The pointer arithmetic there is safe, but ugly. Coverity grouses
about it. However, the actual comparison is off by one: <= end
instead of < end. Fix by rewriting the check in a cleaner way.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit bc5f92e5db6f303e73387278e32f8669f0abf0e5)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Roger Pau Monne [Mon, 14 Jan 2013 18:26:53 +0000 (18:26 +0000)]
xen_disk: fix memory leak
On ioreq_release the full ioreq was memset to 0, loosing all the data
and memory allocations inside the QEMUIOVector, which leads to a
memory leak. Create a new function to specifically reset ioreq.
Reported-by: Maik Wessler <maik.wessler@yahoo.com> Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
(cherry picked from commit 282c6a2f292705f823554447ca0b7731b6f81a97)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Peter Maydell [Thu, 17 Jan 2013 20:04:16 +0000 (20:04 +0000)]
tcg/target-arm: Add missing parens to assertions
Silence a (legitimate) complaint about missing parentheses:
tcg/arm/tcg-target.c: In function ‘tcg_out_qemu_ld’:
tcg/arm/tcg-target.c:1148:5: error: suggest parentheses around
comparison in operand of ‘&’ [-Werror=parentheses]
tcg/arm/tcg-target.c: In function ‘tcg_out_qemu_st’:
tcg/arm/tcg-target.c:1357:5: error: suggest parentheses around
comparison in operand of ‘&’ [-Werror=parentheses]
which meant that we would mistakenly always assert if running
a QEMU built with debug enabled on ARM.
Signed-off-by: Peter Maydell <peter.maydelL@linaro.org> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit 5256a7208a7c2af19baf8f99bd4f06632f9f9ba9)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Kevin Wolf [Wed, 16 Jan 2013 20:20:00 +0000 (21:20 +0100)]
win32-aio: Fix memory leak
The buffer is allocated for both reads and writes, and obviously it
should be freed even if an error occurs.
Cc: qemu-stable@nongnu.org Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit e8bccad5ac6095b5af7946cd72d9aacb57f7c0a3)
Conflicts:
block/win32-aio.c
*addressed conflict due to buggy g_free() still in use instead of
qemu_vfree() as it is upstream (via commit 7479acdb)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Kevin Wolf [Wed, 16 Jan 2013 20:19:59 +0000 (21:19 +0100)]
win32-aio: Fix vectored reads
Copying data in the right direction really helps a lot!
Cc: qemu-stable@nongnu.org Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit bcbbd234d42f1111e42b91376db61922d42e7e9e)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Kevin Wolf [Wed, 16 Jan 2013 18:25:51 +0000 (19:25 +0100)]
aio: Fix return value of aio_poll()
aio_poll() must return true if any work is still pending, even if it
didn't make progress, so that bdrv_drain_all() doesn't stop waiting too
early. The possibility of stopping early occasionally lead to a failed
assertion in bdrv_drain_all(), when some in-flight request was missed
and the function didn't really drain all requests.
In order to make that change, the return value as specified in the
function comment must change for blocking = false; fortunately, the
return value of blocking = false callers is only used in test cases, so
this change shouldn't cause any trouble.
Cc: qemu-stable@nongnu.org Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 2ea9b58f0bc62445b7ace2381b4c4db7d5597e19)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Paolo Bonzini [Thu, 10 Jan 2013 14:28:35 +0000 (15:28 +0100)]
raw-posix: fix bdrv_aio_ioctl
When the raw-posix aio=thread code was moved from posix-aio-compat.c
to block/raw-posix.c, there was an unintended change to the ioctl code.
The code used to return the ioctl command, which posix_aio_read()
would later morph into a zero. This hack is not necessary anymore,
and in fact breaks scsi-generic (which expects a zero return code).
Remove it.
Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit b608c8dc02c78ee95455a0989bdf1b41c768b2ef)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Alex Williamson [Tue, 8 Jan 2013 21:10:03 +0000 (14:10 -0700)]
vfio-pci: Loosen sanity checks to allow future features
VFIO_PCI_NUM_REGIONS and VFIO_PCI_NUM_IRQS should never have been
used in this manner as it locks a specific kernel implementation.
Future features may introduce new regions or interrupt entries
(VGA may add legacy ranges, AER might add an IRQ for error
signalling). Fix this before it gets us into trouble.
Alex Williamson [Mon, 7 Jan 2013 04:30:31 +0000 (21:30 -0700)]
pci-assign: Enable MSIX on device to match guest
When a guest enables MSIX on a device we evaluate the MSIX vector
table, typically find no unmasked vectors and don't switch the device
to MSIX mode. This generally works fine and the device will be
switched once the guest enables and therefore unmasks a vector.
Unfortunately some drivers enable MSIX, then use interfaces to send
commands between VF & PF or PF & firmware that act based on the host
state of the device. These therefore may break when MSIX is managed
lazily. This change re-enables the previous test used to enable MSIX
(see qemu-kvm a6b402c9), which basically guesses whether a vector
will be used based on the data field of the vector table.
Cc: qemu-stable@nongnu.org Signed-off-by: Alex Williamson <alex.williamson@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit feb9a2ab4b0260d8d680a7ffd25063dafc7ec628)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Alex Williamson [Tue, 8 Jan 2013 21:09:03 +0000 (14:09 -0700)]
vfio-pci: Make host MSI-X enable track guest
Guests typically enable MSI-X with all of the vectors in the MSI-X
vector table masked. Only when the vector is enabled does the vector
get unmasked, resulting in a vector_use callback. These two points,
enable and unmask, correspond to pci_enable_msix() and request_irq()
for Linux guests. Some drivers rely on VF/PF or PF/fw communication
channels that expect the physical state of the device to match the
guest visible state of the device. They don't appreciate lazily
enabling MSI-X on the physical device.
To solve this, enable MSI-X with a single vector when the MSI-X
capability is enabled and immediate disable the vector. This leaves
the physical device in exactly the same state between host and guest.
Furthermore, the brief gap where we enable vector 0, it fires into
userspace, not KVM, so the guest doesn't get spurious interrupts.
Ideally we could call VFIO_DEVICE_SET_IRQS with the right parameters
to enable MSI-X with zero vectors, but this will currently return an
error as the Linux MSI-X interfaces do not allow it.
Max Filippov [Wed, 19 Dec 2012 20:04:09 +0000 (00:04 +0400)]
target-xtensa: fix search_pc for the last TB opcode
Zero out tcg_ctx.gen_opc_instr_start for instructions representing the
last guest opcode in the TB.
Cc: qemu-stable@nongnu.org Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit 36f25d2537c40c6c47f4abee5d31a24863d1adf7)
*modified to use older global version of gen_opc_instr_start
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Paolo Bonzini [Tue, 20 Nov 2012 11:48:19 +0000 (12:48 +0100)]
buffered_file: do not send more than s->bytes_xfer bytes per tick
Sending more was possible if the buffer was large.
Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
(cherry picked from commit bde54c08b4854aceee3dee25121a2b835cb81166)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Paolo Bonzini [Wed, 12 Dec 2012 11:54:43 +0000 (12:54 +0100)]
migration: fix migration_bitmap leak
Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
(cherry picked from commit 244eaa7514a944b36273eb8428f32da8e9124fcf)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Discard packets longer than 16384 when !SBP to match the hardware behavior.
Signed-off-by: Michael Contreras <michael@inetric.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 2c0331f4f7d241995452b99afaf0aab00493334a)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Uri Lublin [Wed, 12 Dec 2012 16:30:47 +0000 (18:30 +0200)]
qxl+vnc: register a vm state change handler for dummy spice_server
When qxl + vnc are used, a dummy spice_server is initialized.
The spice_server has to be told when the VM runstate changes,
which is what this patch does.
Without it, from qxl_send_events(), the following error message is shown:
qxl_send_events: spice-server bug: guest stopped, ignoring
Cc: qemu-stable@nongnu.org Signed-off-by: Uri Lublin <uril@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 938b8a36b65e44c44ca29245437f8d7ac0f826e8)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
With MMU option xtensa architecture has two TLBs: ITLB and DTLB. ITLB is
only used for code access, DTLB is only for data. However TLB entries in
both TLBs have attribute field controlling write and exec access. These
bits need to be properly masked off depending on TLB type before being
used as tlb_set_page prot argument. Otherwise the following happens:
(1) ITLB entry for some PFN gets invalidated
(2) DTLB entry for the same PFN gets updated, attributes allow code
execution
(3) code at the page with that PFN is executed (possible due to step 2),
entry for the TB is written into the jump cache
(4) QEMU TLB entry for the PFN gets replaced with an entry for some
other PFN
(5) code in the TB from step 3 is executed (possible due to jump cache)
and it accesses data, for which there's no DTLB entry, causing DTLB
miss exception
(6) re-translation of the TB from step 5 is attempted, but there's no
QEMU TLB entry nor xtensa ITLB entry for that PFN, which causes ITLB
miss exception at the TB start address
(7) ITLB miss exception is handled by the guest, but execution is
resumed from the beginning of the faulting TB (the point where ITLB
miss occured), not from the point where DTLB miss occured, which is
wrong.
With that fix the above scenario causes ITLB miss exception (that used
to be step 7) at step 3, right at the beginning of the TB.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> Cc: qemu-stable@nongnu.org Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit 659f807c0a700317a7a0fae7a6e6ebfe68bfbbc4)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Gerd Hoffmann [Fri, 14 Dec 2012 07:54:24 +0000 (07:54 +0000)]
pixman: fix vnc tight png/jpeg support
This patch adds an x argument to qemu_pixman_linebuf_fill so it can
also be used to convert a partial scanline. Then fix tight + png/jpeg
encoding by passing in the x+y offset, so the data is read from the
correct screen location instead of the upper left corner.
Cc: 1087974@bugs.launchpad.net Cc: qemu-stable@nongnu.org Reported-by: Tim Hardeneck <thardeck@suse.de> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit bc210eb163b162ff2e94e5c8f4307715731257f8)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Kevin O'Connor (6):
floppy: Minor - reduce handle_0e code size when CONFIG_FLOPPY is disabled.
vga: Minor comment spelling fix.
Don't recursively evaluate CFLAGS variables.
Don't use gcc's -combine option.
Add compile checking phase to build.
acpi: Use prt_slot() macro to describe irq pins of first PCI device.
Laszlo Ersek (1):
maininit(): print machine UUID under seabios version message
Alex Williamson [Mon, 10 Dec 2012 18:30:03 +0000 (11:30 -0700)]
vfio-pci: Don't use kvm_irqchip_in_kernel
kvm_irqchip_in_kernel() has an architecture specific meaning, so
we shouldn't be using it to determine whether to enabled KVM INTx
bypass. kvm_irqfds_enabled() seems most appropriate. Also use this
to protect our other call to kvm_check_extension() as that explodes
when KVM isn't enabled.
Petar Jovanovic [Tue, 4 Dec 2012 23:29:10 +0000 (00:29 +0100)]
target-mips: Fix incorrect shift for SHILO and SHILOV
helper_shilo has not been shifting an accumulator value correctly for negative
values in 'shift' field. Minor optimization for shift=0 case.
This change also adds tests that will trigger issue and check for regressions.
Signed-off-by: Petar Jovanovic <petarj@mips.com> Reviewed-by: Richard Henderson <rth@twiddle.net> Reviewed-by: Eric Johnson <ericj@mips.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 19e6c50d2d843220efbdd3b2db21d83c122c364a)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Petar Jovanovic [Mon, 26 Nov 2012 15:13:21 +0000 (16:13 +0100)]
target-mips: Fix incorrect code and test for INSV
Content of register rs should be shifted for pos before applying a mask.
This change contains both fix for the instruction and to the existing test.
Signed-off-by: Petar Jovanovic <petarj@mips.com> Reviewed-by: Eric Johnson <ericj@mips.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 34f5606ee101f82a247d09d05644ad2a63c8e342)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
David Gibson [Tue, 4 Dec 2012 00:38:39 +0000 (11:38 +1100)]
migration: Fix madvise breakage if host and guest have different page sizes
madvise(DONTNEED) will throw away the contents of the whole page at the
given address, even if the given length is less than the page size. One
can argue about whether that's the correct behaviour, but that's what it's
done for a long time in Linux at least.
That means that the madvise() in ram_load(), on a setup where
TARGET_PAGE_SIZE is smaller than the host page size, can throw away data
in guest pages adjacent to the one it's actually processing right now,
leading to guest memory corruption on an incoming migration.
This patch therefore, disables the madvise() if the host page size is
larger than TARGET_PAGE_SIZE. This means we don't get the benefits of that
madvise() in this case, but a more complete fix is more difficult to
accomplish. This at least fixes the guest memory corruption.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reported-by: Alexey Kardashevskiy <aik@ozlabs.ru> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 45e6cee42b98d10e2e14885ab656541a9ffd5187)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
David Gibson [Tue, 4 Dec 2012 00:38:38 +0000 (11:38 +1100)]
Fix off-by-1 error in RAM migration code
The code for migrating (or savevm-ing) memory pages starts off by creating
a dirty bitmap and filling it with 1s. Except, actually, because bit
addresses are 0-based it fills every bit except bit 0 with 1s and puts an
extra 1 beyond the end of the bitmap, potentially corrupting unrelated
memory. Oops. This patch fixes it.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 7ec81e56edc2b2007ce0ae3982aa5c18af9546ab)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Brad Smith [Fri, 28 Dec 2012 06:38:11 +0000 (01:38 -0500)]
Disable semaphores fallback code for OpenBSD
Disable the semaphores fallback code for OpenBSD as modern OpenBSD
releases now have sem_timedwait().
Signed-off-by: Brad Smith <brad@comstyle.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit 927fa909d5d5cf8c07673cd16a6d3bdc81250bc0)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Brad Smith [Fri, 28 Dec 2012 06:00:26 +0000 (01:00 -0500)]
Fix semaphores fallback code
As reported in bug 1087114 the semaphores fallback code is broken which
results in QEMU crashing and making QEMU unusable.
This patch is from Paolo.
This needs to be back ported to the 1.3 stable tree as well.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Brad Smith <brad@comstyle.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit a795ef8dcb8cbadffc996c41ff38927a97645234)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
e1000: Discard packets that are too long if !SBP and !LPE
The e1000_receive function for the e1000 needs to discard packets longer than
1522 bytes if the SBP and LPE flags are disabled. The linux driver assumes
this behavior and allocates memory based on this assumption.
Signed-off-by: Michael Contreras <michael@inetric.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Anthony Liguori [Fri, 30 Nov 2012 16:24:24 +0000 (10:24 -0600)]
Merge remote-tracking branch 'kwolf/for-anthony' into staging
* kwolf/for-anthony:
coroutine-sigaltstack.c: Use stack_t, not struct sigaltstack
stream: fix ratelimit_set_speed
atapi: make change media detection for guests easier
Documentation: Update image format information
Documentation: Update block cache mode information
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Anthony Liguori [Fri, 30 Nov 2012 16:20:21 +0000 (10:20 -0600)]
Merge remote-tracking branch 'kraxel/usb.73' into staging
* kraxel/usb.73:
ehci-sysbus: Attach DMA context.
usb: fail usbdevice_create() when there is no USB bus
usb: tag usb host adapters as not hotpluggable.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Most important change is that seabios sets the busmaster bit
in the pci config space for the lsi and esp scsi host adapters.
Since commit 1c380f9460522f32c8dd2577b2a53d518ec91c6d qemu
is strict here and disallows any dma access when the bit is
clear.
Paolo Bonzini [Thu, 29 Nov 2012 17:11:50 +0000 (18:11 +0100)]
multiboot: fix e801 memory map
The e801 memory sizes in the multiboot structures hard-code the available
low memory to 640. However, the value should not include the size of the
EBDA. Fill the value in the option ROM, getting the size of low memory
from the BIOS.
Cc: Alexander Graf <agraf@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Reported-by: Paul Moore <pmoore@redhat.com> Tested-by: Paul Moore <pmoore@redhat.com> Signed-off-by: Eduardo Otubo <otubo@linux.vnet.ibm.com> Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Peter Maydell [Sat, 10 Nov 2012 21:47:52 +0000 (21:47 +0000)]
coroutine-sigaltstack.c: Use stack_t, not struct sigaltstack
Use the POSIX-specified stack_t type as the argument to sigaltstack()
rather than the legacy struct sigaltstack. This allows us to compile
on MacOSX with --with-coroutine=sigaltstack.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Kevin Wolf [Wed, 21 Nov 2012 13:21:47 +0000 (14:21 +0100)]
Documentation: Update image format information
Document new and yet undocumented options and image formats. The
qemu-img man page contains information only for raw and qcow2 now and
references the HTML documentation for a more detailed description of
other formats.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Kevin Wolf [Wed, 21 Nov 2012 11:26:56 +0000 (12:26 +0100)]
Documentation: Update block cache mode information
Somehow we forgot to update this when cache=writeback became the
default. While changing the information on the default, also make the
description of all caches modes a bit more accurate.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Commit 0d8d7690850eb0cf2b2b60933cf47669a6b6f18f introduced
a regression in virtio-net performance because it looks
into the ring aggressively while we really only care
about a single packet worth of buffers.
Reported as bugzilla 1066055 in launchpad.
To fix, add parameters limiting lookahead, and
use in virtqueue_avail_bytes.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reported-by: Edivaldo de Araujo Pereira <edivaldoapereira@yahoo.com.br> Tested-by: Edivaldo de Araujo Pereira <edivaldoapereira@yahoo.com.br> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Anthony Liguori [Thu, 29 Nov 2012 13:46:23 +0000 (07:46 -0600)]
qdev: relax bus type check in qdev_device_add() (v2)
We are currently checking for an exact type match. Use QOM dynamic_cast to
check for a compatible type instead.
Cc: Konrad Frederic <fred.konrad@greensocs.com> Cc: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
---
v1 -> v2:
- also add cast to qbus_find_recursive (Peter)
- simplify by doing object_dynamic_cast instead of messing with classes
Bruce Rogers [Tue, 27 Nov 2012 20:11:25 +0000 (13:11 -0700)]
qapi: fix qapi_dealloc_type_size parameter type
The second parameter to qapi_dealloc_type_size should be a uint64_t *,
not a size_t *. This was causing our 32 bit x86 build to fail, since
warnings are treated as errors.
Signed-off-by: Bruce Rogers <brogers@suse.com> Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com> Reviewed-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
This was left as NULL on the initial merge due to debate on the mailing list on
how to handle DMA contexts for sysbus devices. Patch 9e11908f12f92e31ea94dc2a4c962c836cba9f2a was later merged to fix OHCI. This is the,
equivalent fix for sysbus EHCI.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Gerd Hoffmann [Thu, 22 Nov 2012 13:44:50 +0000 (14:44 +0100)]
usb: tag usb host adapters as not hotpluggable.
Hotplugging them simply doesn't work, so tag them accordingly to
avoid users trying and then crashing qemu.
For xhci there is nothing fundamental which prevents hotplug from
working, we'll "only" need a exit() function which cleans up
everything properly. That isn't for 1.3 though.
For ehci+uhci+ohci hotplug can't be supported until qemu gains the
capability to hotplug multifunction pci devices.
Yonit Halperin [Wed, 28 Nov 2012 15:08:22 +0000 (10:08 -0500)]
qxl: reload memslots after migration, when qxl is in UNDEFINED mode
The devram memslot stays active when qxl enters UNDEFINED mode (i.e, no
primary surface). If migration has occurred while the device is in
UNDEFINED stae, the memslots have to be reloaded at the destination.
Jan Kiszka [Thu, 22 Nov 2012 19:56:11 +0000 (20:56 +0100)]
event notifier: Fix setup for win32
The event notifier state is only reset by test_and_clear. But we created
the windows event object with auto-reset, which subtly swallowed events.
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Anthony Liguori [Wed, 28 Nov 2012 19:19:24 +0000 (13:19 -0600)]
Merge remote-tracking branch 'bonzini/scsi-next' into staging
* bonzini/scsi-next:
virtio-scsi: Fix subtle (guest) endian bug
virtio-scsi: Fix some endian bugs with virtio-scsi
iscsi: do not assume device is zero initialized
iscsi: fix deadlock during login
iscsi: fix segfault in url parsing
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Paolo Bonzini [Wed, 28 Nov 2012 08:40:23 +0000 (09:40 +0100)]
build: compile translate.o with -fno-gcse option on GCC 4.6.x and 4.7.[012]
These versions of GCC require insane (>2GB) amounts of memory to compile
translate.o. As a countermeasure, disable the culprit optimization pass.
This should fix the buildbot failure for default_x86_64_fedora16. Anyway
this is a good thing to do because people will try to compile 1.3 with
less than 2GB of memory and complain.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
David Gibson [Mon, 26 Nov 2012 01:33:52 +0000 (12:33 +1100)]
virtio-scsi: Fix subtle (guest) endian bug
The virtio-scsi config space is, by specification, in guest endian (which
is ill-defined, but there you go). In virtio_scsi_get_config() we set up
all the fields in there, using stl_raw(). Which is a problem for the
max_channel and max_target fields, which are 16-bit, not 32-bit. For
little-endian targets we get away with it by accident, since the first
two bytes will still be correct, and the extra two bytes written (with
zeroes) will be overwritten correctly by the next store.
But for big-endian guests, this means the max_target field ends up as zero,
which means the guest will only recognize a single disk on the virtio-scsi
bus. This patch fixes the problem.
Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Paul 'Rusty' Russell <rusty@rustcorp.com.au> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
David Gibson [Fri, 23 Nov 2012 05:08:44 +0000 (16:08 +1100)]
virtio-scsi: Fix some endian bugs with virtio-scsi
The virtio-scsi specification does not specify the correct endianness for
fields in the request structure. It's therefore best to assume that it is
"guest native" endian since that's the (stupid and poorly defined) norm in
virtio.
However, the qemu device for virtio-scsi has no byteswaps at all, and so
will break if the guest has different endianness from the host. This patch
fixes it by adding tswap() calls for the sense_len and resid fields in
the request structure. In theory status_qualifier needs swaps as well,
but that field is never actually touched. The tag field is a uint64_t, but
since its value is completely arbitrary, it might as well be uint8_t[8]
and so it does not need swapping.
Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Paul 'Rusty' Russell <rusty@rustcorp.com.au> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Peter Lieven [Sat, 17 Nov 2012 13:37:39 +0000 (14:37 +0100)]
iscsi: fix deadlock during login
If the connection is interrupted before the first login is successfully
completed qemu-kvm is waiting forever in qemu_aio_wait().
This is fixed by performing an sync login to the target. If the
connection breaks after the first successful login errors are
handled internally by libiscsi.
Signed-off-by: Peter Lieven <pl@kamp.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Michal Privoznik [Wed, 28 Nov 2012 10:46:39 +0000 (11:46 +0100)]
nbd-server-add: Fix the default for 'writable'
The documentation to this monitor command tells, that 'writable'
argument is optional and defaults to false. However, the code sets
true as the default. But since some applications may already been
using this, it's safer to fix the code and not documentation which
would break those applications.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Alex Horn [Mon, 26 Nov 2012 16:32:54 +0000 (17:32 +0100)]
rtc: Only call rtc_set_cmos when Register B SET flag is disabled.
This bug occurs when the SET flag of Register B is enabled. When an RTC
data register (i.e. any of the ten time/calender CMOS bytes) is set, the
data is (as expected) correctly stored in the cmos_data array. However,
since the SET flag is enabled, the function rtc_set_time is not invoked.
As a result, the field base_rtc in RTCState remains uninitialized. This
causes a problem on subsequent writes which can end up overwriting data.
To see this, consider writing data to Register A after having written
data to any of the RTC data registers; the following figure illustrates
the call stack for the Register A write operation:
In rtc_update_time, get_guest_rtc calculates the wrong time and
overwrites the previously written RTC data register values.
Signed-off-by: Alex Horn <alex.horn@cs.ox.ac.uk> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Paolo Bonzini [Tue, 27 Nov 2012 08:16:24 +0000 (09:16 +0100)]
virtio-rng: do not use g_assert_cmpint
g_assert_cmpint is not available on glib 2.12, which is the minimum
version required to build QEMU (we only require 2.16 to run tests,
since that is the first version including GTester). Do not use it
in hardware models, use a normal assertion instead.
This fixes the buildbot failure for default_x86_64_rhel5.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Paolo Bonzini [Tue, 27 Nov 2012 08:51:48 +0000 (09:51 +0100)]
tests: make threadpool cancellation test looser
The cancellation test is failing on the buildbots. While the failure
merits a little more investigation to understand what is going on,
the logs show that the failure is not impacting the coverage
provided by the test. Hence, loosen a bit the assertions in a
way that should let the test proceed and hopefully pass.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Amit Shah [Wed, 21 Nov 2012 05:51:20 +0000 (11:21 +0530)]
virtio-rng: disable timer on device removal
Disable the rate-limit timer on device remove (e.g. hot-unplug).
Signed-off-by: Amit Shah <amit.shah@redhat.com> Reviewed-by: Anthony Liguori <aliguori@us.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Amit Shah [Wed, 21 Nov 2012 05:51:19 +0000 (11:21 +0530)]
virtio-rng: remove extra request for entropy
If we got fewer bytes from the backend than requested, don't poke the
backend for more bytes; the guest will ask for more (or if the guest has
already asked for more, the backend knows about it via handle_input()).
Signed-off-by: Amit Shah <amit.shah@redhat.com> Reviewed-by: Anthony Liguori <aliguori@us.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Amit Shah [Wed, 21 Nov 2012 05:51:18 +0000 (11:21 +0530)]
virtio-rng: use virtqueue_get_avail_bytes, fix migration
Popping an elem from the vq just to find out its length causes problems
with save/load later on. Use the new virtqueue_get_avail_bytes()
function instead, saves us the complexity in the migration code, as well
as makes the migration endian-safe.
Signed-off-by: Amit Shah <amit.shah@redhat.com> Reviewed-by: Anthony Liguori <aliguori@us.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Andreas Färber [Sun, 25 Nov 2012 19:44:33 +0000 (20:44 +0100)]
i8259: Fix PIC_COMMON() macro
It used a wrong struct type name since its introduction in 8f04ee0882aec9fe91fb70f767edf5dacff59835 (isa: pic: convert to QEMU
Object Model), apparently it is unused so far.
Signed-off-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Reviewed-by: Andreas Färber <afaerber@suse.de> Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Eduardo Habkost [Thu, 22 Nov 2012 15:31:03 +0000 (13:31 -0200)]
target-i386: cpu: add missing flags to Haswell CPU model
When adding the Haswell CPU model, I intended to make it a superset of the
features present on the SandyBridge model, but I have removed the SEP and
RDTSCP features from the feature list by mistake. This patch adds the missing
SEP and RDTSCP features (that are present on SandyBridge) to Haswell.
Reported-by: Martin Kletzander <mkletzan@redhat.com> Acked-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Peter Maydell [Thu, 22 Nov 2012 16:48:45 +0000 (16:48 +0000)]
vl.c: Fix broken -usb option
Commit 094b287f0b accidentally broke the "-usb" command line
option, so it would have no effect if the user had not specified
any machine options at that point. (the return value from
'qemu_opts_find(qemu_find_opts("machine"), 0);' is NULL if there
are no user specified options, so it is only to be used for
looking up an option, not when trying to set one.) Similarly,
would '-usbdevice' no longer cause USB to default to enabled.
Fix this regression by using the same style of code for forcing
the usb=on machine option that we use for other aliases such as
'-enable-kvm'.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Paolo Bonzini [Fri, 23 Nov 2012 08:47:15 +0000 (09:47 +0100)]
qdev: simplify (de)allocation of buses
All conditional deallocation can now be done with object_delete.
Remove the @qom_allocated and @glib_allocated fields; replace the latter
with a direct assignment of the @free function pointer.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Paolo Bonzini [Fri, 23 Nov 2012 08:47:14 +0000 (09:47 +0100)]
qom: make object_delete usable for statically-allocated objects
Store in the object the freeing function that will be used at deletion
time. This makes it possible to use object_delete on statically-allocated
(embedded) objects. Dually, it makes it possible to use object_unparent
and object_unref without leaking memory, when the lifetime of object
might extend until after the call to object_delete.
Reviewed-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Paolo Bonzini [Fri, 23 Nov 2012 08:47:13 +0000 (09:47 +0100)]
qdev: move bus removal to object_unparent
Add an ObjectClass method that is done at object_unparent time. It
should remove any backlinks to the object in the composition tree,
so that object_delete will be able to drop the last reference and
free the object.
Use it for qdev buses.
Reviewed-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Paolo Bonzini [Fri, 23 Nov 2012 08:47:12 +0000 (09:47 +0100)]
qom: fix refcount of non-heap-allocated objects
The reference count for embedded objects is always one too low, because
object_initialize_with_type returns with zero references to the object.
This causes premature finalization of the object (or an assertion failure)
after calling object_ref to add an extra reference and object_unref to
remove it.
The fix is to move the initial object_ref call from object_new_with_type
to object_initialize_with_type.
Acked-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Heinz Graalfs [Mon, 19 Nov 2012 23:28:34 +0000 (23:28 +0000)]
s390: Fix ram_size updating in machine init
The global variable 'ram_size' is hidden by the local variable
declaration in s390_init(). Since we want to update the global
ram size in certain cases we must not use a local ram_size
variable.
- This fixes booting with unusual ram sizes like -m 67001
- This changes behaviour back to the situation before commit 5f072e1f3075bd869e0ace9f2545a85992ac0084
(create struct for machine initialization arguments)
Signed-off-by: Heinz Graalfs <graalfs@linux.vnet.ibm.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Alexander Graf <agraf@suse.de>
Alexander Graf [Mon, 26 Nov 2012 18:49:58 +0000 (19:49 +0100)]
fbdev: fix pixman compile on old pixman
My QEMU compile failed with the following error:
qemu-pixman.c: In function ‘qemu_pixman_get_type’:
qemu-pixman.c:24: error: ‘PIXMAN_TYPE_BGRA’ undeclared (first use in this function)
qemu-pixman.c:24: error: (Each undeclared identifier is reported only once
qemu-pixman.c:24: error: for each function it appears in.)
Guard the PIXMAN_TYPE_BGRA branch like in the case right above the failing
case, so that compilation is fixed. Functionality on such old pixman is a
different question ;-).
Peter Maydell [Thu, 22 Nov 2012 06:48:45 +0000 (06:48 +0000)]
vl.c: Fix broken -usb option
Commit 094b287f0b accidentally broke the "-usb" command line
option, so it would have no effect if the user had not specified
any machine options at that point. (the return value from
'qemu_opts_find(qemu_find_opts("machine"), 0);' is NULL if there
are no user specified options, so it is only to be used for
looking up an option, not when trying to set one.) Similarly,
would '-usbdevice' no longer cause USB to default to enabled.
Fix this regression by using the same style of code for forcing
the usb=on machine option that we use for other aliases such as
'-enable-kvm'.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Alexander Graf <agraf@suse.de>
In one of the recent reworks to the XICS code, a bug was introduced where
we use the wrong sense and allocate level interrupts instead of message
interrupts for PCI MSIs. This patch fixes it.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
kvm: fix incorrect length in a loop over kvm dirty pages map
QEMU allocates a map enough for 4k pages. However the system page size
can be 64K (for example on POWER) and the host kernel uses only a small
part of it as one big stores a dirty flag for 16 pages 4K each,
the hpratio variable stores this ratio and
the kvm_get_dirty_pages_log_range function handles it correctly.
However kvm_get_dirty_pages_log_range still goes beyond the data
provided by the host kernel which is not correct. It does not cause
errors at the moment as the whole bitmap is zeroed before doing KVM ioctl.
The patch reduces number of iterations over the map.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Signed-off-by: Alexander Graf <agraf@suse.de>
Julio Guerra [Fri, 19 Oct 2012 00:17:13 +0000 (00:17 +0000)]
PPC: Fix missing TRACE exception
This patch fixes bug 1031698 :
https://bugs.launchpad.net/qemu/+bug/1031698
If we look at the (truncated) translation of the conditional branch
instruction in the test submitted in the bug post, the call to the
exception helper is missing in the "bne-false" chunk of translated
code :
Peter Maydell [Tue, 20 Nov 2012 08:16:51 +0000 (08:16 +0000)]
hw/ide/macio: Fix segfault caused by NULL DMAContext*
Pass qemu_sglist_init the global dma_context_memory rather than a NULL
pointer; this fixes a segfault in dma_memory_map() when the guest
starts using DMA.
Reported-by: Amadeusz Sławiński <amade@asmblr.net> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Alexander Graf <agraf@suse.de>
Eduardo Habkost [Thu, 22 Nov 2012 15:31:03 +0000 (13:31 -0200)]
target-i386/cpu: Add missing flags to Haswell CPU model
When adding the Haswell CPU model, I intended to make it a superset of the
features present on the SandyBridge model, but I have removed the SEP and
RDTSCP features from the feature list by mistake. This patch adds the
missing SEP and RDTSCP features (that are present on SandyBridge) to
Haswell.
Reported-by: Martin Kletzander <mkletzan@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
Paolo Bonzini [Fri, 23 Nov 2012 15:56:18 +0000 (16:56 +0100)]
hmp: do not crash on invalid SCSI hotplug
Commit 0d93692 (qdev: Convert busses to QEMU Object Model, 2012-05-02)
removed a check on the type of the bus where a SCSI disk is hotplugged.
However, hot-plugging to the wrong kind of device now causes a crash
due to either a NULL pointer dereference (avoided by the previous patch)
or a failed QOM cast.
Instead, in this case we need to use object_dynamic_cast and check for
the result, similar to what was done before that commit.
Reported-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
projects / qemu.git / log