Juergen Lock [Tue, 12 Jan 2010 22:48:04 +0000 (23:48 +0100)]
Workaround for broken OSS_GETVERSION on FreeBSD, part two
Turns out on those versions of FreeBSD (>= 7.x) that know OSS_GETVERSION
the ioctl doesn't actually work yet (except in the Linuxolator), so if
building on FreeBSD assume the sound drivers are new enough if the ioctl
returns the errno it does currently on FreeBSD.
Stefan Hajnoczi [Wed, 21 Apr 2010 19:35:45 +0000 (20:35 +0100)]
block: Free iovec arrays allocated by multiwrite_merge()
A new iovec array is allocated when creating a merged write request.
This patch ensures that the iovec array is deleted in addition to its
qiov owner.
Reported-by: Leszek Urbanski <tygrys@moo.pl> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 1e1ea48d42e011b9bdd0d689d184e7cac4617b66)
Gerd Hoffmann [Wed, 6 Jan 2010 16:08:04 +0000 (17:08 +0100)]
lsi: pass lsi_request to lsi_reselect
All callers of lsi_reselect have a lsi_request struct at hand anyway.
So just pass it directly instead of having lsi_reselect search for it
using the tag.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit aa4d32c4742e62e09786bd1067a5b98239867e93)
Gerd Hoffmann [Wed, 6 Jan 2010 16:08:01 +0000 (17:08 +0100)]
lsi: have lsi_request for the whole life time of the request.
Right now lsi_request is allocated when a request is queued and released
when a request is unqueued. With this patch applied the lsi_request is
kept for the whole lifetime of the scsi request.
Rationale: We can use it for per-request data then. The patch does that
already for the request tag.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit af12ac9880eacdd79d49a11d5672df7170afb38f)
Stefan Weil [Fri, 9 Apr 2010 15:28:40 +0000 (17:28 +0200)]
tcp/mips: Change TCG_AREG0 (fp -> s0)
Register fp (frame pointer) is a bad choice for compilations
without optimisation, because the compiler makes heavy use
of this register (so the resulting code crashes).
Register s0 had been used for TCG_AREG1 in earlier releases,
but was no longer used and is now free for TCG_AREG0.
The resulting code works for compilations without
optimisation (tested with qemu mips in qemu mips
on x86 host).
Signed-off-by: Stefan Weil <weil@mail.berlios.de> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Since commit 8da3ff180974732fc4272cb4433fef85c1822961 ("MMIO callback
interface changes"), the addresses passed to the I/O functions are an
offset to the start of the area. As a consequence, there is no need to
correct the address using the value of IOBR. This make possible the use
of the default MMIO functions. Moreover the addresses are now remaped
when the value if IOBR change.
The memory area corresponds to the devices behing the PCI bus, it should
not be mapped by the PCI controller. Remove the corresponding code.
Chris Webb [Mon, 8 Mar 2010 14:34:49 +0000 (14:34 +0000)]
Fix SIGFPE for vnc display of width/height = 1
During boot, the screen gets resized to height 1 and a mouse click at this
point will cause a division by zero when calculating the absolute pointer
position from the pixel (x, y). Return a click in the middle of the screen
instead in this case.
Signed-off-by: Chris Webb <chris@arachsys.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit cc39a92cbfc80c70d2b83708a4c9b309c3126ac3)
1) It is broken when using the device model instead of "-net nic". Example:
$ qemu-system-x86_64 -device rtl8139,vlan=0,id=net0,mac=52:54:00:82:41:fd,bus=pci.0,addr=0x4 -net user,vlan=0,name=hostnet0 -vnc 0.0.0.0:0 -boot n
Cannot boot from non-existent NIC
$
2) The mask was previously used to set which boot ROMs were supposed to be
loaded, but this was changed long time ago. Now all ROM images are loaded,
and SeaBIOS takes care of jumping to the right boot entry point depending on
the boot settings.
3) Interpretation and validation of the boot parameter letters is done on
the machine type code. Examples: PC accepts only a,b,c,d,n as valid boot
device letters. mac99 accepts only a,b,c,d,e,f.
As a side-effect of this change, qemu-kvm won't abort anymore if using "-boot n"
on a machine with no network devices. Checking if the requested boot device is
valid is now a task for the BIOS or the machine-type code.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Acked-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry-picked from da1fcfda59a6bcbdf58d49243fbced455f2bf78a)
Kevin Wolf [Tue, 6 Apr 2010 13:30:14 +0000 (15:30 +0200)]
qcow2: Remove request from in-flight list after error
If we complete a request with a failure we need to remove it from the list of
requests that are in flight. If we don't do it, the next time the same AIOCB is
used for a cluster allocation it will create a loop in the list and qemu will
hang in an endless loop.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit c644db3d53c90ef569ff5a90e9f821b88e7123bb)
Kevin Wolf [Tue, 6 Apr 2010 13:30:09 +0000 (15:30 +0200)]
qcow2: Don't ignore immediate read/write failures
Returning -EIO is far from optimal, but at least it's an error code.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 171e3d6b9997c98a97d0c525867f7cd9b640cadd)
Kevin Wolf [Tue, 6 Apr 2010 16:24:07 +0000 (18:24 +0200)]
block: Fix multiwrite memory leak in error case
Previously multiwrite_user_cb was never called if a request in the multiwrite
batch failed right away because it did set mcb->error immediately. Make it look
more like a normal callback to fix this.
Reported-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 7eb58a6c556c3880e6712cbf6d24d681261c5095)
Kevin Wolf [Tue, 6 Apr 2010 16:24:06 +0000 (18:24 +0200)]
block: Fix error code in multiwrite for immediate failures
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 0f0b604b00851f2c7160b4195136c1fd27418088)
Kevin Wolf [Thu, 1 Apr 2010 20:48:44 +0000 (22:48 +0200)]
block: Fix multiwrite error handling
When two requests of the same multiwrite batch fail, the callback of all
requests in that batch were called twice. This could have any kind of nasty
effects, in my case it lead to use after free and eventually a segfault.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit cb6d3ca07b8f62b47ef30c6a92caa3e8bd71248b)
Gerd Hoffmann [Wed, 10 Mar 2010 16:47:17 +0000 (17:47 +0100)]
scsi-disk: fix buffer overflow
In case s->version is shorter than 4 bytes we overflow the memcpy src
buffer. Fix it by clearing the target buffer, then copy only the
amount of bytes we actually have.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from 314b1811c15f4e982e4667d9b845aee4b5a63d91)
The current implementation of alloc_refcount_block and grow_refcount_table has
fundamental problems regarding error handling. There are some places where an
I/O error means that the image is going to be corrupted. I have found that the
only way to fix this is to completely rewrite the thing.
In detail, the problem is that the refcount blocks itself are allocated using
alloc_refcount_noref (to avoid endless recursion when updating the refcount of
the new refcount block, which migh access just the same refcount block but its
allocation is not yet completed...). Only at the end of the refcount allocation
the refcount of the refcount block is increased. If an error happens in
between, the refcount block is in use, but has a refcount of zero and will
likely be overwritten later.
The new approach is explained in comments in the code. The trick is basically
to let new refcount blocks describe their own refcount, so their refcount will
be automatically changed when they are hooked up in the refcount table.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 92dcb59fd4e1491afa0756ee9c2594869b487d23)
Kevin Wolf [Tue, 23 Feb 2010 15:40:52 +0000 (16:40 +0100)]
qcow2: Factor next_refcount_table_size out
When the refcount table grows, it doesn't only grow by one entry but reserves
some space for future refcount blocks. The algorithm to calculate the number of
entries stays the same with the fixes, so factor it out before replacing the
rest.
As Juan suggested take the opportunity to simplify the code a bit.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 05121aedc41f87e44e41e9cef55f2e49ce7ba94e)
block: avoid creating too large iovecs in multiwrite_merge
If we go over the maximum number of iovecs support by syscall we get
back EINVAL from the kernel which translate to I/O errors for the guest.
Add a MAX_IOV defintion for platforms that don't have it. For now we use
the same 1024 define that's used on Linux and various other platforms,
but until the windows block backend implements some kind of vectored I/O
it doesn't matter.
Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit e2a305fb13ff0f5cf6ff805555aaa90a5ed5954c)
Kevin Wolf [Wed, 24 Feb 2010 15:17:58 +0000 (16:17 +0100)]
json-parser: Fix segfault on malformed input
If the parser fails to parse the key in parse_pair, it will access a NULL
pointer. A simple way to trigger this is sending {foo} via QMP. This patch
turns the segfault into a syntax error reply.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit d758d90fe1f74a46042fca665036a23b4d5fe87d)
Aurelien Jarno [Mon, 1 Feb 2010 18:58:46 +0000 (19:58 +0100)]
target-sh4: MMU: fix mem_idx computation
The mem_idx is wrongly computed. As written in target-sh4/cpu.h, mode 0
corresponds to kernel mode (SR_MD = 1), while mode 1 corresponds to user
mode (SR_MD = 0).
The TCG code is called through a procedure call using the prologue
and epilogue code. This code does not save and restore enough registers.
The "Procedure Call Standard for the ARM Architecture" says:
A subroutine must preserve the contents of the registers r4-r8, r10,
r11 and SP (and r9 in PCS variants that designate r9 as v6).
The current code only saves and restores r9 to r11, and misses r4 to
r8. The patch fixes that by saving r4 to r12. Theoretically there is
no need to save and restore r12, but an even number of registers have
to be saved as per EABI.
workaround for cmd646 bmdma register access while no dma is active
This is a workaround only, and is a partial revert
of a few changes to BMDMAState which removed pci_dev
field on the way.
- cmd646 pci_from_bm() expects bm->unit value to
correspond with bm data being passed to callback
as opaque pointer. This breaks when write to dma
control register of second channel happens when no
dma operation is in progress, so bm->unit is zero
for second channel, and pci_from_bm() returns garbage
pointer. Crash happens shortly after that while
dereferencing that pointer.
v0->v1: cleaned up dead code from pci_from_bm.
Signed-off-by: Igor V. Kovalenko <igor.v.kovalenko@gmail.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit 90228ee395b71cdd64e6bc844e3d553eb9ef643f)
Gerd Hoffmann [Wed, 10 Mar 2010 16:30:29 +0000 (17:30 +0100)]
fdc: fix drive property handling.
Fix the floppy controller init wrappers to set the drive properties
only in case the DriveInfo pointers passed in are non NULL. This allows
to set the properties using -global.
Aurelien Jarno [Sat, 6 Mar 2010 17:02:31 +0000 (18:02 +0100)]
target-i386: fix SIB decoding with index = 4
A SIB byte with an index of 4 means "no scaled index", even if the scale
value is not 0. In 64-bit mode, if REX.X is used, an index of 4 selects
%r12. This is correctly handled by the computation of the index variable,
which includes the index bits, and also the REX.X prefix:
index = ((code >> 3) & 7) | REX_X(s);
Thanks to Avi Kivity, Jamie Lokier and Malc for the analysis of the
problem and the initial patch.
Ryan Harper [Tue, 23 Feb 2010 15:13:14 +0000 (09:13 -0600)]
Fix segfault with ram_size > 4095M without kvm
Currently, x86_64-softmmu qemu segfaults when trying to use > 4095M memsize.
This patch adds a simple check and error message (much like the 2047 limit on
32-bit hosts) on ram_size in the control path after we determine we're
not using kvm
Upstream qemu-kvm is affected if using the -no-kvm option; this patch address
the segfault there as well.
Signed-off-by: Ryan Harper <ryanh@us.ibm.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Paolo Bonzini [Thu, 4 Feb 2010 13:31:50 +0000 (14:31 +0100)]
fix undefined shifts by >32
This one is for 0.12 too.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit 0dfbd514460045e3af1ed6805ab97ffedbbd1ab2)
Kevin Wolf [Tue, 16 Feb 2010 14:54:49 +0000 (15:54 +0100)]
qcow2: Fix access after end of array
If a write requests crosses a L2 table boundary and all clusters until the
end of the L2 table are usable for the request, we must not look at the next
L2 entry because we already have arrived at the end of the array.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 4805bb66969622f86376191c94c4748bce91e6be)
net: Monitor command set_link finds only VLAN clients, fix
Clients not associated with a VLAN exist since commit d80b9fc6.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 2583ba97ef1de6040b7d0afd2b66737515de5423)
Clients not associated with a VLAN exist since commit d80b9fc6.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit a0104e0ec7939781d79ca4b54ebedd5fd3360151)
net: net_check_clients() checks only VLAN clients, fix
Clients not associated with a VLAN exist since commit d80b9fc6.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit efe32fdde15e5764cfbc68cb2d61737681b1e096)
net: Fix bogus "Warning: vlan 0 with no nics" with -device
net_check_clients() prints this when an VLAN has host devices, but no
guest devices. It uses VLANState members nb_guest_devs and
nb_host_devs to keep track of these devices. However, -device does
not update nb_guest_devs, only net_init_nic() does that, for -net nic.
Check the VLAN clients directly, and remove the counters.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 62112d181ca33fea976100c4335dfc3e2f727e6c)
net: net_check_clients() runs too early to see -device, fix
Call it right after -device devices get created.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 668680f75feea79704c603b96126c0833e1ed9a9)
Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 7f76abe1c9d880050ba31ff827b3ff5cbc8175a7)
Jim Meyering [Mon, 8 Feb 2010 18:28:38 +0000 (19:28 +0100)]
don't dereference NULL after failed strdup
Most of these are obvious NULL-deref bug fixes, for example,
the ones in these files:
block/curl.c
net.c
slirp/misc.c
and the first one in block/vvfat.c.
The others in block/vvfat.c may not lead to an immediate segfault, but I
traced the two schedule_rename(..., strdup(path)) uses, and a failed
strdup would appear to trigger this assertion in handle_renames_and_mkdirs:
assert(commit->path);
The conversion to use qemu_strdup in envlist_to_environ is not technically
needed, but does avoid a theoretical leak in the caller when strdup fails
for one value, but later succeeds in allocating another buffer(plausible,
if one string length is much larger than the others). The caller does
not know the length of the returned list, and as such can only free
pointers until it hits the first NULL. If there are non-NULL pointers
beyond the first, their buffers would be leaked. This one is admittedly
far-fetched.
The two in linux-user/main.c are worth fixing to ensure that an
OOM error is diagnosed up front, rather than letting it provoke some
harder-to-diagnose secondary error, in case of exec failure, or worse, in
case the exec succeeds but with an invalid list of command line options.
However, considering how unlikely it is to encounter a failed strdup early
in main, this isn't a big deal. Note that adding the required uses of
qemu_strdup here and in envlist.c induce link failures because qemu_strdup
is not currently in any library they're linked with. So for now, I've
omitted those changes, as well as the fixes in target-i386/helper.c
and target-sparc/helper.c.
If you'd like to see the above discussion (or anything else)
in the commit log, just let me know and I'll be happy to adjust.
>From 9af42864fd1ea666bd25e2cecfdfae74c20aa8c7 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering@redhat.com>
Date: Mon, 8 Feb 2010 18:29:29 +0100
Subject: [PATCH] don't dereference NULL after failed strdup
Handle failing strdup by replacing each use with qemu_strdup,
so as not to dereference NULL or trigger a failing assertion.
* block/curl.c (curl_open): s/\bstrdup\b/qemu_strdup/
* block/vvfat.c (init_directories): Likewise.
(get_cluster_count_for_direntry, check_directory_consistency): Likewise.
* net.c (parse_host_src_port): Likewise.
* slirp/misc.c (fork_exec): Likewise.
Tom Lendacky [Mon, 8 Feb 2010 16:10:01 +0000 (10:10 -0600)]
virtio-net: fix network stall under load
Fix a race condition where qemu finds that there are not enough virtio
ring buffers available and the guest make more buffers available before
qemu can enable notifications.
Signed-off-by: Tom Lendacky <toml@us.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 06b1297017415ae6a07a0e97ad7d8e90b2d95823)
Roy Tam [Thu, 4 Feb 2010 02:30:30 +0000 (10:30 +0800)]
json: fix PRId64 on Win32
OK we are fooled by the json lexer and parser. As we use %I64d to
print 'long long' variables in Win32, but lexer and parser only deal
with %lld but not %I64d, this patch add support for %I64d and solve
'info pci', 'powser_reset' and 'power_powerdown' assert failure in
Win32.
David S. Ahern [Wed, 3 Feb 2010 16:00:54 +0000 (09:00 -0700)]
segfault due to buffer overrun in usb-serial
This fixes a segfault due to buffer overrun in the usb-serial device.
The memcpy was incrementing the start location by recv_used yet, the
computation of first_size (how much to write at the end of the buffer
before wrapping to the front) was not accounting for it. This causes the
next element after the receive buffer (recv_ptr) to get overwritten with
random data.
Signed-off-by: David Ahern <daahern@cisco.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 4ab4183d766f10f9fc35cd9ef4acee39f241986f)
Kevin Wolf [Tue, 2 Feb 2010 14:20:57 +0000 (15:20 +0100)]
qcow2: Fix signedness bugs
Checking for return codes < 0 isn't really going to work with unsigned
types. Use signed types instead.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit f4f0d391b26afcce86df85566788be7170127116)
Do not ignore error, if open file failed (-serial /dev/tty)
In case, when qemu is executed with option like
-serial /dev/ttyS0, report if there are problems with
opening of devices. At now errors are silently ignoring.
Signed-off-by: Evgeniy Dushistov <dushistov@mail.ru> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit afc535acb579a7808d9ff170088c839a29c61dc9)
Aurelien Jarno [Tue, 9 Feb 2010 21:54:22 +0000 (22:54 +0100)]
tcg/mips: fix crash in tcg_out_qemu_ld()
The address register is overriden when it corresponds to v0 and the fast
path is taken, which leads to a crash. Fix that by using the a0 register
instead.
Kevin Wolf [Wed, 27 Jan 2010 12:12:36 +0000 (13:12 +0100)]
virtio-blk: Fix error cases which ignored rerror/werror
If an I/O request fails right away instead of getting an error only in the
callback, we still need to consider rerror/werror.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 6c510fbf601fd8c6891b2f1d7165ceb82308a16f)
Kevin Wolf [Wed, 27 Jan 2010 12:12:35 +0000 (13:12 +0100)]
virtio-blk: Fix restart after read error
Current code assumes that only write requests are ever going to be restarted.
This is wrong since rerror=stop exists. Instead of directly starting writes,
use the same request processing as used for new requests.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit f1b5286803ee66f73034f1f5e0e1cf14f4415f94)
Kevin Wolf [Wed, 27 Jan 2010 12:12:34 +0000 (13:12 +0100)]
virtio_blk: Factor virtio_blk_handle_request out
We need a function that handles a single request. Create one by splitting out
code from virtio_blk_handle_output.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit bc6694d43a68baa864dba7742354a379a3347f33)
Jan Kiszka [Fri, 29 Jan 2010 14:12:48 +0000 (15:12 +0100)]
cirrus: Properly re-register cirrus_linear_io_addr on vram unmap
This fixes CONFIG_FB_CIRRUS for Linux guests and probably much more:
When switching away from linearly mapped vram, we also have to restore
the I/O handlers for the LFB.
This regression was once introduced by commit 2bec46dc97.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 4516e45f82b7ee0cedce875477e785989a719b67)
Kevin Wolf [Wed, 20 Jan 2010 14:04:01 +0000 (15:04 +0100)]
qcow2: Don't ignore qcow2_alloc_clusters return value
Now that qcow2_alloc_clusters can return error codes, we must handle them in
the callers of qcow2_alloc_clusters.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 5d757b563d59142ca81e1073a8e8396750a0ad1a)
Kevin Wolf [Wed, 20 Jan 2010 14:03:06 +0000 (15:03 +0100)]
qcow2: Don't ignore update_refcount return value
update_refcount can return errors that need to be handled by the callers.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit db3a964fb6d66bd50faca76968479bb62ed25330)
Kevin Wolf [Wed, 20 Jan 2010 14:03:05 +0000 (15:03 +0100)]
qcow2: Allow updating no refcounts
There's absolutely no problem with updating the refcounts of 0 clusters.
At least snapshot code is doing this and would fail once the result of
update_refcount isn't ignored any more.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 7322afe7eaa7211285a38ccfb754a0a52911e394)
Kevin Wolf [Wed, 20 Jan 2010 14:03:04 +0000 (15:03 +0100)]
qcow2: Improve error handling in update_refcount
If update_refcount fails, try to undo any changes made so far to avoid
inconsistencies in the image file.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 09508d13f3874d07bf25f8dd9f5303cbd8139d1b)
Kevin Wolf [Wed, 20 Jan 2010 14:03:03 +0000 (15:03 +0100)]
qcow2: Fix error handling in grow_refcount_table
Return the appropriate error code instead of -EIO.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit f2b7c8b37045e0e030ef027cfb6d574558fb732a)
Kevin Wolf [Wed, 20 Jan 2010 14:03:02 +0000 (15:03 +0100)]
block: Return original error codes in bdrv_pread/write
Don't assume -EIO but return the real error.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 9a8c4cceaf670193270995b95378faa3867db999)
Kevin Wolf [Wed, 20 Jan 2010 14:03:01 +0000 (15:03 +0100)]
qcow2: Return 0/-errno in qcow2_alloc_cluster_offset
Returning 0/-errno allows it to distingush different errors classes. The
cluster offset of newly allocated clusters is now returned in the QCowL2Meta
struct.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 148da7ea9d66bad0d5b6512074fbedc4e2640e8f)
Kevin Wolf [Wed, 20 Jan 2010 14:03:00 +0000 (15:03 +0100)]
qcow2: Return 0/-errno in get_cluster_table
Switching to 0/-errno allows it to distinguish different error cases.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 1e3e8f1a437cafa3b23486aea36be3c9c0bd4e28)
Kevin Wolf [Wed, 20 Jan 2010 14:02:59 +0000 (15:02 +0100)]
qcow2: Fix error handling in qcow_save_vmstate
Don't assume success but pass the bdrv_pwrite return value on.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 1d36e3aae338a71ba449f561b6343bb313f70968)
Kevin Wolf [Wed, 20 Jan 2010 14:02:58 +0000 (15:02 +0100)]
qcow2: Fix error handling in qcow2_grow_l1_table
Return the appropriate error value instead of always using EIO. Don't free the
L1 table on errors, we still need it.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit fb8fa77ce143b0911658b4bcbe641c869e26ceee)
Herve Poussineau [Sun, 24 Jan 2010 21:18:36 +0000 (21:18 +0000)]
win32/sdl: Fix toggle full screen
Toggle full screen on Win32/SDL 1.2.13 was broken by commit c18a2c360e3100bbd71162cf922dcd8c429a8b71. Re-add the call to
do_sdl_resize() which was removed in this revision
Signed-off-by: Herve Poussineau <hpoussin@reactos.org> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit a35aed57bf47584b5f55b71acf8daba19decf12a)
Herve Poussineau [Sun, 24 Jan 2010 21:23:56 +0000 (21:23 +0000)]
win32: pair qemu_memalign() with qemu_vfree()
Win32 suffers from a very big memory leak when dealing with SCSI devices.
Each read/write request allocates memory with qemu_memalign (ie
VirtualAlloc) but frees it with qemu_free (ie free).
Pair all qemu_memalign() calls with qemu_vfree() to prevent such leaks.
Signed-off-by: Herve Poussineau <hpoussin@reactos.org> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit f8a83245d9ec685bc6aa6173d6765fe03e20688f)
vnc_refresh: calling vnc_update_client might free vs
Hi all,
this patch fixes another bug in vnc_refresh: calling vnc_update_client
might cause vs to be free()ed, in this case we cannot access vs->next
right after to examine the next item on the list.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 6185c5783c50ab5bb4bcdc317772848278cb9bc1)
Jan Kiszka [Sun, 24 Jan 2010 08:51:49 +0000 (09:51 +0100)]
Musicpal: Fix descriptor walk in eth_send
Commit 930c86820e introduced a regression to eth_send: eth_tx_desc_put
manipulates the host's tx descriptor copy before writing it back, but
two lines down the descriptor is evaluated again, leaving us with an
invalid next address if host and guest endianness differ. So this was
the actual issue commit 2e87c5b937 tried to paper over.
Luiz Capitulino [Wed, 20 Jan 2010 12:37:59 +0000 (10:37 -0200)]
QMP: Fix asynchronous events delivery
Commit f039a563f200beee80cc10fd70b21ea396979dab introduces
a regression as monitor_protocol_event() will return in
the first user Monitor it finds in the QLIST_FOREACH()
loop.
The right thing to do is to only delivery an asynchronous
event if the 'mon' is a QMP Monitor.
The aforementioned commit was an early version, if it was
applied to stable (it should) this one has to be applied
there too.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 23fabed13645fdf66473e458f318baa63be56b22)
Stefan Weil [Sat, 16 Jan 2010 17:19:44 +0000 (18:19 +0100)]
Documentation: Add missing documentation for qdev related command line options
The command line options -device, -nodefaults, -readconfig,
-writeconfig had entries for command line help, but
documentation for texi and derived formats (man, html, info)
was missing.
This also required moving "@end table" to the end of
qemu-options.hx again.
Signed-off-by: Stefan Weil <weil@mail.berlios.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 3dbf2c7fc5682827be6fa436362fb5db221bd210)
Gerd Hoffmann [Thu, 14 Jan 2010 13:44:14 +0000 (14:44 +0100)]
pc: add driver version compat properties
This patch adds compat property entries for ide-disk.ver and
scsi-disk.ver to pc-0.10 and pc-0.11. With this patch applied
the scsi and ide disks report "0.10" and "0.11" as version when
you start qemu with "-M pc-0.10" or "-M pc-0.11".
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 374ef70452452fb729c45dcf1a73a1bd1396cfda)
Gerd Hoffmann [Thu, 14 Jan 2010 13:44:13 +0000 (14:44 +0100)]
scsi: device version property
This patch adds a new property named 'ver' to scsi-disk which allows to
specify the version which the virtual disk/cdrom should report to the
guest. By default this is the qemu version (i.e. 0.12). usage:
Gerd Hoffmann [Thu, 14 Jan 2010 13:44:12 +0000 (14:44 +0100)]
ide: device version property
This patch adds a new property named 'ver' to ide-drive which allows to
specify the version which the virtual disk/cdrom should report to the
guest. By default this is the qemu version (i.e. 0.12). usage:
projects / qemu.git / log