After calling dpy_gfx_replace_surface(s->con, surface), the outer
surface is invalid.
==5370== Invalid read of size 4
==5370== at 0x460229: surface_bits_per_pixel (console.h:250)
==5370== by 0x466A81: get_depth_index (vga.c:1173)
==5370== by 0x467EC2: vga_draw_graphic (vga.c:1718)
==5370== by 0x4687A5: vga_update_display (vga.c:1914)
==5370== by 0x2A782E: qxl_hw_update (qxl.c:1766)
==5370== by 0x3EB83B: graphic_hw_update (console.c:254)
==5370== by 0x3FBE31: qemu_spice_display_refresh (spice-display.c:418)
==5370== by 0x2A7D01: display_refresh (qxl.c:1886)
==5370== by 0x3EEE1C: dpy_refresh (console.c:1436)
==5370== by 0x3EB543: gui_update (console.c:192)
==5370== by 0x3C43B3: timerlist_run_timers (qemu-timer.c:488)
==5370== by 0x3C4416: qemu_clock_run_timers (qemu-timer.c:499)
==5370== Address 0x22ffb1e0 is 0 bytes inside a block of size 56 free'd
==5370== at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==5370== by 0x4245FC: free_and_trace (vl.c:2771)
==5370== by 0x50899AE: g_free (gmem.c:252)
==5370== by 0x3EE8D3: qemu_free_displaysurface (console.c:1332)
==5370== by 0x3EEDB7: dpy_gfx_replace_surface (console.c:1427)
==5370== by 0x467EB6: vga_draw_graphic (vga.c:1714)
==5370== by 0x4687A5: vga_update_display (vga.c:1914)
==5370== by 0x2A782E: qxl_hw_update (qxl.c:1766)
==5370== by 0x3EB83B: graphic_hw_update (console.c:254)
==5370== by 0x3FBE31: qemu_spice_display_refresh (spice-display.c:418)
==5370== by 0x2A7D01: display_refresh (qxl.c:1886)
==5370== by 0x3EEE1C: dpy_refresh (console.c:1436)
Signed-off-by: Marc-André Lureau <marcandre.lureau@gmail.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1383664554-15248-1-git-send-email-marcandre.lureau@gmail.com
Signed-off-by: Anthony Liguori <aliguori@amazon.com>
The char-flow refactoring introduced a busy-wait that depended on
an action from the VCPU thread. However, the VCPU thread could
never take that action because the busy-wait starved the VCPU thread
of the BQL because it never dropped the mutex while running select.
Paolo doesn't want to drop this optimization for fear that we will
stop detecting these busy waits. I'm afraid to keep this optimization
even with the busy-wait fixed because I think a similar problem can
occur just with heavy I/O thread load manifesting itself as VCPU pauses.
As a compromise, introduce an artificial timeout after a thousand
iterations but print a rate limited warning when this happens. This
let's us still detect when this condition occurs without it being
a fatal error.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Message-id: 1365169560-11012-1-git-send-email-aliguori@us.ibm.com
Since commit c658b94f6e, MIPS raises
exceptions when accessing invalid memory. This is not the correct
behaviour for MIPS Malta Core LV, as the GT-64120A system controller
just ignore undecoded access. This feature is used by the Linux kernel
to probe for some devices.
Emulate the correct behaviour in QEMU by adding an empty slot covering
the entire memory space decoded by the GT-64120A.
Tested-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
bdrv_flags is set by bdrv_parse_discard_flags(), but later it is reset
to zero.
Signed-off-by: M. Mohan Kumar <mohan@in.ibm.com>
Message-id: 1376483201-13466-1-git-send-email-mohan@in.ibm.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Since commit bd5c51e (qemu-char: don't issue CHR_EVENT_OPEN in a BH), an
infinite recursion occurs when putting the monitor on a pty (-monitor
pty) and connecting a terminal to the slave port.
This is because of the qemu_chr_be_event(s, CHR_EVENT_OPENED) added to
qemu_chr_be_generic_open(). This event is captured by monitor_event()
which prints a welcome message to the character device. The flush of
that welcome message retriggers another open event in pty_chr_state()
because it checks s->connected, but only sets it to 1 after calling
qemu_chr_be_generic_open().
I've fixed this by setting s->connected = 1 before the call to
qemu_chr_be_generic_open() instead of after, so that the recursive
pty_chr_state() doesn't call it again.
An example snippet of repeating backtrace:
...
#107486 0x007aec58 in monitor_flush (mon=0xf418b0) at qemu/monitor.c:288
#107487 0x007aee7c in monitor_puts (mon=0xf418b0, str=0x1176d07 "") at qemu/monitor.c:322
#107488 0x007aef20 in monitor_vprintf (mon=0xf418b0, fmt=0x8d4820 "QEMU %s monitor - type 'help' for more information\n",
ap=0x7f432be0) at qemu/monitor.c:339
#107489 0x007aefac in monitor_printf (mon=0xf418b0, fmt=0x8d4820 "QEMU %s monitor - type 'help' for more information\n")
at qemu/monitor.c:347
#107490 0x007ba4bc in monitor_event (opaque=0xf418b0, event=2) at qemu/monitor.c:4699
#107491 0x00684c28 in qemu_chr_be_event (s=0xf37788, event=2) at qemu/qemu-char.c:108
#107492 0x00684c70 in qemu_chr_be_generic_open (s=0xf37788) at qemu/qemu-char.c:113
#107493 0x006880a4 in pty_chr_state (chr=0xf37788, connected=1) at qemu/qemu-char.c:1145
#107494 0x00687fa4 in pty_chr_update_read_handler (chr=0xf37788) at qemu/qemu-char.c:1121
#107495 0x00687c9c in pty_chr_write (chr=0xf37788, buf=0x70b3c008 <Address 0x70b3c008 out of bounds>, len=538720)
at qemu/qemu-char.c:1063
#107496 0x00684cc4 in qemu_chr_fe_write (s=0xf37788, buf=0x70b3c008 <Address 0x70b3c008 out of bounds>, len=538720)
at qemu/qemu-char.c:118
...
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Tested-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Message-id: 1375960178-10882-1-git-send-email-james.hogan@imgtec.com
Cc: Michael Roth <mdroth@linux.vnet.ibm.com>
Cc: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
espes