Re: [PATCH v2] linux-user: Use memfd for open syscall emulation

[Rainer Müller]

On 29/07/2022 18.01, Richard Henderson wrote:
> On 7/29/22 08:49, Rainer Müller wrote:
>> +    /* create temporary file to map stat to */
>> +    tmpdir = getenv("TMPDIR");
>> +    if (!tmpdir)
>> +    tmpdir = "/tmp";
>> +    snprintf(filename, sizeof(filename),
>> "%s/qemu-open.XX", tmpdir);
>> +    fd = mkstemp(filename);
>> +    if (fd < 0) {
>> +    return fd;
>> +    }
> 
> We've been using g_file_open_tmp elsewhere; probably good to follow suit
> here.

That seemed reasonable at first, but with regards to error handling it
gets a bit complicated.

The suggested g_file_open_tmp() would leave us with a GError only, but
to return something meaningful to the caller we must set errno in this
context. As far as I can see, there is no way to convert back to an
errno from GError.

With g_file_open_tmp() we could always set the same generic errno, but
that would hide the real cause completely. I debugged this problem with
this message that was confusing, but at least it gave away a hint:
  cat: can't open '/proc/self/stat': Read-only file system

The other option would be to g_assert_true(fd >= 0) and kill the process
in case opening the temporary file failed. This also feels wrong, as the
caller could still recover from this state and continue.

Rainer

[PATCH v2] linux-user: Use memfd for open syscall emulation

[Rainer Müller]

For certain paths in /proc, the open syscall is intercepted and the
returned file descriptor points to a temporary file with emulated
contents.

If TMPDIR is not accessible or writable for the current user (for
example in a read-only mounted chroot or container) tools such as ps
from procps may fail unexpectedly. Trying to read one of these paths
such as /proc/self/stat would return an error such as ENOENT or EROFS.

To relax the requirement on a writable TMPDIR, use memfd_create()
instead to create an anonymous file and return its file descriptor.

Signed-off-by: Rainer Müller 
---
v2: no more #ifdefs, use stub from util/memfd.c with ENOSYS fallback,
tested with 'strace -e fault=memfd_create'
---
 linux-user/syscall.c | 22 ++
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 991b85e6b4..7b55726f25 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -8269,16 +8269,22 @@ static int do_openat(CPUArchState *cpu_env, int dirfd, 
const char *pathname, int
 char filename[PATH_MAX];
 int fd, r;
 
-/* create temporary file to map stat to */
-tmpdir = getenv("TMPDIR");
-if (!tmpdir)
-tmpdir = "/tmp";
-snprintf(filename, sizeof(filename), "%s/qemu-open.XX", tmpdir);
-fd = mkstemp(filename);
+fd = memfd_create("qemu-open", 0);
 if (fd < 0) {
-return fd;
+if (errno != ENOSYS) {
+return fd;
+}
+/* create temporary file to map stat to */
+tmpdir = getenv("TMPDIR");
+if (!tmpdir)
+tmpdir = "/tmp";
+snprintf(filename, sizeof(filename), "%s/qemu-open.XX", 
tmpdir);
+fd = mkstemp(filename);
+if (fd < 0) {
+return fd;
+}
+unlink(filename);
 }
-unlink(filename);
 
 if ((r = fake_open->fill(cpu_env, fd))) {
 int e = errno;
-- 
2.25.1

[PATCH] linux-user: Use memfd for open syscall emulation

[Rainer Müller]

For certain paths in /proc, the open syscall is intercepted and the
returned file descriptor points to a temporary file with emulated
contents.

If TMPDIR is not accessible or writable for the current user (for
example in a read-only mounted chroot or container) tools such as ps
from procps may fail unexpectedly. Trying to read one of these paths
such as /proc/self/stat would return an error such as ENOENT or EROFS.

To relax the requirement on a writable TMPDIR, use memfd_create()
instead to create an anonymous file and return its file descriptor.

Signed-off-by: Rainer Müller 
---
 linux-user/syscall.c | 10 +-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 991b85e6b4..3e4af930ad 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -8265,9 +8265,11 @@ static int do_openat(CPUArchState *cpu_env, int dirfd, 
const char *pathname, int
 }
 
 if (fake_open->filename) {
+int fd, r;
+
+#ifndef CONFIG_MEMFD
 const char *tmpdir;
 char filename[PATH_MAX];
-int fd, r;
 
 /* create temporary file to map stat to */
 tmpdir = getenv("TMPDIR");
@@ -8279,6 +8281,12 @@ static int do_openat(CPUArchState *cpu_env, int dirfd, 
const char *pathname, int
 return fd;
 }
 unlink(filename);
+#else
+fd = memfd_create("qemu-open", 0);
+if (fd < 0) {
+return fd;
+}
+#endif
 
 if ((r = fake_open->fill(cpu_env, fd))) {
 int e = errno;
-- 
2.25.1

Re: [PATCH 1/2] input-linux: Delay grab toggle if keys are pressed

[Rainer Müller]

On 04/05/2021 11.14, Gerd Hoffmann wrote:
> On Sat, May 01, 2021 at 09:06:21PM +0200, Rainer Müller wrote:
>> When multiple keyboards are passed to the guest with input-linux, there
>> could still be keys pressed on the other keyboard when toggling grab.
>> Delay toggling grab on the other keyboard until all keys are released,
>> otherwise keys could be stuck on host without a key up event.
> 
> Hmm, if you have two keyboards plugged into your machine, why would you
> assign both to a virtual machine?  Instead of simply using one for the
> host and one for the guest?

Fair enough. I only noticed the possibility during testing. I plugged in
a second keyboard for development to avoid locking myself out and passed
only one. Then I became confident to pass them both, but mostly because
I already had them connected. I agree it does not seem like a typical
setup...

This was the only code path that did not check !il->keycount before
calling input_linux_toggle_grab(), so I added it here as well. Maybe it
would make sense to move the condition into the function?

Rainer

[PATCH 0/2] input-linux: Allow to toggle grab from QMP

[Rainer Müller]

This adds an grab-active bool option to input-linux objects to control
the grab state of evdev devices from QMP. The first patch fixes
a problem with multiple keyboards that was previously unlikely, as the
user will only use one device at a time. It could be merged
independently, but I am submitting them together as this becomes more
relevant when grab state can be controlled from QMP.

Rainer Müller (2):
  input-linux: Delay grab toggle if keys are pressed
  input-linux: Allow to toggle grab from QMP

 qapi/qom.json|  3 +++
 ui/input-linux.c | 46 +-
 2 files changed, 44 insertions(+), 5 deletions(-)

-- 
2.25.1

[PATCH 2/2] input-linux: Allow to toggle grab from QMP

[Rainer Müller]

This patch allows to boot a guest without the input-linux device being
grabbed immediately from the host. This is useful when the guest is
automatically started, but is supposed to stay in the background until
the user actively switches to it with a key combination.

In this usage example the host continues to own the keyboard until the
user explicitly toggles the grab state with both control keys:
  -object input-linux,id=kbd1,evdev=/dev/input/eventX,grab-active=off

When grab-active is not given, input-linux will behave as before and
devices are being grabbed immediately on initialization.

Note that even if grab_all=on is set, other devices will initially be
grabbed according to their own grab-active option. The first toggle
operation on a grab_all=on device will sync state to the other devices.

Furthermore, this new option allows to toggle the grab state from QMP
with the qom-set command. By setting grab-active at runtime, the device
will be grabbed or released as indicated by the passed value.

  $ ./scripts/qmp-shell /tmp/qmp.sock
  (QEMU) qom-set path=/objects/kbd1 property=grab-active value=true
  {"return": {}}
  (QEMU) qom-get path=/objects/kbd1 property=grab-active
  {"return": true}

For devices with grab_all=on, the action will propagate to other devices
as if the grab toggle hotkey was used.

Signed-off-by: Rainer Müller 
---
 qapi/qom.json|  3 +++
 ui/input-linux.c | 39 +++
 2 files changed, 38 insertions(+), 4 deletions(-)

diff --git a/qapi/qom.json b/qapi/qom.json
index cd0e76d564..51704465ec 100644
--- a/qapi/qom.json
+++ b/qapi/qom.json
@@ -488,6 +488,8 @@
 #
 # @repeat: enables auto-repeat events (default: false)
 #
+# @grab-active: if true, device is grabbed (default: true)
+#
 # @grab-toggle: the key or key combination that toggles device grab
 #   (default: ctrl-ctrl)
 #
@@ -497,6 +499,7 @@
   'data': { 'evdev': 'str',
 '*grab_all': 'bool',
 '*repeat': 'bool',
+'*grab-active': 'bool',
 '*grab-toggle': 'GrabToggleKeys' } }
 
 ##
diff --git a/ui/input-linux.c b/ui/input-linux.c
index 47d489d738..64efb83e21 100644
--- a/ui/input-linux.c
+++ b/ui/input-linux.c
@@ -399,10 +399,9 @@ static void input_linux_complete(UserCreatable *uc, Error 
**errp)
 }
 
 qemu_set_fd_handler(il->fd, input_linux_event, NULL, il);
-if (il->keycount) {
-/* delay grab until all keys are released */
-il->grab_request = true;
-} else {
+/* delay grab until all keys are released */
+if (il->grab_request && !il->keycount) {
+il->grab_request = false;
 input_linux_toggle_grab(il);
 }
 QTAILQ_INSERT_TAIL(&inputs, il, next);
@@ -493,8 +492,37 @@ static void input_linux_set_grab_toggle(Object *obj, int 
value,
 il->grab_toggle = value;
 }
 
+static bool input_linux_get_grab_active(Object *obj, Error **errp)
+{
+InputLinux *il = INPUT_LINUX(obj);
+
+return il->grab_active;
+}
+
+static void input_linux_set_grab_active(Object *obj, bool value,
+Error **errp)
+{
+InputLinux *il = INPUT_LINUX(obj);
+
+if (!il->initialized) {
+il->grab_request = value;
+return;
+}
+
+if (il->grab_active != value) {
+if (il->keycount) {
+il->grab_request = true;
+} else {
+input_linux_toggle_grab(il);
+}
+}
+}
+
 static void input_linux_instance_init(Object *obj)
 {
+InputLinux *il = INPUT_LINUX(obj);
+
+il->grab_request = true;
 }
 
 static void input_linux_class_init(ObjectClass *oc, void *data)
@@ -512,6 +540,9 @@ static void input_linux_class_init(ObjectClass *oc, void 
*data)
 object_class_property_add_bool(oc, "repeat",
input_linux_get_repeat,
input_linux_set_repeat);
+object_class_property_add_bool(oc, "grab-active",
+   input_linux_get_grab_active,
+   input_linux_set_grab_active);
 object_class_property_add_enum(oc, "grab-toggle", "GrabToggleKeys",
&GrabToggleKeys_lookup,
input_linux_get_grab_toggle,
-- 
2.25.1

[PATCH 1/2] input-linux: Delay grab toggle if keys are pressed

[Rainer Müller]

When multiple keyboards are passed to the guest with input-linux, there
could still be keys pressed on the other keyboard when toggling grab.
Delay toggling grab on the other keyboard until all keys are released,
otherwise keys could be stuck on host without a key up event.

Signed-off-by: Rainer Müller 
---
 ui/input-linux.c | 7 ++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/ui/input-linux.c b/ui/input-linux.c
index 05c0c98819..47d489d738 100644
--- a/ui/input-linux.c
+++ b/ui/input-linux.c
@@ -89,7 +89,12 @@ static void input_linux_toggle_grab(InputLinux *il)
 continue;
 }
 if (item->grab_active != il->grab_active) {
-input_linux_toggle_grab(item);
+if (item->keycount) {
+/* delay grab until all keys are released */
+item->grab_request = true;
+} else {
+input_linux_toggle_grab(item);
+}
 }
 }
 }
-- 
2.25.1

Re: [Qemu-devel] [qemu-web PATCH] Document how to test the site with jekyll locally

[Rainer Müller]

On 28.11.18 17:44, Paolo Bonzini wrote:
> On 28/11/18 16:35, Daniel P. Berrangé wrote:
>> Add a README file that tells people this is a jekyll based static
>> website, and shows people how to run jekyll for testing purposes.
>>
>> Signed-off-by: Daniel P. Berrangé 
>> ---
>>
>> NB, we should really mention a license in the README too, but I don't
>> see info about what license we consider qemu-web to be covered by...

>  1Rainer Müller 

> Anybody (especially non-RH people) disagrees with dual-license CC-BY-SA
> 4.0 and GPLv2+?  (So that we can copy from blog posts to manuals)?

No objections from my side.

Rainer

[Qemu-devel] [qemu-web PATCH] download: Add instructions for MacPorts

[Rainer Müller]

Signed-off-by: Rainer Müller 
---
 _download/macos.md | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/_download/macos.md b/_download/macos.md
index dbb312c..06aa811 100644
--- a/_download/macos.md
+++ b/_download/macos.md
@@ -1,6 +1,10 @@
-QEMU can be installed from Homebrew:
+QEMU can be installed from Homebrew:
 
 brew install qemu
 
+QEMU can be installed from MacPorts:
+
+sudo port install qemu
+
 QEMU requires Mac OS X 10.5 or later, but it is recommended
 to use Mac OS X 10.7 or later.
-- 
2.16.3

Re: [Qemu-devel] [PATCH] configure: Define NCURSES_WIDECHAR if we're using curses

[Rainer Müller]

On 2017-06-02 16:35, Peter Maydell wrote:
> diff --git a/configure b/configure
> index 0586ec9..6aca5d1 100755
> --- a/configure
> +++ b/configure
> @@ -3053,6 +3053,8 @@ int main(void) {
>  EOF
>IFS=:
>for curses_inc in $curses_inc_list; do
> +# Make sure we get the wide character prototypes
> +curses_inc="-DNCURSES_WIDECHAR $curses_inc"
>  IFS=:
>  for curses_lib in $curses_lib_list; do
>unset IFS
> 

Thank you for getting back to this. I can confirm that this patch fixes
--enable-curses for me on Mac OS X.

Although this already works as is, I would use -DNCURSES_WIDECHAR=1 as
ncurses.h uses #if and not #ifdef to check for this.

Rainer

Re: [Qemu-devel] Fix build break during configuration on musl-libc based Linux systems.

[Rainer Müller]

On 2017-02-17 17:57, Peter Maydell wrote:
> On 17 February 2017 at 11:20, Paolo Bonzini  wrote:
>>
>>
>> On 17/02/2017 11:18, Peter Maydell wrote:
>>> Defining _XOPEN_SOURCE is easy enough, and I think we should
>>> do it unconditionally. We should check what effect this has
>>> on the BSD hosts though I guess. (You could argue that we
>>> should be defining _XOPEN_SOURCE anyway for the benefit of
>>> the non-glibc BSD/Solaris/etc platforms.)
>>
>> Sounds good, then I think we should define it to 700 just like glibc does.
> 
> Unfortunately this idea turns out to break OSX compiles,
> because on OSX saying _XOPEN_SOURCE=anything disables
> all the non-X/Open APIs (which you get by default, and
> some of which like mkdtemp we use).

A bit late to this thread, but the original problem was also reported
for Mac OS X with --enable-curses in MacPorts. The build fails with the
same symptoms as in the original report.

https://trac.macports.org/ticket/53929

As you identified, the problem is that ncurses expects the define
_XOPEN_SOURCE >= 500 to enable the wide-char function declarations.

The solution to retain access to non-standard API on Mac OS X would be
to also define _DARWIN_C_SOURCE which enables extensions.

$ cat foo.c
#include 
int main() {
mkdtemp("/tmp/test-XX");
}
$ cc -D_XOPEN_SOURCE=500 -c foo.c
foo.c:4:5: warning: implicit declaration of function 'mkdtemp' is
invalid in C99 [-Wimplicit-function-declaration]
mkdtemp("/tmp/test-XX");
^
1 warning generated.
$ cc -D_XOPEN_SOURCE=500 -D_DARWIN_C_SOURCE -c foo.c
$

A quick test on current master with configure patched to define
  QEMU_CFLAGS="-D_XOPEN_SOURCE=500 -D_DARWIN_C_SOURCE $QEMU_CFLAGS"
compiled fine for both a default configure and with --enable-curses.

Rainer

[Qemu-devel] [PATCH] cocoa: Suppress Cocoa window with -display

[Rainer Müller]

Do not open a Cocoa window when another display is selected that will be
initialized later. The Cocoa display cannot be selected with -display,
so there is no need to check its argument.

Signed-off-by: Rainer Müller 
---
 ui/cocoa.m | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ui/cocoa.m b/ui/cocoa.m
index 334e6f6..c24d9f9 100644
--- a/ui/cocoa.m
+++ b/ui/cocoa.m
@@ -1148,6 +1148,7 @@ int main (int argc, const char * argv[]) {
 !strcmp(opt, "-nographic") ||
 !strcmp(opt, "-version") ||
 !strcmp(opt, "-curses") ||
+!strcmp(opt, "-display") ||
 !strcmp(opt, "-qtest")) {
 return qemu_main(gArgc, gArgv, *_NSGetEnviron());
 }
-- 
2.5.0

Re: [Qemu-devel] Problems compiling HEAD on Mac OS X 10.9.2

[Rainer Müller]

On 2014-06-06 04:04, Fam Zheng wrote:
>> Ugh. This was supposed to be fixed by commit 6295b98d7b767c.
>> Fam, can you re-check your fix, please?
>>
> 
> I don't understand that fix now, looks like it was moved onto a wrong list.
> 
> Rainer, does this below patch work for you? (we can't duplicate object, so 
> sort
> is required there).

No, unfortunately this does not work. With this patch, I end up with:

$ make V=1 qemu-img
...
... qemu-img.o qemu-io-cmds.o qemu-timer.o thread-pool.o libqemuutil.a 
libqemustub.a  -lz -L/opt/local/lib -lcurl -L/opt/local/lib -lssh2 
-Wl,-headerpad_max_install_names -arch x86_64 -L/opt/local/lib 
-Wl,-headerpad_max_install_names -arch -lcurl -lssh2 -lz x86_64 
-L/opt/local/lib -lgthread-2.0 -lglib-2.0 -lintl   -lz -lz
clang: error: no such file or directory: 'x86_64'
clang: error: invalid arch name '-arch -lcurl'
make: *** [qemu-img] Error 1


You really can't just sort the words as their order is important, at 
least for some options such as "-arch" and its argument.

>From config-host.mak:

  LIBSSH2_LIBS=-L/opt/local/lib -lssh2 -Wl,-headerpad_max_install_names -arch 
x86_64

I don't understand the make function $(extract-libs) here. First the 
contents of $o-libs is added as-is, but then it is added again filtered 
through $(expand-objs). What is the purpose of adding it twice?

Regarding your proposed patch, it doesn't matter whether you sort the 
first list or the second list. Both lists include the problematic 
"-arch x86_64" linker option.

Rainer

Re: [Qemu-devel] Problems compiling HEAD on Mac OS X 10.9.2

[Rainer Müller]

On 2014-03-14 13:29, Paolo Bonzini wrote:
> Il 13/03/2014 19:48, Peter Maydell ha scritto:
>> Yep, here we are:
>> LIBSSH2_LIBS=-L/opt/local/lib -lssh2 -Wl,-headerpad_max_install_names
>> -arch x86_64
>> CURL_LIBS=-L/opt/local/lib -lcurl
>>
>> rules.mak is incorrectly reordering the contents of
>> these and generating a non-working mess.
> 
> Fam,
> 
> is the $(sort) actually necessary in extract-libs?  It is required in
> expand-objs, but duplicate -l options should be harmless.

The current master still contains this bug and sorts "-arch x86_64"
separately. I doubt the $(sort) does anything useful.

For the distribution of QEMU in MacPorts I removed the $(sort) from
extract-libs in a local patch in order to be able to build some variants
[1].

Rainer

[1]
https://trac.macports.org/browser/trunk/dports/emulators/qemu/files/patch-link-sort.diff?rev=120672

[Qemu-devel] [Bug 1087114] Re: assertion "QLIST_EMPTY(&bs->tracked_requests)" failed

[Rainer Müller]

I was unable to reproduce the original issue on Mac OS X 10.8.4 using
the current master. However, I was also unable to reproduce the original
issue on the stable-1.5 branch which does not have the fix by Izumi
Tsutsui linked above. As this second fix is only for a problem that
appears in certain load situations, of course I might not be able to
reproduce it.

I also reviewed the code on master I am confident that the solution is
correct now.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1087114

Title:
  assertion "QLIST_EMPTY(&bs->tracked_requests)" failed

Status in QEMU:
  New

Bug description:
  QEMU 1.3.0 on OpenBSD now crashes with an error as shown below and the
  command line params do not seem to matter.

  assertion "QLIST_EMPTY(&bs->tracked_requests)" failed: file "block.c",
  line 1220, function "bdrv_drain_all"

  #1  0x030d1bce24aa in abort () at /usr/src/lib/libc/stdlib/abort.c:70
  p = (struct atexit *) 0x30d11897000
  mask = 4294967263
  cleanup_called = 1
  #2  0x030d1bc5ff44 in __assert2 (file=Variable "file" is not available.
  ) at /usr/src/lib/libc/gen/assert.c:52
  No locals.
  #3  0x030b0d383a03 in bdrv_drain_all () at block.c:1220
  bs = (BlockDriverState *) 0x30d13f3b630
  busy = false
  __func__ = "bdrv_drain_all"
  #4  0x030b0d43acfc in bmdma_cmd_writeb (bm=0x30d0f5f56a8, val=8) at 
hw/ide/pci.c:312
  __func__ = "bmdma_cmd_writeb"
  #5  0x030b0d43b450 in bmdma_write (opaque=0x30d0f5f56a8, addr=0, val=8, 
size=1) at hw/ide/piix.c:76
  bm = (BMDMAState *) 0x30d0f5f56a8
  #6  0x030b0d5c2ce6 in memory_region_write_accessor (opaque=0x30d0f5f57d0, 
addr=0, value=0x30d18c288f0, size=1, shift=0, mask=255)
  at /home/ports/pobj/qemu-1.3.0-debug/qemu-1.3.0/memory.c:334
  mr = (MemoryRegion *) 0x30d0f5f57d0
  tmp = 8
  #7  0x030b0d5c2dc5 in access_with_adjusted_size (addr=0, 
value=0x30d18c288f0, size=1, access_size_min=1, access_size_max=4, 
  access=0x30b0d5c2c6b , 
opaque=0x30d0f5f57d0) at 
/home/ports/pobj/qemu-1.3.0-debug/qemu-1.3.0/memory.c:364
  access_mask = 255
  access_size = 1
  i = 0
  #8  0x030b0d5c3222 in memory_region_iorange_write (iorange=0x30d1d5e7400, 
offset=0, width=1, data=8)
  at /home/ports/pobj/qemu-1.3.0-debug/qemu-1.3.0/memory.c:439
  mrio = (MemoryRegionIORange *) 0x30d1d5e7400
  mr = (MemoryRegion *) 0x30d0f5f57d0
  __func__ = "memory_region_iorange_write"
  #9  0x030b0d5c019a in ioport_writeb_thunk (opaque=0x30d1d5e7400, 
addr=49216, data=8) at /home/ports/pobj/qemu-1.3.0-debug/qemu-1.3.0/ioport.c:212
  ioport = (IORange *) 0x30d1d5e7400
  #10 0x030b0d5bfb65 in ioport_write (index=0, address=49216, data=8) at 
/home/ports/pobj/qemu-1.3.0-debug/qemu-1.3.0/ioport.c:83
  func = (IOPortWriteFunc *) 0x30b0d5c0148 
  default_func = {0x30b0d5bfbbc , 0x30b0d5bfc61 
, 0x30b0d5bfd0c }
  #11 0x030b0d5c0704 in cpu_outb (addr=49216, val=8 '\b') at 
/home/ports/pobj/qemu-1.3.0-debug/qemu-1.3.0/ioport.c:289
  No locals.
  #12 0x030b0d6067dd in helper_outb (port=49216, data=8) at 
/home/ports/pobj/qemu-1.3.0-debug/qemu-1.3.0/target-i386/misc_helper.c:72
  No locals.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1087114/+subscriptions

[Qemu-devel] [Bug 1087114] Re: assertion "QLIST_EMPTY(&bs->tracked_requests)" failed

[Rainer Müller]

Aaron, this added line in qemu-thread-posix.c is the fix, qemu is
expected to crash once this is removed.

I guess Brad meant to revert c166cb72f1676855816340666c3b618beef4b976
which introduced the fallback code. However, reverting this commit alone
will not work on Mac OS X as sem_timedwait() is not available (and the
reason why the fallback code was added at all).

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1087114

Title:
  assertion "QLIST_EMPTY(&bs->tracked_requests)" failed

Status in QEMU:
  New

Bug description:
  QEMU 1.3.0 on OpenBSD now crashes with an error as shown below and the
  command line params do not seem to matter.

  assertion "QLIST_EMPTY(&bs->tracked_requests)" failed: file "block.c",
  line 1220, function "bdrv_drain_all"

  #1  0x030d1bce24aa in abort () at /usr/src/lib/libc/stdlib/abort.c:70
  p = (struct atexit *) 0x30d11897000
  mask = 4294967263
  cleanup_called = 1
  #2  0x030d1bc5ff44 in __assert2 (file=Variable "file" is not available.
  ) at /usr/src/lib/libc/gen/assert.c:52
  No locals.
  #3  0x030b0d383a03 in bdrv_drain_all () at block.c:1220
  bs = (BlockDriverState *) 0x30d13f3b630
  busy = false
  __func__ = "bdrv_drain_all"
  #4  0x030b0d43acfc in bmdma_cmd_writeb (bm=0x30d0f5f56a8, val=8) at 
hw/ide/pci.c:312
  __func__ = "bmdma_cmd_writeb"
  #5  0x030b0d43b450 in bmdma_write (opaque=0x30d0f5f56a8, addr=0, val=8, 
size=1) at hw/ide/piix.c:76
  bm = (BMDMAState *) 0x30d0f5f56a8
  #6  0x030b0d5c2ce6 in memory_region_write_accessor (opaque=0x30d0f5f57d0, 
addr=0, value=0x30d18c288f0, size=1, shift=0, mask=255)
  at /home/ports/pobj/qemu-1.3.0-debug/qemu-1.3.0/memory.c:334
  mr = (MemoryRegion *) 0x30d0f5f57d0
  tmp = 8
  #7  0x030b0d5c2dc5 in access_with_adjusted_size (addr=0, 
value=0x30d18c288f0, size=1, access_size_min=1, access_size_max=4, 
  access=0x30b0d5c2c6b , 
opaque=0x30d0f5f57d0) at 
/home/ports/pobj/qemu-1.3.0-debug/qemu-1.3.0/memory.c:364
  access_mask = 255
  access_size = 1
  i = 0
  #8  0x030b0d5c3222 in memory_region_iorange_write (iorange=0x30d1d5e7400, 
offset=0, width=1, data=8)
  at /home/ports/pobj/qemu-1.3.0-debug/qemu-1.3.0/memory.c:439
  mrio = (MemoryRegionIORange *) 0x30d1d5e7400
  mr = (MemoryRegion *) 0x30d0f5f57d0
  __func__ = "memory_region_iorange_write"
  #9  0x030b0d5c019a in ioport_writeb_thunk (opaque=0x30d1d5e7400, 
addr=49216, data=8) at /home/ports/pobj/qemu-1.3.0-debug/qemu-1.3.0/ioport.c:212
  ioport = (IORange *) 0x30d1d5e7400
  #10 0x030b0d5bfb65 in ioport_write (index=0, address=49216, data=8) at 
/home/ports/pobj/qemu-1.3.0-debug/qemu-1.3.0/ioport.c:83
  func = (IOPortWriteFunc *) 0x30b0d5c0148 
  default_func = {0x30b0d5bfbbc , 0x30b0d5bfc61 
, 0x30b0d5bfd0c }
  #11 0x030b0d5c0704 in cpu_outb (addr=49216, val=8 '\b') at 
/home/ports/pobj/qemu-1.3.0-debug/qemu-1.3.0/ioport.c:289
  No locals.
  #12 0x030b0d6067dd in helper_outb (port=49216, data=8) at 
/home/ports/pobj/qemu-1.3.0-debug/qemu-1.3.0/target-i386/misc_helper.c:72
  No locals.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1087114/+subscriptions

[Qemu-devel] [Bug 1087114] Re: assertion "QLIST_EMPTY(&bs->tracked_requests)" failed

[Rainer Müller]

I had the same problem on Mac OS X 10.8.2 with qemu 1.3.0, but it is now
fixed in the current master branch. I can confirm that the commit
a795ef8dcb8cbadffc996c41ff38927a97645234 fixes this problem. This commit
can also be applied to the 1.3.0 source.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1087114

Title:
  assertion "QLIST_EMPTY(&bs->tracked_requests)" failed

Status in QEMU:
  New

Bug description:
  QEMU 1.3.0 on OpenBSD now crashes with an error as shown below and the
  command line params do not seem to matter.

  assertion "QLIST_EMPTY(&bs->tracked_requests)" failed: file "block.c",
  line 1220, function "bdrv_drain_all"

  #1  0x030d1bce24aa in abort () at /usr/src/lib/libc/stdlib/abort.c:70
  p = (struct atexit *) 0x30d11897000
  mask = 4294967263
  cleanup_called = 1
  #2  0x030d1bc5ff44 in __assert2 (file=Variable "file" is not available.
  ) at /usr/src/lib/libc/gen/assert.c:52
  No locals.
  #3  0x030b0d383a03 in bdrv_drain_all () at block.c:1220
  bs = (BlockDriverState *) 0x30d13f3b630
  busy = false
  __func__ = "bdrv_drain_all"
  #4  0x030b0d43acfc in bmdma_cmd_writeb (bm=0x30d0f5f56a8, val=8) at 
hw/ide/pci.c:312
  __func__ = "bmdma_cmd_writeb"
  #5  0x030b0d43b450 in bmdma_write (opaque=0x30d0f5f56a8, addr=0, val=8, 
size=1) at hw/ide/piix.c:76
  bm = (BMDMAState *) 0x30d0f5f56a8
  #6  0x030b0d5c2ce6 in memory_region_write_accessor (opaque=0x30d0f5f57d0, 
addr=0, value=0x30d18c288f0, size=1, shift=0, mask=255)
  at /home/ports/pobj/qemu-1.3.0-debug/qemu-1.3.0/memory.c:334
  mr = (MemoryRegion *) 0x30d0f5f57d0
  tmp = 8
  #7  0x030b0d5c2dc5 in access_with_adjusted_size (addr=0, 
value=0x30d18c288f0, size=1, access_size_min=1, access_size_max=4, 
  access=0x30b0d5c2c6b , 
opaque=0x30d0f5f57d0) at 
/home/ports/pobj/qemu-1.3.0-debug/qemu-1.3.0/memory.c:364
  access_mask = 255
  access_size = 1
  i = 0
  #8  0x030b0d5c3222 in memory_region_iorange_write (iorange=0x30d1d5e7400, 
offset=0, width=1, data=8)
  at /home/ports/pobj/qemu-1.3.0-debug/qemu-1.3.0/memory.c:439
  mrio = (MemoryRegionIORange *) 0x30d1d5e7400
  mr = (MemoryRegion *) 0x30d0f5f57d0
  __func__ = "memory_region_iorange_write"
  #9  0x030b0d5c019a in ioport_writeb_thunk (opaque=0x30d1d5e7400, 
addr=49216, data=8) at /home/ports/pobj/qemu-1.3.0-debug/qemu-1.3.0/ioport.c:212
  ioport = (IORange *) 0x30d1d5e7400
  #10 0x030b0d5bfb65 in ioport_write (index=0, address=49216, data=8) at 
/home/ports/pobj/qemu-1.3.0-debug/qemu-1.3.0/ioport.c:83
  func = (IOPortWriteFunc *) 0x30b0d5c0148 
  default_func = {0x30b0d5bfbbc , 0x30b0d5bfc61 
, 0x30b0d5bfd0c }
  #11 0x030b0d5c0704 in cpu_outb (addr=49216, val=8 '\b') at 
/home/ports/pobj/qemu-1.3.0-debug/qemu-1.3.0/ioport.c:289
  No locals.
  #12 0x030b0d6067dd in helper_outb (port=49216, data=8) at 
/home/ports/pobj/qemu-1.3.0-debug/qemu-1.3.0/target-i386/misc_helper.c:72
  No locals.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1087114/+subscriptions