softmmu/hw/misc/omap_clk.o
CC x86_64-softmmu/hw/vfio/common.o
CC aarch64-softmmu/hw/misc/omap_gpmc.o
CC aarch64-softmmu/hw/misc/omap_l4.o
CC x86_64-softmmu/hw/vfio/pci.o
CC aarch64-softmmu/hw/misc/omap_sdrc.o
CC x86_64-softmmu/hw/vfio/pci-quirks.o
CC aarch64-softmmu/hw/misc/omap_tap.o
CC aarch64-softmmu/hw/misc/bcm2835_mbox.o
CC aarch64-softmmu/hw/misc/bcm2835_property.o
CC x86_64-softmmu/hw/vfio/platform.o
CC aarch64-softmmu/hw/misc/zynq_slcr.o
CC x86_64-softmmu/hw/vfio/calxeda-xgmac.o
CC aarch64-softmmu/hw/misc/zynq-xadc.o
CC aarch64-softmmu/hw/misc/stm32f2xx_syscfg.o
CC x86_64-softmmu/hw/vfio/amd-xgbe.o
CC x86_64-softmmu/hw/vfio/spapr.o
CC x86_64-softmmu/hw/virtio/virtio.o
CC aarch64-softmmu/hw/misc/edu.o
CC x86_64-softmmu/hw/virtio/virtio-balloon.o
CC x86_64-softmmu/hw/virtio/vhost.o
CC aarch64-softmmu/hw/misc/auxbus.o
CC x86_64-softmmu/hw/virtio/vhost-backend.o
CC x86_64-softmmu/hw/virtio/vhost-user.o
CC aarch64-softmmu/hw/misc/aspeed_scu.o
CC aarch64-softmmu/hw/net/virtio-net.o
CC aarch64-softmmu/hw/net/vhost_net.o
CC x86_64-softmmu/hw/i386/multiboot.o
/tmp/qemu-test/src/hw/virtio/virtio.c: In function ‘virtio_load’:
/tmp/qemu-test/src/hw/virtio/virtio.c:1683: error: expected ‘)’ before ‘i’
/tmp/qemu-test/src/hw/virtio/virtio.c:1685: warning: too few arguments for format
make[1]: *** [hw/virtio/virtio.o] Error 1
make[1]: *** Waiting for unfinished jobs....
CC x86_64-softmmu/hw/i386/pc.o
CC aarch64-softmmu/hw/pcmcia/pxa2xx.o
CC aarch64-softmmu/hw/scsi/virtio-scsi.o
CC aarch64-softmmu/hw/scsi/virtio-scsi-dataplane.o
CC aarch64-softmmu/hw/scsi/vhost-scsi.o
CC aarch64-softmmu/hw/sd/omap_mmc.o
CC aarch64-softmmu/hw/sd/pxa2xx_mmci.o
CC aarch64-softmmu/hw/ssi/omap_spi.o
CC aarch64-softmmu/hw/ssi/imx_spi.o
CC aarch64-softmmu/hw/timer/exynos4210_mct.o
CC aarch64-softmmu/hw/timer/exynos4210_pwm.o
CC aarch64-softmmu/hw/timer/exynos4210_rtc.o
CC aarch64-softmmu/hw/timer/omap_gptimer.o
CC aarch64-softmmu/hw/timer/omap_synctimer.o
CC aarch64-softmmu/hw/timer/pxa2xx_timer.o
CC aarch64-softmmu/hw/timer/digic-timer.o
CC aarch64-softmmu/hw/timer/allwinner-a10-pit.o
CC aarch64-softmmu/hw/usb/tusb6010.o
CC aarch64-softmmu/hw/vfio/common.o
CC aarch64-softmmu/hw/vfio/pci.o
CC aarch64-softmmu/hw/vfio/pci-quirks.o
CC aarch64-softmmu/hw/vfio/platform.o
make: *** [subdir-x86_64-softmmu] Error 2
make: *** Waiting for unfinished jobs....
CC aarch64-softmmu/hw/vfio/calxeda-xgmac.o
CC aarch64-softmmu/hw/vfio/amd-xgbe.o
CC aarch64-softmmu/hw/vfio/spapr.o
CC aarch64-softmmu/hw/virtio/virtio.o
CC aarch64-softmmu/hw/virtio/virtio-balloon.o
CC aarch64-softmmu/hw/virtio/vhost.o
CC aarch64-softmmu/hw/virtio/vhost-backend.o
CC aarch64-softmmu/hw/virtio/vhost-user.o
CC aarch64-softmmu/hw/arm/boot.o
CC aarch64-softmmu/hw/arm/collie.o
CC aarch64-softmmu/hw/arm/exynos4_boards.o
CC aarch64-softmmu/hw/arm/gumstix.o
CC aarch64-softmmu/hw/arm/highbank.o
CC aarch64-softmmu/hw/arm/digic_boards.o
CC aarch64-softmmu/hw/arm/integratorcp.o
CC aarch64-softmmu/hw/arm/mainstone.o
CC aarch64-softmmu/hw/arm/musicpal.o
CC aarch64-softmmu/hw/arm/nseries.o
CC aarch64-softmmu/hw/arm/omap_sx1.o
CC aarch64-softmmu/hw/arm/palm.o
CC aarch64-softmmu/hw/arm/realview.o
CC aarch64-softmmu/hw/arm/spitz.o
CC aarch64-softmmu/hw/arm/stellaris.o
CC aarch64-softmmu/hw/arm/tosa.o
CC aarch64-softmmu/hw/arm/versatilepb.o
CC aarch64-softmmu/hw/arm/vexpress.o
CC aarch64-softmmu/hw/arm/virt.o
CC aarch64-softmmu/hw/arm/xilinx_zynq.o
CC aarch64-softmmu/hw/arm/z2.o
CC aarch64-softmmu/hw/arm/virt-acpi-build.o
CC aarch64-softmmu/hw/arm/netduino2.o
CC aarch64-softmmu/hw/arm/sysbus-fdt.o
CC aarch64-softmmu/hw/arm/armv7m.o
CC aarch64-softmmu/hw/arm/exynos4210.o
CC aarch64-softmmu/hw/arm/pxa2xx.o
CC aarch64-softmmu/hw/arm/pxa2xx_gpio.o
CC aarch64-softmmu/hw/arm/pxa2xx_pic.o
CC aarch64-softmmu/hw/arm/digic.o
CC aarch64-softmmu/hw/arm/omap1.o
CC aarch64-softmmu/hw/arm/omap2.o
CC aarch64-softmmu/hw/arm/strongarm.o
CC aarch64-softmmu/hw/arm/allwinner-a10.o
CC aarch64-softmmu/hw/arm/cubieboard.o
CC aarch64-softmmu/hw/arm/bcm2835_peripherals.o
CC aarch64-softmmu/hw/arm/bcm2836.o
CC aarch64-softmmu/hw/arm/raspi.o
CC aarch64-softmmu/hw/arm/stm32f205_soc.o
CC aarch64-softmmu/hw/arm/xlnx-zynqmp.o
CC aarch64-softmmu/hw/arm/xlnx-ep108.o
CC aarch64-softmmu/hw/arm/fsl-imx25.o
CC aarch64-softmmu/hw/arm/imx25_pdk.o
CC aarch64-softmmu/hw/arm/fsl-imx31.o
CC aarch64-softmmu/hw/arm/kzm.o
CC aarch64-softmmu/hw/arm/fsl-imx6.o
CC aarch64-softmmu/hw/arm/sabrelite.o
CC aarch64-softmmu/hw/arm/ast2400.o
CC aarch64-softmmu/hw/arm/palmetto-bmc.o
CC aarch64-softmmu/target-arm/arm-semi.o
CC aarch64-softmmu/target-arm/machine.o
CC aarch64-softmmu/target-arm/psci.o
CC aarch64-softmmu/target-arm/arch_dump.o
CC aarch64-softmmu/target-arm/monitor.o
CC aarch64-softmmu/target-arm/kvm-stub.o
CC aarch64-softmmu/target-arm/translate.o
CC aarch64-softmmu/target-arm/op_helper.o
CC aarch64-softmmu/target-arm/helper.o
CC aarch64-softmmu/target-arm/cpu.o
CC aarch64-softmmu/target-arm/neon_helper.o
CC aarch64-softmmu/target-arm/iwmmxt_helper.o
CC aarch64-softmmu/target-arm/cpu64.o
CC aarch64-softmmu/target-arm/gdbstub.o
CC aarch64-softmmu/target-arm/translate-a64.o
/tmp/qemu-test/src/hw/virtio/virtio.c: In function ‘virtio_load’:
/tmp/qemu-test/src/hw/virtio/virtio.c:1683: error: expected ‘)’ before ‘i’
/tmp/qemu-test/src/hw/virtio/virtio.c:1685: warning: too few arguments for format
make[1]: *** [hw/virtio/virtio.o] Error 1
make[1]: *** Waiting for unfinished jobs....
/tmp/qemu-test/src/target-arm/translate-a64.c: In function ‘handle_shri_with_rndacc’:
/tmp/qemu-test/src/target-arm/translate-a64.c:6308: warning: ‘tcg_src_hi’ may be used uninitialized in this function
/tmp/qemu-test/src/target-arm/translate-a64.c: In function ‘disas_simd_scalar_two_reg_misc’:
/tmp/qemu-test/src/target-arm/translate-a64.c:8035: warning: ‘rmode’ may be used uninitialized in this function
make: *** [subdir-aarch64-softmmu] Error 2
tests/docker/Makefile.include:104: recipe for target 'docker-run-test-quick@centos6' failed
make: *** [docker-run-test-quick@centos6] Error 1
=== OUTPUT END ===
Test command exited with code: 2
---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-devel@freelists.org
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [Qemu-devel] [PATCH for-2.7 1/4] virtio: recalculate vq->inuse after migration
2016-08-12 15:32 ` [Qemu-devel] [PATCH for-2.7 1/4] virtio: recalculate vq->inuse after migration Stefan Hajnoczi
@ 2016-08-12 21:30 ` Michael S. Tsirkin
2016-08-14 11:12 ` Fam Zheng
2016-08-15 8:23 ` Cornelia Huck
2 siblings, 0 replies; 15+ messages in thread
From: Michael S. Tsirkin @ 2016-08-12 21:30 UTC (permalink / raw)
To: Stefan Hajnoczi; +Cc: qemu-devel, Luiz Capitulino, gaudenz
On Fri, Aug 12, 2016 at 04:32:55PM +0100, Stefan Hajnoczi wrote:
> The vq->inuse field is not migrated. Many devices don't hold
> VirtQueueElements across migration so it doesn't matter that vq->inuse
> starts at 0 on the destination QEMU.
>
> At least virtio-serial, virtio-blk, and virtio-balloon migrate while
> holding VirtQueueElements. For these devices we need to recalculate
> vq->inuse upon load so the value is correct.
>
> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
> ---
> hw/virtio/virtio.c | 14 ++++++++++++++
> 1 file changed, 14 insertions(+)
>
> diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
> index 15ee3a7..4df8274 100644
> --- a/hw/virtio/virtio.c
> +++ b/hw/virtio/virtio.c
> @@ -1648,6 +1648,20 @@ int virtio_load(VirtIODevice *vdev, QEMUFile *f, int version_id)
> }
> vdev->vq[i].used_idx = vring_used_idx(&vdev->vq[i]);
> vdev->vq[i].shadow_avail_idx = vring_avail_idx(&vdev->vq[i]);
> +
> + /* Some devices migrate VirtQueueElements that have been popped
> + * from the avail ring but not yet returned to the used ring.
> + */
> + vdev->vq[i].inuse = vdev->vq[i].last_avail_idx -
> + vdev->vq[i].used_idx;
> + if (vdev->vq[i].inuse > vdev->vq[i].vring.num) {
> + error_report("VQ %d size 0x%x < last_avail_idx 0x%x - "
> + "used_idx 0x%x"
> + i, vdev->vq[i].vring.num,
> + vdev->vq[i].last_avail_idx,
> + vdev->vq[i].used_idx);
> + return -1;
> + }
> }
> }
>
> --
> 2.7.4
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [Qemu-devel] [PATCH for-2.7 2/4] virtio: decrement vq->inuse in virtqueue_discard()
2016-08-12 15:32 ` [Qemu-devel] [PATCH for-2.7 2/4] virtio: decrement vq->inuse in virtqueue_discard() Stefan Hajnoczi
@ 2016-08-12 21:31 ` Michael S. Tsirkin
2016-08-15 8:24 ` Cornelia Huck
1 sibling, 0 replies; 15+ messages in thread
From: Michael S. Tsirkin @ 2016-08-12 21:31 UTC (permalink / raw)
To: Stefan Hajnoczi; +Cc: qemu-devel, Luiz Capitulino, gaudenz
On Fri, Aug 12, 2016 at 04:32:56PM +0100, Stefan Hajnoczi wrote:
> virtqueue_descard()
discard
> moves vq->last_avail_idx back so the element can be
> popped again. It's necessary to decrement vq->inuse to avoid "leaking"
> the element count.
>
> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
With the correction above
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
> ---
> hw/virtio/virtio.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
> index 4df8274..00158b6 100644
> --- a/hw/virtio/virtio.c
> +++ b/hw/virtio/virtio.c
> @@ -268,6 +268,7 @@ void virtqueue_discard(VirtQueue *vq, const VirtQueueElement *elem,
> unsigned int len)
> {
> vq->last_avail_idx--;
> + vq->inuse--;
> virtqueue_unmap_sg(vq, elem, len);
> }
>
> --
> 2.7.4
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [Qemu-devel] [PATCH for-2.7 1/4] virtio: recalculate vq->inuse after migration
2016-08-12 15:32 ` [Qemu-devel] [PATCH for-2.7 1/4] virtio: recalculate vq->inuse after migration Stefan Hajnoczi
2016-08-12 21:30 ` Michael S. Tsirkin
@ 2016-08-14 11:12 ` Fam Zheng
2016-08-15 8:23 ` Cornelia Huck
2 siblings, 0 replies; 15+ messages in thread
From: Fam Zheng @ 2016-08-14 11:12 UTC (permalink / raw)
To: Stefan Hajnoczi; +Cc: qemu-devel, gaudenz, Michael S. Tsirkin, Luiz Capitulino
On Fri, 08/12 16:32, Stefan Hajnoczi wrote:
> The vq->inuse field is not migrated. Many devices don't hold
> VirtQueueElements across migration so it doesn't matter that vq->inuse
> starts at 0 on the destination QEMU.
>
> At least virtio-serial, virtio-blk, and virtio-balloon migrate while
> holding VirtQueueElements. For these devices we need to recalculate
> vq->inuse upon load so the value is correct.
>
> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
> ---
> hw/virtio/virtio.c | 14 ++++++++++++++
> 1 file changed, 14 insertions(+)
>
> diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
> index 15ee3a7..4df8274 100644
> --- a/hw/virtio/virtio.c
> +++ b/hw/virtio/virtio.c
> @@ -1648,6 +1648,20 @@ int virtio_load(VirtIODevice *vdev, QEMUFile *f, int version_id)
> }
> vdev->vq[i].used_idx = vring_used_idx(&vdev->vq[i]);
> vdev->vq[i].shadow_avail_idx = vring_avail_idx(&vdev->vq[i]);
> +
> + /* Some devices migrate VirtQueueElements that have been popped
> + * from the avail ring but not yet returned to the used ring.
> + */
> + vdev->vq[i].inuse = vdev->vq[i].last_avail_idx -
> + vdev->vq[i].used_idx;
> + if (vdev->vq[i].inuse > vdev->vq[i].vring.num) {
> + error_report("VQ %d size 0x%x < last_avail_idx 0x%x - "
> + "used_idx 0x%x"
.-----------^
I believe a comma is missing here /
Fam
> + i, vdev->vq[i].vring.num,
> + vdev->vq[i].last_avail_idx,
> + vdev->vq[i].used_idx);
> + return -1;
> + }
> }
> }
>
> --
> 2.7.4
>
>
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [Qemu-devel] [PATCH for-2.7 1/4] virtio: recalculate vq->inuse after migration
2016-08-12 15:32 ` [Qemu-devel] [PATCH for-2.7 1/4] virtio: recalculate vq->inuse after migration Stefan Hajnoczi
2016-08-12 21:30 ` Michael S. Tsirkin
2016-08-14 11:12 ` Fam Zheng
@ 2016-08-15 8:23 ` Cornelia Huck
2 siblings, 0 replies; 15+ messages in thread
From: Cornelia Huck @ 2016-08-15 8:23 UTC (permalink / raw)
To: Stefan Hajnoczi; +Cc: qemu-devel, gaudenz, Michael S. Tsirkin, Luiz Capitulino
On Fri, 12 Aug 2016 16:32:55 +0100
Stefan Hajnoczi <stefanha@redhat.com> wrote:
> The vq->inuse field is not migrated. Many devices don't hold
> VirtQueueElements across migration so it doesn't matter that vq->inuse
> starts at 0 on the destination QEMU.
>
> At least virtio-serial, virtio-blk, and virtio-balloon migrate while
> holding VirtQueueElements. For these devices we need to recalculate
> vq->inuse upon load so the value is correct.
>
> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
> ---
> hw/virtio/virtio.c | 14 ++++++++++++++
> 1 file changed, 14 insertions(+)
>
> diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
> index 15ee3a7..4df8274 100644
> --- a/hw/virtio/virtio.c
> +++ b/hw/virtio/virtio.c
> @@ -1648,6 +1648,20 @@ int virtio_load(VirtIODevice *vdev, QEMUFile *f, int version_id)
> }
> vdev->vq[i].used_idx = vring_used_idx(&vdev->vq[i]);
> vdev->vq[i].shadow_avail_idx = vring_avail_idx(&vdev->vq[i]);
> +
> + /* Some devices migrate VirtQueueElements that have been popped
Make this
/*
* Some...
?
> + * from the avail ring but not yet returned to the used ring.
> + */
> + vdev->vq[i].inuse = vdev->vq[i].last_avail_idx -
> + vdev->vq[i].used_idx;
> + if (vdev->vq[i].inuse > vdev->vq[i].vring.num) {
> + error_report("VQ %d size 0x%x < last_avail_idx 0x%x - "
> + "used_idx 0x%x"
...as you need to add the comma here anyway.
> + i, vdev->vq[i].vring.num,
> + vdev->vq[i].last_avail_idx,
> + vdev->vq[i].used_idx);
> + return -1;
> + }
> }
> }
>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [Qemu-devel] [PATCH for-2.7 2/4] virtio: decrement vq->inuse in virtqueue_discard()
2016-08-12 15:32 ` [Qemu-devel] [PATCH for-2.7 2/4] virtio: decrement vq->inuse in virtqueue_discard() Stefan Hajnoczi
2016-08-12 21:31 ` Michael S. Tsirkin
@ 2016-08-15 8:24 ` Cornelia Huck
1 sibling, 0 replies; 15+ messages in thread
From: Cornelia Huck @ 2016-08-15 8:24 UTC (permalink / raw)
To: Stefan Hajnoczi; +Cc: qemu-devel, gaudenz, Michael S. Tsirkin, Luiz Capitulino
On Fri, 12 Aug 2016 16:32:56 +0100
Stefan Hajnoczi <stefanha@redhat.com> wrote:
> virtqueue_descard() moves vq->last_avail_idx back so the element can be
> popped again. It's necessary to decrement vq->inuse to avoid "leaking"
> the element count.
>
> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
> ---
> hw/virtio/virtio.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
> index 4df8274..00158b6 100644
> --- a/hw/virtio/virtio.c
> +++ b/hw/virtio/virtio.c
> @@ -268,6 +268,7 @@ void virtqueue_discard(VirtQueue *vq, const VirtQueueElement *elem,
> unsigned int len)
> {
> vq->last_avail_idx--;
> + vq->inuse--;
> virtqueue_unmap_sg(vq, elem, len);
> }
>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [Qemu-devel] [PATCH for-2.7 3/4] virtio: add virtqueue_rewind()
2016-08-12 15:32 ` [Qemu-devel] [PATCH for-2.7 3/4] virtio: add virtqueue_rewind() Stefan Hajnoczi
@ 2016-08-15 8:36 ` Cornelia Huck
2016-08-15 12:34 ` Stefan Hajnoczi
0 siblings, 1 reply; 15+ messages in thread
From: Cornelia Huck @ 2016-08-15 8:36 UTC (permalink / raw)
To: Stefan Hajnoczi; +Cc: qemu-devel, gaudenz, Michael S. Tsirkin, Luiz Capitulino
On Fri, 12 Aug 2016 16:32:57 +0100
Stefan Hajnoczi <stefanha@redhat.com> wrote:
> virtqueue_discard() requires a VirtQueueElement but virtio-balloon does
> not migrate its in-use element. Introduce a new function that is
> similar to virtqueue_discard() but doesn't require a VirtQueueElement.
>
> This will allow virtio-balloon to access element again after migration
> with the usual proviso that the guest may have modified the vring since
> last time.
>
> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
> ---
> hw/virtio/virtio.c | 22 ++++++++++++++++++++++
> include/hw/virtio/virtio.h | 1 +
> 2 files changed, 23 insertions(+)
>
> diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
> index 00158b6..22727ba 100644
> --- a/hw/virtio/virtio.c
> +++ b/hw/virtio/virtio.c
> @@ -272,6 +272,28 @@ void virtqueue_discard(VirtQueue *vq, const VirtQueueElement *elem,
> virtqueue_unmap_sg(vq, elem, len);
> }
>
> +/* virtqueue_rewind:
> + * @vq: The #VirtQueue
> + * @num: Number of elements to push back
> + *
> + * Pretend that elements weren't popped from the virtqueue. The next
> + * virtqueue_pop() will refetch the oldest element.
> + *
> + * Use virtqueue_discard() instead if you have a VirtQueueElement.
> + *
> + * Returns: true on success, false if @num is greater than the number of in use
> + * elements.
Does it make sense at all to rewind multiple elements at once? Or does
it make more sense for the caller to rewind one-by-one until they know
that there are no more elements that could be refetched?
> + */
> +bool virtqueue_rewind(VirtQueue *vq, unsigned int num)
> +{
> + if (num > vq->inuse) {
> + return false;
> + }
> + vq->last_avail_idx -= num;
> + vq->inuse -= num;
> + return true;
> +}
> +
> void virtqueue_fill(VirtQueue *vq, const VirtQueueElement *elem,
> unsigned int len, unsigned int idx)
> {
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [Qemu-devel] [PATCH for-2.7 3/4] virtio: add virtqueue_rewind()
2016-08-15 8:36 ` Cornelia Huck
@ 2016-08-15 12:34 ` Stefan Hajnoczi
0 siblings, 0 replies; 15+ messages in thread
From: Stefan Hajnoczi @ 2016-08-15 12:34 UTC (permalink / raw)
To: Cornelia Huck
Cc: Stefan Hajnoczi, gaudenz, Luiz Capitulino, qemu-devel,
Michael S. Tsirkin
[-- Attachment #1: Type: text/plain, Size: 1867 bytes --]
On Mon, Aug 15, 2016 at 10:36:25AM +0200, Cornelia Huck wrote:
> On Fri, 12 Aug 2016 16:32:57 +0100
> Stefan Hajnoczi <stefanha@redhat.com> wrote:
>
> > virtqueue_discard() requires a VirtQueueElement but virtio-balloon does
> > not migrate its in-use element. Introduce a new function that is
> > similar to virtqueue_discard() but doesn't require a VirtQueueElement.
> >
> > This will allow virtio-balloon to access element again after migration
> > with the usual proviso that the guest may have modified the vring since
> > last time.
> >
> > Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
> > ---
> > hw/virtio/virtio.c | 22 ++++++++++++++++++++++
> > include/hw/virtio/virtio.h | 1 +
> > 2 files changed, 23 insertions(+)
> >
> > diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
> > index 00158b6..22727ba 100644
> > --- a/hw/virtio/virtio.c
> > +++ b/hw/virtio/virtio.c
> > @@ -272,6 +272,28 @@ void virtqueue_discard(VirtQueue *vq, const VirtQueueElement *elem,
> > virtqueue_unmap_sg(vq, elem, len);
> > }
> >
> > +/* virtqueue_rewind:
> > + * @vq: The #VirtQueue
> > + * @num: Number of elements to push back
> > + *
> > + * Pretend that elements weren't popped from the virtqueue. The next
> > + * virtqueue_pop() will refetch the oldest element.
> > + *
> > + * Use virtqueue_discard() instead if you have a VirtQueueElement.
> > + *
> > + * Returns: true on success, false if @num is greater than the number of in use
> > + * elements.
>
> Does it make sense at all to rewind multiple elements at once? Or does
> it make more sense for the caller to rewind one-by-one until they know
> that there are no more elements that could be refetched?
I think Ladi's virtio-balloon stats fix using the vmchange callback is
preferrable. I'll drop this and the next patch.
Stefan
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 473 bytes --]
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [Qemu-devel] [PATCH for-2.7 0/4] virtio-balloon: fix stats vq migration
2016-08-12 15:32 [Qemu-devel] [PATCH for-2.7 0/4] virtio-balloon: fix stats vq migration Stefan Hajnoczi
` (4 preceding siblings ...)
2016-08-12 19:43 ` [Qemu-devel] [PATCH for-2.7 0/4] " no-reply
@ 2016-08-15 19:51 ` Gaudenz Steinlin
2016-08-15 21:26 ` Michael S. Tsirkin
5 siblings, 1 reply; 15+ messages in thread
From: Gaudenz Steinlin @ 2016-08-15 19:51 UTC (permalink / raw)
To: Stefan Hajnoczi, qemu-devel; +Cc: Luiz Capitulino, Michael S. Tsirkin
[-- Attachment #1: Type: text/plain, Size: 1176 bytes --]
Stefan Hajnoczi <stefanha@redhat.com> writes:
> Gaudenz Steinlin <gaudenz@debian.org> reported that virtqueue_pop() terminates
> QEMU because the virtqueue size is exceeded following the CVE-2016-5403 fix. I
> have been unable to reproduce this or understand the root cause by code
> inspection. Along the way I did discover a few bugs in virtio-balloon and
> virtio code.
>
> Please see the individual patches for details.
>
> Gaudenz: If you can reproduce the bug you reported, please try again with these
> patches applied.
As mentioned in the original thread I only tested on QEMU 2.0.0 so far.
I tried to apply your patches to this version, but did not succeed. I
could not apply the first patch in the series because the code changed
too much and with only the others applied QEMU failed to compile. I gave
up at that point.
Does it make sense at all to test these patches on 2.0.0? Ubuntu
reverted the problematic fix in their latest package update for trusty,
so my immediate problem is "solved". Is there a chance to get a fix for
CVE-2016-5403 that works on QEMU 2.0.0 without breaking migrations?
Best regards and thanks to all for the effort so far,
Gaudenz
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 464 bytes --]
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [Qemu-devel] [PATCH for-2.7 0/4] virtio-balloon: fix stats vq migration
2016-08-15 19:51 ` Gaudenz Steinlin
@ 2016-08-15 21:26 ` Michael S. Tsirkin
0 siblings, 0 replies; 15+ messages in thread
From: Michael S. Tsirkin @ 2016-08-15 21:26 UTC (permalink / raw)
To: Gaudenz Steinlin; +Cc: Stefan Hajnoczi, qemu-devel, Luiz Capitulino
On Mon, Aug 15, 2016 at 09:51:21PM +0200, Gaudenz Steinlin wrote:
> Stefan Hajnoczi <stefanha@redhat.com> writes:
>
> > Gaudenz Steinlin <gaudenz@debian.org> reported that virtqueue_pop() terminates
> > QEMU because the virtqueue size is exceeded following the CVE-2016-5403 fix. I
> > have been unable to reproduce this or understand the root cause by code
> > inspection. Along the way I did discover a few bugs in virtio-balloon and
> > virtio code.
> >
> > Please see the individual patches for details.
> >
> > Gaudenz: If you can reproduce the bug you reported, please try again with these
> > patches applied.
>
> As mentioned in the original thread I only tested on QEMU 2.0.0 so far.
> I tried to apply your patches to this version, but did not succeed. I
> could not apply the first patch in the series because the code changed
> too much and with only the others applied QEMU failed to compile. I gave
> up at that point.
>
> Does it make sense at all to test these patches on 2.0.0? Ubuntu
> reverted the problematic fix in their latest package update for trusty,
> so my immediate problem is "solved". Is there a chance to get a fix for
> CVE-2016-5403 that works on QEMU 2.0.0 without breaking migrations?
>
> Best regards and thanks to all for the effort so far,
> Gaudenz
You will have to debug the failure I'm afraid.
Most likely inuse is incremented in pop but not
decremented.
Maybe you need
commit 0cf33fb6b49a19de32859e2cdc6021334f448fb3
Author: Jason Wang <jasowang@redhat.com>
Date: Fri Sep 25 13:21:30 2015 +0800
virtio-net: correctly drop truncated packets
It's hard to say.
--
MST
^ permalink raw reply [flat|nested] 15+ messages in thread
end of thread, other threads:[~2016-08-15 23:06 UTC | newest]
Thread overview: 15+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-08-12 15:32 [Qemu-devel] [PATCH for-2.7 0/4] virtio-balloon: fix stats vq migration Stefan Hajnoczi
2016-08-12 15:32 ` [Qemu-devel] [PATCH for-2.7 1/4] virtio: recalculate vq->inuse after migration Stefan Hajnoczi
2016-08-12 21:30 ` Michael S. Tsirkin
2016-08-14 11:12 ` Fam Zheng
2016-08-15 8:23 ` Cornelia Huck
2016-08-12 15:32 ` [Qemu-devel] [PATCH for-2.7 2/4] virtio: decrement vq->inuse in virtqueue_discard() Stefan Hajnoczi
2016-08-12 21:31 ` Michael S. Tsirkin
2016-08-15 8:24 ` Cornelia Huck
2016-08-12 15:32 ` [Qemu-devel] [PATCH for-2.7 3/4] virtio: add virtqueue_rewind() Stefan Hajnoczi
2016-08-15 8:36 ` Cornelia Huck
2016-08-15 12:34 ` Stefan Hajnoczi
2016-08-12 15:32 ` [Qemu-devel] [PATCH for-2.7 4/4] virtio-balloon: fix stats vq migration Stefan Hajnoczi
2016-08-12 19:43 ` [Qemu-devel] [PATCH for-2.7 0/4] " no-reply
2016-08-15 19:51 ` Gaudenz Steinlin
2016-08-15 21:26 ` Michael S. Tsirkin
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.