| f1483b46 | 10-Jun-2020 |
Markus Armbruster <armbru@redhat.com> |
qdev: Convert to qbus_realize(), qbus_unrealize()
I'm going to convert device realization to qdev_realize() with the
help of Coccinelle. Convert bus realization to qbus_realize() first,
to get it o
qdev: Convert to qbus_realize(), qbus_unrealize()
I'm going to convert device realization to qdev_realize() with the
help of Coccinelle. Convert bus realization to qbus_realize() first,
to get it out of Coccinelle's way. Readability improves.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-7-armbru@redhat.com>
show more ...
|
| 9940b2cf | 10-Jun-2020 |
Markus Armbruster <armbru@redhat.com> |
qdev: New qdev_new(), qdev_realize(), etc.
We commonly plug devices into their bus right when we create them,
like this:
dev = qdev_create(bus, type_name);
Note that @dev is a weak reference.
qdev: New qdev_new(), qdev_realize(), etc.
We commonly plug devices into their bus right when we create them,
like this:
dev = qdev_create(bus, type_name);
Note that @dev is a weak reference. The reference from @bus to @dev
is the only strong one.
We realize at some later time, either with
object_property_set_bool(OBJECT(dev), true, "realized", errp);
or its convenience wrapper
qdev_init_nofail(dev);
If @dev still has no QOM parent then, realizing makes the
/machine/unattached/ orphanage its QOM parent.
Note that the device returned by qdev_create() is plugged into a bus,
but doesn't have a QOM parent, yet. Until it acquires one,
unrealizing the bus will hang in bus_unparent():
while ((kid = QTAILQ_FIRST(&bus->children)) != NULL) {
DeviceState *dev = kid->child;
object_unparent(OBJECT(dev));
}
object_unparent() does nothing when its argument has no QOM parent,
and the loop spins forever.
Device state "no QOM parent, but plugged into bus" is dangerous.
Paolo suggested to delay plugging into the bus until realize. We need
to plug into the parent bus before we call the device's realize
method, in case it uses the parent bus. So the dangerous state still
exists, but only within realization, where we can manage it safely.
This commit creates infrastructure to do this:
dev = qdev_new(type_name);
...
qdev_realize_and_unref(dev, bus, errp)
Note that @dev becomes a strong reference here.
qdev_realize_and_unref() drops it. There is also plain
qdev_realize(), which doesn't drop it.
The remainder of this series will convert all users to this new
interface.
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
Cc: Alistair Francis <alistair@alistair23.me>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Cc: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-5-armbru@redhat.com>
show more ...
|
| 30884d1b | 10-Jun-2020 |
Markus Armbruster <armbru@redhat.com> |
qdev: Rename qbus_realize() to qbus_init()
qbus_realize() does not actually realize. Rename it to qbus_init().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Da
qdev: Rename qbus_realize() to qbus_init()
qbus_realize() does not actually realize. Rename it to qbus_init().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200610053247.1583243-2-armbru@redhat.com>
show more ...
|
| dfe8c79c | 09-Jun-2020 |
Markus Armbruster <armbru@redhat.com> |
qdev: Assert onboard devices all get realized properly
This would have caught some of the bugs I just fixed.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé
qdev: Assert onboard devices all get realized properly
This would have caught some of the bugs I just fixed.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200609122339.937862-25-armbru@redhat.com>
show more ...
|
| 81cb0573 | 09-Jun-2020 |
Markus Armbruster <armbru@redhat.com> |
qdev: Assert devices are plugged into a bus that can take them
This would have caught some of the bugs I just fixed.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Mark Cave-Ayla
qdev: Assert devices are plugged into a bus that can take them
This would have caught some of the bugs I just fixed.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20200609122339.937862-23-armbru@redhat.com>
show more ...
|
| 7d3660e7 | 12-Jun-2020 |
Peter Maydell <peter.maydell@linaro.org> |
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
* Miscellaneous fixes and feature enablement (many)
* SEV refactoring (David)
* Hyper-V initial support (Jon)
* i386 TCG
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
* Miscellaneous fixes and feature enablement (many)
* SEV refactoring (David)
* Hyper-V initial support (Jon)
* i386 TCG fixes (x87 and SSE, Joseph)
* vmport cleanup and improvements (Philippe, Liran)
* Use-after-free with vCPU hot-unplug (Nengyuan)
* run-coverity-scan improvements (myself)
* Record/replay fixes (Pavel)
* -machine kernel_irqchip=split improvements for INTx (Peter)
* Code cleanups (Philippe)
* Crash and security fixes (PJP)
* HVF cleanups (Roman)
# gpg: Signature made Fri 12 Jun 2020 16:57:04 BST
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini/tags/for-upstream: (116 commits)
target/i386: Remove obsolete TODO file
stubs: move Xen stubs to accel/
replay: fix replay shutdown for console mode
exec/cpu-common: Move MUSB specific typedefs to 'hw/usb/hcd-musb.h'
hw/usb: Move device-specific declarations to new 'hcd-musb.h' header
exec/memory: Remove unused MemoryRegionMmio type
checkpatch: reversed logic with acpi test checks
target/i386: sev: Unify SEVState and SevGuestState
target/i386: sev: Remove redundant handle field
target/i386: sev: Remove redundant policy field
target/i386: sev: Remove redundant cbitpos and reduced_phys_bits fields
target/i386: sev: Partial cleanup to sev_state global
target/i386: sev: Embed SEVState in SevGuestState
target/i386: sev: Rename QSevGuestInfo
target/i386: sev: Move local structure definitions into .c file
target/i386: sev: Remove unused QSevGuestInfoClass
xen: fix build without pci passthrough
i386: hvf: Drop HVFX86EmulatorState
i386: hvf: Move mmio_buf into CPUX86State
i386: hvf: Move lazy_flags into CPUX86State
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
# Conflicts:
# hw/i386/acpi-build.c
show more ...
|
| 9e390313 | 12-Jun-2020 |
Peter Maydell <peter.maydell@linaro.org> |
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
virtio,acpi,pci: features, fixes, cleanups, tests
Max slots negotiation for vhost-user.
Free page reporting for balloon.
Pa
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
virtio,acpi,pci: features, fixes, cleanups, tests
Max slots negotiation for vhost-user.
Free page reporting for balloon.
Partial TPM2 ACPI support for ARM.
Support for NVDIMMs having their own proximity domains.
New vhost-user-vsock device.
Fixes, cleanups in ACPI, PCI, virtio.
New tests for TPM ACPI.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Fri 12 Jun 2020 15:18:04 BST
# gpg: using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469
# gpg: issuer "mst@redhat.com"
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full]
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>" [full]
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67
# Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469
* remotes/mst/tags/for_upstream: (58 commits)
virtio-pci: fix queue_enable write
pci: Display PCI IRQ pin in "info pci"
Fix parameter type in vhost migration log path
acpi: ged: rename event memory region
acpi: fadt: add hw-reduced sleep register support
acpi: madt: skip pci override on pci-less systems.
acpi: create acpi-common.c and move madt code
acpi: make build_madt() more generic.
virtio: add vhost-user-vsock-pci device
virtio: add vhost-user-vsock base device
vhost-vsock: add vhost-vsock-common abstraction
hw/pci: Fix crash when running QEMU with "-nic model=rocker"
libvhost-user: advertise vring features
Lift max ram slots limit in libvhost-user
Support individual region unmap in libvhost-user
Support adding individual regions in libvhost-user
Support ram slot configuration in libvhost-user
Refactor out libvhost-user fault generation logic
Lift max memory slots limit imposed by vhost-user
Transmit vhost-user memory regions individually
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
| aaacf1c1 | 12-Mar-2020 |
Liran Alon <liran.alon@oracle.com> |
hw/i386/vmport: Add support for CMD_GETBIOSUUID
This is VMware documented functionallity that some guests rely on.
Returns the BIOS UUID of the current virtual machine.
Note that we also introduce
hw/i386/vmport: Add support for CMD_GETBIOSUUID
This is VMware documented functionallity that some guests rely on.
Returns the BIOS UUID of the current virtual machine.
Note that we also introduce a new compatability flag "x-cmds-v2" to
make sure to expose new VMPort commands only to new machine-types.
This flag will also be used by the following patches that will introduce
additional VMPort commands.
Reviewed-by: Nikita Leshenko <nikita.leshchenko@oracle.com>
Signed-off-by: Liran Alon <liran.alon@oracle.com>
Message-Id: <20200312165431.82118-10-liran.alon@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
show more ...
|
| f8bdc550 | 12-Mar-2020 |
Liran Alon <liran.alon@oracle.com> |
hw/i386/vmport: Report vmware-vmx-type in CMD_GETVERSION
As can be seen from VmCheck_GetVersion() in open-vm-tools code,
CMD_GETVERSION should return vmware-vmx-type in ECX register.
Default is to
hw/i386/vmport: Report vmware-vmx-type in CMD_GETVERSION
As can be seen from VmCheck_GetVersion() in open-vm-tools code,
CMD_GETVERSION should return vmware-vmx-type in ECX register.
Default is to fake host as VMware ESX server. But user can control
this value by "-global vmport.vmware-vmx-type=X".
Reviewed-by: Nikita Leshenko <nikita.leshchenko@oracle.com>
Signed-off-by: Liran Alon <liran.alon@oracle.com>
Message-Id: <20200312165431.82118-7-liran.alon@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
show more ...
|
| 0342ee76 | 12-Mar-2020 |
Liran Alon <liran.alon@oracle.com> |
hw/i386/vmport: Set EAX to -1 on failed and unsupported commands
This is used as a signal for VMware Tools to know if a command it
attempted to invoke, failed or is unsupported. As a result, VMware
hw/i386/vmport: Set EAX to -1 on failed and unsupported commands
This is used as a signal for VMware Tools to know if a command it
attempted to invoke, failed or is unsupported. As a result, VMware Tools
will either report failure to user or fallback to another backdoor command
in attempt to perform some operation.
A few examples:
* open-vm-tools TimeSyncReadHost() function fallbacks to
CMD_GETTIMEFULL command when CMD_GETTIMEFULL_WITH_LAG
fails/unsupported.
* open-vm-tools Hostinfo_NestingSupported() function verifies
EAX != -1 to check for success.
* open-vm-tools Hostinfo_VCPUInfoBackdoor() functions checks
if reserved-bit is set to indicate command is unimplemented.
Reviewed-by: Nikita Leshenko <nikita.leshchenko@oracle.com>
Signed-off-by: Liran Alon <liran.alon@oracle.com>
Message-Id: <20200312165431.82118-5-liran.alon@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
show more ...
|
| b8892129 | 12-Mar-2020 |
Liran Alon <liran.alon@oracle.com> |
hw/i386/vmport: Propagate IOPort read to vCPU EAX register
vmport_ioport_read() returns the value that should propagate to vCPU EAX
register when guest reads VMPort IOPort (i.e. By x86 IN instructio
hw/i386/vmport: Propagate IOPort read to vCPU EAX register
vmport_ioport_read() returns the value that should propagate to vCPU EAX
register when guest reads VMPort IOPort (i.e. By x86 IN instruction).
However, because vmport_ioport_read() calls cpu_synchronize_state(), the
returned value gets overridden by the value in QEMU vCPU EAX register.
i.e. cpu->env.regs[R_EAX].
To fix this issue, change vmport_ioport_read() to explicitly override
cpu->env.regs[R_EAX] with the value it wish to propagate to vCPU EAX
register.
Reviewed-by: Nikita Leshenko <nikita.leshchenko@oracle.com>
Signed-off-by: Liran Alon <liran.alon@oracle.com>
Message-Id: <20200312165431.82118-4-liran.alon@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
show more ...
|
| ea81f98b | 11-May-2020 |
Igor Mammedov <imammedo@redhat.com> |
numa: prevent usage of -M memory-backend and -numa memdev at the same time
Options -M memory-backend and -numa memdev are mutually exclusive,
and if used together, it might lead to a crash in the wo
numa: prevent usage of -M memory-backend and -numa memdev at the same time
Options -M memory-backend and -numa memdev are mutually exclusive,
and if used together, it might lead to a crash in the worst case.
For example when the same backend is used with these options together:
-m 4G \
-object memory-backend-ram,id=mem0,size=4G \
-M pc,memory-backend=mem0 \
-numa node,memdev=mem0
QEMU will abort with:
exec.c:2006: qemu_ram_set_idstr: Assertion `!new_block->idstr[0]' failed.
and following backtrace:
abort ()
qemu_ram_set_idstr ()
vmstate_register_ram ()
vmstate_register_ram_global ()
machine_consume_memdev ()
numa_init_memdev_container ()
numa_complete_configuration ()
machine_run_board_init ()
add a check to error out in case the user tries to use both options at
the same time.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20200511141103.43768-3-imammedo@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
show more ...
|
| 7483cbba | 26-May-2020 |
Alexander Duyck <alexander.h.duyck@linux.intel.com> |
virtio-balloon: Implement support for page poison reporting feature
We need to make certain to advertise support for page poison reporting if
we want to actually get data on if the guest will be poi
virtio-balloon: Implement support for page poison reporting feature
We need to make certain to advertise support for page poison reporting if
we want to actually get data on if the guest will be poisoning pages.
Add a value for reporting the poison value being used if page poisoning is
enabled in the guest. With this we can determine if we will need to skip
free page reporting when it is enabled in the future.
The value currently has no impact on existing balloon interfaces. In the
case of existing balloon interfaces the onus is on the guest driver to
reapply whatever poison is in place.
When we add free page reporting the poison value is used to determine if
we can perform in-place page reporting. The expectation is that a reported
page will already contain the value specified by the poison, and the
reporting of the page should not change that value.
Acked-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Alexander Duyck <alexander.h.duyck@linux.intel.com>
Message-Id: <20200527041400.12700.33251.stgit@localhost.localdomain>
show more ...
|
| 6007523a | 24-Jun-2019 |
Philippe Mathieu-Daudé <f4bug@amsat.org> |
hw/misc/empty_slot: Move the 'hw/misc' and cover in MAINTAINERS
Add an entry for the 'empty_slot' device.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Acked-by: Artyom Tarasenko <atar4qe
hw/misc/empty_slot: Move the 'hw/misc' and cover in MAINTAINERS
Add an entry for the 'empty_slot' device.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Acked-by: Artyom Tarasenko <atar4qemu@gmail.com>
Message-Id: <20200510152840.13558-7-f4bug@amsat.org>
show more ...
|
| c0e43084 | 24-Jun-2019 |
Philippe Mathieu-Daudé <f4bug@amsat.org> |
hw/misc/empty_slot: Convert debug printf() to trace event
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Acked-by: Artyom Tarasenko <atar4qemu@gmail.com>
Message-Id: <20200510152840.13558-6
hw/misc/empty_slot: Convert debug printf() to trace event
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Acked-by: Artyom Tarasenko <atar4qemu@gmail.com>
Message-Id: <20200510152840.13558-6-f4bug@amsat.org>
show more ...
|
| 07ddf5cb | 24-Jun-2019 |
Philippe Mathieu-Daudé <f4bug@amsat.org> |
hw/misc/empty_slot: Add a 'name' qdev property
Add a 'name' qdev property so when multiple slots are
accessed, we can notice which one is accessed.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsa
hw/misc/empty_slot: Add a 'name' qdev property
Add a 'name' qdev property so when multiple slots are
accessed, we can notice which one is accessed.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Acked-by: Artyom Tarasenko <atar4qemu@gmail.com>
Message-Id: <20200510152840.13558-5-f4bug@amsat.org>
show more ...
|
| 4bbadef0 | 24-Jun-2019 |
Philippe Mathieu-Daudé <f4bug@amsat.org> |
hw/misc/empty_slot: Convert 'size' field as qdev property
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Acked-by: Artyom Tarasenko <atar4qemu@gmail.com>
Message-Id: <20200510152840.13558-4
hw/misc/empty_slot: Convert 'size' field as qdev property
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Acked-by: Artyom Tarasenko <atar4qemu@gmail.com>
Message-Id: <20200510152840.13558-4-f4bug@amsat.org>
show more ...
|
| 6c339493 | 24-Jun-2019 |
Philippe Mathieu-Daudé <f4bug@amsat.org> |
hw/misc/empty_slot: Lower address space priority
Empty slots model RAZ/WI access on a bus. Since we can still
(hot) plug devices on the bus, lower the slot priority, so
device added later is accesse
hw/misc/empty_slot: Lower address space priority
Empty slots model RAZ/WI access on a bus. Since we can still
(hot) plug devices on the bus, lower the slot priority, so
device added later is accessed first.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Acked-by: Artyom Tarasenko <atar4qemu@gmail.com>
Message-Id: <20200510152840.13558-3-f4bug@amsat.org>
show more ...
|
| cfe35d48 | 22-May-2020 |
Philippe Mathieu-Daudé <philmd@redhat.com> |
hw/core: Restrict CpuClass::get_crash_info() to system-mode
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Tested-by: Laurent Vivier <l
hw/core: Restrict CpuClass::get_crash_info() to system-mode
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Tested-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200522172510.25784-13-philmd@redhat.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
show more ...
|
| 688ffbb4 | 12-May-2020 |
Philippe Mathieu-Daudé <f4bug@amsat.org> |
various: Remove unnecessary OBJECT() cast
The OBJECT() macro is defined as:
#define OBJECT(obj) ((Object *)(obj))
Remove the unnecessary OBJECT() casts when we already know the
pointer is of Obj
various: Remove unnecessary OBJECT() cast
The OBJECT() macro is defined as:
#define OBJECT(obj) ((Object *)(obj))
Remove the unnecessary OBJECT() casts when we already know the
pointer is of Object type.
Patch created mechanically using spatch with this script:
@@
typedef Object;
Object *o;
@@
- OBJECT(o)
+ o
Acked-by: Cornelia Huck <cohuck@redhat.com>
Acked-by: Corey Minyard <cminyard@mvista.com>
Acked-by: John Snow <jsnow@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20200512070020.22782-3-f4bug@amsat.org>
[Trivial rebase conflict in hw/s390x/sclp.c resolved]
show more ...
|
| df4fe0b2 | 05-May-2020 |
Markus Armbruster <armbru@redhat.com> |
qom: Drop @errp parameter of object_property_del()
Same story as for object_property_add(): the only way
object_property_del() can fail is when the property with this name
does not exist. Since our
qom: Drop @errp parameter of object_property_del()
Same story as for object_property_add(): the only way
object_property_del() can fail is when the property with this name
does not exist. Since our property names are all hardcoded, failure
is a programming error, and the appropriate way to handle it is
passing &error_abort. Most callers do that, the commit before
previous fixed one that didn't (and got the error handling wrong), and
the two remaining exceptions ignore errors.
Drop the @errp parameter.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200505152926.18877-19-armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
show more ...
|
| b69c3c21 | 05-May-2020 |
Markus Armbruster <armbru@redhat.com> |
qdev: Unrealize must not fail
Devices may have component devices and buses.
Device realization may fail. Realization is recursive: a device's
realize() method realizes its components, and device_s
qdev: Unrealize must not fail
Devices may have component devices and buses.
Device realization may fail. Realization is recursive: a device's
realize() method realizes its components, and device_set_realized()
realizes its buses (which should in turn realize the devices on that
bus, except bus_set_realized() doesn't implement that, yet).
When realization of a component or bus fails, we need to roll back:
unrealize everything we realized so far. If any of these unrealizes
failed, the device would be left in an inconsistent state. Must not
happen.
device_set_realized() lets it happen: it ignores errors in the roll
back code starting at label child_realize_fail.
Since realization is recursive, unrealization must be recursive, too.
But how could a partly failed unrealize be rolled back? We'd have to
re-realize, which can fail. This design is fundamentally broken.
device_set_realized() does not roll back at all. Instead, it keeps
unrealizing, ignoring further errors.
It can screw up even for a device with no buses: if the lone
dc->unrealize() fails, it still unregisters vmstate, and calls
listeners' unrealize() callback.
bus_set_realized() does not roll back either. Instead, it stops
unrealizing.
Fortunately, no unrealize method can fail, as we'll see below.
To fix the design error, drop parameter @errp from all the unrealize
methods.
Any unrealize method that uses @errp now needs an update. This leads
us to unrealize() methods that can fail. Merely passing it to another
unrealize method cannot cause failure, though. Here are the ones that
do other things with @errp:
* virtio_serial_device_unrealize()
Fails when qbus_set_hotplug_handler() fails, but still does all the
other work. On failure, the device would stay realized with its
resources completely gone. Oops. Can't happen, because
qbus_set_hotplug_handler() can't actually fail here. Pass
&error_abort to qbus_set_hotplug_handler() instead.
* hw/ppc/spapr_drc.c's unrealize()
Fails when object_property_del() fails, but all the other work is
already done. On failure, the device would stay realized with its
vmstate registration gone. Oops. Can't happen, because
object_property_del() can't actually fail here. Pass &error_abort
to object_property_del() instead.
* spapr_phb_unrealize()
Fails and bails out when remove_drcs() fails, but other work is
already done. On failure, the device would stay realized with some
of its resources gone. Oops. remove_drcs() fails only when
chassis_from_bus()'s object_property_get_uint() fails, and it can't
here. Pass &error_abort to remove_drcs() instead.
Therefore, no unrealize method can fail before this patch.
device_set_realized()'s recursive unrealization via bus uses
object_property_set_bool(). Can't drop @errp there, so pass
&error_abort.
We similarly unrealize with object_property_set_bool() elsewhere,
always ignoring errors. Pass &error_abort instead.
Several unrealize methods no longer handle errors from other unrealize
methods: virtio_9p_device_unrealize(),
virtio_input_device_unrealize(), scsi_qdev_unrealize(), ...
Much of the deleted error handling looks wrong anyway.
One unrealize methods no longer ignore such errors:
usb_ehci_pci_exit().
Several realize methods no longer ignore errors when rolling back:
v9fs_device_realize_common(), pci_qdev_unrealize(),
spapr_phb_realize(), usb_qdev_realize(), vfio_ccw_realize(),
virtio_device_realize().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200505152926.18877-17-armbru@redhat.com>
show more ...
|
| 40c2281c | 05-May-2020 |
Markus Armbruster <armbru@redhat.com> |
Drop more @errp parameters after previous commit
Several functions can't fail anymore: ich9_pm_add_properties(),
device_add_bootindex_property(), ppc_compat_add_property(),
spapr_caps_add_properties
Drop more @errp parameters after previous commit
Several functions can't fail anymore: ich9_pm_add_properties(),
device_add_bootindex_property(), ppc_compat_add_property(),
spapr_caps_add_properties(), PropertyInfo.create(). Drop their @errp
parameter.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200505152926.18877-16-armbru@redhat.com>
show more ...
|
| d2623129 | 05-May-2020 |
Markus Armbruster <armbru@redhat.com> |
qom: Drop parameter @errp of object_property_add() & friends
The only way object_property_add() can fail is when a property with
the same name already exists. Since our property names are all
hardc
qom: Drop parameter @errp of object_property_add() & friends
The only way object_property_add() can fail is when a property with
the same name already exists. Since our property names are all
hardcoded, failure is a programming error, and the appropriate way to
handle it is passing &error_abort.
Same for its variants, except for object_property_add_child(), which
additionally fails when the child already has a parent. Parentage is
also under program control, so this is a programming error, too.
We have a bit over 500 callers. Almost half of them pass
&error_abort, slightly fewer ignore errors, one test case handles
errors, and the remaining few callers pass them to their own callers.
The previous few commits demonstrated once again that ignoring
programming errors is a bad idea.
Of the few ones that pass on errors, several violate the Error API.
The Error ** argument must be NULL, &error_abort, &error_fatal, or a
pointer to a variable containing NULL. Passing an argument of the
latter kind twice without clearing it in between is wrong: if the
first call sets an error, it no longer points to NULL for the second
call. ich9_pm_add_properties(), sparc32_ledma_realize(),
sparc32_dma_realize(), xilinx_axidma_realize(), xilinx_enet_realize()
are wrong that way.
When the one appropriate choice of argument is &error_abort, letting
users pick the argument is a bad idea.
Drop parameter @errp and assert the preconditions instead.
There's one exception to "duplicate property name is a programming
error": the way object_property_add() implements the magic (and
undocumented) "automatic arrayification". Don't drop @errp there.
Instead, rename object_property_add() to object_property_try_add(),
and add the obvious wrapper object_property_add().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200505152926.18877-15-armbru@redhat.com>
[Two semantic rebase conflicts resolved]
show more ...
|
| 9f742c28 | 05-May-2020 |
Markus Armbruster <armbru@redhat.com> |
qdev: Clean up qdev_connect_gpio_out_named()
Both qdev_connect_gpio_out_named() and device_set_realized() put
objects without a parent into the "/machine/unattached/" orphanage.
qdev_connect_gpio_o
qdev: Clean up qdev_connect_gpio_out_named()
Both qdev_connect_gpio_out_named() and device_set_realized() put
objects without a parent into the "/machine/unattached/" orphanage.
qdev_connect_gpio_out_named() needs a lengthy comment to explain how
it works. It exploits that object_property_add_child() can fail only
when we got a parent already, and ignoring that error does what we
want. True. If it failed due to "duplicate property", we'd be in
trouble, but that would be a programming error.
device_set_realized() is cleaner: it checks whether we need a parent,
then calls object_property_add_child(), aborting on failure. No need
for a comment, and programming errors get caught.
Change qdev_connect_gpio_out_named() to match.
Cc: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200505152926.18877-14-armbru@redhat.com>
show more ...
|