virtio-blk registers a vmstate change handler. Unfortunately this
handler is not unregistered on unplug, leading to some random
crashes if the system is restarted, e.g. via virsh reboot.
Lets unregister the vmstate change handler if the device is removed.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 69b302b2044a9a0f6d157d25b39a91ff7124c61f)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Mark Cave-Ayland [Sun, 24 Feb 2013 20:46:11 +0000 (20:46 +0000)]
ide/macio: Fix macio DMA initialisation.
Commit 07a7484e5d713f1eb7c1c37b18a8ab0d56d88875 accidentally introduced a bug
in the initialisation of the second macio DMA device which could cause some
DMA operations to segfault QEMU.
CC: Andreas Färber <afaerber@suse.de> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Acked-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 02d583c7232d65920634f7553700eb348f84e472)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Andreas Färber [Mon, 11 Feb 2013 10:53:11 +0000 (10:53 +0000)]
target-ppc: Fix CPU_POWERPC_MPC8547E
It was defined to ..._MPC8545E_v21 rather than ..._MPC8547E_v21.
Due to both resolving to CPU_POWERPC_e500v2_v21 this did not show.
Fixing this nontheless helps with QOM'ifying CPU aliases.
Signed-off-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Alexander Graf <agraf@suse.de>
(cherry picked from commit 0136d715ad985fccb8fed4bb5081d5bd20bfe88c)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
David Gibson [Sun, 10 Feb 2013 18:59:02 +0000 (18:59 +0000)]
pseries: Add cleanup hook for PAPR virtual LAN device
Currently the spapr-vlan device does not supply a cleanup call for its
NetClientInfo structure. With current qemu versions, that leads to a SEGV
on exit, when net_cleanup() attempts to call the cleanup handlers on all
net clients.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
(cherry picked from commit 156dfaded87d718a9ea798083e1c3e5ea7526713)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
As of 5a49d3e9 we assume SPICE_PORT_EVENT_BREAK to be defined.
However, it is defined not in 0.12.2 what we require now, but in
0.12.3. Therefore in order to prevent build failure we must
adjust our minimal requirements.
Paolo Bonzini [Fri, 22 Mar 2013 16:57:48 +0000 (17:57 +0100)]
qemu-bridge-helper: force usage of a very high MAC address for the bridge
Linux uses the lowest enslaved MAC address as the MAC address of
the bridge. Set MAC address to a high value so that it does not
affect the MAC address of the bridge.
Changing the MAC address of the bridge could cause a few seconds
of network downtime.
Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1363971468-21154-1-git-send-email-pbonzini@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 226ecabfbd410c7b2041385ea4b6f083a09ce8a2)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Yeongkyoon Lee [Fri, 22 Mar 2013 12:50:17 +0000 (21:50 +0900)]
tcg: Fix occasional TCG broken problem when ldst optimization enabled
is_tcg_gen_code() checks the upper limit of TCG generated code range wrong, so
that TCG could get broken occasionally only when CONFIG_QEMU_LDST_OPTIMIZATION
enabled. The reason is code_gen_buffer_max_size does not cover the upper range
up to (TCG_MAX_OP_SIZE * OPC_BUF_SIZE), thus code_gen_buffer_max_size should be
modified to code_gen_buffer_size.
CC: qemu-stable@nongnu.org Signed-off-by: Yeongkyoon Lee <yeongkyoon.lee@samsung.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 52ae646d4a3ebdcdcc973492c6a56f2c49b6578f)
Conflicts:
translate-all.c
*modified to use non-tcg-ctx version of code_gen_* variables
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 1363323879-682-1-git-send-email-peter.crosthwaite@xilinx.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 4f306496183d81aed4b43762cf3bfd6e054de767)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Michael Roth [Fri, 1 Mar 2013 17:40:27 +0000 (11:40 -0600)]
qemu-ga: use key-value store to avoid recycling fd handles after restart
Hosts hold on to handles provided by guest-file-open for periods that can
span beyond the life of the qemu-ga process that issued them. Since these
are issued starting from 0 on every restart, we run the risk of issuing
duplicate handles after restarts/reboots.
As a result, users with a stale copy of these handles may end up
reading/writing corrupted data due to their existing handles effectively
being re-assigned to an unexpected file or offset.
We unfortunately do not issue handles as strings, but as integers, so a
solution such as using UUIDs can't be implemented without introducing a
new interface.
As a workaround, we fix this by implementing a persistent key-value store
that will be used to track the value of the last handle that was issued
across restarts/reboots to avoid issuing duplicates.
The store is automatically written to the same directory we currently
set via --statedir to track fsfreeze state, and so should be applicable
for stable releases where this flag is supported.
A follow-up can use this same store for handling fsfreeze state, but
that change is cosmetic and left out for now.
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com> Cc: qemu-stable@nongnu.org
* fixed guest_file_handle_add() return value from uint64_t to int64_t
(cherry picked from commit 39097daf15c42243742667607d2cad2c9dc4f764)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Paolo Bonzini [Wed, 6 Mar 2013 17:02:01 +0000 (18:02 +0100)]
qcow2: make is_allocated return true for zero clusters
Otherwise, live migration of the top layer will miss zero clusters and
let the backing file show through. This also matches what is done in qed.
QCOW2_CLUSTER_ZERO clusters are invalid in v2 image files. Check this
directly in qcow2_get_cluster_offset instead of replicating the test
everywhere.
Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 381b487d54ba18c73df9db8452028a330058c505)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
David Gibson [Mon, 25 Feb 2013 19:27:12 +0000 (19:27 +0000)]
pseries: Add compatible property to root of device tree
Currently, for the pseries machine the device tree supplied by qemu to SLOF
and from there to the guest does not include a 'compatible property' at the
root level. Usually that works fine, since in this case the compatible
property doesn't really give any information not already found in the
'device_type' or 'model' properties.
However, the lack of 'compatible' confuses the bootloader install in the
SLES11 SP2 and SLES11 SP3 installers. This patch therefore adds a token
'compatible' property to work around that.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Cc: qemu-stable@nongnu.org Signed-off-by: Alexander Graf <agraf@suse.de>
(cherry picked from commit d63919c93e6fb0587632adafba82c21e55ea4396)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Allow virtio-net features for legacy s390 virtio bus
Enable all virtio-net features for the legacy s390 virtio bus. This also fixes
kernel BUG at /usr/src/packages/BUILD/kernel-default-3.0.58/linux-3.0/drivers/s390/kvm/kvm_virtio.c:121!
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Cc: qemu-stable@nongnu.org Signed-off-by: Alexander Graf <agraf@suse.de>
(cherry picked from commit 35569cea79fd3f5ccb5b23ca024c7d3aa4d24e75)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Paolo Bonzini [Mon, 25 Feb 2013 11:14:34 +0000 (12:14 +0100)]
scsi-disk: do not complete canceled UNMAP requests
Canceled requests should never be completed, and doing that could cause
accesses to a NULL hba_private field.
Cc: qemu-stable@nongnu.org Reported-by: Stefan Priebe <s.priebe@profihost.ag> Tested-by: Stefan Priebe <s.priebe@profihost.ag> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit d0242eadc5bba4f3abe34bc5d536bbfb81aa9891)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Paolo Bonzini [Fri, 22 Feb 2013 17:14:28 +0000 (18:14 +0100)]
iscsi: look for pkg-config file too
Due to library conflicts, Fedora will have to put libiscsi in
/usr/lib/iscsi. Simplify configuration by using a pkg-config
file. The Fedora package will distribute one, and the patch
to add it has been sent to upstream libiscsi as well.
Paolo Bonzini [Mon, 25 Feb 2013 11:16:05 +0000 (12:16 +0100)]
scsi-disk: handle io_canceled uniformly and correctly
Always check it immediately after calling bdrv_acct_done, and
always do a "goto done" in case the "done" label has to free
some memory---as is the case for scsi_unmap_complete in the
previous patch.
This patch could fix problems that happen when a request is
split into multiple parts, and one of them is canceled. Then
the next part is fired, but the HBA's cancellation callbacks have
fired already. Whether this happens or not, depends on how the
block/ driver implements AIO cancellation. It it does a simple
bdrv_drain_all() or similar, then it will not have a problem.
If it only cancels the given AIOCB, this scenario could happen.
Michael Roth [Fri, 1 Mar 2013 17:49:38 +0000 (11:49 -0600)]
qemu-ga: make guest-sync-delimited available during fsfreeze
We currently maintain a whitelist of commands that are safe during
fsfreeze. During fsfreeze, we disable all commands that aren't part of
that whitelist.
guest-sync-delimited meets the criteria for being whitelisted, and is
also required for qemu-ga clients that rely on guest-sync-delimited for
re-syncing the channel after a timeout.
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com> Cc: qemu-stable@nongnu.org Reviewed-by: Eric Blake <eblake@redhat.com>
(cherry picked from commit c5dcb6ae23a3ed7a01bae1cd75ce02abea31db5e)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Gerd Hoffmann [Wed, 20 Feb 2013 08:37:12 +0000 (09:37 +0100)]
vga: fix byteswapping.
In case host and guest endianness differ the vga code first creates
a shared surface (using qemu_create_displaysurface_from), then goes
patch the surface format to indicate that the bytes must be swapped.
The switch to pixman broke that hack as the format patching isn't
propagated into the pixman image, so ui code using the pixman image
directly (such as vnc) uses the wrong format.
Fix that by adding a byteswap parameter to
qemu_create_displaysurface_from, so we'll use the correct format
when creating the surface (and the pixman image) and don't have
to patch the format afterwards.
Jason Wang [Wed, 20 Feb 2013 10:04:01 +0000 (18:04 +0800)]
help: add docs for multiqueue tap options
Cc: Markus Armbruster <armbru@redhat.com> Cc: Jason Wang <jasowang@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Message-id: 1361354641-51969-1-git-send-email-jasowang@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 2ca81baa0b3363d57de94f8b80c02a003b361161)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Jason Wang [Fri, 22 Feb 2013 15:15:06 +0000 (23:15 +0800)]
net: reduce the unnecessary memory allocation of multiqueue
Edivaldo reports a problem that the array of NetClientState in NICState is too
large - MAX_QUEUE_NUM(1024) which will wastes memory even if multiqueue is not
used.
Instead of static arrays, solving this issue by allocating the queues on demand
for both the NetClientState array in NICState and VirtIONetQueue array in
VirtIONet.
Tested by myself, with single virtio-net-pci device. The memory allocation is
almost the same as when multiqueue is not merged.
Cc: Edivaldo de Araujo Pereira <edivaldoapereira@yahoo.com.br> Cc: qemu-stable@nongnu.org Signed-off-by: Jason Wang <jasowang@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit f6b26cf257232e5854c0e5c98a8685c625bf986e)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Igor Mitsyanko [Sun, 10 Mar 2013 13:58:05 +0000 (17:58 +0400)]
qemu-char.c: fix waiting for telnet connection message
Current colon position in "waiting for telnet connection" message template
produces messages like:
QEMU waiting for connection on: telnet::127.0.0.16666,server
After moving a colon to the right, we will get a correct messages like:
QEMU waiting for connection on: telnet:127.0.0.1:6666,server
Signed-off-by: Igor Mitsyanko <i.mitsyanko@gmail.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit e5545854dd1e2e3507b210ac0c1cbfca69ff0fcb)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Jason Wang [Thu, 21 Feb 2013 03:05:56 +0000 (11:05 +0800)]
tap: forbid creating multiqueue tap when hub is used
Obviously, hub does not support multiqueue tap. So this patch forbids creating
multiple queue tap when hub is used to prevent the crash when command line such
as "-net tap,queues=2" is used.
Cc: qemu-stable@nongnu.org Signed-off-by: Jason Wang <jasowang@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit ce675a7579fea498397c5d2da3c5367671e9f02a)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Peter Lieven [Mon, 18 Feb 2013 12:48:31 +0000 (13:48 +0100)]
block: complete all IOs before .bdrv_truncate
bdrv_truncate() invalidates the bdrv_check_request() result for
in-flight requests, so there should better be none.
Cc: qemu-stable@nongnu.org Signed-off-by: Peter Lieven <pl@kamp.de> Reported-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 9a665b2b8640e464f0a778216fc2dca8d02acf33)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Paolo Bonzini [Tue, 19 Feb 2013 10:59:10 +0000 (11:59 +0100)]
coroutine: trim down nesting level in perf_nesting test
20000 nested coroutines require 20 GB of virtual address space.
Only nest 1000 of them so that the test (only enabled with
"-m perf" on the command line) runs on 32-bit machines too.
Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 027003152f4cf21952f9282b4487daf3fdd372ba)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Andreas Färber [Sun, 17 Feb 2013 23:16:00 +0000 (23:16 +0000)]
target-ppc: Fix "G2leGP3" PVR
Unlike derived PVR constants mapped to CPU_POWERPC_G2LEgp3, the
"G2leGP3" model definition itself used the CPU_POWERPC_G2LEgp1 PVR.
Fixing this will allow to alias CPU_POWERPC_G2LEgp3-using types to
"G2leGP3".
Signed-off-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Alexander Graf <agraf@suse.de>
(cherry picked from commit bfe6d5b0daf9fdafeb0dbb7c26774dbb1bbb4507)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
With the updated OpenBIOS image, -M g3beige fails to boot quik.
Signed-off-by: Alexander Graf <agraf@suse.de> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-id: 1360796292-27078-1-git-send-email-agraf@suse.de Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The device returns false from the can receive function when the FIFO is
full. This means the device should check for buffered input whenever a byte is
popped from the FIFO.
Reported-by: Jason Wu <huanyu@xilinx.com> Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 1360632571-25638-1-git-send-email-peter.crosthwaite@xilinx.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Stefan Hajnoczi [Wed, 13 Feb 2013 08:25:34 +0000 (09:25 +0100)]
block/curl: only restrict protocols with libcurl>=7.19.4
The curl_easy_setopt(state->curl, CURLOPT_PROTOCOLS, ...) interface was
introduced in libcurl 7.19.4. Therefore we cannot protect against
CVE-2013-0249 when linking against an older libcurl.
Reported-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Tested-by: Andreas Färber <andreas.faeber@web.de>
Message-id: 1360743934-8337-1-git-send-email-stefanha@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Andreas Färber [Tue, 12 Feb 2013 22:16:06 +0000 (23:16 +0100)]
net: Avoid NULL function pointer dereference on cleanup
The pSeries machine and some other devices don't supply a cleanup
callback. Revert part of 1ceef9f27359cbe92ef124bf74de6f792e71f6fb that
started calling it unconditionally.
Cc: Jason Wang <jasowang@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
Message-id: 1360707366-9271-1-git-send-email-afaerber@suse.de Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Cornelia Huck [Thu, 7 Feb 2013 02:20:51 +0000 (02:20 +0000)]
s390: Fix handling of iscs.
There are two ways to express an interruption subclass:
- As a bitmask, as used in cr6.
- As a number, as used in the I/O interruption word.
Unfortunately, we have treated to I/O interruption word as if it
contained the bitmask as well, which went unnoticed so far as
- (queued-for-next) kvm made the same mistake, and
- Linux guest kernels don't check the isc value in the I/O interruption
word for subchannel interrupts.
Make sure that we treat the I/O interruption word correctly.
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Alexander Graf <agraf@suse.de>
Cornelia Huck [Thu, 7 Feb 2013 02:20:50 +0000 (02:20 +0000)]
s390: Keep I/O interrupts enabled for all iscs.
do_io_interrupt() would stop scanning further iscs if it found
an I/O interrupt it could inject. This might cause the pending
interrupt indication for I/O interrupts to be reset although there
might be queued I/O interrupts for subsequent iscs.
Fix this by reordering the logic: Inject the I/O interrupt immediately
and continue searching all iscs for queued interrupts.
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Alexander Graf <agraf@suse.de>
s390/sclpconsole: prevent char layer callback during initialization
Starting a qemu with an sclp console and pressing a key very early
can result in
"qemu-system-s390x: hw/s390x/sclpconsole.c:60: receive_from_chr_layer:
Assertion `scon->iov' failed."
Lets make sure that the init process is finished, since the iov is
allocated after CHR_EVENT_OPENED by also checking for scon->iov.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Alexander Graf <agraf@suse.de>
Pulled the qdev_create functionality out of xilinx_axiethernet_create() and
pushed it up to the petalogix_ml605_mmu machine model. This makes the ethernet
create+init process consistent with the AXI DMA. Renamed function to
xilinx_axiethernet_init accordingly.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Stefan Hajnoczi [Tue, 12 Feb 2013 09:37:15 +0000 (10:37 +0100)]
block-migration: fix pending() and iterate() return values
The return value of .save_live_pending() is the number of bytes
remaining. This is just an estimate because we do not know how many
blocks will be dirtied by the running guest.
Currently our return value for .save_live_pending() is wrong because it
includes dirty blocks but not in-flight bdrv_aio_readv() requests or
unsent blocks. Crucially, it also doesn't include the bulk phase where
the entire device is transferred - therefore we risk completing block
migration before all blocks have been transferred!
The return value of .save_live_iterate() is the number of bytes
transferred this iteration. Currently we return whether there are bytes
remaining, which is incorrect.
Move the bytes remaining calculation into .save_live_pending() and
really return the number of bytes transferred this iteration in
.save_live_iterate().
Also fix the %ld format specifier which was used for a uint64_t
argument. PRIu64 must be use to avoid warnings on 32-bit hosts.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com>
Message-id: 1360661835-28663-3-git-send-email-stefanha@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Stefan Hajnoczi [Tue, 12 Feb 2013 09:37:14 +0000 (10:37 +0100)]
migration: make qemu_ftell() public and support writable files
Migration .save_live_iterate() functions return the number of bytes
transferred. The easiest way of doing this is by calling qemu_ftell(f)
at the beginning and end of the function to calculate the difference.
Make qemu_ftell() public so that block-migration will be able to use it.
Also adjust the ftell calculation for writable files where buf_offset
does not include buf_size.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com>
Message-id: 1360661835-28663-2-git-send-email-stefanha@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Stefan Hajnoczi [Tue, 12 Feb 2013 13:34:05 +0000 (14:34 +0100)]
trace: deal with deprecated glib thread functions
g_thread_create() was deprecated in favor of g_thread_new() and
g_cond_new() was deprecated in favor of GCond initialization. If the
host has glib 2.31 or newer, avoid using the deprecated functions.
This patch solves compiler warnings that are generated when glib's
deprecated functions are used.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1360676045-9204-3-git-send-email-stefanha@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Stefan Hajnoczi [Tue, 12 Feb 2013 13:34:04 +0000 (14:34 +0100)]
trace: use glib atomic int types
Juan reported that RHEL 6.4 hosts give compiler warnings because we use
unsigned int while glib prototypes use volatile gint in trace/simple.c.
trace/simple.c:223: error: pointer targets in passing argument 1 of 'g_atomic_int_compare_and_exchange' differ in signedness
These variables are only accessed with glib atomic int functions so
let's play it by the book and use volatile gint.
Reported-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1360676045-9204-2-git-send-email-stefanha@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Jeff Cody's testing revealed that the interpretation of size differs
even between VirtualPC and HyperV. Revert this so there is time to
consider the impact of any backwards incompatible behavior this change
creates.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Tue, 5 Feb 2013 11:28:33 +0000 (12:28 +0100)]
block/raw-posix: detect readonly Linux block devices using BLKROGET
Linux block devices can be set read-only with "blockdev --setro
<device>". The same thing can be done for LVM volumes using "lvchange
--permission r <volume>". This read-only setting is independent of
device node permissions. Therefore the device can still be opened
O_RDWR but actual writes will fail.
This results in odd behavior for QEMU. bdrv_open() is supposed to fail
if a read-only image is being opened with BDRV_O_RDWR. By not failing
for Linux block devices, the guest boots up but every write produces an
I/O error.
This patch checks whether the block device is read-only so that Linux
block devices behave like regular files.
Reported-by: Sibiao Luo <sluo@redhat.com> Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Kuo-Jung Su [Mon, 4 Feb 2013 09:56:25 +0000 (17:56 +0800)]
hw/m25p80.c: add WRSR(0x01) support
Atmel, SST and Intel/Numonyx serial flash tend to power up
with the software protection bits set.
And thus the new m25p80.c in linux kernel would always tries
to use WREN(0x06) + WRSR(0x01) to turn-off the protection.
The WEL(0x02) of status register is supposed to be cleared after
WRSR(0x01). There are also some drivers (i.e mine for RTOSes)
would check the WEL(0x02) in status register to make sure the
protection is correctly turned off.
Signed-off-by: Kuo-Jung Su <dantesu@faraday-tech.com> Cc: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Cc: Peter Maydell <peter.maydell@linaro.org> Cc: Edgar E. Iglesias <edgar.iglesias@gmail.com> Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1360602348-4727-1-git-send-email-armbru@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Stefan Hajnoczi [Mon, 11 Feb 2013 16:01:45 +0000 (17:01 +0100)]
migration: restrict scope of incoming fd read handler
The incoming migration is processed in a coroutine and uses an fd read
handler to enter the yielded coroutine when data becomes available.
The read handler was set too broadly, so that spurious coroutine entries
were be triggered if other coroutine users yielded (like the block
layer's bdrv_write() function).
Install the fd read only only when yielding for more data to become
available. This prevents spurious coroutine entries which break code
that assumes only a specific set of places can re-enter the coroutine.
This patch fixes crashes in block/raw-posix.c that are triggered with
"migrate -b" when qiov becomes a dangling pointer due to a spurious
coroutine entry that frees qiov early.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1360598505-5512-1-git-send-email-stefanha@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Andreas Färber [Mon, 11 Feb 2013 16:41:54 +0000 (17:41 +0100)]
libi2c-omap: Fix endianness dependency
The libqos driver for omap_i2c currently does not work on Big Endian.
Introduce helpers for reading from and writing to 16-bit armel registers.
This fixes tmp105-test failures on ppc.
To prepare for a QTest-level endianness solution, poison mem{read,write}
and always use the helpers. Adopt the expected signatures.
To avoid an unused variable warning, assert the STAT Single Byte Data
bit but, due to it not getting cleared, only it being set when len == 1.
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Message-id: 1360600914-5448-3-git-send-email-afaerber@suse.de Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Andreas Färber [Mon, 11 Feb 2013 16:41:53 +0000 (17:41 +0100)]
qtest: Use strtoull() for uint64_t
On 32-bit hosts, unsigned long may be uint32_t and uint64_t may be
unsigned long long. Account for this by always using strtoull().
We were already using strtoll() for int64_t.
Signed-off-by: Andreas Färber <afaerber@suse.de> Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Message-id: 1360600914-5448-2-git-send-email-afaerber@suse.de Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Andreas Färber [Mon, 11 Feb 2013 17:35:39 +0000 (18:35 +0100)]
libqtest: Fix documentation copy&paste errors
The [qtest_]in[bwl]() functions/macros don't have a value argument.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Message-id: 1360604139-16797-1-git-send-email-afaerber@suse.de Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Stefan Weil [Thu, 7 Feb 2013 19:26:52 +0000 (20:26 +0100)]
block/vpc: Fix size calculation
The size calculated from the CHS values is not the real image (disk) size,
but usually a smaller value. This is caused by rounding effects.
Only older operating systems use CHS. Such guests won't be able to use
the whole disk. All modern operating systems use the real size.
This patch fixes https://bugs.launchpad.net/qemu/+bug/1105670/.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Message-id: 1360265212-22037-1-git-send-email-sw@weilnetz.de Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Return 1 if we have finished sending dirty blocks.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1360534366-26723-4-git-send-email-stefanha@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
/* return value:
* 0: too much data for max_downtime
* 1: few enough data for max_downtime
*/
Because of the 1 return value, callers must check for ret < 0 instead of
just:
if (ret) { ... }
We do not want to bail when 1 is returned, only on error.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1360534366-26723-3-git-send-email-stefanha@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Show the actual flags value and include "block migration" in the error
message so it's clear where the error is coming from.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1360534366-26723-2-git-send-email-stefanha@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
vl: Exit unsuccessfully on option argument syntax error
We exit successfully after reporting syntax error for argument of
--sandbox and --add-fd.
We continue undaunted after reporting it for argument of -boot,
--option-rom and --object.
Change all five to exit unsuccessfully, like the other options.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1360354939-10994-7-git-send-email-armbru@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
qemu_opts_parse() reports the error already, and in a much more useful
way.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1360354939-10994-6-git-send-email-armbru@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
qemu-option: Disable two helpful messages that got broken recently
commit 8be7e7e4 and commit ec7b2ccb messed up the ordering of error
message and the helpful explanation that should follow it, like this:
$ qemu-system-x86_64 --nodefaults -S --vnc :0 --chardev null,id=,
Identifiers consist of letters, digits, '-', '.', '_', starting with a letter.
qemu-system-x86_64: -chardev null,id=,: Parameter 'id' expects an identifier
$ qemu-system-x86_64 --nodefaults -S --vnc :0 --machine kvm_shadow_mem=dunno
You may use k, M, G or T suffixes for kilobytes, megabytes, gigabytes and terabytes.
qemu-system-x86_64: -machine kvm_shadow_mem=dunno: Parameter 'kvm_shadow_mem' expects a size
Pity. Disable them for now.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1360354939-10994-5-git-send-email-armbru@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1360354939-10994-4-git-send-email-armbru@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Use error_printf() instead, so the help gets presented more nicely.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1360354939-10994-3-git-send-email-armbru@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
error: Clean up error strings with embedded newlines
The arguments of error_report() should yield a short error string
without newlines.
A few places try to print additional help after the error message by
embedding newlines in the error string. That's nice, but let's do it
the right way.
Since I'm touching these lines anyway, drop a stray preposition and
some tabs. We don't use tabs for similar messages elsewhere.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1360354939-10994-2-git-send-email-armbru@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Liming Wang [Thu, 7 Feb 2013 06:58:15 +0000 (16:58 +1000)]
xilinx_zynq: Fix wrong IRQ number of the second EHCI controller
The IRQ number of the second EHCI controller should be 76, not 75.
Signed-off-by: Liming Wang <walimisdev@gmail.com> Tested-by: Peter Crosthwaite <peter.crosthwaite@petalogix.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Stefan Hajnoczi [Fri, 8 Feb 2013 07:49:10 +0000 (08:49 +0100)]
block/curl: disable extra protocols to prevent CVE-2013-0249
There is a buffer overflow in libcurl POP3/SMTP/IMAP. The workaround is
simple: disable extra protocols so that they cannot be exploited. Full
details here:
http://curl.haxx.se/docs/adv_20130206.html
QEMU only cares about HTTP, HTTPS, FTP, FTPS, and TFTP. I have tested
that this fix prevents the exploit on my host with
libcurl-7.27.0-5.fc18.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Jesse Larrew [Tue, 5 Feb 2013 23:47:17 +0000 (17:47 -0600)]
hw/virtio-net: disable multiqueue by default
The new multiqueue feature adds fields to the virtio device config, which
breaks Windows guests. Disable the feature by default until the Windows
drivers are fixed.
Signed-off-by: Jesse Larrew <jlarrew@linux.vnet.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Jesse Larrew [Tue, 5 Feb 2013 23:47:16 +0000 (17:47 -0600)]
hw/virtio-net.c: set config size using host features
Currently, the config size for virtio devices is hard coded. When a new
feature is added that changes the config size, drivers that assume a static
config size will break. For purposes of backward compatibility, there needs
to be a way to inform drivers of the config size needed to accommodate the
set of features enabled.
aliguori: merged in
- hw/virtio-net: use existing macros to implement endof
- hw/virtio-net: fix config_size data type
Signed-off-by: Jesse Larrew <jlarrew@linux.vnet.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Michael Roth [Thu, 7 Feb 2013 00:25:48 +0000 (18:25 -0600)]
net: fix infinite loop on exit
1ceef9f27359cbe92ef124bf74de6f792e71f6fb added handling for cleaning
up multiple queues in qemu_del_nic() for cases where multiqueue is in
use. To determine the number of queues it looks at nic->conf->queues,
then iterates through all the queues to cleanup the associated
NetClientStates. If no queues are found, no NetClientStates are deleted.
However, nic->conf->queues is only set when a peer is created via
-netdev or netdev_add, and is otherwise 0. This causes us to spin in
net_cleanup() if we attempt to shut down qemu before adding a host
device.
Since qemu_new_nic() unconditionally creates at least 1
queue/NetClientState at queue idx 0, make qemu_del_nic() always attempt
to clean it up.
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Peter Maydell [Tue, 5 Feb 2013 20:44:23 +0000 (20:44 +0000)]
tests/test-string-input-visitor: Handle errors provoked by fuzz test
It's OK and expected for visitors to return errors when presented with
the fuzz test's random data. Since the fuzzer doesn't care about
errors, we pass in NULL rather than an Error**. This fixes a bug in
the fuzzer where it was passing the same Error** into each visitor,
with the effect that once one visitor returned an error, each later
visitor would notice that it had been passed in an Error** representing
an already set error, and do nothing.
For the case of visit_type_str() we also need to handle the case where
an error means that the visitor doesn't set our char*. We initialize
the pointer to NULL so we can safely g_free() it regardless of whether
the visitor allocated a string for us or not.
This fixes a problem where this test failed the MacOSX malloc()
consistency checks and might segfault on other platforms [due
to calling free() on an uninitialized pointer variable when
visit_type_str() failed.].
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Peter Maydell [Thu, 31 Jan 2013 12:50:40 +0000 (12:50 +0000)]
linux-user: Restore cast to target type in get_user()
Commit 658f2dc97 accidentally dropped the cast to the target type of
the value loaded by get_user(). The most visible effect of this would
be that the sequence "uint64_t v; get_user_u32(v, addr)" would sign
extend the 32 bit loaded value into v rather than zero extending as
would be expected for a _u32 accessor. Put the cast back again to
restore the old behaviour.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Peter Maydell [Sat, 2 Feb 2013 15:13:02 +0000 (15:13 +0000)]
hw/pxa2xx: Fix transposed crn/crm values for pxa2xx cp14 perf regs
When the pxa2xx performance counter related cp14 registers were converted
from a switch-statement implementation to the new table driven cpregs
format in commit dc2a9045c, the crn and crm values for all these
registers were accidentally transposed. Fix this mistake, which was
causing OpenBSD for Zaurus to fail to boot.
Reported-by: Jonathan Gray <jsg@jsg.id.au> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Anthony Liguori [Wed, 6 Feb 2013 22:36:16 +0000 (16:36 -0600)]
Merge remote-tracking branch 'stefanha/tracing' into staging
# By Markus Armbruster
# Via Stefan Hajnoczi
* stefanha/tracing:
trace: Fix location of simpletrace.py in docs
trace: Clean up the "try to update atomic until it worked" loops
trace: Direct access of atomics is verboten, use the API
trace: Fix simple trace dropped event record for big endian
Anthony Liguori [Wed, 6 Feb 2013 22:36:11 +0000 (16:36 -0600)]
Merge remote-tracking branch 'stefanha/trivial-patches' into staging
# By Michael Tokarev (1) and Stefan Weil (1)
# Via Stefan Hajnoczi
* stefanha/trivial-patches:
vnc: recognize Hungarian doubleacutes
target-m68k: Fix comment
As a general rule, HMP commands must be built on top of the QMP API.
Luiz and others have worked long & hard to make HMP conform to this
rule.
Commit f1088908 added chardev-add, in violation of this rule. QMP
command chardev-add was added right before, with minimal features, and
the idea to complete it step by step, then switch over the HMP command
to use it.
Unfortunately, we're not there, yet, and we don't want to release with
chardev-add in a "HMP is more powerful than QMP" state.
Disable the HMP command for now, along with its chardev-remove buddy.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
qemu-char: Saner naming of memchar stuff & doc fixes
New device, has never been released, so we can still improve things
without worrying about compatibility.
Naming is a mess. The code calls the device driver CirMemCharDriver,
the public API calls it "memory", "memchardev", or "memchar", and the
special commands are named like "memchar-FOO". "memory" is a
particularly unfortunate choice, because there's another character
device driver called MemoryDriver. Moreover, the device's distinctive
property is that it's a ring buffer, not that's in memory. Therefore:
* Rename CirMemCharDriver to RingBufCharDriver, and call the thing a
"ringbuf" in the API.
* Rename QMP and HMP commands from memchar-FOO to ringbuf-FOO.
* Rename device parameter from maxcapacity to size (simple words are
good for you).
* Clearly mark the parameter as optional in documentation.
* Fix error reporting so that chardev-add reports to current monitor,
not stderr.
* Replace cirmem in C identifiers by ringbuf.
* Rework documentation. Document the impact of our crappy UTF-8
handling on reading.
* QMP examples that even work.
I could split this up into multiple commits, but they'd change the
same documentation lines multiple times. Not worth it.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Inline trivial cirmem_chr_is_empty() into its only caller.
Rename qemu_chr_cirmem_count() to cirmem_count().
Fast ring buffer index wraparound. Without this, there's no point in
restricting size to a power two.
qemu_is_chr(chr, "memory") returns *zero* when chr is a memory
character device, which isn't what I'd expect. Replace it by the
saner and more obviously correct chr_is_cirmem(). Also avoids
encouraging testing for specific character devices elsewhere.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Since these values can possibly be sent from guest (for hw/9pfs), do a sanity check
on them. A 9p write request with 0 bytes caused qemu to abort without this patch
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>