qapi: qapi-commands: fix possible leaks on visitor dealloc
In qmp-marshal.c the dealloc visitor calls use the same errp
pointer of the input visitor calls. This means that if any of
the input visitor calls fails, then the dealloc visitor will
return early, before freeing the object's memory.
Here's an example, consider this code:
int qmp_marshal_input_block_passwd(Monitor *mon, const QDict *qdict, QObject **ret)
{
[...]
char * device = NULL;
char * password = NULL;
mi = qmp_input_visitor_new_strict(QOBJECT(args));
v = qmp_input_get_visitor(mi);
visit_type_str(v, &device, "device", errp);
visit_type_str(v, &password, "password", errp);
qmp_input_visitor_cleanup(mi);
if (error_is_set(errp)) {
goto out;
}
qmp_block_passwd(device, password, errp);
Consider errp != NULL when the out label is reached, we're going
to leak device and password.
This patch fixes this by always passing errp=NULL for dealloc
visitors, meaning that we always try to free them regardless of
any previous failure. The above example would then be:
Paul Moore [Wed, 29 May 2013 20:30:01 +0000 (16:30 -0400)]
seccomp: add the asynchronous I/O syscalls to the whitelist
In order to enable the asynchronous I/O functionality when using the
seccomp sandbox we need to add the associated syscalls to the
whitelist.
Signed-off-by: Paul Moore <pmoore@redhat.com> Reviewed-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Message-id: 20130529203001.20939.83322.stgit@localhost Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit fd21faadb12669e24eaf0a277de61c24fcde4cac)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Its clear from the implementation that class casting is supposed to work
with a NULL class argument. Guard all dereferences of the class argument
against NULL accordingly.
target-openrisc: Fix typename in openrisc_cpu_class_by_name()
Commit 478032a93d908e59085c1ac56f10979942e7dc4f (target-openrisc:
Rename CPU subtypes) suffixed CPU sub-types with "-or32-cpu" but forgot
to update openrisc_cpu_class_by_name(), so that it was still looking for
the types without suffix.
Make target-openrisc running OK by adding the suffix to the model name.
This means it is no longer possible to use -cpu or1200-or32-cpu or
-cpu any-or32-cpu though.
Cc: qemu-stable@nongnu.org Signed-off-by: Dongxue Zhang <elta.era@gmail.com> Tested-by: Jia Liu <proljc@gmail.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
(cherry picked from commit 071b3364e7995036816aa4ebf80ecfa04b1a31de)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Stefan Hajnoczi [Tue, 2 Jul 2013 13:36:25 +0000 (15:36 +0200)]
block: fix bdrv_flush() ordering in bdrv_close()
Since 80ccf93b we flush the block device during close. The
bdrv_drain_all() call should come before bdrv_flush() to ensure guest
write requests have completed. Otherwise we may miss pending writes
when flushing.
Call bdrv_drain_all() again for safety as the final step after
bdrv_flush(). This should not be necessary but we can be paranoid here
in case bdrv_flush() left I/O pending.
Cc: qemu-stable@nongnu.org Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 58fda173e1156d24e5ff62361774715152188a07)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Andreas Färber [Tue, 2 Jul 2013 18:05:21 +0000 (20:05 +0200)]
target-xtensa: gen_intermediate_code_internal() should be inlined
Cc: qemu-stable@nongnu.org Reported-by: Richard Henderson <rth@twiddle.net> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Andreas Färber <afaerber@suse.de>
(cherry picked from commit ae06d4988d6799f0bd16f27c2bcf80fa1cd2cfd7)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Andreas Färber [Tue, 2 Jul 2013 18:04:28 +0000 (20:04 +0200)]
target-moxie: gen_intermediate_code_internal() should be inlined
Cc: qemu-stable@nongnu.org Reported-by: Richard Henderson <rth@twiddle.net> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Andreas Färber <afaerber@suse.de>
(cherry picked from commit 13cccc692818a570d1fb1326c84d3edae68987aa)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Andreas Färber [Tue, 2 Jul 2013 18:03:00 +0000 (20:03 +0200)]
target-microblaze: gen_intermediate_code_internal() should be inlined
Cc: qemu-stable@nongnu.org Reported-by: Richard Henderson <rth@twiddle.net> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Andreas Färber <afaerber@suse.de>
(cherry picked from commit fd327f48f7e5892318b6dca2c9c6030618f65728)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Andreas Färber [Tue, 2 Jul 2013 17:35:02 +0000 (19:35 +0200)]
target-lm32: gen_intermediate_code_internal() should be inlined
Cc: qemu-stable@nongnu.org Reported-by: Richard Henderson <rth@twiddle.net> Reviewed-by: Richard Henderson <rth@twiddle.net> Acked-by: Michael Walle <michael@walle.cc> Signed-off-by: Andreas Färber <afaerber@suse.de>
(cherry picked from commit 28014bcab244e968cb03f20384943494bd069ee0)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Andreas Färber [Tue, 2 Jul 2013 17:30:14 +0000 (19:30 +0200)]
target-cris: gen_intermediate_code_internal() should be inlined
Cc: qemu-stable@nongnu.org Reported-by: Richard Henderson <rth@twiddle.net> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Andreas Färber <afaerber@suse.de>
(cherry picked from commit 6f47ec50db92b4bc77de06661a9e7a3eb538b660)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
qemu-char: Fix ID reuse after chardev-remove for qapi-based init
Commit 2c5f488 introduced qapi-based character device initialization
as a new code path in qemu_chr_new_from_opts(). Unfortunately, it
failed to store parameter opts in the new chardev. Therefore,
qemu_chr_delete() doesn't delete it. Even though the device is gone,
its options linger, and any attempt to create another one with the
same ID fails.
Cc: qemu-stable@nongnu.org Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1372339512-28149-1-git-send-email-armbru@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 2ea3e2c1e85097c45a882dbc1fbba4a7fdb3ff1c)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Marcelo Tosatti [Tue, 18 Jun 2013 23:38:25 +0000 (20:38 -0300)]
kvmclock: clock should count only if vm is running
kvmclock should not count while vm is paused, because:
1) if the vm is paused for long periods, timekeeping
math can overflow while converting the (large) clocksource
delta to nanoseconds.
2) Users rely on CLOCK_MONOTONIC to count run time, that is,
time which OS has been in a runnable state (see CLOCK_BOOTTIME).
Change kvmclock driver so as to save clock value when vm transitions
from runnable to stopped state, and to restore clock value from stopped
to runnable transition.
Cc: qemu-stable@nongnu.org Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com> Signed-off-by: Gleb Natapov <gleb@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 00f4d64ee76e873be881a82d893a591487aa7950)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Kevin Wolf [Tue, 11 Jun 2013 08:44:58 +0000 (10:44 +0200)]
raw-posix: Fix /dev/cdrom magic on OS X
The raw-posix driver has code to provide a /dev/cdrom on OS X even
though it doesn't really exist. However, since commit c66a6157 the real
filename is dismissed after finding it, so opening /dev/cdrom fails.
Put the filename back into the options QDict to make this work again.
Cc: qemu-stable@nongnu.org Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit a5c5ea3f60c000bf18c99435439533728a5f34a2)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Peter Lieven [Mon, 10 Jun 2013 10:14:20 +0000 (12:14 +0200)]
migration: do not overwrite zero pages
on incoming migration do not memset pages to zero if they already read as zero.
this will allocate a new zero page and consume memory unnecessarily. even
if we madvise a MADV_DONTNEED later this will only deallocate the memory
asynchronously.
Signed-off-by: Peter Lieven <pl@kamp.de> Signed-off-by: Juan Quintela <quintela@redhat.com>
(cherry picked from commit 211ea74022f51164a7729030b28eec90b6c99a08)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Peter Lieven [Mon, 10 Jun 2013 10:14:19 +0000 (12:14 +0200)]
Revert "migration: do not sent zero pages in bulk stage"
Not sending zero pages breaks migration if a page is zero
at the source but not at the destination. This can e.g. happen
if different BIOS versions are used at source and destination.
It has also been reported that migration on pseries is completely
broken with this patch.
Signed-off-by: Peter Lieven <pl@kamp.de> Signed-off-by: Juan Quintela <quintela@redhat.com>
(cherry picked from commit 9ef051e5536b6368a1076046ec6c4ec4ac12b5c6)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Fam Zheng [Wed, 26 Jun 2013 09:24:32 +0000 (17:24 +0800)]
vmdk: remove wrong calculation of relative path
When creating image with backing file, the driver tries to calculate the
relative path from created image file to backing file, but the path
computation is incorrect. e.g.:
The common part in file names, "vmdk-data-", is incorrectly forgotten by
relative_path(). As the VMDK specification has no restriction on
parentNameHint to be relative path, we simply remove this by using the
backing_file option.
Cc: qemu-stable@nongnu.org Signed-off-by: Fam Zheng <famz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 8ed610a1c983dd2ed1eed8841036af55751d115f)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Kevin Wolf [Wed, 26 Jun 2013 07:41:57 +0000 (09:41 +0200)]
gluster: Return bdrv_has_zero_init = 0
GlusterFS volumes can be backed by block devices, in which case
bdrv_create() doesn't make sure that the image is zeroed out. It is
currently not possibly to detect whether a given image is backed by a
file or a block device, and incorrectly assuming that it is zeroed
corrupts images during qemu-img convert, so let's err on the side of
caution and always return 0.
block/ssh: Set bdrv_has_zero_init according to the file type.
If the remote is a regular file, set it to true (ie. reads of
uninitialized areas in a newly created file will return zeroes).
If we can't prove that, return false (a safe default).
Tested by adding a debugging print statement [not part of this commit]
and creating a remote file and a remote block device:
Cc: Kevin Wolf <kwolf@redhat.com> Cc: qemu-stable@nongnu.org Signed-off-by: Richard W.M. Jones <rjones@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 0b3f21e6a99c025c829d342ee417f317fe2e03b2)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Ronnie Sahlberg [Sun, 23 Jun 2013 15:07:08 +0000 (08:07 -0700)]
Fix iSCSI crash on SG_IO with an iovector
Don't assume that SG_IO is always invoked with a simple buffer,
check the iovec_count and if it is >= 1 then we need to pass an array
of iovectors to libiscsi instead of just a plain buffer.
Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com> Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 0a53f010745635c39a83756a948df60a84e88fe5)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
The latest ipl code adaptions collided with some of the virtio
refactoring rework. This resulted in always booting the first
disk. Let's fix booting from a given ID.
The new code also checks for command lines without bootindex to
avoid random behaviour when accessing dev_st (==0).
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Reviewed-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Alexander Graf <agraf@suse.de>
(cherry picked from commit 5c8ded6ef55761e80353f42d8e59c6e233a2f51a)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
acl: acl_add can't insert before last list element, fix
Watch this:
$ upstream-qemu -nodefaults -S -vnc :0,acl,sasl -monitor stdio
QEMU 1.5.50 monitor - type 'help' for more information
(qemu) acl_add vnc.username drei allow
acl: added rule at position 1
(qemu) acl_show vnc.username
policy: deny
1: allow drei
(qemu) acl_add vnc.username zwei allow 1
acl: added rule at position 2
(qemu) acl_show vnc.username
policy: deny
1: allow drei
2: allow zwei
(qemu) acl_add vnc.username eins allow 1
acl: added rule at position 1
(qemu) acl_show vnc.username
policy: deny
1: allow eins
2: allow drei
3: allow zwei
The second acl_add inserts at position 2 instead of 1.
Root cause is an off-by-one in qemu_acl_insert(): when index ==
acl->nentries, it appends instead of inserting before the last list
element.
Cc: qemu-stable@nongnu.org Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit 4999f3a8a6009de05ba82e58e723277917f16254)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
KONRAD Frederic [Wed, 12 Jun 2013 06:15:17 +0000 (08:15 +0200)]
virtio-scsi: forward scsibus for virtio-scsi-pci.
This fix a bug with scsi hotplug on virtio-scsi-pci:
As virtio-scsi-pci doesn't have any scsi bus, we need to forward scsi-hot-add
to the virtio-scsi-device plugged on the virtio-bus.
Cc: qemu-stable@nongnu.org Reported-by: Alexey Kardashevskiy <aik@ozlabs.ru> Reviewed-by: Andreas Färber <afaerber@suse.de> Signed-off-by: KONRAD Frederic <fred.konrad@greensocs.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Peter Maydell [Tue, 25 Jun 2013 17:34:13 +0000 (18:34 +0100)]
arm/boot: Free dtb blob memory after use
The dtb blob returned by load_device_tree() is in memory allocated
with g_malloc(). Free it accordingly once we have copied its
contents into the guest memory. To make this easy, we need also to
clean up the error handling in load_dtb() so that we consistently
handle errors in the same way (by printing a message and then
returning -1, rather than either plowing on or exiting immediately).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Andreas Färber <afaerber@suse.de>
Message-id: 1371209256-11408-1-git-send-email-peter.maydell@linaro.org
(cherry picked from commit c23045ded7571f0eaad95920ab00b6bc9c3a91e6)
Conflicts:
hw/arm/boot.c
* updated to include #ifdef for CONFIG_FDT
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Michael Roth [Wed, 22 May 2013 16:32:51 +0000 (11:32 -0500)]
wdt_i6300esb: fix vmstate versioning
When this VMSD was introduced it's version fields were set to
sizeof(I6300State), making them essentially random from build to build,
version to version.
To fix this, we lock in a high version id and low minimum version id to
support old->new migration from all prior versions of this device's
state. This should work since the device state has not changed since
its introduction.
The potentially breaks migration from 1.5+ to 1.5, but since the
versioning was essentially random prior to this patch, new->old
migration was not consistently functional to begin with.
Reported-by: Nicholas Thomas <nick@bytemark.co.uk> Suggested-by: Peter Maydell <peter.maydell@linaro.org> Cc: qemu-stable@nongnu.org Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit c1990468d5a13c8f1d9111fcca0a78a6adad062b)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
CC: qemu-stable@nongnu.org Signed-off-by: Cole Robinson <crobinso@redhat.com> Acked-by: Amit Shah <amit.shah@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Tested-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Message-id: bf4505014a0a941dbd3c62068f3cf2c496b69e6a.1370023944.git.crobinso@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 5b456438f5bb395ed6b1eec95e18ce7a7a884a0a)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Paolo Bonzini [Fri, 31 May 2013 11:47:08 +0000 (13:47 +0200)]
iscsi: simplify freeing of tasks
Always free them in the iscsi_aio_*_acb functions and remove the
checks in their callers. Remove ifs when the task struct was
previously dereferenced (spotted by Coverity).
Coverity picked up a copy-paste bug. In vhost_scsi_start() we check for
!k->set_guest_notifiers and error out. The check probably got copied
but instead of erroring we actually use the function pointer!
Cc: Nicholas Bellinger <nab@linux-iscsi.org> Cc: Asias He <asias@redhat.com> Cc: qemu-stable@nongnu.org Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 0e22a2d18998fd183c8181663981eb681ca977e9)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Pavel Hrdina [Wed, 29 May 2013 13:47:23 +0000 (15:47 +0200)]
scsi-disk: scsi-block device for scsi pass-through should not be removable
This patch adds a new SCSI_DISK_F_NO_REMOVABLE_DEVOPS feature. By this
feature we can set that the scsi-block (scsi pass-through) device will still
be removable from the guest side, but from monitor it cannot be removed.
Cc: qemu-stable@nongnu.org Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 18e673b8f350e1d789b8a50d209eb4a4252ebbda)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Pavel Hrdina [Wed, 29 May 2013 12:12:10 +0000 (14:12 +0200)]
scsi-generic: check the return value of bdrv_aio_ioctl in execute_command
This fixes the bug introduced by this commit ad54ae80c73f.
The bdrv_aio_ioctl() still could return null and we should return an error
in that case.
Cc: qemu-stable@nongnu.org Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit d836f8d35dc418e24c3b11e2ea67d361b867b650)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Paolo Bonzini [Tue, 21 May 2013 12:08:53 +0000 (14:08 +0200)]
scsi-generic: fix sign extension of READ CAPACITY(10) data
Issuing the READ CAPACITY(10) command in the guest will cause QEMU
to update its knowledge of the maximum accessible LBA in the disk.
The recorded maximum LBA will be wrong if the disk is bigger than
1TB, because ldl_be_p returns a signed int.
When this is fixed, a latent bug will be unmasked. If the READ
CAPACITY(10) command reported an overflow (0xFFFFFFFF), we must
not overwrite the previously-known maximum accessible LBA, or the guest
will fail to access the disk above the first 2TB.
Pavel Hrdina [Mon, 20 May 2013 11:06:47 +0000 (13:06 +0200)]
scsi: reset cdrom tray statuses on scsi_disk_reset
Tray statuses should be also reset. Some guests may lock the tray and
right after resetting the guest it should be unlocked and closed. This
is done on power-on, reset and resume from suspend/hibernate on bare-metal.
Test results on bare-metal:
- on reset/power-on the CD-ROM tray is closed even before the monitor
is turned on
- on resume from suspend/hibernate the tray is also closed before
the monitor is turned on
From test results it seems that this behavior is OS and probably BIOS
independent.
Cc: qemu-stable@nongnu.org Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 7721c7f7c272fd2ed9d58500b7e99c33ab8a1af1)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com> Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 23307908790cd8fad91220863d7712c571ddc977)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Stefan Hajnoczi [Mon, 10 Jun 2013 09:07:33 +0000 (11:07 +0200)]
vmdk: byteswap VMDK4Header.desc_offset field
Remember to byteswap VMDK4Header.desc_offset on big-endian machines.
Cc: qemu-stable@nongnu.org Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 5a394b9e96eb3c39676353bdf8a230180ae8d6f4)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Since for PC in current implementation id should be in range [0...maxcpus)
and maxcpus is already checked, add check for lower bound and error out
on incorrect value.
Signed-off-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
(cherry picked from commit 8de433cb0820dc1f387a2d580d255744aacd60cc)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Anton Blanchard [Sun, 2 Jun 2013 12:30:18 +0000 (22:30 +1000)]
tcg-ppc64: rotr_i32 rotates wrong amount
rotr_i32 calculates the amount to left shift and puts it into a
temporary, but then doesn't use it when doing the shift.
Cc: qemu-stable@nongnu.org Signed-off-by: Anton Blanchard <anton@samba.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
(cherry picked from commit d1bdd3af49f227dd4a4b03b90cb020c55cbed440)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Anton Blanchard [Sun, 2 Jun 2013 12:29:39 +0000 (22:29 +1000)]
tcg-ppc64: Fix add2_i64
add2_i64 was adding the lower double word to the upper double word
of each input. Fix this so we add the lower double words, then the
upper double words with carry propagation.
Cc: qemu-stable@nongnu.org Signed-off-by: Anton Blanchard <anton@samba.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
(cherry picked from commit 84247357104044b8c4ec4a634e84769f432cbe52)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Anton Blanchard [Sun, 2 Jun 2013 12:28:27 +0000 (22:28 +1000)]
tcg-ppc64: bswap64 rotates output 32 bits
If our input and output is in the same register, bswap64 tries to
undo a rotate of the input. This just ends up rotating the output.
Cc: qemu-stable@nongnu.org Signed-off-by: Anton Blanchard <anton@samba.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
(cherry picked from commit 82e0f9170ac9307de4fc15bfb4d12d5534550322)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Anton Blanchard [Tue, 11 Jun 2013 11:19:35 +0000 (21:19 +1000)]
tcg-ppc64: Fix RLDCL opcode
The rldcl instruction doesn't have an sh field, so the minor opcode
is shifted 1 bit. We were using the XO30 macro which shifted the
minor opcode 2 bits.
Remove XO30 and add MD30 and MDS30 macros which match the
Power ISA categories.
Cc: qemu-stable@nongnu.org Signed-off-by: Anton Blanchard <anton@samba.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
(cherry picked from commit 8a94cfb05ea9a8991c832236b4174d354025a7b7)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Stefan Hajnoczi [Mon, 3 Jun 2013 08:58:31 +0000 (10:58 +0200)]
ivshmem: add missing error exit(2)
If the user fails to specify 'chardev' or 'shm' then we cannot continue.
Exit right away so that we don't invoke shm_open(3) with a NULL pointer.
It would be nice to replace exit(1) with error returns in the PCI device
.init() function, but leave that for another patch since exit(1) is
currently used elsewhere.
Spotted by Coverity.
Cc: Cam Macdonell <cam@cs.ualberta.ca> Cc: qemu-stable@nongnu.org Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit baefb8bf8e4a708c601bbab898a6039cd9cd12e3)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Andreas Färber [Tue, 11 Jun 2013 11:13:58 +0000 (13:13 +0200)]
Makefile: Install qemu-img and qemu-nbd man pages only if built
When splitting openSUSE's qemu and qemu-linux-user packages we noticed
that for linux-user-only builds unrelated man pages got installed.
It's surely possible to delete them before packaging, but not installing
them in the first place seems more logical.
Cc: qemu-stable@nongnu.org Signed-off-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit 8a3e8f7fd8144343f6c83e810b988c1e8a99d50a)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Jason Wang [Tue, 4 Jun 2013 05:18:17 +0000 (13:18 +0800)]
tap: fix NULL dereference when passing invalid parameters to tap
This patch forbid the following invalid parameters to tap:
1) fd and vhostfds were specified but vhostfd were not specified
2) vhostfds were specified but fds were not specified
3) fds and vhostfd were specified
For 1 and 2, net_init_tap_one() will still pass NULL as vhostfdname to
monitor_handle_fd_param(), which may crash the qemu.
Also remove the unnecessary has_fd check.
Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Stefan Hajnoczi <shajnocz@redhat.com> Cc: Laszlo Ersek <lersek@redhat.com> Cc: qemu-stable@nongnu.org Signed-off-by: Jason Wang <jasowang@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit c87826a878be05208c3906eb9d5e1f37cff5e98e)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Michael Tokarev [Wed, 5 Jun 2013 14:44:54 +0000 (18:44 +0400)]
create qemu_openpty_raw() helper function and move it to a separate file
In two places qemu uses openpty() which is very system-dependent,
and in both places the pty is switched to raw mode as well.
Make a wrapper function which does both steps, and move all the
system-dependent complexity into a separate file, together
with static/local implementations of openpty() and cfmakeraw()
from qemu-char.c.
It is in a separate file, not part of oslib-posix.c, because
openpty() often resides in -lutil which is not linked to
every program qemu builds.
This change removes #including of <pty.h>, <termios.h>
and other rather specific system headers out of qemu-common.h,
which isn't a place for such specific headers really.
This version has been verified to build correctly on Linux,
OpenBSD, FreeBSD and OpenIndiana. On the latter it lets qemu
to be built with gtk gui which were not possible there due to
missing openpty() and cfmakeraw().
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Tested-by: Andreas Färber <andreas.faerber@web.de>
(cherry picked from commit 4efeabbbe8441cc327052304976c7b9b86309d72)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Without this patch the guest pauses due to ENOMEDIUM. The guest is
stuck in a continuous pause loop since the I/O request is retried and
fails immediately again when the guest is resumed.
With this patch the error is reported to the guest.
Note that this scenario actually happens sometimes during libvirt disk
hot unplug, where device_del is followed by drive_del. I/O may still be
submitted to the drive after drive_del if the guest does not process the
PCI hot unplug notification.
Reported-by: Dafna Ron <dron@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 293c51a6ee369228633a8428ab689f14c045ff98)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
PCI host bridges need to set fw_name to be discoverable
by bios for boot device selection.
In particular, seabios expects root device to be called
"/pci/@i0cf8", so let's set it up like that for Q35.
Cc: qemu-stable@nongnu.org Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Tested-by: Amos Kong <akong@redhat.com>
(cherry picked from commit 68c0e134a090666246b467deaf9046e573b089f2)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
target-i386: Fix aflag logic for CODE64 and the 0x67 prefix
The code reorganization in commit 4a6fd938 broke handling of PREFIX_ADR.
While fixing this, tidy and comment the code so that it's more obvious
what's going on in setting both aflag and dflag.
The TARGET_X86_64 ifdef can be eliminated because CODE64 expands to the
constant zero when TARGET_X86_64 is undefined.
Cc: Paolo Bonzini <pbonzini@redhat.com> Reported-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Richard Henderson <rth@twiddle.net> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1369855851-21400-1-git-send-email-rth@twiddle.net Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit dec3fc9657e0682637de4d5a29d947284d01985c)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Which we basically used to print out a greeting/prompt for the
monitor.
AFAICT the only reason this was ever done in a BH was because in
some cases we'd modify the chr_write handler for a new chardev
backend *after* the site where we issued the reset (see:
86e94d:qemu_chr_open_stdio())
At some point this event was renamed to CHR_EVENT_OPENED, and we've
maintained the use of this BH ever since.
However, due to 9f939df955a4152aad69a19a77e0898631bb2c18, we schedule
the BH via g_idle_add(), which is causing events to sometimes be
delivered after we've already begun processing data from backends,
leading to:
known bugs:
QMP:
session negotation resets with OPENED event, in some cases this
is causing new sessions to get sporadically reset
potential bugs:
hw/usb/redirect.c:
can_read handler checks for dev->parser != NULL, which may be
true if CLOSED BH has not been executed yet. In the past, OPENED
quiesced outstanding CLOSED events prior to us reading client
data. If it's delayed, our check may allow reads to occur even
though we haven't processed the OPENED event yet, and when we
do finally get the OPENED event, our state may get reset.
qtest.c:
can begin session before OPENED event is processed, leading to
a spurious reset of the system and irq_levels
gdbstub.c:
may start a gdb session prior to the machine being paused
To fix these, let's just drop the BH.
Since the initial reasoning for using it still applies to an extent,
work around that by deferring the delivery of CHR_EVENT_OPENED until
after the chardevs have been fully initialized, toward the end of
qmp_chardev_add() (or some cases, qemu_chr_new_from_opts()). This
defers delivery long enough that we can be assured a CharDriverState
is fully initialized before CHR_EVENT_OPENED is sent.
Also, rather than requiring each chardev to do an explicit open, do it
automatically, and allow the small few who don't desire such behavior to
suppress the OPENED-on-init behavior by setting a 'explicit_be_open'
flag.
We additionally add missing OPENED events for stdio backends on w32,
which were previously not being issued, causing us to not recieve the
banner and initial prompts for qmp/hmp.
Reported-by: Stefan Priebe <s.priebe@profihost.ag> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Message-id: 1370636393-21044-1-git-send-email-mdroth@linux.vnet.ibm.com Cc: qemu-stable@nongnu.org Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit bd5c51ee6c4f1c79cae5ad2516d711a27b4ea8ec)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Wendy Liang [Fri, 7 Jun 2013 03:05:38 +0000 (13:05 +1000)]
xilinx_axidma: Do not set DMA .notify to NULL after notify
If a stream notify function is not ready, it may re-populate the notify call-
back to indicate it should be re-polled later. This break in this usage, as
immediately following the notify() call, .notify is set to NULL. reverse the
ordering of the notify call and NULL assignment accordingly.
[PC: Reworked commit message]
Signed-off-by: Wendy Liang <jliang@xilinx.com> Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
(cherry picked from commit 4f293bd6e53739e089f33b458f70a9c4ac136b92)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Cornelia Huck [Wed, 5 Jun 2013 15:13:05 +0000 (17:13 +0200)]
virtio-ccw: Fix unsetting of indicators.
Interpretation of the ccws to register (configuration) indicators contained
a thinko: We want to disallow reading from 0, but setting the indicator
pointer to 0 is fine.
Let's fix the handling for CCW_CMD_SET{,_CONF}_IND.
Stefan Hajnoczi [Tue, 4 Jun 2013 12:47:26 +0000 (14:47 +0200)]
vmxnet3: fix NICState cleanup
Use qemu_del_nic() instead of qemu_del_net_client() to correctly free
the entire NICState.
Cc: qemu-stable@nongnu.org Reported-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 3ffee3cd5fb29de2115bdcbde0a02f47ce69a24c)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Amos Kong [Wed, 29 May 2013 07:56:42 +0000 (15:56 +0800)]
qdev: fix get_fw_dev_path to support to add nothing to fw_dev_path
Recent virtio refactoring in QEMU made virtio-bus become the parent bus
of scsi-bus, and virtio-bus doesn't have get_fw_dev_path implementation,
typename will be added to fw_dev_path by default, the new fw_dev_path
could not be identified by seabios. It causes that bootindex parameter
of scsi device doesn't work.
This patch implements get_fw_dev_path() in BusClass, it will be called
if bus doesn't implement the method, tyename will be added to
fw_dev_path. If the implemented method returns NULL, nothing will be
added to fw_dev_path.
It also implements virtio_bus_get_fw_dev_path() to return NULL. Then
QEMU will still pass original style of fw_dev_path to seabios.
Signed-off-by: Amos Kong <akong@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Message-id: 1369814202-10346-1-git-send-email-akong@redhat.com
--
v2: only add nothing to fw_dev_path when get_fw_dev_path() is
implemented and returns NULL. then it will not effect other devices
don't have get_fw_dev_path() implementation.
v3: implement default get_fw_dev_path() in BusClass Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit bbfa18fca4e44ff9c23d36b50d8a998af9c9e9fc)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
xen: start PCI hole at 0xe0000000 (same as pc_init1 and qemu-xen-traditional)
We are currently setting the PCI hole to start at HVM_BELOW_4G_RAM_END,
that is 0xf0000000.
Start the PCI hole at 0xe0000000 instead, that is the same value used by
pc_init1 and qemu-xen-traditional.
Luiz Capitulino [Tue, 28 May 2013 18:19:22 +0000 (14:19 -0400)]
target-i386: fix abort on bad PML4E/PDPTE/PDE/PTE addresses
The code used to walk IA-32e page-tables, and possibly PAE page-tables,
uses the bit mask ~0xfff to get the next PML4E/PDPTE/PDE/PTE address.
However, as we use a uint64_t to store the resulting address, that mask
gets expanded to 0xfffffffffffff000 which not only ends up selecting
reserved bits but also selects the XD bit (execute-disable) which
happens to be enabled by Windows 8, causing qemu_get_ram_ptr() to abort.
This commit fixes that problem by replacing ~0xfff by a correct mask
that only selects the address bit range (ie. bits 51:12).
Andreas Färber [Wed, 5 Jun 2013 13:17:57 +0000 (15:17 +0200)]
ide: Set BSY bit during FLUSH
The implementation of the ATA FLUSH command invokes a flush at the block
layer, which may on raw files on POSIX entail a synchronous fdatasync().
This may in some cases take so long that the SLES 11 SP1 guest driver
reports I/O errors and filesystems get corrupted or remounted read-only.
Avoid this by setting BUSY_STAT, so that the guest is made aware we are
in the middle of an operation and no ATA commands are attempted to be
processed concurrently.
Addresses BNC#637297.
Suggested-by: Gonglei (Arei) <arei.gonglei@huawei.com> Signed-off-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit f68ec8379e88502b4841a110c070e9b118d3151c)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Gerd Hoffmann [Mon, 27 May 2013 10:41:24 +0000 (12:41 +0200)]
chardev: fix "info chardev" output
Fill unset CharDriverState->filename with the backend name, so
'info chardev' will return at least the chardev type. Don't
touch it in case the chardev init function filled it already,
like the socket+pty chardevs do for example.
target-i386: Attach ICC bus to CPU on its creation
X86CPU should have parent bus so it could provide bus for child APIC.
The commit makes it mandatory to pass a valid ICC bus to cpu_x86_create,
but cpu_x86_init just passes NULL to it.
xen_machine_pv uses cpu_x86_init, therefore it has been broken.
This patch fixes the problem by removing the dummy CPU creation
altogether from xen_init_pv, relying on the fact that QEMU can now cope
with a machine without an emulated CPU.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Reviewed-by: Andreas Färber <afaerber@suse.de> CC: imammedo@redhat.com CC: qemu-stable@nongnu.org
(cherry picked from commit 58ee9b0ae05d81c74d6869a25ce4263fc22ed809)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
qom/object: Don't poll cast cache for NULL objects
object_dynamic_cast_assert used to be tolerant of NULL objects and not
assert. It's clear from the implementation that this is the expected
behavior.
The preceding check of the cast cache dereferences obj however causing
a segfault. Fix by conditionalizing the cast cache logic on obj being
non-null.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Reviewed-by: Andreas Färber <afaerber@suse.de> Reviewed-by: Anthony Liguori <aliguori@us.ibm.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Message-id: 8e2bef6a55753869c50bfa32226f7fcf0439ca62.1369183592.git.peter.crosthwaite@xilinx.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 95916abcf428fb03644468c7fbce64356c6483c0)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Stefan Hajnoczi [Wed, 22 May 2013 12:50:18 +0000 (14:50 +0200)]
rtl8139: flush queued packets when RxBufPtr is written
Net queues support efficient "receive disable". For example, tap's file
descriptor will not be polled while its peer has receive disabled. This
saves CPU cycles for needlessly copying and then dropping packets which
the peer cannot receive.
rtl8139 is missing the qemu_flush_queued_packets() call that wakes the
queue up when receive becomes possible again.
As a result, the Windows 7 guest driver reaches a state where the
rtl8139 cannot receive packets. The driver has actually refilled the
receive buffer but we never resume reception.
The bug can be reproduced by running a large FTP 'get' inside a Windows
7 guest:
The Linux guest driver does not trigger the bug, probably due to a
different buffer management strategy.
Reported-by: Oliver Francke <oliver.francke@filoo.de> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 00b7ade807b5ce6779ddd86ce29c5521ec5c529a)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
hw/9pfs: use O_NOFOLLOW for mapped readlink operation
With mapped security models like mapped-xattr and mapped-file, we save the
symlink target as file contents. Now if we ever expose a normal directory
with mapped security model and find real symlinks in export path, never
follow them and return proper error.
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
(cherry picked from commit aed858ce10ef09c7bdf03f73e75e772f567c74cd)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
When guest tries to chmod a block or char device file over 9pfs,
the qemu process segfaults. With 9p2000.u protocol we use wstat to
change mode bits and client don't send extension information for
chmod. We need to check for size field to check whether extension
info is present or not.
Reported-by: Michael Tokarev <mjt@tls.msk.ru> Acked-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
(cherry picked from commit c7e587b73ebac05943df78f5f37d80d32ff47d3d)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Hervé Poussineau [Mon, 20 May 2013 10:33:08 +0000 (12:33 +0200)]
osdep: fix qemu_anon_ram_free trace (+ fix compilation on 32 bit hosts)
Commit e7a09b92b70786f9e8c5fbf787e0248c6ebbe707 added a trace at each
memory freeing, but unfortunately inverted size and pointer when printing
them. Fix trace.
This also led to a compilation error on 32 bit hosts:
In file included from include/trace.h:4:0,
from trace/generated-events.c:3:
./trace/generated-tracers.h: In function ‘trace_qemu_anon_ram_free’:
./trace/generated-tracers.h:64:9: error: format ‘%zu’ expects argument of type
‘size_t’, but argument 3 has type ‘void *’ [-Werror=format]
./trace/generated-tracers.h:64:9: error: format ‘%p’ expects argument of type
‘void *’, but argument 4 has type ‘size_t’ [-Werror=format]
Ed Maste [Thu, 16 May 2013 15:32:28 +0000 (11:32 -0400)]
Rename hexdump to avoid FreeBSD libutil conflict
On FreeBSD libutil is used for openpty(), but it also provides a hexdump()
which conflicts with QEMU's.
Signed-off-by: Ed Maste <emaste@freebsd.org> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1368718348-15199-1-git-send-email-emaste@freebsd.org Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Reported-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Hu Tao <hutao@cn.fujitsu.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1369046780-17498-1-git-send-email-pbonzini@redhat.com Cc: qemu-stable@nongnu.org Signed-off-by: Hu Tao <hutao@cn.fujitsu.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Lei Li [Mon, 20 May 2013 06:51:03 +0000 (14:51 +0800)]
chardev: Make consistent with udp device for new qapi backend
When register and open a chardev udp, the backend name should be udp
not dgram, and we do not have backend dgram in the chardev list. This
patch makes the new qapi udp backend consistent with the original
udp device.
Signed-off-by: Lei Li <lilei@linux.vnet.ibm.com>
Message-id: 1369032665-18159-2-git-send-email-lilei@linux.vnet.ibm.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Petar Jovanovic [Sat, 18 May 2013 01:53:41 +0000 (03:53 +0200)]
target-mips: fix EXTPDP and setting up pos field in the DSPControl reg
This change makes sure that modifications of pos field in the DSPControl
register do not trash other bits in the register. This bug can be triggered
with the additional test case in mips32-dsp/extpdp.c in this commit.
In addition to this, this change corrects incorrect calculation of the mask
for EXTPDP.
Signed-off-by: Petar Jovanovic <petar.jovanovic@imgtec.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Anthony Liguori [Fri, 17 May 2013 15:00:30 +0000 (10:00 -0500)]
Merge remote-tracking branch 'mdroth/qga-pull-2013-05-13' into staging
* mdroth/qga-pull-2013-05-13:
qga: unlink just created guest-file if fchmod() or fdopen() fails on it
qga: distinguish binary modes in "guest_file_open_modes" map
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
projects / qemu.git / log