[Qemu-commits] [qemu/qemu] 84d839: block: compile out assert_bdrv_graph

qemu-commits
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 84d839: block: compile out assert_bdrv_graph_

From:	Alex Bennée
Subject:	[Qemu-commits] [qemu/qemu] 84d839: block: compile out assert_bdrv_graph_readable() by...
Date:	Wed, 24 May 2023 08:13:29 -0700
  Branch: refs/heads/staging-8.0
  Home:   https://github.com/qemu/qemu
  Commit: 84d839e4998bf3845a2e16ea482a3da3d1598346
      
https://github.com/qemu/qemu/commit/84d839e4998bf3845a2e16ea482a3da3d1598346
  Author: Stefan Hajnoczi <stefanha@redhat.com>
  Date:   2023-05-22 (Mon, 22 May 2023)

  Changed paths:
    M block/graph-lock.c
    M configure
    M meson.build
    M meson_options.txt
    M scripts/meson-buildoptions.sh

  Log Message:
  -----------
  block: compile out assert_bdrv_graph_readable() by default

reader_count() is a performance bottleneck because the global
aio_context_list_lock mutex causes thread contention. Put this debugging
assertion behind a new ./configure --enable-debug-graph-lock option and
disable it by default.

The --enable-debug-graph-lock option is also enabled by the more general
--enable-debug option.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20230501173443.153062-1-stefanha@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 58a2e3f5c37be02dac3086b81bdda9414b931edf)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: pick this one up so the next patch which disables this applies cleanly)


  Commit: d001f222e37d51aa8d691ada53b58725010e6837
      
https://github.com/qemu/qemu/commit/d001f222e37d51aa8d691ada53b58725010e6837
  Author: Kevin Wolf <kwolf@redhat.com>
  Date:   2023-05-22 (Mon, 22 May 2023)

  Changed paths:
    M block/graph-lock.c

  Log Message:
  -----------
  graph-lock: Disable locking for now

In QEMU 8.0, we've been seeing deadlocks in bdrv_graph_wrlock(). They
come from callers that hold an AioContext lock, which is not allowed
during polling. In theory, we could temporarily release the lock, but
callers are inconsistent about whether they hold a lock, and if they do,
some are also confused about which one they hold. While all of this is
fixable, it's not trivial, and the best course of action for 8.0.1 is
probably just disabling the graph locking code temporarily.

We don't currently rely on graph locking yet. It is supposed to replace
the AioContext lock eventually to enable multiqueue support, but as long
as we still have the AioContext lock, it is sufficient without the graph
lock. Once the AioContext lock goes away, the deadlock doesn't exist any
more either and this commit can be reverted. (Of course, it can also be
reverted while the AioContext lock still exists if the callers have been
fixed.)

Cc: qemu-stable@nongnu.org
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20230517152834.277483-2-kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 80fc5d260002432628710f8b0c7cfc7d9b97bb9d)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: a7002f15c8635bae3f45a7e675920164df42b77d
      
https://github.com/qemu/qemu/commit/a7002f15c8635bae3f45a7e675920164df42b77d
  Author: Kevin Wolf <kwolf@redhat.com>
  Date:   2023-05-22 (Mon, 22 May 2023)

  Changed paths:
    M include/io/channel.h
    M io/channel.c
    M nbd/server.c

  Log Message:
  -----------
  nbd/server: Fix drained_poll to wake coroutine in right AioContext

nbd_drained_poll() generally runs in the main thread, not whatever
iothread the NBD server coroutine is meant to run in, so it can't
directly reenter the coroutines to wake them up.

The code seems to have the right intention, it specifies the correct
AioContext when it calls qemu_aio_coroutine_enter(). However, this
functions doesn't schedule the coroutine to run in that AioContext, but
it assumes it is already called in the home thread of the AioContext.

To fix this, add a new thread-safe qio_channel_wake_read() that can be
called in the main thread to wake up the coroutine in its AioContext,
and use this in nbd_drained_poll().

Cc: qemu-stable@nongnu.org
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20230517152834.277483-3-kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 7c1f51bf38de8cea4ed5030467646c37b46edeb7)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: eb134d1d589f3ed693b40f2654ff478424b5d9cb
      
https://github.com/qemu/qemu/commit/eb134d1d589f3ed693b40f2654ff478424b5d9cb
  Author: timothee.cocault@gmail.com <timothee.cocault@gmail.com>
  Date:   2023-05-23 (Tue, 23 May 2023)

  Changed paths:
    M hw/net/e1000.c
    M hw/net/e1000e_core.c
    M hw/net/e1000x_common.c
    M hw/net/igb_core.c

  Log Message:
  -----------
  e1000e: Fix tx/rx counters

The bytes and packets counter registers are cleared on read.

Copying the "total counter" registers to the "good counter" registers has
side effects.
If the "total" register is never read by the OS, it only gets incremented.
This leads to exponential growth of the "good" register.

This commit increments the counters individually to avoid this.

Signed-off-by: Timothée Cocault <timothee.cocault@gmail.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
(cherry picked from commit 8d689f6aae8be096b4a1859be07c1b083865f755)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 0f7ca2bf2c6476244113132539ff2d6ef1d47b34
      
https://github.com/qemu/qemu/commit/0f7ca2bf2c6476244113132539ff2d6ef1d47b34
  Author: Akihiko Odaki <akihiko.odaki@daynix.com>
  Date:   2023-05-24 (Wed, 24 May 2023)

  Changed paths:
    M hw/net/e1000.c
    M hw/net/e1000e_core.c
    M hw/net/e1000x_common.c
    M hw/net/e1000x_common.h
    M hw/net/igb_core.c

  Log Message:
  -----------
  e1000x: Fix BPRC and MPRC

Before this change, e1000 and the common code updated BPRC and MPRC
depending on the matched filter, but e1000e and igb decided to update
those counters by deriving the packet type independently. This
inconsistency caused a multicast packet to be counted twice.

Updating BPRC and MPRC depending on are fundamentally flawed anyway as
a filter can be used for different types of packets. For example, it is
possible to filter broadcast packets with MTA.

Always determine what counters to update by inspecting the packets.

Fixes: 3b27430177 ("e1000: Implementing various counters")
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Sriram Yagnaraman <sriram.yagnaraman@est.tech>
Signed-off-by: Jason Wang <jasowang@redhat.com>
(cherry picked from commit f3f9b726afba1f53663768603189e574f80b5907)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 9ff3fe63fc54fdc53599cc258c1f7150644f86d3
      
https://github.com/qemu/qemu/commit/9ff3fe63fc54fdc53599cc258c1f7150644f86d3
  Author: Akihiko Odaki <akihiko.odaki@daynix.com>
  Date:   2023-05-24 (Wed, 24 May 2023)

  Changed paths:
    M hw/net/igb_core.c
    M hw/net/igb_regs.h

  Log Message:
  -----------
  igb: Fix Rx packet type encoding

igb's advanced descriptor uses a packet type encoding different from
one used in e1000e's extended descriptor. Fix the logic to encode
Rx packet type accordingly.

Fixes: 3a977deebe ("Intrdocue igb device emulation")
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Sriram Yagnaraman <sriram.yagnaraman@est.tech>
Signed-off-by: Jason Wang <jasowang@redhat.com>
(cherry picked from commit ed447c60b341f1714b3c800d7f9c68898e873f78)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 6e260100d074bf48f4502ce55ba65680324ffc0e
      
https://github.com/qemu/qemu/commit/6e260100d074bf48f4502ce55ba65680324ffc0e
  Author: Akihiko Odaki <akihiko.odaki@daynix.com>
  Date:   2023-05-24 (Wed, 24 May 2023)

  Changed paths:
    M hw/net/igb_core.c

  Log Message:
  -----------
  igb: Do not require CTRL.VME for tx VLAN tagging

While the datasheet of e1000e says it checks CTRL.VME for tx VLAN
tagging, igb's datasheet has no such statements. It also says for
"CTRL.VLE":
> This register only affects the VLAN Strip in Rx it does not have any
> influence in the Tx path in the 82576.
(Appendix A. Changes from the 82575)

There is no "CTRL.VLE" so it is more likely that it is a mistake of
CTRL.VME.

Fixes: fba7c3b788 ("igb: respect VMVIR and VMOLR for VLAN")
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Sriram Yagnaraman <sriram.yagnaraman@est.tech>
Signed-off-by: Jason Wang <jasowang@redhat.com>
(cherry picked from commit e209716749cda1581cfc8e582591c0216c30ab0d)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: ba3c7bf178c8a94b2635a655918ee7ae991a9cf7
      
https://github.com/qemu/qemu/commit/ba3c7bf178c8a94b2635a655918ee7ae991a9cf7
  Author: Akihiko Odaki <akihiko.odaki@daynix.com>
  Date:   2023-05-24 (Wed, 24 May 2023)

  Changed paths:
    M hw/net/igb_core.c

  Log Message:
  -----------
  igb: Clear IMS bits when committing ICR access

The datasheet says contradicting statements regarding ICR accesses so it
is not reliable to determine the behavior of ICR accesses. However,
e1000e does clear IMS bits when reading ICR accesses and Linux also
expects ICR accesses will clear IMS bits according to:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/net/ethernet/intel/igb/igb_main.c?h=v6.2#n8048

Fixes: 3a977deebe ("Intrdocue igb device emulation")
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Sriram Yagnaraman <sriram.yagnaraman@est.tech>
Signed-off-by: Jason Wang <jasowang@redhat.com>
(cherry picked from commit f0b1df5c4502b5ec89f83417924935ab201511d0)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 5c4f2f1b60e7d95ccc16262c3040d4c5f2f62126
      
https://github.com/qemu/qemu/commit/5c4f2f1b60e7d95ccc16262c3040d4c5f2f62126
  Author: Akihiko Odaki <akihiko.odaki@daynix.com>
  Date:   2023-05-24 (Wed, 24 May 2023)

  Changed paths:
    M hw/net/igb_core.c
    M hw/net/net_rx_pkt.c
    M hw/net/net_rx_pkt.h
    M hw/net/virtio-net.c
    M hw/net/vmxnet3.c
    M include/net/eth.h
    M net/eth.c

  Log Message:
  -----------
  net/net_rx_pkt: Use iovec for net_rx_pkt_set_protocols()

igb does not properly ensure the buffer passed to
net_rx_pkt_set_protocols() is contiguous for the entire L2/L3/L4 header.
Allow it to pass scattered data to net_rx_pkt_set_protocols().

Fixes: 3a977deebe ("Intrdocue igb device emulation")
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Sriram Yagnaraman <sriram.yagnaraman@est.tech>
Signed-off-by: Jason Wang <jasowang@redhat.com>
(cherry picked from commit 2f0fa232b8c330df029120a6824c8be3d4eb5cae)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: c84bcff3d3877658adf0bca3d8087488ecf0f3d9
      
https://github.com/qemu/qemu/commit/c84bcff3d3877658adf0bca3d8087488ecf0f3d9
  Author: Akihiko Odaki <akihiko.odaki@daynix.com>
  Date:   2023-05-24 (Wed, 24 May 2023)

  Changed paths:
    M hw/net/e1000e_core.c

  Log Message:
  -----------
  e1000e: Always copy ethernet header

e1000e_receive_internal() used to check the iov length to determine
copy the iovs to a contiguous buffer, but the check is flawed in two
ways:
- It does not ensure that iovcnt > 0.
- It does not take virtio-net header into consideration.

The size of this copy is just 18 octets, which can be even less than
the code size required for checks. This (wrong) optimization is probably
not worth so just remove it.

Fixes: 6f3fbe4ed0 ("net: Introduce e1000e device emulation")
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
(cherry picked from commit 310a128eae12339f97f6c940a7ddf92f40d283e4)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 02bd13ae3acb3ff3c3c2bcea142d5aee880e3a88
      
https://github.com/qemu/qemu/commit/02bd13ae3acb3ff3c3c2bcea142d5aee880e3a88
  Author: Akihiko Odaki <akihiko.odaki@daynix.com>
  Date:   2023-05-24 (Wed, 24 May 2023)

  Changed paths:
    M hw/net/igb_core.c

  Log Message:
  -----------
  igb: Always copy ethernet header

igb_receive_internal() used to check the iov length to determine
copy the iovs to a contiguous buffer, but the check is flawed in two
ways:
- It does not ensure that iovcnt > 0.
- It does not take virtio-net header into consideration.

The size of this copy is just 22 octets, which can be even less than
the code size required for checks. This (wrong) optimization is probably
not worth so just remove it. Removing this also allows igb to assume
aligned accesses for the ethernet header.

Fixes: 3a977deebe ("Intrdocue igb device emulation")
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Sriram Yagnaraman <sriram.yagnaraman@est.tech>
Signed-off-by: Jason Wang <jasowang@redhat.com>
(cherry picked from commit dc9ef1bf454811646b3ee6387f1b96f63f538a18)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: fae9449998e73cb52ddfc6453bee49cf3a518372
      
https://github.com/qemu/qemu/commit/fae9449998e73cb52ddfc6453bee49cf3a518372
  Author: Stefan Hajnoczi <stefanha@redhat.com>
  Date:   2023-05-24 (Wed, 24 May 2023)

  Changed paths:
    M hw/net/rtl8139.c

  Log Message:
  -----------
  rtl8139: fix large_send_mss divide-by-zero

If the driver sets large_send_mss to 0 then a divide-by-zero occurs.
Even if the division wasn't a problem, the for loop that emits MSS-sized
packets would never terminate.

Solve these issues by skipping offloading when large_send_mss=0.

This issue was found by OSS-Fuzz as part of Alexander Bulekov's device
fuzzing work. The reproducer is:

  $ cat << EOF | ./qemu-system-i386 -display none -machine accel=qtest, -m \
  512M,slots=1,maxmem=0xffff000000000000 -machine q35 -nodefaults -device \
  rtl8139,netdev=net0 -netdev user,id=net0 -device \
  pc-dimm,id=nv1,memdev=mem1,addr=0xb800a64602800000 -object \
  memory-backend-ram,id=mem1,size=2M  -qtest stdio
  outl 0xcf8 0x80000814
  outl 0xcfc 0xe0000000
  outl 0xcf8 0x80000804
  outw 0xcfc 0x06
  write 0xe0000037 0x1 0x04
  write 0xe00000e0 0x2 0x01
  write 0x1 0x1 0x04
  write 0x3 0x1 0x98
  write 0xa 0x1 0x8c
  write 0xb 0x1 0x02
  write 0xc 0x1 0x46
  write 0xd 0x1 0xa6
  write 0xf 0x1 0xb8
  write 0xb800a646028c000c 0x1 0x08
  write 0xb800a646028c000e 0x1 0x47
  write 0xb800a646028c0010 0x1 0x02
  write 0xb800a646028c0017 0x1 0x06
  write 0xb800a646028c0036 0x1 0x80
  write 0xe00000d9 0x1 0x40
  EOF

Buglink: https://gitlab.com/qemu-project/qemu/-/issues/1582
Closes: https://gitlab.com/qemu-project/qemu/-/issues/1582
Cc: qemu-stable@nongnu.org
Cc: Peter Maydell <peter.maydell@linaro.org>
Fixes: 6d71357a3b65 ("rtl8139: honor large send MSS value")
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
(cherry picked from commit 792676c165159c11412346870fd58fd243ab2166)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


Compare: https://github.com/qemu/qemu/compare/cde0704a76cc...fae9449998e7
[Prev in Thread]
Current Thread
[Next in Thread]
[Qemu-commits] [qemu/qemu] 84d839: block: compile out assert_bdrv_graph_readable() by..., Alex Bennée <=
Prev by Date: [Qemu-commits] [qemu/qemu] f9f42e: e1000: Count CRC in Tx statistics
Next by Date: [Qemu-commits] [qemu/qemu] a87826: Remove redundant CI variables
Previous by thread: [Qemu-commits] [qemu/qemu] f9f42e: e1000: Count CRC in Tx statistics
Next by thread: [Qemu-commits] [qemu/qemu] a87826: Remove redundant CI variables
Index(es):
- Date
- Thread