Re: [Qemu-devel] [PATCH for-2.12] gdbstub: fix off-by-one in gdb_handle_packet()

[Stefan Hajnoczi]

On Sun, Apr 08, 2018 at 11:59:33AM -0300, Philippe Mathieu-Daudé wrote:
> memtohex() adds an extra trailing NUL character.
> 
> Reported-by: AddressSanitizer
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
> (gdb) dump binary memory /tmp/dram.bin 0x9400 0x9410
> Remote connection closed
> 
> =
> ==22732==ERROR: AddressSanitizer: stack-buffer-overflow on address 
> 0x7ffe43018340 at pc 0x55f2655fde81 bp 0x7ffe43017210 sp 0x7ffe43017208
> WRITE of size 1 at 0x7ffe43018340 thread T0
> #0 0x55f2655fde80 in memtohex /source/qemu/gdbstub.c:520
> #1 0x55f26560254d in gdb_handle_packet /source/qemu/gdbstub.c:1140
> #2 0x55f2656073c3 in gdb_read_byte /source/qemu/gdbstub.c:1703
> #3 0x55f2656076a7 in gdb_chr_receive /source/qemu/gdbstub.c:1909
> #4 0x55f266457656 in qemu_chr_be_write_impl 
> /source/qemu/chardev/char.c:175
> #5 0x55f2664576f9 in qemu_chr_be_write /source/qemu/chardev/char.c:187
> #6 0x55f26646f6f0 in tcp_chr_read /source/qemu/chardev/char-socket.c:470
> #7 0x55f2664bc9e3 in qio_channel_fd_source_dispatch 
> /source/qemu/io/channel-watch.c:84
> #8 0x7f17d01b30f4 in g_main_context_dispatch 
> (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4c0f4)
> #9 0x55f2665c7f10 in glib_pollfds_poll /source/qemu/util/main-loop.c:215
> #10 0x55f2665c8100 in os_host_main_loop_wait 
> /source/qemu/util/main-loop.c:263
> #11 0x55f2665c82d6 in main_loop_wait /source/qemu/util/main-loop.c:522
> #12 0x55f26599e13b in main_loop /source/qemu/vl.c:1943
> #13 0x55f2659b0869 in main /source/qemu/vl.c:4734
> 
> Address 0x7ffe43018340 is located in stack of thread T0 at offset 4192 in 
> frame
> #0 0x55f265601266 in gdb_handle_packet /source/qemu/gdbstub.c:996
> 
>   This frame has 3 object(s):
> [32, 40) 'p'
> [96, 4192) 'buf' <== Memory access at offset 4192 overflows this variable
> [4224, 8320) 'mem_buf'
> SUMMARY: AddressSanitizer: stack-buffer-overflow /source/qemu/gdbstub.c:520 
> in memtohex
> Shadow bytes around the buggy address:
>   0x1000485fb010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>   0x1000485fb020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>   0x1000485fb030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>   0x1000485fb040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>   0x1000485fb050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> =>0x1000485fb060: 00 00 00 00 00 00 00 00[f2]f2 f2 f2 00 00 00 00
>   0x1000485fb070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>   0x1000485fb080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>   0x1000485fb090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>   0x1000485fb0a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>   0x1000485fb0b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> Shadow byte legend (one shadow byte represents 8 application bytes):
>   Addressable:   00
>   Partially addressable: 01 02 03 04 05 06 07
>   Heap left redzone:   fa
>   Freed heap region:   fd
>   Stack left redzone:  f1
>   Stack mid redzone:   f2
>   Stack right redzone: f3
>   Stack after return:  f5
>   Stack use after scope:   f8
>   Global redzone:  f9
>   Global init order:   f6
>   Poisoned by user:f7
>   Container overflow:  fc
>   Array cookie:ac
>   Intra object redzone:bb
>   ASan internal:   fe
>   Left alloca redzone: ca
>   Right alloca redzone:cb
> ==22732==ABORTING
> ---
>  gdbstub.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)

Reviewed-by: Stefan Hajnoczi 


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH for-2.12] tap: set vhostfd passed from qemu cli to non-blocking

[Michael S. Tsirkin]

On Fri, Apr 06, 2018 at 07:03:56AM -0500, Brijesh Singh wrote:
> A guest boot hangs while probing the network interface when
> iommu_platform=on is used.
> 
> The following qemu cli hangs without this patch:
> 
> # $QEMU \
>   -netdev tap,fd=3,id=hostnet0,vhost=on,vhostfd=4 3<>/dev/tap67 
> 4<>/dev/host-net \
>   -device 
> virtio-net-pci,netdev=hostnet0,id=net0,iommu_platform=on,disable-legacy=on \
>   ...
> 
> Commit: c471ad0e9bd46 (vhost_net: device IOTLB support) took care of
> setting vhostfd to non-blocking when QEMU opens /dev/host-net but if
> the fd is passed from qemu cli then we need to ensure that fd is set
> to non-blocking.
> 
> Fixes: c471ad0e9bd46 "vhost_net: device IOTLB support"
> Cc: Michael S. Tsirkin 
> Cc: Jason Wang 
> Signed-off-by: Brijesh Singh 

Reviewed-by: Michael S. Tsirkin 

> ---
>  net/tap.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/net/tap.c b/net/tap.c
> index 2b3a36f9b50d..8c026fbf95cd 100644
> --- a/net/tap.c
> +++ b/net/tap.c
> @@ -693,6 +693,7 @@ static void net_init_tap_one(const NetdevTapOptions *tap, 
> NetClientState *peer,
>  }
>  return;
>  }
> +fcntl(vhostfd, F_SETFL, O_NONBLOCK);
>  } else {
>  vhostfd = open("/dev/vhost-net", O_RDWR);
>  if (vhostfd < 0) {
> -- 
> 2.14.3

[Qemu-devel] [PATCH v4 1/2] Implement .hex file loader

[Su Hang]

This patch adds Intel Hexadecimal Object File format support to
the loader.  The file format specification is available here:
http://www.piclist.com/techref/fileext/hex/intel.htm

The file format is mainly intended for embedded systems
and microcontrollers, such as Arduino, ARM, STM32, etc.

Suggested-by: Stefan Hajnoczi 
Signed-off-by: Su Hang 
---
 hw/arm/boot.c   |   9 +-
 hw/core/loader.c| 280 
 include/hw/loader.h |  17 
 3 files changed, 305 insertions(+), 1 deletion(-)

diff --git a/hw/arm/boot.c b/hw/arm/boot.c
index 9319b12fcd2a..07ce54e5936d 100644
--- a/hw/arm/boot.c
+++ b/hw/arm/boot.c
@@ -1060,8 +1060,15 @@ static void arm_load_kernel_notify(Notifier *notifier, 
void *data)
 kernel_size = load_aarch64_image(info->kernel_filename,
  info->loader_start, , as);
 is_linux = 1;
+} else if (kernel_size < 0 && strstr(info->kernel_filename, ".hex")) {
+/* 32-bit ARM .hex file */
+entry = info->loader_start + KERNEL_LOAD_ADDR;
+kernel_size = load_targphys_hex_as(info->kernel_filename, entry,
+   info->ram_size - KERNEL_LOAD_ADDR,
+   as);
+is_linux = 1;
 } else if (kernel_size < 0) {
-/* 32-bit ARM */
+/* 32-bit ARM binary file */
 entry = info->loader_start + KERNEL_LOAD_ADDR;
 kernel_size = load_image_targphys_as(info->kernel_filename, entry,
  info->ram_size - KERNEL_LOAD_ADDR,
diff --git a/hw/core/loader.c b/hw/core/loader.c
index 06bdbca53709..41d714520be4 100644
--- a/hw/core/loader.c
+++ b/hw/core/loader.c
@@ -1286,3 +1286,283 @@ void hmp_info_roms(Monitor *mon, const QDict *qdict)
 }
 }
 }
+
+typedef enum HexRecord HexRecord;
+enum HexRecord {
+DATA_RECORD = 0,
+EOF_RECORD,
+EXT_SEG_ADDR_RECORD,
+START_SEG_ADDR_RECORD,
+EXT_LINEAR_ADDR_RECORD,
+START_LINEAR_ADDR_RECORD,
+};
+
+typedef union HexLine HexLine;
+union HexLine {
+uint8_t buf[0x25];
+struct __attribute__((packed)) {
+uint8_t byte_count;
+uint16_t address;
+uint8_t record_type;
+uint8_t data[0x25 - 0x5];
+uint8_t checksum;
+};
+};
+
+static uint8_t ctoh(char c)
+{
+return (c & 0x10) ? /*0-9*/ c & 0xf : /*A-F, a-f*/ (c & 0xf) + 9;
+}
+
+static uint8_t validate_checksum(HexLine *record)
+{
+uint8_t result = 0, i = 0;
+
+for (; i < (record->byte_count + 5); ++i) {
+result += record->buf[i];
+}
+
+return result == 0;
+}
+
+/* return pointer of bin_blob or NULL if error */
+static uint8_t *parse_hex_blob(char *filename, size_t *p_size)
+{
+int fd;
+off_t hex_blob_size;
+uint8_t *p_data = NULL;
+uint8_t *hex_blob;
+uint8_t *hex_blob_ori; /* used to free temporary memory */
+uint8_t *bin_buf;
+uint8_t *end;
+uint8_t idx = 0;
+uint8_t in_process = 0;/* avoid re-enter */
+uint8_t low_nibble = 0;/* process two hex char into 8-bits */
+uint8_t ext_linear_record = 0; /* record non-constitutes block */
+uint32_t next_address_to_write = 0;
+uint32_t current_address = 0;
+uint32_t last_address = 0;
+HexLine line = {0};
+
+fd = open(filename, O_RDONLY);
+if (fd < 0) {
+return NULL;
+}
+hex_blob_size = lseek(fd, 0, SEEK_END);
+if (hex_blob_size < 0) {
+close(fd);
+return NULL;
+}
+hex_blob = g_malloc(hex_blob_size);
+hex_blob_ori = hex_blob;
+bin_buf = g_malloc(hex_blob_size * 2);
+lseek(fd, 0, SEEK_SET);
+if (read(fd, hex_blob, hex_blob_size) != hex_blob_size) {
+close(fd);
+goto hex_parser_exit;
+}
+close(fd);
+
+memset(line.buf, 0, sizeof(HexLine));
+end = (uint8_t *)hex_blob + hex_blob_size;
+
+for (; hex_blob != end; ++hex_blob) {
+switch ((uint8_t)(*hex_blob)) {
+case '\r':
+case '\n':
+if (!in_process) {
+break;
+}
+
+in_process = 0;
+if (validate_checksum() == 0) {
+p_data = NULL;
+goto hex_parser_exit;
+}
+
+line.address = bswap16(line.address);
+switch (line.record_type) {
+case DATA_RECORD:
+current_address =
+(next_address_to_write & 0x) | line.address;
+/* verify this is a continous block of memory */
+if (current_address != next_address_to_write ||
+ext_linear_record) {
+if (!ext_linear_record) {
+/* Store next address to write */
+last_address = next_address_to_write;
+next_address_to_write = current_address;
+}

[Qemu-devel] [PATCH v4 2/2] Add QTest testcase for the Intel Hexadecimal Object File Loader.

[Su Hang]

'test.hex' file is a bare metal ARM software stored in Hexadecimal
Object Format. When it's loaded by QEMU, it will print "Hello world!\n"
on console.

`pre_store` array in 'hexloader-test.c' file, stores the binary format
of 'test.hex' file, which is used to verify correctness.

Signed-off-by: Su Hang 
---
 MAINTAINERS  |  6 
 tests/Makefile.include   |  2 ++
 tests/hex-loader-check-data/test.hex | 11 +++
 tests/hexloader-test.c   | 56 
 4 files changed, 75 insertions(+)
 create mode 100644 tests/hex-loader-check-data/test.hex
 create mode 100644 tests/hexloader-test.c

diff --git a/MAINTAINERS b/MAINTAINERS
index 24b70169bc37..3d37d04c3345 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1291,6 +1291,12 @@ F: hw/core/generic-loader.c
 F: include/hw/core/generic-loader.h
 F: docs/generic-loader.txt
 
+Intel Hexadecimal Object File Loader
+M: Su Hang 
+S: Maintained
+F: tests/hexloader-test.c
+F: tests/hex-loader-check-data/test.hex
+
 CHRP NVRAM
 M: Thomas Huth 
 S: Maintained
diff --git a/tests/Makefile.include b/tests/Makefile.include
index 3b9a5e31a2c2..f4a3e71f34ee 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -380,6 +380,7 @@ check-qtest-arm-y += tests/test-arm-mptimer$(EXESUF)
 gcov-files-arm-y += hw/timer/arm_mptimer.c
 check-qtest-arm-y += tests/boot-serial-test$(EXESUF)
 check-qtest-arm-y += tests/sdhci-test$(EXESUF)
+check-qtest-arm-y += tests/hexloader-test$(EXESUF)
 
 check-qtest-aarch64-y = tests/numa-test$(EXESUF)
 check-qtest-aarch64-y += tests/sdhci-test$(EXESUF)
@@ -755,6 +756,7 @@ tests/qmp-test$(EXESUF): tests/qmp-test.o
 tests/device-introspect-test$(EXESUF): tests/device-introspect-test.o
 tests/rtc-test$(EXESUF): tests/rtc-test.o
 tests/m48t59-test$(EXESUF): tests/m48t59-test.o
+tests/hexloader-test$(EXESUF): tests/hexloader-test.o
 tests/endianness-test$(EXESUF): tests/endianness-test.o
 tests/spapr-phb-test$(EXESUF): tests/spapr-phb-test.o $(libqos-obj-y)
 tests/prom-env-test$(EXESUF): tests/prom-env-test.o $(libqos-obj-y)
diff --git a/tests/hex-loader-check-data/test.hex 
b/tests/hex-loader-check-data/test.hex
new file mode 100644
index ..59b96e3e6fa7
--- /dev/null
+++ b/tests/hex-loader-check-data/test.hex
@@ -0,0 +1,11 @@
+:14D09FE516EBFEEA9810010008
+:100014B02DE500B08DE20CD04DE208000BE5F8
+:100026EA08301BE50020D3E52C309FE5F0
+:1000302083E508301BE5013083E208300BE542
+:100048301BE50030D3E553E3F41A4E
+:10005000A0E100D08BE204B09DE41EFF2FE180
+:100060101F1000482DE904B08DE208009FE544
+:10007000E6EBA0E10088BDE8840001007E
+:100080101F1048656C6C6F20776F726C6421D4
+:02009A0064
+:0001FF
diff --git a/tests/hexloader-test.c b/tests/hexloader-test.c
new file mode 100644
index ..70f99ac03c6b
--- /dev/null
+++ b/tests/hexloader-test.c
@@ -0,0 +1,56 @@
+/*
+ * QTest testcase for the Intel Hexadecimal Object File Loader
+ *
+ * Authors:
+ *  Su Hang  2018
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "libqtest.h"
+
+#define BIN_SIZE 146
+
+static unsigned char pre_store[BIN_SIZE] = {
+4,   208, 159, 229, 22,  0,   0,   235, 254, 255, 255, 234, 152, 16,  1,
+0,   4,   176, 45,  229, 0,   176, 141, 226, 12,  208, 77,  226, 8,   0,
+11,  229, 6,   0,   0,   234, 8,   48,  27,  229, 0,   32,  211, 229, 44,
+48,  159, 229, 0,   32,  131, 229, 8,   48,  27,  229, 1,   48,  131, 226,
+8,   48,  11,  229, 8,   48,  27,  229, 0,   48,  211, 229, 0,   0,   83,
+227, 244, 255, 255, 26,  0,   0,   160, 225, 0,   208, 139, 226, 4,   176,
+157, 228, 30,  255, 47,  225, 0,   16,  31,  16,  0,   72,  45,  233, 4,
+176, 141, 226, 8,   0,   159, 229, 230, 255, 255, 235, 0,   0,   160, 225,
+0,   136, 189, 232, 132, 0,   1,   0,   0,   16,  31,  16,  72,  101, 108,
+108, 111, 32,  119, 111, 114, 108, 100, 33,  10,  0};
+
+/* success if no crash or abort */
+static void hex_loader_test(void)
+{
+unsigned int i;
+unsigned char memory_content[BIN_SIZE];
+const unsigned int base_addr = 0x0001;
+
+QTestState *s = qtest_startf(
+"-M versatilepb -m 128M -nographic -kernel 
../tests/hex-loader-check-data/test.hex");
+
+for (i = 0; i < BIN_SIZE; ++i) {
+memory_content[i] = qtest_readb(s, base_addr + i);
+g_assert_cmpuint(memory_content[i], ==, pre_store[i]);
+}
+qtest_quit(s);
+}
+
+int main(int argc, char **argv)
+{
+int ret;
+
+g_test_init(, , NULL);
+
+qtest_add_func("/tmp/hex_loader", hex_loader_test);
+ret = g_test_run();
+
+return ret;
+}
-- 
2.7.4

[Qemu-devel] [PATCH v4 0/2] Implement Hex file loader and add test case

[Su Hang]

These series of patchs implement Intel Hexadecimal File loader and
add QTest testcase to verify the correctness of Loader.

v1: Basic version.
v2: Replace `do{}while(cond);` block with `for(;;)` block.
v3: Add two new files information in MAINTAINERS.
v4: Correct the 'test.hex' path in hexloader-test.c.

Su Hang (2):
  Implement .hex file loader
  Add QTest testcase for the Intel Hexadecimal Object File Loader.

 MAINTAINERS  |   6 +
 hw/arm/boot.c|   9 +-
 hw/core/loader.c | 280 +++
 include/hw/loader.h  |  17 +++
 tests/Makefile.include   |   2 +
 tests/hex-loader-check-data/test.hex |  11 ++
 tests/hexloader-test.c   |  56 +++
 7 files changed, 380 insertions(+), 1 deletion(-)
 create mode 100644 tests/hex-loader-check-data/test.hex
 create mode 100644 tests/hexloader-test.c

-- 
2.7.4

Re: [Qemu-devel] [RFC] qemu: Add virtio pmem device

[Stefan Hajnoczi]

On Thu, Apr 05, 2018 at 08:09:26AM -0400, Pankaj Gupta wrote:
> > Will this raw file already have the "disk information header" (no idea
> > how that stuff is called) encoded? Are there any plans/possible ways to
> > 
> > a) automatically create the headers? (if that's even possible)
> 
> Its raw. Right now we are just supporting raw format.  
> 
> As this is direct mapping of memory into guest address space, I don't
> think we can have an abstraction of headers for block specific features.
> Or may be we can get opinion of others(Qemu block people) it is at all 
> possible?

memdev and the block layer are completely separate.  The block layer
isn't designed for memory-mapped access.

I think it makes sense to use memdev here.  If the user wants a block
device, they should use an emulated block device, not virtio-pmem,
because buffering is necessary anyway when an image file format is used.

Stefan


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH v5 0/9] i386: Enable TOPOEXT to support hyperthreading on AMD CPU

[Moger, Babu]

Ping...
Checking to see if there are any further comments on these patch series.
Thanks

> -Original Message-
> From: Moger, Babu
> Sent: Tuesday, March 27, 2018 4:31 PM
> To: m...@redhat.com; mar...@redhat.com; pbonz...@redhat.com;
> r...@twiddle.net; ehabk...@redhat.com; mtosa...@redhat.com
> Cc: qemu-devel@nongnu.org; k...@vger.kernel.org; k...@tripleback.net;
> Moger, Babu 
> Subject: [PATCH v5 0/9] i386: Enable TOPOEXT to support hyperthreading on
> AMD CPU
> 
> This series enables the TOPOEXT feature for AMD CPUs. This is required to
> support hyperthreading on kvm guests.
> 
> This addresses the issues reported in these bugs:
> https://bugzilla.redhat.com/show_bug.cgi?id=1481253
> https://bugs.launchpad.net/qemu/+bug/1703506
> 
> 
> v5:
> In this series I tried to address the feedback from Eduardo Habkost.
> The discussion thread is here.
> https://patchwork.kernel.org/patch/10299745/
> The previous thread is here.
> http://patchwork.ozlabs.org/cover/884885/
> 
> Reason for these changes
> The cache properties for AMD family of processors have changed from
> previous releases. We don't want to display the new information on the
> old family of processors as this might cause compatibility issues.
> 
> Changes:
>  1. Based the patches on top of Eduardo's(patch#1) patch.
> Changed few things.
> Moved the Cache definitions to cpu.h file.
> Changed the CPUID_4 names to generic names.
> 2. Added a new propery "legacy-cache" in cpu object(patch#2). This can be
>used to display the old property even if the host supports the new cache
>properties.
> 3. Added cache information in X86CPUDefinition and CPUX86State
> 4. Patch 6-7 changed quite a bit from previous version does to new approach.
> 5. Addressed few issues with CPUID_8000_001d and CPUID_8000_001E.
> 
> 
> v4:
> 1.Removed the checks under cpuid 0x801D leaf(patch #2). These check
> are
>   not necessary. Found this during internal review.
> 2.Added CPUID_EXT3_TOPOEXT feature for all the 17 family(patch #4). This
> was
>   found by Kash Pande during his testing.
> 3.Removed th hardcoded cpuid xlevel and dynamically extended if
> CPUID_EXT3_TOPOEXT
>   is supported(Suggested by Brijesh Singh).
> 
> v3:
> 1.Removed the patch #1. Radim mentioned that original typo problem is in
>   linux kernel header. qemu is just copying those files.
> 2.In previous version, I used the cpuid 4 definitions for AMDs cpuid leaf
>   0x801D. CPUID 4 is very intel specific and we dont want to expose those
>   details under AMD. I have renamed some of these definitions as generic.
>   These changes are in patch#1. Radim, let me know if this is what you
> intended.
> 3.Added assert to for core_id(Suggested by Radim Krčmář).
> 4.Changed the if condition under "L3 cache info"(Suggested by Gary Hook).
> 5.Addressed few more text correction and code cleanup(Suggested by
> Thomas Lendacky).
> 
> v2:
>   Fixed few more minor issues per Gary Hook's comments. Thank you Gary.
>   Removed the patch#1. We need to handle the instruction cache
> associativity
>   seperately. It varies based on the cpu family. I will comeback to that 
> later.
>   Added two more typo corrections in patch#1 and patch#5.
> 
> v1:
>   Stanislav Lanci posted few patches earlier.
>   https://patchwork.kernel.org/patch/10040903/
> 
> Rebased his patches with few changes.
> 1.Spit the patches into two, separating cpuid functions
>   0x801D and 0x801E (Patch 2 and 3).
> 2.Removed the generic non-intel check and made a separate patch
>   with some changes(Patch 5).
> 3.Fixed L3_N_SETS_AMD(from 4096 to 8192) based on
> CPUID_Fn801D_ECX_x03.
> 
> Added 2 more patches.
> Patch 1. Fixes cache associativity.
> Patch 4. Adds TOPOEXT feature on AMD EPYC CPU.
> 
> 
> Babu Moger (8):
>   i386: Add cache information in X86CPUDefinition
>   i386: Initialize cache information for EPYC family processors
>   i386: Add new property to control cache info
>   i386: Use the statically loaded cache definitions
>   i386: Populate AMD Processor Cache Information for cpuid 0x801D
>   i386: Add support for CPUID_8000_001E for AMD
>   i386: Enable TOPOEXT feature on AMD EPYC CPU
>   i386: Remove generic SMT thread check
> 
> Eduardo Habkost (1):
>   i386: Helpers to encode cache information consistently
> 
>  include/hw/i386/pc.h |   6 +-
>  target/i386/cpu.c| 735
> ++-
>  target/i386/cpu.h|  66 +
>  target/i386/kvm.c|  29 +-
>  4 files changed, 702 insertions(+), 134 deletions(-)
> 
> --
> 1.8.3.1

Re: [Qemu-devel] [PATCH for-2.12 v2] qemu-iotests: update 185 output

[QingFeng Hao]

在 2018/4/4 23:01, Stefan Hajnoczi 写道:
> Commit 4486e89c219c0d1b9bd8dfa0b1dd5b0d51ff2268 ("vl: introduce
> vm_shutdown()") added a bdrv_drain_all() call.  As a side-effect of the
> drain operation the block job iterates one more time than before.  The
> 185 output no longer matches and the test is failing now.
> 
> It may be possible to avoid the superfluous block job iteration, but
> that type of patch is not suitable late in the QEMU 2.12 release cycle.
> 
> This patch simply updates the 185 output file.  The new behavior is
> correct, just not optimal, so make the test pass again.
> 
> Fixes: 4486e89c219c0d1b9bd8dfa0b1dd5b0d51ff2268 ("vl: introduce 
> vm_shutdown()")
> Cc: Kevin Wolf 
> Cc: QingFeng Hao 
> Signed-off-by: Stefan Hajnoczi 
> ---
>  tests/qemu-iotests/185 | 10 ++
>  tests/qemu-iotests/185.out | 12 +++-
>  2 files changed, 13 insertions(+), 9 deletions(-)
> 
> diff --git a/tests/qemu-iotests/185 b/tests/qemu-iotests/185
> index f5b47e4c1a..298d88d04e 100755
> --- a/tests/qemu-iotests/185
> +++ b/tests/qemu-iotests/185
> @@ -92,9 +92,8 @@ echo === Start commit job and exit qemu ===
>  echo
> 
>  # Note that the reference output intentionally includes the 'offset' field in
> -# BLOCK_JOB_CANCELLED events for all of the following block jobs. They are
> -# predictable and any change in the offsets would hint at a bug in the job
> -# throttling code.
> +# BLOCK_JOB_* events for all of the following block jobs. They are 
> predictable
> +# and any change in the offsets would hint at a bug in the job throttling 
> code.
>  #
>  # In order to achieve these predictable offsets, all of the following tests
>  # use speed=65536. Each job will perform exactly one iteration before it has
> @@ -102,11 +101,14 @@ echo
>  # command to be received (after receiving the command, the rest runs
>  # synchronously, so jobs can arbitrarily continue or complete).
>  #
> +# Jobs present while QEMU is terminating iterate once more due to
> +# bdrv_drain_all().
> +#
>  # The buffer size for commit and streaming is 512k (waiting for 8 seconds 
> after
>  # the first request), for active commit and mirror it's large enough to cover
>  # the full 4M, and for backup it's the qcow2 cluster size, which we know is
>  # 64k. As all of these are at least as large as the speed, we are sure that 
> the
> -# offset doesn't advance after the first iteration before qemu exits.
> +# offset advances exactly twice before qemu exits.
> 
>  _send_qemu_cmd $h \
>  "{ 'execute': 'block-commit',
Reviewed-by: QingFeng Hao 

> diff --git a/tests/qemu-iotests/185.out b/tests/qemu-iotests/185.out
> index 57eaf8d699..2c4b04de73 100644

[...]
> 

-- 
Regards
QingFeng Hao

Re: [Qemu-devel] [PATCH v2] scsi-disk: Don't enlarge min_io_size to max_io_size

[David Gibson]

On Thu, 5 Apr 2018 17:54:00 +0200
Paolo Bonzini  wrote:

> On 27/03/2018 18:41, Fam Zheng wrote:
> > Some backends report big max_io_sectors. Making min_io_size the same
> > value in this case will make it impossible for guest to align memory,
> > therefore the disk may not be usable at all.
> > 
> > Do not enlarge them when they are zero.
> > 
> > Reported-by: David Gibson 
> > Signed-off-by: Fam Zheng 
[snip]
> Queued, thanks.
> 
> Paolo

Any ETA on going from queued to actually merged?  This is holding up a
handful of Power bugfixes for 2.12, because I can't complete my usual
testing cycle.

-- 
David Gibson 
Principal Software Engineer, Virtualization, Red Hat


pgpjZqYe96umG.pgp
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 0/5] Enable postcopy RDMA live migration

[858585 jemmy]

ping.

On Sat, Apr 7, 2018 at 4:26 PM, Lidong Chen  wrote:
> Current Qemu RDMA communication does not support send and receive
> data at the same time, so when RDMA live migration with postcopy
> enabled, the source qemu return path thread get qemu file error.
>
> Those patch add the postcopy support for RDMA live migration.
>
> Lidong Chen (5):
>   migration: create a dedicated connection for rdma return path
>   migration: add the interface to set get_return_path
>   migration: implement the get_return_path for RDMA iochannel
>   migration: fix qemu carsh when RDMA live migration
>   migration: disable RDMA WRITR after postcopy started.
>
>  migration/qemu-file-channel.c |  12 ++--
>  migration/qemu-file.c |  13 +++-
>  migration/qemu-file.h |   2 +-
>  migration/rdma.c  | 148 
> --
>  4 files changed, 163 insertions(+), 12 deletions(-)
>
> --
> 1.8.3.1
>

Re: [Qemu-devel] [PATCH v8 10/23] RISC-V Linux User Emulation

[Michael Clark]

On Thu, Apr 5, 2018 at 12:44 AM, Laurent Vivier  wrote:

> Le 02/03/2018 à 14:51, Michael Clark a écrit :
> > Implementation of linux user emulation for RISC-V.
> >
> > Reviewed-by: Richard Henderson 
> > Signed-off-by: Sagar Karandikar 
> > Signed-off-by: Michael Clark 
> > ---
> >  linux-user/elfload.c  |  22 +++
> >  linux-user/main.c |  99 +
> >  linux-user/riscv/syscall_nr.h | 287 ++
> 
> >  linux-user/riscv/target_cpu.h |  18 +++
> >  linux-user/riscv/target_elf.h |  14 ++
> >  linux-user/riscv/target_signal.h  |  23 +++
> >  linux-user/riscv/target_structs.h |  46 ++
> >  linux-user/riscv/target_syscall.h |  56 
> >  linux-user/riscv/termbits.h   | 222 +
> >  linux-user/signal.c   | 203 ++-
> >  linux-user/syscall.c  |   2 +
> >  linux-user/syscall_defs.h |  13 +-
> >  target/riscv/cpu_user.h   |  13 ++
> >  13 files changed, 1012 insertions(+), 6 deletions(-)
> >  create mode 100644 linux-user/riscv/syscall_nr.h
> >  create mode 100644 linux-user/riscv/target_cpu.h
> >  create mode 100644 linux-user/riscv/target_elf.h
> >  create mode 100644 linux-user/riscv/target_signal.h
> >  create mode 100644 linux-user/riscv/target_structs.h
> >  create mode 100644 linux-user/riscv/target_syscall.h
> >  create mode 100644 linux-user/riscv/termbits.h
> >  create mode 100644 target/riscv/cpu_user.h
> >
> ...
> > diff --git a/linux-user/signal.c b/linux-user/signal.c
> > index 9a380b9..4d3f244 100644
> > --- a/linux-user/signal.c
> > +++ b/linux-user/signal.c
> ...
> > +static abi_ulong get_sigframe(struct target_sigaction *ka,
> > +  CPURISCVState *regs, size_t framesize)
> > +{
> > +abi_ulong sp = regs->gpr[xSP];
> > +int onsigstack = on_sig_stack(sp);
> > +
> > +/* redzone */
> > +/* This is the X/Open sanctioned signal stack switching.  */
> > +if ((ka->sa_flags & TARGET_SA_ONSTACK) != 0 && !onsigstack) {
> > +sp = target_sigaltstack_used.ss_sp + target_sigaltstack_used.ss_
> size;
> > +}
> > +
> > +sp -= framesize;
> > +sp &= ~3UL; /* align sp on 4-byte boundary */
>
> kernel aligns using 0xf. Why do you use a different alignment?


Thanks for reviewing this! This looks like a bug!

I'm raising this as an issue on the riscv-qemu tracker so that its easier
than searching through the mail archive:

- https://github.com/riscv/riscv-qemu/issues/129

> +
> > +/* If we are on the alternate signal stack and would overflow it,
> don't.
> > +   Return an always-bogus address instead so we will die with
> SIGSEGV. */
> > +if (onsigstack && !likely(on_sig_stack(sp))) {
> > +return -1L;
> > +}
> > +
> > +return sp;
> > +}
> Other question why don't you use the same logic as in kernel?
>
> 1- check for signal stack overflow
> 2- check for X/Open sanctioned signal stack switching
>
> static inline void __user *get_sigframe(struct ksignal *ksig,
> struct pt_regs *regs, size_t framesize)
> {
> unsigned long sp;
> /* Default to using normal stack */
> sp = regs->sp;
>
> /*
>  * If we are on the alternate signal stack and would overflow
> it, don't.
>  * Return an always-bogus address instead so we will die with
> SIGSEGV.
>  */
> if (on_sig_stack(sp) && !likely(on_sig_stack(sp - framesize)))
> return (void __user __force *)(-1UL);
>
> /* This is the X/Open sanctioned signal stack switching. */
> sp = sigsp(sp, ksig) - framesize;
>
> /* Align the stack frame. */
> sp &= ~0xfUL;
>
> return (void __user *)sp;
> }
>
> Thanks,
> Laurent
>

Re: [Qemu-devel] [NOTFORMERGE PATCH v2 2/4] memory: Fix access_with_adjusted_size() when size < access_size_min

[Philippe Mathieu-Daudé]

On 04/04/2018 10:22 PM, Philippe Mathieu-Daudé wrote:
> ASan reported:
> 
> shift exponent 4294967280 is too large for 64-bit type 'long unsigned int'
> ...
> runtime error: shift exponent -16 is negative
> 
> This can occurs when MemoryRegionOps .valid.min_access_size < 
> .impl.min_access_size,
> for example if a guest uses a 16-bit operand to access a 32-bit register.
> 
> The current code is limited to right shifting.
> Use a signed shift, to allow shifting left when the value is negative.
> 
> Reported-by: AddressSanitizer
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  memory.c | 74 
> +---
>  1 file changed, 52 insertions(+), 22 deletions(-)
> 
> diff --git a/memory.c b/memory.c
> index 51d27b7b26..e77f9e4036 100644
> --- a/memory.c
> +++ b/memory.c
> @@ -404,7 +404,7 @@ static MemTxResult 
> memory_region_oldmmio_read_accessor(MemoryRegion *mr,
> hwaddr addr,
> uint64_t *value,
> unsigned size,
> -   unsigned shift,
> +   signed shift,
> uint64_t mask,
> MemTxAttrs attrs)
>  {
> @@ -422,7 +422,11 @@ static MemTxResult 
> memory_region_oldmmio_read_accessor(MemoryRegion *mr,
>  hwaddr abs_addr = memory_region_to_absolute_addr(mr, addr);
>  trace_memory_region_ops_read(get_cpu_index(), mr, abs_addr, tmp, 
> size);
>  }
> -*value |= (tmp & mask) << shift;
> +if (likely(shift >= 0)) {
> +*value |= (tmp & mask) << shift;
> +} else {
> +*value |= (tmp >> -shift) & mask;
> +}
>  return MEMTX_OK;
>  }
>  
> @@ -430,7 +434,7 @@ static MemTxResult  
> memory_region_read_accessor(MemoryRegion *mr,
>  hwaddr addr,
>  uint64_t *value,
>  unsigned size,
> -unsigned shift,
> +signed shift,
>  uint64_t mask,
>  MemTxAttrs attrs)
>  {
> @@ -448,7 +452,11 @@ static MemTxResult  
> memory_region_read_accessor(MemoryRegion *mr,
>  hwaddr abs_addr = memory_region_to_absolute_addr(mr, addr);
>  trace_memory_region_ops_read(get_cpu_index(), mr, abs_addr, tmp, 
> size);
>  }
> -*value |= (tmp & mask) << shift;
> +if (likely(shift >= 0)) {
> +*value |= (tmp & mask) << shift;
> +} else {
> +*value |= (tmp >> -shift) & mask;
> +}
>  return MEMTX_OK;
>  }
>  
> @@ -456,7 +464,7 @@ static MemTxResult 
> memory_region_read_with_attrs_accessor(MemoryRegion *mr,
>hwaddr addr,
>uint64_t *value,
>unsigned size,
> -  unsigned shift,
> +  signed shift,
>uint64_t mask,
>MemTxAttrs attrs)
>  {
> @@ -475,7 +483,11 @@ static MemTxResult 
> memory_region_read_with_attrs_accessor(MemoryRegion *mr,
>  hwaddr abs_addr = memory_region_to_absolute_addr(mr, addr);
>  trace_memory_region_ops_read(get_cpu_index(), mr, abs_addr, tmp, 
> size);
>  }
> -*value |= (tmp & mask) << shift;
> +if (likely(shift >= 0)) {
> +*value |= (tmp & mask) << shift;
> +} else {
> +*value |= (tmp >> -shift) & mask;
> +}
>  return r;
>  }
>  
> @@ -483,13 +495,17 @@ static MemTxResult 
> memory_region_oldmmio_write_accessor(MemoryRegion *mr,
>  hwaddr addr,
>  uint64_t *value,
>  unsigned size,
> -unsigned shift,
> +signed shift,
>  uint64_t mask,
>  MemTxAttrs attrs)
>  {
>  uint64_t tmp;
>  
> -tmp = (*value >> shift) & mask;
> +if (likely(shift >= 0)) {
> +tmp = (*value >> shift) & mask;
> +} else {
> +tmp = (*value & mask) << -shift;
> +}
>  if (mr->subpage) {
>  

[Qemu-devel] [PATCH for-2.12] gdbstub: fix off-by-one in gdb_handle_packet()

[Philippe Mathieu-Daudé]

memtohex() adds an extra trailing NUL character.

Reported-by: AddressSanitizer
Signed-off-by: Philippe Mathieu-Daudé 
---
(gdb) dump binary memory /tmp/dram.bin 0x9400 0x9410
Remote connection closed

=
==22732==ERROR: AddressSanitizer: stack-buffer-overflow on address 
0x7ffe43018340 at pc 0x55f2655fde81 bp 0x7ffe43017210 sp 0x7ffe43017208
WRITE of size 1 at 0x7ffe43018340 thread T0
#0 0x55f2655fde80 in memtohex /source/qemu/gdbstub.c:520
#1 0x55f26560254d in gdb_handle_packet /source/qemu/gdbstub.c:1140
#2 0x55f2656073c3 in gdb_read_byte /source/qemu/gdbstub.c:1703
#3 0x55f2656076a7 in gdb_chr_receive /source/qemu/gdbstub.c:1909
#4 0x55f266457656 in qemu_chr_be_write_impl /source/qemu/chardev/char.c:175
#5 0x55f2664576f9 in qemu_chr_be_write /source/qemu/chardev/char.c:187
#6 0x55f26646f6f0 in tcp_chr_read /source/qemu/chardev/char-socket.c:470
#7 0x55f2664bc9e3 in qio_channel_fd_source_dispatch 
/source/qemu/io/channel-watch.c:84
#8 0x7f17d01b30f4 in g_main_context_dispatch 
(/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4c0f4)
#9 0x55f2665c7f10 in glib_pollfds_poll /source/qemu/util/main-loop.c:215
#10 0x55f2665c8100 in os_host_main_loop_wait 
/source/qemu/util/main-loop.c:263
#11 0x55f2665c82d6 in main_loop_wait /source/qemu/util/main-loop.c:522
#12 0x55f26599e13b in main_loop /source/qemu/vl.c:1943
#13 0x55f2659b0869 in main /source/qemu/vl.c:4734

Address 0x7ffe43018340 is located in stack of thread T0 at offset 4192 in frame
#0 0x55f265601266 in gdb_handle_packet /source/qemu/gdbstub.c:996

  This frame has 3 object(s):
[32, 40) 'p'
[96, 4192) 'buf' <== Memory access at offset 4192 overflows this variable
[4224, 8320) 'mem_buf'
SUMMARY: AddressSanitizer: stack-buffer-overflow /source/qemu/gdbstub.c:520 in 
memtohex
Shadow bytes around the buggy address:
  0x1000485fb010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000485fb020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000485fb030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000485fb040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000485fb050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x1000485fb060: 00 00 00 00 00 00 00 00[f2]f2 f2 f2 00 00 00 00
  0x1000485fb070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000485fb080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000485fb090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000485fb0a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000485fb0b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:   00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:   fa
  Freed heap region:   fd
  Stack left redzone:  f1
  Stack mid redzone:   f2
  Stack right redzone: f3
  Stack after return:  f5
  Stack use after scope:   f8
  Global redzone:  f9
  Global init order:   f6
  Poisoned by user:f7
  Container overflow:  fc
  Array cookie:ac
  Intra object redzone:bb
  ASan internal:   fe
  Left alloca redzone: ca
  Right alloca redzone:cb
==22732==ABORTING
---
 gdbstub.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/gdbstub.c b/gdbstub.c
index a76b2fa481..18a8d8a710 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -507,6 +507,7 @@ static inline int tohex(int v)
 return v - 10 + 'a';
 }
 
+/* writes 2*len+1 bytes in buf */
 static void memtohex(char *buf, const uint8_t *mem, int len)
 {
 int i, c;
@@ -999,8 +1000,9 @@ static int gdb_handle_packet(GDBState *s, const char 
*line_buf)
 const char *p;
 uint32_t thread;
 int ch, reg_size, type, res;
-char buf[MAX_PACKET_LENGTH];
 uint8_t mem_buf[MAX_PACKET_LENGTH];
+char buf[sizeof(mem_buf) + 1 /* trailing NUL */];
 uint8_t *registers;
 target_ulong addr, len;
 
-- 
2.17.0

[Qemu-devel] [Bug 1762179] Re: Record and replay replay fails with: "ERROR:replay/replay-time.c:49:replay_read_clock: assertion failed"

[Ciro Santilli 六四事件 法轮功]

** Description changed:

  QEMU master at 08e173f29461396575c85510eb41474b993cb1fb Ubuntu 17.10
  host.
  
  QEMU commands:
  
  ```
  #!/usr/bin/env bash
  cmd="\
  time \
  ./x86_64-softmmu/qemu-system-x86_64 \
- -M pc \
  -append 'root=/dev/sda console=ttyS0 nokaslr printk.time=y - 
lkmc_eval=\"/rand_check.out;/sbin/ifup -a;wget -S google.com;/poweroff.out;\"' \
  -kernel 'out/x86_64/buildroot/images/bzImage' \
  -nographic \
  \
  -drive 
file=out/x86_64/buildroot/images/rootfs.ext2.qcow2,if=none,id=img-direct,format=qcow2
 \
  -drive driver=blkreplay,if=none,image=img-direct,id=img-blkreplay \
  -device ide-hd,drive=img-blkreplay \
  \
  -netdev user,id=net1 \
  -device rtl8139,netdev=net1 \
  -object filter-replay,id=replay,netdev=net1 \
  "
  echo "$cmd"
  eval "$cmd -icount 'shift=7,rr=record,rrfile=replay.bin'"
  eval "$cmd -icount 'shift=7,rr=replay,rrfile=replay.bin'"
  ```
  
  Images uploaded to: https://github.com/cirosantilli/linux-kernel-module-
  cheat/releases/download/test-replay-arm/images4.zip
  
  Images generated with: https://github.com/cirosantilli/linux-kernel-
  module-cheat/tree/9513c162ef57e6cb70006dfe870856f94ee9a133
  
  The replay failed straight out with:
  
  ```
  ERROR:replay/replay-time.c:49:replay_read_clock: assertion failed: 
(replay_file && replay_mutex_locked())
  ```
  
  QEMU configure:
  
  ```
  ./configure --enable-debug --enable-trace-backends=simple 
--target-list="x86_64-softmmu"
  ```

** Description changed:

  QEMU master at 08e173f29461396575c85510eb41474b993cb1fb Ubuntu 17.10
  host.
  
  QEMU commands:
  
  ```
  #!/usr/bin/env bash
  cmd="\
  time \
  ./x86_64-softmmu/qemu-system-x86_64 \
  -append 'root=/dev/sda console=ttyS0 nokaslr printk.time=y - 
lkmc_eval=\"/rand_check.out;/sbin/ifup -a;wget -S google.com;/poweroff.out;\"' \
  -kernel 'out/x86_64/buildroot/images/bzImage' \
  -nographic \
  \
  -drive 
file=out/x86_64/buildroot/images/rootfs.ext2.qcow2,if=none,id=img-direct,format=qcow2
 \
  -drive driver=blkreplay,if=none,image=img-direct,id=img-blkreplay \
  -device ide-hd,drive=img-blkreplay \
  \
  -netdev user,id=net1 \
  -device rtl8139,netdev=net1 \
  -object filter-replay,id=replay,netdev=net1 \
  "
  echo "$cmd"
  eval "$cmd -icount 'shift=7,rr=record,rrfile=replay.bin'"
  eval "$cmd -icount 'shift=7,rr=replay,rrfile=replay.bin'"
  ```
  
+ This tries to stay as close as possible to the documented commands:
+ 
https://github.com/qemu/qemu/blob/08e173f29461396575c85510eb41474b993cb1fb/docs/replay.txt#L28
+ 
  Images uploaded to: https://github.com/cirosantilli/linux-kernel-module-
  cheat/releases/download/test-replay-arm/images4.zip
  
  Images generated with: https://github.com/cirosantilli/linux-kernel-
  module-cheat/tree/9513c162ef57e6cb70006dfe870856f94ee9a133
  
  The replay failed straight out with:
  
  ```
  ERROR:replay/replay-time.c:49:replay_read_clock: assertion failed: 
(replay_file && replay_mutex_locked())
  ```
  
  QEMU configure:
  
  ```
  ./configure --enable-debug --enable-trace-backends=simple 
--target-list="x86_64-softmmu"
  ```

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1762179

Title:
  Record and replay replay fails with: "ERROR:replay/replay-
  time.c:49:replay_read_clock: assertion failed"

Status in QEMU:
  New

Bug description:
  QEMU master at 08e173f29461396575c85510eb41474b993cb1fb Ubuntu 17.10
  host.

  QEMU commands:

  ```
  #!/usr/bin/env bash
  cmd="\
  time \
  ./x86_64-softmmu/qemu-system-x86_64 \
  -append 'root=/dev/sda console=ttyS0 nokaslr printk.time=y - 
lkmc_eval=\"/rand_check.out;/sbin/ifup -a;wget -S google.com;/poweroff.out;\"' \
  -kernel 'out/x86_64/buildroot/images/bzImage' \
  -nographic \
  \
  -drive 
file=out/x86_64/buildroot/images/rootfs.ext2.qcow2,if=none,id=img-direct,format=qcow2
 \
  -drive driver=blkreplay,if=none,image=img-direct,id=img-blkreplay \
  -device ide-hd,drive=img-blkreplay \
  \
  -netdev user,id=net1 \
  -device rtl8139,netdev=net1 \
  -object filter-replay,id=replay,netdev=net1 \
  "
  echo "$cmd"
  eval "$cmd -icount 'shift=7,rr=record,rrfile=replay.bin'"
  eval "$cmd -icount 'shift=7,rr=replay,rrfile=replay.bin'"
  ```

  This tries to stay as close as possible to the documented commands:
  
https://github.com/qemu/qemu/blob/08e173f29461396575c85510eb41474b993cb1fb/docs/replay.txt#L28

  Images uploaded to: https://github.com/cirosantilli/linux-kernel-
  module-cheat/releases/download/test-replay-arm/images4.zip

  Images generated with: https://github.com/cirosantilli/linux-kernel-
  module-cheat/tree/9513c162ef57e6cb70006dfe870856f94ee9a133

  The replay failed straight out with:

  ```
  ERROR:replay/replay-time.c:49:replay_read_clock: assertion failed: 
(replay_file && replay_mutex_locked())
  ```

  QEMU configure:

  ```
  ./configure --enable-debug --enable-trace-backends=simple 
--target-list="x86_64-softmmu"
  ```

To manage notifications 

[Qemu-devel] [Bug 1762179] Re: Record and replay replay fails with: "ERROR:replay/replay-time.c:49:replay_read_clock: assertion failed"

[Ciro Santilli 六四事件 法轮功]

** Description changed:

  QEMU master at 08e173f29461396575c85510eb41474b993cb1fb Ubuntu 17.10
  host.
  
  QEMU commands:
  
  ```
  #!/usr/bin/env bash
  cmd="\
  time \
- ./out/x86_64/buildroot/host/usr/bin/qemu-system-x86_64 \
+ ./x86_64-softmmu/qemu-system-x86_64 \
  -M pc \
  -append 'root=/dev/sda console=ttyS0 nokaslr printk.time=y - 
lkmc_eval=\"/rand_check.out;/sbin/ifup -a;wget -S google.com;/poweroff.out;\"' \
  -kernel 'out/x86_64/buildroot/images/bzImage' \
  -nographic \
  \
  -drive 
file=out/x86_64/buildroot/images/rootfs.ext2.qcow2,if=none,id=img-direct,format=qcow2
 \
  -drive driver=blkreplay,if=none,image=img-direct,id=img-blkreplay \
  -device ide-hd,drive=img-blkreplay \
  \
  -netdev user,id=net1 \
  -device rtl8139,netdev=net1 \
  -object filter-replay,id=replay,netdev=net1 \
  "
  echo "$cmd"
  eval "$cmd -icount 'shift=7,rr=record,rrfile=replay.bin'"
  eval "$cmd -icount 'shift=7,rr=replay,rrfile=replay.bin'"
  ```
  
  Images uploaded to: https://github.com/cirosantilli/linux-kernel-module-
  cheat/releases/download/test-replay-arm/images4.zip
  
  The replay failed straight out with:
  
  ```
  ERROR:replay/replay-time.c:49:replay_read_clock: assertion failed: 
(replay_file && replay_mutex_locked())
  ```
  
  Images generated with: https://github.com/cirosantilli/linux-kernel-
  module-cheat/tree/9513c162ef57e6cb70006dfe870856f94ee9a133
  
  QEMU configure:
  
  ```
- cd 
/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/build/host-qemu-custom;
 
PATH="/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/host/bin:/home/ciro/bak/git/linux-kernel-modul
- 
e-cheat/out/x86_64/buildroot/host/sbin:./node_modules/.bin:/usr/local/heroku/bin:/home/ciro/android-sdk/platform-tools:/home/ciro/android-sdk/tools:/home/ciro/android-studio//bin:/home/ciro/android-sdk/ndk-bundl
- 
e:/home/ciro/android-sdk/ndk-bundle/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/bin:/home/ciro/bak/git/devbin:/home/ciro/bin:/usr/local/texlive/2013/bin/x86_64-linux:/home/ciro/.rvm/gems/ruby-2.4.
- 
1/bin:/home/ciro/.rvm/gems/ruby-2.4.1@global/bin:/home/ciro/.rvm/rubies/ruby-2.4.1/bin:./node_modules/.bin:/usr/local/heroku/bin:/home/ciro/android-sdk/platform-tools:/home/ciro/android-sdk/tools:/home/ciro/andr
- 
oid-studio//bin:/home/ciro/android-sdk/ndk-bundle:/home/ciro/android-sdk/ndk-bundle/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/bin:/home/ciro/bak/git/devbin:/home/ciro/bin:/usr/local/texlive/2013
- 
/bin/x86_64-linux:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/bin:/snap/bin:/home/ciro/bak/git/latex:/home/ciro/.rvm/bin:/home/ciro/anaconda2/bin:/home/ciro/.cab
- 
al/bin:/bin:/home/ciro/.go/bin:/home/ciro/.local/bin/:/home/ciro/bak/git/runlinux:/usr/bin:/home/ciro/bak/git/latex:/home/ciro/.rvm/bin:/home/ciro/anaconda2/bin:/home/ciro/.cabal/bin:/bin:/home/ciro/.go/bin:/home/ciro/.local/bin/:/home/ciro/bak/git/runlinux"
 
PKG_CONFIG="/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/host/bin/pkg-config"
 PKG_CONFIG_SYSROOT_DIR="/" PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1 PKG_
- CONFIG_ALLOW_SYSTEM_LIBS=1 
PKG_CONFIG_LIBDIR="/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/host/lib/pkgconfig:/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/host/share/pkg
- config" AR="/usr/bin/ar" AS="/usr/bin/as" LD="/usr/bin/ld" NM="/usr/bin/nm" 
CC="/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/host/bin/ccache
 /usr/bin/gcc" GCC="/home/ciro/bak/git/linux-kerne
- l-module-cheat/out/x86_64/buildroot/host/bin/ccache /usr/bin/gcc" 
CXX="/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/host/bin/ccache
 /usr/bin/g++" CPP="/usr/bin/cpp" OBJCOPY="/usr/bin/objcopy
- " RANLIB="/usr/bin/ranlib" 
CPPFLAGS="-I/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/host/include"
 CFLAGS="-O2 
-I/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/host/include
- " CXXFLAGS="-O2 
-I/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/host/include"
 
LDFLAGS="-L/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/host/lib
 -Wl,-rpath,/home/ciro/bak/g
- it/linux-kernel-module-cheat/out/x86_64/buildroot/host/lib" 
INTLTOOL_PERL=/usr/bin/perl 
CPP="/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/host/bin/ccache
 /usr/bin/gcc -E" ./configure --targe
- t-list="x86_64-softmmu" 
--prefix="/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/host"
 
--interp-prefix=/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/host/x86_64-buildroot-l
- inux-uclibc/sysroot 
--cc="/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/host/bin/ccache
 /usr/bin/gcc" 
--host-cc="/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/host/bin/cca
- che /usr/bin/gcc" 
--python=/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/host/bin/python2
 

[Qemu-devel] [Bug 1762179] Re: Record and replay replay fails with: "ERROR:replay/replay-time.c:49:replay_read_clock: assertion failed"

[Ciro Santilli 六四事件 法轮功]

** Description changed:

- QEMU master at 08e173f29461396575c85510eb41474b993cb1fb
+ QEMU master at 08e173f29461396575c85510eb41474b993cb1fb Ubuntu 17.10
+ host.
  
  QEMU commands:
- 
  
  ```
  #!/usr/bin/env bash
  cmd="\
  time \
  ./out/x86_64/buildroot/host/usr/bin/qemu-system-x86_64 \
  -M pc \
  -append 'root=/dev/sda console=ttyS0 nokaslr printk.time=y - 
lkmc_eval=\"/rand_check.out;/sbin/ifup -a;wget -S google.com;/poweroff.out;\"' \
  -kernel 'out/x86_64/buildroot/images/bzImage' \
  -nographic \
  \
  -drive 
file=out/x86_64/buildroot/images/rootfs.ext2.qcow2,if=none,id=img-direct,format=qcow2
 \
  -drive driver=blkreplay,if=none,image=img-direct,id=img-blkreplay \
  -device ide-hd,drive=img-blkreplay \
  \
  -netdev user,id=net1 \
  -device rtl8139,netdev=net1 \
  -object filter-replay,id=replay,netdev=net1 \
  "
  echo "$cmd"
  eval "$cmd -icount 'shift=7,rr=record,rrfile=replay.bin'"
  eval "$cmd -icount 'shift=7,rr=replay,rrfile=replay.bin'"
  ```
  
  Images uploaded to: https://github.com/cirosantilli/linux-kernel-module-
  cheat/releases/download/test-replay-arm/images4.zip
  
  The replay failed straight out with:
  
  ```
  ERROR:replay/replay-time.c:49:replay_read_clock: assertion failed: 
(replay_file && replay_mutex_locked())
  ```
  
  Images generated with: https://github.com/cirosantilli/linux-kernel-
  module-cheat/tree/9513c162ef57e6cb70006dfe870856f94ee9a133
  
  QEMU configure:
  
  ```
  cd 
/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/build/host-qemu-custom;
 
PATH="/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/host/bin:/home/ciro/bak/git/linux-kernel-modul
  
e-cheat/out/x86_64/buildroot/host/sbin:./node_modules/.bin:/usr/local/heroku/bin:/home/ciro/android-sdk/platform-tools:/home/ciro/android-sdk/tools:/home/ciro/android-studio//bin:/home/ciro/android-sdk/ndk-bundl
  
e:/home/ciro/android-sdk/ndk-bundle/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/bin:/home/ciro/bak/git/devbin:/home/ciro/bin:/usr/local/texlive/2013/bin/x86_64-linux:/home/ciro/.rvm/gems/ruby-2.4.
  
1/bin:/home/ciro/.rvm/gems/ruby-2.4.1@global/bin:/home/ciro/.rvm/rubies/ruby-2.4.1/bin:./node_modules/.bin:/usr/local/heroku/bin:/home/ciro/android-sdk/platform-tools:/home/ciro/android-sdk/tools:/home/ciro/andr
  
oid-studio//bin:/home/ciro/android-sdk/ndk-bundle:/home/ciro/android-sdk/ndk-bundle/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/bin:/home/ciro/bak/git/devbin:/home/ciro/bin:/usr/local/texlive/2013
  
/bin/x86_64-linux:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/bin:/snap/bin:/home/ciro/bak/git/latex:/home/ciro/.rvm/bin:/home/ciro/anaconda2/bin:/home/ciro/.cab
  
al/bin:/bin:/home/ciro/.go/bin:/home/ciro/.local/bin/:/home/ciro/bak/git/runlinux:/usr/bin:/home/ciro/bak/git/latex:/home/ciro/.rvm/bin:/home/ciro/anaconda2/bin:/home/ciro/.cabal/bin:/bin:/home/ciro/.go/bin:/home/ciro/.local/bin/:/home/ciro/bak/git/runlinux"
 
PKG_CONFIG="/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/host/bin/pkg-config"
 PKG_CONFIG_SYSROOT_DIR="/" PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1 PKG_
  CONFIG_ALLOW_SYSTEM_LIBS=1 
PKG_CONFIG_LIBDIR="/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/host/lib/pkgconfig:/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/host/share/pkg
  config" AR="/usr/bin/ar" AS="/usr/bin/as" LD="/usr/bin/ld" NM="/usr/bin/nm" 
CC="/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/host/bin/ccache
 /usr/bin/gcc" GCC="/home/ciro/bak/git/linux-kerne
  l-module-cheat/out/x86_64/buildroot/host/bin/ccache /usr/bin/gcc" 
CXX="/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/host/bin/ccache
 /usr/bin/g++" CPP="/usr/bin/cpp" OBJCOPY="/usr/bin/objcopy
  " RANLIB="/usr/bin/ranlib" 
CPPFLAGS="-I/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/host/include"
 CFLAGS="-O2 
-I/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/host/include
  " CXXFLAGS="-O2 
-I/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/host/include"
 
LDFLAGS="-L/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/host/lib
 -Wl,-rpath,/home/ciro/bak/g
  it/linux-kernel-module-cheat/out/x86_64/buildroot/host/lib" 
INTLTOOL_PERL=/usr/bin/perl 
CPP="/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/host/bin/ccache
 /usr/bin/gcc -E" ./configure --targe
  t-list="x86_64-softmmu" 
--prefix="/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/host"
 
--interp-prefix=/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/host/x86_64-buildroot-l
  inux-uclibc/sysroot 
--cc="/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/host/bin/ccache
 /usr/bin/gcc" 
--host-cc="/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/host/bin/cca
  che /usr/bin/gcc" 

[Qemu-devel] [Bug 1762179] [NEW] Record and replay replay fails with: "ERROR:replay/replay-time.c:49:replay_read_clock: assertion failed"

[Ciro Santilli 六四事件 法轮功]

Public bug reported:

QEMU master at 08e173f29461396575c85510eb41474b993cb1fb

QEMU commands:


```
#!/usr/bin/env bash
cmd="\
time \
./out/x86_64/buildroot/host/usr/bin/qemu-system-x86_64 \
-M pc \
-append 'root=/dev/sda console=ttyS0 nokaslr printk.time=y - 
lkmc_eval=\"/rand_check.out;/sbin/ifup -a;wget -S google.com;/poweroff.out;\"' \
-kernel 'out/x86_64/buildroot/images/bzImage' \
-nographic \
\
-drive 
file=out/x86_64/buildroot/images/rootfs.ext2.qcow2,if=none,id=img-direct,format=qcow2
 \
-drive driver=blkreplay,if=none,image=img-direct,id=img-blkreplay \
-device ide-hd,drive=img-blkreplay \
\
-netdev user,id=net1 \
-device rtl8139,netdev=net1 \
-object filter-replay,id=replay,netdev=net1 \
"
echo "$cmd"
eval "$cmd -icount 'shift=7,rr=record,rrfile=replay.bin'"
eval "$cmd -icount 'shift=7,rr=replay,rrfile=replay.bin'"
```

Images uploaded to: https://github.com/cirosantilli/linux-kernel-module-
cheat/releases/download/test-replay-arm/images4.zip

The replay failed straight out with:

```
ERROR:replay/replay-time.c:49:replay_read_clock: assertion failed: (replay_file 
&& replay_mutex_locked())
```

Images generated with: https://github.com/cirosantilli/linux-kernel-
module-cheat/tree/9513c162ef57e6cb70006dfe870856f94ee9a133

QEMU configure:

```
cd 
/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/build/host-qemu-custom;
 
PATH="/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/host/bin:/home/ciro/bak/git/linux-kernel-modul
e-cheat/out/x86_64/buildroot/host/sbin:./node_modules/.bin:/usr/local/heroku/bin:/home/ciro/android-sdk/platform-tools:/home/ciro/android-sdk/tools:/home/ciro/android-studio//bin:/home/ciro/android-sdk/ndk-bundl
e:/home/ciro/android-sdk/ndk-bundle/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/bin:/home/ciro/bak/git/devbin:/home/ciro/bin:/usr/local/texlive/2013/bin/x86_64-linux:/home/ciro/.rvm/gems/ruby-2.4.
1/bin:/home/ciro/.rvm/gems/ruby-2.4.1@global/bin:/home/ciro/.rvm/rubies/ruby-2.4.1/bin:./node_modules/.bin:/usr/local/heroku/bin:/home/ciro/android-sdk/platform-tools:/home/ciro/android-sdk/tools:/home/ciro/andr
oid-studio//bin:/home/ciro/android-sdk/ndk-bundle:/home/ciro/android-sdk/ndk-bundle/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/bin:/home/ciro/bak/git/devbin:/home/ciro/bin:/usr/local/texlive/2013
/bin/x86_64-linux:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/bin:/snap/bin:/home/ciro/bak/git/latex:/home/ciro/.rvm/bin:/home/ciro/anaconda2/bin:/home/ciro/.cab
al/bin:/bin:/home/ciro/.go/bin:/home/ciro/.local/bin/:/home/ciro/bak/git/runlinux:/usr/bin:/home/ciro/bak/git/latex:/home/ciro/.rvm/bin:/home/ciro/anaconda2/bin:/home/ciro/.cabal/bin:/bin:/home/ciro/.go/bin:/home/ciro/.local/bin/:/home/ciro/bak/git/runlinux"
 
PKG_CONFIG="/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/host/bin/pkg-config"
 PKG_CONFIG_SYSROOT_DIR="/" PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1 PKG_
CONFIG_ALLOW_SYSTEM_LIBS=1 
PKG_CONFIG_LIBDIR="/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/host/lib/pkgconfig:/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/host/share/pkg
config" AR="/usr/bin/ar" AS="/usr/bin/as" LD="/usr/bin/ld" NM="/usr/bin/nm" 
CC="/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/host/bin/ccache
 /usr/bin/gcc" GCC="/home/ciro/bak/git/linux-kerne
l-module-cheat/out/x86_64/buildroot/host/bin/ccache /usr/bin/gcc" 
CXX="/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/host/bin/ccache
 /usr/bin/g++" CPP="/usr/bin/cpp" OBJCOPY="/usr/bin/objcopy
" RANLIB="/usr/bin/ranlib" 
CPPFLAGS="-I/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/host/include"
 CFLAGS="-O2 
-I/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/host/include
" CXXFLAGS="-O2 
-I/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/host/include"
 
LDFLAGS="-L/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/host/lib
 -Wl,-rpath,/home/ciro/bak/g
it/linux-kernel-module-cheat/out/x86_64/buildroot/host/lib" 
INTLTOOL_PERL=/usr/bin/perl 
CPP="/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/host/bin/ccache
 /usr/bin/gcc -E" ./configure --targe
t-list="x86_64-softmmu" 
--prefix="/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/host"
 
--interp-prefix=/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/host/x86_64-buildroot-l
inux-uclibc/sysroot 
--cc="/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/host/bin/ccache
 /usr/bin/gcc" 
--host-cc="/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/host/bin/cca
che /usr/bin/gcc" 
--python=/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/host/bin/python2
 --extra-cflags="-O2 
-I/home/ciro/bak/git/linux-kernel-module-cheat/out/x86_64/buildroot/host/include"
 

Re: [Qemu-devel] [PATCH v2 for-2.12] roms/u-boot-sam460ex: Change to qemu git mirror and update

[David Gibson]

On Sun, Apr 08, 2018 at 12:31:24PM +0200, BALATON Zoltan wrote:
> Now that we have a mirror of this repo on git.qemu.org change the
> submodule to use that and update it to latest commit which fixes a
> dangling symlink and removes two big binaries that are not needed.
> 
> Signed-off-by: BALATON Zoltan 
> ---
> David, you can drop previous version of this patch and replace it with
> this one which updates to the latest commit. Thank you.

Done.

> 
> .gitmodules  | 2 +-
>  roms/u-boot-sam460ex | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/.gitmodules b/.gitmodules
> index c613722..49e9c2e 100644
> --- a/.gitmodules
> +++ b/.gitmodules
> @@ -45,4 +45,4 @@
>   url = git://github.com/hdeller/seabios-hppa.git
>  [submodule "roms/u-boot-sam460ex"]
>   path = roms/u-boot-sam460ex
> - url = git://github.com/zbalaton/u-boot-sam460ex
> + url = git://git.qemu.org/u-boot-sam460ex.git
> diff --git a/roms/u-boot-sam460ex b/roms/u-boot-sam460ex
> index 119aa27..8ee007c 16
> --- a/roms/u-boot-sam460ex
> +++ b/roms/u-boot-sam460ex
> @@ -1 +1 @@
> -Subproject commit 119aa277f74a4a2d3f7ab6c9471292308eba14e4
> +Subproject commit 8ee007c4216fd6a0d760589e8405ce4494497aa0

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH 0/5] sdl2 text console fixes and cleanups.

[BALATON Zoltan]

On Wed, 21 Mar 2018, Gerd Hoffmann wrote:

Gerd Hoffmann (5):
 ui: add ctrl modifier support to kbd_put_qcode_console()
 sdl2: track kbd modifier state unconditionally
 sdl2: enable ctrl modifier keys for text consoles
 sdl2: drop QEMU_KEY_BACKSPACE special case
 sdl2: drop dead code

include/ui/console.h |  2 +-
ui/console.c | 15 +--
ui/gtk.c |  4 ++--
ui/sdl2-input.c  | 46 --
4 files changed, 36 insertions(+), 31 deletions(-)


Will this be included in 2.12? I haven't seen it reaching master yet.

Regards,
BALATON Zoltan

[Qemu-devel] [PATCH v2 for-2.12] roms/u-boot-sam460ex: Change to qemu git mirror and update

[BALATON Zoltan]

Now that we have a mirror of this repo on git.qemu.org change the
submodule to use that and update it to latest commit which fixes a
dangling symlink and removes two big binaries that are not needed.

Signed-off-by: BALATON Zoltan 
---
David, you can drop previous version of this patch and replace it with
this one which updates to the latest commit. Thank you.

.gitmodules  | 2 +-
 roms/u-boot-sam460ex | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.gitmodules b/.gitmodules
index c613722..49e9c2e 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -45,4 +45,4 @@
url = git://github.com/hdeller/seabios-hppa.git
 [submodule "roms/u-boot-sam460ex"]
path = roms/u-boot-sam460ex
-   url = git://github.com/zbalaton/u-boot-sam460ex
+   url = git://git.qemu.org/u-boot-sam460ex.git
diff --git a/roms/u-boot-sam460ex b/roms/u-boot-sam460ex
index 119aa27..8ee007c 16
--- a/roms/u-boot-sam460ex
+++ b/roms/u-boot-sam460ex
@@ -1 +1 @@
-Subproject commit 119aa277f74a4a2d3f7ab6c9471292308eba14e4
+Subproject commit 8ee007c4216fd6a0d760589e8405ce4494497aa0
-- 
2.7.6

Re: [Qemu-devel] [Qemu-trivial] [PATCH RFC v3 for-2.12?] scripts/checkpatch.pl: Bug fix

[Su Hang]

Sorry for replying late, it's until today that I saw your mail.

In order to find out why the former edition doesn't complain about
`do{}while(cond);` pattern, I regress back to
ed279a06c53784c8c6c9b41aa0388a4ce8a70410, one before the bug was introduced.
Then I found in Line 2435 to Line 2443 did special judgment for
`do{}while(cond);` pattern.

As for why I use `if ($line !~ /else/)` instead of `if ($line =~ /while/)`,
And why I use `($line  =~ /(\}.*)$/)`, instead of `(substr($line, 0, $-[0]) =~ 
/(\}\s*)$/)`.
Since they work the same, so I'm trying to minimize the modification
to current code and not to introduce new code logic, I reuse most of
2435 - 2443 Lines from ed279a06c53784c8c6c9b41aa0388a4ce8a70410 in my patch.

> Why are you using minimal match coupled with an anchored expression?
> Isn't '($line  =~ /(\}.*)$/)' going to match the same subexpression
> (namely, any line containing } but not as the last character)?

'($line  =~ /(\}.*)$/)' won't match "any line containing } but not as
the last character", becuase
```
if ($line =~ /(^.*)\b(?:if|while|for)\b/ &&
$line !~ /\#\s*if/) {
``` that wraps '($line  =~ /(\}.*)$/)' limits the scope of the match.

Best,
Su Hang



> -Original Messages-
> From: "Eric Blake" 
> Sent Time: 2018-04-05 02:28:13 (Thursday)
> To: "Su Hang" , vsement...@virtuozzo.com
> Cc: qemu-trivial , "Paolo Bonzini" 
> , qemu-devel@nongnu.org
> Subject: Re: [Qemu-trivial] [Qemu-devel] [PATCH RFC v3 for-2.12?] 
> scripts/checkpatch.pl: Bug fix
> 
> [adding a few more cc's]
> 
> On 03/25/2018 09:06 PM, Su Hang wrote:
> > Commit 2b9aef6fcd96ba7ed8c1ee723e391901852d344c introduced a regression:
> > checkpatch.pl started complaining about the following valid pattern:
> > do {
> >  /* something */
> > } while (condition);
> > 
> > Fix the script to once again permit this pattern.
> 
> We can probably drop the RFC from the title (RFC means you are unsure if
> the patch is in its final form), and probably want this patch included
> in 2.12 as we are still getting emails that hit the false positive:
> 
> https://lists.gnu.org/archive/html/qemu-devel/2018-04/msg00403.html
> 
> > 
> > Signed-off-by: Su Hang 
> > ---
> > v1: fix bug.
> > v2: correct inappropriate patch description.
> > v3: put version description under Signed-off-by line.
> > 
> >  scripts/checkpatch.pl | 15 +--
> >  1 file changed, 13 insertions(+), 2 deletions(-)
> 
> Perl is not my strongest point, so take my review with a grain of salt.
> However, since I already have a couple of other random patches that may
> still be appropriate for -rc3, I can pick this up in a pull request if I
> get at least one more review (and if no one else picks it up first, such
> as the qemu-trivial process or Paolo's misc tree)
> 
> > 
> > diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
> > index 57daae05ea18..d52207a3cc9d 100755
> > --- a/scripts/checkpatch.pl
> > +++ b/scripts/checkpatch.pl
> > @@ -2356,6 +2356,18 @@ sub process {
> >  # check for missing bracing around if etc
> > if ($line =~ /(^.*)\b(?:if|while|for)\b/ &&
> > $line !~ /\#\s*if/) {
> > +   my $allowed = 0;
> > +
> > +   # Check the pre-context.
> > +   if ($line =~ /(\}.*?)$/) {
> 
> Why are you using minimal match coupled with an anchored expression?
> Isn't '($line  =~ /(\}.*)$/)' going to match the same subexpression
> (namely, any line containing } but not as the last character)?
> 
> Otherwise,
> Reviewed-by: Eric Blake 
> 
> -- 
> Eric Blake, Principal Software Engineer
> Red Hat, Inc.   +1-919-301-3266
> Virtualization:  qemu.org | libvirt.org
> 

Re: [Qemu-devel] Loadable block drivers?

[Fam Zheng]

On Thu, 04/05 11:40, Lindsay Mathieson wrote:
> On 4 April 2018 at 23:41, Stefan Hajnoczi  wrote:
> 
> > On Tue, Apr 03, 2018 at 11:30:33AM +0800, Fam Zheng wrote:
> > > On Tue, 04/03 13:17, Lindsay Mathieson wrote:
> > > > On 3 April 2018 at 13:11, Fam Zheng  wrote:
> > > >
> > > > > On Tue, 04/03 12:59, Lindsay Mathieson wrote:
> > > > > > Hi all, was looking at developing a block driver for qemu - have
> > examined
> > > > > > the drivers at:
> > > > > >
> > > > > >   https://github.com/qemu/qemu/tree/master/block
> > > > > >
> > > > > > And it seems straightforward enough.
> > > > > >
> > > > > > One thing that is unclear - all the drivers appear to be compiled
> > > > > directly
> > > > > > into qemu. Is there no way to load them dynamically as .so modules?
> > > > >
> > > > > './configure --enable-modules' will enable building block drivers as
> > .so
> > > > > objects, and they are loaded dynamically. These are in-tree .so
> > modules;
> > > > > out-of-tree modules like in Linux kernel are intentionally forbidden.
> > > > >
> > > > > Fam
> > > > >
> > > >
> > > >
> > > >
> > > > Rats, I take it that means I can't develop a testing block module and
> > load
> > > > it with an pre-existing qemu install.
> > >
> > > No, that's not possible.
> >
> > Depending on what you are trying to do, you could use the blkdebug,
> > null-co, NBD, or iSCSI drivers to perform your testing.
> >
> > blkdebug does fault injection (e.g. you can test what happens when
> > certain I/O requests fail).
> >
> > null-co is a nop block driver useful for some types of performance
> > testing and it also supports introducing an artificial delays.
> >
> > NBD and iSCSI can be used to forward I/O requests to an external server
> > where you can implement any behavior you want.
> >
> > We can discuss it more if you can explain what you're trying to do.
> >
> > Stefan
> >
> 
> 
> 
> Thanks Stefan, looking to develop a lizardfs block driver. A process that
> only involved building a module rather than the entire qemu tree would mike
> life easier, especially if I could test it on a live system (proxmox
> cluster). A custom qemu install is not an option for that.

I cannot think of a way to hot plugging a block driver to a running QEMU, but
perhaps you can live migrate the VM from the stock QEMU to a custom built one to
achieve similar.

Fam

Re: [Qemu-devel] [Qemu-block] [RFC PATCH 0/8] qemu-img convert with copy offloading

[Fam Zheng]

On Fri, 04/06 13:41, Paolo Bonzini wrote:
> On 05/04/2018 14:55, Stefan Hajnoczi wrote:
> > bdrv_copy_file_range() will invoke bdrv_co_copy_file_range_src() on
> > src[qcow2].  The qcow2 block driver will invoke
> > bdrv_co_copy_file_range_src() on src[file].  The file-posix driver will
> > invoke bdrv_co_copy_file_range_dst() on dst[raw].  The raw driver will
> > invoke bdrv_co_copy_file_range_dst() on dst[file], which sees that
> > src_bds (src[file]) is also file-posix and then goes ahead with
> > copy_file_range(2).
> > 
> > In the case where src[qcow2] is on file-posix but dst[raw] is on iSCSI,
> > the iSCSI .bdrv_co_copy_file_range_dst() call fails with -ENOTSUP and
> > the block layer can fall back to a traditional copy operation.
> > 
> > With this approach src[qcow2] could take a lock or keep track of a
> > serializing request struct so that other requests cannot interfere with
> > the operation, and it's done in a natural way since we remain in the
> > qcow2 function until the entire operation completes.  There's no need
> > for bookkeeping structs or callbacks.
> 
> Could there be AB-BA deadlock if the guest attempts a concurrent copy
> from A to B and from B to A?

I don't think bs_src need to hold its locks when calling into bs_dst for mapping
write ranges. So it should be safe.

Fam

Re: [Qemu-devel] [PATCH v2] iotests: fix wait_until_completed()

[Fam Zheng]

On Sun, 04/08 11:05, Peter Xu wrote:
> If there are more than one events, wait_until_completed() might return
> the 2nd event even if the 1st event is JOB_COMPLETED, since the for loop
> will continue to run even if completed is set to True.
> 
> It never happened before, but it can be triggered when OOB is enabled
> due to the RESUME startup message. Fix that up.
> 
> Signed-off-by: Peter Xu 
> ---
>  tests/qemu-iotests/iotests.py | 9 +++--
>  1 file changed, 3 insertions(+), 6 deletions(-)
> 
> diff --git a/tests/qemu-iotests/iotests.py b/tests/qemu-iotests/iotests.py
> index b5d7945af8..119c8e270a 100644
> --- a/tests/qemu-iotests/iotests.py
> +++ b/tests/qemu-iotests/iotests.py
> @@ -470,18 +470,15 @@ class QMPTestCase(unittest.TestCase):
>  
>  def wait_until_completed(self, drive='drive0', check_offset=True):
>  '''Wait for a block job to finish, returning the event'''
> -completed = False
> -while not completed:
> +while True:
>  for event in self.vm.get_qmp_events(wait=True):
>  if event['event'] == 'BLOCK_JOB_COMPLETED':
>  self.assert_qmp(event, 'data/device', drive)
>  self.assert_qmp_absent(event, 'data/error')
>  if check_offset:
>  self.assert_qmp(event, 'data/offset', 
> event['data']['len'])
> -completed = True
> -
> -self.assert_no_active_block_jobs()
> -return event
> +self.assert_no_active_block_jobs()
> +return event
>  
>  def wait_ready(self, drive='drive0'):
>  '''Wait until a block job BLOCK_JOB_READY event'''
> -- 
> 2.14.3
> 
> 

Reviewed-by: Fam Zheng 

Re: [Qemu-devel] [PATCH v3 2/2] vhost-user: back SET/GET_CONFIG requests with a protocol feature

[Liu, Changpeng]

> -Original Message-
> From: Maxime Coquelin [mailto:maxime.coque...@redhat.com]
> Sent: Thursday, March 29, 2018 3:53 PM
> To: m...@redhat.com; Liu, Changpeng ;
> marcandre.lur...@redhat.com; qemu-devel@nongnu.org
> Cc: Maxime Coquelin 
> Subject: [PATCH v3 2/2] vhost-user: back SET/GET_CONFIG requests with a
> protocol feature
> 
> Without a dedicated protocol feature, QEMU cannot know whether
> the backend can handle VHOST_USER_SET_CONFIG and
> VHOST_USER_GET_CONFIG messages.
> 
> This patch adds a protocol feature that is only advertised by
> QEMU if the device implements the config ops. Vhost user init
> fails if the device support the feature but the backend doesn't.
> 
> The backend should only send VHOST_USER_SLAVE_CONFIG_CHANGE_MSG
> requests if the protocol feature has been negotiated.
> 
> Signed-off-by: Maxime Coquelin 
Acked-by: Changpeng Liu 
> ---
>  docs/interop/vhost-user.txt | 21 -
>  hw/virtio/vhost-user.c  | 22 ++
>  2 files changed, 34 insertions(+), 9 deletions(-)
> 
> diff --git a/docs/interop/vhost-user.txt b/docs/interop/vhost-user.txt
> index c058c407df..534caab18a 100644
> --- a/docs/interop/vhost-user.txt
> +++ b/docs/interop/vhost-user.txt
> @@ -379,6 +379,7 @@ Protocol features
>  #define VHOST_USER_PROTOCOL_F_CROSS_ENDIAN   6
>  #define VHOST_USER_PROTOCOL_F_CRYPTO_SESSION 7
>  #define VHOST_USER_PROTOCOL_F_PAGEFAULT  8
> +#define VHOST_USER_PROTOCOL_F_CONFIG 9
> 
>  Master message types
>  
> @@ -664,7 +665,8 @@ Master message types
>Master payload: virtio device config space
>Slave payload: virtio device config space
> 
> -  Submitted by the vhost-user master to fetch the contents of the virtio
> +  When VHOST_USER_PROTOCOL_F_CONFIG is negotiated, this message is
> +  submitted by the vhost-user master to fetch the contents of the virtio
>device configuration space, vhost-user slave's payload size MUST match
>master's request, vhost-user slave uses zero length of payload to
>indicate an error to vhost-user master. The vhost-user master may
> @@ -677,7 +679,8 @@ Master message types
>Master payload: virtio device config space
>Slave payload: N/A
> 
> -  Submitted by the vhost-user master when the Guest changes the virtio
> +  When VHOST_USER_PROTOCOL_F_CONFIG is negotiated, this message is
> +  submitted by the vhost-user master when the Guest changes the virtio
>device configuration space and also can be used for live migration
>on the destination host. The vhost-user slave must check the flags
>field, and slaves MUST NOT accept SET_CONFIG for read-only
> @@ -766,13 +769,13 @@ Slave message types
>   Slave payload: N/A
>   Master payload: N/A
> 
> - Vhost-user slave sends such messages to notify that the virtio device's
> - configuration space has changed, for those host devices which can 
> support
> - such feature, host driver can send VHOST_USER_GET_CONFIG message to
> slave
> - to get the latest content. If VHOST_USER_PROTOCOL_F_REPLY_ACK is
> - negotiated, and slave set the VHOST_USER_NEED_REPLY flag, master must
> - respond with zero when operation is successfully completed, or non-zero
> - otherwise.
> + When VHOST_USER_PROTOCOL_F_CONFIG is negotiated, vhost-user slave
> sends
> + such messages to notify that the virtio device's configuration space has
> + changed, for those host devices which can support such feature, host
> + driver can send VHOST_USER_GET_CONFIG message to slave to get the latest
> + content. If VHOST_USER_PROTOCOL_F_REPLY_ACK is negotiated, and slave
> set
> + the VHOST_USER_NEED_REPLY flag, master must respond with zero when
> + operation is successfully completed, or non-zero otherwise.
> 
>  VHOST_USER_PROTOCOL_F_REPLY_ACK:
>  ---
> diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
> index 44aea5c0a8..38da8692bb 100644
> --- a/hw/virtio/vhost-user.c
> +++ b/hw/virtio/vhost-user.c
> @@ -46,6 +46,7 @@ enum VhostUserProtocolFeature {
>  VHOST_USER_PROTOCOL_F_CROSS_ENDIAN = 6,
>  VHOST_USER_PROTOCOL_F_CRYPTO_SESSION = 7,
>  VHOST_USER_PROTOCOL_F_PAGEFAULT = 8,
> +VHOST_USER_PROTOCOL_F_CONFIG = 9,
>  VHOST_USER_PROTOCOL_F_MAX
>  };
> 
> @@ -1211,6 +1212,17 @@ static int vhost_user_init(struct vhost_dev *dev, void
> *opaque)
> 
>  dev->protocol_features =
>  protocol_features & VHOST_USER_PROTOCOL_FEATURE_MASK;
> +
> +if (!dev->config_ops || !dev->config_ops->vhost_dev_config_notifier) 
> {
> +/* Don't acknowledge CONFIG feature if device doesn't support it 
> */
> +dev->protocol_features &= ~(1ULL <<
> VHOST_USER_PROTOCOL_F_CONFIG);
> +} else if (!(protocol_features &
> +   

Re: [Qemu-devel] [PATCH v3 1/2] vhost-user-blk: set config ops before vhost-user init

[Liu, Changpeng]

> -Original Message-
> From: Maxime Coquelin [mailto:maxime.coque...@redhat.com]
> Sent: Thursday, March 29, 2018 3:53 PM
> To: m...@redhat.com; Liu, Changpeng ;
> marcandre.lur...@redhat.com; qemu-devel@nongnu.org
> Cc: Maxime Coquelin 
> Subject: [PATCH v3 1/2] vhost-user-blk: set config ops before vhost-user init
> 
> As soon as vhost-user init is done, the backend may send
> VHOST_USER_SLAVE_CONFIG_CHANGE_MSG, so let's set the
> notification callback before it.
> 
> Also, it will be used to know whether the device supports
> the config feature to advertize it or not.
> 
> Signed-off-by: Maxime Coquelin 
Acked-by: Changpeng Liu 
> ---
>  hw/block/vhost-user-blk.c | 4 ++--
>  hw/virtio/vhost.c | 1 -
>  2 files changed, 2 insertions(+), 3 deletions(-)
> 
> diff --git a/hw/block/vhost-user-blk.c b/hw/block/vhost-user-blk.c
> index f840f07dfe..262baca432 100644
> --- a/hw/block/vhost-user-blk.c
> +++ b/hw/block/vhost-user-blk.c
> @@ -259,6 +259,8 @@ static void vhost_user_blk_device_realize(DeviceState
> *dev, Error **errp)
>  s->dev.vq_index = 0;
>  s->dev.backend_features = 0;
> 
> +vhost_dev_set_config_notifier(>dev, _ops);
> +
>  ret = vhost_dev_init(>dev, >chardev, VHOST_BACKEND_TYPE_USER, 0);
>  if (ret < 0) {
>  error_setg(errp, "vhost-user-blk: vhost initialization failed: %s",
> @@ -277,8 +279,6 @@ static void vhost_user_blk_device_realize(DeviceState
> *dev, Error **errp)
>  s->blkcfg.num_queues = s->num_queues;
>  }
> 
> -vhost_dev_set_config_notifier(>dev, _ops);
> -
>  return;
> 
>  vhost_err:
> diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c
> index 250f886acb..b6c314e350 100644
> --- a/hw/virtio/vhost.c
> +++ b/hw/virtio/vhost.c
> @@ -1451,7 +1451,6 @@ int vhost_dev_set_config(struct vhost_dev *hdev,
> const uint8_t *data,
>  void vhost_dev_set_config_notifier(struct vhost_dev *hdev,
> const VhostDevConfigOps *ops)
>  {
> -assert(hdev->vhost_ops);
>  hdev->config_ops = ops;
>  }
> 
> --
> 2.14.3

Re: [Qemu-devel] [PATCH v3 0/3] nvram: at24c: fix problems related to "rom-size"

[Wolfram Sang]

On Tue, Mar 20, 2018 at 05:18:47PM +0100, Wolfram Sang wrote:
> I used this driver as a template for a custom one. While hacking on my own, I
> noticed some problems in this driver, too. This series fixes the first set of
> them, related to the "rom-size" parameter. It fixes a segfault.
> 
> I think the first patch is clearly suitable for stable. I think the second 
> one,
> too, but not as clearly. The third one is a cleanup and not for stable. Still,
> I am open for opinions about these thoughts.

Through which tree should these patches go? get_maintainer doesn't list
a person specifically. Anything else I could do?

> 
> Thanks,
> 
>Wolfram
> 
> Changes since v2:
> 
> * removed '\n' from error_report-strings
> * made sure checkpatch is happy
> * added tags from Philippe (thanks!)
> 
> Changes since v1:
> 
> * reordered patches according to significance for stable
> * use AT24C_ROMSIZE_DEFAULT instead of magic value
> * patch 3 doesn't improve the ERR macro anymore but replaces
>   it completely with error_report().
> 
> 
> Wolfram Sang (3):
>   nvram: at24c: prevent segfault by checking "rom-size"
>   nvram: at24c: use a sane default for "rom-size"
>   nvram: at24c: use standard error reporting
> 
>  hw/nvram/eeprom_at24c.c | 25 ++---
>  1 file changed, 14 insertions(+), 11 deletions(-)
> 
> -- 
> 2.11.0
> 


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH for-2.12] iothread: workaround glib bug which hangs qmp-test

[Peter Xu]

On Wed, Apr 04, 2018 at 03:53:05PM +0100, Stefan Hajnoczi wrote:
> On Wed, Apr 04, 2018 at 02:53:46PM +0800, Peter Xu wrote:
> > Free the AIO context earlier than the GMainContext (if we have) to
> > workaround a possible Glib bug.  No functional change at all.
> > 
> > We encountered a qmp-test hang with oob:
> > 
> >   #0  0x7f35ffe45334 in __lll_lock_wait () from /lib64/libpthread.so.0
> >   #1  0x7f35ffe405d8 in _L_lock_854 () from /lib64/libpthread.so.0
> >   #2  0x7f35ffe404a7 in pthread_mutex_lock () from 
> > /lib64/libpthread.so.0
> >   #3  0x7f35fc5b9c9d in g_source_unref_internal (source=0x24f0600, 
> > context=0x7f35f960, have_lock=0) at gmain.c:1685
> >   #4  0x00aa6672 in aio_context_unref (ctx=0x24f0600) at 
> > /root/qemu/util/async.c:497
> >   #5  0x0065851c in iothread_instance_finalize (obj=0x24f0380) at 
> > /root/qemu/iothread.c:129
> >   #6  0x00962d79 in object_deinit (obj=0x24f0380, type=0x242e960) 
> > at /root/qemu/qom/object.c:462
> >   #7  0x00962e0d in object_finalize (data=0x24f0380) at 
> > /root/qemu/qom/object.c:476
> >   #8  0x00964146 in object_unref (obj=0x24f0380) at 
> > /root/qemu/qom/object.c:924
> >   #9  0x00965880 in object_finalize_child_property (obj=0x24ec640, 
> > name=0x24efca0 "mon_iothread", opaque=0x24f0380) at 
> > /root/qemu/qom/object.c:1436
> >   #10 0x00962c33 in object_property_del_child (obj=0x24ec640, 
> > child=0x24f0380, errp=0x0) at /root/qemu/qom/object.c:436
> >   #11 0x00962d26 in object_unparent (obj=0x24f0380) at 
> > /root/qemu/qom/object.c:455
> >   #12 0x00658f00 in iothread_destroy (iothread=0x24f0380) at 
> > /root/qemu/iothread.c:365
> >   #13 0x004c67a8 in monitor_cleanup () at /root/qemu/monitor.c:4663
> >   #14 0x00669e27 in main (argc=16, argv=0x7ffc8b1ae2f8, 
> > envp=0x7ffc8b1ae380) at /root/qemu/vl.c:4749
> > 
> > With glib version 2.28.8-9 (current default version on centos6) we might
> > encounter above with the old code. It is verified that glib version
> > 2.50.3-3 won't trigger that bug again, but since we are still supporting
> > glib 2.28.8-9, we may want this workaround.
> 
> This patch does not contain enough information to explain what this
> "possible Glib bug" is.  Please provide information on the root cause.
> 
> Without understanding the problem, it's hard for anyone to review this
> patch and for other developers to avoid regressions in the future.

I suspect this can be the fix of the problem (commit ID of glib
repository, https://github.com/GNOME/glib):

commit 26056558be4656ee6e891a4fae5d4198de7519cf
Author: Dan Winship 
Date:   Mon Jul 30 08:06:57 2012 -0400

gmain: allow g_source_get_context() on destroyed sources

The thing is that before this commit glib won't zero the
source->context fields of bound gsources when a context is
unreferenced, and after this patch it did.  Here I suspect the old
glib will try to take a lock of context which has already freed, hence
hanged death.

The commit is included in glib 2.33.10 or later, which seems
reasonable (the bad version I tried was 2.28.8, and I also verified
one of the good versions is 2.50.3, and 2.33.10 lies in them). I
didn't further verify the commit and rebuild glib/qemu, hopefully this
can be a valid explanation already.

If this is correct, then the rule of thumb would be: let's destroy all
the gsources that bound to the context before destroying the context
itself, until we drop support for glib 2.33.10.

I understand your worry about not having everything clear in the
commit message. Indeed we'd better know why the bug happened and then
we can avoid that and even use that information when we want to
increase the minimum version of glib we support.  However IMHO that's
something extra, it's not a reason to not merge the patch, it's not
the reason to refuse to fix QEMU which can at least let patchew run
nicely with QEMU 2.12 on centos6.

After all, the thing unclear is out of QEMU, we can't force every QEMU
developer to be fluent with internals of every library that QEMU uses
(glib is only one of them)...  And it may take a lot of time to dig
the real thing out for a QEMU developer.  So, if the patch can well
explain itself (IMHO this patch does - it only switches which object
to destroy first, nothing else is changed) and the patch is tested,
and can prove that it fixes something wrong has happened beneath QEMU,
then IMHO we should merge it.

So I would still like that we merge this patch for 2.12 (we can for
sure enhance the commit message a bit, though). In all cases, thanks
for your review.

-- 
Peter Xu