| Message ID | 1576513726-53700-1-git-send-email-pbonzini@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Mon, 16 Dec 2019 at 16:34, Paolo Bonzini <pbonzini@redhat.com> wrote: > > The following changes since commit 084a398bf8aa7634738e6c6c0103236ee1b3b72f: > > Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging (2019-12-13 18:14:07 +0000) > > are available in the git repository at: > > > git://github.com/bonzini/qemu.git tags/for-upstream > > for you to fetch changes up to cfba0eb1146e7ccf839df29fd99cb90dd3c7640a: > > colo: fix return without releasing RCU (2019-12-16 17:25:46 +0100) > > ---------------------------------------------------------------- > * More uses of RCU_READ_LOCK_GUARD (Dave, myself) > * QOM doc improvments (Greg) > * Cleanups from the Meson conversion (Marc-André) > * Support for multiple -accel options (myself) > * Many x86 machine cleanup (Philippe, myself) > * tests/migration-test cleanup (Juan) > > ---------------------------------------------------------------- This generates a set of extra warnings from the clang runtime sanitizers: (1) in the bios-tables-test: MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} QTEST_QEMU_BINARY=i386-softmmu/qemu-system-i386 QTEST_QEMU_IMG=qemu-img tests/bios-tabl es-test -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="bios-tables-test" /home/petmay01/linaro/qemu-for-merges/qom/object.c:390:16: runtime error: load of value 22, which is not a valid value for type 'bool' Looking for expected file 'tests/data/acpi/pc/FACP' Using expected file 'tests/data/acpi/pc/FACP' Looking for expected file 'tests/data/acpi/pc/APIC' Using expected file 'tests/data/acpi/pc/APIC' Looking for expected file 'tests/data/acpi/pc/HPET' Using expected file 'tests/data/acpi/pc/HPET' Looking for expected file 'tests/data/acpi/pc/FACS' Using expected file 'tests/data/acpi/pc/FACS' Looking for expected file 'tests/data/acpi/pc/DSDT' Using expected file 'tests/data/acpi/pc/DSDT' PASS 1 bios-tables-test /i386/acpi/piix4 /home/petmay01/linaro/qemu-for-merges/qom/object.c:390:16: runtime error: load of value 151, which is not a valid value for type 'bool' (and others similar) and in the migration-test: MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} QTEST_QEMU_BINARY=i386-softmmu/qemu-system-i386 QTEST_QEMU_IMG=qemu-img tests/migration-test -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="migration-test" PASS 1 migration-test /i386/migration/deprecated /home/petmay01/linaro/qemu-for-merges/tests/migration-test.c:689:15: runtime error: load of value 255, which is not a valid value for type 'bool' /home/petmay01/linaro/qemu-for-merges/tests/migration-test.c:690:16: runtime error: null pointer passed as argument 1, which is declared to never be null /usr/include/unistd.h:828:48: note: nonnull attribute specified here PASS 2 migration-test /i386/migration/bad_dest PASS 3 migration-test /i386/migration/fd_proto PASS 4 migration-test /i386/migration/validate_uuid PASS 5 migration-test /i386/migration/validate_uuid_error I also saw a hang in migration-test (x86 host, aarch64 guest), but that didn't reoccur on my rerun, so it's intermittent and might be present already in master. thanks -- PMM
* Peter Maydell (peter.maydell@linaro.org) wrote: > On Mon, 16 Dec 2019 at 16:34, Paolo Bonzini <pbonzini@redhat.com> wrote: > > > > The following changes since commit 084a398bf8aa7634738e6c6c0103236ee1b3b72f: > > > > Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging (2019-12-13 18:14:07 +0000) > > > > are available in the git repository at: > > > > > > git://github.com/bonzini/qemu.git tags/for-upstream > > > > for you to fetch changes up to cfba0eb1146e7ccf839df29fd99cb90dd3c7640a: > > > > colo: fix return without releasing RCU (2019-12-16 17:25:46 +0100) > > > > ---------------------------------------------------------------- > > * More uses of RCU_READ_LOCK_GUARD (Dave, myself) > > * QOM doc improvments (Greg) > > * Cleanups from the Meson conversion (Marc-André) > > * Support for multiple -accel options (myself) > > * Many x86 machine cleanup (Philippe, myself) > > * tests/migration-test cleanup (Juan) > > > > ---------------------------------------------------------------- > > This generates a set of extra warnings from the clang runtime > sanitizers: > > (1) in the bios-tables-test: > MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} > QTEST_QEMU_BINARY=i386-softmmu/qemu-system-i386 > QTEST_QEMU_IMG=qemu-img tests/bios-tabl > es-test -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl > --test-name="bios-tables-test" > /home/petmay01/linaro/qemu-for-merges/qom/object.c:390:16: runtime > error: load of value 22, which is not a valid value for type 'bool' > > Looking for expected file 'tests/data/acpi/pc/FACP' > Using expected file 'tests/data/acpi/pc/FACP' > Looking for expected file 'tests/data/acpi/pc/APIC' > Using expected file 'tests/data/acpi/pc/APIC' > Looking for expected file 'tests/data/acpi/pc/HPET' > Using expected file 'tests/data/acpi/pc/HPET' > Looking for expected file 'tests/data/acpi/pc/FACS' > Using expected file 'tests/data/acpi/pc/FACS' > Looking for expected file 'tests/data/acpi/pc/DSDT' > Using expected file 'tests/data/acpi/pc/DSDT' > PASS 1 bios-tables-test /i386/acpi/piix4 > /home/petmay01/linaro/qemu-for-merges/qom/object.c:390:16: runtime > error: load of value 151, which is not a valid value for type 'bool' > > (and others similar) > > and in the migration-test: > MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} > QTEST_QEMU_BINARY=i386-softmmu/qemu-system-i386 > QTEST_QEMU_IMG=qemu-img tests/migration-test -m=quick -k --tap < > /dev/null | ./scripts/tap-driver.pl --test-name="migration-test" > PASS 1 migration-test /i386/migration/deprecated > /home/petmay01/linaro/qemu-for-merges/tests/migration-test.c:689:15: > runtime error: load of value 255, which is not a valid value for type > 'bool' > /home/petmay01/linaro/qemu-for-merges/tests/migration-test.c:690:16: > runtime error: null pointer passed as argument 1, which is declared to > never be null > /usr/include/unistd.h:828:48: note: nonnull attribute specified here That's a use-after-free from Juan's 'migration-test: Use a struct for test_migrate_start parameters'; it's calling migrate_start_destroy and then checks args->use_shmem. Dave > PASS 2 migration-test /i386/migration/bad_dest > PASS 3 migration-test /i386/migration/fd_proto > PASS 4 migration-test /i386/migration/validate_uuid > PASS 5 migration-test /i386/migration/validate_uuid_error > > I also saw a hang in migration-test (x86 host, aarch64 guest), > but that didn't reoccur on my rerun, so it's intermittent and > might be present already in master. > > thanks > -- PMM > -- Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
"Dr. David Alan Gilbert" <dgilbert@redhat.com> wrote: >> (and others similar) >> >> and in the migration-test: >> MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} >> QTEST_QEMU_BINARY=i386-softmmu/qemu-system-i386 >> QTEST_QEMU_IMG=qemu-img tests/migration-test -m=quick -k --tap < >> /dev/null | ./scripts/tap-driver.pl --test-name="migration-test" >> PASS 1 migration-test /i386/migration/deprecated >> /home/petmay01/linaro/qemu-for-merges/tests/migration-test.c:689:15: >> runtime error: load of value 255, which is not a valid value for type >> 'bool' >> /home/petmay01/linaro/qemu-for-merges/tests/migration-test.c:690:16: >> runtime error: null pointer passed as argument 1, which is declared to >> never be null >> /usr/include/unistd.h:828:48: note: nonnull attribute specified here > > That's a use-after-free from Juan's 'migration-test: Use a struct for > test_migrate_start parameters'; it's calling migrate_start_destroy and > then checks args->use_shmem. Hi New series with the fix posted upstream. Paolo, should I did the pull requset, or will you do it? Thanks, Juan. PD. Just curious, how should I launch clang to give me that error?
On 18/12/19 09:54, Juan Quintela wrote: > "Dr. David Alan Gilbert" <dgilbert@redhat.com> wrote: >>> (and others similar) >>> >>> and in the migration-test: >>> MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} >>> QTEST_QEMU_BINARY=i386-softmmu/qemu-system-i386 >>> QTEST_QEMU_IMG=qemu-img tests/migration-test -m=quick -k --tap < >>> /dev/null | ./scripts/tap-driver.pl --test-name="migration-test" >>> PASS 1 migration-test /i386/migration/deprecated >>> /home/petmay01/linaro/qemu-for-merges/tests/migration-test.c:689:15: >>> runtime error: load of value 255, which is not a valid value for type >>> 'bool' >>> /home/petmay01/linaro/qemu-for-merges/tests/migration-test.c:690:16: >>> runtime error: null pointer passed as argument 1, which is declared to >>> never be null >>> /usr/include/unistd.h:828:48: note: nonnull attribute specified here >> >> That's a use-after-free from Juan's 'migration-test: Use a struct for >> test_migrate_start parameters'; it's calling migrate_start_destroy and >> then checks args->use_shmem. > > Hi > > New series with the fix posted upstream. > > Paolo, should I did the pull requset, or will you do it? I can do it. > PD. Just curious, how should I launch clang to give me that error? "make docker-test-debug@fedora". Paolo
Paolo Bonzini <pbonzini@redhat.com> wrote: > On 18/12/19 09:54, Juan Quintela wrote: >> "Dr. David Alan Gilbert" <dgilbert@redhat.com> wrote: >>>> (and others similar) >>>> >>>> and in the migration-test: >>>> MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} >>>> QTEST_QEMU_BINARY=i386-softmmu/qemu-system-i386 >>>> QTEST_QEMU_IMG=qemu-img tests/migration-test -m=quick -k --tap < >>>> /dev/null | ./scripts/tap-driver.pl --test-name="migration-test" >>>> PASS 1 migration-test /i386/migration/deprecated >>>> /home/petmay01/linaro/qemu-for-merges/tests/migration-test.c:689:15: >>>> runtime error: load of value 255, which is not a valid value for type >>>> 'bool' >>>> /home/petmay01/linaro/qemu-for-merges/tests/migration-test.c:690:16: >>>> runtime error: null pointer passed as argument 1, which is declared to >>>> never be null >>>> /usr/include/unistd.h:828:48: note: nonnull attribute specified here >>> >>> That's a use-after-free from Juan's 'migration-test: Use a struct for >>> test_migrate_start parameters'; it's calling migrate_start_destroy and >>> then checks args->use_shmem. >> >> Hi >> >> New series with the fix posted upstream. >> >> Paolo, should I did the pull requset, or will you do it? > > I can do it. Thanks >> PD. Just curious, how should I launch clang to give me that error? > > "make docker-test-debug@fedora". Double thanks. Later, Juan.
The following changes since commit 084a398bf8aa7634738e6c6c0103236ee1b3b72f: Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging (2019-12-13 18:14:07 +0000) are available in the git repository at: git://github.com/bonzini/qemu.git tags/for-upstream for you to fetch changes up to cfba0eb1146e7ccf839df29fd99cb90dd3c7640a: colo: fix return without releasing RCU (2019-12-16 17:25:46 +0100) ---------------------------------------------------------------- * More uses of RCU_READ_LOCK_GUARD (Dave, myself) * QOM doc improvments (Greg) * Cleanups from the Meson conversion (Marc-André) * Support for multiple -accel options (myself) * Many x86 machine cleanup (Philippe, myself) * tests/migration-test cleanup (Juan) ---------------------------------------------------------------- Dr. David Alan Gilbert (3): kvm: Reallocate dirty_bmap when we change a slot hyperv: Use auto rcu_read macros qsp: Use WITH_RCU_READ_LOCK_GUARD Greg Kurz (1): object: Improve documentation of interfaces Juan Quintela (10): migration-test: Create cmd_soure and cmd_target migration-test: Move hide_stderr to common commandline migration-test: Move -machine to common commandline migration-test: Move memory size to common commandline migration-test: Move shmem handling to common commandline migration-test: Move -name handling to common commandline migration-test: Move -serial handling to common commandline migration-test: Move -incomming handling to common commandline migration-test: Rename cmd_src/dst to arch_source/arch_target migration-test: Use a struct for test_migrate_start parameters Marc-André Lureau (7): build-sys: build vhost-user-gpu only if CONFIG_TOOLS migration: fix maybe-uninitialized warning monitor: fix maybe-uninitialized vhost-user-scsi: fix printf format warning os-posix: simplify os_find_datadir tests: skip block layer tests if !CONFIG_TOOLS configure: simplify vhost condition with Kconfig Paolo Bonzini (35): memory: do not look at current_machine->accel vl: move icount configuration earlier tcg: move qemu_tcg_configure to accel/tcg/tcg-all.c vl: extract accelerator option processing to a separate function vl: merge -accel processing into configure_accelerators accel: compile accel/accel.c just once vl: introduce object_parse_property_opt vl: configure accelerators from -accel options vl: warn for unavailable accelerators, clarify messages qom: introduce object_register_sugar_prop qom: add object_new_with_class accel: pass object to accel_init_machine tcg: convert "-accel threads" to a QOM property tcg: add "-accel tcg,tb-size" and deprecate "-tb-size" xen: convert "-machine igd-passthru" to an accelerator property kvm: convert "-machine kvm_shadow_mem" to an accelerator property kvm: introduce kvm_kernel_irqchip_* functions kvm: convert "-machine kernel_irqchip" to an accelerator property Makefile: remove unused variables build-sys: do not include Windows SLIRP dependencies in $LIBS libvixl: remove per-target compiler flags crypto: move common bits for all emulators to libqemuutil stubs: replace stubs with lnot if applicable configure: set $PYTHON to a full path i386: conditionally compile more files fw_cfg: allow building without other devices hw: replace hw/i386/pc.h with a header just for the i8259 pci-stub: add more MSI functions x86: move SMM property to X86MachineState x86: move more x86-generic functions out of PC files acpi: move PC stubs out of stubs/ pc: stubify x86 iommu hw/isa/isa-bus: cleanup irq functions memory: use RCU_READ_LOCK_GUARD colo: fix return without releasing RCU Philippe Mathieu-Daudé (6): hw/i386/pc: Convert DPRINTF() to trace events hw/i386: De-duplicate gsi_handler() to remove kvm_pc_gsi_handler() hw/i386: Simplify ioapic_init_gsi() hw/i386/pc: Use TYPE_PORT92 instead of hardcoded string hw/i386/pc: Inline port92_init() hw/i386/pc: Extract the port92 device Kconfig.host | 5 + Makefile | 14 +- Makefile.objs | 6 +- Makefile.target | 2 - accel/Makefile.objs | 2 +- accel/accel.c | 73 +----- accel/kvm/kvm-all.c | 161 ++++++++++-- accel/tcg/tcg-all.c | 149 ++++++++++- configure | 10 +- contrib/vhost-user-scsi/vhost-user-scsi.c | 2 +- cpus.c | 72 ----- crypto/Makefile.objs | 13 +- disas/libvixl/Makefile.objs | 11 +- hw/acpi/Makefile.objs | 3 +- .../pc_madt_cpu_entry.c => hw/acpi/acpi-x86-stub.c | 0 hw/alpha/alpha_sys.h | 3 +- hw/alpha/dp264.c | 1 + hw/core/machine.c | 141 ---------- hw/hppa/hppa_sys.h | 3 +- hw/hppa/machine.c | 1 + hw/hyperv/hyperv.c | 22 +- hw/i386/Kconfig | 6 + hw/i386/Makefile.objs | 10 +- hw/i386/acpi-build.c | 1 + hw/i386/fw_cfg.c | 8 +- hw/i386/fw_cfg.h | 2 + hw/i386/kvm/Makefile.objs | 6 +- hw/i386/kvm/i8259.c | 1 + hw/i386/kvm/ioapic.c | 14 +- hw/i386/microvm.c | 4 +- hw/i386/pc.c | 291 +-------------------- hw/i386/pc_piix.c | 6 +- hw/i386/pc_q35.c | 2 +- hw/i386/port92.c | 126 +++++++++ hw/i386/trace-events | 8 + hw/i386/x86-iommu-stub.c | 34 +++ hw/i386/x86.c | 154 ++++++++++- hw/input/pckbd.c | 1 - hw/intc/Kconfig | 2 + hw/intc/apic.c | 2 +- hw/intc/i8259.c | 2 +- hw/intc/i8259_common.c | 2 +- hw/intc/ioapic.c | 3 +- hw/isa/i82378.c | 2 +- hw/isa/isa-bus.c | 11 +- hw/isa/lpc_ich9.c | 1 - hw/isa/piix4.c | 2 +- hw/mips/gt64xxx_pci.c | 2 +- hw/mips/mips_fulong2e.c | 2 +- hw/mips/mips_jazz.c | 2 +- hw/mips/mips_r4k.c | 2 +- hw/pci-host/bonito.c | 1 - hw/pci-host/prep.c | 2 +- hw/pci/pci-stub.c | 27 ++ hw/ppc/e500.c | 5 +- hw/ppc/spapr_irq.c | 16 +- hw/virtio/Kconfig | 3 + hw/virtio/Makefile.objs | 4 +- hw/xen/xen-common.c | 18 ++ hw/xen/xen_pt.c | 2 + include/exec/memory.h | 3 +- include/hw/boards.h | 7 - include/hw/i386/pc.h | 32 +-- include/hw/i386/x86.h | 23 ++ include/hw/intc/i8259.h | 12 + include/hw/isa/i8259_internal.h | 2 +- include/hw/isa/isa.h | 8 +- include/qom/object.h | 23 +- include/sysemu/accel.h | 4 +- include/sysemu/cpus.h | 2 - include/sysemu/kvm.h | 8 +- memory.c | 5 +- migration/ram.c | 53 ++-- monitor/misc.c | 3 +- os-posix.c | 41 +-- qemu-deprecated.texi | 6 + qemu-options.hx | 30 ++- qom/object.c | 28 +- stubs/Makefile.objs | 1 - target/arm/kvm.c | 8 +- target/i386/cpu.c | 8 +- target/i386/kvm.c | 11 +- target/i386/machine.c | 2 +- target/i386/monitor.c | 1 - target/mips/kvm.c | 2 +- target/ppc/kvm.c | 2 +- target/s390x/cpu_models.c | 4 +- target/s390x/kvm.c | 2 +- tests/Makefile.include | 4 +- tests/arm-cpu-features.c | 4 +- tests/bios-tables-test.c | 16 +- tests/boot-serial-test.c | 4 +- tests/cdrom-test.c | 2 +- tests/libqtest.c | 4 +- tests/migration-test.c | 264 ++++++++++--------- tests/pflash-cfi02-test.c | 4 +- tests/pnv-xscom-test.c | 4 +- tests/prom-env-test.c | 2 +- tests/pxe-test.c | 2 +- tests/vmgenid-test.c | 2 +- util/Makefile.objs | 3 +- util/qsp.c | 22 +- vl.c | 225 +++++++++++----- 103 files changed, 1298 insertions(+), 1076 deletions(-) rename stubs/pc_madt_cpu_entry.c => hw/acpi/acpi-x86-stub.c (100%) create mode 100644 hw/i386/port92.c create mode 100644 hw/i386/x86-iommu-stub.c create mode 100644 include/hw/intc/i8259.h