From 89266923df71e51f406184d3e8b55d2a3aaa4c4d Mon Sep 17 00:00:00 2001 From: Thomas Huth Date: Wed, 8 Jun 2016 17:11:23 +0200 Subject: [PATCH 01/29] configure: Remove unused CONFIG_ZERO_MALLOC setting CONFIG_ZERO_MALLOC was only used in qemu-malloc.c and this file has been removed with the following commit: 41a748265f4879b52b0e87ff9c93bed975163886 Remove qemu_malloc/qemu_free So we don't need this configuration setting anymore. This patch also removes the z_version variable, since this is now also not needed anymore. Signed-off-by: Thomas Huth Reviewed-by: Laurent Vivier Message-Id: <1465398683-3152-1-git-send-email-thuth@redhat.com> Signed-off-by: Paolo Bonzini --- configure | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/configure b/configure index 8c2f90b312..bd9318af58 100755 --- a/configure +++ b/configure @@ -270,7 +270,6 @@ aix="no" blobs="yes" pkgversion="" pie="" -zero_malloc="" qom_cast_debug="yes" trace_backends="log" trace_file="trace" @@ -1389,8 +1388,6 @@ fi # Consult white-list to determine whether to enable werror # by default. Only enable by default for git builds -z_version=$(cut -f3 -d. $source_path/VERSION) - if test -z "$werror" ; then if test -d "$source_path/.git" -a \ "$linux" = "yes" ; then @@ -4574,16 +4571,6 @@ if test "$libnfs" != "no" ; then fi fi -# Disable zero malloc errors for official releases unless explicitly told to -# enable/disable -if test -z "$zero_malloc" ; then - if test "$z_version" = "50" ; then - zero_malloc="no" - else - zero_malloc="yes" - fi -fi - # Now we've finished running tests it's OK to add -Werror to the compiler flags if test "$werror" = "yes"; then QEMU_CFLAGS="-Werror $QEMU_CFLAGS" @@ -5342,9 +5329,6 @@ if [ "$bsd" = "yes" ] ; then echo "CONFIG_BSD=y" >> $config_host_mak fi -if test "$zero_malloc" = "yes" ; then - echo "CONFIG_ZERO_MALLOC=y" >> $config_host_mak -fi if test "$localtime_r" = "yes" ; then echo "CONFIG_LOCALTIME_R=y" >> $config_host_mak fi From 02d0e095031b7fda77de8b558465a57659ea79cb Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Mon, 6 Jun 2016 13:57:39 +0200 Subject: [PATCH 02/29] os-posix: include sys/mman.h qemu/osdep.h checks whether MAP_ANONYMOUS is defined, but this check is bogus without a previous inclusion of sys/mman.h. Include it in sysemu/os-posix.h and remove it from everywhere else. Reviewed-by: Peter Maydell Signed-off-by: Paolo Bonzini --- audio/ossaudio.c | 1 - block/qcow2-cache.c | 5 ----- bsd-user/elfload.c | 1 - bsd-user/main.c | 1 - bsd-user/mmap.c | 1 - bsd-user/syscall.c | 1 - contrib/ivshmem-server/ivshmem-server.c | 1 - exec.c | 1 - hw/block/xen_disk.c | 1 - hw/char/xen_console.c | 1 - hw/display/xenfb.c | 1 - hw/i386/kvm/pci-assign.c | 1 - hw/misc/ivshmem.c | 2 -- hw/misc/pc-testdev.c | 3 --- hw/net/xen_nic.c | 1 - hw/usb/xen-usb.c | 1 - hw/vfio/common.c | 1 - hw/vfio/pci.c | 1 - hw/virtio/virtio-balloon.c | 4 ---- hw/xen/xen_backend.c | 1 - hw/xen/xen_pt_msi.c | 1 - include/qemu/osdep.h | 2 -- include/sysemu/os-posix.h | 1 + kvm-all.c | 1 - linux-user/elfload.c | 1 - linux-user/flatload.c | 1 - linux-user/main.c | 1 - linux-user/mmap.c | 1 - linux-user/strace.c | 1 - linux-user/syscall.c | 1 - migration/postcopy-ram.c | 1 - net/netmap.c | 1 - os-posix.c | 1 - qemu-char.c | 1 - scripts/clean-includes | 3 +++ target-arm/kvm.c | 1 - target-arm/kvm32.c | 1 - target-arm/kvm64.c | 1 - target-i386/kvm.c | 1 - target-mips/kvm.c | 1 - target-ppc/kvm.c | 1 - target-s390x/kvm.c | 1 - tests/i440fx-test.c | 1 - tests/ivshmem-test.c | 1 - tests/postcopy-test.c | 1 - tests/vhost-user-bridge.c | 1 - tests/vhost-user-test.c | 1 - translate-all.c | 2 -- util/memfd.c | 2 -- util/mmap-alloc.c | 1 - util/osdep.c | 4 ---- util/oslib-posix.c | 1 - xen-hvm.c | 1 - xen-mapcache.c | 1 - 54 files changed, 4 insertions(+), 68 deletions(-) diff --git a/audio/ossaudio.c b/audio/ossaudio.c index a0d9cda1ec..0edd7ea5fe 100644 --- a/audio/ossaudio.c +++ b/audio/ossaudio.c @@ -22,7 +22,6 @@ * THE SOFTWARE. */ #include "qemu/osdep.h" -#include #include #include #include "qemu-common.h" diff --git a/block/qcow2-cache.c b/block/qcow2-cache.c index 208a060421..580631c3d8 100644 --- a/block/qcow2-cache.c +++ b/block/qcow2-cache.c @@ -24,11 +24,6 @@ /* Needed for CONFIG_MADVISE */ #include "qemu/osdep.h" - -#if defined(CONFIG_MADVISE) || defined(CONFIG_POSIX_MADVISE) -#include -#endif - #include "block/block_int.h" #include "qemu-common.h" #include "qcow2.h" diff --git a/bsd-user/elfload.c b/bsd-user/elfload.c index 898ee05472..41a1309296 100644 --- a/bsd-user/elfload.c +++ b/bsd-user/elfload.c @@ -1,7 +1,6 @@ /* This is the Linux kernel elf-loading code, ported into user space */ #include "qemu/osdep.h" -#include #include "qemu.h" #include "disas/disas.h" diff --git a/bsd-user/main.c b/bsd-user/main.c index 9f592be96f..abe9a26f9b 100644 --- a/bsd-user/main.c +++ b/bsd-user/main.c @@ -18,7 +18,6 @@ */ #include "qemu/osdep.h" #include -#include #include "qemu.h" #include "qemu/path.h" diff --git a/bsd-user/mmap.c b/bsd-user/mmap.c index 6ab5334702..610f91b285 100644 --- a/bsd-user/mmap.c +++ b/bsd-user/mmap.c @@ -17,7 +17,6 @@ * along with this program; if not, see . */ #include "qemu/osdep.h" -#include #include "qemu.h" #include "qemu-common.h" diff --git a/bsd-user/syscall.c b/bsd-user/syscall.c index 47cf865a32..a9fe8693c1 100644 --- a/bsd-user/syscall.c +++ b/bsd-user/syscall.c @@ -19,7 +19,6 @@ #include "qemu/osdep.h" #include "qemu/cutils.h" #include "qemu/path.h" -#include #include #include #include diff --git a/contrib/ivshmem-server/ivshmem-server.c b/contrib/ivshmem-server/ivshmem-server.c index bf4ee0b2e2..e2f295bd43 100644 --- a/contrib/ivshmem-server/ivshmem-server.c +++ b/contrib/ivshmem-server/ivshmem-server.c @@ -10,7 +10,6 @@ #include "qemu/host-utils.h" #include "qemu/sockets.h" -#include #include #include diff --git a/exec.c b/exec.c index 4f3818c561..0122ef76de 100644 --- a/exec.c +++ b/exec.c @@ -19,7 +19,6 @@ #include "qemu/osdep.h" #include "qapi/error.h" #ifndef _WIN32 -#include #endif #include "qemu/cutils.h" diff --git a/hw/block/xen_disk.c b/hw/block/xen_disk.c index cf57814fb6..90aca73121 100644 --- a/hw/block/xen_disk.c +++ b/hw/block/xen_disk.c @@ -21,7 +21,6 @@ #include "qemu/osdep.h" #include -#include #include #include "hw/hw.h" diff --git a/hw/char/xen_console.c b/hw/char/xen_console.c index cbf1dccbb1..83108b0bdb 100644 --- a/hw/char/xen_console.c +++ b/hw/char/xen_console.c @@ -22,7 +22,6 @@ #include "qemu/osdep.h" #include #include -#include #include "hw/hw.h" #include "sysemu/char.h" diff --git a/hw/display/xenfb.c b/hw/display/xenfb.c index 570b0977c3..46b7d5eded 100644 --- a/hw/display/xenfb.c +++ b/hw/display/xenfb.c @@ -25,7 +25,6 @@ */ #include "qemu/osdep.h" -#include #include "hw/hw.h" #include "ui/console.h" diff --git a/hw/i386/kvm/pci-assign.c b/hw/i386/kvm/pci-assign.c index db2cbd2002..dd9e73b6f5 100644 --- a/hw/i386/kvm/pci-assign.c +++ b/hw/i386/kvm/pci-assign.c @@ -22,7 +22,6 @@ */ #include "qemu/osdep.h" #include "qapi/error.h" -#include #include "hw/hw.h" #include "hw/i386/pc.h" #include "qemu/error-report.h" diff --git a/hw/misc/ivshmem.c b/hw/misc/ivshmem.c index 90be9f7617..c4dde3a52e 100644 --- a/hw/misc/ivshmem.c +++ b/hw/misc/ivshmem.c @@ -36,8 +36,6 @@ #include "hw/misc/ivshmem.h" -#include - #define PCI_VENDOR_ID_IVSHMEM PCI_VENDOR_ID_REDHAT_QUMRANET #define PCI_DEVICE_ID_IVSHMEM 0x1110 diff --git a/hw/misc/pc-testdev.c b/hw/misc/pc-testdev.c index 086893dcca..b81d820084 100644 --- a/hw/misc/pc-testdev.c +++ b/hw/misc/pc-testdev.c @@ -36,9 +36,6 @@ */ #include "qemu/osdep.h" -#if defined(CONFIG_POSIX) -#include -#endif #include "hw/hw.h" #include "hw/qdev.h" #include "hw/isa/isa.h" diff --git a/hw/net/xen_nic.c b/hw/net/xen_nic.c index 7281730d94..0b4ddae48c 100644 --- a/hw/net/xen_nic.c +++ b/hw/net/xen_nic.c @@ -22,7 +22,6 @@ #include "qemu/osdep.h" #include #include -#include #include #include "hw/hw.h" diff --git a/hw/usb/xen-usb.c b/hw/usb/xen-usb.c index 8fa47edd9a..0fd34c62c4 100644 --- a/hw/usb/xen-usb.c +++ b/hw/usb/xen-usb.c @@ -21,7 +21,6 @@ #include "qemu/osdep.h" #include -#include #include "qemu-common.h" #include "qemu/config-file.h" diff --git a/hw/vfio/common.c b/hw/vfio/common.c index e51ed3a348..5ff5e9220a 100644 --- a/hw/vfio/common.c +++ b/hw/vfio/common.c @@ -20,7 +20,6 @@ #include "qemu/osdep.h" #include -#include #include #include "hw/vfio/vfio-common.h" diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c index deab0c601a..53b87b76ea 100644 --- a/hw/vfio/pci.c +++ b/hw/vfio/pci.c @@ -21,7 +21,6 @@ #include "qemu/osdep.h" #include #include -#include #include "hw/pci/msi.h" #include "hw/pci/msix.h" diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c index 8c15e09470..557d3f9e0c 100644 --- a/hw/virtio/virtio-balloon.c +++ b/hw/virtio/virtio-balloon.c @@ -27,10 +27,6 @@ #include "qapi-event.h" #include "trace.h" -#if defined(__linux__) -#include -#endif - #include "hw/virtio/virtio-bus.h" #include "hw/virtio/virtio-access.h" diff --git a/hw/xen/xen_backend.c b/hw/xen/xen_backend.c index c63f9df38b..e7ce724567 100644 --- a/hw/xen/xen_backend.c +++ b/hw/xen/xen_backend.c @@ -23,7 +23,6 @@ */ #include "qemu/osdep.h" -#include #include #include "hw/hw.h" diff --git a/hw/xen/xen_pt_msi.c b/hw/xen/xen_pt_msi.c index 9a16f2bff1..62add0639f 100644 --- a/hw/xen/xen_pt_msi.c +++ b/hw/xen/xen_pt_msi.c @@ -10,7 +10,6 @@ */ #include "qemu/osdep.h" -#include #include "hw/xen/xen_backend.h" #include "xen_pt.h" diff --git a/include/qemu/osdep.h b/include/qemu/osdep.h index 693769403f..e63da2831a 100644 --- a/include/qemu/osdep.h +++ b/include/qemu/osdep.h @@ -197,8 +197,6 @@ void qemu_anon_ram_free(void *ptr, size_t size); #if defined(CONFIG_MADVISE) -#include - #define QEMU_MADV_WILLNEED MADV_WILLNEED #define QEMU_MADV_DONTNEED MADV_DONTNEED #ifdef MADV_DONTFORK diff --git a/include/sysemu/os-posix.h b/include/sysemu/os-posix.h index 07e3e5ae9b..9c7dfdfbec 100644 --- a/include/sysemu/os-posix.h +++ b/include/sysemu/os-posix.h @@ -26,6 +26,7 @@ #ifndef QEMU_OS_POSIX_H #define QEMU_OS_POSIX_H +#include #include #include #include diff --git a/kvm-all.c b/kvm-all.c index fbd2d93188..71af270e31 100644 --- a/kvm-all.c +++ b/kvm-all.c @@ -15,7 +15,6 @@ #include "qemu/osdep.h" #include -#include #include diff --git a/linux-user/elfload.c b/linux-user/elfload.c index bb2558f284..f807baf389 100644 --- a/linux-user/elfload.c +++ b/linux-user/elfload.c @@ -2,7 +2,6 @@ #include "qemu/osdep.h" #include -#include #include #include "qemu.h" diff --git a/linux-user/flatload.c b/linux-user/flatload.c index f9139c399a..48ad1c5e9e 100644 --- a/linux-user/flatload.c +++ b/linux-user/flatload.c @@ -34,7 +34,6 @@ /****************************************************************************/ #include "qemu/osdep.h" -#include #include "qemu.h" #include "flat.h" diff --git a/linux-user/main.c b/linux-user/main.c index f8a8764ae9..b9a4e0ea45 100644 --- a/linux-user/main.c +++ b/linux-user/main.c @@ -18,7 +18,6 @@ */ #include "qemu/osdep.h" #include "qemu-version.h" -#include #include #include diff --git a/linux-user/mmap.c b/linux-user/mmap.c index 3519147bce..c4371d943a 100644 --- a/linux-user/mmap.c +++ b/linux-user/mmap.c @@ -17,7 +17,6 @@ * along with this program; if not, see . */ #include "qemu/osdep.h" -#include #include #include diff --git a/linux-user/strace.c b/linux-user/strace.c index c5980a128c..4046b81705 100644 --- a/linux-user/strace.c +++ b/linux-user/strace.c @@ -5,7 +5,6 @@ #include #include #include -#include #include #include "qemu.h" diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 71ccbd9c5e..1c17b741c2 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -32,7 +32,6 @@ #include #include #include -#include #include #include #include diff --git a/migration/postcopy-ram.c b/migration/postcopy-ram.c index 47250b675d..abe8c60a90 100644 --- a/migration/postcopy-ram.c +++ b/migration/postcopy-ram.c @@ -51,7 +51,6 @@ struct PostcopyDiscardState { #if defined(__linux__) #include -#include #include #include #include /* for __u64 */ diff --git a/net/netmap.c b/net/netmap.c index 6cc0db5ee1..64967b947e 100644 --- a/net/netmap.c +++ b/net/netmap.c @@ -26,7 +26,6 @@ #include "qemu/osdep.h" #include #include -#include #define NETMAP_WITH_LIBS #include #include diff --git a/os-posix.c b/os-posix.c index 107fde38bf..3755265582 100644 --- a/os-posix.c +++ b/os-posix.c @@ -26,7 +26,6 @@ #include "qemu/osdep.h" #include /*needed for MAP_POPULATE before including qemu-options.h */ -#include #include #include #include diff --git a/qemu-char.c b/qemu-char.c index b13ecbb025..c926e9a379 100644 --- a/qemu-char.c +++ b/qemu-char.c @@ -47,7 +47,6 @@ #include #include #include -#include #include #include #include diff --git a/scripts/clean-includes b/scripts/clean-includes index 37b73b5433..4412a5590a 100755 --- a/scripts/clean-includes +++ b/scripts/clean-includes @@ -105,6 +105,8 @@ for f in "$@"; do *include/qemu/osdep.h | \ *include/qemu/compiler.h | \ *include/glib-compat.h | \ + *include/sysemu/os-posix.h | \ + *include/sysemu/os-win32.h | \ *include/standard-headers/ ) # Removing include lines from osdep.h itself would be counterproductive. echo "SKIPPING $f (special case header)" @@ -145,6 +147,7 @@ for f in "$@"; do + "sysemu/os-posix.h, sysemu/os-win32.h "glib-compat.h" "qemu/typedefs.h" ))' "$f" diff --git a/target-arm/kvm.c b/target-arm/kvm.c index 83da447cb7..5c2bd7a10b 100644 --- a/target-arm/kvm.c +++ b/target-arm/kvm.c @@ -10,7 +10,6 @@ #include "qemu/osdep.h" #include -#include #include diff --git a/target-arm/kvm32.c b/target-arm/kvm32.c index c35c676e14..069da0c5fd 100644 --- a/target-arm/kvm32.c +++ b/target-arm/kvm32.c @@ -10,7 +10,6 @@ #include "qemu/osdep.h" #include -#include #include diff --git a/target-arm/kvm64.c b/target-arm/kvm64.c index 2d6a310ebb..5faa76c57e 100644 --- a/target-arm/kvm64.c +++ b/target-arm/kvm64.c @@ -11,7 +11,6 @@ #include "qemu/osdep.h" #include -#include #include #include diff --git a/target-i386/kvm.c b/target-i386/kvm.c index abf50e6632..7b092ee385 100644 --- a/target-i386/kvm.c +++ b/target-i386/kvm.c @@ -15,7 +15,6 @@ #include "qemu/osdep.h" #include "qapi/error.h" #include -#include #include #include diff --git a/target-mips/kvm.c b/target-mips/kvm.c index a854e4de59..f3f832d498 100644 --- a/target-mips/kvm.c +++ b/target-mips/kvm.c @@ -11,7 +11,6 @@ #include "qemu/osdep.h" #include -#include #include diff --git a/target-ppc/kvm.c b/target-ppc/kvm.c index 6c153611c0..16208649c5 100644 --- a/target-ppc/kvm.c +++ b/target-ppc/kvm.c @@ -17,7 +17,6 @@ #include "qemu/osdep.h" #include #include -#include #include #include diff --git a/target-s390x/kvm.c b/target-s390x/kvm.c index f108cd3875..45e94ca48a 100644 --- a/target-s390x/kvm.c +++ b/target-s390x/kvm.c @@ -23,7 +23,6 @@ #include "qemu/osdep.h" #include -#include #include #include diff --git a/tests/i440fx-test.c b/tests/i440fx-test.c index bff999cf12..c1d9b3eb9e 100644 --- a/tests/i440fx-test.c +++ b/tests/i440fx-test.c @@ -13,7 +13,6 @@ */ #include "qemu/osdep.h" -#include #include "libqtest.h" #include "libqos/pci.h" diff --git a/tests/ivshmem-test.c b/tests/ivshmem-test.c index 010860a5b7..0957ee7555 100644 --- a/tests/ivshmem-test.c +++ b/tests/ivshmem-test.c @@ -10,7 +10,6 @@ #include "qemu/osdep.h" #include -#include #include "contrib/ivshmem-server/ivshmem-server.h" #include "libqos/pci-pc.h" #include "libqtest.h" diff --git a/tests/postcopy-test.c b/tests/postcopy-test.c index 9ff88eea0f..a35efb3969 100644 --- a/tests/postcopy-test.c +++ b/tests/postcopy-test.c @@ -26,7 +26,6 @@ const unsigned end_address = 100 * 1024 * 1024; bool got_stop; #if defined(__linux__) -#include #include #include #endif diff --git a/tests/vhost-user-bridge.c b/tests/vhost-user-bridge.c index 0779ba2602..57c8f91c5e 100644 --- a/tests/vhost-user-bridge.c +++ b/tests/vhost-user-bridge.c @@ -33,7 +33,6 @@ #include #include #include -#include #include #include #include diff --git a/tests/vhost-user-test.c b/tests/vhost-user-test.c index 2724fe9755..b2b1665ab8 100644 --- a/tests/vhost-user-test.c +++ b/tests/vhost-user-test.c @@ -17,7 +17,6 @@ #include "sysemu/sysemu.h" #include -#include #include #include diff --git a/translate-all.c b/translate-all.c index e8b88b4485..3f402dfe04 100644 --- a/translate-all.c +++ b/translate-all.c @@ -18,8 +18,6 @@ */ #ifdef _WIN32 #include -#else -#include #endif #include "qemu/osdep.h" diff --git a/util/memfd.c b/util/memfd.c index b374238a59..4571d1aba8 100644 --- a/util/memfd.c +++ b/util/memfd.c @@ -29,8 +29,6 @@ #include -#include - #include "qemu/memfd.h" #ifdef CONFIG_MEMFD diff --git a/util/mmap-alloc.c b/util/mmap-alloc.c index 0b4cc7f7f1..629d97a362 100644 --- a/util/mmap-alloc.c +++ b/util/mmap-alloc.c @@ -11,7 +11,6 @@ */ #include "qemu/osdep.h" #include -#include #define HUGETLBFS_MAGIC 0x958458f6 diff --git a/util/osdep.c b/util/osdep.c index 9a7a439e13..ff004e8074 100644 --- a/util/osdep.c +++ b/util/osdep.c @@ -25,10 +25,6 @@ /* Needed early for CONFIG_BSD etc. */ -#if defined(CONFIG_MADVISE) || defined(CONFIG_POSIX_MADVISE) -#include -#endif - #ifdef CONFIG_SOLARIS #include /* See MySQL bug #7156 (http://bugs.mysql.com/bug.php?id=7156) for diff --git a/util/oslib-posix.c b/util/oslib-posix.c index 4adde93ac1..e2e1d4d39f 100644 --- a/util/oslib-posix.c +++ b/util/oslib-posix.c @@ -36,7 +36,6 @@ #include "trace.h" #include "qapi/error.h" #include "qemu/sockets.h" -#include #include #include #include "qemu/cutils.h" diff --git a/xen-hvm.c b/xen-hvm.c index a0da8d7d91..98ea44fdf3 100644 --- a/xen-hvm.c +++ b/xen-hvm.c @@ -9,7 +9,6 @@ */ #include "qemu/osdep.h" -#include #include "cpu.h" #include "hw/pci/pci.h" diff --git a/xen-mapcache.c b/xen-mapcache.c index 49f394a777..8f3a592013 100644 --- a/xen-mapcache.c +++ b/xen-mapcache.c @@ -17,7 +17,6 @@ #include "qemu/bitmap.h" #include -#include #include "sysemu/xen-mapcache.h" #include "trace.h" From e9abfcb57fd222d58a0c3c71917f9e40d09e9d35 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Mon, 6 Jun 2016 18:56:37 +0200 Subject: [PATCH 03/29] clean-includes: run it once more Signed-off-by: Paolo Bonzini --- hw/net/net_tx_pkt.c | 1 + hw/net/net_tx_pkt.h | 1 - include/qemu/qdist.h | 1 - include/qemu/qht.h | 1 - tests/e1000e-test.c | 1 - tests/postcopy-test.c | 1 - tests/qht-bench.c | 1 - tests/test-qdist.c | 1 - tests/test-qht-par.c | 1 - tests/test-qht.c | 1 - util/qdist.c | 1 + util/qht.c | 1 + 12 files changed, 3 insertions(+), 9 deletions(-) diff --git a/hw/net/net_tx_pkt.c b/hw/net/net_tx_pkt.c index e4478bead8..efd43b47b8 100644 --- a/hw/net/net_tx_pkt.c +++ b/hw/net/net_tx_pkt.c @@ -15,6 +15,7 @@ * */ +#include "qemu/osdep.h" #include "net_tx_pkt.h" #include "net/eth.h" #include "net/checksum.h" diff --git a/hw/net/net_tx_pkt.h b/hw/net/net_tx_pkt.h index 07b9a2098b..212ecc62fc 100644 --- a/hw/net/net_tx_pkt.h +++ b/hw/net/net_tx_pkt.h @@ -18,7 +18,6 @@ #ifndef NET_TX_PKT_H #define NET_TX_PKT_H -#include "qemu/osdep.h" #include "net/eth.h" #include "exec/hwaddr.h" diff --git a/include/qemu/qdist.h b/include/qemu/qdist.h index f30050c2d1..54ece760d6 100644 --- a/include/qemu/qdist.h +++ b/include/qemu/qdist.h @@ -7,7 +7,6 @@ #ifndef QEMU_QDIST_H #define QEMU_QDIST_H -#include "qemu/osdep.h" #include "qemu-common.h" #include "qemu/bitops.h" diff --git a/include/qemu/qht.h b/include/qemu/qht.h index aec60aa534..70bfc68b8d 100644 --- a/include/qemu/qht.h +++ b/include/qemu/qht.h @@ -7,7 +7,6 @@ #ifndef QEMU_QHT_H #define QEMU_QHT_H -#include "qemu/osdep.h" #include "qemu/seqlock.h" #include "qemu/thread.h" #include "qemu/qdist.h" diff --git a/tests/e1000e-test.c b/tests/e1000e-test.c index dbf4859f88..d497b0857c 100644 --- a/tests/e1000e-test.c +++ b/tests/e1000e-test.c @@ -25,7 +25,6 @@ #include "qemu/osdep.h" -#include #include "libqtest.h" #include "qemu-common.h" #include "libqos/pci-pc.h" diff --git a/tests/postcopy-test.c b/tests/postcopy-test.c index a35efb3969..35d5180173 100644 --- a/tests/postcopy-test.c +++ b/tests/postcopy-test.c @@ -11,7 +11,6 @@ */ #include "qemu/osdep.h" -#include #include "libqtest.h" #include "qemu/option.h" diff --git a/tests/qht-bench.c b/tests/qht-bench.c index ad8efbca95..76360a0cf5 100644 --- a/tests/qht-bench.c +++ b/tests/qht-bench.c @@ -5,7 +5,6 @@ * See the COPYING file in the top-level directory. */ #include "qemu/osdep.h" -#include #include "qemu/processor.h" #include "qemu/atomic.h" #include "qemu/qht.h" diff --git a/tests/test-qdist.c b/tests/test-qdist.c index a67f26057e..0298986ac9 100644 --- a/tests/test-qdist.c +++ b/tests/test-qdist.c @@ -5,7 +5,6 @@ * See the COPYING file in the top-level directory. */ #include "qemu/osdep.h" -#include #include "qemu/qdist.h" #include diff --git a/tests/test-qht-par.c b/tests/test-qht-par.c index f09e004ec6..d8a83caf5c 100644 --- a/tests/test-qht-par.c +++ b/tests/test-qht-par.c @@ -5,7 +5,6 @@ * See the COPYING file in the top-level directory. */ #include "qemu/osdep.h" -#include #define TEST_QHT_STRING "tests/qht-bench 1>/dev/null 2>&1 -R -S0.1 -D10000 -N1 " diff --git a/tests/test-qht.c b/tests/test-qht.c index c8eb9305ed..f1d628371d 100644 --- a/tests/test-qht.c +++ b/tests/test-qht.c @@ -5,7 +5,6 @@ * See the COPYING file in the top-level directory. */ #include "qemu/osdep.h" -#include #include "qemu/qht.h" #define N 5000 diff --git a/util/qdist.c b/util/qdist.c index 4ea2e34fc2..56f573837d 100644 --- a/util/qdist.c +++ b/util/qdist.c @@ -6,6 +6,7 @@ * License: GNU GPL, version 2 or later. * See the COPYING file in the top-level directory. */ +#include "qemu/osdep.h" #include "qemu/qdist.h" #include diff --git a/util/qht.c b/util/qht.c index 6f749098f4..40d6e218f7 100644 --- a/util/qht.c +++ b/util/qht.c @@ -65,6 +65,7 @@ * + Corbet, "Relativistic hash tables, part 1: Algorithms", @ lwn.net, 2014. * https://lwn.net/Articles/612021/ */ +#include "qemu/osdep.h" #include "qemu/qht.h" #include "qemu/atomic.h" #include "qemu/rcu.h" From e4650c81b3d15ba67236815defbb475c4bdf8690 Mon Sep 17 00:00:00 2001 From: Thomas Huth Date: Wed, 8 Jun 2016 10:13:26 +0200 Subject: [PATCH 04/29] configure: Enable -Werror for MinGW builds, too MinGW seems to compile currently without warnings, so it should be safe to enable -Werror now for this environment, too. Signed-off-by: Thomas Huth Message-Id: <1465373606-18486-1-git-send-email-thuth@redhat.com> Tested-by: Stefan Hajnoczi Signed-off-by: Paolo Bonzini --- configure | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure b/configure index bd9318af58..cbe013b6bd 100755 --- a/configure +++ b/configure @@ -1390,7 +1390,7 @@ fi # by default. Only enable by default for git builds if test -z "$werror" ; then if test -d "$source_path/.git" -a \ - "$linux" = "yes" ; then + \( "$linux" = "yes" -o "$mingw32" = "yes" \) ; then werror="yes" else werror="no" From ac99c624c6015c264ff9997d6965bccfae0f818f Mon Sep 17 00:00:00 2001 From: Sergey Fedorov Date: Thu, 9 Jun 2016 20:58:35 +0300 Subject: [PATCH 05/29] Makefile: Fix tag file generation targets "ctags" produces a file named "tags", not "ctags". It doesn't look reasonable to use phony target name as a file name to remove. Just use exact file names to remove in "ctags" and "TAGS" target receipts. Signed-off-by: Sergey Fedorov Signed-off-by: Sergey Fedorov Message-Id: <1465495115-24665-1-git-send-email-sergey.fedorov@linaro.org> Signed-off-by: Paolo Bonzini --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index ed4032a373..53e4119c47 100644 --- a/Makefile +++ b/Makefile @@ -498,12 +498,12 @@ test speed: all .PHONY: ctags ctags: - rm -f $@ + rm -f tags find "$(SRC_PATH)" -name '*.[hc]' -exec ctags --append {} + .PHONY: TAGS TAGS: - rm -f $@ + rm -f TAGS find "$(SRC_PATH)" -name '*.[hc]' -exec etags --append {} + cscope: From fc6e1de9d885377e1e68e50e25ed5425540b9b81 Mon Sep 17 00:00:00 2001 From: "Dr. David Alan Gilbert" Date: Fri, 10 Jun 2016 12:16:17 +0100 Subject: [PATCH 06/29] Make avx2 configure test work with -O2 When configured with --extra-cflags=-O2 gcc optimised out the test and the readelf failed the check leaving avx2 disabled. Signed-off-by: Dr. David Alan Gilbert Message-Id: <1465557378-24105-2-git-send-email-dgilbert@redhat.com> Signed-off-by: Paolo Bonzini --- configure | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure b/configure index cbe013b6bd..3c0e279762 100755 --- a/configure +++ b/configure @@ -1781,7 +1781,7 @@ fi cat > $TMPC << EOF static void bar(void) {} static void *bar_ifunc(void) {return (void*) bar;} -static void foo(void) __attribute__((ifunc("bar_ifunc"))); +void foo(void) __attribute__((ifunc("bar_ifunc"))); int main(void) { foo(); return 0; } EOF if compile_prog "-mavx2" "" ; then From 4fb8320a2efb2216c7ddcc929ad0362f4e285681 Mon Sep 17 00:00:00 2001 From: "Dr. David Alan Gilbert" Date: Fri, 10 Jun 2016 12:16:18 +0100 Subject: [PATCH 07/29] avx2 configure: Use primitives in test Use the avx2 primitives during the test, thus making sure that the compiler and assembler could actually use avx2. This also detects the failure case on gcc 4.8.x with -save-temps and avoids the need for the gcc version check in cutils. Signed-off-by: Dr. David Alan Gilbert Message-Id: <1465557378-24105-3-git-send-email-dgilbert@redhat.com> Signed-off-by: Paolo Bonzini --- configure | 17 ++++++++++++----- util/cutils.c | 8 +------- 2 files changed, 13 insertions(+), 12 deletions(-) diff --git a/configure b/configure index 3c0e279762..c57d6a7a6d 100755 --- a/configure +++ b/configure @@ -1779,13 +1779,20 @@ fi # avx2 optimization requirement check cat > $TMPC << EOF -static void bar(void) {} +#pragma GCC push_options +#pragma GCC target("avx2") +#include +#include + +static int bar(void *a) { + return _mm256_movemask_epi8(_mm256_cmpeq_epi8(*(__m256i *)a, (__m256i){0})); +} static void *bar_ifunc(void) {return (void*) bar;} -void foo(void) __attribute__((ifunc("bar_ifunc"))); -int main(void) { foo(); return 0; } +int foo(void *a) __attribute__((ifunc("bar_ifunc"))); +int main(int argc, char *argv[]) { return foo(argv[0]);} EOF -if compile_prog "-mavx2" "" ; then - if readelf --syms $TMPE |grep "IFUNC.*foo" >/dev/null 2>&1; then +if compile_object "" ; then + if readelf --syms $TMPO |grep "IFUNC.*foo" >/dev/null 2>&1; then avx2_opt="yes" fi fi diff --git a/util/cutils.c b/util/cutils.c index 43d1afbbec..5830a688dc 100644 --- a/util/cutils.c +++ b/util/cutils.c @@ -256,13 +256,7 @@ static size_t buffer_find_nonzero_offset_inner(const void *buf, size_t len) return i * sizeof(VECTYPE); } -/* - * GCC before version 4.9 has a bug which will cause the target - * attribute work incorrectly and failed to compile in some case, - * restrict the gcc version to 4.9+ to prevent the failure. - */ - -#if defined CONFIG_AVX2_OPT && QEMU_GNUC_PREREQ(4, 9) +#if defined CONFIG_AVX2_OPT #pragma GCC push_options #pragma GCC target("avx2") #include From 0fb233125471b0c001b04df9e1b38c752ba002ee Mon Sep 17 00:00:00 2001 From: Thomas Huth Date: Fri, 10 Jun 2016 17:04:44 +0200 Subject: [PATCH 08/29] configure: Remove unused CONFIG_SIGEV_THREAD_ID switch The CONFIG_SIGEV_THREAD_ID switch is unused since the related code has been removed by commit 6d327171551a12b937c5718073b9848d0274c74d ("aio / timers: Remove alarm timers"), so it can safely be removed nowadays. Signed-off-by: Thomas Huth Message-Id: <1465571084-19885-1-git-send-email-thuth@redhat.com> Signed-off-by: Paolo Bonzini --- configure | 22 ---------------------- 1 file changed, 22 deletions(-) diff --git a/configure b/configure index c57d6a7a6d..10cb212359 100755 --- a/configure +++ b/configure @@ -4181,24 +4181,6 @@ if compile_prog "" "" ; then posix_madvise=yes fi -########################################## -# check if we have usable SIGEV_THREAD_ID - -sigev_thread_id=no -cat > $TMPC << EOF -#include -int main(void) { - struct sigevent ev; - ev.sigev_notify = SIGEV_THREAD_ID; - ev._sigev_un._tid = 0; - asm volatile("" : : "g"(&ev)); - return 0; -} -EOF -if compile_prog "" "" ; then - sigev_thread_id=yes -fi - ########################################## # check if trace backend exists @@ -4856,7 +4838,6 @@ echo "preadv support $preadv" echo "fdatasync $fdatasync" echo "madvise $madvise" echo "posix_madvise $posix_madvise" -echo "sigev_thread_id $sigev_thread_id" echo "uuid support $uuid" echo "libcap-ng support $cap_ng" echo "vhost-net support $vhost_net" @@ -5271,9 +5252,6 @@ fi if test "$posix_madvise" = "yes" ; then echo "CONFIG_POSIX_MADVISE=y" >> $config_host_mak fi -if test "$sigev_thread_id" = "yes" ; then - echo "CONFIG_SIGEV_THREAD_ID=y" >> $config_host_mak -fi if test "$spice" = "yes" ; then echo "CONFIG_SPICE=y" >> $config_host_mak From 773dce3c7286a66c37f7b07994177faf7046bfa8 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Fri, 10 Jun 2016 16:00:36 +0100 Subject: [PATCH 09/29] nbd: Don't use *_to_cpup() functions The *_to_cpup() functions are not very useful, as they simply do a pointer dereference and then a *_to_cpu(). Instead use either: * ld*_*_p(), if the data is at an address that might not be correctly aligned for the load * a local dereference and *_to_cpu(), if the pointer is the correct type and known to be correctly aligned Signed-off-by: Peter Maydell Message-Id: <1465570836-22211-1-git-send-email-peter.maydell@linaro.org> Signed-off-by: Paolo Bonzini --- nbd/client.c | 8 ++++---- nbd/server.c | 10 +++++----- qemu-nbd.c | 4 ++-- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/nbd/client.c b/nbd/client.c index 31b88f3a31..bb8981f4f4 100644 --- a/nbd/client.c +++ b/nbd/client.c @@ -572,7 +572,7 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name, uint32_t *flags, error_setg(errp, "Failed to read export flags"); goto fail; } - *flags = be32_to_cpup(flags); + *flags = be32_to_cpu(*flags); } else { error_setg(errp, "Bad magic received"); goto fail; @@ -726,9 +726,9 @@ ssize_t nbd_receive_reply(QIOChannel *ioc, struct nbd_reply *reply) [ 7 .. 15] handle */ - magic = be32_to_cpup((uint32_t*)buf); - reply->error = be32_to_cpup((uint32_t*)(buf + 4)); - reply->handle = be64_to_cpup((uint64_t*)(buf + 8)); + magic = ldl_be_p(buf); + reply->error = ldl_be_p(buf + 4); + reply->handle = ldq_be_p(buf + 8); reply->error = nbd_errno_to_system_errno(reply->error); diff --git a/nbd/server.c b/nbd/server.c index b2cfeb9843..91471f17a7 100644 --- a/nbd/server.c +++ b/nbd/server.c @@ -646,11 +646,11 @@ static ssize_t nbd_receive_request(QIOChannel *ioc, struct nbd_request *request) [24 .. 27] len */ - magic = be32_to_cpup((uint32_t*)buf); - request->type = be32_to_cpup((uint32_t*)(buf + 4)); - request->handle = be64_to_cpup((uint64_t*)(buf + 8)); - request->from = be64_to_cpup((uint64_t*)(buf + 16)); - request->len = be32_to_cpup((uint32_t*)(buf + 24)); + magic = ldl_be_p(buf); + request->type = ldl_be_p(buf + 4); + request->handle = ldq_be_p(buf + 8); + request->from = ldq_be_p(buf + 16); + request->len = ldl_be_p(buf + 24); TRACE("Got request: " "{ magic = 0x%x, .type = %d, from = %" PRIu64" , len = %u }", diff --git a/qemu-nbd.c b/qemu-nbd.c index 6554f0ab65..9519db324b 100644 --- a/qemu-nbd.c +++ b/qemu-nbd.c @@ -154,8 +154,8 @@ static void read_partition(uint8_t *p, struct partition_record *r) r->end_cylinder = p[7] | ((p[6] << 2) & 0x300); r->end_sector = p[6] & 0x3f; - r->start_sector_abs = le32_to_cpup((uint32_t *)(p + 8)); - r->nb_sectors_abs = le32_to_cpup((uint32_t *)(p + 12)); + r->start_sector_abs = ldl_le_p(p + 8); + r->nb_sectors_abs = ldl_le_p(p + 12); } static int find_partition(BlockBackend *blk, int partition, From f6be6720847f370000312808e6fed5d4e9730934 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Fri, 10 Jun 2016 17:15:42 +0100 Subject: [PATCH 10/29] nbd: Don't use cpu_to_*w() functions The cpu_to_*w() functions just compose a pointer dereference with a byteswap. Instead use st*_p(), which handles potential pointer misalignment and avoids the need to cast the pointer. Signed-off-by: Peter Maydell Message-Id: <1465575342-12146-1-git-send-email-peter.maydell@linaro.org> Reviewed-by: Eric Blake Signed-off-by: Paolo Bonzini --- nbd/client.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/nbd/client.c b/nbd/client.c index bb8981f4f4..6d9c74d62c 100644 --- a/nbd/client.c +++ b/nbd/client.c @@ -686,11 +686,11 @@ ssize_t nbd_send_request(QIOChannel *ioc, struct nbd_request *request) "{ .from = %" PRIu64", .len = %u, .handle = %" PRIu64", .type=%i}", request->from, request->len, request->handle, request->type); - cpu_to_be32w((uint32_t*)buf, NBD_REQUEST_MAGIC); - cpu_to_be32w((uint32_t*)(buf + 4), request->type); - cpu_to_be64w((uint64_t*)(buf + 8), request->handle); - cpu_to_be64w((uint64_t*)(buf + 16), request->from); - cpu_to_be32w((uint32_t*)(buf + 24), request->len); + stl_be_p(buf, NBD_REQUEST_MAGIC); + stl_be_p(buf + 4, request->type); + stq_be_p(buf + 8, request->handle); + stq_be_p(buf + 16, request->from); + stl_be_p(buf + 24, request->len); ret = write_sync(ioc, buf, sizeof(buf)); if (ret < 0) { From 56af2dda98c5d71feb7ff7fcac7269a1071aec62 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Mon, 13 Jun 2016 11:42:40 +0200 Subject: [PATCH 11/29] nbd: simplify the nbd_request and nbd_reply structs These structs are never used to represent the bytes that go over the network. The big-endian network data is built into a uint8_t array in nbd_{receive,send}_{request,reply}. Remove the unused magic field, reorder the struct to avoid holes, and remove the packed attribute. Signed-off-by: Paolo Bonzini --- include/block/nbd.h | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/include/block/nbd.h b/include/block/nbd.h index b86a976984..747bb0aaeb 100644 --- a/include/block/nbd.h +++ b/include/block/nbd.h @@ -25,19 +25,20 @@ #include "io/channel-socket.h" #include "crypto/tlscreds.h" +/* Note: these are _NOT_ the same as the network representation of an NBD + * request and reply! + */ struct nbd_request { - uint32_t magic; - uint32_t type; uint64_t handle; uint64_t from; uint32_t len; -} QEMU_PACKED; + uint32_t type; +}; struct nbd_reply { - uint32_t magic; - uint32_t error; uint64_t handle; -} QEMU_PACKED; + uint32_t error; +}; #define NBD_FLAG_HAS_FLAGS (1 << 0) /* Flags are there */ #define NBD_FLAG_READ_ONLY (1 << 1) /* Device is read-only */ From 494e95e910c0073705dc5dbcdb17c9b8709d59ec Mon Sep 17 00:00:00 2001 From: Chao Peng Date: Mon, 13 Jun 2016 10:21:27 +0800 Subject: [PATCH 12/29] target-i386: kvm: cache KVM_GET_SUPPORTED_CPUID data KVM_GET_SUPPORTED_CPUID ioctl is called frequently when initializing CPU. Depends on CPU features and CPU count, the number of calls can be extremely high which slows down QEMU booting significantly. In our testing, we saw 5922 calls with switches: -cpu SandyBridge -smp 6,sockets=6,cores=1,threads=1 This ioctl takes more than 100ms, which is almost half of the total QEMU startup time. While for most cases the data returned from two different invocations are not changed, that means, we can cache the data to avoid trapping into kernel for the second time. To make sure the cache safe one assumption is desirable: the ioctl is stateless. This is not true for CPUID leaves in general (such as CPUID leaf 0xD, whose value depends on guest XCR0 and IA32_XSS) but it is true of KVM_GET_SUPPORTED_CPUID, which runs before there is a value for XCR0 and IA32_XSS. Signed-off-by: Chao Peng Message-Id: <1465784487-23482-1-git-send-email-chao.p.peng@linux.intel.com> Signed-off-by: Paolo Bonzini --- target-i386/kvm.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/target-i386/kvm.c b/target-i386/kvm.c index 7b092ee385..ff92b1d118 100644 --- a/target-i386/kvm.c +++ b/target-i386/kvm.c @@ -106,6 +106,8 @@ static int has_xsave; static int has_xcrs; static int has_pit_state2; +static struct kvm_cpuid2 *cpuid_cache; + int kvm_has_pit_state2(void) { return has_pit_state2; @@ -199,9 +201,14 @@ static struct kvm_cpuid2 *get_supported_cpuid(KVMState *s) { struct kvm_cpuid2 *cpuid; int max = 1; + + if (cpuid_cache != NULL) { + return cpuid_cache; + } while ((cpuid = try_get_cpuid(s, max)) == NULL) { max *= 2; } + cpuid_cache = cpuid; return cpuid; } @@ -319,8 +326,6 @@ uint32_t kvm_arch_get_supported_cpuid(KVMState *s, uint32_t function, ret |= cpuid_1_edx & CPUID_EXT2_AMD_ALIASES; } - g_free(cpuid); - /* fallback for older kernels */ if ((function == KVM_CPUID_FEATURES) && !found) { ret = get_para_features(s); From 142c21455bb2416b37f71b22cb251a4effc8619c Mon Sep 17 00:00:00 2001 From: Thomas Huth Date: Mon, 13 Jun 2016 10:10:18 +0200 Subject: [PATCH 13/29] scsi-disk: Use (unsigned long) typecasts when using "%lu" format string Some source code analyzers like cppcheck spill out a warning if the sign of the argument does not match the format string. Ticket: https://bugs.launchpad.net/qemu/+bug/1589564 Signed-off-by: Thomas Huth Message-Id: <1465805418-15906-1-git-send-email-thuth@redhat.com> Signed-off-by: Paolo Bonzini --- hw/scsi/scsi-disk.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c index 188196990e..36f8a85a70 100644 --- a/hw/scsi/scsi-disk.c +++ b/hw/scsi/scsi-disk.c @@ -2060,13 +2060,13 @@ static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf) } break; case MODE_SELECT: - DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer); + DPRINTF("Mode Select(6) (len %lu)\n", (unsigned long)r->req.cmd.xfer); break; case MODE_SELECT_10: - DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer); + DPRINTF("Mode Select(10) (len %lu)\n", (unsigned long)r->req.cmd.xfer); break; case UNMAP: - DPRINTF("Unmap (len %lu)\n", (long)r->req.cmd.xfer); + DPRINTF("Unmap (len %lu)\n", (unsigned long)r->req.cmd.xfer); break; case VERIFY_10: case VERIFY_12: @@ -2080,7 +2080,7 @@ static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf) case WRITE_SAME_16: DPRINTF("WRITE SAME %d (len %lu)\n", req->cmd.buf[0] == WRITE_SAME_10 ? 10 : 16, - (long)r->req.cmd.xfer); + (unsigned long)r->req.cmd.xfer); break; default: DPRINTF("Unknown SCSI command (%2.2x=%s)\n", buf[0], From f31e3266375652a31a3586315913e1ff8e609b52 Mon Sep 17 00:00:00 2001 From: Greg Kurz Date: Thu, 26 May 2016 10:02:23 +0200 Subject: [PATCH 14/29] KVM: use KVM_CAP_MAX_VCPU_ID As stated in linux/Documentation/virtual/kvm/api.txt: The maximum possible value for max_vcpu_id can be retrieved using the KVM_CAP_MAX_VCPU_ID of the KVM_CHECK_EXTENSION ioctl() at run-time. If the KVM_CAP_MAX_VCPU_ID does not exist, you should assume that max_vcpu_id is the same as the value returned from KVM_CAP_MAX_VCPUS. Signed-off-by: Greg Kurz Message-Id: <146424974323.5666.5471538288045048119.stgit@bahia.huguette.org> Signed-off-by: Paolo Bonzini --- kvm-all.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/kvm-all.c b/kvm-all.c index 71af270e31..a88f917fda 100644 --- a/kvm-all.c +++ b/kvm-all.c @@ -1519,10 +1519,16 @@ static int kvm_max_vcpus(KVMState *s) return (ret) ? ret : kvm_recommended_vcpus(s); } +static int kvm_max_vcpu_id(KVMState *s) +{ + int ret = kvm_check_extension(s, KVM_CAP_MAX_VCPU_ID); + return (ret) ? ret : kvm_max_vcpus(s); +} + bool kvm_vcpu_id_is_valid(int vcpu_id) { KVMState *s = KVM_STATE(current_machine->accelerator); - return vcpu_id >= 0 && vcpu_id < kvm_max_vcpus(s); + return vcpu_id >= 0 && vcpu_id < kvm_max_vcpu_id(s); } static int kvm_init(MachineState *ms) From 37146e7eafafd121d80d68455b8f4bc9043a9f4f Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Mon, 16 May 2016 17:34:35 +0100 Subject: [PATCH 15/29] vl.c: Add '-L help' which lists data dirs. QEMU compiles a list of data directories from various sources. When consuming a QEMU binary it's useful to be able to get this list of data directories: a primary reason is so you can list what BIOSes or keymaps ship with this version of QEMU. However without reproducing the method that QEMU uses internally, it's not possible to get the list of data directories. This commit adds a simple '-L help' option that just lists out the data directories as qemu calculates them: $ ./x86_64-softmmu/qemu-system-x86_64 -L help /home/rjones/d/qemu/pc-bios /usr/local/share/qemu $ ./x86_64-softmmu/qemu-system-x86_64 -L /tmp -L help /tmp /home/rjones/d/qemu/pc-bios /usr/local/share/qemu Signed-off-by: Richard W.M. Jones Reviewed-by: Eric Blake Message-Id: <1463416475-11728-2-git-send-email-rjones@redhat.com> Signed-off-by: Paolo Bonzini --- qemu-options.hx | 2 ++ vl.c | 13 ++++++++++++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/qemu-options.hx b/qemu-options.hx index 0e42ba55be..17f15ad1fe 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -3214,6 +3214,8 @@ STEXI @item -L @var{path} @findex -L Set the directory for the BIOS, VGA BIOS and keymaps. + +To list all the data directories, use @code{-L help}. ETEXI DEF("bios", HAS_ARG, QEMU_OPTION_bios, \ diff --git a/vl.c b/vl.c index 45eff5661b..fb18821fb9 100644 --- a/vl.c +++ b/vl.c @@ -2968,6 +2968,7 @@ int main(int argc, char **argv, char **envp) FILE *vmstate_dump_file = NULL; Error *main_loop_err = NULL; Error *err = NULL; + bool list_data_dirs = false; qemu_init_cpu_loop(); qemu_mutex_lock_iothread(); @@ -3354,7 +3355,9 @@ int main(int argc, char **argv, char **envp) add_device_config(DEV_GDB, optarg); break; case QEMU_OPTION_L: - if (data_dir_idx < ARRAY_SIZE(data_dir)) { + if (is_help_option(optarg)) { + list_data_dirs = true; + } else if (data_dir_idx < ARRAY_SIZE(data_dir)) { data_dir[data_dir_idx++] = optarg; } break; @@ -4086,6 +4089,14 @@ int main(int argc, char **argv, char **envp) data_dir[data_dir_idx++] = CONFIG_QEMU_DATADIR; } + /* -L help lists the data directories and exits. */ + if (list_data_dirs) { + for (i = 0; i < data_dir_idx; i++) { + printf("%s\n", data_dir[i]); + } + exit(0); + } + smp_parse(qemu_opts_find(qemu_find_opts("smp-opts"), NULL)); machine_class->max_cpus = machine_class->max_cpus ?: 1; /* Default to UP */ From a0c303693ead8236a55a59097d75bd521f8212e2 Mon Sep 17 00:00:00 2001 From: Eric Blake Date: Wed, 11 May 2016 16:39:34 -0600 Subject: [PATCH 16/29] nbd: Use BDRV_REQ_FUA for better FUA where supported Rather than always flushing ourselves, let the block layer forward the FUA on to the underlying device - where all underlying layers also understand FUA, we are now more efficient; and where any underlying layer doesn't understand it, now the block layer takes care of the full flush fallback on our behalf. Signed-off-by: Eric Blake Message-Id: <1463006384-7734-2-git-send-email-eblake@redhat.com> Signed-off-by: Paolo Bonzini --- nbd/server.c | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/nbd/server.c b/nbd/server.c index 91471f17a7..7063edbce2 100644 --- a/nbd/server.c +++ b/nbd/server.c @@ -1038,6 +1038,7 @@ static void nbd_trip(void *opaque) struct nbd_reply reply; ssize_t ret; uint32_t command; + int flags; TRACE("Reading request."); if (client->closing) { @@ -1114,23 +1115,18 @@ static void nbd_trip(void *opaque) TRACE("Writing to device"); + flags = 0; + if (request.type & NBD_CMD_FLAG_FUA) { + flags |= BDRV_REQ_FUA; + } ret = blk_pwrite(exp->blk, request.from + exp->dev_offset, - req->data, request.len, 0); + req->data, request.len, flags); if (ret < 0) { LOG("writing to file failed"); reply.error = -ret; goto error_reply; } - if (request.type & NBD_CMD_FLAG_FUA) { - ret = blk_co_flush(exp->blk); - if (ret < 0) { - LOG("flush failed"); - reply.error = -ret; - goto error_reply; - } - } - if (nbd_co_send_reply(req, &reply, 0) < 0) { goto out; } From 2cb347493c5a0c3634dc13942ba65fdcefbcd34b Mon Sep 17 00:00:00 2001 From: Eric Blake Date: Wed, 11 May 2016 16:39:35 -0600 Subject: [PATCH 17/29] nbd: More debug typo fixes, use correct formats Clean up some debug message oddities missed earlier; this includes some typos, and recognizing that %d is not necessarily compatible with uint32_t. Also add a couple messages that I found useful while debugging things. Signed-off-by: Eric Blake Message-Id: <1463006384-7734-3-git-send-email-eblake@redhat.com> [Do not use PRIx16, clang complains. - Paolo] Signed-off-by: Paolo Bonzini --- nbd/client.c | 41 ++++++++++++++++++++++------------------- nbd/server.c | 48 +++++++++++++++++++++++++++--------------------- 2 files changed, 49 insertions(+), 40 deletions(-) diff --git a/nbd/client.c b/nbd/client.c index 6d9c74d62c..c08aa85761 100644 --- a/nbd/client.c +++ b/nbd/client.c @@ -109,25 +109,27 @@ static int nbd_handle_reply_err(QIOChannel *ioc, uint32_t opt, uint32_t type, switch (type) { case NBD_REP_ERR_UNSUP: - TRACE("server doesn't understand request %d, attempting fallback", - opt); + TRACE("server doesn't understand request %" PRIx32 + ", attempting fallback", opt); result = 0; goto cleanup; case NBD_REP_ERR_POLICY: - error_setg(errp, "Denied by server for option %x", opt); + error_setg(errp, "Denied by server for option %" PRIx32, opt); break; case NBD_REP_ERR_INVALID: - error_setg(errp, "Invalid data length for option %x", opt); + error_setg(errp, "Invalid data length for option %" PRIx32, opt); break; case NBD_REP_ERR_TLS_REQD: - error_setg(errp, "TLS negotiation required before option %x", opt); + error_setg(errp, "TLS negotiation required before option %" PRIx32, + opt); break; default: - error_setg(errp, "Unknown error code when asking for option %x", opt); + error_setg(errp, "Unknown error code when asking for option %" PRIx32, + opt); break; } @@ -165,7 +167,7 @@ static int nbd_receive_list(QIOChannel *ioc, char **name, Error **errp) } opt = be32_to_cpu(opt); if (opt != NBD_OPT_LIST) { - error_setg(errp, "Unexpected option type %x expected %x", + error_setg(errp, "Unexpected option type %" PRIx32 " expected %x", opt, NBD_OPT_LIST); return -1; } @@ -207,7 +209,7 @@ static int nbd_receive_list(QIOChannel *ioc, char **name, Error **errp) return -1; } if (namelen > 255) { - error_setg(errp, "export name length too long %d", namelen); + error_setg(errp, "export name length too long %" PRIu32, namelen); return -1; } @@ -234,7 +236,7 @@ static int nbd_receive_list(QIOChannel *ioc, char **name, Error **errp) g_free(buf); } } else { - error_setg(errp, "Unexpected reply type %x expected %x", + error_setg(errp, "Unexpected reply type %" PRIx32 " expected %x", type, NBD_REP_SERVER); return -1; } @@ -349,7 +351,7 @@ static QIOChannel *nbd_receive_starttls(QIOChannel *ioc, } opt = be32_to_cpu(opt); if (opt != NBD_OPT_STARTTLS) { - error_setg(errp, "Unexpected option type %x expected %x", + error_setg(errp, "Unexpected option type %" PRIx32 " expected %x", opt, NBD_OPT_STARTTLS); return NULL; } @@ -361,7 +363,7 @@ static QIOChannel *nbd_receive_starttls(QIOChannel *ioc, } type = be32_to_cpu(type); if (type != NBD_REP_ACK) { - error_setg(errp, "Server rejected request to start TLS %x", + error_setg(errp, "Server rejected request to start TLS %" PRIx32, type); return NULL; } @@ -373,7 +375,7 @@ static QIOChannel *nbd_receive_starttls(QIOChannel *ioc, } length = be32_to_cpu(length); if (length != 0) { - error_setg(errp, "Start TLS response was not zero %x", + error_setg(errp, "Start TLS response was not zero %" PRIu32, length); return NULL; } @@ -384,7 +386,7 @@ static QIOChannel *nbd_receive_starttls(QIOChannel *ioc, return NULL; } data.loop = g_main_loop_new(g_main_context_default(), FALSE); - TRACE("Starting TLS hanshake"); + TRACE("Starting TLS handshake"); qio_channel_tls_handshake(tioc, nbd_tls_handshake, &data, @@ -474,7 +476,7 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name, uint32_t *flags, } globalflags = be16_to_cpu(globalflags); *flags = globalflags << 16; - TRACE("Global flags are %x", globalflags); + TRACE("Global flags are %" PRIx32, globalflags); if (globalflags & NBD_FLAG_FIXED_NEWSTYLE) { fixedNewStyle = true; TRACE("Server supports fixed new style"); @@ -550,7 +552,7 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char *name, uint32_t *flags, } exportflags = be16_to_cpu(exportflags); *flags |= exportflags; - TRACE("Export flags are %x", exportflags); + TRACE("Export flags are %" PRIx16, exportflags); } else if (magic == NBD_CLIENT_MAGIC) { if (name) { error_setg(errp, "Server does not support export names"); @@ -683,7 +685,8 @@ ssize_t nbd_send_request(QIOChannel *ioc, struct nbd_request *request) ssize_t ret; TRACE("Sending request to server: " - "{ .from = %" PRIu64", .len = %u, .handle = %" PRIu64", .type=%i}", + "{ .from = %" PRIu64", .len = %" PRIu32 ", .handle = %" PRIu64 + ", .type=%" PRIu16 " }", request->from, request->len, request->handle, request->type); stl_be_p(buf, NBD_REQUEST_MAGIC); @@ -732,12 +735,12 @@ ssize_t nbd_receive_reply(QIOChannel *ioc, struct nbd_reply *reply) reply->error = nbd_errno_to_system_errno(reply->error); - TRACE("Got reply: " - "{ magic = 0x%x, .error = %d, handle = %" PRIu64" }", + TRACE("Got reply: { magic = 0x%" PRIx32 ", .error = % " PRId32 + ", handle = %" PRIu64" }", magic, reply->error, reply->handle); if (magic != NBD_REPLY_MAGIC) { - LOG("invalid magic (got 0x%x)", magic); + LOG("invalid magic (got 0x%" PRIx32 ")", magic); return -EINVAL; } return 0; diff --git a/nbd/server.c b/nbd/server.c index 7063edbce2..d95266d9bd 100644 --- a/nbd/server.c +++ b/nbd/server.c @@ -196,7 +196,7 @@ static int nbd_negotiate_send_rep(QIOChannel *ioc, uint32_t type, uint32_t opt) uint64_t magic; uint32_t len; - TRACE("Reply opt=%x type=%x", type, opt); + TRACE("Reply opt=%" PRIx32 " type=%" PRIx32, type, opt); magic = cpu_to_be64(NBD_REP_MAGIC); if (nbd_negotiate_write(ioc, &magic, sizeof(magic)) != sizeof(magic)) { @@ -226,7 +226,7 @@ static int nbd_negotiate_send_rep_list(QIOChannel *ioc, NBDExport *exp) uint64_t magic, name_len; uint32_t opt, type, len; - TRACE("Advertizing export name '%s'", exp->name ? exp->name : ""); + TRACE("Advertising export name '%s'", exp->name ? exp->name : ""); name_len = strlen(exp->name); magic = cpu_to_be64(NBD_REP_MAGIC); if (nbd_negotiate_write(ioc, &magic, sizeof(magic)) != sizeof(magic)) { @@ -392,12 +392,12 @@ static int nbd_negotiate_options(NBDClient *client) TRACE("Checking client flags"); be32_to_cpus(&flags); if (flags & NBD_FLAG_C_FIXED_NEWSTYLE) { - TRACE("Support supports fixed newstyle handshake"); + TRACE("Client supports fixed newstyle handshake"); fixedNewstyle = true; flags &= ~NBD_FLAG_C_FIXED_NEWSTYLE; } if (flags != 0) { - TRACE("Unknown client flags 0x%x received", flags); + TRACE("Unknown client flags 0x%" PRIx32 " received", flags); return -EIO; } @@ -431,12 +431,12 @@ static int nbd_negotiate_options(NBDClient *client) } length = be32_to_cpu(length); - TRACE("Checking option 0x%x", clientflags); + TRACE("Checking option 0x%" PRIx32, clientflags); if (client->tlscreds && client->ioc == (QIOChannel *)client->sioc) { QIOChannel *tioc; if (!fixedNewstyle) { - TRACE("Unsupported option 0x%x", clientflags); + TRACE("Unsupported option 0x%" PRIx32, clientflags); return -EINVAL; } switch (clientflags) { @@ -455,7 +455,8 @@ static int nbd_negotiate_options(NBDClient *client) return -EINVAL; default: - TRACE("Option 0x%x not permitted before TLS", clientflags); + TRACE("Option 0x%" PRIx32 " not permitted before TLS", + clientflags); if (nbd_negotiate_drop_sync(client->ioc, length) != length) { return -EIO; } @@ -493,7 +494,7 @@ static int nbd_negotiate_options(NBDClient *client) } break; default: - TRACE("Unsupported option 0x%x", clientflags); + TRACE("Unsupported option 0x%" PRIx32, clientflags); if (nbd_negotiate_drop_sync(client->ioc, length) != length) { return -EIO; } @@ -511,7 +512,7 @@ static int nbd_negotiate_options(NBDClient *client) return nbd_negotiate_handle_export_name(client, length); default: - TRACE("Unsupported option 0x%x", clientflags); + TRACE("Unsupported option 0x%" PRIx32, clientflags); return -EINVAL; } } @@ -560,6 +561,8 @@ static coroutine_fn int nbd_negotiate(NBDClientNewData *data) oldStyle = client->exp != NULL && !client->tlscreds; if (oldStyle) { assert ((client->exp->nbdflags & ~65535) == 0); + TRACE("advertising size %" PRIu64 " and flags %x", + client->exp->size, client->exp->nbdflags | myflags); stq_be_p(buf + 8, NBD_CLIENT_MAGIC); stq_be_p(buf + 16, client->exp->size); stw_be_p(buf + 26, client->exp->nbdflags | myflags); @@ -589,6 +592,8 @@ static coroutine_fn int nbd_negotiate(NBDClientNewData *data) } assert ((client->exp->nbdflags & ~65535) == 0); + TRACE("advertising size %" PRIu64 " and flags %x", + client->exp->size, client->exp->nbdflags | myflags); stq_be_p(buf + 18, client->exp->size); stw_be_p(buf + 26, client->exp->nbdflags | myflags); if (nbd_negotiate_write(client->ioc, buf + 18, sizeof(buf) - 18) != @@ -652,12 +657,12 @@ static ssize_t nbd_receive_request(QIOChannel *ioc, struct nbd_request *request) request->from = ldq_be_p(buf + 16); request->len = ldl_be_p(buf + 24); - TRACE("Got request: " - "{ magic = 0x%x, .type = %d, from = %" PRIu64" , len = %u }", + TRACE("Got request: { magic = 0x%" PRIx32 ", .type = %" PRIx32 + ", from = %" PRIu64 " , len = %" PRIu32 " }", magic, request->type, request->from, request->len); if (magic != NBD_REQUEST_MAGIC) { - LOG("invalid magic (got 0x%x)", magic); + LOG("invalid magic (got 0x%" PRIx32 ")", magic); return -EINVAL; } return 0; @@ -670,7 +675,8 @@ static ssize_t nbd_send_reply(QIOChannel *ioc, struct nbd_reply *reply) reply->error = system_errno_to_nbd_errno(reply->error); - TRACE("Sending response to client: { .error = %d, handle = %" PRIu64 " }", + TRACE("Sending response to client: { .error = %" PRId32 + ", handle = %" PRIu64 " }", reply->error, reply->handle); /* Reply @@ -999,7 +1005,7 @@ static ssize_t nbd_co_receive_request(NBDRequest *req, struct nbd_request *reque command = request->type & NBD_CMD_MASK_COMMAND; if (command == NBD_CMD_READ || command == NBD_CMD_WRITE) { if (request->len > NBD_MAX_BUFFER_SIZE) { - LOG("len (%u) is larger than max len (%u)", + LOG("len (%" PRIu32" ) is larger than max len (%u)", request->len, NBD_MAX_BUFFER_SIZE); rc = -EINVAL; goto out; @@ -1012,7 +1018,7 @@ static ssize_t nbd_co_receive_request(NBDRequest *req, struct nbd_request *reque } } if (command == NBD_CMD_WRITE) { - TRACE("Reading %u byte(s)", request->len); + TRACE("Reading %" PRIu32 " byte(s)", request->len); if (read_sync(client->ioc, req->data, request->len) != request->len) { LOG("reading from socket failed"); @@ -1063,10 +1069,10 @@ static void nbd_trip(void *opaque) } command = request.type & NBD_CMD_MASK_COMMAND; if (command != NBD_CMD_DISC && (request.from + request.len) > exp->size) { - LOG("From: %" PRIu64 ", Len: %u, Size: %" PRIu64 - ", Offset: %" PRIu64 "\n", - request.from, request.len, - (uint64_t)exp->size, (uint64_t)exp->dev_offset); + LOG("From: %" PRIu64 ", Len: %" PRIu32", Size: %" PRIu64 + ", Offset: %" PRIu64 "\n", + request.from, request.len, + (uint64_t)exp->size, (uint64_t)exp->dev_offset); LOG("requested operation past EOF--bad client?"); goto invalid_request; } @@ -1100,7 +1106,7 @@ static void nbd_trip(void *opaque) goto error_reply; } - TRACE("Read %u byte(s)", request.len); + TRACE("Read %" PRIu32" byte(s)", request.len); if (nbd_co_send_reply(req, &reply, request.len) < 0) goto out; break; @@ -1169,7 +1175,7 @@ static void nbd_trip(void *opaque) } break; default: - LOG("invalid request type (%u) received", request.type); + LOG("invalid request type (%" PRIu32 ") received", request.type); invalid_request: reply.error = EINVAL; error_reply: From 63d5ef869e5e57de4875cd64b6f197cbb5763adf Mon Sep 17 00:00:00 2001 From: Eric Blake Date: Wed, 11 May 2016 16:39:36 -0600 Subject: [PATCH 18/29] nbd: Quit server after any write error We should never ignore failure from nbd_negotiate_send_rep(); if we are unable to write to the client, then it is not worth trying to continue the negotiation. Fortunately, the problem is not too severe - chances are that the errors being ignored here (mainly inability to write the reply to the client) are indications of a closed connection or something similar, which will also affect the next attempt to interact with the client and eventually reach a point where the errors are detected to end the loop. Signed-off-by: Eric Blake Message-Id: <1463006384-7734-4-git-send-email-eblake@redhat.com> Signed-off-by: Paolo Bonzini --- nbd/server.c | 32 +++++++++++++++++++++++--------- 1 file changed, 23 insertions(+), 9 deletions(-) diff --git a/nbd/server.c b/nbd/server.c index d95266d9bd..d14b8740eb 100644 --- a/nbd/server.c +++ b/nbd/server.c @@ -334,7 +334,10 @@ static QIOChannel *nbd_negotiate_handle_starttls(NBDClient *client, return NULL; } - nbd_negotiate_send_rep(client->ioc, NBD_REP_ACK, NBD_OPT_STARTTLS); + if (nbd_negotiate_send_rep(client->ioc, NBD_REP_ACK, + NBD_OPT_STARTTLS) < 0) { + return NULL; + } tioc = qio_channel_tls_new_server(ioc, client->tlscreds, @@ -460,8 +463,11 @@ static int nbd_negotiate_options(NBDClient *client) if (nbd_negotiate_drop_sync(client->ioc, length) != length) { return -EIO; } - nbd_negotiate_send_rep(client->ioc, NBD_REP_ERR_TLS_REQD, - clientflags); + ret = nbd_negotiate_send_rep(client->ioc, NBD_REP_ERR_TLS_REQD, + clientflags); + if (ret < 0) { + return ret; + } break; } } else if (fixedNewstyle) { @@ -485,12 +491,17 @@ static int nbd_negotiate_options(NBDClient *client) } if (client->tlscreds) { TRACE("TLS already enabled"); - nbd_negotiate_send_rep(client->ioc, NBD_REP_ERR_INVALID, - clientflags); + ret = nbd_negotiate_send_rep(client->ioc, + NBD_REP_ERR_INVALID, + clientflags); } else { TRACE("TLS not configured"); - nbd_negotiate_send_rep(client->ioc, NBD_REP_ERR_POLICY, - clientflags); + ret = nbd_negotiate_send_rep(client->ioc, + NBD_REP_ERR_POLICY, + clientflags); + } + if (ret < 0) { + return ret; } break; default: @@ -498,8 +509,11 @@ static int nbd_negotiate_options(NBDClient *client) if (nbd_negotiate_drop_sync(client->ioc, length) != length) { return -EIO; } - nbd_negotiate_send_rep(client->ioc, NBD_REP_ERR_UNSUP, - clientflags); + ret = nbd_negotiate_send_rep(client->ioc, NBD_REP_ERR_UNSUP, + clientflags); + if (ret < 0) { + return ret; + } break; } } else { From 29b6c3b319acb85b2f025bffebb8ed9b3a83602a Mon Sep 17 00:00:00 2001 From: Eric Blake Date: Wed, 11 May 2016 16:39:37 -0600 Subject: [PATCH 19/29] nbd: Improve server handling of bogus commands We have a few bugs in how we handle invalid client commands: - A client can send an NBD_CMD_DISC where from + len overflows, convincing us to reply with an error and stay connected, even though the protocol requires us to silently disconnect. Fix by hoisting the special case sooner. - A client can send an NBD_CMD_WRITE where from + len overflows, where we reply to the client with EINVAL without consuming the payload; this will normally cause us to fail if the next thing read is not the right magic, but in rare cases, could cause us to interpret the data payload as valid commands and do things not requested by the client. Fix by adding a complete flag to track whether we are in sync or must disconnect. Furthermore, we have split the checks for bogus from/len across two functions, when it is easier to do it all at once. Signed-off-by: Eric Blake Message-Id: <1463006384-7734-5-git-send-email-eblake@redhat.com> Signed-off-by: Paolo Bonzini --- nbd/server.c | 66 +++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 47 insertions(+), 19 deletions(-) diff --git a/nbd/server.c b/nbd/server.c index d14b8740eb..41388f5fe9 100644 --- a/nbd/server.c +++ b/nbd/server.c @@ -52,6 +52,7 @@ struct NBDRequest { QSIMPLEQ_ENTRY(NBDRequest) entry; NBDClient *client; uint8_t *data; + bool complete; }; struct NBDExport { @@ -989,7 +990,13 @@ static ssize_t nbd_co_send_reply(NBDRequest *req, struct nbd_reply *reply, return rc; } -static ssize_t nbd_co_receive_request(NBDRequest *req, struct nbd_request *request) +/* Collect a client request. Return 0 if request looks valid, -EAGAIN + * to keep trying the collection, -EIO to drop connection right away, + * and any other negative value to report an error to the client + * (although the caller may still need to disconnect after reporting + * the error). */ +static ssize_t nbd_co_receive_request(NBDRequest *req, + struct nbd_request *request) { NBDClient *client = req->client; uint32_t command; @@ -1007,16 +1014,31 @@ static ssize_t nbd_co_receive_request(NBDRequest *req, struct nbd_request *reque goto out; } + TRACE("Decoding type"); + + command = request->type & NBD_CMD_MASK_COMMAND; + if (command != NBD_CMD_WRITE) { + /* No payload, we are ready to read the next request. */ + req->complete = true; + } + + if (command == NBD_CMD_DISC) { + /* Special case: we're going to disconnect without a reply, + * whether or not flags, from, or len are bogus */ + TRACE("Request type is DISCONNECT"); + rc = -EIO; + goto out; + } + + /* Check for sanity in the parameters, part 1. Defer as many + * checks as possible until after reading any NBD_CMD_WRITE + * payload, so we can try and keep the connection alive. */ if ((request->from + request->len) < request->from) { - LOG("integer overflow detected! " - "you're probably being attacked"); + LOG("integer overflow detected, you're probably being attacked"); rc = -EINVAL; goto out; } - TRACE("Decoding type"); - - command = request->type & NBD_CMD_MASK_COMMAND; if (command == NBD_CMD_READ || command == NBD_CMD_WRITE) { if (request->len > NBD_MAX_BUFFER_SIZE) { LOG("len (%" PRIu32" ) is larger than max len (%u)", @@ -1039,7 +1061,18 @@ static ssize_t nbd_co_receive_request(NBDRequest *req, struct nbd_request *reque rc = -EIO; goto out; } + req->complete = true; } + + /* Sanity checks, part 2. */ + if (request->from + request->len > client->exp->size) { + LOG("operation past EOF; From: %" PRIu64 ", Len: %" PRIu32 + ", Size: %" PRIu64, request->from, request->len, + (uint64_t)client->exp->size); + rc = command == NBD_CMD_WRITE ? -ENOSPC : -EINVAL; + goto out; + } + rc = 0; out: @@ -1082,14 +1115,6 @@ static void nbd_trip(void *opaque) goto error_reply; } command = request.type & NBD_CMD_MASK_COMMAND; - if (command != NBD_CMD_DISC && (request.from + request.len) > exp->size) { - LOG("From: %" PRIu64 ", Len: %" PRIu32", Size: %" PRIu64 - ", Offset: %" PRIu64 "\n", - request.from, request.len, - (uint64_t)exp->size, (uint64_t)exp->dev_offset); - LOG("requested operation past EOF--bad client?"); - goto invalid_request; - } if (client->closing) { /* @@ -1151,10 +1176,11 @@ static void nbd_trip(void *opaque) goto out; } break; + case NBD_CMD_DISC: - TRACE("Request type is DISCONNECT"); - errno = 0; - goto out; + /* unreachable, thanks to special case in nbd_co_receive_request() */ + abort(); + case NBD_CMD_FLUSH: TRACE("Request type is FLUSH"); @@ -1190,10 +1216,12 @@ static void nbd_trip(void *opaque) break; default: LOG("invalid request type (%" PRIu32 ") received", request.type); - invalid_request: reply.error = EINVAL; error_reply: - if (nbd_co_send_reply(req, &reply, 0) < 0) { + /* We must disconnect after NBD_CMD_WRITE if we did not + * read the payload. + */ + if (nbd_co_send_reply(req, &reply, 0) < 0 || !req->complete) { goto out; } break; From ab7c548e266a6324db0994cea58c35b3dc87bade Mon Sep 17 00:00:00 2001 From: Eric Blake Date: Wed, 11 May 2016 16:39:38 -0600 Subject: [PATCH 20/29] nbd: Reject unknown request flags The NBD protocol says that clients should not send a command flag that has not been negotiated (whether by the client requesting an option during a handshake, or because we advertise support for the flag in response to NBD_OPT_EXPORT_NAME), and that servers should reject invalid flags with EINVAL. We were silently ignoring the flags instead. The client can't rely on our behavior, since it is their fault for passing the bad flag in the first place, but it's better to be robust up front than to possibly behave differently than the client was expecting with the attempted flag. Signed-off-by: Eric Blake Reviewed-by: Alex Bligh Message-Id: <1463006384-7734-6-git-send-email-eblake@redhat.com> Signed-off-by: Paolo Bonzini --- nbd/server.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/nbd/server.c b/nbd/server.c index 41388f5fe9..b0ca9d9771 100644 --- a/nbd/server.c +++ b/nbd/server.c @@ -1072,6 +1072,11 @@ static ssize_t nbd_co_receive_request(NBDRequest *req, rc = command == NBD_CMD_WRITE ? -ENOSPC : -EINVAL; goto out; } + if (request->type & ~NBD_CMD_MASK_COMMAND & ~NBD_CMD_FLAG_FUA) { + LOG("unsupported flags (got 0x%x)", + request->type & ~NBD_CMD_MASK_COMMAND); + return -EINVAL; + } rc = 0; From 98494e3b926ad62c5644fd84a37f04b5e7abb7a6 Mon Sep 17 00:00:00 2001 From: Eric Blake Date: Wed, 11 May 2016 16:39:39 -0600 Subject: [PATCH 21/29] nbd: Group all Linux-specific ioctl code in one place NBD ioctl()s are used to manage an NBD client session where initial handshake is done in userspace, but then the transmission phase is handed off to the kernel through a /dev/nbdX device. As such, all ioctls sent to the kernel on the /dev/nbdX fd belong in client.c; nbd_disconnect() was out-of-place in server.c. Signed-off-by: Eric Blake Message-Id: <1463006384-7734-7-git-send-email-eblake@redhat.com> Signed-off-by: Paolo Bonzini --- nbd/client.c | 13 +++++++++++++ nbd/server.c | 18 ------------------ 2 files changed, 13 insertions(+), 18 deletions(-) diff --git a/nbd/client.c b/nbd/client.c index c08aa85761..5604aa9022 100644 --- a/nbd/client.c +++ b/nbd/client.c @@ -667,6 +667,15 @@ int nbd_client(int fd) errno = serrno; return ret; } + +int nbd_disconnect(int fd) +{ + ioctl(fd, NBD_CLEAR_QUE); + ioctl(fd, NBD_DISCONNECT); + ioctl(fd, NBD_CLEAR_SOCK); + return 0; +} + #else int nbd_init(int fd, QIOChannelSocket *ioc, uint32_t flags, off_t size) { @@ -677,6 +686,10 @@ int nbd_client(int fd) { return -ENOTSUP; } +int nbd_disconnect(int fd) +{ + return -ENOTSUP; +} #endif ssize_t nbd_send_request(QIOChannel *ioc, struct nbd_request *request) diff --git a/nbd/server.c b/nbd/server.c index b0ca9d9771..41067a4bf8 100644 --- a/nbd/server.c +++ b/nbd/server.c @@ -624,24 +624,6 @@ fail: return rc; } -#ifdef __linux__ - -int nbd_disconnect(int fd) -{ - ioctl(fd, NBD_CLEAR_QUE); - ioctl(fd, NBD_DISCONNECT); - ioctl(fd, NBD_CLEAR_SOCK); - return 0; -} - -#else - -int nbd_disconnect(int fd) -{ - return -ENOTSUP; -} -#endif - static ssize_t nbd_receive_request(QIOChannel *ioc, struct nbd_request *request) { uint8_t buf[NBD_REQUEST_SIZE]; From f57e2416aaeb39c32946d282768ece7ff619b423 Mon Sep 17 00:00:00 2001 From: Eric Blake Date: Wed, 11 May 2016 16:39:40 -0600 Subject: [PATCH 22/29] nbd: Clean up ioctl handling of qemu-nbd -c The kernel ioctl() interface into NBD is limited to 'unsigned long'; we MUST pass in input with that type (and not int or size_t, as there may be platform ABIs where the wrong types promote incorrectly through var-args). Furthermore, on 32-bit platforms, the kernel is limited to a maximum export size of 2T (our BLKSIZE of 512 times a SIZE_BLOCKS constrained by 32 bit unsigned long). Signed-off-by: Eric Blake Message-Id: <1463006384-7734-8-git-send-email-eblake@redhat.com> Signed-off-by: Paolo Bonzini --- nbd/client.c | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/nbd/client.c b/nbd/client.c index 5604aa9022..20e6daf70f 100644 --- a/nbd/client.c +++ b/nbd/client.c @@ -593,9 +593,15 @@ fail: #ifdef __linux__ int nbd_init(int fd, QIOChannelSocket *sioc, uint32_t flags, off_t size) { + unsigned long sectors = size / BDRV_SECTOR_SIZE; + if (size / BDRV_SECTOR_SIZE != sectors) { + LOG("Export size %lld too large for 32-bit kernel", (long long) size); + return -E2BIG; + } + TRACE("Setting NBD socket"); - if (ioctl(fd, NBD_SET_SOCK, sioc->fd) < 0) { + if (ioctl(fd, NBD_SET_SOCK, (unsigned long) sioc->fd) < 0) { int serrno = errno; LOG("Failed to set NBD socket"); return -serrno; @@ -603,21 +609,25 @@ int nbd_init(int fd, QIOChannelSocket *sioc, uint32_t flags, off_t size) TRACE("Setting block size to %lu", (unsigned long)BDRV_SECTOR_SIZE); - if (ioctl(fd, NBD_SET_BLKSIZE, (size_t)BDRV_SECTOR_SIZE) < 0) { + if (ioctl(fd, NBD_SET_BLKSIZE, (unsigned long)BDRV_SECTOR_SIZE) < 0) { int serrno = errno; LOG("Failed setting NBD block size"); return -serrno; } - TRACE("Setting size to %zd block(s)", (size_t)(size / BDRV_SECTOR_SIZE)); + TRACE("Setting size to %lu block(s)", sectors); + if (size % BDRV_SECTOR_SIZE) { + TRACE("Ignoring trailing %d bytes of export", + (int) (size % BDRV_SECTOR_SIZE)); + } - if (ioctl(fd, NBD_SET_SIZE_BLOCKS, (size_t)(size / BDRV_SECTOR_SIZE)) < 0) { + if (ioctl(fd, NBD_SET_SIZE_BLOCKS, sectors) < 0) { int serrno = errno; LOG("Failed setting size (in blocks)"); return -serrno; } - if (ioctl(fd, NBD_SET_FLAGS, flags) < 0) { + if (ioctl(fd, NBD_SET_FLAGS, (unsigned long) flags) < 0) { if (errno == ENOTTY) { int read_only = (flags & NBD_FLAG_READ_ONLY) != 0; TRACE("Setting readonly attribute"); From f3c32fce3688fe1f13ceb0777faa1fc19d66d1fc Mon Sep 17 00:00:00 2001 From: Eric Blake Date: Wed, 11 May 2016 16:39:43 -0600 Subject: [PATCH 23/29] nbd: Detect servers that send unexpected error values Add some debugging to flag servers that are not compliant to the NBD protocol. This would have flagged the server bug fixed in commit c0301fcc. Signed-off-by: Eric Blake Reviewed-by: Alex Bligh Message-Id: <1463006384-7734-11-git-send-email-eblake@redhat.com> Signed-off-by: Paolo Bonzini --- nbd/client.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/nbd/client.c b/nbd/client.c index 20e6daf70f..e8bf9fb540 100644 --- a/nbd/client.c +++ b/nbd/client.c @@ -33,8 +33,10 @@ static int nbd_errno_to_system_errno(int err) return ENOMEM; case NBD_ENOSPC: return ENOSPC; - case NBD_EINVAL: default: + TRACE("Squashing unexpected error %d to EINVAL", err); + /* fallthrough */ + case NBD_EINVAL: return EINVAL; } } From 943cec86d0864464ab29b42940c49d1ccbe8d268 Mon Sep 17 00:00:00 2001 From: Eric Blake Date: Wed, 11 May 2016 16:39:44 -0600 Subject: [PATCH 24/29] nbd: Avoid magic number for NBD max name size Declare a constant and use that when determining if an export name fits within the constraints we are willing to support. Note that upstream NBD recently documented that clients MUST support export names of 256 bytes (not including trailing NUL), and SHOULD support names up to 4096 bytes. 4096 is a bit big (we would lose benefits of stack-allocation of a name array), and we already have other limits in place (for example, qcow2 snapshot names are clamped around 1024). So for now, just stick to the required minimum, as that's easier to audit than a full-scale support for larger names. Signed-off-by: Eric Blake Message-Id: <1463006384-7734-12-git-send-email-eblake@redhat.com> Signed-off-by: Paolo Bonzini --- include/block/nbd.h | 6 ++++++ nbd/client.c | 2 +- nbd/server.c | 4 ++-- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/include/block/nbd.h b/include/block/nbd.h index 747bb0aaeb..df1f804338 100644 --- a/include/block/nbd.h +++ b/include/block/nbd.h @@ -77,6 +77,12 @@ enum { /* Maximum size of a single READ/WRITE data buffer */ #define NBD_MAX_BUFFER_SIZE (32 * 1024 * 1024) +/* Maximum size of an export name. The NBD spec requires 256 and + * suggests that servers support up to 4096, but we stick to only the + * required size so that we can stack-allocate the names, and because + * going larger would require an audit of more code to make sure we + * aren't overflowing some other buffer. */ +#define NBD_MAX_NAME_SIZE 256 ssize_t nbd_wr_syncv(QIOChannel *ioc, struct iovec *iov, diff --git a/nbd/client.c b/nbd/client.c index e8bf9fb540..287487c6c2 100644 --- a/nbd/client.c +++ b/nbd/client.c @@ -210,7 +210,7 @@ static int nbd_receive_list(QIOChannel *ioc, char **name, Error **errp) error_setg(errp, "incorrect option name length"); return -1; } - if (namelen > 255) { + if (namelen > NBD_MAX_NAME_SIZE) { error_setg(errp, "export name length too long %" PRIu32, namelen); return -1; } diff --git a/nbd/server.c b/nbd/server.c index 41067a4bf8..a677e266ff 100644 --- a/nbd/server.c +++ b/nbd/server.c @@ -286,13 +286,13 @@ static int nbd_negotiate_handle_list(NBDClient *client, uint32_t length) static int nbd_negotiate_handle_export_name(NBDClient *client, uint32_t length) { int rc = -EINVAL; - char name[256]; + char name[NBD_MAX_NAME_SIZE + 1]; /* Client sends: [20 .. xx] export name (length bytes) */ TRACE("Checking length"); - if (length > 255) { + if (length >= sizeof(name)) { LOG("Bad length received"); goto fail; } From d3cdc49138c30be1d3c2f83d18f85d9fdee95f1a Mon Sep 17 00:00:00 2001 From: Prasad J Pandit Date: Tue, 31 May 2016 23:23:27 +0530 Subject: [PATCH 25/29] scsi: esp: check buffer length before reading scsi command The 53C9X Fast SCSI Controller(FSC) comes with an internal 16-byte FIFO buffer. It is used to handle command and data transfer. Routine get_cmd() in non-DMA mode, uses 'ti_size' to read scsi command into a buffer. Add check to validate command length against buffer size to avoid any overrun. Reported-by: Li Qiang Signed-off-by: Prasad J Pandit Message-Id: <1464717207-7549-1-git-send-email-ppandit@redhat.com> Signed-off-by: Paolo Bonzini --- hw/scsi/esp.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c index 3adb685177..4b94bbca67 100644 --- a/hw/scsi/esp.c +++ b/hw/scsi/esp.c @@ -98,6 +98,9 @@ static uint32_t get_cmd(ESPState *s, uint8_t *buf, uint8_t buflen) s->dma_memory_read(s->dma_opaque, buf, dmalen); } else { dmalen = s->ti_size; + if (dmalen > TI_BUFSZ) { + return 0; + } memcpy(buf, s->ti_buf, dmalen); buf[0] = buf[2] >> 5; } From d020aa504cec8f525b55ba2ef982c09dc847c72e Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Tue, 14 Jun 2016 15:10:24 +0200 Subject: [PATCH 26/29] scsi: esp: respect FIFO invariant after message phase The FIFO contains two bytes; hence the write ptr should be two bytes ahead of the read pointer. Signed-off-by: Paolo Bonzini --- hw/scsi/esp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c index 4b94bbca67..3f08598c8d 100644 --- a/hw/scsi/esp.c +++ b/hw/scsi/esp.c @@ -222,7 +222,7 @@ static void write_response(ESPState *s) } else { s->ti_size = 2; s->ti_rptr = 0; - s->ti_wptr = 0; + s->ti_wptr = 2; s->rregs[ESP_RFLAGS] = 2; } esp_raise_irq(s); From 7f0b6e114ae4e142e2b3dfc9fac138f4a30edc4f Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Wed, 15 Jun 2016 14:29:33 +0200 Subject: [PATCH 27/29] scsi: esp: clean up handle_ti/esp_do_dma if s->do_cmd Avoid duplicated code between esp_do_dma and handle_ti. esp_do_dma has the same code that handle_ti contains after the call to esp_do_dma; but the code in handle_ti is never reached because it is in an "else if". Remove the else and also the pointless return. esp_do_dma also has a partially dead assignment of the to_device variable. Sink it to the point where it's actually used. Finally, assert that the other caller of esp_do_dma (esp_transfer_data) only transfers data and not a command. This is true because get_cmd cancels the old request synchronously before its caller handle_satn_stop sets do_cmd to 1. Reviewed-by: Laszlo Ersek Signed-off-by: Paolo Bonzini --- hw/scsi/esp.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c index 3f08598c8d..64680b3809 100644 --- a/hw/scsi/esp.c +++ b/hw/scsi/esp.c @@ -245,15 +245,10 @@ static void esp_do_dma(ESPState *s) uint32_t len; int to_device; - to_device = (s->ti_size < 0); len = s->dma_left; if (s->do_cmd) { trace_esp_do_dma(s->cmdlen, len); s->dma_memory_read(s->dma_opaque, &s->cmdbuf[s->cmdlen], len); - s->ti_size = 0; - s->cmdlen = 0; - s->do_cmd = 0; - do_cmd(s, s->cmdbuf); return; } if (s->async_len == 0) { @@ -263,6 +258,7 @@ static void esp_do_dma(ESPState *s) if (len > s->async_len) { len = s->async_len; } + to_device = (s->ti_size < 0); if (to_device) { s->dma_memory_read(s->dma_opaque, s->async_buf, len); } else { @@ -318,6 +314,7 @@ void esp_transfer_data(SCSIRequest *req, uint32_t len) { ESPState *s = req->hba_private; + assert(!s->do_cmd); trace_esp_transfer_data(s->dma_left, s->ti_size); s->async_len = len; s->async_buf = scsi_req_get_buf(req); @@ -358,13 +355,13 @@ static void handle_ti(ESPState *s) s->dma_left = minlen; s->rregs[ESP_RSTAT] &= ~STAT_TC; esp_do_dma(s); - } else if (s->do_cmd) { + } + if (s->do_cmd) { trace_esp_handle_ti_cmd(s->cmdlen); s->ti_size = 0; s->cmdlen = 0; s->do_cmd = 0; do_cmd(s, s->cmdbuf); - return; } } From 926cde5f3e4d2504ed161ed0cb771ac7cad6fd11 Mon Sep 17 00:00:00 2001 From: Prasad J Pandit Date: Thu, 16 Jun 2016 00:22:35 +0200 Subject: [PATCH 28/29] scsi: esp: make cmdbuf big enough for maximum CDB size While doing DMA read into ESP command buffer 's->cmdbuf', it could write past the 's->cmdbuf' area, if it was transferring more than 16 bytes. Increase the command buffer size to 32, which is maximum when 's->do_cmd' is set, and add a check on 'len' to avoid OOB access. Reported-by: Li Qiang Signed-off-by: Prasad J Pandit Signed-off-by: Paolo Bonzini --- hw/scsi/esp.c | 6 ++++-- include/hw/scsi/esp.h | 3 ++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c index 64680b3809..baa0a2cfdf 100644 --- a/hw/scsi/esp.c +++ b/hw/scsi/esp.c @@ -248,6 +248,8 @@ static void esp_do_dma(ESPState *s) len = s->dma_left; if (s->do_cmd) { trace_esp_do_dma(s->cmdlen, len); + assert (s->cmdlen <= sizeof(s->cmdbuf) && + len <= sizeof(s->cmdbuf) - s->cmdlen); s->dma_memory_read(s->dma_opaque, &s->cmdbuf[s->cmdlen], len); return; } @@ -345,7 +347,7 @@ static void handle_ti(ESPState *s) s->dma_counter = dmalen; if (s->do_cmd) - minlen = (dmalen < 32) ? dmalen : 32; + minlen = (dmalen < ESP_CMDBUF_SZ) ? dmalen : ESP_CMDBUF_SZ; else if (s->ti_size < 0) minlen = (dmalen < -s->ti_size) ? dmalen : -s->ti_size; else @@ -449,7 +451,7 @@ void esp_reg_write(ESPState *s, uint32_t saddr, uint64_t val) break; case ESP_FIFO: if (s->do_cmd) { - if (s->cmdlen < TI_BUFSZ) { + if (s->cmdlen < ESP_CMDBUF_SZ) { s->cmdbuf[s->cmdlen++] = val & 0xff; } else { trace_esp_error_fifo_overrun(); diff --git a/include/hw/scsi/esp.h b/include/hw/scsi/esp.h index 6c795276c9..d2c48869e1 100644 --- a/include/hw/scsi/esp.h +++ b/include/hw/scsi/esp.h @@ -14,6 +14,7 @@ void esp_init(hwaddr espaddr, int it_shift, #define ESP_REGS 16 #define TI_BUFSZ 16 +#define ESP_CMDBUF_SZ 32 typedef struct ESPState ESPState; @@ -31,7 +32,7 @@ struct ESPState { SCSIBus bus; SCSIDevice *current_dev; SCSIRequest *current_req; - uint8_t cmdbuf[TI_BUFSZ]; + uint8_t cmdbuf[ESP_CMDBUF_SZ]; uint32_t cmdlen; uint32_t do_cmd; From 0544edd88a6acea81aefe22fd0cd9a85d1eef093 Mon Sep 17 00:00:00 2001 From: Andrew Jones Date: Fri, 10 Jun 2016 19:40:12 +0200 Subject: [PATCH 29/29] vl: smp_parse: cleanups No functional changes; only some code movement and removal of dead code (impossible conditions). Also, max_cpus can be initialized to 1, like smp_cpus, because it's either set by the user or set to smp_cpus, when smp_cpus is set by the user, or set to 1, when nothing is set. Signed-off-by: Andrew Jones Message-Id: <1465580427-13596-2-git-send-email-drjones@redhat.com> Signed-off-by: Paolo Bonzini --- vl.c | 34 +++++++++++++++------------------- 1 file changed, 15 insertions(+), 19 deletions(-) diff --git a/vl.c b/vl.c index fb18821fb9..0736d8430d 100644 --- a/vl.c +++ b/vl.c @@ -154,7 +154,7 @@ CharDriverState *sclp_hds[MAX_SCLP_CONSOLES]; int win2k_install_hack = 0; int singlestep = 0; int smp_cpus = 1; -int max_cpus = 0; +int max_cpus = 1; int smp_cores = 1; int smp_threads = 1; int acpi_enabled = 1; @@ -1218,7 +1218,6 @@ static QemuOptsList qemu_smp_opts = { static void smp_parse(QemuOpts *opts) { if (opts) { - unsigned cpus = qemu_opt_get_number(opts, "cpus", 0); unsigned sockets = qemu_opt_get_number(opts, "sockets", 0); unsigned cores = qemu_opt_get_number(opts, "cores", 0); @@ -1246,6 +1245,17 @@ static void smp_parse(QemuOpts *opts) } max_cpus = qemu_opt_get_number(opts, "maxcpus", cpus); + + if (max_cpus > MAX_CPUMASK_BITS) { + error_report("unsupported number of maxcpus"); + exit(1); + } + + if (max_cpus < cpus) { + error_report("maxcpus must be equal to or greater than smp"); + exit(1); + } + if (sockets * cores * threads > max_cpus) { error_report("cpu topology: " "sockets (%u) * cores (%u) * threads (%u) > " @@ -1255,25 +1265,11 @@ static void smp_parse(QemuOpts *opts) } smp_cpus = cpus; - smp_cores = cores > 0 ? cores : 1; - smp_threads = threads > 0 ? threads : 1; - + smp_cores = cores; + smp_threads = threads; } - if (max_cpus == 0) { - max_cpus = smp_cpus; - } - - if (max_cpus > MAX_CPUMASK_BITS) { - error_report("unsupported number of maxcpus"); - exit(1); - } - if (max_cpus < smp_cpus) { - error_report("maxcpus must be equal to or greater than smp"); - exit(1); - } - - if (smp_cpus > 1 || smp_cores > 1 || smp_threads > 1) { + if (smp_cpus > 1) { Error *blocker = NULL; error_setg(&blocker, QERR_REPLAY_NOT_SUPPORTED, "smp"); replay_add_blocker(blocker);