Peter Maydell [Mon, 5 Dec 2011 14:09:18 +0000 (14:09 +0000)]
hw/mpcore.c: Merge with hw/arm11mpcore.c
hw/mpcore.c is now implementing only ARM11MPCore specific peripherals,
and is #included only from hw/arm11mpcore.c, so just merge it into that
file.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Thu, 1 Dec 2011 21:16:34 +0000 (21:16 +0000)]
hw/a9mpcore.c: Implement A9MP peripherals rather than 11MPcore ones
Implement the A9MP private peripheral region correctly, rather
than piggybacking on the 11MPCore code; the two CPUs are not the
same in this area.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Mon, 5 Dec 2011 13:49:18 +0000 (13:49 +0000)]
hw/mpcore: Clean up mpcore_priv_read/write as they are now SCU only
The only code left in mpcore_priv_read and mpcore_priv_write is now
the implementation of the SCU registers. Clean up by renaming functions
and removing some unnecessary conditionals to make this clearer.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Mon, 5 Dec 2011 13:44:14 +0000 (13:44 +0000)]
hw/realview_gic: Use GIC memory region for the CPU interface
Use the GIC provided memory region for the CPU interface rather
than implementing our own.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Mon, 5 Dec 2011 13:43:26 +0000 (13:43 +0000)]
hw/mpcore.c: Use the GIC memory regions for the CPU interface
Switch to using the GIC memory regions for the CPU interface
rather than hand implementing them as a subcase of mpcore_priv_read()
and mpcore_priv_write().
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Mon, 5 Dec 2011 12:52:33 +0000 (12:52 +0000)]
hw/arm_gic: Expose GIC CPU interfaces as sysbus memory regions
Expose the ARM GIC CPU interfaces as memory regions, rather than
just providing read and write functions for them.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Mon, 5 Dec 2011 15:47:49 +0000 (15:47 +0000)]
hw/arm_mptimer.c: Turn ARM MPcore private timers into qdev devices
Turn the ARM MPcore private timer/watchdog blocks into separate
qdev devices. This will allow us to share them neatly between
11MPCore and A9MPcore.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Chubb [Mon, 12 Dec 2011 10:25:42 +0000 (10:25 +0000)]
Fix sp804 dual-timer
Properly implement dual-timer read/write for the sp804 dual timer module.
Based on ARM specs at
http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0271d/index.html
Signed-off-by: Hans Jang <hsjang@ok-labs.com>
Signed-off-by: David Mirabito <david.mirabito@nicta.com.au>
Signed-off-by: Peter Chubb <peter.chubb@nicta.com.au>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
malc [Mon, 12 Dec 2011 00:12:31 +0000 (04:12 +0400)]
Merge branch 'master' of git://git.qemu.org/qemu
Anthony Liguori [Sun, 11 Dec 2011 23:49:23 +0000 (17:49 -0600)]
Update README
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
malc [Sun, 11 Dec 2011 20:47:40 +0000 (00:47 +0400)]
Merge branch 'master' of git://git.qemu.org/qemu
Andreas Gustafsson [Sun, 11 Dec 2011 20:46:32 +0000 (00:46 +0400)]
target-i386: fix cmpxchg instruction emulation
When the i386 cmpxchg instruction is executed with a memory operand
and the comparison result is "unequal", do the memory write before
changing the accumulator instead of the other way around, because
otherwise the new accumulator value will incorrectly be used in the
comparison when the instruction is restarted after a page fault.
This bug was originally reported on 2010-04-25 as
https://bugs.launchpad.net/qemu/+bug/569760
Signed-off-by: Andreas Gustafsson <gson@gson.org>
Stefan Weil [Sat, 3 Dec 2011 21:32:37 +0000 (22:32 +0100)]
w32: Disable buffering for log file
W32 does not support line buffering, but it supports unbuffered output.
Unbuffered output is better for writing to qemu.log than fully buffered
output because it also shows the latest log messages when an application
crash occurs.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Stefan Weil [Sat, 3 Dec 2011 21:32:21 +0000 (22:32 +0100)]
w32: QEMU applications with SDL are always GUI applications
Since commit
1d14ffa97eacd3cb722271eaf6f093038396eac4 (in 2005),
QEMU applications on W32 don't use the default SDL compiler flags:
Instead of a GUI application, a console application is created.
This has disadvantages (there is always an empty console window) and
no obvious reason, so this patch removes the strange flag modification.
The SDL GUI applications still can be run from a console window
and even send stdout and stderr to that console by setting environment
variable SDL_STDIO_REDIRECT=no.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Brad [Tue, 29 Nov 2011 00:53:49 +0000 (19:53 -0500)]
configure: Enable build by default PIE / read-only relocation sections on OpenBSD amd64/i386.
Enable build by default PIE / read-only relocation sections for the QEMU
binaries on OpenBSD amd64/i386.
Signed-off-by: Brad Smith <brad@comstyle.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Stefan Weil [Mon, 21 Nov 2011 20:06:22 +0000 (21:06 +0100)]
bsd_user: Fix potential null pointer dereference
This bug was spotted by cppcheck.
Using g_try_malloc0 (as does the linux-user code) fixes this.
v2:
Use g_free in bsdload.c, too. Thanks to Peter Maydell for this hint.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Peter Maydell [Thu, 1 Dec 2011 18:37:17 +0000 (19:37 +0100)]
hw/arm_gic.c: Ignore attempts to complete nonexistent IRQs
Ignore attempts to complete non-existent IRQs; this fixes a buffer
overrun if the guest writes a bad value to the GICC_EOIR register.
(This case is UNPREDICTABLE so ignoring it is a valid choice.)
Note that doing nothing if the guest writes 1023 to this register
is not in fact a change in behaviour: the old code would also
always do nothing in this case but in a non-obvious way.
(The buffer overrun was noted by Coverity, see bug 887883.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Peter Maydell [Wed, 30 Nov 2011 09:57:48 +0000 (10:57 +0100)]
configure: Drop armv4l/armv4b distinction in $cpu
Drop the distinction between armv4l/armv4b in the $cpu variable
(ie host cpu type) in favour of calling everything 'arm'. This
makes it the same as the ARCH setting and removes some special
casing. The only thing we were using the distinction for was to
decide which endianness to use in cross compilation; do a cpp
define check there instead.
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
David Gibson [Tue, 29 Nov 2011 06:21:39 +0000 (07:21 +0100)]
pseries: Fix array overrun bug in PCI code
spapr_populate_pci_devices() containd a loop with PCI_NUM_REGIONS (7)
iterations. However this overruns the 'bars' global array, which only has
6 elements. In fact we only want to run this loop for things listed in the
bars array, so this patch corrects the loop bounds to reflect that.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Peter Maydell [Fri, 25 Nov 2011 18:25:50 +0000 (19:25 +0100)]
target-arm/helper.c: Don't allocate TCG resources unless TCG enabled
Don't call arm_translate_init() (which allocates TCG resources)
unless TCG is enabled.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Peter Maydell [Thu, 24 Nov 2011 18:33:31 +0000 (19:33 +0100)]
target-arm/translate.c: Fix slightly misleading comment in Thumb decoder
Clarify some slightly misleading comments in the Thumb decoder's
handling of the memory hint space -- in particular one code path
marked as 'UNPREDICTABLE or unallocated hint' also includes some
legitimate preload instructions.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Peter Chubb [Tue, 22 Nov 2011 03:20:23 +0000 (04:20 +0100)]
Fix hw_error messages from arm_timer.c
Two of the calls to hw_error() in arm_timer.c contain the wrong function name.
As suggested by Andreas Färber, use the C99 standard __func__ macro to
get the correct name, instead of putting the name directly into the code.
Signed-off-by: Peter Chubb <peter.chubb@nicta.com.au>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Anthony Liguori [Mon, 5 Dec 2011 15:39:25 +0000 (09:39 -0600)]
Merge remote-tracking branch 'kwolf/for-anthony' into staging
Anthony Liguori [Mon, 5 Dec 2011 15:37:49 +0000 (09:37 -0600)]
Merge remote-tracking branch 'aneesh/1.0-fixes' into staging
Anthony Liguori [Mon, 5 Dec 2011 14:44:33 +0000 (08:44 -0600)]
Merge remote-tracking branch 'stefanha/trivial-patches' into staging
Anthony Liguori [Mon, 5 Dec 2011 14:43:38 +0000 (08:43 -0600)]
Merge remote-tracking branch 'qemu-kvm/memory/batch' into staging
Anthony Liguori [Mon, 5 Dec 2011 14:39:02 +0000 (08:39 -0600)]
Update version for 1.1 development branch
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Stefan Hajnoczi [Wed, 30 Nov 2011 12:23:43 +0000 (12:23 +0000)]
block: convert qemu_aio_flush() calls to bdrv_drain_all()
Many places in QEMU call qemu_aio_flush() to complete all pending
asynchronous I/O. Most of these places actually want to drain all block
requests but there is no block layer API to do so.
This patch introduces the bdrv_drain_all() API to wait for requests
across all BlockDriverStates to complete. As a bonus we perform checks
after qemu_aio_wait() to ensure that requests really have finished.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Hajnoczi [Wed, 30 Nov 2011 12:23:42 +0000 (12:23 +0000)]
block: wait_for_overlapping_requests() deadlock detection
Debugging a reentrant request deadlock was fun but in the future we need
a quick and obvious way of detecting such bugs. Add an assert that
checks we are not about to deadlock when waiting for another request.
Suggested-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Hajnoczi [Tue, 29 Nov 2011 13:49:51 +0000 (13:49 +0000)]
block: implement bdrv_co_is_allocated() boundary cases
Cases beyond the end of the disk image are only implemented for block
drivers that do not provide .bdrv_co_is_allocated(). It's worth making
these cases generic so that block drivers that do implement
.bdrv_co_is_allocated() also get them for free.
Suggested-by: Mark Wu <wudxw@linux.vnet.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Kevin Wolf [Thu, 24 Nov 2011 11:15:28 +0000 (06:15 -0500)]
dma-helpers: Add trace events
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Stefan Hajnoczi [Wed, 23 Nov 2011 15:00:04 +0000 (15:00 +0000)]
cow: use bdrv_co_is_allocated()
Now that bdrv_co_is_allocated() is available we can use it instead of
the synchronous bdrv_is_allocated() interface. This is a follow-up that
Kevin Wolf <kwolf@redhat.com> pointed out after applying the series that
introduces bdrv_co_is_allocated().
It is safe to make cow_read() a coroutine_fn because its only caller is
a coroutine_fn.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Hajnoczi [Thu, 17 Nov 2011 13:40:32 +0000 (13:40 +0000)]
block: add -drive copy-on-read=on|off
This patch adds the -drive copy-on-read=on|off command-line option:
copy-on-read=on|off
copy-on-read is "on" or "off" and enables whether to copy read backing
file sectors into the image file. Copy-on-read avoids accessing the
same backing file sectors repeatedly and is useful when the backing
file is over a slow network. By default copy-on-read is off.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Hajnoczi [Thu, 17 Nov 2011 13:40:31 +0000 (13:40 +0000)]
block: core copy-on-read logic
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Hajnoczi [Wed, 23 Nov 2011 11:47:56 +0000 (11:47 +0000)]
block: request overlap detection
Detect overlapping requests and remember to align to cluster boundaries
if the image format uses them. This assumes that allocating I/O is
performed in cluster granularity - which is true for qcow2, qed, etc.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Hajnoczi [Thu, 17 Nov 2011 13:40:29 +0000 (13:40 +0000)]
block: wait for overlapping requests
When copy-on-read is enabled it is necessary to wait for overlapping
requests before issuing new requests. This prevents races between the
copy-on-read and a write request.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Hajnoczi [Mon, 28 Nov 2011 16:08:47 +0000 (16:08 +0000)]
block: add interface to toggle copy-on-read
The bdrv_enable_copy_on_read()/bdrv_disable_copy_on_read() functions can
be used to programmatically enable or disable copy-on-read for a block
device. Later patches add the actual copy-on-read logic.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Hajnoczi [Thu, 17 Nov 2011 13:40:27 +0000 (13:40 +0000)]
block: add request tracking
The block layer does not know about pending requests. This information
is necessary for copy-on-read since overlapping requests must be
serialized to prevent races that corrupt the image.
The BlockDriverState gets a new tracked_request list field which
contains all pending requests. Each request is a BdrvTrackedRequest
record with sector_num, nb_sectors, and is_write fields.
Note that request tracking is always enabled but hopefully this extra
work is so small that it doesn't justify adding an enable/disable flag.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Hajnoczi [Thu, 17 Nov 2011 13:40:26 +0000 (13:40 +0000)]
coroutine: add qemu_co_queue_restart_all()
It's common to wake up all waiting coroutines. Introduce the
qemu_co_queue_restart_all() function to do this instead of looping over
qemu_co_queue_next() in every caller.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Hajnoczi [Thu, 17 Nov 2011 13:40:25 +0000 (13:40 +0000)]
qemu-common: add QEMU_ALIGN_DOWN() and QEMU_ALIGN_UP() macros
Add macros for aligning a number to a multiple, for example:
QEMU_ALIGN_DOWN(500, 2000) = 0
QEMU_ALIGN_UP(500, 2000) = 2000
Since ALIGN_UP() is a common macro name use the QEMU_* namespace prefix.
Hopefully this will protect us from included headers that leak something
with a similar name.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Hajnoczi [Mon, 14 Nov 2011 12:44:26 +0000 (12:44 +0000)]
block: add bdrv_co_is_allocated() interface
This patch introduces the public bdrv_co_is_allocated() interface which
can be used to query image allocation status while the VM is running.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Hajnoczi [Mon, 14 Nov 2011 12:44:25 +0000 (12:44 +0000)]
block: drop .bdrv_is_allocated() interface
Now that all block drivers have been converted to
.bdrv_co_is_allocated() we can drop .bdrv_is_allocated().
Note that the public bdrv_is_allocated() interface is still available
but is in fact a synchronous wrapper around .bdrv_co_is_allocated().
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Hajnoczi [Mon, 14 Nov 2011 12:44:24 +0000 (12:44 +0000)]
cow: convert to .bdrv_co_is_allocated()
The cow block driver does not keep internal state for cluster lookups.
This means it is safe to perform cluster lookups in coroutine context
without risk of race conditions that corrupt internal state.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Hajnoczi [Mon, 14 Nov 2011 12:44:23 +0000 (12:44 +0000)]
vdi: convert to .bdrv_co_is_allocated()
It is trivial to switch from the synchronous .bdrv_is_allocated()
interface to .bdrv_co_is_allocated() since vdi_is_allocated() does not
block.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Hajnoczi [Mon, 14 Nov 2011 12:44:22 +0000 (12:44 +0000)]
vvfat: convert to .bdrv_co_is_allocated()
It is trivial to switch from the synchronous .bdrv_is_allocated()
interface to .bdrv_co_is_allocated() since vvfat_is_allocated() does not
block.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Hajnoczi [Mon, 14 Nov 2011 12:44:21 +0000 (12:44 +0000)]
block: convert qcow2, qcow2, and vmdk to .bdrv_co_is_allocated()
The qcow2, qcow, and vmdk block drivers are based on coroutines. They have a
coroutine mutex which protects internal state. We can convert the
.bdrv_is_allocated() function to .bdrv_co_is_allocated() by holding the mutex
around the cluster lookup operation.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Hajnoczi [Mon, 14 Nov 2011 12:44:20 +0000 (12:44 +0000)]
qed: convert to .bdrv_co_is_allocated()
The bdrv_qed_is_allocated() function is a synchronous wrapper around
qed_find_cluster(), which performs the cluster lookup. In order to
convert the synchronous function to a coroutine function we yield
instead of using qemu_aio_wait(). Note that QED's cache is already safe
for parallel requests so no locking is needed.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Hajnoczi [Mon, 14 Nov 2011 12:44:19 +0000 (12:44 +0000)]
block: add .bdrv_co_is_allocated()
This patch adds the .bdrv_co_is_allocated() interface which is identical
to .bdrv_is_allocated() but runs in coroutine context. Running in
coroutine context implies that other coroutines might be performing I/O
at the same time. Therefore it must be safe to run while the following
BlockDriver functions are in-flight:
.bdrv_co_readv()
.bdrv_co_writev()
.bdrv_co_flush()
.bdrv_co_is_allocated()
The new .bdrv_co_is_allocated() interface is useful because it can be
used when a VM is running, whereas .bdrv_is_allocated() is a synchronous
interface that does not cope with parallel requests.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Hajnoczi [Mon, 14 Nov 2011 12:44:18 +0000 (12:44 +0000)]
block: use public bdrv_is_allocated() interface
There is no need for bdrv_commit() to use the BlockDriver
.bdrv_is_allocated() interface directly. Converting to the public
interface gives us the freedom to drop .bdrv_is_allocated() entirely in
favor of a new .bdrv_co_is_allocated() in the future.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Kevin Wolf [Wed, 16 Nov 2011 16:30:33 +0000 (17:30 +0100)]
qcow2: Fix error path in qcow2_snapshot_load_tmp
If the bdrv_read() of the snapshot's L1 table fails, return the right
error code and make sure that the old L1 table is still loaded and we
don't break the BlockDriverState completely.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Kevin Wolf [Wed, 16 Nov 2011 16:22:10 +0000 (17:22 +0100)]
qcow2: Fix order in qcow2_snapshot_delete
First the snapshot must be deleted and only then the refcounts can be
decreased.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Kevin Wolf [Wed, 16 Nov 2011 14:20:45 +0000 (15:20 +0100)]
qcow2: Fix order of refcount updates in qcow2_snapshot_goto
The refcount updates must be moved so that in the worst case we can get
cluster leaks, but refcounts may never be too low.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Kevin Wolf [Wed, 16 Nov 2011 14:04:11 +0000 (15:04 +0100)]
qcow2: Return real error in qcow2_snapshot_goto
Besides fixing the return code, this adds some comments that make clear
how the code works and that it potentially breaks images if we fail in
the wrong place. Actually fixing this is left for the next patch.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Kevin Wolf [Wed, 16 Nov 2011 11:43:59 +0000 (12:43 +0100)]
qcow2: Rework qcow2_snapshot_create error handling
Increase refcounts only after allocating a new L1 table has succeeded in
order to make leaks less likely. If writing the snapshot table fails,
revert in-memory state to be consistent with that on disk.
While at it, make it return the real error codes instead of -1.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Kevin Wolf [Wed, 16 Nov 2011 16:46:29 +0000 (17:46 +0100)]
qcow2: Cleanups and memleak fix in qcow2_snapshot_create
sn->id_str could be leaked before this. The rest of this patch changes
comments, fixes coding style or removes checks that are unnecessary with
g_malloc.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Kevin Wolf [Fri, 18 Nov 2011 17:27:00 +0000 (18:27 +0100)]
qcow2: Update snapshot table information at once
Failing in the middle wouldn't help with the integrity of the image, so
doing everything in a single request seems better.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Kevin Wolf [Wed, 16 Nov 2011 11:00:59 +0000 (12:00 +0100)]
qcow2: Return real error code in qcow2_write_snapshots
Doesn't immediately fix anything as the callers don't use the return
value, but they will be fixed next.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Kevin Wolf [Wed, 16 Nov 2011 10:43:28 +0000 (11:43 +0100)]
qcow2: Return real error code in qcow2_read_snapshots
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Dong Xu Wang [Thu, 10 Nov 2011 08:23:22 +0000 (16:23 +0800)]
block: Add coroutine_fn marker to coroutine functions
Looks better when reviewing these source files.
Signed-off-by: Dong Xu Wang <wdongxu@linux.vnet.ibm.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Zhi Yong Wu [Tue, 8 Nov 2011 05:00:31 +0000 (13:00 +0800)]
hmp/qmp: add block_set_io_throttle
Signed-off-by: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Zhi Yong Wu [Tue, 8 Nov 2011 05:00:14 +0000 (13:00 +0800)]
block: add I/O throttling algorithm
Signed-off-by: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Zhi Yong Wu [Thu, 3 Nov 2011 08:57:26 +0000 (16:57 +0800)]
CoQueue: introduce qemu_co_queue_wait_insert_head
Signed-off-by: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Zhi Yong Wu [Thu, 3 Nov 2011 08:57:25 +0000 (16:57 +0800)]
block: add the blockio limits command line support
Signed-off-by: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Li Zhi Hui [Tue, 8 Nov 2011 06:21:13 +0000 (14:21 +0800)]
block: Use bdrv functions to replace file operation in cow.c
Since common file operation functions lack of error detection,
so change them to bdrv series functions.
Signed-off-by: Li Zhi Hui <zhihuili@linux.vnet.ibm.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Paolo Bonzini [Fri, 28 Oct 2011 16:03:58 +0000 (18:03 +0200)]
xen_disk: remove dead code
Xen_disk.c has support for using synchronous I/O instead of asynchronous,
but it is compiled out by default. Remove it.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Zhi Yong Wu [Tue, 1 Nov 2011 08:04:32 +0000 (16:04 +0800)]
qed: adjust the way to get nb_sectors
This patch is only to refactor some lines of codes to get better and more robust codes.
As you have seen, in qed_read_table_cb() it's nice to
use qiov->size because that function doesn't obviously use a single
struct iovec.
In other two functions, if qiov use more than one struct iovec, the existing way will get wrong nb_sectors.
To make the code more robust, it will be nicer to refactor the existing way as below.
Signed-off-by: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com>
Acked-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Hajnoczi [Wed, 30 Nov 2011 12:23:41 +0000 (12:23 +0000)]
qcow2: avoid reentrant bdrv_read() in copy_sectors()
A BlockDriverState should not issue requests on itself through the
public block layer interface. Nested, or reentrant, requests are
problematic because they do I/O throttling and request tracking twice.
Features like block layer copy-on-read use request tracking to avoid
race conditions between concurrent requests. The reentrant request will
have to "wait" for its parent request to complete. But the parent is
waiting for the reentrant request to make progress so we have reached
deadlock.
The solution is for block drivers to avoid the public block layer
interfaces for reentrant requests. Instead they should call their own
internal functions if they wish to perform reentrant requests.
This is also a good opportunity to make copy_sectors() a true
coroutine_fn. That means calling bdrv_co_writev() instead of
bdrv_write(). Behavior is unchanged but we're being explicit that this
executes in coroutine context.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Kevin Wolf [Mon, 19 Sep 2011 09:26:48 +0000 (11:26 +0200)]
qcow2: Unlock during COW
Unlocking during COW allows for more parallelism. One change it requires is
that buffers are dynamically allocated instead of just using a per-image
buffer.
While touching the code, drop the synchronous qcow2_read() function and replace
it by a bdrv_read() call.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Aneesh Kumar K.V [Sun, 4 Dec 2011 17:05:28 +0000 (22:35 +0530)]
hw/9pfs: Use the correct file descriptor in Fsdriver Callback
Fsdriver callback that operate on file descriptor need to
differentiate between directory fd and file fd.
Based on the original patch from Sassan Panahinejad <sassan@sassan.me.uk>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Aneesh Kumar K.V [Sun, 4 Dec 2011 17:05:28 +0000 (22:35 +0530)]
hw/9pfs: Add qdev.reset callback for virtio-9p-pci device
Add the device reset callback
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Deepak C Shetty [Sun, 4 Dec 2011 17:05:28 +0000 (22:35 +0530)]
hw/9pfs: Reset server state during TVERSION
As per the 9p rfc, during TVERSION its necessary to clean all the active
fids, so that we start the session from a clean state. Its also needed in
scenarios where the guest is booting off 9p, and boot fails, and client
restarts, without any knowledge of the past, it will issue a TVERSION again
so this ensures that we always start from a clean state.
Signed-off-by: Deepak C Shetty <deepakcs@linux.vnet.ibm.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Aneesh Kumar K.V [Sun, 4 Dec 2011 17:05:28 +0000 (22:35 +0530)]
hw/9pfs: use migration blockers to prevent live migration when virtfs export path is mounted
Now when you try to migrate with VirtFS export path mounted, you get a proper QMP error:
(qemu) migrate tcp:localhost:4444
Migration is disabled when VirtFS export path '/tmp/' is mounted in the guest using mount_tag 'v_tmp'
(qemu)
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Aneesh Kumar K.V [Sun, 4 Dec 2011 17:05:27 +0000 (22:35 +0530)]
hw/9pfs: Improve portability to older systems
handle fs driver require a set of newly added syscalls. Don't
Compile handle FS driver if those syscalls are not available.
Instead of adding #ifdef for all those syscalls we check for
open by handle syscall. If that is available then rest of the
syscalls used by the driver should be available.
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Dong Xu Wang [Tue, 22 Nov 2011 10:06:26 +0000 (18:06 +0800)]
fix spelling in main directory
Signed-off-by: Dong Xu Wang <wdongxu@linux.vnet.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Dong Xu Wang [Tue, 22 Nov 2011 10:06:25 +0000 (18:06 +0800)]
fix spelling in block sub directory
Cc: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Dong Xu Wang <wdongxu@linux.vnet.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Dong Xu Wang [Tue, 22 Nov 2011 10:06:24 +0000 (18:06 +0800)]
fix spelling in ui sub directory
Cc: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Dong Xu Wang <wdongxu@linux.vnet.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Dong Xu Wang [Tue, 22 Nov 2011 10:06:23 +0000 (18:06 +0800)]
fix spelling in tests sub directory
Signed-off-by: Dong Xu Wang <wdongxu@linux.vnet.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Dong Xu Wang [Tue, 22 Nov 2011 10:06:22 +0000 (18:06 +0800)]
fix spelling in tcg sub directory
Signed-off-by: Dong Xu Wang <wdongxu@linux.vnet.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Dong Xu Wang [Tue, 22 Nov 2011 10:06:21 +0000 (18:06 +0800)]
fix spelling in target sub directory
Cc: Richard Henderson <rth@twiddle.net>
Cc: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Cc: Alexander Graf <agraf@suse.de>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Cc: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Dong Xu Wang <wdongxu@linux.vnet.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Dong Xu Wang [Tue, 22 Nov 2011 10:06:20 +0000 (18:06 +0800)]
fix spelling in scripts sub directory
Signed-off-by: Dong Xu Wang <wdongxu@linux.vnet.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Dong Xu Wang [Tue, 22 Nov 2011 10:06:19 +0000 (18:06 +0800)]
fix spelling in QMP sub directory
Cc: Markus Armbruster <armbru@redhat.com>
Acked-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Dong Xu Wang <wdongxu@linux.vnet.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Dong Xu Wang [Tue, 22 Nov 2011 10:06:18 +0000 (18:06 +0800)]
fix spelling in libcacard sub directory
Signed-off-by: Dong Xu Wang <wdongxu@linux.vnet.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Dong Xu Wang [Tue, 22 Nov 2011 10:06:17 +0000 (18:06 +0800)]
fix spelling in linux-user sub directory
Cc: Riku Voipio <riku.voipio@iki.fi>
Signed-off-by: Dong Xu Wang <wdongxu@linux.vnet.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Dong Xu Wang [Tue, 22 Nov 2011 10:06:16 +0000 (18:06 +0800)]
fix spelling in darwin-user sub directory
Signed-off-by: Dong Xu Wang <wdongxu@linux.vnet.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Stefan Weil [Sat, 19 Nov 2011 19:18:39 +0000 (20:18 +0100)]
darwin-user: Fix format string in debug message
This was spotted by cppcheck.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Peter Maydell [Wed, 9 Nov 2011 19:45:38 +0000 (19:45 +0000)]
MAINTAINERS: Delete spurious '.'
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Markus Armbruster [Wed, 9 Nov 2011 08:52:55 +0000 (09:52 +0100)]
qxl: Don't convert from size_t to int and back in qxl_cursor()
Just for cleanliness; it would take a truly gigantic cursor to break.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Hervé Poussineau [Sun, 6 Nov 2011 21:48:50 +0000 (22:48 +0100)]
sonic: fix typo
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Anthony Liguori [Thu, 1 Dec 2011 20:04:21 +0000 (14:04 -0600)]
Update version for 1.0 release
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Michael Roth [Tue, 29 Nov 2011 22:47:49 +0000 (16:47 -0600)]
Makefile: use full path for qapi-generated directory
Generally $(BUILD_DIR) == $(CURDIR), but that isn't necessarilly the
case, so use $(BUILD_DIR)/qapi-generated for generated files to
avoid potentionally sticking generating files in odd places outside
the build's include paths.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Michael Roth [Tue, 29 Nov 2011 22:47:48 +0000 (16:47 -0600)]
qapi: fix guardname generation
Fix a bug in handling dotted paths, and exclude directory prefixes
from generated guardnames to avoid odd/pseudo-random guardnames in
generated headers.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Anthony Liguori [Mon, 28 Nov 2011 17:37:57 +0000 (11:37 -0600)]
Update version for 1.0-rc4
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Markus Armbruster [Mon, 28 Nov 2011 19:27:37 +0000 (20:27 +0100)]
ccid: Fix buffer overrun in handling of VSC_ATR message
ATR size exceeding the limit is diagnosed, but then we merrily use it
anyway, overrunning card->atr[].
The message is read from a character device. Obvious security
implications unless the other end of the character device is trusted.
Spotted by Coverity. CVE-2011-4111.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Anthony Liguori [Mon, 28 Nov 2011 18:45:28 +0000 (12:45 -0600)]
Revert "fix out of tree build"
This reverts commit
be85c90b74f56dca51782fa3080fcdf88593e045.
This patch is incorrect and breaks the build with a freshly cloned git tree.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Max Filippov [Thu, 24 Nov 2011 12:11:31 +0000 (16:11 +0400)]
configure: avoid screening of --{en, dis}able-usb-redir options
--*dir) option pattern precede --{en,dis}able-usb-redir) patterns in the
option analysis switch, making the latter options have no effect.
There were some --*dir that are supported by Autoconf and not by QEMU configure.
The aim was to let QEMU packagers use the rpm (or similar) macro that overrides
directories for their distribution.
Replace --*dir with exact option names.
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Markus Armbruster [Tue, 22 Nov 2011 08:46:06 +0000 (09:46 +0100)]
cutils: Make strtosz & friends leave follow set to callers
strtosz() & friends require the size to be at the end of the string,
or be followed by whitespace or ','. I find this surprising, because
the name suggests it works like strtol().
The check simplifies callers that accept exactly that follow set
slightly. No such callers exist.
The check is redundant for callers that accept a smaller follow set,
and thus need to check themselves anyway. Right now, this is the case
for all but one caller. All of them neglected to check, or checked
incorrectly, but the previous few commits fixed them up.
Finally, the check is problematic for callers that accept a larger
follow set. This is the case in monitor_parse_command().
Fortunately, the problems there are relatively harmless.
monitor_parse_command() uses strtosz() for argument type 'o'. When
the last argument is of type 'o', a trailing ',' is diagnosed
differently than other trailing junk:
(qemu) migrate_set_speed 1x
invalid size
(qemu) migrate_set_speed 1,
migrate_set_speed: extraneous characters at the end of line
A related inconsistency exists with non-last arguments. No such
command exists, but let's use memsave to explore the inconsistency.
The monitor permits, but does not require whitespace between
arguments. For instance, "memsave (1-1)1024foo" is parsed as command
memsave with three arguments 0, 1024 and "foo". Yes, this is daft,
but at least it's consistently daft.
If I change memsave's second argument from 'i' to 'o', then "memsave
(1-1)1foo" is rejected, because the size is followed by an 'f'. But
"memsave (1-1)1," is still accepted, and duly saves to file ",".
We don't have any users of strtosz that profit from the check. In the
users we have, it appears to encourage sloppy error checking, or gets
in the way. Drop the bothersome check.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Markus Armbruster [Tue, 22 Nov 2011 08:46:05 +0000 (09:46 +0100)]
qemu-img: Tighten parsing of size arguments
strtosz_suffix() fails unless the size is followed by 0, whitespace or
','. Useless here, because we need to fail for any junk following the
size, even if it starts with whitespace or ','. Check manually.
Things like "qemu-img create xxx 1024," and "qemu-img convert -S '1024
junk'" are now caught.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Markus Armbruster [Tue, 22 Nov 2011 08:46:04 +0000 (09:46 +0100)]
x86/cpuid: Tighten parsing of tsc_freq=FREQ
cpu_x86_find_by_name() uses strtosz_suffix_unit(), but screws up the
error checking. It detects some failures, but not all. Undetected
failures result in a zero tsc_khz value (error value -1 divided by
1000), which means "no tsc_freq set".
To reproduce, try "-cpu qemu64,tsc_freq=9999999T".
strtosz_suffix_unit() fails, because the value overflows int64_t,
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Markus Armbruster [Tue, 22 Nov 2011 08:46:03 +0000 (09:46 +0100)]
vl: Tighten parsing of -m argument
strtosz_suffix() fails unless the size is followed by 0, whitespace or
','. Useless here, because we need to fail for any junk following the
size, even if it starts with whitespace or ','. Check manually.
Things like "-m 1024," are now caught.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Markus Armbruster [Tue, 22 Nov 2011 08:46:02 +0000 (09:46 +0100)]
vl: Tighten parsing of -numa's parameter mem
strtosz_suffix() fails unless the size is followed by 0, whitespace or
','. Useless here, because we need to fail for any junk following the
size, even if it starts with whitespace or ','. Check manually.
Things like
-smp 4 -numa "node,mem=1024,cpus=0-1" -numa "node,mem=1024 cpus=2-3"
are now caught. Before, the second -numa's argument was silently
interpreted as just "node,mem=1024".
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
projects / sdk / emulator / qemu.git / log