review.tizen.org Git - sdk/emulator/qemu.git/log

target-ppc/fpu_helper: fix FPSCR_FX bit shift operation

Currently in TCG mode, updating floating exception
summary bit (FPSCR_FX) in fpscr also updates
the upper 32bits of fpscr with all 1s.
Modify the bit shift operation statement to use
1ULL instead.

Signed-off-by: Madhavan Srinivasan <maddy@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

target-ppc: Move the FPSCR bit update macros to cpu.h

Move the FPSCR bit update macros defined in dfp_helper
to cpu.h. This way, fpu_helper functions can also use them

Signed-off-by: Madhavan Srinivasan <maddy@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

hw/ppc/ppc405_boards: Fix infinite recursion by converting taihu_cpld from old_mmio

The taihu_cpld_writel() function had an obvious typo that meant that
if it was ever called it would go into an infinite recursion. Newer
versions of clang will detect and warn about this:
hw/ppc/ppc405_boards.c:481:1: warning: all paths through this function will call itself [-Winfinite-recursion]

Fix this by converting taihu_cpld from the legacy old_mmio accessors
to new-style ones, with an impl {} declaration to cause the core
memory code to do the splitting of 16 bit and 32 bit accesses into
multiple 8-bit accesses.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

hw/ppc/spapr: Remove duplicated "pseries" alias

The "pseries" alias is currently set twice, one time for the
pseries-2.4 machine and one time for the "pseries-2.5" machine.
To avoid confusion with the alias, let's remove the one from
the older machine class. And while we're at it, also remove
the "is_default = 0" there since the is_default variable
should be set to zero by default already.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

mac_dbdma: always initialize channel field in DBDMA_channel

dbdma_from_ch() uses channel field to return the right DBDMA object.
Previous code was working if guest OS was only using registered DMA channels.
However, it lead to QEMU crashes if guest OS was using unregistered DMA channels.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging

# gpg: Signature made Fri 27 Nov 2015 02:42:02 GMT using RSA key ID 398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F  3562 EF04 965B 398D 6211

* remotes/jasowang/tags/net-pull-request:
  tap-win32: disable broken async write path
  tap-win32: skip unexpected nodes during registry enumeration
  eepro100: Prevent two endless loops

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

tap-win32: disable broken async write path

The code under the TUN_ASYNCHRONOUS_WRITES path makes two incorrect
assumptions about the behaviour of the WriteFile API for overlapped
file handles. First, WriteFile does not update the
lpNumberOfBytesWritten parameter when the write completes
asynchronously (the number of bytes written is known only when the
operation completes). Second, the buffer shouldn't be touched (or
freed) until the operation completes. This led to at least one bug
where tap_win32_write returned zero bytes written, which in turn
caused further writes ("receives") to be disabled for that device.

This change disables the asynchronous write path, while keeping most
of the code around in case someone sees value in resurrecting it. It
also adds some conditional debug output, similar to the read path.

Signed-off-by: Andrew Baumann <Andrew.Baumann@microsoft.com>
Acked-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Jason Wang <jasowang@redhat.com>

tap-win32: skip unexpected nodes during registry enumeration

In order to find a named tap device, get_device_guid() enumerates children of
HKLM\SYSTEM\CCS\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
(aka NETWORK_CONNECTIONS_KEY). For each child, it then looks for a
"Connection" subkey, but if this key doesn't exist, it aborts the
entire search. This was observed to fail on at least one Windows 10
machine, where there is an additional child of NETWORK_CONNECTIONS_KEY
(named "Descriptions"). Since registry enumeration doesn't guarantee
any particular sort order, we should continue to search for matching
children rather than aborting the search.

Signed-off-by: Andrew Baumann <Andrew.Baumann@microsoft.com>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Jason Wang <jasowang@redhat.com>

eepro100: Prevent two endless loops

http://lists.nongnu.org/archive/html/qemu-devel/2015-11/msg04592.html
shows an example how an endless loop in function action_command can
be achieved.

During my code review, I noticed a 2nd case which can result in an
endless loop.

Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Jason Wang <jasowang@redhat.com>

Update version for v2.5.0-rc2 release

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

vhost, pc: fixes for 2.5

Minor vhost fixes.  HW version tweak for PC.
Documentation and test updates.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Thu 26 Nov 2015 16:40:25 GMT using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"

* remotes/mst/tags/for_upstream:
  vhost-user-test: fix migration overlap test
  Fix memory leak on error
  Revert "vhost: send SET_VRING_ENABLE at start/stop"
  tests/vhost-user-bridge: read command line arguments
  tests/vhost-user-bridge: propose GUEST_ANNOUNCE feature
  vhost-user: clarify start and enable
  vhost-user: set link down when the char device is closed
  pc: Don't set hw_version on pc-*-2.5
  osdep: Change default value of qemu_hw_version() to "2.5+"

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

vhost-user-test: fix migration overlap test

During migration, source does GET_BASE, destination does SET_BASE.
Use that as opposed to fds being configured to detect
vhost user running on both source and destination.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

Merge remote-tracking branch 'remotes/armbru/tags/pull-monitor-2015-11-26' into staging

QMP and QObject patches

# gpg: Signature made Thu 26 Nov 2015 09:07:18 GMT using RSA key ID EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>"

* remotes/armbru/tags/pull-monitor-2015-11-26:
  qjson: Limit number of tokens in addition to total size
  qjson: surprise, allocating 6 QObjects per token is expensive
  qjson: store tokens in a GQueue
  qjson: Convert to parser to recursive descent
  qjson: replace QString in JSONLexer with GString
  qjson: Inline token_is_escape() and simplify
  qjson: Inline token_is_keyword() and simplify
  qjson: Give each of the six structural chars its own token type
  qjson: Spell out some silent assumptions
  check-qjson: Add test for JSON nesting depth limit
  qjson: Don't crash when input exceeds nesting limit
  qjson: Apply nesting limit more sanely
  monitor: Plug memory leak on QMP error

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

Small patches, without the one that introduces -fwrapv.

# gpg: Signature made Thu 26 Nov 2015 15:48:53 GMT using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"

* remotes/bonzini/tags/for-upstream:
  target-i386: kvm: Print warning when clearing mcg_cap bits
  target-i386: kvm: Use env->mcg_cap when setting up MCE
  target-i386: kvm: Abort if MCE bank count is not supported by host
  virtio-scsi: don't crash without a valid device
  target-sparc: fix 32-bit truncation in fpackfix
  exec: remove warning about mempath and hugetlbfs
  Revert "exec: silence hugetlbfs warning under qtest"
  call bdrv_drain_all() even if the vm is stopped
  MAINTAINERS: Update TCG CPU cores section

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target-i386: kvm: Print warning when clearing mcg_cap bits

Instead of silently clearing mcg_cap bits when the host doesn't
support them, print a warning when doing that.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
[Avoid \n at end of error_report. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <1448471956-66873-10-git-send-email-pbonzini@redhat.com>

target-i386: kvm: Use env->mcg_cap when setting up MCE

When setting up MCE, instead of using the MCE_*_DEF macros
directly, just filter the existing env->mcg_cap value.

As env->mcg_cap is already initialized as
MCE_CAP_DEF|MCE_BANKS_DEF at target-i386/cpu.c:mce_init(), this
doesn't change any behavior. But it will allow us to change
mce_init() in the future, to implement different defaults
depending on CPU model, machine-type or command-line parameters.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <1448471956-66873-9-git-send-email-pbonzini@redhat.com>

target-i386: kvm: Abort if MCE bank count is not supported by host

Instead of silently changing the number of banks in mcg_cap based
on kvm_get_mce_cap_supported(), abort initialization if the host
doesn't support MCE_BANKS_DEF banks.

Note that MCE_BANKS_DEF was always 10 since it was introduced in
QEMU, and Linux always returned 32 at KVM_CAP_MCE since
KVM_CAP_MCE was introduced, so no behavior is being changed and
the error can't be triggered by any Linux version. The point of
the new check is to ensure we won't silently change the bank
count if we change MCE_BANKS_DEF or make the bank count
configurable in the future.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
[Avoid Yoda condition and \n at end of error_report. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <1448471956-66873-8-git-send-email-pbonzini@redhat.com>

virtio-scsi: don't crash without a valid device

Make sure that we actually have a device when checking the aio
context. Otherwise guests could trigger QEMU crashes.

Signed-off-by: "Eugene (jno) Dvurechenski" <jno@linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Message-Id: <1448549135-6582-2-git-send-email-jno@linux.vnet.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target-sparc: fix 32-bit truncation in fpackfix

This is reported by Coverity. The algorithm description at
ftp://ftp.icm.edu.pl/packages/ggi/doc/hw/sparc/Sparc.pdf suggests
that the 32-bit parts of rs2, after the left shift, is treated
as a 64-bit integer. Bits 32 and above are used to do the
saturating truncation.

Message-Id: <1446473134-4330-1-git-send-email-pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

exec: remove warning about mempath and hugetlbfs

The gethugepagesize() method in exec.c printed a warning if
the file path for "-mem-path" or "-object memory-backend-file"
was not on a hugetlbfs filesystem. This warning is bogus, because
QEMU functions perfectly well with the path on a regular tmpfs
filesystem. Use of hugetlbfs vs tmpfs is a choice for the management
application or end user to make as best fits their needs. As such it
is inappropriate for QEMU to have an opinion on whether the user's
choice is right or wrong in this case.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <1448448749-1332-3-git-send-email-berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Revert "exec: silence hugetlbfs warning under qtest"

This reverts commit 1c7ba94a184df1eddd589d5400d879568d3e5d08.

That commit changed QEMU initialization order from

- object-initial, chardev, qtest, object-late

to

- chardev, qtest, object-initial, object-late

This breaks chardev setups which need to rely on objects
having been created. For example, when chardevs use TLS
encryption in the future, they need to have tls credential
objects created first.

This revert, restores the ordering introduced in

  commit f08f9271bfe3f19a5eb3d7a2f48532065304d5c8
  Author: Daniel P. Berrange <berrange@redhat.com>
  Date:   Wed May 13 17:14:04 2015 +0100

    vl: Create (most) objects before creating chardev backends

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <1448448749-1332-2-git-send-email-berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

call bdrv_drain_all() even if the vm is stopped

There are still I/O operations when the vm is stopped. For example,
stop the vm, and do block migration. In this case, we don't drain all
I/O operation, and may meet the following problem:

qemu-system-x86_64: migration/block.c:731: block_save_complete: Assertion `block_mig_state.submitted == 0' failed.

Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
Message-Id: <564EE92E.4070701@cn.fujitsu.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Fix memory leak on error

hw/ppc/spapr.c: Fix memory leak on error, it was introduced in bc09e0611
hw/acpi/memory_hotplug.c: Fix memory leak on error, it was introduced in 34f2af3d

Signed-off-by: Stefano Dong (董兴水) <opensource.dxs@aliyun.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

Merge remote-tracking branch 'remotes/kraxel/tags/pull-vnc-20151126-1' into staging

vnc: fix segfault

# gpg: Signature made Thu 26 Nov 2015 07:37:43 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-vnc-20151126-1:
  vnc: fix segfault

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/mdroth/tags/qga-pull-2015-11-25-v2-tag' into staging

qemu-ga patch queue for 2.5

* include additional w32 MSI install components needed for
  guest-exec
* fix 'make install' when compiling with --disable-tools
* fix potential data corruption/loss when accessing files
  bi-directionally via guest-file-{read,write}
* explicitly document how integer args for guest-file-seek map to
  SEEK_SET/SEEK_CUR/etc to avoid platform-specific differences

v2:
* fixed missing SoB

# gpg: Signature made Wed 25 Nov 2015 23:58:45 GMT using RSA key ID F108B584
# gpg: Good signature from "Michael Roth <flukshun@gmail.com>"
# gpg:                 aka "Michael Roth <mdroth@utexas.edu>"
# gpg:                 aka "Michael Roth <mdroth@linux.vnet.ibm.com>"

* remotes/mdroth/tags/qga-pull-2015-11-25-v2-tag:
  qga: added another non-interactive gspawn() helper file.
  qga: Better mapping of SEEK_* in guest-file-seek
  tests: add file-write-read test
  qga: flush explicitly when needed
  qga: gspawn() console helper to Windows guest agent msi build
  makefile: fix qemu-ga make install for --disable-tools

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Revert "vhost: send SET_VRING_ENABLE at start/stop"

This reverts commit 3a12f32229a046f4d4ab0a3a52fb01d2d5a1ab76.

In case of live migration several queues can be enabled and not only the
first one. So informing backend that only the first queue is enabled is
wrong.

Reported-by: Thibaut Collet <thibaut.collet@6wind.com>
Cc: Yuanhan Liu <yuanhan.liu@linux.intel.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>

Merge remote-tracking branch 'remotes/jnsnow/tags/ide-pull-request' into staging

# gpg: Signature made Wed 25 Nov 2015 20:25:21 GMT using RSA key ID AAFC390E
# gpg: Good signature from "John Snow (John Huston) <jsnow@redhat.com>"

* remotes/jnsnow/tags/ide-pull-request:
  ide-test: fix timeouts
  atapi: Fix code indentation
  atapi: Account for failed and invalid operations in cd_read_sector()
  ide-test: cdrom_pio_impl fixup

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

qjson: Limit number of tokens in addition to total size

Commit 29c75dd "json-streamer: limit the maximum recursion depth and
maximum token count" attempts to guard against excessive heap usage by
limiting total token size (it says "token count", but that's a lie).

Total token size is a rather imprecise predictor of heap usage: many
small tokens use more space than few large tokens with the same input
size, because there's a constant per-token overhead: 37 bytes on my
system.

Tighten this up: limit the token count to 2Mi. Chosen to roughly
match the 64MiB total token size limit.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <1448486613-17634-13-git-send-email-armbru@redhat.com>

qjson: surprise, allocating 6 QObjects per token is expensive

Replace the contents of the tokens GQueue with a simple struct. This cuts
the amount of memory allocated by tests/check-qjson from ~500MB to ~20MB,
and the execution time from 600ms to 80ms on my laptop. Still a lot (some
could be saved by using an intrusive list, such as QSIMPLEQ, instead of
the GQueue), but the savings are already massive and the right thing to
do would probably be to get rid of json-streamer completely.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <1448300659-23559-5-git-send-email-pbonzini@redhat.com>
[Straightforwardly rebased on my patches]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>

qjson: store tokens in a GQueue

Even though we still have the "streamer" concept, the tokens can now
be deleted as they are read. While doing so convert from QList to
GQueue, since the next step will make tokens not a QObject and we
will have to do the conversion anyway.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <1448300659-23559-4-git-send-email-pbonzini@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>

qjson: Convert to parser to recursive descent

We backtrack in parse_value(), even though JSON is LL(1) and thus can
be parsed by straightforward recursive descent. Do exactly that.

Based on an almost-correct patch from Paolo Bonzini.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1448486613-17634-10-git-send-email-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>

qjson: replace QString in JSONLexer with GString

JSONLexer only needs a simple resizable buffer. json-streamer.c
can allocate memory for each token instead of relying on reference
counting of QStrings.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <1448300659-23559-2-git-send-email-pbonzini@redhat.com>
[Straightforwardly rebased on my patches, checkpatch made happy]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>

qjson: Inline token_is_escape() and simplify

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1448486613-17634-8-git-send-email-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>

qjson: Inline token_is_keyword() and simplify

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1448486613-17634-7-git-send-email-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>

qjson: Give each of the six structural chars its own token type

Simplifies things, because we always check for a specific one.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1448486613-17634-6-git-send-email-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>

qjson: Spell out some silent assumptions

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1448486613-17634-5-git-send-email-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>

check-qjson: Add test for JSON nesting depth limit

This would have prevented the regression mentioned in the previous
commit.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <1448486613-17634-4-git-send-email-armbru@redhat.com>

qjson: Don't crash when input exceeds nesting limit

We limit nesting depth and input size to defend against input
triggering excessive heap or stack memory use (commit 29c75dd
json-streamer: limit the maximum recursion depth and maximum token
count). However, when the nesting limit is exceeded,
parser_context_peek_token()'s assertion fails.

Broken in commit 65c0f1e "json-parser: don't replicate tokens at each
level of recursion".

To reproduce stuff 1025 open braces or brackets into QMP.

Fix by taking the error exit instead of the normal one.

Reported-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <1448486613-17634-3-git-send-email-armbru@redhat.com>

qjson: Apply nesting limit more sanely

The nesting limit from commit 29c75dd "json-streamer: limit the
maximum recursion depth and maximum token count" applies separately to
braces and brackets. This makes no sense. Apply it to their sum,
because that's actually a measure of recursion depth.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <1448486613-17634-2-git-send-email-armbru@redhat.com>

monitor: Plug memory leak on QMP error

Leak introduced in commit 8a4f501..710aec9, v2.4.0.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1446117309-15322-1-git-send-email-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com>

vnc: fix segfault

Commit "c7628bf vnc: only alloc server surface with clients connected"
missed one rarely used codepath (cirrus with guest drivers using 2d
accel) where we have to check for the server surface being present,
to avoid qemu crashing with a NULL pointer dereference. Add the check.

Reported-by: Anthony PERARD <anthony.perard@citrix.com>
Tested-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

qga: added another non-interactive gspawn() helper file.

With previous commit we added gspawn-win64-helper-console.exe,
required for gspawn() mingw implementation.
Unfortunatly when running as a service without interactive
desktop, gspawn() also requires another helper app.

Added gspawn-win64-helper.exe and gspawn-win32-helper.exe
for corresponding architectures.

Signed-off-by: Yuri Pudgorodskiy <yur@virtuozzo.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Michael Roth <mdroth@linux.vnet.ibm.com>
* remove trailing whitespace
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

qga: Better mapping of SEEK_* in guest-file-seek

Exposing OS-specific SEEK_ constants in our qapi was a mistake
(if the host has SEEK_CUR as 1, but the guest has it as 2, then
the semantics are unclear what should happen); if we had a time
machine, we would instead expose only a symbolic enum. It's too
late to change the fact that we have an integer in qapi, but we
can at least document what mapping we want to enforce for all
qga clients (and luckily, it happens to be the mapping that both
Linux and Windows use); then fix the code to match that mapping.
It also helps us filter out unsupported SEEK_DATA and SEEK_HOLE.

In the future, we may wish to move our QGA_SEEK_* constants into
qga/qapi-schema.json, along with updating the schema to take an
alternate type (either the integer, or the string value of the
enum name) - but that's too much risk during hard freeze.

Signed-off-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

tests: add file-write-read test

This test exhibits a POSIX behaviour regarding switching between write
and read. It's undefined result if the application doesn't ensure a
flush between the two operations (with glibc, the flush can be implicit
when the buffer size is relatively small). The previous commit fixes
this test.

Related to:
https://bugzilla.redhat.com/show_bug.cgi?id=1210246

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

qga: flush explicitly when needed

According to the specification:
http://pubs.opengroup.org/onlinepubs/9699919799/functions/fopen.html

"the application shall ensure that output is not directly followed by
input without an intervening call to fflush() or to a file positioning
function (fseek(), fsetpos(), or rewind()), and input is not directly
followed by output without an intervening call to a file positioning
function, unless the input operation encounters end-of-file."

Without this change, an fwrite() followed by an fread() may lose the
previously written content, as shown in the following test.

Fixes:
https://bugzilla.redhat.com/show_bug.cgi?id=1210246

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
* don't confuse {write,read}() with f{write,read}() in
commit msg (Laszlo)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

ide-test: fix timeouts

Use explicit timeouts instead of trying to approximate it by counting
the cumulative duration of nsleep calls.

In practice, the timeout if inb() dwarfed the nsleep delays, and as a
result the real timeout value became a lot larger than 5 seconds.

So: change the semantics from "Not sooner than 5 seconds" to "no more
than 5 seconds" to ensure we don't hang the tester for very long.

Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Message-id: 1448393771-15483-2-git-send-email-jsnow@redhat.com

qga: gspawn() console helper to Windows guest agent msi build

This helper, gspawn-win64-helper-console.exe for 64-bit and
gspawn-win32-helper-console.exe for 32-bit environment,
is needed for gspawn() mingw implementation, used by guest-exec command.

Without these files guest-exec command on Windows will not
work with "file not found" diagnostic message.

Signed-off-by: Yuri Pudgorodskiy <yur@virtuozzo.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

makefile: fix qemu-ga make install for --disable-tools

ab59e3e introduced a fix for `make install` on w32 that involved
filtering out qemu-ga from $TOOLS install recipe so that we could
append $(EXESUF) to it before attempting to install the binary
via install-prog function.

install-prog takes a list of binaries to install to a particular
directory. If the list is empty it breaks. We guard against this
by ensuring $TOOLS is not empty prior to calling.

However, ab59e3e introduces extra filtering after this check which
can still result on us attempting to call install-prog with an
empty list of binaries. In particular, this occurs if we
build with the --disable-tools configure option, which results
in qemu-ga being the only member of $TOOLS.

Fix this by doing a simple s/qemu-ga/qemu-ga$(EXESUF)/ pass through
$TOOLS instead of filtering out qemu-ga to handle it seperately.

Reported-by: Steve Ellcey <sellcey@imgtec.com>
Cc: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

Merge remote-tracking branch 'remotes/juanquintela/tags/migration/20151125' into staging

migration/next for 20151125

# gpg: Signature made Wed 25 Nov 2015 14:28:47 GMT using RSA key ID 5872D723
# gpg: Good signature from "Juan Quintela <quintela@redhat.com>"
# gpg:                 aka "Juan Quintela <quintela@trasno.org>"

* remotes/juanquintela/tags/migration/20151125:
  block-migration: limit the memory usage
  Assume madvise for (no)hugepage works

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Block layer patches

# gpg: Signature made Wed 25 Nov 2015 13:33:14 GMT using RSA key ID C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"

* remotes/kevin/tags/for-upstream:
  qemu-iotests: Add -nographic when starting QEMU in 119 and 120
  block/qapi: Plug memory leak on query-block error path
  raw-posix.c: Make GetBSDPath() handle caching options
  nand: fix flash erase when oob is in memory
  test-aio: Fix event notifier cleanup
  tests/Makefile: Add more dependencies for test-timed-average

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

block-migration: limit the memory usage

If we set migration speed in a very large value, block-migration will try to read
all data to the memory. Because
(block_mig_state.submitted + block_mig_state.read_done) * BLOCK_SIZE
will be overflow, and it will be always less than rate limit.

There is no need to read too many data into memory when the rate limit is very large.
So limit the memory usage can fix the overflow problem.

Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>

Assume madvise for (no)hugepage works

madvise() returns EINVAL in the case of many failures, but also
returns it in cases where the host kernel doesn't have THP enabled.
Postcopy only really cares that THP is off before it detects faults,
and turns it back on afterwards; so we're going to have
to assume that if the madvise fails then the host just doesn't do
THP and we can carry on with the postcopy.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Tested-by: Jason J. Herne <jjherne@linux.vnet.ibm.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>

Merge remote-tracking branch 'mreitz/tags/pull-block-for-kevin-2015-11-25' into queue-block

One block patch for qemu 2.5-rc2.

# gpg: Signature made Wed Nov 25 14:30:45 2015 CET using RSA key ID E838ACAD
# gpg: Good signature from "Max Reitz <mreitz@redhat.com>"

* mreitz/tags/pull-block-for-kevin-2015-11-25:
qemu-iotests: Add -nographic when starting QEMU in 119 and 120

Signed-off-by: Kevin Wolf <kwolf@redhat.com>

qemu-iotests: Add -nographic when starting QEMU in 119 and 120

Otherwise, a window flashes on my desktop (built with SDL). Add this as
other cases have it.

Signed-off-by: Fam Zheng <famz@redhat.com>
Message-id: 1448245930-15031-1-git-send-email-famz@redhat.com
Signed-off-by: Max Reitz <mreitz@redhat.com>

block/qapi: Plug memory leak on query-block error path

Spotted by Coverity.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

raw-posix.c: Make GetBSDPath() handle caching options

Add support for caching options that can be specified from the command
line.

The CD-ROM raw char device bypasses the host page cache and therefore
has alignment requirements. Alignment probing is necessary so only use
the raw char device if BDRV_O_NOCACHE is set.

This patch fixes -cdrom /dev/cdrom on Mac OS X hosts, where bdrv_read()
used to fail due to misaligned requests during image format probing.

Signed-off-by: John Arbuckle <programmingkidx@gmail.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

nand: fix flash erase when oob is in memory

For the "main area on file, oob in memory" case, fix the shifts so that
we erase the correct number of pages.

Signed-off-by: Ricard Wanderlöf <ricardw@axis.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

test-aio: Fix event notifier cleanup

One test case closed an event notifier (event_notifier_cleanup())
without first disabling it (set_event_notifier(..., NULL)). This
resulted in a leftover handle 0 that was added to each subsequent
WaitForMultipleObjects() call, causing the function to fail (invalid
handle).

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>

tests/Makefile: Add more dependencies for test-timed-average

'make check' failed to compile the test case for mingw because of
undefined references. Pull in a few more dependencies so that it builds.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>

Merge remote-tracking branch 'remotes/sstabellini/tags/xen-20151125' into staging

Xen 2015/11/25

# gpg: Signature made Wed 25 Nov 2015 11:19:26 GMT using RSA key ID 70E1AE90
# gpg: Good signature from "Stefano Stabellini <stefano.stabellini@eu.citrix.com>"

* remotes/sstabellini/tags/xen-20151125:
xen_disk: Remove ioreq.postsync
xen: fix usage of xc_domain_create in domain builder

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

MAINTAINERS: Update TCG CPU cores section

These are the people that I think have been touching it lately
or reviewing patches.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

tests/vhost-user-bridge: read command line arguments

Now some vhost-user-bridge parameters can be passed from the
command line:

Usage: prog [-u ud_socket_path] [-l lhost:lport] [-r rhost:rport]
        -u path to unix doman socket. default: /tmp/vubr.sock
        -l local host and port. default: 127.0.0.1:4444
        -r remote host and port. default: 127.0.0.1:5555

Signed-off-by: Victor Kaplansky <victork@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

tests/vhost-user-bridge: propose GUEST_ANNOUNCE feature

The backend has to know whether VIRTIO_NET_F_GUEST_ANNOUNCE was
negotiated, so, as a hack we propose the feature by
vhost-user-bridge during the feature negotiation.

Signed-off-by: Victor Kaplansky <victork@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

vhost-user: clarify start and enable

It seems that we currently have some duplication between
started and enabled states.

The actual reason is that enable is not documented correctly:
what it does is connecting ring to the backend.

This is important for MQ, because a Linux guest expects TX
packets to be completed even if it disables some queues
temporarily.

Cc: Yuanhan Liu <yuanhan.liu@linux.intel.com>
Cc: Victor Kaplansky <victork@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

vhost-user: set link down when the char device is closed

Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>

pc: Don't set hw_version on pc-*-2.5

Now that qemu_hw_version() returns a fixed "2.5+" string instead
of QEMU_VERSION, we don't need to set hw_version on pc-*-2.5
explicitly.

Suggested-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

osdep: Change default value of qemu_hw_version() to "2.5+"

There are two issues with qemu_hw_version() today:

1) If a machine has hw_version set, the value returned by it is
   not very useful, because it is not the actual QEMU version.
2) If a machine does't set hw_version, the return value of
   qemu_hw_version() is broken, because it will change when
   upgrading QEMU.

For those reasons, using qemu_hw_version() is strongly
discouraged, and should be used only in code that used
QEMU_VERSION in the past and needs to keep compatibility.

To fix (2), instead of making every machine broken by default
unless they set hw_version, make qemu_hw_version() simply return
"2.5+" if qemu_set_hw_version() is not called.

Suggested-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

Merge remote-tracking branch 'remotes/armbru/tags/pull-ivshmem-2015-11-25' into staging

ivshmem patches for 2.5

# gpg: Signature made Wed 25 Nov 2015 09:25:38 GMT using RSA key ID EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>"

* remotes/armbru/tags/pull-ivshmem-2015-11-25:
  ivshmem: Rename property memdev to x-memdev for 2.5
  ivshmem: Mark questionable socket type test FIXME
  tests/ivshmem-test: Supply missing initializer in get_device()
  qemu-doc: Fix ivshmem usage example with shm=...
  qemu-doc: Fix ivshmem example markup

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

xen_disk: Remove ioreq.postsync

This code has been dead for three years (since commit 7e7b7cba1).

Signed-off-by: Alberto Garcia <berto@igalia.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>

ivshmem: Rename property memdev to x-memdev for 2.5

The device's guest interface and its QEMU user interface are
flawed^Whotly debated. We'll resolve that in the next development
cycle, probably by deprecating the device in favour of a cleaned up,
but not quite compatible revision.

To avoid adding more baggage to the soon-to-be-deprecated interface,
mark property "memdev" as experimental, by renaming it to "x-memdev".
It's the only recent user interface change.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1448384789-14830-6-git-send-email-armbru@redhat.com>
[Update of qemu-doc.texi squashed in]
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>

ivshmem: Mark questionable socket type test FIXME

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>

tests/ivshmem-test: Supply missing initializer in get_device()

If the device isn't found, the assertion uses dev without
initialization. Fix that.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1448384789-14830-4-git-send-email-armbru@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>

qemu-doc: Fix ivshmem usage example with shm=...

The example suggests you can omit "shm". This isn't true; you must
specify exactly one of "shm", "chardev", "memdev". Fix it.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1448384789-14830-3-git-send-email-armbru@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>

qemu-doc: Fix ivshmem example markup

Use @var{foo} like we do everywhere else, not <foo>.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1448384789-14830-2-git-send-email-armbru@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>

atapi: Fix code indentation

This was accidentally changed by commit 5f81724d

Signed-off-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: 93fb43522e3b8dddb6c709d568919347d9a5ba3f.1448367341.git.berto@igalia.com
Signed-off-by: John Snow <jsnow@redhat.com>

atapi: Account for failed and invalid operations in cd_read_sector()

Commit 5f81724d made PIO read requests async but didn't add the
relevant block_acct_failed() and block_acct_invalid() calls.

Signed-off-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: 9b87e09d61019c128139b6c999ed0c07f0674170.1448367341.git.berto@igalia.com
Signed-off-by: John Snow <jsnow@redhat.com>

ide-test: cdrom_pio_impl fixup

Final tidying: move the interrupt wait into the loop,
document that the status read clears the IRQ, and move
the final interrupt check outside of the loop.

This should be functionally equivalent to how it works
currently, but a little less ambiguous and slightly more
explicit about the state transitions.

Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Message-id: 1448060035-31973-3-git-send-email-jsnow@redhat.com

Merge remote-tracking branch 'remotes/lalrae/tags/mips-20151124' into staging

MIPS patches 2015-11-24

Changes:
* Fixes for enabling/disabling 64-bit addressing

# gpg: Signature made Tue 24 Nov 2015 14:54:35 GMT using RSA key ID 0B29DA6B
# gpg: Good signature from "Leon Alrae <leon.alrae@imgtec.com>"

* remotes/lalrae/tags/mips-20151124:
target-mips: flush QEMU TLB when disabling 64-bit addressing
target-mips: Fix exceptions while UX=0

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20151124' into staging

target-arm queue:
* fix minimum RAM check warning on xlnx-ep108
* remove unused define from aarch64-linux-user.mak config
* don't mask out bits [47:40] in ARMv8 LPAE descriptors
* correct unallocated instruction checks for ldst_excl

# gpg: Signature made Tue 24 Nov 2015 14:17:10 GMT using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>"
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>"

* remotes/pmaydell/tags/pull-target-arm-20151124:
  target-arm/translate-a64.c: Correct unallocated checks for ldst_excl
  target-arm: Don't mask out bits [47:40] in LPAE descriptors for v8
  default-configs/aarch64-linux-user.mak: Remove unused define
  xlnx-ep108: Fix minimum RAM check

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target-arm/translate-a64.c: Correct unallocated checks for ldst_excl

The checks for the unallocated encodings in the ldst_excl group
(exclusives and load-acquire/store-release) were not correct. This
error meant that in turn we ended up with code attempting to handle
the non-existent case of "non-exclusive load-acquire/store-release
pair". Delete that broken and now unreachable code.

Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Sergey Fedorov <serge.fdrv@gmail.com>

target-arm: Don't mask out bits [47:40] in LPAE descriptors for v8

In an LPAE format descriptor in ARMv8 the address field extends
up to bit 47, not just bit 39. Correct the masking so we don't
give incorrect results if the output address size is greater
than 40 bits, as it can be for AArch64.

(Note that we don't yet support the new-in-v8 Address Size fault which
should be generated if any translation table entry or TTBR contains
an address with non-zero bits above the most significant bit of the
maximum output address size.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1448029971-9875-1-git-send-email-peter.maydell@linaro.org

default-configs/aarch64-linux-user.mak: Remove unused define

The uses of the CONFIG_GDBSTUB_XML define were removed in commit
b77abd95a9484c, but the define in aarch64-linux-user.mak somehow
escaped the cull (the patchset probably crossed in the mail with
the patches adding aarch64 support). Remove the stray define.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Message-id: 1447690178-4560-1-git-send-email-peter.maydell@linaro.org

xlnx-ep108: Fix minimum RAM check

The minimum RAM check logic for the Xiilnx EP108 was off by one,
which caused a false positive. Correct the logic to only print
warnings when the RAM is below 0x8000000.

Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Message-id: fba8112ca7b01efd72553332b8045ecf107b7662.1448021100.git.alistair.francis@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target-mips: flush QEMU TLB when disabling 64-bit addressing

CP0.Status.KX/SX/UX bits are responsible for enabling access to 64-bit
Kernel/Supervisor/User Segments. If bit is cleared an access to
corresponding segment should generate Address Error Exception.

However, the guest may still be able to access some pages belonging to
the disabled 64-bit segment because we forget to flush QEMU TLB.

This patch fixes it.

Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>

target-mips: Fix exceptions while UX=0

Commit 01f728857941 ("target-mips: Status.UX/SX/KX enable 32-bit address
wrapping") added a new hflag MIPS_HFLAG_AWRAP, which indicates that
64-bit addressing is disallowed in the current mode, so hflag users
don't need to worry about the complexities of working that out, for
example checking both MIPS_HFLAG_KSU and MIPS_HFLAG_UX.

However when exceptions are taken outside of exception level,
mips_cpu_do_interrupt() manipulates the env->hflags directly rather than
using compute_hflags() to update them, and this code wasn't updated
accordingly. As a result, when UX is cleared, MIPS_HFLAG_AWRAP is set,
but it doesn't get cleared on entry back into kernel mode due to an
exception. Kernel mode then cannot access the 64-bit segments resulting
in a nested exception loop. The same applies to errors and debug
exceptions.

Fix by updating mips_cpu_do_interrupt() to clear the MIPS_HFLAG_WRAP
flag when necessary, according to compute_hflags().

Fixes: 01f728857941 ("target-mips: Status.UX/SX/KX enable 32-bit...")
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Leon Alrae <leon.alrae@imgtec.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>

Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging

# gpg: Signature made Tue 24 Nov 2015 08:04:07 GMT using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"

* remotes/stefanha/tags/block-pull-request:
  virtio-blk: Move resetting of req->mr_next to virtio_blk_handle_rw_error
  parallels: dirty BAT properly for continuous allocations

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

virtio-blk: Move resetting of req->mr_next to virtio_blk_handle_rw_error

"werror=report" would free the req in virtio_blk_handle_rw_error, we
mustn't write to it in that case.

Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-id: 1448239280-15025-1-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

parallels: dirty BAT properly for continuous allocations

This patch marks part of the BAT dirty properly. There is a possibility that
multy-block allocation could have one block allocated on one BAT page and
next block on the next page. The code without the patch could not save
updated position to the file.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Message-id: 1447779778-26062-1-git-send-email-den@openvz.org
CC: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

Merge remote-tracking branch 'remotes/ehabkost/tags/numa-pull-request' into staging

NUMA fix for -rc2

# gpg: Signature made Mon 23 Nov 2015 12:45:34 GMT using RSA key ID 984DC5A6
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>"

* remotes/ehabkost/tags/numa-pull-request:
hostmem: Ignore ENOSYS while setting MPOL_DEFAULT

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20151123' into staging

Last minute fix.

# gpg: Signature made Mon 23 Nov 2015 12:17:26 GMT using RSA key ID 4DD0279B
# gpg: Good signature from "Richard Henderson <rth7680@gmail.com>"
# gpg:                 aka "Richard Henderson <rth@redhat.com>"
# gpg:                 aka "Richard Henderson <rth@twiddle.net>"

* remotes/rth/tags/pull-tcg-20151123:
  tcg: Fix highwater check

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

hostmem: Ignore ENOSYS while setting MPOL_DEFAULT

Currently hostmem backend fails if CONFIG_NUMA is enabled in QEMU
(the default) but NUMA is not supported by the kernel. This makes
it impossible to use ivshmem in such configurations.

This patch fixes the problem by ignoring ENOSYS error if policy is set to
MPOL_DEFAULT. This way the code behaves in the same way as if CONFIG_NUMA
was not defined. qemu will still fail if the user specifies some other
policy, so that the user knows it.

Signed-off-by: Pavel Fedin <p.fedin@samsung.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>

tcg: Fix highwater check

A simple typo in the variable to use when comparing vs the highwater mark.
Reports are that qemu can in fact segfault occasionally due to this mistake.

Signed-off-by: John Clarke <johnc@kirriwa.net>
Signed-off-by: Richard Henderson <rth@twiddle.net>

Update version for v2.5.0-rc1 release

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

tests: fix cdrom_pio_impl in ide-test

The check for the cleared BSY flag has to be performed
before each data transfer and not just before the
first one.

Commit 5f81724d revealed this glitch as the BSY flag
was not set in ATAPI PIO transfers before.

While at it fix the descriptions and add a comment before
the nested for loop that transfers the data.

Signed-off-by: Peter Lieven <pl@kamp.de>
Message-id: 1448029742-19771-1-git-send-email-pl@kamp.de
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/afaerber/tags/qom-devices-for-peter' into staging

QOM infrastructure fixes and device conversions

* Fix for properties on objects > 4 GiB
* Performance improvements for QOM property handling
* Assertion cleanups
* MAINTAINERS additions

# gpg: Signature made Thu 19 Nov 2015 14:32:16 GMT using RSA key ID 3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg:                 aka "Andreas Färber <afaerber@suse.com>"

* remotes/afaerber/tags/qom-devices-for-peter:
  MAINTAINERS: Add check-qom-{interface,proplist} to QOM
  qom: Clean up assertions to display values on failure
  qom: Replace object property list with GHashTable
  qom: Add a test case for complex property finalization
  net: Convert net filter code to use object property iterators
  ppc: Convert spapr code to use object property iterators
  vl: Convert machine help code to use object property iterators
  qmp: Convert QMP code to use object property iterators
  qom: Introduce ObjectPropertyIterator struct for iteration
  qdev: Change Property::offset field to ptrdiff_t type

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

vhost, pc: fixes for 2.5

Fixes all over the place.

This also re-enables a test we disabled in 2.5 cycle
now that there's a way not to get a warning from it.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Thu 19 Nov 2015 13:27:43 GMT using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"

* remotes/mst/tags/for_upstream:
  exec: silence hugetlbfs warning under qtest
  tests: re-enable vhost-user-test
  acpi: fix buffer overrun on migration
  vhost-user: fix log size
  vhost-user: ignore qemu-only features
  specs/vhost-user: fix spec to match reality
  tests/vhost-user-bridge: implement logging of dirty pages
  i440fx: print an error message if user tries to enable iommu
  q35: Check propery to determine if iommu is set
  vhost-user: start/stop all rings
  vhost-user: print original request on error
  vhost-user-test: support VHOST_USER_SET_VRING_ENABLE
  vhost-user: update spec description
  vhost: don't send RESET_OWNER at stop
  vhost: let SET_VRING_ENABLE message depends on protocol feature

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20151119' into staging

target-arm queue:
* add missing condexec updates when emulating architectural breakpoints
   and coprocessor access checks in Thumb translation (could in theory
   cause problems when these happened inside a Thumb IT block and an
   exception was taken)
* arm_gic: correctly restore nested IRQ priority

# gpg: Signature made Thu 19 Nov 2015 13:29:37 GMT using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>"
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>"

* remotes/pmaydell/tags/pull-target-arm-20151119:
  target-arm: Update condexec before arch BP check in AA32 translation
  target-arm: Update condexec before CP access check in AA32 translation
  hw/arm_gic: Correctly restore nested irq priority

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/juanquintela/tags/migration/20151119' into staging

migration/next for 20151119

# gpg: Signature made Thu 19 Nov 2015 11:17:07 GMT using RSA key ID 5872D723
# gpg: Good signature from "Juan Quintela <quintela@redhat.com>"
# gpg:                 aka "Juan Quintela <quintela@trasno.org>"

* remotes/juanquintela/tags/migration/20151119:
  migration: normalize locking in migration/savevm.c
  migration: implement bdrv_all_find_vmstate_bs helper
  migration: reorder processing in hmp_savevm
  snapshot: create bdrv_all_create_snapshot helper
  migration: drop find_vmstate_bs check in hmp_delvm
  snapshot: create bdrv_all_find_snapshot helper
  migration: factor our snapshottability check in load_vmstate
  snapshot: create bdrv_all_goto_snapshot helper
  snapshot: create bdrv_all_delete_snapshot helper
  snapshot: return error code from bdrv_snapshot_delete_by_id_or_name
  snapshot: create helper to test that block drivers supports snapshots
  Unneeded NULL check
  migration: Dead assignment of current_time
  Set last_sent_block

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

MAINTAINERS: Add check-qom-{interface,proplist} to QOM

Add the QOM unit tests to the QOM maintenance area so that maintainers
get CC'ed on changes and to document QOM test coverage.

Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>

qom: Clean up assertions to display values on failure

Instead of using g_assert() for integer comparisons, use
g_assert_cmpint() so that we can see the respective values.

While at it, fix one stray indentation.

Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>