In snapshot mode, bdrv_open creates an empty temporary file without
checking for mkstemp or close failure, and ignoring the possibility
of a buffer overrun given a surprisingly long $TMPDIR.
Change the get_tmp_filename function to return int (not void),
so that it can inform its two callers of those failures.
Also avoid the risk of buffer overrun and do not ignore mkstemp
or close failure.
Update both callers (in block.c and vvfat.c) to propagate
temp-file-creation failure to their callers.
get_tmp_filename creates and closes an empty file, while its
callers later open that presumed-existing file with O_CREAT.
The problem was that a malicious user could provoke mkstemp failure
and race to create a symlink with the selected temporary file name,
thus causing the qemu process (usually root owned) to open through
the symlink, overwriting an attacker-chosen file.
This addresses CVE-2012-2652.
http://bugzilla.redhat.com/CVE-2012-2652
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Jim Meyering <meyering@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Eduardo Habkost [Mon, 21 May 2012 14:27:02 +0000 (11:27 -0300)]
Expose CPUID leaf 7 only for -cpu host
Changes v2 -> v3;
- Check for kvm_enabled() before setting cpuid_7_0_ebx_features
Changes v1 -> v2:
- Use kvm_arch_get_supported_cpuid() instead of host_cpuid() on
cpu_x86_fill_host().
We should use GET_SUPPORTED_CPUID for all bits on "-cpu host"
eventually, but I am not changing all the other CPUID leaves because
we may not be able to test such an intrusive change in time for 1.1.
Description of the bug:
Since QEMU 0.15, the CPUID information on CPUID[EAX=7,ECX=0] is being
returned unfiltered to the guest, directly from the GET_SUPPORTED_CPUID
return value.
The problem is that this makes the resulting CPU feature flags
unpredictable and dependent on the host CPU and kernel version. This
breaks live-migration badly if migrating from a host CPU that supports
some features on that CPUID leaf (running a recent kernel) to a kernel
or host CPU that doesn't support it.
Migration also is incorrect (the virtual CPU changes under the guest's
feet) if you migrate in the opposite direction (from an old CPU/kernel
to a new CPU/kernel), but with less serious consequences (guests
normally query CPUID information only once on boot).
Fortunately, the bug affects only users using cpudefs with level >= 7.
The right behavior should be to explicitly enable those features on
[cpudef] config sections or on the "-cpu" command-line arguments. Right
now there is no predefined CPU model on QEMU that has those features:
the latest Intel model we have is Sandy Bridge.
I would like to get this fixed on 1.1, so I am submitting this patch,
that enables those features only if "-cpu host" is being used (as we
don't have any pre-defined CPU model that actually have those features).
After 1.1 is released, we can make those features properly configurable
on [cpudef] and -cpu configuration.
One problem is: with this patch, users with the following setup:
- Running QEMU 1.0;
- Using a cpudef having level >= 7;
- Running a kernel that supports the features on CPUID leaf 7; and
- Running on a CPU that supports some features on CPUID leaf 7
won't be able to live-migrate to QEMU 1.1. But for these users
live-migration is already broken (they can't live-migrate to hosts with
older CPUs or older kernels, already), I don't see how to avoid this
problem.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Michael Roth [Tue, 29 May 2012 15:08:50 +0000 (10:08 -0500)]
qemu-ga: avoid blocking on atime update when reading /etc/mtab
Currently we re-read/re-process /etc/mtab to get an updated list of
mounts when guest-fsfreeze-thaw is called. This can cause an atime
update on /etc/mtab, which will block if we're in a frozen state.
Instead, use /proc's version of mtab, which may not be up-to-date with
options passed via -o remount, but is compatible for our use cases since
we only care about the filesystem type.
Reported-by: Matsuda, Daiki <matsudadik@intellilink.co.jp> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Andreas Färber [Sun, 27 May 2012 15:02:20 +0000 (17:02 +0200)]
qemu-ga: Fix use of environ on Darwin
Use _NSGetEnviron() helper to access the environment.
Signed-off-by: Andreas Färber <andreas.faerber@web.de> Cc: Charlie Somerville <charlie@charliesomerville.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
The whole PCI slot should be removed once. Currently only one func
is cleaned in pci_unplug_device(), if you try to remove a single
func by monitor cmd.
free_qdev() are called for all functions in slot,
but unparent_delete() is only called for one
function.
Signed-off-by: XXXX Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Scott Moser [Mon, 26 Mar 2012 19:27:00 +0000 (15:27 -0400)]
fix multiboot loading if load_end_addr == 0
The previous multiboot load code did not treat the case where
load_end_addr was 0 specially. The multiboot specification says the
following:
* load_end_addr
Contains the physical address of the end of the data segment.
(load_end_addr - load_addr) specifies how much data to load. This
implies that the text and data segments must be consecutive in the
OS image; this is true for existing a.out executable formats. If
this field is zero, the boot loader assumes that the text and data
segments occupy the whole OS image file.
Signed-off-by: Scott Moser <smoser@ubuntu.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Avi Kivity [Wed, 9 May 2012 15:23:06 +0000 (18:23 +0300)]
vga: fix vram double-mapping with -vga std and -M pc-0.12
With pc-0.12, we map the video RAM both through the PCI BAR (the guest does
this) and through a fixed mapping at 0xe0000000. The memory API doesn't allow
this double map, and aborts.
Fix by using an alias.
Reported-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Andreas Färber [Sun, 27 May 2012 14:21:02 +0000 (16:21 +0200)]
arch_init: Fix AltiVec build on Darwin/ppc
Commit f29a56147b66845914d0a645bf9b4c5bb9a6af57 (implement
-no-user-config command-line option (v3)) introduced uses of bool
in arch_init.c. Shortly before that usage is support code for
AltiVec (conditional to __ALTIVEC__).
GCC's altivec.h may in a !__APPLE_ALTIVEC__ code path redefine bool,
leading to type mismatches. altivec.h recommends to #undef for C++
compatibility, but doing so in C leads to bool remaining undefined.
Fix by redefining bool to _Bool as mandated for stdbool.h by POSIX.
Signed-off-by: Andreas Färber <andreas.faerber@web.de> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Anthony Liguori [Tue, 29 May 2012 09:32:13 +0000 (04:32 -0500)]
Merge remote-tracking branch 'sstabellini/for_1.1_rc3' into staging
* sstabellini/for_1.1_rc3:
Call xc_domain_shutdown with the reboot flag when the guest requests a reboot.
xen: Fix PV-on-HVM
xen_disk: properly update stats in ioreq_release()
xen_disk: use bdrv_aio_flush instead of bdrv_flush
xen_disk: remove syncwrite option
xen: disable rtc_clock
xen: do not initialize the interval timer and PCSPK emulator
Anthony Liguori [Tue, 29 May 2012 09:30:49 +0000 (04:30 -0500)]
Merge remote-tracking branch 'kwolf/for-anthony' into staging
* kwolf/for-anthony:
fdc-test: introduced qtest no_media_on_start and cmos qtest for floppy
fdc: fix media detection
fdc: floppy drive should be visible after start without media
qemu-iotests: mark 035 qcow2-only
qcow2: Check qcow2_alloc_clusters_at() return value
sheepdog: use heap instead of stack for BDRVSheepdogState
sheepdog: return -errno on error
sheepdog: mark image as snapshot when tag is specified
qemu-img: Explain how rebase operation can be used to perform a 'diff' operation.
qcow2: don't leak buffer for unexpected qcow_version in header
Anthony Liguori [Tue, 29 May 2012 09:30:00 +0000 (04:30 -0500)]
Merge remote-tracking branch 'kiszka/queues/slirp' into staging
* kiszka/queues/slirp:
slirp: Avoid redefining MAX_TCPOPTLEN
slirp: Avoid statements without effect on Big Endian host
slirp: Untangle TCPOLEN_* from TCPOPT_*
Anthony Liguori [Tue, 29 May 2012 09:28:59 +0000 (04:28 -0500)]
Merge remote-tracking branch 'bonzini/scsi-next' into staging
* bonzini/scsi-next:
ISCSI: Switch to using READ16/WRITE16 for I/O to the LUN
ISCSI: Only call READCAPACITY16 for SBC devices, use READCAPACITY10 for MMC
ISCSI: get device type at connection time
ISCSI: change num_blocks to 64-bit
ISCSI: redo how we set up the events
scsi: declare vmstate_info_scsi_requests to be static
Andreas Färber [Mon, 28 May 2012 17:52:35 +0000 (19:52 +0200)]
slirp: Avoid redefining MAX_TCPOPTLEN
MAX_TCPOPTLEN is being defined as 32. Darwin already has it as 40,
causing a warning. The value is only used to declare an array,
into which currently 4 bytes are written at most.
Therefore always override MAX_TCPOPTLEN for now.
Suggested-by: Jan Kiszka <jan.kiszka@web.de> Reviewed-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Andreas Färber <andreas.faerber@web.de> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Andreas Färber [Mon, 28 May 2012 17:34:20 +0000 (19:34 +0200)]
slirp: Avoid statements without effect on Big Endian host
Darwin has HTON*/NTOH* macros that on BE simply return the argument.
This is incompatible with SLIRP's use of these macros as a statement.
Undefine the macros in the HOST_WORDS_BIGENDIAN code path to redefine
these macros as no-op, as already done when they were undefined.
Suggested-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Andreas Färber <andreas.faerber@web.de> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Ronnie Sahlberg [Tue, 22 May 2012 09:56:36 +0000 (19:56 +1000)]
ISCSI: redo how we set up the events
Call qemu_notify_event() after updating events. Otherwise, If we add
an event for -is-writeable but the socket is already writeable there
may be a delay before the event callback is actually triggered.
Those delays would in particular hurt performance during BIOS boot and
when the GRUB bootloader reads the kernel and initrd.
But first call out to the socket write functions directly, and only set up
the write event if the socket is full. This will happen very rarely and
this improves performance.
Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Andreas Färber [Fri, 27 Apr 2012 22:29:05 +0000 (00:29 +0200)]
slirp: Untangle TCPOLEN_* from TCPOPT_*
Commit b72210568ef0c0fb141a01cffb71a09c4efa0364 (slirp: clean up
conflicts with system headers) enclosed TCPOLEN_MAXSEG with an #ifdef
TCPOPT_EOL. This broke the build on illumos, which has TCPOPT_*
but not TCPOLEN_*.
Move them to their own #ifdef TCPOLEN_MAXSEG section to remedy this.
Cc: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Andreas Färber <andreas.faerber@web.de> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Andreas Färber [Sun, 27 May 2012 17:50:47 +0000 (19:50 +0200)]
tcg/ppc: Handle _CALL_DARWIN being undefined on Darwin
powerpc-apple-darwin9-gcc-4.2.1 (GCC) 4.2.1 (Apple Inc. build 5577)
does not define _CALL_DARWIN, leading to unexpected behavior w.r.t.
register clobbering and stack frame layout.
Since _CALL_DARWIN is a reserved identifier, define a custom
TCG_TARGET_CALL_DARWIN based on either _CALL_DARWIN or __APPLE__.
Signed-off-by: Andreas F?rber <andreas.faerber@web.de> Signed-off-by: malc <av1474@comtv.ru>
Pavel Hrdina [Thu, 24 May 2012 09:02:30 +0000 (11:02 +0200)]
fdc-test: introduced qtest no_media_on_start and cmos qtest for floppy
As default a guest has always one floppy drive so 0x10 byte in CMOS
has to have 0x40 value. Higher 4 bits means that the first floppy drive
is 1.44 Mb 3"5 drive and lower 4 bits means the second drive is not present.
After the guest starts DSKCHG bit in DIR register should be set. If there
is no media in drive, this bit should be set all the time.
Because we start the guest without media in drive, we have to swap
'eject' and 'change' in 'test_media_change'.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Pavel Hrdina [Thu, 24 May 2012 09:02:29 +0000 (11:02 +0200)]
fdc: fix media detection
We have to set up 'media_changed' after guest start so floppy driver
could detect that there is no media in drive. For this purpose we call
'fdctrl_change_cb' instead of 'fd_revalidate' in 'fdctrl_connect_drives'.
'fd_revalidate' is called inside 'fdctrl_change_cb'.
We still have to set default drive geometry in 'fd_revalidate' even
if there is no media in drive. When you try to open (windows) or mount (linux)
floppy the driver tries to seek on track 1. Linux guest stuck in loop then
kernel crashes and windows guest prints error message.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Hajnoczi [Thu, 24 May 2012 15:26:51 +0000 (16:26 +0100)]
qemu-iotests: mark 035 qcow2-only
The 035 parallel aio write test relies on knowledge of qcow2 metadata
layout to stress parallel L2 table accesses. This only works for qcow2
unless we add additional calculations for qed or other formats.
Mark this test as qcow2-only.
Note that the test is strictly speaking non-deterministic although the
output produced is reliable with qcow2. This is because the aio_write
command returns before the aio write request has completed. Completions
can occur at any time afterwards and cause a message to be printed.
Therefore the exact output of this test is not deterministic but we seem
to get away with it for qcow2 (maybe due to coroutine and main loop
scheduling).
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
MORITA Kazutaka [Wed, 16 May 2012 18:15:34 +0000 (03:15 +0900)]
sheepdog: use heap instead of stack for BDRVSheepdogState
bdrv_create() is called in coroutine context now, so we cannot use
more stack than 1 MB in the function if we use ucontext coroutine.
This patch allocates BDRVSheepdogState, whose size is 4 MB, on the
heap in sd_create().
Signed-off-by: MORITA Kazutaka <morita.kazutaka@lab.ntt.co.jp> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Jan Kiszka [Thu, 24 May 2012 15:05:15 +0000 (12:05 -0300)]
audio: Always call fini on exit
Not only clean up enabled voices but any registered one. Backends like
pulsaudio rely on unconditional fini handler invocations.
This fixes "Memory pool destroyed but not all memory blocks freed!"
warnings on VM shutdowns when pa is used and lockups of QEMU on shutdown
as it got stuck on some pa-internal synchronization point.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: malc <av1474@comtv.ru>
Stefan Weil [Wed, 23 May 2012 21:26:41 +0000 (23:26 +0200)]
es1370: Fix debug code
When DEBUG_ES1370 is defined, the compiler shows these warnings:
hw/es1370.c: In function ?es1370_update_voices?:
hw/es1370.c:414: warning: format ?%d? expects type ?int?, but argument 3 has type ?size_t?
hw/es1370.c: In function ?es1370_writel?:
hw/es1370.c:582: warning: format ?%d? expects type ?int?, but argument 3 has type ?long int?
hw/es1370.c:592: warning: format ?%d? expects type ?int?, but argument 3 has type ?long int?
hw/es1370.c:609: warning: format ?%d? expects type ?int?, but argument 3 has type ?long int?
hw/es1370.c: In function ?es1370_readl?:
hw/es1370.c:751: warning: suggest braces around empty body in an ?if? statement
Fix the format strings and add the missing braces.
Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: malc <av1474@comtv.ru>
Anthony PERARD [Wed, 16 May 2012 17:50:10 +0000 (18:50 +0100)]
xen: Fix PV-on-HVM
In the context of PV-on-HVM under Xen, the emulated nics are supposed to be
unplug before the guest drivers are initialized, when the guest write to a
specific IO port.
Without this patch, the guest end up with two nics with the same MAC, the
emulated nic and the PV nic.
Acked-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Anthony PERARD <anthony.perard@citrix.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
dunrong huang [Fri, 18 May 2012 11:14:13 +0000 (19:14 +0800)]
qdev: Fix memory leak
The str allocated in visit_type_str was not freed.
The visit_type_str function is an input visitor(<QMP/String/etc>-to-native)
here, it will allocate memory for caller, so the caller is responsible for
freeing the memory.
Reviewed-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: dunrong huang <riegamaths@gmail.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Paolo Bonzini [Wed, 16 May 2012 10:54:06 +0000 (12:54 +0200)]
virtio-blk: always enable VIRTIO_BLK_F_SCSI
VIRTIO_BLK_F_SCSI is supposed to mean whether the host can *parse*
SCSI requests, not *execute* them. You could run QEMU with scsi=on
and a file-backed disk, and QEMU would fail all SCSI requests even
though it advertises VIRTIO_BLK_F_SCSI.
Because we need to do this to fix a migration compatibility problem
related to how QEMU is invoked by management, we must do this
unconditionally even on older machine types. This more or less assumes
that no one ever invoked QEMU with scsi=off.
Here is how testing goes:
- old QEMU, scsi=on -> new QEMU, scsi=on
- new QEMU, scsi=on -> old QEMU, scsi=on
- old QEMU, scsi=off -> new QEMU, scsi=on
- new QEMU, scsi=off -> old QEMU, scsi=on
ok (new QEMU has VIRTIO_BLK_F_SCSI, adding host features is fine)
- old QEMU, scsi=off -> new QEMU, scsi=off
ok (new QEMU has VIRTIO_BLK_F_SCSI, adding host features is fine)
- old QEMU, scsi=on -> new QEMU, scsi=off
ok, bug fixed
- new QEMU, scsi=on -> old QEMU, scsi=off
doesn't work (same as: old QEMU, scsi=on -> old QEMU, scsi=off)
- new QEMU, scsi=off -> old QEMU, scsi=off
broken by the patch
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Paolo Bonzini [Wed, 16 May 2012 10:54:03 +0000 (12:54 +0200)]
virtio-blk: report non-zero status when failing SG_IO requests
Linux really looks only at scsi->errors for SG_IO requests; it does
not look at the virtio request status at all. Because of this, when
a SG_IO request is failed early with virtio_blk_req_complete(req,
VIRTIO_BLK_S_UNSUPP), without writing hdr.status, it will look like
a success to the guest.
This is their bug, but we can make it safe for older guests now by
forcing scsi->errors to have a non-zero value whenever a request
has to be failed.
But if we fix the bug in the guest driver, we will have another problem
because QEMU returns VIRTIO_BLK_S_IOERR if the status is non-zero, and
Linux translates that to -EIO. Rather, the guest should succeed the
request and pass the non-zero status via the userspace-provided SG_IO
structure. So, remove the case where virtio_blk_handle_scsi can
return VIRTIO_BLK_S_IOERR.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Mark Langsdorf [Mon, 12 Mar 2012 16:33:25 +0000 (11:33 -0500)]
use an uint64_t for the max_sz parameter in load_image_targphys
Allow load_image_targphys to load files on systems with more than 2G of
emulated memory by changing the max_sz parameter from an int to an
uint64_t.
Reviewed-by: Andreas F=E4rber <afaerber@suse.de> Acked-by: Alexander Graf <agraf@suse.de> Signed-off-by: Mark Langsdorf <mark.langsdorf@calxeda.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Anthony Liguori [Mon, 21 May 2012 20:31:31 +0000 (15:31 -0500)]
Merge remote-tracking branch 'mdroth/qga-pull-5-15-12' into staging
* mdroth/qga-pull-5-15-12:
qemu-ga: align versioning with QEMU_VERSION
qemu-ga: fix segv after failure to open log file
qemu-ga: guest-shutdown: use only async-signal-safe functions
qemu-ga: guest-shutdown: become synchronous
qemu-ga: guest-suspend: make the API synchronous
qemu-ga: become_daemon(): reopen standard fds to /dev/null
qemu-ga: make reopen_fd_to_null() public
qemu-ga: guest-suspend-hybrid: don't emit a success response
qemu-ga: guest-suspend-ram: don't emit a success response
qemu-ga: guest-suspend-disk: don't emit a success response
qemu-ga: guest-shutdown: don't emit a success response
qemu-ga: don't warn on no command return
qapi: add support for command options
Stefan Weil [Tue, 15 May 2012 05:27:19 +0000 (07:27 +0200)]
tests: Fix linker failure for fdc-test
When QEMU was built with the simple trace backend, linking failed:
LINK tests/fdc-test
oslib-posix.o: In function `trace_qemu_memalign':
qemu/bin/debug/x86/./trace.h:31: undefined reference to `trace3'
oslib-posix.o: In function `trace_qemu_vmalloc':
qemu/bin/debug/x86/./trace.h:35: undefined reference to `trace2'
oslib-posix.o: In function `trace_qemu_vfree':
qemu/bin/debug/x86/./trace.h:39: undefined reference to `trace1'
collect2: error: ld returned 1 exit status
make: *** [tests/fdc-test] Fehler 1
Signed-off-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
There's some dodgy application of De Morgan's law in the emulation
of the MIPS BC1ANY[24]F instructions: they end up branching only
if all CCs are false, rather than if one CC is.
Tested on mips64-linux-gnu, where it fixes the GCC MIPS3D tests.
Signed-off-by: Richard Sandiford <rdsandiford@googlemail.com> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Alexander Graf [Thu, 10 May 2012 22:40:10 +0000 (22:40 +0000)]
linux-user: Fix stale tbs after mmap
If we execute linux-user code that does the following:
* A = mmap()
* execute code in A
* munmap(A)
* B = mmap(), but mmap returns the same address as A
* execute code in B
we end up executing a stale cached tb that contains translated code
from A, while we want new code from B.
This patch adds a TB flush for mmap'ed regions, before we return them,
avoiding the whole issue. It also adds a flush for munmap, so that we
don't execute stale TBs instead of getting a segfault.
Reported-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Alexander Graf <agraf@suse.de> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Acked-by: Riku Voipio <riku.voipio@linaro.org> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Blue Swirl [Sat, 12 May 2012 17:20:52 +0000 (17:20 +0000)]
sparc64: fix initrd loading
Initrd load address is too low, it conflicts with kernel load
address:
rom: requested regions overlap (rom phdr #0: /tmp/vmlinux-debian-6.0.4-sparc64. free=0x0000000000742519, addr=0x0000000000400000)
rom loading failed
Fix by making the initrd address variable, load initrd after kernel
image. Use 64 bit variables instead of longs or 32 bit types.
Tested-by: Artyom Tarasenko <atar4qemu@gmail.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Roger Pau Monne [Fri, 18 May 2012 11:08:14 +0000 (12:08 +0100)]
audio: split IN_T into two separate constants
Split IN_T into BSIZE and ITYPE, to avoid expansion if the OS has
defined macros for the intX_t and uintX_t types. The IN_T constant is
then defined in mixeng_template.h so it can be used by the
functions/macros on this header file.
This change has been tested successfully under Debian Linux and NetBSD
6.0BETA.
Cc: Vassili Karpov (malc) <av1474@comtv.ru> Signed-off-by: Roger Pau Monne <roger.pau@citrix.com> Signed-off-by: malc <av1474@comtv.ru>
John V. Baboval [Thu, 17 May 2012 10:33:09 +0000 (10:33 +0000)]
Call xc_domain_shutdown with the reboot flag when the guest requests a reboot.
Signed-off-by: John V. Baboval <john.baboval@virtualcomputer.com> Signed-off-by: Tom Goetz <tom.goetz@virtualcomputer.com> Signed-off-by: Anthony PERARD <anthony.perard@citrix.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Anthony PERARD [Thu, 17 May 2012 10:31:20 +0000 (10:31 +0000)]
xen: Fix PV-on-HVM
In the context of PV-on-HVM under Xen, the emulated nics are supposed to be
unplug before the guest drivers are initialized, when the guest write to a
specific IO port.
Without this patch, the guest end up with two nics with the same MAC, the
emulated nic and the PV nic.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Jan Beulich [Mon, 14 May 2012 16:46:33 +0000 (16:46 +0000)]
xen_disk: properly update stats in ioreq_release()
While for the "normal" case (called from blk_send_response_all())
decrementing requests_finished is correct, doing so in the parse error
case is wrong; requests_inflight needs to be decremented instead.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com>
xen_disk: use bdrv_aio_flush instead of bdrv_flush
Use bdrv_aio_flush instead of bdrv_flush.
Make sure to call bdrv_aio_writev/readv after the presync bdrv_aio_flush is fully
completed and make sure to call the postsync bdrv_aio_flush after
bdrv_aio_writev/readv is fully completed.
xen: do not initialize the interval timer and PCSPK emulator
PIT and PCSPK are emulated by the hypervisor so we don't need to emulate
them in Qemu: this patch prevents Qemu from waking up needlessly at
PIT_FREQ on Xen.
Michael Roth [Mon, 14 May 2012 14:33:48 +0000 (09:33 -0500)]
qemu-ga: align versioning with QEMU_VERSION
Previously qemu-ga version was defined seperately. Since it is aligned
with QEMU releases, use QEMU_VERSION instead. This also implies the
version bump for 1.1[-rcN] release of qemu-ga.
Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Acked-by: Luiz Capitulino <lcapitulino@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Michael Roth [Mon, 14 May 2012 21:42:35 +0000 (16:42 -0500)]
qemu-ga: fix segv after failure to open log file
Currently, if we fail to open the specified log file (generally due to a
permissions issue), we'll assign NULL to the logfile handle (stderr,
initially) used by the logging routines, which can cause a segfault to
occur when we attempt to report the error before exiting.
Instead, only re-assign if the open() was successful.
Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Luiz Capitulino [Mon, 14 May 2012 18:25:20 +0000 (15:25 -0300)]
qemu-ga: guest-shutdown: use only async-signal-safe functions
POSIX mandates[1] that a child process of a multi-thread program uses
only async-signal-safe functions before exec(). We consider qemu-ga
to be multi-thread, because it uses glib.
However, qmp_guest_shutdown() uses functions that are not
async-signal-safe. Fix it the following way:
- fclose() -> reopen_fd_to_null()
- execl() -> execle()
- exit() -> _exit()
- drop slog() usage (which is not safe)
Luiz Capitulino [Fri, 11 May 2012 19:19:47 +0000 (16:19 -0300)]
qemu-ga: guest-shutdown: become synchronous
Last commit dropped qemu-ga's SIGCHLD handler, used to automatically
reap terminated children processes. This introduced a bug to
qmp_guest_shutdown(): it will generate zombies.
This problem probably doesn't matter in the success case, as the VM
will shutdown anyway, but let's do the right thing and reap the
created process. This ultimately means that guest-shutdown is now a
synchronous command.
An interesting side effect is that guest-shutdown is now able to
report an error to the client if shutting down fails.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Luiz Capitulino [Fri, 11 May 2012 19:19:46 +0000 (16:19 -0300)]
qemu-ga: guest-suspend: make the API synchronous
Currently, qemu-ga has a SIGCHLD handler that automatically reaps terminated
children processes. The idea is to avoid having qemu-ga commands blocked
waiting for children to terminate.
That approach has two problems:
1. qemu-ga is unable to detect errors in the child, meaning that qemu-ga
returns success even if the child fails to perform its task
2. if a command does depend on the child exit status, the command has to
play tricks to bypass the automatic reaper
Case 2 impacts the guest-suspend-* API, because it has to execute an external
program to check for suspend support. Today, to bypass the automatic reaper,
suspend code has to double fork and pass exit status information through a
pipe. Besides being complex, this is prone to race condition bugs. Indeed,
the current code does have such bugs.
Making the guest-suspend-* API synchronous (ie. by dropping the SIGCHLD
handler and calling waitpid() from commands) is a much simpler approach,
which fixes current race conditions bugs and enables commands to detect
errors in the child.
This commit does just that. There's a side effect though, guest-shutdown
will generate zombies if shutting down fails. This will be fixed by the
next commit.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Luiz Capitulino [Thu, 10 May 2012 19:50:42 +0000 (16:50 -0300)]
qemu-ga: become_daemon(): reopen standard fds to /dev/null
This fixes a bug where qemu-ga doesn't suspend the guest because it
fails to detect suspend support even when the guest does support
suspend. This happens because of the way qemu-ga fds are managed in
daemon mode.
When starting qemu-ga with --daemon, become_daemon() will close all
standard fds. This will cause qemu-ga to end up with the following
fds (if started with 'qemu-ga --daemon'):
0 -> /dev/vport0p1
3 -> /run/qemu-ga.pid
Then a guest-suspend-* function is issued. They call bios_supports_mode(),
which will call pipe(), and qemu-ga's fd will be:
bios_supports_mode() forks off a child and blocks waiting for the child
to write something to the pipe. The child, however, closes its reading
end of the pipe _and_ reopen all standard fds to /dev/null. This will
cause the child's fds to be:
In other words, the child's writing end of the pipe is now /dev/null.
It writes there and exits. The parent process (blocked on read()) will
get an EOF and interpret this as "something unexpected happened in
the child, let's assume the guest doesn't support suspend". And suspend
will fail.
To solve this problem we have to reopen standard fds to /dev/null
in become_daemon(), instead of closing them.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Luiz Capitulino [Tue, 8 May 2012 17:24:49 +0000 (14:24 -0300)]
qemu-ga: guest-suspend-hybrid: don't emit a success response
Today, qemu-ga may not be able to emit a success response when
guest-suspend-hybrid completes. This happens because the VM may
suspend before qemu-ga is able to emit a response.
This semantic is a bit confusing, as it's not clear for clients if
they should wait for a response or how they should check for success.
This commit solves that problem by changing guest-suspend-hybrid to
never emit a success response and suggests in the documentation
what clients should do to check for success.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Luiz Capitulino [Tue, 8 May 2012 17:24:48 +0000 (14:24 -0300)]
qemu-ga: guest-suspend-ram: don't emit a success response
Today, qemu-ga may not be able to emit a success response when
guest-suspend-ram completes. This happens because the VM may
suspend before qemu-ga is able to emit a response.
This semantic is a bit confusing, as it's not clear for clients if
they should wait for a response or how they should check for success.
This commit solves that problem by changing guest-suspend-ram to
never emit a success response and suggests in the documentation
what clients should do to check for success.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Luiz Capitulino [Tue, 8 May 2012 17:24:47 +0000 (14:24 -0300)]
qemu-ga: guest-suspend-disk: don't emit a success response
Today, qemu-ga may not be able to emit a success response when
guest-suspend-disk completes. This happens because the VM may
vanish before qemu-ga is able to emit a response.
This semantic is a bit confusing, as it's not clear for clients if
they should wait for a response or how they should check for success.
This commit solves that problem by changing guest-suspend-disk to
never emit a success response and suggests in the documentation
what clients could do to check for success.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Luiz Capitulino [Tue, 8 May 2012 17:24:46 +0000 (14:24 -0300)]
qemu-ga: guest-shutdown: don't emit a success response
Today, qemu-ga may not be able to emit a success response when
guest-shutdown completes. This happens because the VM may vanish
before qemu-ga is able to emit a response.
This semantic is a bit confusing, as it's not clear for clients if
they should wait for a response or how they should check for success.
This commit solves that problem by changing guest-shutdown to never
emit a success response and suggests in the documentation what
clients could do to check for success.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Luiz Capitulino [Tue, 8 May 2012 17:24:44 +0000 (14:24 -0300)]
qapi: add support for command options
Options allow for changes in commands behavior. This commit introduces
the QCO_NO_SUCCESS_RESP option, which causes a command to not emit a
success response.
This is needed by commands such as qemu-ga's guest-shutdown, which
may not be able to complete before the VM vanishes. In this case, it's
useful and simpler not to bother sending a success response.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Anthony Liguori [Mon, 14 May 2012 15:06:50 +0000 (10:06 -0500)]
Merge remote-tracking branch 'sweil/for-1.1' into staging
* sweil/for-1.1:
qemu-doc: Use QEMU instead of qemu for product name
qemu-doc: Fix executable name in examples
qemu-doc: Add missing parameter in description of -D option
configure: Use QEMU instead of Qemu
fix some common typos
qemu-timer: Fix wrong error message
Paolo Bonzini [Wed, 2 May 2012 11:30:59 +0000 (13:30 +0200)]
qdev: fix -device foo,?
Since most property types do not have a parse property now, this was
broken. Fix it by looking at the setter instead.
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com> Acked-by: Andreas F=E4rber <afaerber@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Charles Arnold [Fri, 11 May 2012 16:57:54 +0000 (10:57 -0600)]
qemu-img: Fix segmentation fault
The following command generates a segmentation fault.
qemu-img convert -O vpc -o ? test test2
This is because the 'goto out;' statement calls qemu_progress_end
before qemu_progress_init is called resulting in a NULL pointer
invocation.
Signed-off-by: Charles Arnold <carnold@suse.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Jan Kiszka [Wed, 9 May 2012 17:23:27 +0000 (14:23 -0300)]
coroutine: Fix setup of sigaltstack coroutines
Use pthread_kill instead of process-wide kill to invoke the signal
handler used for stack switching. This may fix spurious lock-ups with
this backend, easily triggerable by extending the time window between
kill and sigsuspend.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Michael Roth [Fri, 11 May 2012 17:43:24 +0000 (12:43 -0500)]
qapi: QMP input visitor, handle floats parsed as ints
JSON numbers can be interpreted as either integers or floating point
values depending on their representation. As a result, QMP input visitor
might visit a QInt when it was expecting a QFloat, so add handling to
account for this.
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com> Acked-by: Andreas Färber <afaerber@suse.de>
Gerd Hoffmann [Tue, 8 May 2012 11:54:45 +0000 (13:54 +0200)]
usb-host: handle guest-issued clear halt
Most important here is to update our internal endpoint state so we know
the endpoint isn't in halted state any more. Without this usb-host
tries to clear halt again with the next data transfer submitted. Doing
this twice is (a) not correct and (b) confuses some usb devices,
rendering them non-functional in the guest.
projects / qemu.git / log