[Bug,1586756,NEW] "-serial unix:" option of qemu-system-* is broken in qemu 2.6.0

Commit Message

redcap97 May 29, 2016, 11 a.m. UTC

Public bug reported:

I found a bug of "-serial unix:PATH_TO_SOCKET" in qemu 2.6.0 (qemu 2.5.1 works fine).
Occasionally, a part of the output of qemu disappears in the bug.

It looks like following commit is the cause:

char: ensure all clients are in non-blocking mode (Author: Daniel P. Berrange <berrange@redhat.com>)
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=64c800f808748522727847b9cdc73412f22dffb9

In this commit, UNIX socket is set to non-blocking mode, but qemu_chr_fe_write function doesn't handle EAGAIN.
You should fix code like that:

---
---

Or please do "git revert 64c800f808748522727847b9cdc73412f22dffb9".

** Affects: qemu
     Importance: Undecided
         Status: New

Comments

Daniel Berrange June 1, 2016, 10:19 a.m. UTC | #1

** Changed in: qemu
     Assignee: (unassigned) => Daniel Berrange (berrange)

Daniel Berrange July 26, 2016, 3:39 p.m. UTC | #2

I'm unable to reproduce the problem mentioned myself, and code
inspection shows no problem for x86_64 at least.

Specifically hw/char/serial.c has a   serial_xmit() method which calls
qemu_chr_fe_write(), and if it sees EAGAIN, it sets up a event
notification to re-try the write later.

Can you provide the full QEMU command line you are using, include the
emulator binary.

** Changed in: qemu
       Status: New => Incomplete

Daniel Berrange July 26, 2016, 3:51 p.m. UTC | #3

Looking at the code in 2.5.0, the qemu_chr_fe_write method would see
EAGAIN too, because the tcp_chr_accept() method would always set the
newly connected client to non-blocking mode. So thre's no obvious change
in behaviour between 2.5 and 2.6 wrt to blocking sockets.

redcap97 July 29, 2016, 2:43 p.m. UTC | #4

I wrote small code which reproduces this issue.

https://bitbucket.org/redcap97/puts-hello-x80000-armv7-kernel/downloads
/puts-HELLO-x80000

Above binary outputs "HELLO!" 80000 times to UART.

# Please execute in terminal
socat unix-listen:a.sock stdout | tee actual

# Please execute in another terminal
qemu-system-arm -M vexpress-a9 -nographic -kernel puts-HELLO-x80000 -serial unix:a.sock

# Check results
yes 'HELLO!' | head -n 80000 > expected
diff -u expected actual

Occasionally, a part of the output of qemu disappears.


Source code of the binary
https://bitbucket.org/redcap97/puts-hello-x80000-armv7-kernel/src

redcap97 July 29, 2016, 2:44 p.m. UTC | #5

> Looking at the code in 2.5.0, the qemu_chr_fe_write method would see
EAGAIN too, because the tcp_chr_accept() method would always set the
newly connected client to non-blocking mode. So thre's no obvious change
in behaviour between 2.5 and 2.6 wrt to blocking sockets.

It looks like tcp_chr_accept function isn't called in above command.
tcp_chr_wait_connected function is called instead.

So the socket is blocking mode and doesn't return EAGAIN in Qemu 2.5.0.

redcap97 July 29, 2016, 2:57 p.m. UTC | #6

** Summary changed:

- "-serial unix:" option of qemu-system-* is broken in qemu 2.6.0
+ "-serial unix:" option of qemu-system-arm is broken in qemu 2.6.0

Daniel Berrange July 29, 2016, 3 p.m. UTC | #7

Ok, now it makes more sense. You are using the socket chardev in TCP
outgoing client mode, which used to be blocking by default. In 2.6 this
switched to match TCP server mode,  in wich the incoming client was
always in non-blocking mode.

IOW, this arm code was already broken in 2.5 just depending on which
chardev config was used.

So, we'll need to put a fix in pl011_write.  I'm unsure whether use
writeall() is the correct behaviour - I'll come to other serial
backends.

Daniel Berrange Aug. 5, 2016, 8:31 a.m. UTC | #8

Fix posted https://lists.gnu.org/archive/html/qemu-
devel/2016-08/msg00684.html

Daniel Berrange Jan. 11, 2017, 6:43 a.m. UTC | #9

Fix has been committed here:
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=6ab3fc32ea640026726b
... and been released with QEMU version 2.8

** Changed in: qemu
       Status: Incomplete => Fix Released

Patch

diff --git a/qemu-char.c b/qemu-char.c
index b597ee1..0361d78 100644
--- a/qemu-char.c
+++ b/qemu-char.c
@@ -270,6 +270,7 @@  static int qemu_chr_fe_write_buffer(CharDriverState *s, const uint8_t *buf, int
 int qemu_chr_fe_write(CharDriverState *s, const uint8_t *buf, int len)
 {
     int ret;
+    int offset = 0;
 
     if (s->replay && replay_mode == REPLAY_MODE_PLAY) {
         int offset;
@@ -280,7 +281,21 @@  int qemu_chr_fe_write(CharDriverState *s, const uint8_t *buf, int len)
     }
 
     qemu_mutex_lock(&s->chr_write_lock);
-    ret = s->chr_write(s, buf, len);
+
+    while (offset < len) {
+    retry:
+        ret = s->chr_write(s, buf, len);
+        if (ret < 0 && errno == EAGAIN) {
+            g_usleep(100);
+            goto retry;
+        }
+
+        if (ret <= 0) {
+            break;
+        }
+
+        offset += ret;
+    }
 
     if (ret > 0) {
         qemu_chr_fe_write_log(s, buf, ret);