sdk/emulator/qemu.git
10 years agoMerge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
Peter Maydell [Tue, 19 Aug 2014 12:00:57 +0000 (13:00 +0100)]
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

SCSI changes that enable sending vendor-specific commands via virtio-scsi.

Memory changes for QOMification and automatic tracking of MR lifetime.

# gpg: Signature made Mon 18 Aug 2014 13:03:09 BST using RSA key ID 9B4D86F2
# gpg: Good signature from "Paolo Bonzini <pbonzini@redhat.com>"
# gpg:                 aka "Paolo Bonzini <bonzini@gnu.org>"

* remotes/bonzini/tags/for-upstream:
  mtree: remove write-only field
  memory: Use canonical path component as the name
  memory: Use memory_region_name for name access
  memory: constify memory_region_name
  exec: Abstract away ref to memory region names
  loader: Abstract away ref to memory region names
  tpm_tis: remove instance_finalize callback
  memory: remove memory_region_destroy
  memory: convert memory_region_destroy to object_unparent
  ioport: split deletion and destruction
  nic: do not destroy memory regions in cleanup functions
  vga: do not dynamically allocate chain4_alias
  sysbus: remove unused function sysbus_del_io
  qom: object: move unparenting to the child property's release callback
  qom: object: delete properties before calling instance_finalize
  virtio-scsi: implement parse_cdb
  scsi-block, scsi-generic: implement parse_cdb
  scsi-block: extract scsi_block_is_passthrough
  scsi-bus: introduce parse_cdb in SCSIDeviceClass and SCSIBusInfo
  scsi-bus: prepare scsi_req_new for introduction of parse_cdb

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agoMerge remote-tracking branch 'remotes/qmp-unstable/queue/qmp' into staging
Peter Maydell [Tue, 19 Aug 2014 09:30:36 +0000 (10:30 +0100)]
Merge remote-tracking branch 'remotes/qmp-unstable/queue/qmp' into staging

* remotes/qmp-unstable/queue/qmp:
  monitor: fix use after free
  dump.c: Fix memory leak issue in cleanup processing for dump_init()
  monitor: Remove hardcoded watchdog event names

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agomonitor: fix use after free
Michael S. Tsirkin [Sun, 17 Aug 2014 09:45:17 +0000 (11:45 +0200)]
monitor: fix use after free

The function monitor_fdset_dup_fd_find_remove() references member of
'mon_fdset' which - when remove flag is set - may be freed in function
monitor_fdset_cleanup().
remove is set by monitor_fdset_dup_fd_remove which in practice
does not need the returned value, so make it void,
and return -1 from monitor_fdset_dup_fd_find_remove.

Reported-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
10 years agodump.c: Fix memory leak issue in cleanup processing for dump_init()
Chen Gang [Sun, 3 Aug 2014 15:28:56 +0000 (23:28 +0800)]
dump.c: Fix memory leak issue in cleanup processing for dump_init()

In dump_init(), when failure occurs, need notice about 'fd' and memory
mapping. So call dump_cleanup() for it (need let all initializations at
front).

Also simplify dump_cleanup(): remove redundant 'ret' and redundant 'fd'
checking.

Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
10 years agomonitor: Remove hardcoded watchdog event names
Hani Benhabiles [Tue, 29 Jul 2014 22:22:40 +0000 (23:22 +0100)]
monitor: Remove hardcoded watchdog event names

Signed-off-by: Hani Benhabiles <hani@linux.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
10 years agoMerge remote-tracking branch 'remotes/amit/for-2.2' into staging
Peter Maydell [Mon, 18 Aug 2014 17:24:38 +0000 (18:24 +0100)]
Merge remote-tracking branch 'remotes/amit/for-2.2' into staging

* remotes/amit/for-2.2:
  virtio-serial: search for duplicate port names before adding new ports
  virtio-serial: create a linked list of all active devices

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agovirtio-serial: search for duplicate port names before adding new ports
Amit Shah [Tue, 15 Jul 2014 04:47:02 +0000 (10:17 +0530)]
virtio-serial: search for duplicate port names before adding new ports

Before adding new ports to VirtIOSerial devices, check if there's a
conflict in the 'name' parameter.  This ensures two virtserialports with
identical names are not initialized.

Reported-by: <mazhang@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
10 years agovirtio-serial: create a linked list of all active devices
Amit Shah [Wed, 16 Jul 2014 11:08:50 +0000 (16:38 +0530)]
virtio-serial: create a linked list of all active devices

To ensure two virtserialports don't get added to the system with the
same 'name' parameter, we need to access all the ports on all the
devices added, and compare the names.

We currently don't have a list of all VirtIOSerial devices added to the
system.  This commit adds a simple linked list in which devices are put
when they're initialized, and removed when they go away.

Signed-off-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
10 years agoMerge remote-tracking branch 'remotes/mcayland/qemu-sparc' into staging
Peter Maydell [Mon, 18 Aug 2014 11:55:02 +0000 (12:55 +0100)]
Merge remote-tracking branch 'remotes/mcayland/qemu-sparc' into staging

* remotes/mcayland/qemu-sparc:
  target-sparc64: implement Short Floating-Point Store Instructions
  apb: add IOMMU flush register implementation
  sun4u: switch second PCI-ebus bridge BAR over to PCI IO space

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agoMerge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging
Peter Maydell [Mon, 18 Aug 2014 10:59:26 +0000 (11:59 +0100)]
Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging

Block pull request

# gpg: Signature made Fri 15 Aug 2014 18:04:23 BST using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"

* remotes/stefanha/tags/block-pull-request: (55 commits)
  qcow2: fix new_blocks double-free in alloc_refcount_block()
  image-fuzzer: Reduce number of generator functions in __init__
  image-fuzzer: Add generators of L1/L2 tables
  image-fuzzer: Add fuzzing functions for L1/L2 table entries
  docs: Expand the list of supported image elements with L1/L2 tables
  image-fuzzer: Public API for image-fuzzer/runner/runner.py
  image-fuzzer: Generator of fuzzed qcow2 images
  image-fuzzer: Fuzzing functions for qcow2 images
  image-fuzzer: Tool for fuzz tests execution
  docs: Specification for the image fuzzer
  ide: only constrain read/write requests to drive size, not other types
  virtio-blk: Correct bug in support for flexible descriptor layout
  libqos: Change free function called in malloc
  libqos: Correct mask to align size to PAGE_SIZE in malloc-pc
  libqtest: add QTEST_LOG for debugging qtest testcases
  ide: Fix segfault when flushing a device that doesn't exist
  qemu-options: add missing -drive discard option to cmdline help
  parallels: 2TB+ parallels images support
  parallels: split check for parallels format in parallels_open
  parallels: replace tabs with spaces in block/parallels.c
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agomtree: remove write-only field
Paolo Bonzini [Wed, 11 Dec 2013 11:51:46 +0000 (12:51 +0100)]
mtree: remove write-only field

ml->printed is never set to true.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
10 years agomemory: Use canonical path component as the name
Peter Crosthwaite [Fri, 15 Aug 2014 06:56:08 +0000 (23:56 -0700)]
memory: Use canonical path component as the name

Rather than having the name as separate state. This prepares support
for creating a MemoryRegion dynamically (i.e. without
memory_region_init() and friends) and the MemoryRegion still getting
a usable name.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
10 years agomemory: Use memory_region_name for name access
Peter Crosthwaite [Fri, 15 Aug 2014 06:55:36 +0000 (23:55 -0700)]
memory: Use memory_region_name for name access

Despite being local to memory.c, use the helper function. This prepares
support for fully QOMifiying the name field of MR (which will remove
this state from MR completely).

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
10 years agomemory: constify memory_region_name
Peter Crosthwaite [Fri, 15 Aug 2014 06:55:03 +0000 (23:55 -0700)]
memory: constify memory_region_name

It doesn't change the MR and some prospective call sites will have
const MRs at hand.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
10 years agoexec: Abstract away ref to memory region names
Peter Crosthwaite [Fri, 15 Aug 2014 06:54:29 +0000 (23:54 -0700)]
exec: Abstract away ref to memory region names

Use the function provided rather than spying on the struct.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
10 years agoloader: Abstract away ref to memory region names
Peter Crosthwaite [Fri, 15 Aug 2014 06:53:55 +0000 (23:53 -0700)]
loader: Abstract away ref to memory region names

Use the function provided rather than spying on the struct.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
10 years agotpm_tis: remove instance_finalize callback
Paolo Bonzini [Wed, 11 Jun 2014 10:57:16 +0000 (12:57 +0200)]
tpm_tis: remove instance_finalize callback

It is never used, since ISA device are not hot-unpluggable.

Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
10 years agomemory: remove memory_region_destroy
Paolo Bonzini [Wed, 11 Jun 2014 10:50:43 +0000 (12:50 +0200)]
memory: remove memory_region_destroy

The function is empty after the previous patch, so remove it.

Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
10 years agomemory: convert memory_region_destroy to object_unparent
Paolo Bonzini [Wed, 11 Jun 2014 10:42:01 +0000 (12:42 +0200)]
memory: convert memory_region_destroy to object_unparent

Explicitly call object_unparent in the few places where we
will re-create the memory region.  If the memory region is
simply being destroyed as part of device teardown, let QOM
handle it.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
10 years agoioport: split deletion and destruction
Paolo Bonzini [Wed, 11 Jun 2014 11:02:51 +0000 (13:02 +0200)]
ioport: split deletion and destruction

Of the two functions portio_list_del and portio_list_destroy,
the latter is just freeing a memory area.  However, portio_list_del
is the logical equivalent of memory_region_del_subregion so
destruction of memory regions does not belong there.

Actually, neither of these APIs are in use; portio is mostly used by
ISA devices or VGAs, and neither of these is currently hot-unpluggable.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
10 years agonic: do not destroy memory regions in cleanup functions
Paolo Bonzini [Wed, 11 Jun 2014 10:23:03 +0000 (12:23 +0200)]
nic: do not destroy memory regions in cleanup functions

The memory regions should be destroyed in the unrealize function;
since these NICs are not even qdev-ified, they cannot be unplugged
and they do not have to do anything to destroy their memory regions.

Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
10 years agovga: do not dynamically allocate chain4_alias
Paolo Bonzini [Wed, 11 Jun 2014 10:19:25 +0000 (12:19 +0200)]
vga: do not dynamically allocate chain4_alias

Instead, add a boolean variable to indicate the presence of the region.
This avoids a repeated malloc/free (later we can also avoid the
add_child/unparent by changing the offset/size of the alias).

Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
10 years agosysbus: remove unused function sysbus_del_io
Paolo Bonzini [Wed, 11 Jun 2014 10:15:49 +0000 (12:15 +0200)]
sysbus: remove unused function sysbus_del_io

Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
10 years agoqom: object: move unparenting to the child property's release callback
Paolo Bonzini [Wed, 11 Jun 2014 09:57:38 +0000 (11:57 +0200)]
qom: object: move unparenting to the child property's release callback

This ensures that the unparent callback is called automatically
when the parent object is finalized.

Note that there's no need to keep a reference neither in
object_unparent nor in object_finalize_child_property.  The
reference held by the child property itself will do.

Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
10 years agoqom: object: delete properties before calling instance_finalize
Paolo Bonzini [Wed, 11 Jun 2014 09:58:30 +0000 (11:58 +0200)]
qom: object: delete properties before calling instance_finalize

This ensures that the children's unparent callback will still
have a usable parent.

Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
10 years agotarget-sparc64: implement Short Floating-Point Store Instructions
Artyom Tarasenko [Fri, 8 Aug 2014 20:48:00 +0000 (22:48 +0200)]
target-sparc64: implement Short Floating-Point Store Instructions

Implement Short Floating-Point Store Instructions as described
in the chapter 13.5.2 of UltraSPARC-IIi User's Manual.

Particularly this instructions are used by NetBSD 4.0.1+ /sparc64

Signed-off-by: Artyom Tarasenko <atar4qemu@gmail.com>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
10 years agoapb: add IOMMU flush register implementation
Mark Cave-Ayland [Mon, 11 Aug 2014 11:22:52 +0000 (12:22 +0100)]
apb: add IOMMU flush register implementation

The IOMMU flush register is a write-only register used to remove entries from the
hardware TLB. Allow guest writes to this register as a no-op, and return a value
of 0 for reads.

This fixes IOMMU DMA operations under NetBSD SPARC64.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
10 years agosun4u: switch second PCI-ebus bridge BAR over to PCI IO space
Mark Cave-Ayland [Mon, 4 Aug 2014 17:13:11 +0000 (18:13 +0100)]
sun4u: switch second PCI-ebus bridge BAR over to PCI IO space

The ebus is the sun4u equivalent of the old ISA bus which is already mapped at
the beginning of PCI IO space within QEMU. NetBSD attempts to find the physical
addresses of devices connected to the ebus by parsing the BARs of the PCI-ebus
bridge and using the base address found by matching both the address space
type and range for a particular ebus address.

Since the second PCI-ebus bridge BAR is already aliased onto IO space, switch
the BAR over to match and reduce the size to 0x1000 which is enough to cover
all the legacy ioport devices whilst leaving the remaining IO space for other
PCI devices. This allows NetBSD SPARC64 to correctly detect and access devices
on the ebus.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
10 years agoMerge remote-tracking branch 'remotes/mjt/tags/trivial-patches-2014-08-15' into staging
Peter Maydell [Fri, 15 Aug 2014 17:44:47 +0000 (18:44 +0100)]
Merge remote-tracking branch 'remotes/mjt/tags/trivial-patches-2014-08-15' into staging

trivial patches for 2014-08-15

# gpg: Signature made Fri 15 Aug 2014 16:13:03 BST using RSA key ID A4C3D7DB
# gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>"
# gpg:                 aka "Michael Tokarev <mjt@corpit.ru>"
# gpg:                 aka "Michael Tokarev <mjt@debian.org>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6EE1 95D1 886E 8FFB 810D  4324 457C E0A0 8044 65C5
#      Subkey fingerprint: 6F67 E18E 7C91 C5B1 5514  66A7 BEE5 9D74 A4C3 D7DB

* remotes/mjt/tags/trivial-patches-2014-08-15:
  ivshmem: check the value returned by fstat()
  l2cap: fix access to freed memory
  intc: i8259: Convert Array allocation to g_new0
  ppc: convert g_new(qemu_irq usages to g_new0
  ssi: xilinx_spi: Initialise CS GPIOs as NULL
  vl: free err
  qemu-options.hx: fix typo about l2tpv3
  vmxnet3: don't use 'Yoda conditions'
  vl: don't use 'Yoda conditions'
  spice: don't use 'Yoda conditions'
  don't use 'Yoda conditions'
  isa-bus: don't use 'Yoda conditions'
  audio: don't use 'Yoda conditions'
  usb: don't use 'Yoda conditions'
  CODING_STYLE: Section about conditional statement
  pci-host: update uncorresponding description
  pci-host: update obsolete reference about piix_pci.c
  qemu-options.hx: fix a typo of chardev
  memory: Update obsolete comment about AddrRange field type
  apic: Fix reported DFR content

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agoqcow2: fix new_blocks double-free in alloc_refcount_block()
Stefan Hajnoczi [Fri, 15 Aug 2014 16:59:54 +0000 (17:59 +0100)]
qcow2: fix new_blocks double-free in alloc_refcount_block()

Commit de82815db1c89da058b7fb941dab137d6d9ab738 ("qcow2: Handle failure
for potentially large allocations") introduced a double-free of
new_blocks in the alloc_refcount_block() error path.

The qemu-iotests qcow2 026 test case was failing because qemu-io
segfaulted.

Make sure new_blocks is NULL after we free it the first time.

Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoimage-fuzzer: Reduce number of generator functions in __init__
Maria Kustova [Mon, 11 Aug 2014 11:27:46 +0000 (15:27 +0400)]
image-fuzzer: Reduce number of generator functions in __init__

Some issues can be found only when a fuzzed image has a partial structure,
e.g. has L1/L2 tables but no refcount ones. Generation of an entirely
defined image limits these cases. Now the Image constructor creates only
a header and a backing file name (if any), other image elements are generated
in the 'create_image' API.

Signed-off-by: Maria Kustova <maria.k@catit.be>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoimage-fuzzer: Add generators of L1/L2 tables
Maria Kustova [Mon, 11 Aug 2014 11:01:10 +0000 (15:01 +0400)]
image-fuzzer: Add generators of L1/L2 tables

Entries in L1/L2 entries are based on a portion of random guest clusters.
L2 entries contain offsets to host image clusters filled with random data.
Clusters for L1/L2 tables and guest data are selected randomly.

Signed-off-by: Maria Kustova <maria.k@catit.be>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoimage-fuzzer: Add fuzzing functions for L1/L2 table entries
Maria Kustova [Mon, 11 Aug 2014 11:01:09 +0000 (15:01 +0400)]
image-fuzzer: Add fuzzing functions for L1/L2 table entries

Signed-off-by: Maria Kustova <maria.k@catit.be>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agodocs: Expand the list of supported image elements with L1/L2 tables
Maria Kustova [Mon, 11 Aug 2014 11:01:08 +0000 (15:01 +0400)]
docs: Expand the list of supported image elements with L1/L2 tables

Signed-off-by: Maria Kustova <maria.k@catit.be>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoimage-fuzzer: Public API for image-fuzzer/runner/runner.py
Maria Kustova [Mon, 11 Aug 2014 10:34:02 +0000 (14:34 +0400)]
image-fuzzer: Public API for image-fuzzer/runner/runner.py

__init__.py provides the public API required by the test runner

Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Maria Kustova <maria.k@catit.be>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoimage-fuzzer: Generator of fuzzed qcow2 images
Maria Kustova [Mon, 11 Aug 2014 10:34:01 +0000 (14:34 +0400)]
image-fuzzer: Generator of fuzzed qcow2 images

The layout submodule of the qcow2 package creates a random valid image,
randomly selects some amount of its fields, fuzzes them and write the fuzzed
image to the file. Fuzzing process can be controlled by an external
configuration.

Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Maria Kustova <maria.k@catit.be>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoimage-fuzzer: Fuzzing functions for qcow2 images
Maria Kustova [Mon, 11 Aug 2014 10:34:00 +0000 (14:34 +0400)]
image-fuzzer: Fuzzing functions for qcow2 images

The fuzz submodule of the qcow2 image generator contains fuzzing functions for
image fields.
Each fuzzing function contains a list of constraints and a call of a helper
function that randomly selects a fuzzed value satisfied to one of constraints.
For now constraints include only known as invalid or potentially dangerous
values. But after investigation of code coverage by fuzz tests they will be
expanded by heuristic values based on inner checks and flows of a program
under test.

Now fuzzing of a header, header extensions and a backing file name is
supported.

Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Maria Kustova <maria.k@catit.be>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoimage-fuzzer: Tool for fuzz tests execution
Maria Kustova [Mon, 11 Aug 2014 10:33:59 +0000 (14:33 +0400)]
image-fuzzer: Tool for fuzz tests execution

The purpose of the test runner is to prepare the test environment (e.g. create
a work directory, a test image, etc), execute a program under test with
parameters, indicate a test failure if the program was killed during the test
execution and collect core dumps, logs and other test artifacts.

The test runner doesn't depend on an image format, so it can be used with any
external image generator.

[Fixed path to qcow2 format module "qcow2" instead of "../qcow2" since
runner.py is no longer in a sub-directory.
--Stefan]

Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Maria Kustova <maria.k@catit.be>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agodocs: Specification for the image fuzzer
Maria Kustova [Mon, 11 Aug 2014 10:33:58 +0000 (14:33 +0400)]
docs: Specification for the image fuzzer

'Overall fuzzer requirements' chapter contains the current product vision and
features done and to be done. This chapter is still in progress.

Signed-off-by: Maria Kustova <maria.k@catit.be>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoide: only constrain read/write requests to drive size, not other types
Michael Tokarev [Wed, 13 Aug 2014 07:23:31 +0000 (11:23 +0400)]
ide: only constrain read/write requests to drive size, not other types

Commit 58ac321135a introduced a check to ide dma processing which
constrains all requests to drive size.  However, apparently, some
valid requests (like TRIM) does not fit in this constraint, and
fails in 2.1.  So check the range only for reads and writes.

Cc: qemu-stable@nongnu.org
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agovirtio-blk: Correct bug in support for flexible descriptor layout
Marc MarĂ­ [Tue, 12 Aug 2014 11:41:51 +0000 (13:41 +0200)]
virtio-blk: Correct bug in support for flexible descriptor layout

Without this correction, only a three descriptor layout is accepted, and
requests with just two descriptors are not completed and no error message is
displayed.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Marc MarĂ­ <marc.mari.barcelo@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agolibqos: Change free function called in malloc
Marc MarĂ­ [Tue, 12 Aug 2014 11:41:50 +0000 (13:41 +0200)]
libqos: Change free function called in malloc

Reviewed-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Marc MarĂ­ <marc.mari.barcelo@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agolibqos: Correct mask to align size to PAGE_SIZE in malloc-pc
Marc MarĂ­ [Tue, 12 Aug 2014 11:41:49 +0000 (13:41 +0200)]
libqos: Correct mask to align size to PAGE_SIZE in malloc-pc

Reviewed-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Marc MarĂ­ <marc.mari.barcelo@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agolibqtest: add QTEST_LOG for debugging qtest testcases
Marc MarĂ­ [Tue, 12 Aug 2014 11:41:48 +0000 (13:41 +0200)]
libqtest: add QTEST_LOG for debugging qtest testcases

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Marc MarĂ­ <marc.mari.barcelo@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoide: Fix segfault when flushing a device that doesn't exist
Kevin Wolf [Tue, 12 Aug 2014 16:29:41 +0000 (18:29 +0200)]
ide: Fix segfault when flushing a device that doesn't exist

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoqemu-options: add missing -drive discard option to cmdline help
Peter Lieven [Mon, 28 Jul 2014 19:53:02 +0000 (21:53 +0200)]
qemu-options: add missing -drive discard option to cmdline help

Signed-off-by: Peter Lieven <pl@kamp.de>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoparallels: 2TB+ parallels images support
Denis V. Lunev [Mon, 28 Jul 2014 16:23:55 +0000 (20:23 +0400)]
parallels: 2TB+ parallels images support

Parallels has released in the recent updates of Parallels Server 5/6
new addition to his image format. Images with signature WithouFreSpacExt
have offsets in the catalog coded not as offsets in sectors (multiple
of 512 bytes) but offsets coded in blocks (i.e. header->tracks * 512)

In this case all 64 bits of header->nb_sectors are used for image size.

This patch implements support of this for qemu-img and also adds specific
check for an incorrect image. Images with block size greater than
INT_MAX/513 are not supported. The biggest available Parallels image
cluster size in the field is 1 Mb. Thus this limit will not hurt
anyone.

Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Jeff Cody <jcody@redhat.com>
CC: Kevin Wolf <kwolf@redhat.com>
CC: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoparallels: split check for parallels format in parallels_open
Denis V. Lunev [Mon, 28 Jul 2014 16:23:54 +0000 (20:23 +0400)]
parallels: split check for parallels format in parallels_open

and rework error path a bit. There is no difference at the moment, but
the code will be definitely shorter when additional processing will
be required for WithouFreSpacExt

Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Jeff Cody <jcody@redhat.com>
CC: Kevin Wolf <kwolf@redhat.com>
CC: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoparallels: replace tabs with spaces in block/parallels.c
Denis V. Lunev [Mon, 28 Jul 2014 16:23:53 +0000 (20:23 +0400)]
parallels: replace tabs with spaces in block/parallels.c

Signed-off-by: Denis V. Lunev <den@openvz.org>
Reviewed-by: Jeff Cody <jcody@redhat.com>
CC: Kevin Wolf <kwolf@redhat.com>
CC: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoparallels: extend parallels format header with actual data values
Denis V. Lunev [Mon, 28 Jul 2014 16:23:52 +0000 (20:23 +0400)]
parallels: extend parallels format header with actual data values

Parallels image format has several additional fields inside:
- nb_sectors is actually 64 bit wide. Upper 32bits are not used for
  images with signature "WithoutFreeSpace" and must be explicitly
  zeroed according to Parallels. They will be used for images with
  signature "WithouFreSpacExt"
- inuse is magic which means that the image is currently opened for
  read/write or was not closed correctly, the magic is 0x746f6e59
- data_off is the location of the first data block. It can be zero
  and in this case data starts just beyond the header aligned to
  512 bytes. Though this field does not matter for read-only driver

This patch adds these values to struct parallels_header and adds
proper handling of nb_sectors for currently supported WithoutFreeSpace
images.

WithouFreSpacExt will be covered in next patches.

Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Kevin Wolf <kwolf@redhat.com>
CC: Stefan Hajnoczi <stefanha@redhat.com>
CC: Jeff Cody <jcody@redhat.com>
Reviewed-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agodataplane: stop trying on notifier error
Cornelia Huck [Fri, 25 Jul 2014 12:10:48 +0000 (14:10 +0200)]
dataplane: stop trying on notifier error

If we fail to set up guest or host notifiers, there's no use trying again
every time the guest kicks, so disable dataplane in that case.

Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agodataplane: fail notifier setting gracefully
Cornelia Huck [Fri, 25 Jul 2014 12:10:47 +0000 (14:10 +0200)]
dataplane: fail notifier setting gracefully

The dataplane code is currently doing a hard exit if it fails to set
up either guest or host notifiers. In practice, this may mean that a
guest suddenly dies after a dataplane device failed to come up (e.g.,
when a file descriptor limit is hit for tne nth device).

Let's just try to unwind the setup instead and return.

Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agodataplane: print why starting failed
Cornelia Huck [Fri, 25 Jul 2014 12:10:46 +0000 (14:10 +0200)]
dataplane: print why starting failed

Setting up guest or host notifiers may fail, but the user will have
no idea why: Let's print the error returned by the callback.

Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agochannel-posix: using qemu_set_nonblock() instead of fcntl(O_NONBLOCK)
Gonglei [Mon, 11 Aug 2014 09:34:21 +0000 (17:34 +0800)]
channel-posix: using qemu_set_nonblock() instead of fcntl(O_NONBLOCK)

Technically, fcntl(soc, F_SETFL, O_NONBLOCK)
is incorrect since it clobbers all other file flags.
We can use F_GETFL to get the current flags, set or
clear the O_NONBLOCK flag, then use F_SETFL to set the flags.

Using the qemu_set_nonblock() wrapper.

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Wangxin <wangxinxin.wang@huawei.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoqemu-char: using qemu_set_nonblock() instead of fcntl(O_NONBLOCK)
Gonglei [Mon, 11 Aug 2014 09:34:20 +0000 (17:34 +0800)]
qemu-char: using qemu_set_nonblock() instead of fcntl(O_NONBLOCK)

Technically, fcntl(soc, F_SETFL, O_NONBLOCK)
is incorrect since it clobbers all other file flags.
We can use F_GETFL to get the current flags, set or
clear the O_NONBLOCK flag, then use F_SETFL to set the flags.

Using the qemu_set_nonblock() wrapper.

Signed-off-by: Wangxin <wangxinxin.wang@huawei.com>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agocmd646: synchronise UDMA interrupt status with DMA interrupt status
Mark Cave-Ayland [Fri, 8 Aug 2014 16:23:36 +0000 (17:23 +0100)]
cmd646: synchronise UDMA interrupt status with DMA interrupt status

Make sure that both registers are synchronised when being accessed through
PCI configuration space.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agocmd646: allow MRDMODE interrupt status bits clearing from PCI config space
Mark Cave-Ayland [Fri, 8 Aug 2014 16:23:35 +0000 (17:23 +0100)]
cmd646: allow MRDMODE interrupt status bits clearing from PCI config space

Make sure that we also update the normal DMA interrupt status bits at the
same time, and alter the IRQ if being cleared accordingly.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agocmd646: switch cmd646_update_irq() to accept PCIDevice instead of PCIIDEState
Mark Cave-Ayland [Fri, 8 Aug 2014 16:23:34 +0000 (17:23 +0100)]
cmd646: switch cmd646_update_irq() to accept PCIDevice instead of PCIIDEState

This is in preparation for adding configuration space accessors which accept
PCIDevice as a parameter.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agocmd646: synchronise DMA interrupt status with UDMA interrupt status
Mark Cave-Ayland [Fri, 8 Aug 2014 16:23:33 +0000 (17:23 +0100)]
cmd646: synchronise DMA interrupt status with UDMA interrupt status

Make sure that the standard DMA interrupt status bits reflect any changes made
to the UDMA interrupt status bits. The CMD646U2 datasheet claims that these
bits are equivalent, and they must be synchronised for guests that manipulate
both registers.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agocmd646: add constants for CNTRL register access
Mark Cave-Ayland [Fri, 8 Aug 2014 16:23:32 +0000 (17:23 +0100)]
cmd646: add constants for CNTRL register access

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoqtest/ide: Fix small memory leak
John Snow [Mon, 4 Aug 2014 21:11:25 +0000 (17:11 -0400)]
qtest/ide: Fix small memory leak

For libqos debugging purposes, it's nice to
be able to assert that tests and associated libraries
have no memory leaks. To that end, free up the
trivial cmdline leak.

The remaining leaks caused by pc_alloc_init are fixed
instead by my first-fit pc_alloc implementation already
on the qemu-devel mailing list.

Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agolibqos: allow qpci_iomap to return BAR mapping size
John Snow [Mon, 4 Aug 2014 21:11:24 +0000 (17:11 -0400)]
libqos: allow qpci_iomap to return BAR mapping size

This patch allows qpci_iomap to return the size of the
BAR mapping that it created, to allow driver applications
(e.g, ahci-test) to make determinations about the suitability
or the mapping size, or in the specific case of AHCI, how
many ports are supported by the HBA.

Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agolibqos: Fixes a small memory leak.
John Snow [Mon, 4 Aug 2014 21:11:23 +0000 (17:11 -0400)]
libqos: Fixes a small memory leak.

Allow users the chance to clean up the QPCIBusPC structure
by adding a small cleanup routine. Helps clear up small
memory leaks during setup/teardown, to allow for cleaner
debug output messages.

Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agolibqtest: Correct small memory leak.
John Snow [Mon, 4 Aug 2014 21:11:22 +0000 (17:11 -0400)]
libqtest: Correct small memory leak.

Fixes a small memory leak inside of libqtest.
After we produce a test path and glib copies the string
for itself, we should clean up our temporary copy.

Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agolibqos: Correct memory leak
John Snow [Mon, 4 Aug 2014 21:11:21 +0000 (17:11 -0400)]
libqos: Correct memory leak

Fix a small memory leak inside of libqos, in the pc_alloc_init routine.

Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoqtest: Adding qtest_memset and qmemset.
John Snow [Mon, 4 Aug 2014 21:11:20 +0000 (17:11 -0400)]
qtest: Adding qtest_memset and qmemset.

Currently, libqtest allows for memread and memwrite, but
does not offer a simple way to zero out regions of memory.
This patch adds a simple function to do so.

Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoq35: Enable the ioapic device to be seen by qtest.
John Snow [Mon, 4 Aug 2014 21:11:19 +0000 (17:11 -0400)]
q35: Enable the ioapic device to be seen by qtest.

Currently, the ioapic device can not be found in a qtest environment
when requesting "irq_interrupt_in ioapic" via the qtest socket.

By mirroring how the ioapic is added in i44ofx (hw/i440/pc_piix.c),
as a child of "q35," the device is able to be seen by qtest.

Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoahci: construct PIO Setup FIS for PIO commands
Paolo Bonzini [Mon, 4 Aug 2014 21:11:18 +0000 (17:11 -0400)]
ahci: construct PIO Setup FIS for PIO commands

PIO commands should put a PIO Setup FIS in the receive area when data
transfer ends.  Currently QEMU does not do this and only places the
D2H FIS at the end of the operation.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoide: make all commands go through cmd_done
Paolo Bonzini [Mon, 4 Aug 2014 21:11:17 +0000 (17:11 -0400)]
ide: make all commands go through cmd_done

AHCI has code to fill in the D2H FIS trigger the IRQ all over the place.
Centralize this in a single cmd_done callback by generalizing the existing
async_cmd_done callback.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoide: stop PIO transfer on errors
Paolo Bonzini [Mon, 4 Aug 2014 21:11:16 +0000 (17:11 -0400)]
ide: stop PIO transfer on errors

This will provide a hook for sending the result of the command via the
FIS receive area.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoahci: remove duplicate PORT_IRQ_* constants
Paolo Bonzini [Mon, 4 Aug 2014 21:11:15 +0000 (17:11 -0400)]
ahci: remove duplicate PORT_IRQ_* constants

These are defined twice, just use one set consistently.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoide: move retry constants out of BM_STATUS_* namespace
Paolo Bonzini [Mon, 4 Aug 2014 21:11:14 +0000 (17:11 -0400)]
ide: move retry constants out of BM_STATUS_* namespace

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoide: move BM_STATUS bits to pci.[ch]
Paolo Bonzini [Mon, 4 Aug 2014 21:11:13 +0000 (17:11 -0400)]
ide: move BM_STATUS bits to pci.[ch]

They are not used by AHCI, and should not be even available there.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoide: fold add_status callback into set_inactive
Paolo Bonzini [Mon, 4 Aug 2014 21:11:12 +0000 (17:11 -0400)]
ide: fold add_status callback into set_inactive

It is now called only after the set_inactive callback.  Put the two together.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoide: remove wrong setting of BM_STATUS_INT
Paolo Bonzini [Mon, 4 Aug 2014 21:11:11 +0000 (17:11 -0400)]
ide: remove wrong setting of BM_STATUS_INT

Similar to the case removed in commit 69c38b8 (ide/core: Remove explicit
setting of BM_STATUS_INT, 2011-05-19), the only remaining use of
add_status(..., BM_STATUS_INT) is for short PRDs.  The flag should
not be raised in this case.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoide: wrap start_dma callback
Paolo Bonzini [Mon, 4 Aug 2014 21:11:10 +0000 (17:11 -0400)]
ide: wrap start_dma callback

Make it optional and prepare for the next patches.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoide: simplify start_transfer callbacks
Paolo Bonzini [Mon, 4 Aug 2014 21:11:09 +0000 (17:11 -0400)]
ide: simplify start_transfer callbacks

Drop the unused return value and make the callback optional.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoide: simplify async_cmd_done callbacks
Paolo Bonzini [Mon, 4 Aug 2014 21:11:08 +0000 (17:11 -0400)]
ide: simplify async_cmd_done callbacks

Drop the unused return value.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoide: simplify set_inactive callbacks
Paolo Bonzini [Mon, 4 Aug 2014 21:11:07 +0000 (17:11 -0400)]
ide: simplify set_inactive callbacks

Drop the unused return value and make the callback optional.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoide: simplify reset callbacks
Paolo Bonzini [Mon, 4 Aug 2014 21:11:06 +0000 (17:11 -0400)]
ide: simplify reset callbacks

Drop the unused return value and make the callback optional.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoide: stash aiocb for flushes
Paolo Bonzini [Mon, 4 Aug 2014 21:11:05 +0000 (17:11 -0400)]
ide: stash aiocb for flushes

This ensures that operations are completed after a reset

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoide-test: add test for werror=stop
Paolo Bonzini [Mon, 4 Aug 2014 21:11:04 +0000 (17:11 -0400)]
ide-test: add test for werror=stop

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agolibqtest: add QTEST_LOG for debugging qtest testcases
Paolo Bonzini [Mon, 4 Aug 2014 21:11:03 +0000 (17:11 -0400)]
libqtest: add QTEST_LOG for debugging qtest testcases

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoblkdebug: report errors on flush too
Paolo Bonzini [Mon, 4 Aug 2014 21:11:02 +0000 (17:11 -0400)]
blkdebug: report errors on flush too

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoMerge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
Peter Maydell [Fri, 15 Aug 2014 16:43:51 +0000 (17:43 +0100)]
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

post-2.1 bugfixes

A bunch of fixes that missed 2.1 by a small margin.
If we do 2.1.1, some of these would be good candidates,
added Cc qemu-stable as appropriate.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Thu 14 Aug 2014 17:07:25 BST using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"

* remotes/mst/tags/for_upstream:
  pc: Get rid of pci-info leftovers
  e1000: use symbolic constants to init phy ctrl & status registers
  e1000: correctly handle phy_ctrl reserved & self-clearing bits
  ivshmem: fix building when debug mode is enabled
  acpi: align RSDP
  numa: show hex number in error message for consistency and prefix them with 0x
  pc-dimm: fix up error message
  pc-dimm: validate node property
  hw:i386: typo fix: MEMORY_HOPTLUG_DEVICE -> MEMORY_HOTPLUG_DEVICE
  hw/audio/intel-hda: Fix MSI capability address
  pc: Create 2.2 machine type
  pci: Use bus master address space for delivering MSI/MSI-X messages

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agoMerge remote-tracking branch 'remotes/stefanha/tags/tracing-pull-request' into staging
Peter Maydell [Fri, 15 Aug 2014 15:37:17 +0000 (16:37 +0100)]
Merge remote-tracking branch 'remotes/stefanha/tags/tracing-pull-request' into staging

Tracing pull request

* remotes/stefanha/tags/tracing-pull-request:
  virtio-rng: add some trace events
  trace: add some tcg tracing support
  trace: teach lttng backend to use format strings
  trace: [tcg] Include TCG-tracing header on all targets
  trace: [tcg] Include event definitions in "trace.h"
  trace: [tcg] Generate TCG tracing routines
  trace: [tcg] Include TCG-tracing helpers
  trace: [tcg] Define TCG tracing helper routine wrappers
  trace: [tcg] Define TCG tracing helper routines
  trace: [tcg] Declare TCG tracing helper routines
  trace: [tcg] Add 'tcg' event property
  trace: [tcg] Argument type transformation machinery
  trace: [tcg] Argument type transformation rules
  trace: [tcg] Add documentation
  trace: install simpletrace SystemTap tapset
  simpletrace: add simpletrace.py --no-header option
  trace: add tracetool simpletrace_stap format
  trace: extract stap_escape() function for reuse

Conflicts:
Makefile.objs

10 years agoivshmem: check the value returned by fstat()
zhanghailiang [Thu, 14 Aug 2014 07:29:15 +0000 (15:29 +0800)]
ivshmem: check the value returned by fstat()

The function fstat() may fail, so check its return value.

Acked-by: Levente Kurusa <lkurusa@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
10 years agol2cap: fix access to freed memory
zhanghailiang [Thu, 14 Aug 2014 07:29:12 +0000 (15:29 +0800)]
l2cap: fix access to freed memory

Pointer 'ch' will be used in function 'l2cap_channel_open_req_msg' after
it was previously freed in 'l2cap_channel_open'.
Assigned it to NULL after it is freed.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
10 years agointc: i8259: Convert Array allocation to g_new0
Peter Crosthwaite [Fri, 15 Aug 2014 08:15:44 +0000 (01:15 -0700)]
intc: i8259: Convert Array allocation to g_new0

To be more array friendly and to indicate the IRQs are initially
disconnected.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
10 years agoppc: convert g_new(qemu_irq usages to g_new0
Peter Crosthwaite [Fri, 15 Aug 2014 08:15:10 +0000 (01:15 -0700)]
ppc: convert g_new(qemu_irq usages to g_new0

To indicate the IRQs are initially disconnected.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
10 years agossi: xilinx_spi: Initialise CS GPIOs as NULL
Peter Crosthwaite [Fri, 15 Aug 2014 08:14:36 +0000 (01:14 -0700)]
ssi: xilinx_spi: Initialise CS GPIOs as NULL

To properly indicate they are unconnected.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
10 years agovl: free err
Hu Tao [Fri, 15 Aug 2014 10:13:59 +0000 (18:13 +0800)]
vl: free err

err is not freed after use, thus causing memory leak. This patch fixes
it.

Signed-off-by: Hu Tao <hutao@cn.fujitsu.com>
Cc: qemu-trivial@nongnu.org
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
10 years agoqemu-options.hx: fix typo about l2tpv3
Gonglei [Thu, 14 Aug 2014 06:35:48 +0000 (14:35 +0800)]
qemu-options.hx: fix typo about l2tpv3

two duplicate destport description.

s/destport/srcport/, s/destination/source/

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
10 years agovmxnet3: don't use 'Yoda conditions'
Gonglei [Mon, 11 Aug 2014 13:00:58 +0000 (21:00 +0800)]
vmxnet3: don't use 'Yoda conditions'

imitate nearby code about using '!value' or 'value == NULL'

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
10 years agovl: don't use 'Yoda conditions'
Gonglei [Mon, 11 Aug 2014 13:00:57 +0000 (21:00 +0800)]
vl: don't use 'Yoda conditions'

imitate nearby code about using '!value' or 'value == NULL'

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
10 years agospice: don't use 'Yoda conditions'
Gonglei [Mon, 11 Aug 2014 13:00:56 +0000 (21:00 +0800)]
spice: don't use 'Yoda conditions'

imitate nearby code about using '!value' or 'value == NULL'

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
10 years agodon't use 'Yoda conditions'
Gonglei [Mon, 11 Aug 2014 13:00:55 +0000 (21:00 +0800)]
don't use 'Yoda conditions'

imitate nearby code about using '!value' or 'value == NULL'

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
10 years agoisa-bus: don't use 'Yoda conditions'
Gonglei [Mon, 11 Aug 2014 13:00:54 +0000 (21:00 +0800)]
isa-bus: don't use 'Yoda conditions'

imitate nearby code about using '!value' or 'value == NULL'

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
10 years agoaudio: don't use 'Yoda conditions'
Gonglei [Mon, 11 Aug 2014 13:00:53 +0000 (21:00 +0800)]
audio: don't use 'Yoda conditions'

imitate nearby code about using '!value' or 'value == NULL'

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
10 years agousb: don't use 'Yoda conditions'
Gonglei [Mon, 11 Aug 2014 13:00:52 +0000 (21:00 +0800)]
usb: don't use 'Yoda conditions'

imitate nearby code about using '!value' or 'value == NULL'

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>