sdk/emulator/qemu.git
11 years agoMerge remote-tracking branch 'stefanha/block' into staging
Anthony Liguori [Tue, 12 Feb 2013 22:26:52 +0000 (16:26 -0600)]
Merge remote-tracking branch 'stefanha/block' into staging

* stefanha/block:
  Revert "block/vpc: Fix size calculation"
  block/raw-posix: detect readonly Linux block devices using BLKROGET

11 years agoblock-migration: fix pending() and iterate() return values
Stefan Hajnoczi [Tue, 12 Feb 2013 09:37:15 +0000 (10:37 +0100)]
block-migration: fix pending() and iterate() return values

The return value of .save_live_pending() is the number of bytes
remaining.  This is just an estimate because we do not know how many
blocks will be dirtied by the running guest.

Currently our return value for .save_live_pending() is wrong because it
includes dirty blocks but not in-flight bdrv_aio_readv() requests or
unsent blocks.  Crucially, it also doesn't include the bulk phase where
the entire device is transferred - therefore we risk completing block
migration before all blocks have been transferred!

The return value of .save_live_iterate() is the number of bytes
transferred this iteration.  Currently we return whether there are bytes
remaining, which is incorrect.

Move the bytes remaining calculation into .save_live_pending() and
really return the number of bytes transferred this iteration in
.save_live_iterate().

Also fix the %ld format specifier which was used for a uint64_t
argument.  PRIu64 must be use to avoid warnings on 32-bit hosts.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Message-id: 1360661835-28663-3-git-send-email-stefanha@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agomigration: make qemu_ftell() public and support writable files
Stefan Hajnoczi [Tue, 12 Feb 2013 09:37:14 +0000 (10:37 +0100)]
migration: make qemu_ftell() public and support writable files

Migration .save_live_iterate() functions return the number of bytes
transferred.  The easiest way of doing this is by calling qemu_ftell(f)
at the beginning and end of the function to calculate the difference.

Make qemu_ftell() public so that block-migration will be able to use it.
Also adjust the ftell calculation for writable files where buf_offset
does not include buf_size.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Message-id: 1360661835-28663-2-git-send-email-stefanha@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agotrace: deal with deprecated glib thread functions
Stefan Hajnoczi [Tue, 12 Feb 2013 13:34:05 +0000 (14:34 +0100)]
trace: deal with deprecated glib thread functions

g_thread_create() was deprecated in favor of g_thread_new() and
g_cond_new() was deprecated in favor of GCond initialization.  If the
host has glib 2.31 or newer, avoid using the deprecated functions.

This patch solves compiler warnings that are generated when glib's
deprecated functions are used.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1360676045-9204-3-git-send-email-stefanha@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agotrace: use glib atomic int types
Stefan Hajnoczi [Tue, 12 Feb 2013 13:34:04 +0000 (14:34 +0100)]
trace: use glib atomic int types

Juan reported that RHEL 6.4 hosts give compiler warnings because we use
unsigned int while glib prototypes use volatile gint in trace/simple.c.

  trace/simple.c:223: error: pointer targets in passing argument 1 of 'g_atomic_int_compare_and_exchange' differ in signedness

These variables are only accessed with glib atomic int functions so
let's play it by the book and use volatile gint.

Reported-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1360676045-9204-2-git-send-email-stefanha@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoRevert "block/vpc: Fix size calculation"
Stefan Hajnoczi [Tue, 12 Feb 2013 11:25:15 +0000 (12:25 +0100)]
Revert "block/vpc: Fix size calculation"

This reverts commit f880defbb06708d30a38ce9f2667067626acdd38.

Jeff Cody's testing revealed that the interpretation of size differs
even between VirtualPC and HyperV.  Revert this so there is time to
consider the impact of any backwards incompatible behavior this change
creates.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
11 years agoblock/raw-posix: detect readonly Linux block devices using BLKROGET
Stefan Hajnoczi [Tue, 5 Feb 2013 11:28:33 +0000 (12:28 +0100)]
block/raw-posix: detect readonly Linux block devices using BLKROGET

Linux block devices can be set read-only with "blockdev --setro
<device>".  The same thing can be done for LVM volumes using "lvchange
--permission r <volume>".  This read-only setting is independent of
device node permissions.  Therefore the device can still be opened
O_RDWR but actual writes will fail.

This results in odd behavior for QEMU.  bdrv_open() is supposed to fail
if a read-only image is being opened with BDRV_O_RDWR.  By not failing
for Linux block devices, the guest boots up but every write produces an
I/O error.

This patch checks whether the block device is read-only so that Linux
block devices behave like regular files.

Reported-by: Sibiao Luo <sluo@redhat.com>
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
11 years agohw/m25p80.c: add WRSR(0x01) support
Kuo-Jung Su [Mon, 4 Feb 2013 09:56:25 +0000 (17:56 +0800)]
hw/m25p80.c: add WRSR(0x01) support

Atmel, SST and Intel/Numonyx serial flash tend to power up
with the software protection bits set.
And thus the new m25p80.c in linux kernel would always tries
to use WREN(0x06) + WRSR(0x01) to turn-off the protection.

The WEL(0x02) of status register is supposed to be cleared after
WRSR(0x01). There are also some drivers (i.e mine for RTOSes)
would check the WEL(0x02) in status register to make sure the
protection is correctly turned off.

Signed-off-by: Kuo-Jung Su <dantesu@faraday-tech.com>
Cc: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
11 years agoqapi: Improve chardev-add documentation
Markus Armbruster [Mon, 11 Feb 2013 17:05:48 +0000 (18:05 +0100)]
qapi: Improve chardev-add documentation

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1360602348-4727-1-git-send-email-armbru@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agomigration: restrict scope of incoming fd read handler
Stefan Hajnoczi [Mon, 11 Feb 2013 16:01:45 +0000 (17:01 +0100)]
migration: restrict scope of incoming fd read handler

The incoming migration is processed in a coroutine and uses an fd read
handler to enter the yielded coroutine when data becomes available.

The read handler was set too broadly, so that spurious coroutine entries
were be triggered if other coroutine users yielded (like the block
layer's bdrv_write() function).

Install the fd read only only when yielding for more data to become
available.  This prevents spurious coroutine entries which break code
that assumes only a specific set of places can re-enter the coroutine.

This patch fixes crashes in block/raw-posix.c that are triggered with
"migrate -b" when qiov becomes a dangling pointer due to a spurious
coroutine entry that frees qiov early.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1360598505-5512-1-git-send-email-stefanha@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agolibi2c-omap: Fix endianness dependency
Andreas Färber [Mon, 11 Feb 2013 16:41:54 +0000 (17:41 +0100)]
libi2c-omap: Fix endianness dependency

The libqos driver for omap_i2c currently does not work on Big Endian.
Introduce helpers for reading from and writing to 16-bit armel registers.

This fixes tmp105-test failures on ppc.

To prepare for a QTest-level endianness solution, poison mem{read,write}
and always use the helpers. Adopt the expected signatures.
To avoid an unused variable warning, assert the STAT Single Byte Data
bit but, due to it not getting cleared, only it being set when len == 1.

Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Message-id: 1360600914-5448-3-git-send-email-afaerber@suse.de
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoqtest: Use strtoull() for uint64_t
Andreas Färber [Mon, 11 Feb 2013 16:41:53 +0000 (17:41 +0100)]
qtest: Use strtoull() for uint64_t

On 32-bit hosts, unsigned long may be uint32_t and uint64_t may be
unsigned long long. Account for this by always using strtoull().
We were already using strtoll() for int64_t.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Message-id: 1360600914-5448-2-git-send-email-afaerber@suse.de
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agolibqtest: Fix documentation copy&paste errors
Andreas Färber [Mon, 11 Feb 2013 17:35:39 +0000 (18:35 +0100)]
libqtest: Fix documentation copy&paste errors

The [qtest_]in[bwl]() functions/macros don't have a value argument.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Message-id: 1360604139-16797-1-git-send-email-afaerber@suse.de
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoblock/vpc: Fix size calculation
Stefan Weil [Thu, 7 Feb 2013 19:26:52 +0000 (20:26 +0100)]
block/vpc: Fix size calculation

The size calculated from the CHS values is not the real image (disk) size,
but usually a smaller value. This is caused by rounding effects.

Only older operating systems use CHS. Such guests won't be able to use
the whole disk. All modern operating systems use the real size.

This patch fixes https://bugs.launchpad.net/qemu/+bug/1105670/.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Message-id: 1360265212-22037-1-git-send-email-sw@weilnetz.de
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoblock-migration: fix block_save_iterate() return value
Stefan Hajnoczi [Sun, 10 Feb 2013 22:12:46 +0000 (23:12 +0100)]
block-migration: fix block_save_iterate() return value

The .save_live_iterate() function returns 0 to continue iterating or 1
to stop iterating.

Since 16310a3cca7320edb9341c976f7819de0a8c27e0 it only ever returns 0,
leading to an infinite loop.

Return 1 if we have finished sending dirty blocks.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1360534366-26723-4-git-send-email-stefanha@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoblock-migration: fix blk_mig_save_dirty_block() return value checking
Stefan Hajnoczi [Sun, 10 Feb 2013 22:12:45 +0000 (23:12 +0100)]
block-migration: fix blk_mig_save_dirty_block() return value checking

Commit 43be3a25c931a7f61a76fbfc9d35584cbfc5fb58 changed the
blk_mig_save_dirty_block() return code handling.  The function's doc
comment says:

  /* return value:
   * 0: too much data for max_downtime
   * 1: few enough data for max_downtime
   */

Because of the 1 return value, callers must check for ret < 0 instead of
just:

  if (ret) { ... }

We do not want to bail when 1 is returned, only on error.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1360534366-26723-3-git-send-email-stefanha@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoblock-migration: improve "Unknown flags" error message
Stefan Hajnoczi [Sun, 10 Feb 2013 22:12:44 +0000 (23:12 +0100)]
block-migration: improve "Unknown flags" error message

Show the actual flags value and include "block migration" in the error
message so it's clear where the error is coming from.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1360534366-26723-2-git-send-email-stefanha@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agovl: Exit unsuccessfully on option argument syntax error
Markus Armbruster [Fri, 8 Feb 2013 20:22:19 +0000 (21:22 +0100)]
vl: Exit unsuccessfully on option argument syntax error

We exit successfully after reporting syntax error for argument of
--sandbox and --add-fd.

We continue undaunted after reporting it for argument of -boot,
--option-rom and --object.

Change all five to exit unsuccessfully, like the other options.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1360354939-10994-7-git-send-email-armbru@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agovl: Drop redundant "parse error" reports
Markus Armbruster [Fri, 8 Feb 2013 20:22:18 +0000 (21:22 +0100)]
vl: Drop redundant "parse error" reports

qemu_opts_parse() reports the error already, and in a much more useful
way.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1360354939-10994-6-git-send-email-armbru@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoqemu-option: Disable two helpful messages that got broken recently
Markus Armbruster [Fri, 8 Feb 2013 20:22:17 +0000 (21:22 +0100)]
qemu-option: Disable two helpful messages that got broken recently

commit 8be7e7e4 and commit ec7b2ccb messed up the ordering of error
message and the helpful explanation that should follow it, like this:

    $ qemu-system-x86_64 --nodefaults -S --vnc :0 --chardev null,id=,
    Identifiers consist of letters, digits, '-', '.', '_', starting with a letter.
    qemu-system-x86_64: -chardev null,id=,: Parameter 'id' expects an identifier

    $ qemu-system-x86_64 --nodefaults -S --vnc :0 --machine kvm_shadow_mem=dunno
    You may use k, M, G or T suffixes for kilobytes, megabytes, gigabytes and terabytes.
    qemu-system-x86_64: -machine kvm_shadow_mem=dunno: Parameter 'kvm_shadow_mem' expects a size

Pity.  Disable them for now.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1360354939-10994-5-git-send-email-armbru@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoerror: Strip trailing '\n' from error string arguments (again)
Markus Armbruster [Fri, 8 Feb 2013 20:22:16 +0000 (21:22 +0100)]
error: Strip trailing '\n' from error string arguments (again)

Commit 6daf194d and be62a2eb got rid of a bunch, but they keep coming
back.  Tracked down with this Coccinelle semantic patch:

    @r@
expression err, eno, cls, fmt;
position p;
    @@
    (
error_report(fmt, ...)@p
    |
error_set(err, cls, fmt, ...)@p
    |
error_set_errno(err, eno, cls, fmt, ...)@p
    |
error_setg(err, fmt, ...)@p
    |
error_setg_errno(err, eno, fmt, ...)@p
    )
    @script:python@
fmt << r.fmt;
p << r.p;
    @@
    if "\\n" in str(fmt):
print "%s:%s:%s:%s" % (p[0].file, p[0].line, p[0].column, fmt)

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1360354939-10994-4-git-send-email-armbru@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoerror: Clean up abuse of error_report() for help
Markus Armbruster [Fri, 8 Feb 2013 20:22:15 +0000 (21:22 +0100)]
error: Clean up abuse of error_report() for help

Use error_printf() instead, so the help gets presented more nicely.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1360354939-10994-3-git-send-email-armbru@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoerror: Clean up error strings with embedded newlines
Markus Armbruster [Fri, 8 Feb 2013 20:22:14 +0000 (21:22 +0100)]
error: Clean up error strings with embedded newlines

The arguments of error_report() should yield a short error string
without newlines.

A few places try to print additional help after the error message by
embedding newlines in the error string.  That's nice, but let's do it
the right way.

Since I'm touching these lines anyway, drop a stray preposition and
some tabs.  We don't use tabs for similar messages elsewhere.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1360354939-10994-2-git-send-email-armbru@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoMerge remote-tracking branch 'luiz/queue/qmp' into staging
Anthony Liguori [Mon, 11 Feb 2013 14:10:39 +0000 (08:10 -0600)]
Merge remote-tracking branch 'luiz/queue/qmp' into staging

# By Peter Maydell
# Via Luiz Capitulino
* luiz/queue/qmp:
  tests/test-string-input-visitor: Handle errors provoked by fuzz test

11 years agoUpdate OpenBIOS images
Blue Swirl [Sat, 9 Feb 2013 13:39:45 +0000 (13:39 +0000)]
Update OpenBIOS images

Update OpenBIOS images to SVN r1097 built from submodule.

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
11 years agoxilinx_zynq: Fix wrong IRQ number of the second EHCI controller
Liming Wang [Thu, 7 Feb 2013 06:58:15 +0000 (16:58 +1000)]
xilinx_zynq: Fix wrong IRQ number of the second EHCI controller

The IRQ number of the second EHCI controller should be 76, not 75.

Signed-off-by: Liming Wang <walimisdev@gmail.com>
Tested-by: Peter Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoblock/curl: disable extra protocols to prevent CVE-2013-0249
Stefan Hajnoczi [Fri, 8 Feb 2013 07:49:10 +0000 (08:49 +0100)]
block/curl: disable extra protocols to prevent CVE-2013-0249

There is a buffer overflow in libcurl POP3/SMTP/IMAP.  The workaround is
simple: disable extra protocols so that they cannot be exploited.  Full
details here:

  http://curl.haxx.se/docs/adv_20130206.html

QEMU only cares about HTTP, HTTPS, FTP, FTPS, and TFTP.  I have tested
that this fix prevents the exploit on my host with
libcurl-7.27.0-5.fc18.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoqemu-nbd: document --cache and --aio options
Paolo Bonzini [Fri, 8 Feb 2013 12:19:07 +0000 (13:19 +0100)]
qemu-nbd: document --cache and --aio options

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agohw/virtio-net: disable multiqueue by default
Jesse Larrew [Tue, 5 Feb 2013 23:47:17 +0000 (17:47 -0600)]
hw/virtio-net: disable multiqueue by default

The new multiqueue feature adds fields to the virtio device config, which
breaks Windows guests. Disable the feature by default until the Windows
drivers are fixed.

Signed-off-by: Jesse Larrew <jlarrew@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agohw/virtio-net.c: set config size using host features
Jesse Larrew [Tue, 5 Feb 2013 23:47:16 +0000 (17:47 -0600)]
hw/virtio-net.c: set config size using host features

Currently, the config size for virtio devices is hard coded. When a new
feature is added that changes the config size, drivers that assume a static
config size will break. For purposes of backward compatibility, there needs
to be a way to inform drivers of the config size needed to accommodate the
set of features enabled.

aliguori: merged in
 - hw/virtio-net: use existing macros to implement endof
 - hw/virtio-net: fix config_size data type

Signed-off-by: Jesse Larrew <jlarrew@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agovirtio-net: pass host features to virtio_net_init
Anthony Liguori [Tue, 5 Feb 2013 23:47:15 +0000 (17:47 -0600)]
virtio-net: pass host features to virtio_net_init

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agonet: fix infinite loop on exit
Michael Roth [Thu, 7 Feb 2013 00:25:48 +0000 (18:25 -0600)]
net: fix infinite loop on exit

1ceef9f27359cbe92ef124bf74de6f792e71f6fb added handling for cleaning
up multiple queues in qemu_del_nic() for cases where multiqueue is in
use. To determine the number of queues it looks at nic->conf->queues,
then iterates through all the queues to cleanup the associated
NetClientStates. If no queues are found, no NetClientStates are deleted.

However, nic->conf->queues is only set when a peer is created via
-netdev or netdev_add, and is otherwise 0. This causes us to spin in
net_cleanup() if we attempt to shut down qemu before adding a host
device.

Since qemu_new_nic() unconditionally creates at least 1
queue/NetClientState at queue idx 0, make qemu_del_nic() always attempt
to clean it up.

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agotests/test-string-input-visitor: Handle errors provoked by fuzz test
Peter Maydell [Tue, 5 Feb 2013 20:44:23 +0000 (20:44 +0000)]
tests/test-string-input-visitor: Handle errors provoked by fuzz test

It's OK and expected for visitors to return errors when presented with
the fuzz test's random data. Since the fuzzer doesn't care about
errors, we pass in NULL rather than an Error**. This fixes a bug in
the fuzzer where it was passing the same Error** into each visitor,
with the effect that once one visitor returned an error, each later
visitor would notice that it had been passed in an Error** representing
an already set error, and do nothing.

For the case of visit_type_str() we also need to handle the case where
an error means that the visitor doesn't set our char*. We initialize
the pointer to NULL so we can safely g_free() it regardless of whether
the visitor allocated a string for us or not.

This fixes a problem where this test failed the MacOSX malloc()
consistency checks and might segfault on other platforms [due
to calling free() on an uninitialized pointer variable when
visit_type_str() failed.].

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
11 years agoUpdate version for release
Anthony Liguori [Thu, 7 Feb 2013 00:33:47 +0000 (18:33 -0600)]
Update version for release

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoMerge branch 'for-linux-user' of https://git.gitorious.org/qemu-m68k/qemu-m68k into...
Anthony Liguori [Wed, 6 Feb 2013 22:39:04 +0000 (16:39 -0600)]
Merge branch 'for-linux-user' of https://git.gitorious.org/qemu-m68k/qemu-m68k into staging

* 'for-linux-user' of https://git.gitorious.org/qemu-m68k/qemu-m68k:
  linux-user: correct reboot()
  linux-user: correct setsockopt()
  linux-user: correct print_timeval() swap tv_sec and tv_usec
  linux-user: correct msgrcv()

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agolinux-user: Restore cast to target type in get_user()
Peter Maydell [Thu, 31 Jan 2013 12:50:40 +0000 (12:50 +0000)]
linux-user: Restore cast to target type in get_user()

Commit 658f2dc97 accidentally dropped the cast to the target type of
the value loaded by get_user().  The most visible effect of this would
be that the sequence "uint64_t v; get_user_u32(v, addr)" would sign
extend the 32 bit loaded value into v rather than zero extending as
would be expected for a _u32 accessor.  Put the cast back again to
restore the old behaviour.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agohw/pxa2xx: Fix transposed crn/crm values for pxa2xx cp14 perf regs
Peter Maydell [Sat, 2 Feb 2013 15:13:02 +0000 (15:13 +0000)]
hw/pxa2xx: Fix transposed crn/crm values for pxa2xx cp14 perf regs

When the pxa2xx performance counter related cp14 registers were converted
from a switch-statement implementation to the new table driven cpregs
format in commit dc2a9045c, the crn and crm values for all these
registers were accidentally transposed. Fix this mistake, which was
causing OpenBSD for Zaurus to fail to boot.

Reported-by: Jonathan Gray <jsg@jsg.id.au>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoMerge remote-tracking branch 'stefanha/tracing' into staging
Anthony Liguori [Wed, 6 Feb 2013 22:36:16 +0000 (16:36 -0600)]
Merge remote-tracking branch 'stefanha/tracing' into staging

# By Markus Armbruster
# Via Stefan Hajnoczi
* stefanha/tracing:
  trace: Fix location of simpletrace.py in docs
  trace: Clean up the "try to update atomic until it worked" loops
  trace: Direct access of atomics is verboten, use the API
  trace: Fix simple trace dropped event record for big endian

11 years agoMerge remote-tracking branch 'stefanha/trivial-patches' into staging
Anthony Liguori [Wed, 6 Feb 2013 22:36:11 +0000 (16:36 -0600)]
Merge remote-tracking branch 'stefanha/trivial-patches' into staging

# By Michael Tokarev (1) and Stefan Weil (1)
# Via Stefan Hajnoczi
* stefanha/trivial-patches:
  vnc: recognize Hungarian doubleacutes
  target-m68k: Fix comment

11 years agohmp: Disable chardev-add and chardev-remove
Markus Armbruster [Wed, 6 Feb 2013 16:07:46 +0000 (17:07 +0100)]
hmp: Disable chardev-add and chardev-remove

As a general rule, HMP commands must be built on top of the QMP API.
Luiz and others have worked long & hard to make HMP conform to this
rule.

Commit f1088908 added chardev-add, in violation of this rule.  QMP
command chardev-add was added right before, with minimal features, and
the idea to complete it step by step, then switch over the HMP command
to use it.

Unfortunately, we're not there, yet, and we don't want to release with
chardev-add in a "HMP is more powerful than QMP" state.

Disable the HMP command for now, along with its chardev-remove buddy.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agohmp: make memchar-read escape ASCII control chars except \n and \t
Markus Armbruster [Wed, 6 Feb 2013 20:27:26 +0000 (21:27 +0100)]
hmp: make memchar-read escape ASCII control chars except \n and \t

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoqemu-char: Support suffixed ringbuf size arguments like "size=64K"
Markus Armbruster [Wed, 6 Feb 2013 20:27:25 +0000 (21:27 +0100)]
qemu-char: Support suffixed ringbuf size arguments like "size=64K"

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoqemu-char: Saner naming of memchar stuff & doc fixes
Markus Armbruster [Wed, 6 Feb 2013 20:27:24 +0000 (21:27 +0100)]
qemu-char: Saner naming of memchar stuff & doc fixes

New device, has never been released, so we can still improve things
without worrying about compatibility.

Naming is a mess.  The code calls the device driver CirMemCharDriver,
the public API calls it "memory", "memchardev", or "memchar", and the
special commands are named like "memchar-FOO".  "memory" is a
particularly unfortunate choice, because there's another character
device driver called MemoryDriver.  Moreover, the device's distinctive
property is that it's a ring buffer, not that's in memory.  Therefore:

* Rename CirMemCharDriver to RingBufCharDriver, and call the thing a
  "ringbuf" in the API.

* Rename QMP and HMP commands from memchar-FOO to ringbuf-FOO.

* Rename device parameter from maxcapacity to size (simple words are
  good for you).

* Clearly mark the parameter as optional in documentation.

* Fix error reporting so that chardev-add reports to current monitor,
  not stderr.

* Replace cirmem in C identifiers by ringbuf.

* Rework documentation.  Document the impact of our crappy UTF-8
  handling on reading.

* QMP examples that even work.

I could split this up into multiple commits, but they'd change the
same documentation lines multiple times.  Not worth it.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoqemu-char: General chardev "memory" code cleanup
Markus Armbruster [Wed, 6 Feb 2013 20:27:23 +0000 (21:27 +0100)]
qemu-char: General chardev "memory" code cleanup

Inline trivial cirmem_chr_is_empty() into its only caller.

Rename qemu_chr_cirmem_count() to cirmem_count().

Fast ring buffer index wraparound.  Without this, there's no point in
restricting size to a power two.

qemu_is_chr(chr, "memory") returns *zero* when chr is a memory
character device, which isn't what I'd expect.  Replace it by the
saner and more obviously correct chr_is_cirmem().  Also avoids
encouraging testing for specific character devices elsewhere.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoqemu-char: Drop undocumented chardev "memory" compatibility syntax
Markus Armbruster [Wed, 6 Feb 2013 20:27:22 +0000 (21:27 +0100)]
qemu-char: Drop undocumented chardev "memory" compatibility syntax

This is a new device, so there's no compatibility to maintain, and its
use case isn't common enough to justify shorthand syntax.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoqemu-char: Fix chardev "memory" not to drop IAC characters
Markus Armbruster [Wed, 6 Feb 2013 20:27:21 +0000 (21:27 +0100)]
qemu-char: Fix chardev "memory" not to drop IAC characters

Undocumented misfeature, get rid of it while we can.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoqmp: Drop wasteful zero-initialization in qmp_memchar_read()
Markus Armbruster [Wed, 6 Feb 2013 20:27:20 +0000 (21:27 +0100)]
qmp: Drop wasteful zero-initialization in qmp_memchar_read()

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoqmp: Drop superfluous special case "empty" in qmp_memchar_read()
Markus Armbruster [Wed, 6 Feb 2013 20:27:19 +0000 (21:27 +0100)]
qmp: Drop superfluous special case "empty" in qmp_memchar_read()

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoqmp: Plug memory leaks in memchar-write, memchar-read
Markus Armbruster [Wed, 6 Feb 2013 20:27:18 +0000 (21:27 +0100)]
qmp: Plug memory leaks in memchar-write, memchar-read

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoqmp: Clean up type usage in qmp_memchar_write(), qmp_memchar_read()
Markus Armbruster [Wed, 6 Feb 2013 20:27:17 +0000 (21:27 +0100)]
qmp: Clean up type usage in qmp_memchar_write(), qmp_memchar_read()

Const-correctness, consistently use standard C types instead of mixing
them with GLib types.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoqmp: Use generic errors in memchar-read, memchar-write
Markus Armbruster [Wed, 6 Feb 2013 20:27:16 +0000 (21:27 +0100)]
qmp: Use generic errors in memchar-read, memchar-write

New errors should be generic unless there's a real use case for rich
errors.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoqmp: Clean up design of memchar-read
Markus Armbruster [Wed, 6 Feb 2013 20:27:15 +0000 (21:27 +0100)]
qmp: Clean up design of memchar-read

The data returned has a well-defined size, which makes the size
returned along with it redundant at best.  Drop it.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoqmp: Fix design bug and read beyond buffer in memchar-write
Markus Armbruster [Wed, 6 Feb 2013 20:27:14 +0000 (21:27 +0100)]
qmp: Fix design bug and read beyond buffer in memchar-write

Command memchar-write takes data and size parameter.  Begs the
question what happens when data doesn't match size.

With format base64, qmp_memchar_write() copies the full data argument,
regardless of size argument.

With format utf8, qmp_memchar_write() copies size bytes from data,
happily reading beyond data.  Copies crap from the heap or even
crashes.

Drop the size parameter, and always copy the full data argument.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agovnc: recognize Hungarian doubleacutes
Michael Tokarev [Sun, 3 Feb 2013 20:36:25 +0000 (00:36 +0400)]
vnc: recognize Hungarian doubleacutes

As reported in http://bugs.debian.org/697641 , some Hungarian keys
does not work with qemu when using vnc display.

This is because while the Hungarian keymap mentions these symbols,
qemu know nothing about them.  So add them.

This patch is applicable to -stable for all previous releases.

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
11 years agotarget-m68k: Fix comment
Stefan Weil [Tue, 5 Feb 2013 12:12:43 +0000 (13:12 +0100)]
target-m68k: Fix comment

* spelling fix ito -> into
* reorder to match load/store

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
11 years agovnc: recognize Hungarian doubleacutes
Michael Tokarev [Sun, 3 Feb 2013 20:36:25 +0000 (00:36 +0400)]
vnc: recognize Hungarian doubleacutes

As reported in http://bugs.debian.org/697641 , some Hungarian keys
does not work with qemu when using vnc display.

This is because while the Hungarian keymap mentions these symbols,
qemu know nothing about them.  So add them.

This patch is applicable to -stable for all previous releases.

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoqemu/9p: Don't ignore error in fid clunk
Aneesh Kumar K.V [Tue, 5 Feb 2013 05:57:46 +0000 (11:27 +0530)]
qemu/9p: Don't ignore error in fid clunk

We use the clunk request to do the actual xattr operation. So don't
ignore the error value for fid clunk.

Security model "none" don't support posix acl. Without this patch
guest won't get EOPNOTSUPP error on setxattr("system.posix_acl_access")

Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoqemu/iovec: Don't assert if sbytes is zero
Aneesh Kumar K.V [Tue, 5 Feb 2013 05:57:45 +0000 (11:27 +0530)]
qemu/iovec: Don't assert if sbytes is zero

Since these values can possibly be sent from guest (for hw/9pfs), do a sanity check
on them. A 9p write request with 0 bytes caused qemu to abort without this patch

Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoe1000: fix link down handling with auto negotiation
Michael S. Tsirkin [Tue, 5 Feb 2013 19:00:21 +0000 (21:00 +0200)]
e1000: fix link down handling with auto negotiation

Fixes a couple of regression bugs introduced by
b9d03e352cb6b31a66545763f6a1e20c9abf0c2c and related to
auto-negotiation:
-   Auto-negotiation currently sets link up even if it was
    forced down from the monitor.
-   If Auto-negotiation was in progress during migration,
    link will never come up.

As a fix, don't touch NC link_down field at all,
instead add code on receive path to check
guest link status.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoconfigure: Fix build with XFree
Richard Henderson [Tue, 5 Feb 2013 00:21:07 +0000 (16:21 -0800)]
configure: Fix build with XFree

The build is broken on ppc64-linux, possibly only with new binutils:

ld: hw/lm32/../milkymist-tmu2.o: undefined reference to symbol 'XFree'
ld: note: 'XFree' is defined in DSO /lib64/libX11.so.6 so try \
  adding it to the linker command line

So let's follow the linker's advice.

Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agobswap: Fix width of swap in leul_to_cpu
Richard Henderson [Tue, 5 Feb 2013 00:21:06 +0000 (16:21 -0800)]
bswap: Fix width of swap in leul_to_cpu

The misnamed HOST_LONG_BITS is really HOST_POINTER_BITS.  Here we're
explicitly using an unsigned long, rather than uintptr_t, so it is
more correct to select the swap size via ULONG_MAX.

Acked-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agobios: recompile BIOS
Anthony Liguori [Wed, 6 Feb 2013 11:12:06 +0000 (05:12 -0600)]
bios: recompile BIOS

SeaBIOS is really close to spilling over to 256k.  Until we can better
handle migration across RAM block size changes, recompile SeaBIOS with
a compiler that causes the binary to still fit in 128k.

This was built with:

gcc version 4.7.2 20121109 (Red Hat 4.7.2-8) (GCC)

On 64-bit Fedora 18.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agotrace: Fix location of simpletrace.py in docs
Markus Armbruster [Fri, 25 Jan 2013 15:43:40 +0000 (16:43 +0100)]
trace: Fix location of simpletrace.py in docs

Missed when commit 4c3b5a48 moved it.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Harsh Prateek Bora <harsh@linux.vnet.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
11 years agotrace: Clean up the "try to update atomic until it worked" loops
Markus Armbruster [Fri, 25 Jan 2013 15:43:39 +0000 (16:43 +0100)]
trace: Clean up the "try to update atomic until it worked" loops

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Harsh Prateek Bora <harsh@linux.vnet.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
11 years agotrace: Direct access of atomics is verboten, use the API
Markus Armbruster [Fri, 25 Jan 2013 15:43:38 +0000 (16:43 +0100)]
trace: Direct access of atomics is verboten, use the API

The GLib Reference Manual says:

    It is very important that all accesses to a particular integer or
    pointer be performed using only this API and that different sizes
    of operation are not mixed or used on overlapping memory
    regions. Never read or assign directly from or to a value --
    always use this API.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Harsh Prateek Bora <harsh@linux.vnet.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
11 years agotrace: Fix simple trace dropped event record for big endian
Markus Armbruster [Fri, 25 Jan 2013 15:43:37 +0000 (16:43 +0100)]
trace: Fix simple trace dropped event record for big endian

We use atomic operations to keep track of dropped events.

Inconveniently, GLib supports only int and void * atomics, but the
counter dropped_events is uint64_t.  Can't stop commit 62bab732: a
quick (gint *)&dropped_events bludgeons the compiler into submission.

That cast is okay only when int is exactly 64 bits wide, which it
commonly isn't.

If int is even wider, we clobber whatever follows dropped_events.  Not
worth worrying about, as none of the machines that interest us have
such morbidly obese ints.

That leaves the common case: int narrower than 64 bits.

Harmless on little endian hosts: we just don't access the most
significant bits of dropped_events.  They remain zero.

On big endian hosts, we use only the most significant bits of
dropped_events as counter.  The least significant bits remain zero.
However, we write out the full value, which is the correct counter
shifted left a bunch of places.

Fix by changing the variables involved to int.

There's another, equally suspicious-looking (gint *)&trace_idx
argument to g_atomic_int_compare_and_exchange(), but that one casts
unsigned *, so it's okay.  But it's also superfluous, because GLib's
atomic int operations work just fine for unsigned.  Drop it.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
11 years agotarget-s390x: Fix wrong comparison in interrupt handling
Stefan Weil [Sun, 3 Feb 2013 20:33:16 +0000 (21:33 +0100)]
target-s390x: Fix wrong comparison in interrupt handling

gcc with -Wextra complains about an ordered pointer comparison:

target-s390x/helper.c:660:27: warning:
 ordered comparison of pointer with integer zero [-Wextra]

Obviously the index was missing in the code.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agos390x: silence warning from GCC on uninitialized values
Anthony Liguori [Mon, 4 Feb 2013 21:22:08 +0000 (15:22 -0600)]
s390x: silence warning from GCC on uninitialized values

As best I can tell, this is a false positive.

  [aliguori@ccnode4 qemu-s390]$ make
    CC    s390x-softmmu/target-s390x/helper.o
  /home/aliguori/git/qemu/target-s390x/helper.c: In function ‘do_interrupt’:
  /home/aliguori/git/qemu/target-s390x/helper.c:673:17: error: ‘addr’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
  /home/aliguori/git/qemu/target-s390x/helper.c:620:20: note: ‘addr’ was declared here
  /home/aliguori/git/qemu/target-s390x/helper.c:673:17: error: ‘mask’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
  /home/aliguori/git/qemu/target-s390x/helper.c:620:14: note: ‘mask’ was declared here
  cc1: all warnings being treated as errors
  make[1]: *** [target-s390x/helper.o] Error 1
  make: *** [subdir-s390x-softmmu] Error 2

Cc: Cornelia Huck <cornelia.huck@de.ibm.com>
Cc: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoacpi_piix4: fix segfault migrating from 1.2
Michael Roth [Mon, 4 Feb 2013 16:07:51 +0000 (10:07 -0600)]
acpi_piix4: fix segfault migrating from 1.2

b0b873a07872f7ab7f66f259c73fb9dd42aa66a9 bumped the vmstate version and
introduced an old-style load function to handle migration from prior
(<= 1.2) versions.

The load function passes the top-level PIIX4PMState pointer to
vmstate_load_state() to handle nested structs for APMState and
pci_status, which leads to corruption of the top-level PIIX4PMState,
since pointers to the nested structs are expected.

A segfault can be fairly reliably triggered by migrating from 1.2 and
issuing a reset, which will trigger a number of QOM operations which
rely on the now corrupted ObjectClass/Object members.

Fix this by passing in the expected pointers for vmstate_load_state().

Cc: qemu-stable@nongnu.org
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agovl.c: validate -numa "cpus" parameter properly
Eduardo Habkost [Mon, 4 Feb 2013 18:27:52 +0000 (16:27 -0200)]
vl.c: validate -numa "cpus" parameter properly

- Accept empty strings without aborting
- Use parse_uint*() to parse numbers
- Abort if anything except '-' or end-of-string is found after the first
  number.
- Check for endvalue < value

Also change the MAX_CPUMASK_BITS warning message from "A max of %d CPUs
are supported in a guest" to "qemu: NUMA: A max of %d VCPUs are
supported".

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agovl.c: Extract -numa "cpus" parsing to separate function
Eduardo Habkost [Mon, 4 Feb 2013 18:27:51 +0000 (16:27 -0200)]
vl.c: Extract -numa "cpus" parsing to separate function

This will make it easier to refactor that code later.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agovl.c: Use parse_uint_full() for NUMA nodeid
Eduardo Habkost [Mon, 4 Feb 2013 18:27:50 +0000 (16:27 -0200)]
vl.c: Use parse_uint_full() for NUMA nodeid

This should catch many kinds of errors that the current code wasn't
checking for:

 - Values that can't be parsed as a number
 - Negative values
 - Overflow
 - Empty string

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agovl.c: numa_add(): Validate nodeid before using it
Eduardo Habkost [Mon, 4 Feb 2013 18:27:49 +0000 (16:27 -0200)]
vl.c: numa_add(): Validate nodeid before using it

Without this check, QEMU will corrupt memory if a too-large nodeid is
provided in the command-line. e.g.:

  -numa node,mem=...,cpus=...,nodeid=65

This changes nodenr to unsigned long long, to avoid integer conversion
issues when converting the strtoull() result to int.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agovl.c: Check for NUMA node limit inside numa_add()
Eduardo Habkost [Mon, 4 Feb 2013 18:27:48 +0000 (16:27 -0200)]
vl.c: Check for NUMA node limit inside numa_add()

Instead of checking the limit before calling numa_add(), check the limit
only when we already know we're going to add a new node.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agovl.c: Abort on unknown -numa option type
Eduardo Habkost [Mon, 4 Feb 2013 18:27:47 +0000 (16:27 -0200)]
vl.c: Abort on unknown -numa option type

Abort in case an invalid -numa option is provided, instead of silently
ignoring it.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agovl.c: Fix off-by-one bug when handling "-numa node" argument
Eduardo Habkost [Mon, 4 Feb 2013 18:27:46 +0000 (16:27 -0200)]
vl.c: Fix off-by-one bug when handling "-numa node" argument

The numa_add() code was unconditionally adding 1 to the get_opt_name()
return value, making it point after the end of the string if no ','
separator is present.

Example of weird behavior caused by the bug:

  $ qemu-img create -f qcow2 this-file-image-has,cpus=5,mem=1000,in-its-name.qcow2 5G
  Formatting 'this-file-image-has,cpus=5,mem=1000,in-its-name.qcow2', fmt=qcow2 size=5368709120 encryption=off cluster_size=65536
  $ ./x86_64-softmmu/qemu-system-x86_64 -S -monitor stdio -numa node 'this-file-image-has,cpus=5,mem=1000,in-its-name.qcow2'
  QEMU 1.3.50 monitor - type 'help' for more information
  (qemu) info numa
  1 nodes
  node 0 cpus: 0
  node 0 size: 1000 MB
  (qemu)

This changes the code to nove the pointer only if ',' is found.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agocutils: unsigned int parsing functions
Eduardo Habkost [Mon, 4 Feb 2013 18:27:45 +0000 (16:27 -0200)]
cutils: unsigned int parsing functions

There are lots of duplicate parsing code using strto*() in QEMU, and
most of that code is broken in one way or another. Even the visitors
code have duplicate integer parsing code[1]. This introduces functions
to help parsing unsigned int values: parse_uint() and parse_uint_full().

Parsing functions for signed ints and floats will be submitted later.

parse_uint_full() has all the checks made by opts_type_uint64() at
opts-visitor.c:

 - Check for NULL (returns -EINVAL)
 - Check for negative numbers (returns -EINVAL)
 - Check for empty string (returns -EINVAL)
 - Check for overflow or other errno values set by strtoll() (returns
   -errno)
 - Check for end of string (reject invalid characters after number)
   (returns -EINVAL)

parse_uint() does everything above except checking for the end of the
string, so callers can continue parsing the remainder of string after
the number.

Unit tests included.

[1] string-input-visitor.c:parse_int() could use the same parsing code
    used by opts-visitor.c:opts_type_int(), instead of duplicating that
    logic.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agotarget-cris: Build fix for debug output
Andreas Färber [Sun, 27 Jan 2013 06:26:05 +0000 (07:26 +0100)]
target-cris: Build fix for debug output

Around r3361 (81fdc5f8d2d681da8d255baf0713144f8656bac9) env->debug1 used
to contain the address of an MMU fault. This is now written into
env->pregs[PR_EDA] instead.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
11 years agobitops: unify bitops_ffsl with the one in host-utils.h, call it bitops_ctzl
Paolo Bonzini [Fri, 1 Feb 2013 22:03:16 +0000 (23:03 +0100)]
bitops: unify bitops_ffsl with the one in host-utils.h, call it bitops_ctzl

We had two copies of a ffs function for longs with subtly different
semantics and, for the one in bitops.h, a confusing name: the result
was off-by-one compared to the library function ffsl.

Unify the functions into one, and solve the name problem by calling
the 0-based functions "bitops_ctzl" and "bitops_ctol" respectively.

This also fixes the build on platforms with ffsl, including Mac OS X
and Windows.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Tested-by: Andreas Färber <afaerber@suse.de>
Tested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
11 years agoutil: Fix compilation of envlist.c for MinGW
Stefan Weil [Wed, 16 Jan 2013 18:04:27 +0000 (19:04 +0100)]
util: Fix compilation of envlist.c for MinGW

MinGW has no strtok_r, so we need a declaration in sysemu/os-win32.h.
We must also fix the include statements in util/envlist.c to include
that file.

We currently don't need an implementation of strtok_r because the
code is compiled but not linked for MinGW.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
11 years agoUpdate version for 1.4.0-rc0
Anthony Liguori [Fri, 1 Feb 2013 21:10:33 +0000 (15:10 -0600)]
Update version for 1.4.0-rc0

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agotap: unbreak -netdev tap,fd=X
Anthony Liguori [Sat, 2 Feb 2013 00:02:50 +0000 (18:02 -0600)]
tap: unbreak -netdev tap,fd=X

The multiqueue patch series broke -netdev tap,fd=X which manifests
as libvirt not being able to start a guest.  This was because it
passed NULL for the netdev name which results in an anonymous netdev
device regardless of what the user specified.

Cc: Jason Wang <jasowang@redhat.com>
Cc: Bruce Rogers <brogers@suse.com>
Reported-by: Bruce Rogers <brogers@suse.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoqom: remove object_delete
Paolo Bonzini [Fri, 25 Jan 2013 13:12:39 +0000 (14:12 +0100)]
qom: remove object_delete

This is now unused.  Document the initial reference count of an object
and when it will be freed/finalized.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agocpu: do not use object_delete
Paolo Bonzini [Fri, 25 Jan 2013 13:12:38 +0000 (14:12 +0100)]
cpu: do not use object_delete

CPUs are never added to the composition tree, so delete is achieved
simply by removing the last references to them.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoqdev: drop extra references at creation time
Paolo Bonzini [Fri, 25 Jan 2013 13:12:37 +0000 (14:12 +0100)]
qdev: drop extra references at creation time

qdev_free and qbus_free have to do unparent+unref, because nobody else
drops the initial reference (the one included by object_initialize)
before them.

For device_init_func and do_device_add, this is trivially correct,
since the DeviceState goes out of scope.

For qdev_create, qdev_try_create and qbus_init, it is a bit more tricky.
What we are doing here is just assuming that the caller knows what it's
doing, and won't call qdev_free/qbus_free while the device is still there.
This is a pretty reasonable assumption and (behind the scenes) is also
what GObject/GTK does.  GTK actually has a "floating reference" that
goes away as soon as the caller does gtk_container_add or something
like that, but in the end qbus_init and qdev_try_create are already
adding the new object to its qdev parent!  So in the end the two solutions
are the same.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoqdev: inline object_delete into qbus_free/qdev_free
Paolo Bonzini [Fri, 25 Jan 2013 13:12:36 +0000 (14:12 +0100)]
qdev: inline object_delete into qbus_free/qdev_free

We want object_delete to disappear, and we will do this one class at a
time.  Inline it for the qdev case, which we will tackle first.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoqdev: add reference for the bus while it is referred to by the DeviceState
Paolo Bonzini [Fri, 25 Jan 2013 13:12:35 +0000 (14:12 +0100)]
qdev: add reference for the bus while it is referred to by the DeviceState

Now that the unparent callbacks are complete, we can correctly account
more missing references.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoqdev: move unrealization of devices from finalize to unparent
Paolo Bonzini [Fri, 25 Jan 2013 13:12:34 +0000 (14:12 +0100)]
qdev: move unrealization of devices from finalize to unparent

Similarly, a bus holds a reference back to the device, and this will
prevent the device from going away as soon as this reference is counted
properly.  To avoid this, move the unrealization of devices to the
unparent callback.  This includes recursively unparenting all the buses
and (after the previous patch) the devices on those buses, which ensures
that the web of references completely disappears for all devices that
reside (in the qdev tree) below the one being unplugged.

After this patch, the qdev tree and the bus<->child relationship is
defined as "A is above B, iff unplugging A will automatically unplug B".

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoqdev: move deletion of children from finalize to unparent
Paolo Bonzini [Fri, 25 Jan 2013 13:12:33 +0000 (14:12 +0100)]
qdev: move deletion of children from finalize to unparent

A device will never be finalized as long as it has a reference from
other devices that sit on its buses.  To ensure that the references
go away, deassociate a bus from its children in the unparent callback
for the bus.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoqdev: add reference count to a device for the BusChild
Paolo Bonzini [Fri, 25 Jan 2013 13:12:32 +0000 (14:12 +0100)]
qdev: add reference count to a device for the BusChild

Each device has a reference through the BusChild.  This reference
was not accounted for, add it now.

Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoqom: document reference counting of link properties
Paolo Bonzini [Fri, 25 Jan 2013 13:12:31 +0000 (14:12 +0100)]
qom: document reference counting of link properties

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoqom: preserve object while unparenting it
Paolo Bonzini [Fri, 25 Jan 2013 13:12:30 +0000 (14:12 +0100)]
qom: preserve object while unparenting it

Avoid that the object disappears after it's deleted from the QOM
composition tree, in case that was the only reference to it.

Acked-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agopci: use qbus_create in pci_bus_new
Paolo Bonzini [Fri, 25 Jan 2013 13:12:29 +0000 (14:12 +0100)]
pci: use qbus_create in pci_bus_new

Remove knowledge of QOM innards.  The common part of pci_bus_new and
pci_bus_new_inplace is moved to a new function pci_bus_init.

Acked-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoqdev: change first argument of qbus_create_inplace to void *
Paolo Bonzini [Fri, 25 Jan 2013 13:12:28 +0000 (14:12 +0100)]
qdev: change first argument of qbus_create_inplace to void *

Make it clear that no BUS() macro is needed in the callers (in fact it
wouldn't work because the object has not been initialized yet with the
right class).

Suggested-by: Andreas Faerber <afaerber@suse.de>
Acked-by: Andreas F=E4rber <afaerber@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoqdev: remove duplication between qbus_create and qbus_create_inplace
Paolo Bonzini [Fri, 25 Jan 2013 13:12:27 +0000 (14:12 +0100)]
qdev: remove duplication between qbus_create and qbus_create_inplace

Move the common part to qbus_realize.

Acked-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoaccel: change {xen, kvm, tcg, qtest}_allowed from int to bool
liguang [Thu, 24 Jan 2013 05:03:27 +0000 (13:03 +0800)]
accel: change {xen, kvm, tcg, qtest}_allowed from int to bool

Signed-off-by: liguang <lig.fnst@cn.fujitsu.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agovl: correct error message when fail to init kvm
liguang [Thu, 24 Jan 2013 05:03:26 +0000 (13:03 +0800)]
vl: correct error message when fail to init kvm

command:
qemu-system-x86_64 -hda disk.img -smp 32 --enable-kvm
error:
Number of SMP cpus requested (32) exceeds max cpus supported by KVM (16)
failed to initialize KVM: Invalid argument
No accelerator found!

well, it did find kvm, but failed to init,
so message "No accelerator found!" is confusing,
this commit remove the confusing error message.

Signed-off-by: liguang <lig.fnst@cn.fujitsu.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agovl: skip init accelerator if it's not available
liguang [Thu, 24 Jan 2013 05:03:25 +0000 (13:03 +0800)]
vl: skip init accelerator if it's not available

Signed-off-by: liguang <lig.fnst@cn.fujitsu.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agosparc: disable qtest in make check
Anthony Liguori [Tue, 29 Jan 2013 21:42:45 +0000 (15:42 -0600)]
sparc: disable qtest in make check

We've seen this repeatedly in buildbot but I can now reliably
reproduce it myself too.  With a few hundred runs of 'make check',
qemu-system-sparc will hang consuming 100% CPU.  I've attached GDB
to the hung process and unfortunately, I can't get anything useful
out of GDB (RIP is not a valid simple and there is nothing else on
the stack).

At any rate, since this only manifests in qemu-system-sparc and it
doesn't appear to be a qtest specific problem, I think we should
disable it until the problem is resolved.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoMerge remote-tracking branch 'stefanha/block' into staging
Anthony Liguori [Fri, 1 Feb 2013 20:40:05 +0000 (14:40 -0600)]
Merge remote-tracking branch 'stefanha/block' into staging

# By Kevin Wolf (7) and others
# Via Stefan Hajnoczi
* stefanha/block:
  block/raw-posix: Build fix for O_ASYNC
  vmdk: Allow space in file name
  parallels: Fix bdrv_open() error handling
  dmg: Use g_free instead of free
  dmg: Fix bdrv_open() error handling
  vpc: Fix bdrv_open() error handling
  cloop: Fix bdrv_open() error handling
  bochs: Fix bdrv_open() error handling
  sheepdog: pass vdi_id to sheep daemon for sd_close()
  vmdk: Allow selecting SCSI adapter in image creation
  block: Adds mirroring tests for resized images
  block: Fix is_allocated_above with resized files
  qemu-iotests: Add regression test for b7ab0fea