Paolo Bonzini [Tue, 14 Jul 2009 16:07:50 +0000 (18:07 +0200)]
honor -S on incoming migration
-S is not honored by qemu on incoming migration. If a domain is migrated
while paused, thus, it will start running on the remote machine; this
is wrong.
Given the trivial patch to fix this, it looks more like a thinko
than anything else, probably dating back to the qemu-kvm merge.
The interesting part is that the -S mechanism was in fact *used* when
migrating (setting autostart = 0) and the incoming migration code was
starting the VM at the end of the migration.
Since I was removing the vm_start from there, I also corrected a related
imprecision. The code was doing a vm_stop "just in case", but we can
be sure that the VM is not running---the vm_start call in vl.c has not
been reached yet. So the vm_stop is removed together with the vm_start.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Glauber Costa [Mon, 6 Jul 2009 13:32:09 +0000 (09:32 -0400)]
flush pending aio requests
When we finish migration, there may be pending async io requests
in flight. If we don't flush it before stage3 starting, it might be
the case that the guest loses it.
Signed-off-by: Glauber Costa <glommer@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Mark McLoughlin [Wed, 1 Jul 2009 15:46:38 +0000 (16:46 +0100)]
Don't leak VLANClientState on PCI hot remove
destroy_nic() requires that NICInfo::private by a PCIDevice pointer,
but then goes on to require that the same pointer matches
VLANClientState::opaque.
That is no longer the case for virtio-net since qdev and wasn't
previously the case for rtl8139, ne2k_pci or eepro100.
Make the situation a lot more clear by maintaining a VLANClientState
pointer in NICInfo.
Signed-off-by: Mark McLoughlin <markmc@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Jan Kiszka [Sat, 27 Jun 2009 07:59:40 +0000 (09:59 +0200)]
sdl: Fix memory leakage
Valgrind was so kind to remark that no one bothers to release keycodes
after use and that something is fishy about cleaning up the requested
keyboard descriptor. With this patch applied, we no longer leak about
12k during startup.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Eduardo Habkost [Mon, 25 May 2009 21:20:05 +0000 (18:20 -0300)]
Fix vga_screen_dump_blank() PPM generation
vga_screen_dump_blank() was not generating a valid PPM file: the width of the
image made no sense (why it was multiplied by sizeof(uint32_t)?), and there was
only one sample per pixel, instead of three.
Mark McLoughlin [Wed, 27 May 2009 09:06:11 +0000 (10:06 +0100)]
Prevent CD-ROM media eject while device is locked
Section 10.8.25 ("START/STOP UNIT Command") of SFF-8020i states that
if the device is locked we should refuse to eject if the device is
locked.
ASC_MEDIA_REMOVAL_PREVENTED is the appropriate return in this case.
In order to stop itself from ejecting the media it is running from,
Fedora's installer (anaconda) requires the CDROMEJECT ioctl() to fail
if the drive has been previously locked.
Jan Kiszka [Sat, 30 May 2009 08:01:45 +0000 (10:01 +0200)]
kvm: Fix IRQ injection into full queue
User space may only inject interrupts during kvm_arch_pre_run if
ready_for_interrupt_injection is set in kvm_run. But that field is
updated on exit from KVM_RUN, so we must ensure that we enter the
kernel after potentially queuing an interrupt, otherwise we risk to
loose one - like it happens with the current code against latest
kernel modules (since kvm-86) that started to queue only a single
interrupt.
Fix the problem by reordering kvm_cpu_exec.
Credits go to Gleb Natapov for analyzing the issue in details.
Nitin A Kamble [Thu, 4 Jun 2009 21:29:50 +0000 (14:29 -0700)]
QEMU KVM: i386: Fix the cpu reset state
As per the IA32 processor manual, the accessed bit is set to 1 in the
processor state after reset. qemu pc cpu_reset code was missing this
accessed bit setting.
Andrea Arcangeli [Mon, 15 Jun 2009 11:52:27 +0000 (13:52 +0200)]
fix qemu_aio_flush
qemu_aio_wait by invoking the bh or one of the aio completion
callbacks, could end up submitting new pending aio, breaking the
invariant that qemu_aio_flush returns only when no pending aio is
outstanding (possibly a problem for migration as such).
Uri Lublin [Mon, 8 Jun 2009 11:28:01 +0000 (14:28 +0300)]
migrate_fd_close: delete associated io-handler before closing the fd
It may happen that the io-handler is still registered. That causes
select() to return with EBADF, not calling handlers for other fds.
The io-handler would be registered when (on the source) the whole state
was written but not yet flushed. For example when using QEMUFileBuffered,
(tcp-migration) there may be data left in a buffer waiting to be transferred.
In such a case buffered_close() calls buffered_flush() which calls
migrate_fd_put_buffer, which may, upon EAGAIN, register migrate_fd_put_notify
as a handler.
Jason Wessel [Mon, 18 May 2009 15:00:27 +0000 (10:00 -0500)]
serial: fix lost character after sysrq
After creating an automated regression test to test the sysrq
responses while running a linux image in qemu, I found that the
simulated uart was eating the character right after the sysrq about
75% of the time.
The problem is that the qemu sets the LSR_DR (data ready) bit on a
serial break. The automated tests can send a break and the sysrq
character quickly enough that the qemu serial fifo has a real
character available. When there is valid character in the fifo, it
gets consumed by the serial driver in the guest OS.
The real hardware also appears to set the LSR_DR but always appears to
have a null byte in this condition. This patch changes the qemu
behavior to match the tested characteristics of a real 16550 chip.
Signed-off-by: Jason Wessel <jason.wessel@windriver.com> Signed-off-by: Glauber Costa <glommer@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
In case no symbolic name is provided when requesting VLAN connection via
listening TCP socket ('-net socket,listen=...'), qemu crashes. This
fixes the cause.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> Signed-off-by: Glauber Costa <glommer@redhat.com>
Chris Lalancette [Mon, 25 May 2009 14:38:23 +0000 (16:38 +0200)]
Allow monitor interaction when using migrate -exec
All,
I've recently been playing around with migration via exec. Unfortunately,
when starting the incoming qemu process with "-incoming exec:cmd", it suffers
the same problem that -incoming tcp used to suffer; namely, that you can't
interact with the monitor until after the migration has happened. This causes
problems for libvirt usage of -incoming exec, since libvirt expects to be able
to access the monitor ahead of time. This fairly simple patch allows you to
access the monitor both before and after the migration has completed using exec.
(note: developed/tested with qemu-kvm, but applies perfectly fine to qemu)
Signed-off-by: Chris Lalancette <clalance@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
raw_pread_aligned currently returns the raw return value from
lseek/read, which is always -1 in case of an error. But the
callers higher up the stack expect it to return the negated
errno just like raw_pwrite_aligned.
Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Pointer vs addresses a VncDisplay structure,
so it is sufficient to allocate sizeof(VncDisplay)
or sizeof(*vs) bytes instead of the much larger
sizeof(VncState).
Maybe the misleading name should be fixed, too:
the code contains many places where vs is used,
sometimes it is a VncState *, sometimes it is a
VncDisplay *. vd would be a better name.
Signed-off-by: Stefan Weil <weil@mail.berlios.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Kevin Wolf [Sat, 23 May 2009 09:21:33 +0000 (11:21 +0200)]
e1000: Ignore reset command
When a reset is requested, the current e1000 emulation never clears the
reset bit which may cause a driver to hang. This patch masks the reset
bit out when setting the control registert, so the reset is immediately
completed.
Signed-off-by: Kevin Wolf <mail@kevin-wolf.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Mark McLoughlin [Wed, 20 May 2009 18:36:18 +0000 (15:36 -0300)]
kvm: work around supported cpuid ioctl() brokenness
KVM_GET_SUPPORTED_CPUID has been known to fail to return -E2BIG
when it runs out of entries. Detect this by always trying again
with a bigger table if the ioctl() fills the table.
Signed-off-by: Mark McLoughlin <markmc@redhat.com> Signed-off-by: Glauber Costa <glommer@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Anthony Liguori [Wed, 20 May 2009 18:36:17 +0000 (15:36 -0300)]
Remove noisy printf when KVM masks CPU features
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> Signed-off-by: Glauber Costa <glommer@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Avi Kivity [Wed, 20 May 2009 18:36:16 +0000 (15:36 -0300)]
kvm: Trim cpu features not supported by kvm
Remove cpu features that are not supported by kvm from the cpuid features
reported to the guest.
Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> Signed-off-by: Glauber Costa <glommer@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Avi Kivity [Wed, 20 May 2009 18:36:15 +0000 (15:36 -0300)]
Fix x86 feature modifications for features that set multiple bits
QEMU allows adding or removing cpu features by using the syntax '-cpu +feature'
or '-cpu -feature'. Some cpuid features cause more than one bit to be set or
cleared; but QEMU stops after just one bit has been modified, causing the
feature bits to be inconsistent.
Fix by allowing all feature bits corresponding to a given name to be set.
Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> Signed-off-by: Glauber Costa <glommer@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Avi Kivity [Wed, 20 May 2009 18:36:14 +0000 (15:36 -0300)]
Make x86 cpuid feature names available in file scope
To be used later.
Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> Signed-off-by: Glauber Costa <glommer@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Avi Kivity [Wed, 20 May 2009 18:36:13 +0000 (15:36 -0300)]
kvm: Add support for querying supported cpu features
kvm does not support all cpu features; add support for dunamically querying
the supported feature set.
Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> Signed-off-by: Glauber Costa <glommer@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Anthony Liguori [Wed, 20 May 2009 18:36:12 +0000 (15:36 -0300)]
Introduce kvm_check_extension to check if KVM extensions are supported
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> Signed-off-by: Glauber Costa <glommer@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
When qemu is run under valgrind, valgrind shows the following output
on exit:
==3648== 1 errors in context 2 of 2:
==3648== Syscall param timer_create(evp) points to uninitialised byte(s)
==3648== at 0x54E936A: timer_create (in /lib/librt-2.9.so)
==3648== by 0x405DCF: dynticks_start_timer (vl.c:1549)
==3648== by 0x40A966: main (vl.c:1726)
==3648== Address 0x7fefffb34 is on thread 1's stack
==3648== Uninitialised value was created by a stack allocation
==3648== at 0x405D60: dynticks_start_timer (vl.c:1534)
This patch is a simple fix to remove this potential problem.
Signed-off-by: Jean-Christophe DUBOIS <jcd@tribudubois.net> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
==3648== Process terminating with default action of signal 11 (SIGSEGV)
==3648== Access not within mapped region at address 0x8
==3648== at 0x40636B: host_alarm_handler (vl.c:1345)
==3648== by 0x52D807F: (within /lib/libpthread-2.9.so)
==3648== by 0x5C0A12E: tcsetattr (in /lib/libc-2.9.so)
==3648== by 0x4DD601: term_exit (qemu-char.c:700)
==3648== by 0x5B636EC: exit (in /lib/libc-2.9.so)
==3648== by 0x5B4B5AC: (below main) (in /lib/libc-2.9.so)
This simple fix check for a valid pointer as host_alarm_handler is
also called after alarm_timer is released in the exit path.
Signed-off-by: Jean-Christophe DUBOIS <jcd@tribudubois.net> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Hollis Blanchard [Tue, 19 May 2009 20:08:25 +0000 (15:08 -0500)]
remove gcc 3.x requirement from documentation
This text is no longer accurate. After the patch is applied, the
generated version at http://www.nongnu.org/qemu/qemu-doc.html should be
regenerated.
This patch is also a candidate for the stable branch. (The URL above is
probably generated from the stable branch anyways, so maybe it goes
without saying.)
Signed-off-by: Hollis Blanchard <hollisb@us.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
aliguori [Sat, 28 Mar 2009 16:11:25 +0000 (16:11 +0000)]
Fix DMA API when handling an immediate error from block layer (Avi Kivity)
The block layer may signal an immediate error on an asynchronous request
by returning NULL. The DMA API did not handle this correctly, returning
an AIO request which would never complete (and which would crash if
cancelled).
Fix by detecting the failure and propagating it.
Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6893 c046a42c-6fe2-441c-8c8c-71466251a162
If a bounced vectored aio fails immediately (the inner aio submission
returning NULL) then the bounce handler erronously returns an aio
request which will never be completed (and which crashes when cancelled).
Fix by detecting that the inner request has failed and propagating the
error.
Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6892 c046a42c-6fe2-441c-8c8c-71466251a162
aliguori [Fri, 20 Mar 2009 18:26:12 +0000 (18:26 +0000)]
Use vectored aiocb storage to store vector translation state (Avi Kivity)
Now that we have a dedicated acb pool for vector translation acbs, we can
store the vector translation state in the acbs instead of in an external
structure.
Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6873 c046a42c-6fe2-441c-8c8c-71466251a162
Glauber Costa [Fri, 8 May 2009 05:22:13 +0000 (02:22 -0300)]
reset state for load_linux
The linux loader is just an option rom like any other, just with
some special requirements. Right now, our option rom resetting
mechanism is not being applied to it. As a result, users using
-kernel will not be able to successfully reboot their machines
This patch fixes it by saving all the data we generated in
the load_linux() function, to be used later by the option rom
resetting mechanism.
This also includes Mark's fix for -kernel
Signed-off-by: Glauber Costa <glommer@redhat.com> Signed-off-by: Mark McLoughlin <markmc@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The problem is that we're passing the ROM's ram_addr_t to
load_linux() rather than its target_phys_addr_t. We also
need to register the memory before trying to write to
it.
Signed-off-by: Mark McLoughlin <markmc@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Kevin Wolf [Fri, 8 May 2009 12:47:24 +0000 (14:47 +0200)]
Improve block range checks
This patch makes the range checks for block requests more strict: It fixes a
potential integer overflow and checks for negative offsets. Also, it adds the
check for compressed writes.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Alexander Graf [Wed, 6 May 2009 00:58:48 +0000 (02:58 +0200)]
AIO deletion race fix
When deleting an fd event there is a chance the object doesn't get
deleted, but only ->deleted set positive and deleted somewhere later.
Now, if we create a handler for the fd again before the actual
deletion occurs, we end up writing data into an object that has
->deleted set, which is obviously wrong.
I see two ways to fix this:
1. Don't return ->deleted objects in the search
2. Unset ->deleted in the search
This patch implements 1. which feels safer to do. It fixes AIO issues
I've seen with curl, as libcurl unsets fd event listeners pretty
frequently.
Signed-off-by: Alexander Graf <alex@csgraf.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Glauber Costa [Fri, 8 May 2009 05:22:13 +0000 (02:22 -0300)]
reset state for load_linux
The linux loader is just an option rom like any other, just with
some special requirements. Right now, our option rom resetting
mechanism is not being applied to it. As a result, users using
-kernel will not be able to successfully reboot their machines
This patch fixes it by saving all the data we generated in
the load_linux() function, to be used later by the option rom
resetting mechanism.
Signed-off-by: Glauber Costa <glommer@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Glauber Costa [Fri, 8 May 2009 05:22:12 +0000 (02:22 -0300)]
register reset handler for option_roms
Currently, boot options are not preserved across a system reset.
option roms can modify themselves, or can for instance restore the real
int 0x19 vector after they tried to boot from it.
To properly do that, we need a reset handler registered to deal with option
roms. This patch is based on current version on qemu-kvm.git
Signed-off-by: Glauber Costa <glommer@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
aliguori [Fri, 20 Mar 2009 18:26:07 +0000 (18:26 +0000)]
Implement cancellation method for dma async I/O (Avi Kivity)
Move the dma helpers to a private aio pool, and implement a cancellation
method for them. Should prevent issues when cancelling I/O while dma is
in progress.
Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6872 c046a42c-6fe2-441c-8c8c-71466251a162
aliguori [Fri, 20 Mar 2009 18:25:59 +0000 (18:25 +0000)]
Refactor aio callback allocation to use an aiocb pool (Avi Kivity)
Move the AIOCB allocation code to use a dedicate structure, AIOPool. AIOCB
specific information, such as the AIOCB size and cancellation routine, is
moved into the pool.
At present, there is exactly one pool per block format driver, maintaining
the status quo.
Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6870 c046a42c-6fe2-441c-8c8c-71466251a162
Alex Williamson [Wed, 14 May 2008 16:38:46 +0000 (10:38 -0600)]
Fix hw/acpi.c build w/ DEBUG enabled
Trivial build warning/fixes when the local DEBUG define is enabled.
Signed-off-by: Alex Williamson <alex.williamson@hp.com> Signed-off-by: Avi Kivity <avi@qumranet.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Chris Wright [Mon, 21 Apr 2008 23:02:48 +0000 (16:02 -0700)]
Pci nic: pci_register_device can fail
The pci_register_device() call in PCI nic initialization routines can
fail. Handle this failure and propagate a meaningful error message to
the user instead of generating a SEGV.
Cc: Marcelo Tosatti <mtosatti@redhat.com> Signed-off-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Avi Kivity <avi@qumranet.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Glauber Costa [Thu, 23 Apr 2009 19:20:55 +0000 (15:20 -0400)]
suport device driver initialization model
According to PnP specification, Appendix B, Option ROMs
that support DDIM (device driver initialization model) should
have their memory space writeable.
KVM deviates from us here, by removing the IO_MEM_ROM flag,
to allow for PCI option ROMs (they require DDIM). However,
there's absolutely no reason we can't do the same.
Signed-off-by: Glauber Costa <glommer@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Jan Kiszka [Sun, 26 Apr 2009 16:03:40 +0000 (18:03 +0200)]
kvm: Avoid COW if KVM MMU is asynchronous
Avi Kivity wrote:
> Suggest wrapping in a function and hiding it deep inside kvm-all.c.
>
Done in v2:
---------->
If the KVM MMU is asynchronous (kernel does not support MMU_NOTIFIER),
we have to avoid COW for the guest memory. Otherwise we risk serious
breakage when guest pages change there physical locations due to COW
after fork. Seen when forking smbd during runtime via -smb.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
block-vpc: Don't silently create smaller image than requested (Kevin Wolf)
The algorithm from the VHD specification for CHS calculation silently limits
images to 127 GB which may confuse a user who requested a larger image. Better
output an error message and abort.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/branches/stable_0_10@7183 c046a42c-6fe2-441c-8c8c-71466251a162
hpet: Fix emulation of HPET_TN_SETVAL (Jan Kiszka)
While Intel's spec is not that clear here, latest changes to Linux' HPET
code (commit c23e253e67c9d8a91a0ffa33c1f571a17f0a2403, "x86: hpet: stop
HPET_COUNTER when programming periodic mode") strongly suggest that
HPET_TN_SETVAL rather means: Set _both_ the comparator value and
register.
With this patch applied, I'm again able to boot 2.6.30-rc kernels as
they no longer panic like this (which was due to the comparator
register remaining 0):
ENABLING IO-APIC IRQs
..TIMER: vector=0x30 apic1=0 pin1=2 apic2=-1 pin2=-1
..MP-BIOS bug: 8254 timer not connected to IO-APIC
...trying to set up timer (IRQ0) through the 8259A ...
..... (found apic 0 pin 2) ...
....... failed.
...trying to set up timer as Virtual Wire IRQ...
..... failed.
...trying to set up timer as ExtINT IRQ...
..... failed :(.
Kernel panic - not syncing: IO-APIC + timer doesn't work! [...]
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/branches/stable_0_10@7171 c046a42c-6fe2-441c-8c8c-71466251a162
Fix (more or less) spurious guest boot failures due to corrupted cpuid
states. The reason was insufficient initialization of cpuid entries
before passing them to the kernel.
At this chance also fix improper entry pointer progression and simplify
the code a bit.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/branches/stable_0_10@7170 c046a42c-6fe2-441c-8c8c-71466251a162
This patch fixes a qcow2 corruption bug introduced in SVN Rev 5861. L2 tables
are big endian, so entries must be converted before being passed to functions.
This bug is easy to trigger. The following script will create and destroy a
qcow2 image (the header is gone after three loop iterations):
#!/bin/bash
qemu-img create -f qcow2 test.qcow 1M
for i in $(seq 1 10); do
qemu-system-x86_64 -hda test.qcow -monitor stdio > /dev/null 2>&1 <<EOF
savevm test-$i
quit
EOF
done
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/branches/stable_0_10@7166 c046a42c-6fe2-441c-8c8c-71466251a162
Free VLANClientState using qemu_free() (Mark McLoughlin)
It's allocated using qemu_mallocz(), so ...
The name and model strings are strdup() allocated, so free()
is still appropriate for them.
Reported-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Mark McLoughlin <markmc@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/branches/stable_0_10@7161 c046a42c-6fe2-441c-8c8c-71466251a162
Don't fail PCI hotplug if no NIC model is supplied (Mark McLoughlin)
It's perfectly fine to not supply a NIC model when adding
a new NIC - we supply the default model to pci_nic_init()
and it uses that if one wasn't explicitly supplied.
Signed-off-by: Mark McLoughlin <markmc@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/branches/stable_0_10@7155 c046a42c-6fe2-441c-8c8c-71466251a162
The vga screen dump function updates last_width and last_height,
but does not change the DisplaySurface that these variables describe.
A consequent vga_draw_graphic() will therefore fail to resize the
surface and crash.
Fix by invalidating the display state after a screen dump, forcing
vga_draw_graphic() to reallocate the DisplaySurface.
Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/branches/stable_0_10@7069 c046a42c-6fe2-441c-8c8c-71466251a162
We now enforce that you cannot write beyond the end of a non-growable file.
qcow2 files are not growable but we rely on them being growable to do
savevm/loadvm. Temporarily allow them to be growable by introducing a new
API specifically for savevm read/write operations.
Reported-by: malc Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/branches/stable_0_10@7005 c046a42c-6fe2-441c-8c8c-71466251a162
stop dirty tracking just at the end of migration (Glauber Costa)
If there is still work to do, it is not safe to assume we
can end the dirty tracking. Specifically, kvm can update the dirty
tracking log inside ram_save_block(), leaving pages still out of sync
if we go with the current code.
Based on a patch by Yaniv Kamay
Signed-off-by: Glauber Costa <glommer@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/branches/stable_0_10@7002 c046a42c-6fe2-441c-8c8c-71466251a162