sdk/emulator/qemu.git
8 years agoerror: Fix error_printf() calls lacking newlines
Markus Armbruster [Wed, 3 Aug 2016 11:37:54 +0000 (13:37 +0200)]
error: Fix error_printf() calls lacking newlines

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1470224274-31522-5-git-send-email-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
8 years agovfio: Use error_report() instead of error_printf() for errors
Markus Armbruster [Wed, 3 Aug 2016 11:37:53 +0000 (13:37 +0200)]
vfio: Use error_report() instead of error_printf() for errors

Cc: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1470224274-31522-4-git-send-email-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
8 years agocheckpatch: Fix newline detection in error_setg() & friends
Markus Armbruster [Wed, 3 Aug 2016 11:37:52 +0000 (13:37 +0200)]
checkpatch: Fix newline detection in error_setg() & friends

Commit 5d596c2's regexp assumes the error message string is the first
argument.  Correct for error_report(), wrong for all the others.
Relax the regexp to match newline in anywhere.  This might cause
additional false positives.

While there, update the list of error_reporting functions.

Cc: Jason J. Herne <jjherne@linux.vnet.ibm.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1470224274-31522-3-git-send-email-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
8 years agoerror: Strip trailing '\n' from error string arguments (again)
Markus Armbruster [Wed, 3 Aug 2016 11:37:51 +0000 (13:37 +0200)]
error: Strip trailing '\n' from error string arguments (again)

Commit 9af9e0f, 6daf194dbe62a2eb and 312fd5f got rid of a bunch, but
they keep coming back.  checkpatch.pl tries to flag them since commit
5d596c2, but it's not very good at it.  Offenders tracked down with
Coccinelle script scripts/coccinelle/err-bad-newline.cocci, an updated
version of the script from commit 312fd5f.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1470224274-31522-2-git-send-email-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
8 years agotests: Rename qtests which have names ending "error"
Peter Maydell [Thu, 4 Aug 2016 10:39:38 +0000 (11:39 +0100)]
tests: Rename qtests which have names ending "error"

We have three qtest tests which have test names ending with "error".
This is awkward because the output of verbose test runs looks like
  /crypto/task/error:                                                  OK
  /crypto/task/thread_error:                                           OK

which gives false positives if you are grepping build logs for
errors by looking for "error:". Since there are only three tests
with this problem, just rename them all to 'failure' instead.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 1470307178-22848-1-git-send-email-peter.maydell@linaro.org

8 years agowxx: Fix handling of files used for character devices
Stefan Weil [Tue, 2 Aug 2016 05:14:37 +0000 (07:14 +0200)]
wxx: Fix handling of files used for character devices

On Windows, such files were not truncated like on all other hosts.
Now we also test whether truncation is needed when running on Windows.

The append case was also incorrect because it needs a different value
for the desired access mode.

Reported-by: Benjamin David Lunt <fys@fysnet.net>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1470114877-1466-1-git-send-email-sw@weilnetz.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoMerge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
Peter Maydell [Fri, 5 Aug 2016 12:05:29 +0000 (13:05 +0100)]
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Block layer patches for 2.7.0-rc2

# gpg: Signature made Fri 05 Aug 2016 10:30:12 BST
# gpg:                using RSA key 0x7F09B272C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74  56FE 7F09 B272 C88F 2FD6

* remotes/kevin/tags/for-upstream:
  nvme: bump PCI revision
  nvme: fix identify to be NVMe 1.1 compliant
  block: Accept any target node for transactional blockdev-backup

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoMerge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging
Peter Maydell [Fri, 5 Aug 2016 10:44:56 +0000 (11:44 +0100)]
Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging

# gpg: Signature made Fri 05 Aug 2016 10:24:34 BST
# gpg:                using RSA key 0x9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35  775A 9CA4 ABB3 81AB 73C8

* remotes/stefanha/tags/block-pull-request:
  virtio-blk: Remove stale comment about draining
  virtio-blk: Release s->rq queue at system_reset
  throttle: Test burst limits lower than the normal limits
  throttle: Don't allow burst limits to be lower than the normal limits
  block/parallels: check new image size

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoMerge remote-tracking branch 'remotes/famz/tags/docker-pull-request' into staging
Peter Maydell [Fri, 5 Aug 2016 10:16:30 +0000 (11:16 +0100)]
Merge remote-tracking branch 'remotes/famz/tags/docker-pull-request' into staging

# gpg: Signature made Fri 05 Aug 2016 09:58:50 BST
# gpg:                using RSA key 0xCA35624C6A9171C6
# gpg: Good signature from "Fam Zheng <famz@redhat.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 5003 7CB7 9706 0F76 F021  AD56 CA35 624C 6A91 71C6

* remotes/famz/tags/docker-pull-request:
  docker: Add "--enable-werror" to configure command line
  docker: Be compatible with older docker

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoMerge remote-tracking branch 'remotes/sstabellini/tags/xen-20160804-tag' into staging
Peter Maydell [Fri, 5 Aug 2016 09:23:12 +0000 (10:23 +0100)]
Merge remote-tracking branch 'remotes/sstabellini/tags/xen-20160804-tag' into staging

Xen 2016/08/04

# gpg: Signature made Thu 04 Aug 2016 18:43:14 BST
# gpg:                using RSA key 0x894F8F4870E1AE90
# gpg: Good signature from "Stefano Stabellini <stefano.stabellini@eu.citrix.com>"
# Primary key fingerprint: D04E 33AB A51F 67BA 07D3  0AEA 894F 8F48 70E1 AE90

* remotes/sstabellini/tags/xen-20160804-tag:
  Xen PCI passthrough: fix passthrough failure when no interrupt pin

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agovirtio-blk: Remove stale comment about draining
Fam Zheng [Thu, 4 Aug 2016 02:44:14 +0000 (10:44 +0800)]
virtio-blk: Remove stale comment about draining

This is stale after commit 6e40b3bf (virtio-blk: Use blk_drain() to
drain IO requests), remove it.

Suggested-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Message-id: 1470278654-13525-3-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
8 years agovirtio-blk: Release s->rq queue at system_reset
Fam Zheng [Thu, 4 Aug 2016 02:44:13 +0000 (10:44 +0800)]
virtio-blk: Release s->rq queue at system_reset

At system_reset, there is no point in retrying the queued request,
because the driver that issued the request won't be around any more.

Analyzed-by: Laszlo Ersek <lersek@redhat.com>
Reported-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Message-id: 1470278654-13525-2-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
8 years agothrottle: Test burst limits lower than the normal limits
Alberto Garcia [Thu, 28 Jul 2016 08:08:13 +0000 (11:08 +0300)]
throttle: Test burst limits lower than the normal limits

This checks that making FOO_max lower than FOO is not allowed.

We could also forbid having FOO_max == FOO, but that doesn't have
any odd side effects and it would require us to update several other
tests, so let's keep it simple.

Signed-off-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 2f90f9ee58aa14b7bd985f67c5996b06e0ab6c19.1469693110.git.berto@igalia.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
8 years agothrottle: Don't allow burst limits to be lower than the normal limits
Alberto Garcia [Thu, 28 Jul 2016 08:08:12 +0000 (11:08 +0300)]
throttle: Don't allow burst limits to be lower than the normal limits

Setting FOO_max to a value that is lower than FOO does not make
sense, and it produces odd results depending on the value of
FOO_max_length. Although the user should not set that configuration
in the first place it's better to reject it explicitly.

https://bugzilla.redhat.com/show_bug.cgi?id=1355665

Signed-off-by: Alberto Garcia <berto@igalia.com>
Reported-by: Gu Nini <ngu@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 663d5aca406060e31f80d8113f77b6feee63b919.1469693110.git.berto@igalia.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
8 years agoblock/parallels: check new image size
Klim Kireev [Wed, 27 Jul 2016 17:08:20 +0000 (20:08 +0300)]
block/parallels: check new image size

Before this patch incorrect image could be created via qemu-img
(Example: qemu-img create -f parallels -o size=4096T hack.img),
incorrect images cannot be used due to overflow in main image structure.

This patch add check of size in image creation.

After reading size it compare it with UINT32_MAX * cluster_size.

Signed-off-by: Klim Kireev <proffk@virtuozzo.mipt.ru>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Message-id: 1469639300-12155-1-git-send-email-den@openvz.org
CC: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
8 years agonvme: bump PCI revision
Christoph Hellwig [Thu, 4 Aug 2016 19:42:15 +0000 (21:42 +0200)]
nvme: bump PCI revision

The broken Identify implementation in earlier Qemu versions means we
need to blacklist it from issueing the NVMe 1.1 Identify Namespace List
command.  As we want to be able to use it in newer Qemu versions we need
a way to identify those.  Bump the PCI revision as a guest visible
indicator of this bug fix.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Acked-by: Keith Busch <keith.busch@intel.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agonvme: fix identify to be NVMe 1.1 compliant
Christoph Hellwig [Thu, 4 Aug 2016 19:42:14 +0000 (21:42 +0200)]
nvme: fix identify to be NVMe 1.1 compliant

NVMe 1.1 requires devices to implement a Namespace List subcommand of
the identify command.  Qemu not only not implements this features, but
also misinterprets it as an Identify Controller request.  Due to this
any OS trying to use the Namespace List will fail the probe.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Acked-by: Keith Busch <keith.busch@intel.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
8 years agoblock: Accept any target node for transactional blockdev-backup
Kevin Wolf [Tue, 2 Aug 2016 17:22:04 +0000 (19:22 +0200)]
block: Accept any target node for transactional blockdev-backup

Commit 0d978913 changed blockdev-backup to accept arbitrary node names
instead of device names (i.e. root nodes) for the backup target.
However, it forgot to make the same change in transactions and to update
the documentation. This patch fixes these omissions.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
8 years agodocker: Add "--enable-werror" to configure command line
Fam Zheng [Mon, 25 Jul 2016 13:31:50 +0000 (21:31 +0800)]
docker: Add "--enable-werror" to configure command line

We don't have .git in the docker checkout, add this to enable -Werror
explicitly.

Signed-off-by: Fam Zheng <famz@redhat.com>
Message-id: 1469453510-658-1-git-send-email-famz@redhat.com

8 years agodocker: Be compatible with older docker
Fam Zheng [Wed, 3 Aug 2016 05:42:08 +0000 (13:42 +0800)]
docker: Be compatible with older docker

By not using "--format" with docker images command.

The option is not available on RHEL 7 docker command. Use an awk
matching command instead.

Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-Id: <1470202928-3392-1-git-send-email-famz@redhat.com>

8 years agoXen PCI passthrough: fix passthrough failure when no interrupt pin
Bruce Rogers [Wed, 27 Jul 2016 15:30:48 +0000 (09:30 -0600)]
Xen PCI passthrough: fix passthrough failure when no interrupt pin

Commit 5a11d0f7 mistakenly converted a log message into an error
condition when no pin interrupt is found for the pci device being
passed through. Revert that part of the commit.

Signed-off-by: Bruce Rogers <brogers@suse.com>
Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>
Acked-by: Anthony PERARD <anthony.perard@citrix.com>
8 years agoMerge remote-tracking branch 'remotes/riku/tags/pull-linux-user-20160804' into staging
Peter Maydell [Thu, 4 Aug 2016 17:36:05 +0000 (18:36 +0100)]
Merge remote-tracking branch 'remotes/riku/tags/pull-linux-user-20160804' into staging

linux-user important fixes for 2.7

# gpg: Signature made Thu 04 Aug 2016 15:10:57 BST
# gpg:                using RSA key 0xB44890DEDE3C9BC0
# gpg: Good signature from "Riku Voipio <riku.voipio@iki.fi>"
# gpg:                 aka "Riku Voipio <riku.voipio@linaro.org>"
# Primary key fingerprint: FF82 03C8 C391 98AE 0581  41EF B448 90DE DE3C 9BC0

* remotes/riku/tags/pull-linux-user-20160804:
  linux-user: Handle brk() attempts with very large sizes
  linux-user: Fix target_semid_ds structure definition
  linux-user: Don't write off end of new_utsname buffer
  linux-user: Fix memchr() argument in open_self_cmdline()
  linux-user: Use correct alignment for long long on i386 guests

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agolinux-user: Handle brk() attempts with very large sizes
Peter Maydell [Fri, 22 Jul 2016 12:41:52 +0000 (13:41 +0100)]
linux-user: Handle brk() attempts with very large sizes

In do_brk(), we were inadvertently truncating the size
of a requested brk() from the guest by putting it into an
'int' variable. This meant that we would incorrectly report
success back to the guest rather than a failed allocation,
typically resulting in the guest then segfaulting. Use
abi_ulong instead.

This fixes a crash in the '31370.cc' test in the gcc libstdc++ test
suite (the test case starts by trying to allocate a very large
size and reduces the size until the allocation succeeds).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
8 years agolinux-user: Fix target_semid_ds structure definition
Peter Maydell [Fri, 15 Jul 2016 15:50:47 +0000 (16:50 +0100)]
linux-user: Fix target_semid_ds structure definition

The target_semid_ds structure is not correct for all
architectures: the padding fields should only exist for:
 * 32-bit ABIs
 * x86

It is also misnamed, since it is following the kernel
semid64_ds structure (QEMU doesn't support the legacy
semid_ds structure at all). Rename the struct, provide
a correct generic definition and allow the oddball x86
architecture to provide its own version.

This fixes broken SYSV semaphores for all our 64-bit
architectures except x86 and ppc.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
8 years agolinux-user: Don't write off end of new_utsname buffer
Peter Maydell [Tue, 12 Jul 2016 12:02:16 +0000 (13:02 +0100)]
linux-user: Don't write off end of new_utsname buffer

Use g_strlcpy() rather than strcpy() to copy the uname string
into the structure we return to the guest for the uname syscall.
This avoids overrunning the buffer if the user passed us an
overlong string via the QEMU command line.

We fix a comment typo while we're in the neighbourhood.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
8 years agolinux-user: Fix memchr() argument in open_self_cmdline()
Peter Maydell [Tue, 12 Jul 2016 12:02:19 +0000 (13:02 +0100)]
linux-user: Fix memchr() argument in open_self_cmdline()

In open_self_cmdline() we look for a 0 in the buffer we read
from /prc/self/cmdline. We were incorrectly passing the length
of our buf[] array to memchr() as the length to search, rather
than the number of bytes we actually read into it, which could
be shorter. This was spotted by Coverity (because it could
result in our trying to pass a negative length argument to
write()).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
8 years agolinux-user: Use correct alignment for long long on i386 guests
Peter Maydell [Thu, 28 Jul 2016 11:57:59 +0000 (12:57 +0100)]
linux-user: Use correct alignment for long long on i386 guests

For i386, the ABI specifies that 'long long' (8 byte values)
need only be 4 aligned, but we were requiring them to be
8-aligned. This meant we were laying out the target_epoll_event
structure wrongly. Add a suitable ifdef to abitypes.h to
specify the i386-specific alignment requirement.

Reported-by: Icenowy Zheng <icenowy@aosc.xyz>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
8 years agoMerge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
Peter Maydell [Thu, 4 Aug 2016 09:24:27 +0000 (10:24 +0100)]
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

* xsetbv fix (x86 targets TCG)
* remove unused functions
* qht segfault and memory leak fixes
* NBD fixes
* Fix for non-power-of-2 discard granularity
* Memory hotplug fixes
* Migration regressions
* IOAPIC fixes and (disabled by default) EOI register support
* Various other small fixes

# gpg: Signature made Wed 03 Aug 2016 18:01:05 BST
# gpg:                using RSA key 0xBFFBD25F78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream: (25 commits)
  util: Fix assertion in iov_copy() upon zero 'bytes' and non-zero 'offset'
  qdev: Fix use after free in qdev_init_nofail error path
  Reorganize help output of '-display' option
  x86: ioapic: add support for explicit EOI
  x86: ioapic: ignore level irq during processing
  apic: fix broken migration for kvm-apic
  fw_cfg: Make base type "fw_cfg" abstract
  block: Cater to iscsi with non-power-of-2 discard
  osdep: Document differences in rounding macros
  nbd: Limit nbdflags to 16 bits
  nbd: Fix bad flag detection on server
  i2c: fix migration regression introduced by broadcast support
  mptsas: really fix migration compatibility
  qdist: return "(empty)" instead of NULL when printing an empty dist
  qdist: use g_renew and g_new instead of g_realloc and g_malloc.
  qdist: fix memory leak during binning
  target-i386: fix typo in xsetbv implementation
  qht: do not segfault when gathering stats from an uninitialized qht
  util: Drop inet_listen()
  util: drop unix_nonblocking_connect()
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoMerge remote-tracking branch 'remotes/kraxel/tags/pull-vnc-20160803-1' into staging
Peter Maydell [Wed, 3 Aug 2016 17:22:51 +0000 (18:22 +0100)]
Merge remote-tracking branch 'remotes/kraxel/tags/pull-vnc-20160803-1' into staging

vnc: fixes for "-vnc none".

# gpg: Signature made Wed 03 Aug 2016 16:33:07 BST
# gpg:                using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/pull-vnc-20160803-1:
  vnc: ensure connection sharing/limits is always configured
  vnc: fix crash when vnc_server_info_get has an error
  vnc: don't crash getting server info if lsock is NULL

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoutil: Fix assertion in iov_copy() upon zero 'bytes' and non-zero 'offset'
Shmulik Ladkani [Tue, 2 Aug 2016 09:41:20 +0000 (12:41 +0300)]
util: Fix assertion in iov_copy() upon zero 'bytes' and non-zero 'offset'

In cases where iov_copy() is passed with zero 'bytes' argument and a
non-zero 'offset' argument, nothing gets copied - as expected.

However no copy iterations are performed, so 'offset' is left
unaltered, leading to the final assert(offset == 0) to fail.

Instead, change the loop condition to continue as long as 'offset || bytes',
similar to other iov_* functions.

This ensures 'offset' gets zeroed (even if no actual copy is made),
unless it is beyond end of source iov - which is asserted.

Signed-off-by: Shmulik Ladkani <shmulik.ladkani@ravellosystems.com>
Message-Id: <1470130880-1050-1-git-send-email-shmulik.ladkani@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agoqdev: Fix use after free in qdev_init_nofail error path
Fam Zheng [Tue, 2 Aug 2016 03:41:41 +0000 (11:41 +0800)]
qdev: Fix use after free in qdev_init_nofail error path

Since 69382d8b (qdev: Fix object reference leak in case device.realize()
fails), object_property_set_bool could release the object. The error
path wants the type name, so hold an reference before realizing it.

Cc: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-Id: <1470109301-12966-1-git-send-email-famz@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agoReorganize help output of '-display' option
Robert Ho [Tue, 26 Jul 2016 10:17:11 +0000 (18:17 +0800)]
Reorganize help output of '-display' option

The '-display' help information is not very correct. This patch sort
it a little.
Also, in its help information, reveals what implicit display option
will be chosen if no definition.

Signed-off-by: Robert Ho <robert.hu@intel.com>
Message-Id: <1469528231-26206-1-git-send-email-robert.hu@intel.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agox86: ioapic: add support for explicit EOI
Peter Xu [Mon, 1 Aug 2016 13:59:19 +0000 (21:59 +0800)]
x86: ioapic: add support for explicit EOI

Some old Linux kernels (upstream before v4.0), or any released RHEL
kernels has problem in sending APIC EOI when IR is enabled. Meanwhile,
many of them only support explicit EOI for IOAPIC, which is only
introduced in IOAPIC version 0x20. This patch provide a way to boost
QEMU IOAPIC to version 0x20, in order for QEMU to correctly receive EOI
messages.

Without boosting IOAPIC version to 0x20, kernels before commit d32932d
("x86/irq: Convert IOAPIC to use hierarchical irqdomain interfaces")
will have trouble enabling both IR and level-triggered interrupt devices
(like e1000).

To upgrade IOAPIC to version 0x20, we need to specify:

  -global ioapic.version=0x20

To be compatible with old systems, 0x11 will still be the default IOAPIC
version. Here 0x11 and 0x20 are the only versions to be supported.

One thing to mention: this patch only applies to emulated IOAPIC. It
does not affect kernel IOAPIC behavior.

Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <1470059959-372-1-git-send-email-peterx@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agox86: ioapic: ignore level irq during processing
Peter Xu [Sun, 31 Jul 2016 14:18:05 +0000 (22:18 +0800)]
x86: ioapic: ignore level irq during processing

For level triggered interrupts, we will get Remote IRR bit cleared after
guest kernel finished processing specific request. Before that, we
should ignore the same interrupt from triggering again.

Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <1469974685-4144-1-git-send-email-peterx@redhat.com>
[Push new "if" up so that it covers KVM split irqchip as well. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agoapic: fix broken migration for kvm-apic
Igor Mammedov [Fri, 29 Jul 2016 13:55:42 +0000 (15:55 +0200)]
apic: fix broken migration for kvm-apic

commit f6e98444 (apic: Use apic_id as apic's migration instance_id)
breaks migration when in kernel irqchip is used for 2.6 and older
machine types.

It applies compat property only for userspace 'apic' type
instead of applying it to all apic types inherited from
'apic-common' type as it was supposed to do.

Fix it by setting compat property 'legacy-instance-id' for
'apic-common' type which affects inherited types (i.e. not
only 'apic' but also 'kvm-apic' types)

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <1469800542-11402-1-git-send-email-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agofw_cfg: Make base type "fw_cfg" abstract
Markus Armbruster [Fri, 29 Jul 2016 07:29:13 +0000 (09:29 +0200)]
fw_cfg: Make base type "fw_cfg" abstract

Missed when commit 5712db6 split off "fw_cfg_io" and "fw_cfg_mem".

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1469777353-9383-1-git-send-email-armbru@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agoblock: Cater to iscsi with non-power-of-2 discard
Eric Blake [Thu, 21 Jul 2016 19:34:48 +0000 (13:34 -0600)]
block: Cater to iscsi with non-power-of-2 discard

Dell Equallogic iSCSI SANs have a very unusual advertised geometry:

$ iscsi-inq -e 1 -c $((0xb0)) iscsi://XXX/0
wsnz:0
maximum compare and write length:1
optimal transfer length granularity:0
maximum transfer length:0
optimal transfer length:0
maximum prefetch xdread xdwrite transfer length:0
maximum unmap lba count:30720
maximum unmap block descriptor count:2
optimal unmap granularity:30720
ugavalid:1
unmap granularity alignment:0
maximum write same length:30720

which says that both the maximum and the optimal discard size
is 15M.  It is not immediately apparent if the device allows
discard requests not aligned to the optimal size, nor if it
allows discards at a finer granularity than the optimal size.

I tried to find details in the SCSI Commands Reference Manual
Rev. A on what valid values of maximum and optimal sizes are
permitted, but while that document mentions a "Block Limits
VPD Page", I couldn't actually find documentation of that page
or what values it would have, or if a SCSI device has an
advertisement of its minimal unmap granularity.  So it is not
obvious to me whether the Dell Equallogic device is compliance
with the SCSI specification.

Fortunately, it is easy enough to support non-power-of-2 sizing,
even if it means we are less efficient than truly possible when
targetting that device (for example, it means that we refuse to
unmap anything that is not a multiple of 15M and aligned to a
15M boundary, even if the device truly does support a smaller
granularity where unmapping actually works).

Reported-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1469129688-22848-5-git-send-email-eblake@redhat.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agoosdep: Document differences in rounding macros
Eric Blake [Thu, 21 Jul 2016 19:34:47 +0000 (13:34 -0600)]
osdep: Document differences in rounding macros

Make it obvious which macros are safe in which situations.

Useful since QEMU_ALIGN_UP and ROUND_UP both purport to do
the same thing, but differ on whether the alignment must be
a power of 2.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1469129688-22848-4-git-send-email-eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agonbd: Limit nbdflags to 16 bits
Eric Blake [Thu, 21 Jul 2016 19:34:46 +0000 (13:34 -0600)]
nbd: Limit nbdflags to 16 bits

Rather than asserting that nbdflags is within range, just give
it the correct type to begin with :)  nbdflags corresponds to
the per-export portion of NBD Protocol "transmission flags", which
is 16 bits in response to NBD_OPT_EXPORT_NAME and NBD_OPT_GO.

Furthermore, upstream NBD has never passed the global flags to
the kernel via ioctl(NBD_SET_FLAGS) (the ioctl was first
introduced in NBD 2.9.22; then a latent bug in NBD 3.1 actually
tried to OR the global flags with the transmission flags, with
the disaster that the addition of NBD_FLAG_NO_ZEROES in 3.9
caused all earlier NBD 3.x clients to treat every export as
read-only; NBD 3.10 and later intentionally clip things to 16
bits to pass only transmission flags).  Qemu should follow suit,
since the current two global flags (NBD_FLAG_FIXED_NEWSTYLE
and NBD_FLAG_NO_ZEROES) have no impact on the kernel's behavior
during transmission.

CC: qemu-stable@nongnu.org
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1469129688-22848-3-git-send-email-eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agonbd: Fix bad flag detection on server
Eric Blake [Thu, 21 Jul 2016 19:34:45 +0000 (13:34 -0600)]
nbd: Fix bad flag detection on server

Commit ab7c548e added a check for invalid flags, but used an
early return on error instead of properly going through the
cleanup label.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1469129688-22848-2-git-send-email-eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agoi2c: fix migration regression introduced by broadcast support
Igor Mammedov [Wed, 27 Jul 2016 12:39:58 +0000 (14:39 +0200)]
i2c: fix migration regression introduced by broadcast support

QEMU fails migration with following error:

qemu-system-x86_64: Missing section footer for i2c_bus
qemu-system-x86_64: load of migration failed: Invalid argument

when migrating from:
  qemu-system-x86_64-v2.6.0 -m 256M rhel72.img -M pc-i440fx-2.6
to
  qemu-system-x86_64-v2.7.0-rc0 -m 256M rhel72.img -M pc-i440fx-2.6

Regression is added by commit 2293c27f (i2c: implement broadcast write)

Fix it by dropping 'broadcast' VMState introduced by 2293c27f and
reuse broadcast 0x00 address as broadcast flag in bus->saved_address.
Then if there were ongoing broadcast at migration time, set
bus->saved_address to it and at i2c_slave_post_load() time check
for it instead of transfering and using 'broadcast' VMState.

As result of reusing existing saved_address VMState, no compat
glue will be needed to keep forward/backward compatiblity. which
makes fix much less intrusive.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <1469623198-177227-1-git-send-email-imammedo@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agomptsas: really fix migration compatibility
Paolo Bonzini [Mon, 1 Aug 2016 08:25:05 +0000 (10:25 +0200)]
mptsas: really fix migration compatibility

Commit 2e2aa316 removed internal flag msi_in_use, but it
existed in vmstate.  Restore it for migration to older QEMU
versions.

Reported-by: Amit Shah <amit.shah@redhat.com>
Suggested-by: Amit Shah <amit.shah@redhat.com>
Cc: Markus Armbruster <armbru@redhat.com>
Cc: Marcel Apfelbaum <marcel@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Amit Shah <amit.shah@redhat.com>
Cc: Cao jin <caoj.fnst@cn.fujitsu.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agoqdist: return "(empty)" instead of NULL when printing an empty dist
Emilio G. Cota [Mon, 25 Jul 2016 15:03:45 +0000 (11:03 -0400)]
qdist: return "(empty)" instead of NULL when printing an empty dist

Printf'ing a NULL string is undefined behaviour. Avoid it.

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-Id: <1469459025-23606-4-git-send-email-cota@braap.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agoqdist: use g_renew and g_new instead of g_realloc and g_malloc.
Emilio G. Cota [Mon, 25 Jul 2016 15:03:44 +0000 (11:03 -0400)]
qdist: use g_renew and g_new instead of g_realloc and g_malloc.

This is safer against overflow.  g_renew is available in all
version of glib, while g_realloc_n is only available in 2.24.

Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-Id: <1469459025-23606-3-git-send-email-cota@braap.org>
[Rewritten to use g_new/g_renew. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agoMerge remote-tracking branch 'remotes/kraxel/tags/pull-usb-20160803-1' into staging
Peter Maydell [Wed, 3 Aug 2016 13:25:09 +0000 (14:25 +0100)]
Merge remote-tracking branch 'remotes/kraxel/tags/pull-usb-20160803-1' into staging

usb: bugfixes for xen-usb and ehci, mingw build fix.

# gpg: Signature made Wed 03 Aug 2016 14:04:26 BST
# gpg:                using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/pull-usb-20160803-1:
  xen: use a common function for pv and hvm guest backend register calls
  xen: drain submit queue in xen-usb before removing device
  xen: when removing a backend don't remove many of them
  ehci: faster frame index calculation for skipped frames
  wxx: Fix compilation of host-libusb.c
  wxx: Fix compiler warning for host-libusb.c

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agovnc: ensure connection sharing/limits is always configured
Daniel P. Berrange [Tue, 2 Aug 2016 10:45:26 +0000 (11:45 +0100)]
vnc: ensure connection sharing/limits is always configured

The connection sharing / limits are only set in the
vnc_display_open() method and so missed when VNC is running
with '-vnc none'. This in turn prevents clients being added
to the VNC server with the QMP "add_client" command.

This was introduced in

  commit e5f34cdd2da54f28d90889a3afd15fad2d6105ff
  Author: Gerd Hoffmann <kraxel@redhat.com>
  Date:   Thu Oct 2 12:09:34 2014 +0200

      vnc: track & limit connections

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 1470134726-15697-4-git-send-email-berrange@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
8 years agovnc: fix crash when vnc_server_info_get has an error
Daniel P. Berrange [Tue, 2 Aug 2016 10:45:25 +0000 (11:45 +0100)]
vnc: fix crash when vnc_server_info_get has an error

The vnc_server_info_get will allocate the VncServerInfo
struct and then call vnc_init_basic_info_from_server_addr
to populate the basic fields. If this returns an error
though, the qapi_free_VncServerInfo call will then crash
because the VncServerInfo struct instance was not properly
NULL-initialized and thus contains random stack garbage.

 #0  0x00007f1987c8e6f5 in raise () at /lib64/libc.so.6
 #1  0x00007f1987c902fa in abort () at /lib64/libc.so.6
 #2  0x00007f1987ccf600 in __libc_message () at /lib64/libc.so.6
 #3  0x00007f1987cd7d4a in _int_free () at /lib64/libc.so.6
 #4  0x00007f1987cdb2ac in free () at /lib64/libc.so.6
 #5  0x00007f198b654f6e in g_free () at /lib64/libglib-2.0.so.0
 #6  0x0000559193cdcf54 in visit_type_str (v=v@entry=
     0x5591972f14b0, name=name@entry=0x559193de1e29 "host", obj=obj@entry=0x5591961dbfa0, errp=errp@entry=0x7fffd7899d80)
     at qapi/qapi-visit-core.c:255
 #7  0x0000559193cca8f3 in visit_type_VncBasicInfo_members (v=v@entry=
     0x5591972f14b0, obj=obj@entry=0x5591961dbfa0, errp=errp@entry=0x7fffd7899dc0) at qapi-visit.c:12307
 #8  0x0000559193ccb523 in visit_type_VncServerInfo_members (v=v@entry=
     0x5591972f14b0, obj=0x5591961dbfa0, errp=errp@entry=0x7fffd7899e00) at qapi-visit.c:12632
 #9  0x0000559193ccb60b in visit_type_VncServerInfo (v=v@entry=
     0x5591972f14b0, name=name@entry=0x0, obj=obj@entry=0x7fffd7899e48, errp=errp@entry=0x0) at qapi-visit.c:12658
 #10 0x0000559193cb53d8 in qapi_free_VncServerInfo (obj=<optimized out>) at qapi-types.c:3970
 #11 0x0000559193c1e6ba in vnc_server_info_get (vd=0x7f1951498010) at ui/vnc.c:233
 #12 0x0000559193c24275 in vnc_connect (vs=0x559197b2f200, vs=0x559197b2f200, event=QAPI_EVENT_VNC_CONNECTED) at ui/vnc.c:284
 #13 0x0000559193c24275 in vnc_connect (vd=vd@entry=0x7f1951498010, sioc=sioc@entry=0x559196bf9c00, skipauth=skipauth@entry=tru e, websocket=websocket@entry=false) at ui/vnc.c:3039
 #14 0x0000559193c25806 in vnc_display_add_client (id=<optimized out>, csock=<optimized out>, skipauth=<optimized out>)
     at ui/vnc.c:3877
 #15 0x0000559193a90c28 in qmp_marshal_add_client (args=<optimized out>, ret=<optimized out>, errp=0x7fffd7899f90)
     at qmp-marshal.c:105
 #16 0x000055919399c2b7 in handle_qmp_command (parser=<optimized out>, tokens=<optimized out>)
     at /home/berrange/src/virt/qemu/monitor.c:3971
 #17 0x0000559193ce3307 in json_message_process_token (lexer=0x559194ab0838, input=0x559194a6d940, type=JSON_RCURLY, x=111, y=1 2) at qobject/json-streamer.c:105
 #18 0x0000559193cfa90d in json_lexer_feed_char (lexer=lexer@entry=0x559194ab0838, ch=125 '}', flush=flush@entry=false)
     at qobject/json-lexer.c:319
 #19 0x0000559193cfaa1e in json_lexer_feed (lexer=0x559194ab0838, buffer=<optimized out>, size=<optimized out>)
     at qobject/json-lexer.c:369
 #20 0x0000559193ce33c9 in json_message_parser_feed (parser=<optimized out>, buffer=<optimized out>, size=<optimized out>)
     at qobject/json-streamer.c:124
 #21 0x000055919399a85b in monitor_qmp_read (opaque=<optimized out>, buf=<optimized out>, size=<optimized out>)
     at /home/berrange/src/virt/qemu/monitor.c:3987
 #22 0x0000559193a87d00 in tcp_chr_read (chan=<optimized out>, cond=<optimized out>, opaque=0x559194a7d900)
     at qemu-char.c:2895
 #23 0x00007f198b64f703 in g_main_context_dispatch () at /lib64/libglib-2.0.so.0
 #24 0x0000559193c484b3 in main_loop_wait () at main-loop.c:213
 #25 0x0000559193c484b3 in main_loop_wait (timeout=<optimized out>) at main-loop.c:258
 #26 0x0000559193c484b3 in main_loop_wait (nonblocking=<optimized out>) at main-loop.c:506
 #27 0x0000559193964c55 in main () at vl.c:1908
 #28 0x0000559193964c55 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4603

This was introduced in

  commit 98481bfcd661daa3c160cc87a297b0e60a307788
  Author: Eric Blake <eblake@redhat.com>
  Date:   Mon Oct 26 16:34:45 2015 -0600

    vnc: Hoist allocation of VncBasicInfo to callers

which added error reporting for vnc_init_basic_info_from_server_addr
but didn't change the g_malloc calls to g_malloc0.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 1470134726-15697-3-git-send-email-berrange@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
8 years agovnc: don't crash getting server info if lsock is NULL
Daniel P. Berrange [Tue, 2 Aug 2016 10:45:24 +0000 (11:45 +0100)]
vnc: don't crash getting server info if lsock is NULL

When VNC is started with '-vnc none' there will be no
listener socket present. When we try to populate the
VncServerInfo we'll crash accessing a NULL 'lsock'
field.

 #0  qio_channel_socket_get_local_address (ioc=0x0, errp=errp@entry=0x7ffd5b8aa0f0) at io/channel-socket.c:33
 #1  0x00007f4b9a297d6f in vnc_init_basic_info_from_server_addr (errp=0x7ffd5b8aa0f0, info=0x7f4b9d425460, ioc=<optimized out>)  at ui/vnc.c:146
 #2  vnc_server_info_get (vd=0x7f4b9e858000) at ui/vnc.c:223
 #3  0x00007f4b9a29d318 in vnc_qmp_event (vs=0x7f4b9ef82000, vs=0x7f4b9ef82000, event=QAPI_EVENT_VNC_CONNECTED) at ui/vnc.c:279
 #4  vnc_connect (vd=vd@entry=0x7f4b9e858000, sioc=sioc@entry=0x7f4b9e8b3a20, skipauth=skipauth@entry=true, websocket=websocket @entry=false) at ui/vnc.c:2994
 #5  0x00007f4b9a29e8c8 in vnc_display_add_client (id=<optimized out>, csock=<optimized out>, skipauth=<optimized out>) at ui/v nc.c:3825
 #6  0x00007f4b9a18d8a1 in qmp_marshal_add_client (args=<optimized out>, ret=<optimized out>, errp=0x7ffd5b8aa230) at qmp-marsh al.c:123
 #7  0x00007f4b9a0b53f5 in handle_qmp_command (parser=<optimized out>, tokens=<optimized out>) at /usr/src/debug/qemu-2.6.0/mon itor.c:3922
 #8  0x00007f4b9a348580 in json_message_process_token (lexer=0x7f4b9c78dfe8, input=0x7f4b9c7350e0, type=JSON_RCURLY, x=111, y=5 9) at qobject/json-streamer.c:94
 #9  0x00007f4b9a35cfeb in json_lexer_feed_char (lexer=lexer@entry=0x7f4b9c78dfe8, ch=125 '}', flush=flush@entry=false) at qobj ect/json-lexer.c:310
 #10 0x00007f4b9a35d0ae in json_lexer_feed (lexer=0x7f4b9c78dfe8, buffer=<optimized out>, size=<optimized out>) at qobject/json -lexer.c:360
 #11 0x00007f4b9a348679 in json_message_parser_feed (parser=<optimized out>, buffer=<optimized out>, size=<optimized out>) at q object/json-streamer.c:114
 #12 0x00007f4b9a0b3a1b in monitor_qmp_read (opaque=<optimized out>, buf=<optimized out>, size=<optimized out>) at /usr/src/deb ug/qemu-2.6.0/monitor.c:3938
 #13 0x00007f4b9a186751 in tcp_chr_read (chan=<optimized out>, cond=<optimized out>, opaque=0x7f4b9c7add40) at qemu-char.c:2895
 #14 0x00007f4b92b5c79a in g_main_context_dispatch () from /lib64/libglib-2.0.so.0
 #15 0x00007f4b9a2bb0c0 in glib_pollfds_poll () at main-loop.c:213
 #16 os_host_main_loop_wait (timeout=<optimized out>) at main-loop.c:258
 #17 main_loop_wait (nonblocking=<optimized out>) at main-loop.c:506
 #18 0x00007f4b9a0835cf in main_loop () at vl.c:1934
 #19 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4667

Do an upfront check for a NULL lsock and report an error to
the caller, which matches behaviour from before

  commit 04d2529da27db512dcbd5e99d0e26d333f16efcc
  Author: Daniel P. Berrange <berrange@redhat.com>
  Date:   Fri Feb 27 16:20:57 2015 +0000

    ui: convert VNC server to use QIOChannelSocket

where getsockname() would be given a FD value -1 and thus report
an error to the caller.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 1470134726-15697-2-git-send-email-berrange@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
8 years agoxen: use a common function for pv and hvm guest backend register calls
Juergen Gross [Tue, 2 Aug 2016 06:32:32 +0000 (08:32 +0200)]
xen: use a common function for pv and hvm guest backend register calls

Instead of calling xen_be_register() for each supported backend type
for hvm and pv guests in their machine init functions use a common
function in order not to have to add new backends twice.

This at once fixes the error that hvm domains couldn't use the qusb
backend.

Signed-off-by: Juergen Gross <jgross@suse.com>
Acked-by: Anthony PERARD <anthony.perard@citrix.com>
Message-id: 1470119552-16170-1-git-send-email-jgross@suse.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
8 years agoMerge remote-tracking branch 'remotes/berrange/tags/pull-qio-next-2016-08-03-v1'...
Peter Maydell [Wed, 3 Aug 2016 12:43:28 +0000 (13:43 +0100)]
Merge remote-tracking branch 'remotes/berrange/tags/pull-qio-next-2016-08-03-v1' into staging

Merge qio-next 2016-08-03 v1

# gpg: Signature made Wed 03 Aug 2016 10:48:08 BST
# gpg:                using RSA key 0xBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>"
# gpg:                 aka "Daniel P. Berrange <berrange@redhat.com>"
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E  8E3F BE86 EBB4 1510 4FDF

* remotes/berrange/tags/pull-qio-next-2016-08-03-v1:
  io: remove mistaken call to object_ref on QTask

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoMerge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.7-20160803' into staging
Peter Maydell [Wed, 3 Aug 2016 10:52:53 +0000 (11:52 +0100)]
Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.7-20160803' into staging

qemu-2.7: ppc patch queue 2016-08-03

Here's the current set of patches (only 2) for spapr, ppc and related
things.  These are important bugfixes for the stabilizing 2.7 tree.

One is for a regression where confusion between x86 only and generic
KVM irq handling resulted in breakage on KVM/Power.  The other is
fixing (yet another) problem in the vcpu hotplug code: older pseries
machine types which don't support vcpu hotplug weren't correctly
advertising that, potentially leading to crashes or other problems.

# gpg: Signature made Wed 03 Aug 2016 06:23:40 BST
# gpg:                using RSA key 0x6C38CACA20D9B392
# gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>"
# gpg:                 aka "David Gibson (Red Hat) <dgibson@redhat.com>"
# gpg:                 aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 B392

* remotes/dgibson/tags/ppc-for-2.7-20160803:
  kvm-irqchip: only commit route when irqchip is used
  spapr: Error out when CPU hotplug is attempted on older pseries machines

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoio: remove mistaken call to object_ref on QTask
Daniel P. Berrange [Tue, 7 Jun 2016 11:27:51 +0000 (12:27 +0100)]
io: remove mistaken call to object_ref on QTask

The QTask struct is just a standalone struct, not a QOM Object,
so calling object_ref() on it is not appropriate. This results
in mangling the 'destroy' field in the QTask struct, causing
the later call to qtask_free() to try to call the function
at address 0x1, with predictably segfault happy results.

There is in fact no need for ref counting with QTask, as the
call to qtask_abort() or qtask_complete() will automatically
free associated memory.

This fixes the crash shown in

  https://bugs.launchpad.net/qemu/+bug/1589923

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
8 years agoxen: drain submit queue in xen-usb before removing device
Juergen Gross [Tue, 2 Aug 2016 12:14:04 +0000 (14:14 +0200)]
xen: drain submit queue in xen-usb before removing device

When unplugging a device in the Xen pvusb backend drain the submit
queue before deallocation of the control structures. Otherwise there
will be bogus memory accesses when I/O contracts are finished.

Correlated to this issue is the handling of cancel requests: a packet
cancelled will still lead to the call of complete, so add a flag
to the request indicating it should be just dropped on complete.

Signed-off-by: Juergen Gross <jgross@suse.com>
Acked-by: Anthony PERARD <anthony.perard@citrix.com>
Message-id: 1470140044-16492-3-git-send-email-jgross@suse.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
8 years agoxen: when removing a backend don't remove many of them
Juergen Gross [Tue, 2 Aug 2016 12:14:03 +0000 (14:14 +0200)]
xen: when removing a backend don't remove many of them

When a Xenstore watch fires indicating a backend has to be removed
don't remove all backends for that domain with the specified device
index, but just the one which has the correct type.

The easiest way to achieve this is to use the already determined
xendev as parameter for xen_be_del_xendev() instead of only the domid
and device index.

This at once removes the open coded QTAILQ_FOREACH_SAVE() in
xen_be_del_xendev() as there is no need to search for the correct
xendev any longer.

Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Message-id: 1470140044-16492-2-git-send-email-jgross@suse.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
8 years agokvm-irqchip: only commit route when irqchip is used
Peter Xu [Wed, 3 Aug 2016 03:07:21 +0000 (11:07 +0800)]
kvm-irqchip: only commit route when irqchip is used

Reported from Alexey Kardashevskiy:

3f1fea0fb5bf "kvm-irqchip: do explicit commit when update irq" produces
a crash on pseries guest running with VFIO on POWER8 machine as it does
not support KVM_CAP_IRQCHIP (KVM_CAP_IRQ_XICS is there instead). At the
result, KVMState::irq_routes is NULL when VFIO calls
kvm_irqchip_commit_routes.

This makes the routing update conditional.

Reported-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Tested-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Peter Xu <peterx@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
8 years agospapr: Error out when CPU hotplug is attempted on older pseries machines
Bharata B Rao [Wed, 3 Aug 2016 03:08:23 +0000 (13:08 +1000)]
spapr: Error out when CPU hotplug is attempted on older pseries machines

CPU hotplug and coldplug aren't supported prior to pseries-2.7.  Further,
earlier machine types don't use CPU core objects at all.  These mean that
query-hotpluggable-cpus and coldplug on older pseries machines will crash
QEMU.  It also means that hotpluggable_cpus flag in query-machines will
be incorrectly set to true for pseries < 2.7, since it is based on the
presence of the query_hotpluggable_cpus hook.

- Don't assign the query_hotpluggable_cpus hook for pseries < 2.7
- query_hotpluggable_cpus should therefore never be called on pseries <
  2.7, so add an assert
- spapr_core_pre_plug() should fail hot/cold plug attempts for pseries <
  2.7, since core objects are never used there
- spapr_core_plug() should therefore never be called for pseries < 2.7, so
  add an assert.

Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
[dwg: Change from query_hotpluggable_cpus returning NULL for pseries < 2.7
 to not being called at all, reword commit message for accuracy]
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
8 years agoMerge remote-tracking branch 'remotes/ehabkost/tags/numa-pull-request' into staging
Peter Maydell [Tue, 2 Aug 2016 11:55:12 +0000 (12:55 +0100)]
Merge remote-tracking branch 'remotes/ehabkost/tags/numa-pull-request' into staging

MAINTAINERS: Add Host Memory Backends section

# gpg: Signature made Tue 02 Aug 2016 12:24:56 BST
# gpg:                using RSA key 0x2807936F984DC5A6
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>"
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF  D1AA 2807 936F 984D C5A6

* remotes/ehabkost/tags/numa-pull-request:
  MAINTAINERS: Add Host Memory Backends section

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoehci: faster frame index calculation for skipped frames
Evgeny Yakovlev [Wed, 27 Jul 2016 16:55:20 +0000 (19:55 +0300)]
ehci: faster frame index calculation for skipped frames

ehci_update_frindex takes time linearly proportional to a number
of uframes to calculate new frame index and raise FLR interrupts,
which is a problem for large amounts of uframes.

If we experience large delays between echi timer callbacks (i.e. because
other periodic handlers have taken a lot of time to complete) we
get a lot of skipped frames which then delay ehci timer callback more
and this leads to deadlocking the system when ehci schedules next
callback to be too soon.

Observable behaviour is qemu consuming 100% host CPU time while guest
is unresponsive. This misbehavior could happen for a while and QEMU does
not get out from this state automatically without the patch.

This change makes ehci_update_frindex execute in constant time.

Signed-off-by: Evgeny Yakovlev <eyakovlev@virtuozzo.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Message-id: 1469638520-32706-1-git-send-email-den@openvz.org
CC: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
8 years agowxx: Fix compilation of host-libusb.c
Stefan Weil [Fri, 29 Jul 2016 06:55:31 +0000 (08:55 +0200)]
wxx: Fix compilation of host-libusb.c

libusb.h uses the WINAPI calling convention for all function callbacks.

Cross compilation with Mingw-w64 on Cygwin fails when this calling
convention is missing.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Message-id: 1469775331-7468-1-git-send-email-sw@weilnetz.de
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
8 years agowxx: Fix compiler warning for host-libusb.c
Stefan Weil [Fri, 29 Jul 2016 06:59:29 +0000 (08:59 +0200)]
wxx: Fix compiler warning for host-libusb.c

The local variable i is unsed for Windows.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Message-id: 1469775569-7869-1-git-send-email-sw@weilnetz.de
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
8 years agoMAINTAINERS: Add Host Memory Backends section
Eduardo Habkost [Mon, 1 Aug 2016 13:52:42 +0000 (10:52 -0300)]
MAINTAINERS: Add Host Memory Backends section

The hostmem code is closely related to the NUMA code, so I am
willing to handle patches to those files and share the work with
Igor (the original author of that code).

Acked-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
8 years agoqdist: fix memory leak during binning
Emilio G. Cota [Mon, 25 Jul 2016 15:03:43 +0000 (11:03 -0400)]
qdist: fix memory leak during binning

In qdist_bin__internal(), to->entries is initialized to a 1-element array,
which we then leak when n == from->n. Fix it.

Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-Id: <1469459025-23606-2-git-send-email-cota@braap.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agotarget-i386: fix typo in xsetbv implementation
Dave Hansen [Sat, 23 Jul 2016 07:50:25 +0000 (09:50 +0200)]
target-i386: fix typo in xsetbv implementation

QEMU 2.6 added support for the XSAVE family of instructions, which
includes the XSETBV instruction which allows setting the XCR0
register.

But, when booting Linux kernels with XSAVE support enabled, I was
getting very early crashes where the instruction pointer was set
to 0x3.  I tracked it down to a jump instruction generated by this:

        gen_jmp_im(s->pc - pc_start);

where s->pc is pointing to the instruction after XSETBV and pc_start
is pointing _at_ XSETBV.  Subtract the two and you get 0x3.  Whoops.

The fix is to replace this typo with the pattern found everywhere
else in the file when folks want to end the translation buffer.

Richard Henderson confirmed that this is a bug and that this is the
correct fix.

Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Cc: qemu-stable@nongnu.org
Cc: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agoqht: do not segfault when gathering stats from an uninitialized qht
Emilio G. Cota [Fri, 22 Jul 2016 16:36:30 +0000 (12:36 -0400)]
qht: do not segfault when gathering stats from an uninitialized qht

So far, QHT functions assume that the passed qht has previously been
initialized--otherwise they segfault.

This patch makes an exception for qht_statistics_init, with the goal
of simplifying calling code. For instance, qht_statistics_init is
called from the 'info jit' dump, and given that under KVM the TB qht
is never initialized, we get a segfault. Thus, instead of complicating
the 'info jit' code with additional checks, let's allow passing an
uninitialized qht to qht_statistics_init.

While at it, add a test for this to test-qht.

Before the patch (for $ qemu -enable-kvm [...]):
(qemu) info jit
[...]
direct jump count   0 (0%) (2 jumps=0 0%)
Program received signal SIGSEGV, Segmentation fault.

After the patch the "TB hash buckets", "TB hash occupancy"
and "TB hash avg chain" lines are omitted.
(qemu) info jit
[...]
direct jump count   0 (0%) (2 jumps=0 0%)
TB hash buckets     0/0 (-nan% head buckets used)
TB hash occupancy   nan% avg chain occ. Histogram: (null)
TB hash avg chain   nan buckets. Histogram: (null)
[...]

Reported by: Changlong Xie <xiecl.fnst@cn.fujitsu.com>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-Id: <1469205390-14369-1-git-send-email-cota@braap.org>
[Extract printing statistics to an entirely separate function. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agoutil: Drop inet_listen()
Cao jin [Mon, 25 Jul 2016 13:02:51 +0000 (21:02 +0800)]
util: Drop inet_listen()

Since commit e65c67e4, inet_listen() is not used anymore, and all
inet listen operation goes through QIOChannel.

Cc: Daniel P. Berrange <berrange@redhat.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Eric Blake <eblake@redhat.com>
Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
Message-Id: <1469451771-1173-3-git-send-email-caoj.fnst@cn.fujitsu.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agoutil: drop unix_nonblocking_connect()
Cao jin [Thu, 21 Jul 2016 10:33:33 +0000 (18:33 +0800)]
util: drop unix_nonblocking_connect()

It is never used; all nonblocking connect now goes through
socket_connect(), which calls unix_connect_addr().

Cc: Daniel P. Berrange <berrange@redhat.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
Message-Id: <1469097213-26441-3-git-send-email-caoj.fnst@cn.fujitsu.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agoutil: drop inet_nonblocking_connect()
Cao jin [Thu, 21 Jul 2016 10:33:32 +0000 (18:33 +0800)]
util: drop inet_nonblocking_connect()

It is never used; all nonblocking connect now goes through
socket_connect(), which calls inet_connect_addr().

Cc: Daniel P. Berrange <berrange@redhat.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
Message-Id: <1469097213-26441-2-git-send-email-caoj.fnst@cn.fujitsu.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agocheckpatch: add check for bzero
Paolo Bonzini [Thu, 21 Jul 2016 09:03:11 +0000 (11:03 +0200)]
checkpatch: add check for bzero

Tested-By: Peter Xu <peterx@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agofix qemu exit on memory hotplug when allocation fails at prealloc time
Igor Mammedov [Wed, 20 Jul 2016 09:54:03 +0000 (11:54 +0200)]
fix qemu exit on memory hotplug when allocation fails at prealloc time

When adding hostmem backend at runtime, QEMU might exit with error:
  "os_mem_prealloc: Insufficient free host memory pages available to allocate guest RAM"

It happens due to os_mem_prealloc() not handling errors gracefully.

Fix it by passing errp argument so that os_mem_prealloc() could
report error to callers and undo performed allocation when
os_mem_prealloc() fails.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <1469008443-72059-1-git-send-email-imammedo@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agonuma: set the memory backend "is_mapped" field
Greg Kurz [Tue, 19 Jul 2016 08:28:35 +0000 (10:28 +0200)]
numa: set the memory backend "is_mapped" field

Commit 2aece63 "hostmem: detect host backend memory is being used properly"
added a way to know if a memory backend is busy or available for use. It
caused a slight regression if we pass the same backend to a NUMA node and
to a pc-dimm device:

-m 1G,slots=2,maxmem=2G \
-object memory-backend-ram,size=1G,id=mem-mem1 \
-device pc-dimm,id=dimm-mem1,memdev=mem-mem1 \
-numa node,nodeid=0,memdev=mem-mem1

Before commit 2aece63, this would cause QEMU to print an error message and
to exit gracefully:

qemu-system-ppc64: -device pc-dimm,id=dimm-mem1,memdev=mem-mem1:
    can't use already busy memdev: mem-mem1

Since commit 2aece63, QEMU hits an assertion in the memory code:

qemu-system-ppc64: memory.c:1934: memory_region_add_subregion_common:
    Assertion `!subregion->container' failed.
Aborted

This happens because pc-dimm devices don't use memory_region_is_mapped()
anymore and cannot guess the backend is already used by a NUMA node.

Let's revert to the previous behavior by turning the NUMA code to also
call host_memory_backend_set_mapped() when it uses a backend.

Fixes: 2aece63c8a9d2c3a8ff41d2febc4cdeff2633331
Signed-off-by: Greg Kurz <groug@kaod.org>
Message-Id: <146891691503.15642.9817215371777203794.stgit@bahia.lan>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agoutil/qht: Document memory ordering assumptions
Paolo Bonzini [Fri, 15 Jul 2016 17:58:41 +0000 (20:58 +0300)]
util/qht: Document memory ordering assumptions

It is naturally expected that some memory ordering should be provided
around qht_insert() and qht_lookup(). Document these assumptions in the
header file and put some comments in the source to denote how that
memory ordering requirements are fulfilled.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
[Sergey Fedorov: commit title and message provided;
comment on qht_remove() elided]
Signed-off-by: Sergey Fedorov <serge.fdrv@gmail.com>
Message-Id: <20160715175852.30749-2-sergey.fedorov@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years agoMAINTAINERS: Update the Xilinx maintainers
Alistair Francis [Thu, 28 Jul 2016 16:55:39 +0000 (09:55 -0700)]
MAINTAINERS: Update the Xilinx maintainers

Update the Xilinx maintainers documentation to simplify what we maintain
and cover all of our upstream code.

Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoFix bsd-user build errors after 8642c1b81e0418df066a7960a7426d85a923a253
Sean Bruno [Fri, 29 Jul 2016 16:02:35 +0000 (10:02 -0600)]
Fix bsd-user build errors after 8642c1b81e0418df066a7960a7426d85a923a253

  LINK  sparc-bsd-user/qemu-sparc
bsd-user/main.o: In function `cpu_loop':
/home/sbruno/bsd/qemu/bsd-user/main.c:515: undefined reference to `cpu_sparc_exec'
c++: error: linker command failed with exit code 1 (use -v to see invocation)
gmake[1]: *** [Makefile:197: qemu-sparc] Error 1
gmake: *** [Makefile:204: subdir-sparc-bsd-user] Error 2

  LINK  i386-bsd-user/qemu-i386
bsd-user/main.o: In function `cpu_loop':
/home/sbruno/bsd/qemu/bsd-user/main.c:174: undefined reference to `cpu_x86_exec'
c++: error: linker command failed with exit code 1 (use -v to see invocation)
gmake[1]: *** [Makefile:197: qemu-i386] Error 1
gmake: *** [Makefile:204: subdir-i386-bsd-user] Error 2

Signed-off-by: Sean Bruno <sbruno@freebsd.org>
Message-id: 20160729160235.64525-1-sbruno@freebsd.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoUpdate version for v2.7.0-rc1 release
Peter Maydell [Fri, 29 Jul 2016 14:55:59 +0000 (15:55 +0100)]
Update version for v2.7.0-rc1 release

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoavx2 configure: Disable if static build
Aaron Lindsay [Thu, 14 Jul 2016 19:38:14 +0000 (15:38 -0400)]
avx2 configure: Disable if static build

This avoids a segfault like the following for at least some 4.8 versions
of gcc when configured with --static if avx2 instructions are also
enabled:

Program received signal SIGSEGV, Segmentation fault.
buffer_find_nonzero_offset_ifunc () at ./util/cutils.c:333
333     {
(gdb) bt
#0  buffer_find_nonzero_offset_ifunc () at ./util/cutils.c:333
#1  0x0000000000939c58 in __libc_start_main ()
#2  0x0000000000419337 in _start ()

Signed-off-by: Aaron Lindsay <alindsay@codeaurora.org>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoUnbreak FreeBSD build after optionrom update.
Sean Bruno [Tue, 26 Jul 2016 21:05:33 +0000 (15:05 -0600)]
Unbreak FreeBSD build after optionrom update.

Update the build flags appropriately for FreeBSD and add the
correct LD_EMULATION type for the FreeBSD build case.

Fixes FreeBSD build error:
ld: unrecognised emulation mode: elf_i386
Supported emulations: elf_x86_64_fbsd elf_i386_fbsd
gmake[1]: *** [Makefile:51: linuxboot_dma.img] Error 1
gmake: *** [Makefile:229: romsubdir-optionrom] Error 2

Signed-off-by: Sean Bruno <sbruno@freebsd.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agooptionrom: fix detection of -Wa,-32
Paolo Bonzini [Wed, 20 Jul 2016 19:36:49 +0000 (21:36 +0200)]
optionrom: fix detection of -Wa,-32

The cc-option macro runs $(CC) in -S mode (generate assembly) to avoid a
pointless run of the assembler.  However, this does not work when you want
to detect support for cc->as option passthrough.  clang ignores -Wa unless
-c is provided, and exits successfully even if the -Wa,-32 option is not
supported.

Reported-by: Stefan Hajnoczi <stefanha@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1469043409-14033-1-git-send-email-pbonzini@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoMerge remote-tracking branch 'remotes/lalrae/tags/mips-20160729' into staging
Peter Maydell [Fri, 29 Jul 2016 12:05:55 +0000 (13:05 +0100)]
Merge remote-tracking branch 'remotes/lalrae/tags/mips-20160729' into staging

MIPS patches 2016-07-29

Changes:
* bug fixes

# gpg: Signature made Fri 29 Jul 2016 09:44:13 BST
# gpg:                using RSA key 0x52118E3C0B29DA6B
# gpg: Good signature from "Leon Alrae <leon.alrae@imgtec.com>"
# Primary key fingerprint: 8DD3 2F98 5495 9D66 35D4  4FC0 5211 8E3C 0B29 DA6B

* remotes/lalrae/tags/mips-20160729:
  target-mips: fix EntryHi.EHINV being cleared on TLB exception
  hw/mips_malta: Fix YAMON API print routine

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoMerge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.7-20160729' into staging
Peter Maydell [Fri, 29 Jul 2016 11:37:08 +0000 (12:37 +0100)]
Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.7-20160729' into staging

ppc patch queue 2016-07-29

Here are the current pending ppc and spapr related patches for
qemu-2.7.  Given the freeze status, these are all bugfixes, with two
exceptions:

  * There's some final rework of the vcpu hotplug model.  Specifically
    we add spapr specific code on the generic basis Igor established
    to make cpu_index stable for pseries-2.7 and later machine types.
      - This allows us to remove the limitation that cpu cores had to
        be inserted in linear order, and removed in LIFO order.
      - This is worth merging this late in 2.7 because it will avoid
        considerable future grief with management layers needing to
        discover whether out-of-order hotplug is possible, amongst
        other things.
      - For now we do add a constraint that the initial cpu cannot be
        unplugged.
  * We add two extra testcases to make check, for postcopy and
    drive_del on ppc64.
      - Not strictly bugfixes, but safe, because they don't affect the
        actual code, and increase test coverage.

# gpg: Signature made Fri 29 Jul 2016 05:50:02 BST
# gpg:                using RSA key 0x6C38CACA20D9B392
# gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>"
# gpg:                 aka "David Gibson (Red Hat) <dgibson@redhat.com>"
# gpg:                 aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 B392

* remotes/dgibson/tags/ppc-for-2.7-20160729:
  tests: add drive_del-test to ppc/ppc64
  spapr: Prevent boot CPU core removal
  ppc: Fix fault PC reporting for lve*/stve* VMX instructions
  test: port postcopy test to ppc64
  Revert "spapr: Ensure CPU cores are added contiguously and removed in LIFO order"
  spapr: init CPUState->cpu_index with index relative to core-id

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoMerge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
Peter Maydell [Fri, 29 Jul 2016 10:57:01 +0000 (11:57 +0100)]
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

pc, pci, virtio: cleanups, fixes

a bunch of bugfixes and a couple of cleanups
making these easier and/or making debugging easier

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Fri 29 Jul 2016 04:11:01 BST
# gpg:                using RSA key 0x281F0DB8D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17  0970 C350 3912 AFBE 8E67
#      Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA  8A0D 281F 0DB8 D28D 5469

* remotes/mst/tags/for_upstream: (41 commits)
  mptsas: Fix a migration compatible issue
  vhost: do not update last avail idx on get_vring_base() failure
  vhost: add vhost_net_set_backend()
  vhost-user: add error report in vhost_user_write()
  tests: fix vhost-user-test leak
  tests: plug some leaks in virtio-net-test
  vhost-user: wait until backend init is completed
  char: add and use tcp_chr_wait_connected
  char: add chr_wait_connected callback
  vhost: add assert() to check runtime behaviour
  vhost-net: vhost_migration_done is vhost-user specific
  Revert "vhost-net: do not crash if backend is not present"
  vhost-user: add get_vhost_net() assertions
  vhost-user: keep vhost_net after a disconnection
  vhost-user: check vhost_user_{read,write}() return value
  vhost-user: check qemu_chr_fe_set_msgfds() return value
  vhost-user: call set_msgfds unconditionally
  qemu-char: fix qemu_chr_fe_set_msgfds() crash when disconnected
  vhost: use error_report() instead of fprintf(stderr,...)
  vhost: add missing VHOST_OPS_DEBUG
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoMerge remote-tracking branch 'remotes/jnsnow/tags/ide-pull-request' into staging
Peter Maydell [Fri, 29 Jul 2016 10:01:38 +0000 (11:01 +0100)]
Merge remote-tracking branch 'remotes/jnsnow/tags/ide-pull-request' into staging

# gpg: Signature made Thu 28 Jul 2016 23:50:37 BST
# gpg:                using RSA key 0x7DEF8106AAFC390E
# gpg: Good signature from "John Snow (John Huston) <jsnow@redhat.com>"
# Primary key fingerprint: FAEB 9711 A12C F475 812F  18F2 88A9 064D 1835 61EB
#      Subkey fingerprint: F9B7 ABDB BCAC DF95 BE76  CBD0 7DEF 8106 AAFC 390E

* remotes/jnsnow/tags/ide-pull-request:
  ide: fix halted IO segfault at reset

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agotests: add drive_del-test to ppc/ppc64
Laurent Vivier [Thu, 28 Jul 2016 15:18:09 +0000 (17:18 +0200)]
tests: add drive_del-test to ppc/ppc64

Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
8 years agomptsas: Fix a migration compatible issue
Cao jin [Tue, 26 Jul 2016 09:03:23 +0000 (17:03 +0800)]
mptsas: Fix a migration compatible issue

My previous commit 2e2aa316 removed internal flag msi_in_use, which
exists in vmstate, use VMSTATE_UNUSED for migration compatibility.

Reported-by: Amit Shah <amit.shah@redhat.com>
Suggested-by: Amit Shah <amit.shah@redhat.com>
Cc: Markus Armbruster <armbru@redhat.com>
Cc: Marcel Apfelbaum <marcel@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
8 years agovhost: do not update last avail idx on get_vring_base() failure
Marc-André Lureau [Tue, 26 Jul 2016 21:15:27 +0000 (01:15 +0400)]
vhost: do not update last avail idx on get_vring_base() failure

The state.num value will probably be 0 in this case, but that
doesn't make sense to update.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
8 years agospapr: Prevent boot CPU core removal
Bharata B Rao [Wed, 27 Jul 2016 05:14:42 +0000 (10:44 +0530)]
spapr: Prevent boot CPU core removal

Boot CPU is assumed to be always present in QEMU code. So
until that assumptions are gone, deny removal request.
In another words, QEMU won't support boot CPU core hot-unplug.

Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
[dwg: Tweaked error message for clarity]
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
8 years agoppc: Fix fault PC reporting for lve*/stve* VMX instructions
Benjamin Herrenschmidt [Tue, 26 Jul 2016 22:20:55 +0000 (08:20 +1000)]
ppc: Fix fault PC reporting for lve*/stve* VMX instructions

We forgot to do gen_update_nip() for these like we do with other
helpers. Fix this, but in a more efficient way by passing the RA
to the accessors instead so the overhead is only taken on faults.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
8 years agotest: port postcopy test to ppc64
lvivier@redhat.com [Thu, 21 Jul 2016 16:47:56 +0000 (18:47 +0200)]
test: port postcopy test to ppc64

As userfaultfd syscall is available on powerpc, migration
postcopy can be used.

This patch adds the support needed to test this on powerpc,
instead of using a bootsector to run code to modify memory,
we use a FORTH script in "boot-command" property.

As spapr machine doesn't support "-prom-env" argument
(the nvram is initialized by SLOF and not by QEMU),
"boot-command" is provided to SLOF via a file mapped nvram
(with "-drive file=...,if=pflash")

Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
8 years agoRevert "spapr: Ensure CPU cores are added contiguously and removed in LIFO order"
David Gibson [Tue, 26 Jul 2016 03:37:20 +0000 (13:37 +1000)]
Revert "spapr: Ensure CPU cores are added contiguously and removed in LIFO order"

This reverts commit 5cbc64de25973e9129c5a7897734a06ac64b9aff.

Now that we have stable cpu_index values for pseries-2.7 (and future)
machine types, we can now safely allow hotplug and unplug in any order.

Conflicts:
hw/ppc/spapr_cpu_core.c

Some conflicts on revert due to some small changes in the inserted
code since the original commit.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
8 years agospapr: init CPUState->cpu_index with index relative to core-id
Igor Mammedov [Thu, 21 Jul 2016 15:54:37 +0000 (17:54 +0200)]
spapr: init CPUState->cpu_index with index relative to core-id

It will enshure that cpu_index for a given cpu stays the same
regardless of the order cpus has been created/deleted and so
it would be possible to migrate QEMU instance with out of order
created CPU.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
8 years agoide: fix halted IO segfault at reset
John Snow [Thu, 28 Jul 2016 21:34:19 +0000 (17:34 -0400)]
ide: fix halted IO segfault at reset

If one attempts to perform a system_reset after a failed IO request
that causes the VM to enter a paused state, QEMU will segfault trying
to free up the pending IO requests.

These requests have already been completed and freed, though, so all
we need to do is NULL them before we enter the paused state.

Existing AHCI tests verify that halted requests are still resumed
successfully after a STOP event.

Analyzed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1469635201-11918-2-git-send-email-jsnow@redhat.com
Signed-off-by: John Snow <jsnow@redhat.com>
8 years agovhost: add vhost_net_set_backend()
Marc-André Lureau [Tue, 26 Jul 2016 21:15:25 +0000 (01:15 +0400)]
vhost: add vhost_net_set_backend()

Not all vhost-user backends support ops->vhost_net_set_backend(). It is
a nicer to provide an assert/error than to crash trying to
call. Furthermore, it improves a bit the code by hiding vhost_ops
details.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
8 years agovhost-user: add error report in vhost_user_write()
Marc-André Lureau [Tue, 26 Jul 2016 21:15:24 +0000 (01:15 +0400)]
vhost-user: add error report in vhost_user_write()

Similar to vhost_user_read() error report, it is useful to have early
error report.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
8 years agotests: fix vhost-user-test leak
Marc-André Lureau [Tue, 26 Jul 2016 21:15:21 +0000 (01:15 +0400)]
tests: fix vhost-user-test leak

Spotted by valgrind.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
8 years agotests: plug some leaks in virtio-net-test
Marc-André Lureau [Tue, 26 Jul 2016 21:15:20 +0000 (01:15 +0400)]
tests: plug some leaks in virtio-net-test

Found thanks to valgrind.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
8 years agovhost-user: wait until backend init is completed
Marc-André Lureau [Tue, 26 Jul 2016 21:15:19 +0000 (01:15 +0400)]
vhost-user: wait until backend init is completed

The chardev waits for an initial connection before starting qemu, and
vhost-user should wait for the backend negotiation to be completed
before starting qemu too.

vhost-user is started in the net_vhost_user_event callback, which is
synchronously called after the socket is connected. Use a
VhostUserState.started flag to indicate vhost-user init completed
successfully and qemu can be started.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
8 years agochar: add and use tcp_chr_wait_connected
Marc-André Lureau [Tue, 26 Jul 2016 21:15:18 +0000 (01:15 +0400)]
char: add and use tcp_chr_wait_connected

Add a chr_wait_connected for the tcp backend, and use it in the
open_socket() function.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
8 years agochar: add chr_wait_connected callback
Marc-André Lureau [Tue, 26 Jul 2016 21:15:17 +0000 (01:15 +0400)]
char: add chr_wait_connected callback

A function to wait on the backend to be connected, to be used in the
following patches.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
8 years agovhost: add assert() to check runtime behaviour
Marc-André Lureau [Tue, 26 Jul 2016 21:15:16 +0000 (01:15 +0400)]
vhost: add assert() to check runtime behaviour

All these functions must be called only after the backend is connected.
They are called from virtio-net.c, after either virtio or link status
change.

The check for nc->peer->link_down should ensure vhost_net_{start,stop}()
are always called between vhost_user_{start,stop}().

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
8 years agovhost-net: vhost_migration_done is vhost-user specific
Marc-André Lureau [Tue, 26 Jul 2016 21:15:15 +0000 (01:15 +0400)]
vhost-net: vhost_migration_done is vhost-user specific

Either the callback is mandatory to implement, in which case an assert()
is more appropriate, or it's not and we can't tell much whether the
function should fail or not (given it's name, I guess it should silently
success by default). Instead, make the implementation mandatory and
vhost-user specific to be more clear about its usage.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
8 years agoRevert "vhost-net: do not crash if backend is not present"
Marc-André Lureau [Tue, 26 Jul 2016 21:15:14 +0000 (01:15 +0400)]
Revert "vhost-net: do not crash if backend is not present"

Now that get_vhost_net() returns non-null after a successful
vhost_net_init(), we no longer need to check this case.

This reverts commit ecd34898596c60f79886061618dd7e01001113ad.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>