Jason Wang [Tue, 4 Jun 2013 05:18:17 +0000 (13:18 +0800)]
tap: fix NULL dereference when passing invalid parameters to tap
This patch forbid the following invalid parameters to tap:
1) fd and vhostfds were specified but vhostfd were not specified
2) vhostfds were specified but fds were not specified
3) fds and vhostfd were specified
For 1 and 2, net_init_tap_one() will still pass NULL as vhostfdname to
monitor_handle_fd_param(), which may crash the qemu.
Also remove the unnecessary has_fd check.
Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Stefan Hajnoczi <shajnocz@redhat.com> Cc: Laszlo Ersek <lersek@redhat.com> Cc: qemu-stable@nongnu.org Signed-off-by: Jason Wang <jasowang@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit c87826a878be05208c3906eb9d5e1f37cff5e98e)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Michael Tokarev [Wed, 5 Jun 2013 14:44:54 +0000 (18:44 +0400)]
create qemu_openpty_raw() helper function and move it to a separate file
In two places qemu uses openpty() which is very system-dependent,
and in both places the pty is switched to raw mode as well.
Make a wrapper function which does both steps, and move all the
system-dependent complexity into a separate file, together
with static/local implementations of openpty() and cfmakeraw()
from qemu-char.c.
It is in a separate file, not part of oslib-posix.c, because
openpty() often resides in -lutil which is not linked to
every program qemu builds.
This change removes #including of <pty.h>, <termios.h>
and other rather specific system headers out of qemu-common.h,
which isn't a place for such specific headers really.
This version has been verified to build correctly on Linux,
OpenBSD, FreeBSD and OpenIndiana. On the latter it lets qemu
to be built with gtk gui which were not possible there due to
missing openpty() and cfmakeraw().
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Tested-by: Andreas Färber <andreas.faerber@web.de>
(cherry picked from commit 4efeabbbe8441cc327052304976c7b9b86309d72)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Without this patch the guest pauses due to ENOMEDIUM. The guest is
stuck in a continuous pause loop since the I/O request is retried and
fails immediately again when the guest is resumed.
With this patch the error is reported to the guest.
Note that this scenario actually happens sometimes during libvirt disk
hot unplug, where device_del is followed by drive_del. I/O may still be
submitted to the drive after drive_del if the guest does not process the
PCI hot unplug notification.
Reported-by: Dafna Ron <dron@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 293c51a6ee369228633a8428ab689f14c045ff98)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
PCI host bridges need to set fw_name to be discoverable
by bios for boot device selection.
In particular, seabios expects root device to be called
"/pci/@i0cf8", so let's set it up like that for Q35.
Cc: qemu-stable@nongnu.org Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Tested-by: Amos Kong <akong@redhat.com>
(cherry picked from commit 68c0e134a090666246b467deaf9046e573b089f2)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
target-i386: Fix aflag logic for CODE64 and the 0x67 prefix
The code reorganization in commit 4a6fd938 broke handling of PREFIX_ADR.
While fixing this, tidy and comment the code so that it's more obvious
what's going on in setting both aflag and dflag.
The TARGET_X86_64 ifdef can be eliminated because CODE64 expands to the
constant zero when TARGET_X86_64 is undefined.
Cc: Paolo Bonzini <pbonzini@redhat.com> Reported-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Richard Henderson <rth@twiddle.net> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1369855851-21400-1-git-send-email-rth@twiddle.net Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit dec3fc9657e0682637de4d5a29d947284d01985c)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Which we basically used to print out a greeting/prompt for the
monitor.
AFAICT the only reason this was ever done in a BH was because in
some cases we'd modify the chr_write handler for a new chardev
backend *after* the site where we issued the reset (see:
86e94d:qemu_chr_open_stdio())
At some point this event was renamed to CHR_EVENT_OPENED, and we've
maintained the use of this BH ever since.
However, due to 9f939df955a4152aad69a19a77e0898631bb2c18, we schedule
the BH via g_idle_add(), which is causing events to sometimes be
delivered after we've already begun processing data from backends,
leading to:
known bugs:
QMP:
session negotation resets with OPENED event, in some cases this
is causing new sessions to get sporadically reset
potential bugs:
hw/usb/redirect.c:
can_read handler checks for dev->parser != NULL, which may be
true if CLOSED BH has not been executed yet. In the past, OPENED
quiesced outstanding CLOSED events prior to us reading client
data. If it's delayed, our check may allow reads to occur even
though we haven't processed the OPENED event yet, and when we
do finally get the OPENED event, our state may get reset.
qtest.c:
can begin session before OPENED event is processed, leading to
a spurious reset of the system and irq_levels
gdbstub.c:
may start a gdb session prior to the machine being paused
To fix these, let's just drop the BH.
Since the initial reasoning for using it still applies to an extent,
work around that by deferring the delivery of CHR_EVENT_OPENED until
after the chardevs have been fully initialized, toward the end of
qmp_chardev_add() (or some cases, qemu_chr_new_from_opts()). This
defers delivery long enough that we can be assured a CharDriverState
is fully initialized before CHR_EVENT_OPENED is sent.
Also, rather than requiring each chardev to do an explicit open, do it
automatically, and allow the small few who don't desire such behavior to
suppress the OPENED-on-init behavior by setting a 'explicit_be_open'
flag.
We additionally add missing OPENED events for stdio backends on w32,
which were previously not being issued, causing us to not recieve the
banner and initial prompts for qmp/hmp.
Reported-by: Stefan Priebe <s.priebe@profihost.ag> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Message-id: 1370636393-21044-1-git-send-email-mdroth@linux.vnet.ibm.com Cc: qemu-stable@nongnu.org Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit bd5c51ee6c4f1c79cae5ad2516d711a27b4ea8ec)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Wendy Liang [Fri, 7 Jun 2013 03:05:38 +0000 (13:05 +1000)]
xilinx_axidma: Do not set DMA .notify to NULL after notify
If a stream notify function is not ready, it may re-populate the notify call-
back to indicate it should be re-polled later. This break in this usage, as
immediately following the notify() call, .notify is set to NULL. reverse the
ordering of the notify call and NULL assignment accordingly.
[PC: Reworked commit message]
Signed-off-by: Wendy Liang <jliang@xilinx.com> Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
(cherry picked from commit 4f293bd6e53739e089f33b458f70a9c4ac136b92)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Cornelia Huck [Wed, 5 Jun 2013 15:13:05 +0000 (17:13 +0200)]
virtio-ccw: Fix unsetting of indicators.
Interpretation of the ccws to register (configuration) indicators contained
a thinko: We want to disallow reading from 0, but setting the indicator
pointer to 0 is fine.
Let's fix the handling for CCW_CMD_SET{,_CONF}_IND.
Stefan Hajnoczi [Tue, 4 Jun 2013 12:47:26 +0000 (14:47 +0200)]
vmxnet3: fix NICState cleanup
Use qemu_del_nic() instead of qemu_del_net_client() to correctly free
the entire NICState.
Cc: qemu-stable@nongnu.org Reported-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 3ffee3cd5fb29de2115bdcbde0a02f47ce69a24c)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Amos Kong [Wed, 29 May 2013 07:56:42 +0000 (15:56 +0800)]
qdev: fix get_fw_dev_path to support to add nothing to fw_dev_path
Recent virtio refactoring in QEMU made virtio-bus become the parent bus
of scsi-bus, and virtio-bus doesn't have get_fw_dev_path implementation,
typename will be added to fw_dev_path by default, the new fw_dev_path
could not be identified by seabios. It causes that bootindex parameter
of scsi device doesn't work.
This patch implements get_fw_dev_path() in BusClass, it will be called
if bus doesn't implement the method, tyename will be added to
fw_dev_path. If the implemented method returns NULL, nothing will be
added to fw_dev_path.
It also implements virtio_bus_get_fw_dev_path() to return NULL. Then
QEMU will still pass original style of fw_dev_path to seabios.
Signed-off-by: Amos Kong <akong@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Message-id: 1369814202-10346-1-git-send-email-akong@redhat.com
--
v2: only add nothing to fw_dev_path when get_fw_dev_path() is
implemented and returns NULL. then it will not effect other devices
don't have get_fw_dev_path() implementation.
v3: implement default get_fw_dev_path() in BusClass Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit bbfa18fca4e44ff9c23d36b50d8a998af9c9e9fc)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
xen: start PCI hole at 0xe0000000 (same as pc_init1 and qemu-xen-traditional)
We are currently setting the PCI hole to start at HVM_BELOW_4G_RAM_END,
that is 0xf0000000.
Start the PCI hole at 0xe0000000 instead, that is the same value used by
pc_init1 and qemu-xen-traditional.
Luiz Capitulino [Tue, 28 May 2013 18:19:22 +0000 (14:19 -0400)]
target-i386: fix abort on bad PML4E/PDPTE/PDE/PTE addresses
The code used to walk IA-32e page-tables, and possibly PAE page-tables,
uses the bit mask ~0xfff to get the next PML4E/PDPTE/PDE/PTE address.
However, as we use a uint64_t to store the resulting address, that mask
gets expanded to 0xfffffffffffff000 which not only ends up selecting
reserved bits but also selects the XD bit (execute-disable) which
happens to be enabled by Windows 8, causing qemu_get_ram_ptr() to abort.
This commit fixes that problem by replacing ~0xfff by a correct mask
that only selects the address bit range (ie. bits 51:12).
Andreas Färber [Wed, 5 Jun 2013 13:17:57 +0000 (15:17 +0200)]
ide: Set BSY bit during FLUSH
The implementation of the ATA FLUSH command invokes a flush at the block
layer, which may on raw files on POSIX entail a synchronous fdatasync().
This may in some cases take so long that the SLES 11 SP1 guest driver
reports I/O errors and filesystems get corrupted or remounted read-only.
Avoid this by setting BUSY_STAT, so that the guest is made aware we are
in the middle of an operation and no ATA commands are attempted to be
processed concurrently.
Addresses BNC#637297.
Suggested-by: Gonglei (Arei) <arei.gonglei@huawei.com> Signed-off-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit f68ec8379e88502b4841a110c070e9b118d3151c)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Gerd Hoffmann [Mon, 27 May 2013 10:41:24 +0000 (12:41 +0200)]
chardev: fix "info chardev" output
Fill unset CharDriverState->filename with the backend name, so
'info chardev' will return at least the chardev type. Don't
touch it in case the chardev init function filled it already,
like the socket+pty chardevs do for example.
target-i386: Attach ICC bus to CPU on its creation
X86CPU should have parent bus so it could provide bus for child APIC.
The commit makes it mandatory to pass a valid ICC bus to cpu_x86_create,
but cpu_x86_init just passes NULL to it.
xen_machine_pv uses cpu_x86_init, therefore it has been broken.
This patch fixes the problem by removing the dummy CPU creation
altogether from xen_init_pv, relying on the fact that QEMU can now cope
with a machine without an emulated CPU.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Reviewed-by: Andreas Färber <afaerber@suse.de> CC: imammedo@redhat.com CC: qemu-stable@nongnu.org
(cherry picked from commit 58ee9b0ae05d81c74d6869a25ce4263fc22ed809)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
qom/object: Don't poll cast cache for NULL objects
object_dynamic_cast_assert used to be tolerant of NULL objects and not
assert. It's clear from the implementation that this is the expected
behavior.
The preceding check of the cast cache dereferences obj however causing
a segfault. Fix by conditionalizing the cast cache logic on obj being
non-null.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Reviewed-by: Andreas Färber <afaerber@suse.de> Reviewed-by: Anthony Liguori <aliguori@us.ibm.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Message-id: 8e2bef6a55753869c50bfa32226f7fcf0439ca62.1369183592.git.peter.crosthwaite@xilinx.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 95916abcf428fb03644468c7fbce64356c6483c0)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Stefan Hajnoczi [Wed, 22 May 2013 12:50:18 +0000 (14:50 +0200)]
rtl8139: flush queued packets when RxBufPtr is written
Net queues support efficient "receive disable". For example, tap's file
descriptor will not be polled while its peer has receive disabled. This
saves CPU cycles for needlessly copying and then dropping packets which
the peer cannot receive.
rtl8139 is missing the qemu_flush_queued_packets() call that wakes the
queue up when receive becomes possible again.
As a result, the Windows 7 guest driver reaches a state where the
rtl8139 cannot receive packets. The driver has actually refilled the
receive buffer but we never resume reception.
The bug can be reproduced by running a large FTP 'get' inside a Windows
7 guest:
The Linux guest driver does not trigger the bug, probably due to a
different buffer management strategy.
Reported-by: Oliver Francke <oliver.francke@filoo.de> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 00b7ade807b5ce6779ddd86ce29c5521ec5c529a)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
hw/9pfs: use O_NOFOLLOW for mapped readlink operation
With mapped security models like mapped-xattr and mapped-file, we save the
symlink target as file contents. Now if we ever expose a normal directory
with mapped security model and find real symlinks in export path, never
follow them and return proper error.
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
(cherry picked from commit aed858ce10ef09c7bdf03f73e75e772f567c74cd)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
When guest tries to chmod a block or char device file over 9pfs,
the qemu process segfaults. With 9p2000.u protocol we use wstat to
change mode bits and client don't send extension information for
chmod. We need to check for size field to check whether extension
info is present or not.
Reported-by: Michael Tokarev <mjt@tls.msk.ru> Acked-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
(cherry picked from commit c7e587b73ebac05943df78f5f37d80d32ff47d3d)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Hervé Poussineau [Mon, 20 May 2013 10:33:08 +0000 (12:33 +0200)]
osdep: fix qemu_anon_ram_free trace (+ fix compilation on 32 bit hosts)
Commit e7a09b92b70786f9e8c5fbf787e0248c6ebbe707 added a trace at each
memory freeing, but unfortunately inverted size and pointer when printing
them. Fix trace.
This also led to a compilation error on 32 bit hosts:
In file included from include/trace.h:4:0,
from trace/generated-events.c:3:
./trace/generated-tracers.h: In function ‘trace_qemu_anon_ram_free’:
./trace/generated-tracers.h:64:9: error: format ‘%zu’ expects argument of type
‘size_t’, but argument 3 has type ‘void *’ [-Werror=format]
./trace/generated-tracers.h:64:9: error: format ‘%p’ expects argument of type
‘void *’, but argument 4 has type ‘size_t’ [-Werror=format]
Ed Maste [Thu, 16 May 2013 15:32:28 +0000 (11:32 -0400)]
Rename hexdump to avoid FreeBSD libutil conflict
On FreeBSD libutil is used for openpty(), but it also provides a hexdump()
which conflicts with QEMU's.
Signed-off-by: Ed Maste <emaste@freebsd.org> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1368718348-15199-1-git-send-email-emaste@freebsd.org Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Reported-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Hu Tao <hutao@cn.fujitsu.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1369046780-17498-1-git-send-email-pbonzini@redhat.com Cc: qemu-stable@nongnu.org Signed-off-by: Hu Tao <hutao@cn.fujitsu.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Lei Li [Mon, 20 May 2013 06:51:03 +0000 (14:51 +0800)]
chardev: Make consistent with udp device for new qapi backend
When register and open a chardev udp, the backend name should be udp
not dgram, and we do not have backend dgram in the chardev list. This
patch makes the new qapi udp backend consistent with the original
udp device.
Signed-off-by: Lei Li <lilei@linux.vnet.ibm.com>
Message-id: 1369032665-18159-2-git-send-email-lilei@linux.vnet.ibm.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Petar Jovanovic [Sat, 18 May 2013 01:53:41 +0000 (03:53 +0200)]
target-mips: fix EXTPDP and setting up pos field in the DSPControl reg
This change makes sure that modifications of pos field in the DSPControl
register do not trash other bits in the register. This bug can be triggered
with the additional test case in mips32-dsp/extpdp.c in this commit.
In addition to this, this change corrects incorrect calculation of the mask
for EXTPDP.
Signed-off-by: Petar Jovanovic <petar.jovanovic@imgtec.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Anthony Liguori [Fri, 17 May 2013 15:00:30 +0000 (10:00 -0500)]
Merge remote-tracking branch 'mdroth/qga-pull-2013-05-13' into staging
* mdroth/qga-pull-2013-05-13:
qga: unlink just created guest-file if fchmod() or fdopen() fails on it
qga: distinguish binary modes in "guest_file_open_modes" map
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Reverting this patch fixes a divide-by-zero error in qemu that can be
fairly reliably triggered by doing block migration. In this case, the
configuration/error was:
This revert potentially re-introduces a bug that was present in 1.4,
but fixes a prevalent issue with block migration so we should revert
it for now and take an updated patch later.
Conflicts:
migration.c
* fixed up to remove logic introduced in 7161082c while leaving
changes in HEAD intact
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Message-id: 1368739544-31021-1-git-send-email-mdroth@linux.vnet.ibm.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
"WSAEventSelect is edge-triggered and the event will not be signaled if
the socket handler does not consume all the data in the socket buffer."
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1368718561-7816-3-git-send-email-stefanha@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
pollfds_fill() and pollfds_poll() translate GPollFD to rfds/wfds/xfds
for sockets on win32. select(2) is the underlying system call which is
used to monitor sockets for activity.
Currently file descriptors that monitor G_IO_ERR will be included in
both rfds and wfds. As a result, select(2) will report writability on
file descriptors where we only really wanted to monitor readability
(with errors).
slirp_pollfds_poll() hit this issue: UDP sockets are blocking sockets so
we hang in sorecvfrom() when G_IO_ERR is set due to the socket being
writable (we only wanted to check for readability).
This patch fixes the slirp_pollfds_poll() hang.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1368718561-7816-2-git-send-email-stefanha@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Anthony Liguori [Wed, 15 May 2013 19:57:30 +0000 (14:57 -0500)]
Merge remote-tracking branch 'luiz/queue/qmp' into staging
# By Michael Roth (1) and Zhangleiqiang (1)
# Via Luiz Capitulino
* luiz/queue/qmp:
qapi: fix leak in unit tests
qmp: fix handling of cmd with Equals in qmp-shell
Message-id: 1368625179-27962-1-git-send-email-lcapitulino@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Paolo Bonzini [Wed, 15 May 2013 15:46:11 +0000 (17:46 +0200)]
qemu-common: Resolve vector build breakes for AltiVec
On Mac OS X ppc, altivec.h defines "vector", leading to build breakage
when used as variable name, e.g. in tracing code.
Fix this by undefining identifiers after altivec.h inclusion.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Message-id: 1368632771-4328-1-git-send-email-andreas.faerber@web.de Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Kevin Wolf [Wed, 15 May 2013 13:00:39 +0000 (15:00 +0200)]
ide-test: Fix endianness problems
The test case passes on big endian hosts now (tested on ppc64)
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-id: 1368622839-7084-1-git-send-email-kwolf@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Peter Maydell [Tue, 14 May 2013 15:33:36 +0000 (16:33 +0100)]
hw/pci-host/versatile.c: Provide property for forcing broken IRQ mapping
Although we try our best to automatically detect broken versions
of Linux which assume the old broken IRQ mapping we used to implement
for our model of the Versatile PCI controller, it turns out that
some particularly new kernels manage to outwit the autodetection.
We therefore provide a property for enabling the old broken IRQ
mapping, so that if users happen to have such a kernel they can
work around its deficiencies with the command line option:
-global versatile_pci.broken-irq-mapping=1
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1368545616-22344-4-git-send-email-peter.maydell@linaro.org Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Peter Maydell [Tue, 14 May 2013 15:33:35 +0000 (16:33 +0100)]
hw/pci-host/versatile.c: Update autodetect to detect newer kernels
Newer versatilepb kernels still don't get the IRQ mapping right
for the PCI controller, but they get it differently wrong (they add
a fixed +64 offset to everything they write to PCI_INTERRUPT_LINE).
Update the autodetection to handle these too, and include a more
detailed comment on the various different behaviours that might
be present.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1368545616-22344-3-git-send-email-peter.maydell@linaro.org Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Peter Maydell [Tue, 14 May 2013 15:33:34 +0000 (16:33 +0100)]
Revert "versatile_pci: Put the host bridge PCI device at slot 29"
This reverts commit 5f37ef92b7690423ac6311d3c597e182fc5f8fe6.
It turns out that some kernels incorrectly depend on the
old QEMU behaviour of not putting the host PCI bridge device
where the hardware puts it, because they use a swizzling IRQ
mapping which is incorrect but happens to match up with old
broken QEMU when the slot number mod 4 is zero. Since we
start PCI devices at 11, if we put the host bridge at 29
then the first real PCI device goes at 11 and doesn't work.
Not putting the host bridge at 29 means it defaults to 11,
so the first real PCI device is at 12 and works.
Since continuing with the old behaviour doesn't cause problems
for kernels which do work with hardware, the simplest fix for
this is to revert the change.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1368545616-22344-2-git-send-email-peter.maydell@linaro.org Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Stefan Weil [Sat, 11 May 2013 19:46:58 +0000 (21:46 +0200)]
w32: Fix configure test for -march=i486
The latest version of MinGW needs a test for __sync_val_compare_and_swap
to fix a missing symbol linker error.
Reported-by: Igor Mitsyanko <i.mitsyanko@gmail.com> Signed-off-by: Stefan Weil <sw@weilnetz.de>
Message-id: 1368301619-32097-2-git-send-email-sw@weilnetz.de Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Peter Maydell [Tue, 14 May 2013 20:36:39 +0000 (21:36 +0100)]
configure: Detect uuid on MacOSX (fixes compile failure)
Commit 7791dba3ec broke compilation on MacOSX, because it introduced
a new include of util.h. On MacOSX this includes pwd.h which in turn
includes the system uuid/uuid.h, which causes a compile failure if
QEMU was configured without CONFIG_UUID due to a conflict between
the system header and our fallback versions:
block/vdi.c:124:20: error: static declaration of 'uuid_generate'
follows non-static declaration
static inline void uuid_generate(uuid_t out)
^
/usr/include/uuid/uuid.h:63:6: note: previous declaration is here
void uuid_generate(uuid_t out);
^
Fix this breakage by improving configure's check for uuid to work on
MacOSX (where there is no need to link in a separate libuuid).
Note that if the user explicitly runs configure with '--disable-uuid'
on MacOSX then QEMU will fail to compile.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1368563799-22755-1-git-send-email-peter.maydell@linaro.org Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
KONRAD Frederic [Wed, 15 May 2013 12:12:50 +0000 (14:12 +0200)]
virtio-net-x: forward the netclient name and type.
This forwards the name and the type of virtio-net-x to fix the bad
behaviour of "info network" command.
Signed-off-by: KONRAD Frederic <fred.konrad@greensocs.com>
Message-id: 1368619970-23892-3-git-send-email-fred.konrad@greensocs.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
KONRAD Frederic [Wed, 15 May 2013 12:12:49 +0000 (14:12 +0200)]
virtio-net: add virtio_net_set_netclient_name.
This adds virtio_net_set_netclient_name, which is used to set the
name and type shown in "info network" command.
Signed-off-by: KONRAD Frederic <fred.konrad@greensocs.com>
Message-id: 1368619970-23892-2-git-send-email-fred.konrad@greensocs.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Michael Roth [Fri, 10 May 2013 02:20:57 +0000 (21:20 -0500)]
qapi: fix leak in unit tests
qmp_output_get_qobject() increments the qobject's reference count. Since
we currently pass this straight into qobject_to_json() so we can feed
the data into a QMP input visitor, we never actually free the underlying
qobject when qmp_output_visitor_cleanup() is called. This causes leaks
on all of the QMP serialization tests.
Fix this by holding a pointer to the qobject and decref'ing it before
returning from qmp_deserialize().
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Zhangleiqiang [Mon, 6 May 2013 08:31:23 +0000 (08:31 +0000)]
qmp: fix handling of cmd with Equals in qmp-shell
qmp: fix handling of cmd with equal mark in qmp-shell
qmp-shell splits the argument and value of input command
by equal mark("="). But there are commands whose values
include equal mark themselves, and the json built by
qmp-shell will not correct. For example, when using NBD as
the target of block-backup command, the input
"block-backup target=nbd+unix:///drive0?socket=/tmp/nbd.sock"
will fail, because the json built will be as follows:
With this patch applied the segfault will be avoided, however the case
will still fail, though gracefully:
$ qemu-img create -f qcow2 /tmp/huge.qcow2 $((1024*1024))T
Formatting 'huge.qcow2', fmt=qcow2 size=1152921504606846976 encryption=off cluster_size=65536 lazy_refcounts=off
qemu-img: The image size is too large for file format 'qcow2'
Note that even long before these overflow checks kick in, you get
insanely high memory usage (up to INT_MAX * sizeof(uint64_t) = 16 GB for
the L1 table), so with somewhat smaller image sizes you'll probably see
qemu aborting for a failed g_malloc().
If you need huge image sizes, you should increase the cluster size to
the maximum of 2 MB in order to get higher limits.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Paolo Bonzini [Mon, 13 May 2013 14:19:56 +0000 (16:19 +0200)]
osdep: introduce qemu_anon_ram_free to free qemu_anon_ram_alloc-ed memory
We switched from qemu_memalign to mmap() but then we don't modify
qemu_vfree() to do a munmap() over free(). Which we cannot do
because qemu_vfree() frees memory allocated by qemu_{mem,block}align.
Introduce a new function that does the munmap(), luckily the size is
available in the RAMBlock.
Reported-by: Amos Kong <akong@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Amos Kong <akong@redhat.com>
Message-id: 1368454796-14989-3-git-send-email-pbonzini@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This is preparatory to the introduction of a separate freeing API.
Reported-by: Amos Kong <akong@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Amos Kong <akong@redhat.com>
Message-id: 1368454796-14989-2-git-send-email-pbonzini@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Kevin Wolf [Tue, 14 May 2013 10:15:54 +0000 (12:15 +0200)]
readline: Handle xterm escape sequences for Home/End keys
This fixes the Home/End keys in the monitor using the GTK frontend.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-id: 1368526554-15866-1-git-send-email-kwolf@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Paolo Bonzini [Tue, 14 May 2013 12:05:21 +0000 (14:05 +0200)]
portability: pty.h is glibc-specific
This should fix building the GTK+ front-end on BSDs.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1368533121-30796-1-git-send-email-pbonzini@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Paolo Bonzini [Tue, 14 May 2013 12:12:25 +0000 (14:12 +0200)]
spitz: fix compilation failure due to pty.h namespace pollution
pty.h is polluting the global namespace with a CTRL macro. spitz
thus fails compilation with the patch at
http://article.gmane.org/gmane.comp.emulators.qemu/211337 and
this patch fixes it.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1368533545-650-1-git-send-email-pbonzini@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Anthony Liguori [Mon, 13 May 2013 20:22:24 +0000 (15:22 -0500)]
qom: aggressively optimize qom casting
This patch adds a small typename cache to ObjectClass. This allows
caching positive casts within each ObjectClass. Benchmarking a
PPC workload provided by Aurelien, this patch eliminates every
single g_hash_table_lookup() happening during the benchmark (which
was about 2 million per-second).
With this patch applied, I get exactly the same performance (within
the margin of error) as with --disable-qom-cast-debug.
N.B. it's safe to cache typenames only from the _assert() macros
because they are always called with string literals.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Igor Mitsyanko [Fri, 10 May 2013 14:59:45 +0000 (18:59 +0400)]
ui/gtk.c: do not use gdk_display_warp_pointer when GTK ver >3.0
Commit 9697f5d2d38e5dd1e64e8e0d64436e6d44e7b1fe "gtk: custom cursor support"
introduced unconditional usage of gdk_display_warp_pointer(). This function
is marked as deprecated since GTK-3.0, and triggers warning (error with -Werror)
during compilation.
Conditionally change gdk_display_warp_pointer() method usage to gdk_device_warp
usage, as suggested by compiler.
Signed-off-by: Igor Mitsyanko <i.mitsyanko@gmail.com>
Message-id: 1368197985-44608-1-git-send-email-i.mitsyanko@gmail.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Paolo Bonzini [Fri, 10 May 2013 12:38:03 +0000 (14:38 +0200)]
Revert "pc: Kill the "use flash device for BIOS unless KVM" misfeature"
This reverts commit 9953f8822cc316eec9962f0a2858c3439a80adec.
While Markus's analysis is entirely correct, there are 1.6 patches
that fix the bug for real and without requiring machine type hacks.
Let's think of the children who will have to read this code, and
avoid a complicated mess of semantics that differ between <1.5,
1.5, and >1.5.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Acked-by: Anthony Liguori <aliguori@us.ibm.com>
Message-id: 1368189483-7915-1-git-send-email-pbonzini@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Paolo Bonzini [Fri, 10 May 2013 12:16:40 +0000 (14:16 +0200)]
qom: allow turning cast debugging off
Cast debugging can have a substantial cost (20% or more). Instead of adding
special-cased "fast casts" in the hot paths, we can just disable it in
releases. The tracing facilities we just added make it easier to analyze
those problems that cast debugging would reveal.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1368188203-3407-7-git-send-email-pbonzini@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Paolo Bonzini [Fri, 10 May 2013 12:16:39 +0000 (14:16 +0200)]
qom: trace asserting casts
This provides a way to detect the cast that leads to a (reproducible)
crash even when QOM cast debugging is disabled.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1368188203-3407-6-git-send-email-pbonzini@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Paolo Bonzini [Fri, 10 May 2013 12:16:38 +0000 (14:16 +0200)]
qom: pass file/line/function to asserting casts
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1368188203-3407-5-git-send-email-pbonzini@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Paolo Bonzini [Fri, 10 May 2013 12:16:37 +0000 (14:16 +0200)]
qom: add a fast path to object_class_dynamic_cast
For leaf classes, in many cases the callbacks will simply downcast
the object back to the original class. Add this fast path to
object_class_dynamic_cast, object_dynamic_cast will inherit it.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1368188203-3407-4-git-send-email-pbonzini@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Paolo Bonzini [Fri, 10 May 2013 12:16:36 +0000 (14:16 +0200)]
qom: allow casting of a NULL class
This mimics what we do in object_dynamic_cast_assert.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1368188203-3407-3-git-send-email-pbonzini@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Paolo Bonzini [Fri, 10 May 2013 12:16:35 +0000 (14:16 +0200)]
qom: improve documentation of cast functions
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1368188203-3407-2-git-send-email-pbonzini@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Laszlo Ersek [Wed, 8 May 2013 15:31:35 +0000 (17:31 +0200)]
qga: distinguish binary modes in "guest_file_open_modes" map
In Windows guests this may make a difference.
Since the original patch (commit c689b4f1) sought to be pedantic and to
consider theoretical corner cases of portability, we should fix it up
where it failed to come through in that pursuit.
Suggested-by: Eric Blake <eblake@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Anthony Liguori [Mon, 13 May 2013 14:44:25 +0000 (09:44 -0500)]
Merge remote-tracking branch 'mjt/trivial-patches-next' into staging
# By Dong Xu Wang (2) and others
# Via Michael Tokarev
* mjt/trivial-patches-next:
osdep.h: include sys/types.h for ssize_t definition
remove double semicolons
clean unnecessary code: don't check g_strdup arg for NULL
docs: mention AddressSpaces in docs/memory.txt
audio: update documentation after removing --audio-card-list option
m25p80.c: Sync Flash chip list with Linux
bsd-user: OS-agnostic 64-bit SYSCTL types
Message-id: 518F61B9.9050803@msgid.tls.msk.ru Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Igor Mitsyanko [Fri, 10 May 2013 19:58:21 +0000 (23:58 +0400)]
osdep.h: include sys/types.h for ssize_t definition
sys/types.h is taken out from "ifdef __OpenBSD__" guard. It should be
safe for other systems, according to following survey:
http://hacks.owlfolio.org/header-survey/
This fixes build for CONFIG_IOVEC-less systems (mingw).
Signed-off-by: Igor Mitsyanko <i.mitsyanko@gmail.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Paolo Bonzini [Mon, 6 May 2013 16:23:38 +0000 (18:23 +0200)]
docs: mention AddressSpaces in docs/memory.txt
Reported-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Ed Maste [Wed, 1 May 2013 14:40:53 +0000 (10:40 -0400)]
m25p80.c: Sync Flash chip list with Linux
Add new devices for various manufacturers, and re-sort Spansion list to
match the order in Linux, which requires chips with a non-zero extended ID
to come first.
With this commit the outstanding differences to Linux rev 55bf75b are:
- Erase size flag differences in s25sl032p, s25sl064p, s25fl016k, s25fl064k
(These devices have only some blocks that support small erase sizes.)
- Linux lacks n25q128
- Devices without a Jedec ID have been excluded
Signed-off-by: Ed Maste <emaste@freebsd.org> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Ed Maste [Tue, 30 Apr 2013 13:29:32 +0000 (09:29 -0400)]
bsd-user: OS-agnostic 64-bit SYSCTL types
Use existence of type as #ifdef condition rather than FreeBSD-specific
version check, as suggested by Patrick Welche.
Also handle the signed (CTLTYPE_S64) case identically to the unsigned
(CTLTYPE_U64) case, per later patches in the FreeBSD ports tree
(emulators/qemu-devel/files/patch-z-arm-bsd-user-001).
Signed-off-by: Ed Maste <emaste@freebsd.org> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Aurelien Jarno [Wed, 8 May 2013 20:36:39 +0000 (22:36 +0200)]
tcg/optimize: fix setcond2 optimization
When setcond2 is rewritten into setcond, the state of the destination
temp should be reset, so that a copy of the previous value is not
used instead of the result.
Reported-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Hans de Goede [Tue, 23 Apr 2013 08:18:16 +0000 (10:18 +0200)]
qxl: Call spice_qxl_driver_unload from qxl_enter_vga_mode
With a SPICE_DISPLAY_CAP_MONITORS_CONFIG capable client, the client needs to
know what part of the primary to use for each monitor. If the guest driver
does not support this, the server sends messages to the client for a
single monitor spanning the entire primary.
As soon as the guest calls spice_qxl_monitors_config_async once, the server
sets the red_worker driver_has_monitors_config flag and stops doing this.
This is a problem when the driver gets unloaded, for example after a reboot
or when switching to a text vc with usermode mode-setting under Linux.
To reproduce this start a multi-mon capable Linux guest which uses
usermode mode-setting and then once X has started switch to a text vc. Note
how the client window does not only not resize, if you try to resize it
manually you always keep blackborders since the aspect is wrong.
This patch calls a new spice-server method called spice_qxl_driver_unload
which clears the driver_has_monitors_config flag inside the server, thereby
fixing this.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Anthony Liguori [Wed, 8 May 2013 20:54:36 +0000 (15:54 -0500)]
Merge remote-tracking branch 'kwolf/for-anthony' into staging
# By Kevin Wolf (7) and Fam Zheng (3)
# Via Kevin Wolf
* kwolf/for-anthony:
qemu-iotests: fix 017 018 for vmdk
qemu-iotests: exclude vmdk and qcow from 043
qemu-iotests: exclude vmdk for test 042
qtest/ide-test: Test short and long PRDTs
qtest/ide-test: Add simple DMA read/write test case
qtest: Add IDE test case
libqos/pci: Enable bus mastering
ide: Reset BMIDEA bit when the bus master is stopped
de_DE.po: Add missing leading spaces
ahci: Don't allow creating slave drives
Message-id: 1368023344-29731-1-git-send-email-kwolf@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Jason Wang [Tue, 7 May 2013 05:42:49 +0000 (13:42 +0800)]
virtio: properly validate address before accessing config
There are several several issues in the current checking:
- The check was based on the minus of unsigned values which can overflow
- It was done after .{set|get}_config() which can lead crash when config_len
is zero since vdev->config is NULL
Fix this by:
- Validate the address in virtio_pci_config_{read|write}() before
.{set|get}_config
- Use addition instead minus to do the validation
Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Petr Matousek <pmatouse@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Acked-by: Petr Matousek <pmatouse@redhat.com>
Message-id: 1367905369-10765-1-git-send-email-jasowang@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
mask notifiers are never called without msix,
so devices with backend masking like vhost don't work.
Call mask notifiers explicitly at
startup/cleanup to make it work.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Tested-by: Alexander Graf <agraf@suse.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Alexander Graf [Mon, 6 May 2013 17:49:43 +0000 (19:49 +0200)]
PPC: Fix rldcl
The implementation for rldcl tried to always fetch its
parameters from the opcode, even though the opcode was
already passed in in decoded and different forms.
Alexander Graf [Wed, 8 May 2013 13:19:14 +0000 (15:19 +0200)]
PPC: Depend behavior of cmp instructions only on instruction encoding
When running an L=1 cmp instruction on a 64bit PPC CPU with SF off, it
still behaves identical to what it does when SF is on. Remove the implicit
difference in the code.
Also, on most 32bit CPUs we should always treat the compare as 32bit
compare, as the CPU will ignore the L bit. This is not true for e500mc,
but that's up for a different patch.
Reported-by: Torbjorn Granlund <tg@gmplib.org> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Alexander Graf <agraf@suse.de>
Petar Jovanovic [Wed, 8 May 2013 11:17:40 +0000 (13:17 +0200)]
target-mips: fix incorrect behaviour for INSV
Corner case for INSV instruction when size=32 has not been correctly
implemented. The mask for size should be one bit wider, and preparing the
filter variable should be aware of this case too.
The test for INSV has been extended to include the case that triggers the
bug.
Signed-off-by: Petar Jovanovic <petar.jovanovic@imgtec.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Fam Zheng [Tue, 7 May 2013 11:13:05 +0000 (19:13 +0800)]
qemu-iotests: fix 017 018 for vmdk
017 and 018 use /bin/mv to move base img from t.IMGFMG to t.IMGFMT.base
after filling data, this is not enough for vmdk, when t.IMGFMT is only a
description text file who points to t-{flat,s001,f001,...}.IMGFMT as
data extent, so testing such subformats alway fails on them.
This patch use the trick of temprorily changing TEST_IMG to avoid using
/bin/mv.
Signed-off-by: Fam Zheng <famz@redhat.com> Reviewed-by: Jeff Cody <jcody@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>