review.tizen.org Git - sdk/emulator/qemu.git/log

bt: check struct sizes

See http://permalink.gmane.org/gmane.linux.bluez.kernel/36505. For historical
reasons these do not use sizeof, and Coverity caught a mistake in
EVT_ENCRYPT_CHANGE_SIZE.

In addition:

- remove status from create_conn_cancel_cp; the "status" field is only
in rp structs. Note that this means that the OCF_CREATE_CONN_CANCEL
could never have worked (it would have failed the LENGTH_CHECK), but
I am keeping it anyway.

- OCF_READ_LINK_QUALITY similarly could never have worked, but I am
fixing read_link_quality_cp anyway.

- fix inquiry_info which is shorter by one: the kernel has a struct that
is 14 byte long, but not counting the initial num_responses byte which
the kernel parses separately;

- remove extended_inquiry_info altogether, since it's not used and unlike
the other inquiry structs does not have the initial num_responses byte.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

typedefs: Put them back into alphabetical order

"Please keep this list in alphabetical order" has been more honoured
in the breach than in the observance. Clean up.

While there, drop a redundant struct declaration.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

scsi: remove scsi_req_free prototype

Function has been deleted in ad2d30f79d3b0812f02c741be2189796b788d6d7.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

gt64xxx: fix decoding of ISD register

The GT64xxx's internal registers can be placed above the first 4 GiB
in the address space, but not above the first 64 GiB. Correctly cast
the register to a 64-bit integer, and mask away bits above bit 35.

Datasheet at http://pdf.datasheetarchive.com/datasheetsmain/Datasheets-33/DSA-655889.pdf
(bug reported by Coverity).

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

configure: use appropriate code fragment for -fstack-protector checks

The check for stack-protector support consisted in compiling and linking
the test program below (output by function write_c_skeleton()) with the
compiler flag -fstack-protector-strong first and then with
-fstack-protector-all if the first one failed to work:

int main(void) { return 0; }

This caused false positives when using certain toolchains in which the
compiler accepted -fstack-protector-strong but no support was provided
by the C library, since for this stack-protector variant the compiler
emits canary code only for functions that meet specific conditions
(local arrays, memory references to local variables, etc.) and the code
fragment under test included none of them (hence no stack protection
code generated, no link failure).

This fix changes the test program used for -fstack-protector checks to
include a function that meets conditions which cause the compiler to
generate canary code in all variants.

Signed-off-by: Rodrigo Rebello <rprebello@gmail.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

crypto: avoid two coverity false positive error reports

In qcrypto_tls_creds_get_path() coverity complains that
we are checking '*creds' for NULL, despite having
dereferenced it previously. This is harmless bug due
to fact that the trace call was too early. Moving it
after the cleanup gets the desired semantics.

In qcrypto_tls_creds_check_cert_key_purpose() coverity
complains that we're passing a pointer to a previously
free'd buffer into gnutls_x509_crt_get_key_purpose_oid()
This is harmless because we're passing a size == 0, so
gnutls won't access the buffer, but rather just report
what size it needs to be. We can avoid it though by
explicitly setting the buffer to NULL after free'ing
it.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

configure: Diagnose broken linkers directly

Currently if the user's compiler works for creating .o files but
their linker is broken such that compiling an executable from a
C file does not work, we will report a misleading error message
about the compiler not supporting __thread (since that happens
to be the first test we run which requires a working linker).
Explicitly check that compile_prog works as well as compile_object,
so that people whose toolchain setup is broken get a more helpful
error message.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

bt: avoid unintended sign extension

In the case of a 4-byte length, shifting a value by 24 may cause
an unintended sign extension when converting from int to size_t.
Use a uint32_t variable instead.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

util/id: fully allocate names table

Trivial: this array should be allocated to have ID_MAX entries always.
Otherwise if someone were to forget to expand this table, the assertion
in the id generator won't actually trigger; it will read junk data.

Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

ui: vnc: avoid floating point exception

While sending 'SetPixelFormat' messages to a VNC server,
the client could set the 'red-max', 'green-max' and 'blue-max'
values to be zero. This leads to a floating point exception in
write_png_palette while doing frame buffer updates.

Reported-by: Lian Yihan <lianyihan@360.cn>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging

# gpg: Signature made Thu 03 Dec 2015 04:59:48 GMT using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"

* remotes/stefanha/tags/block-pull-request:
  iotests: Add regresion test case for write notifier assertion failure
  iotests: Add "add_drive_raw" method
  block: Don't wait serialising for non-COR read requests
  iothread: include id in thread name

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/juanquintela/tags/migration/20151203' into staging

migration/next for 20151203

# gpg: Signature made Wed 02 Dec 2015 23:19:10 GMT using RSA key ID 5872D723
# gpg: Good signature from "Juan Quintela <quintela@redhat.com>"
# gpg:                 aka "Juan Quintela <quintela@trasno.org>"

* remotes/juanquintela/tags/migration/20151203:
  migration: do floating-point division
  migration: Clean up use of g_poll() in socket_writev_buffer()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

iotests: Add regresion test case for write notifier assertion failure

The idea is to let the top level bs have a big request alignment with
blkdebug, so that the aio_write request issued from monitor will be
serialised. This tests that QEMU doesn't crash upon the read request
from the backup job's write notifier, which is a very special case of
"reentrant" request.

Signed-off-by: Fam Zheng <famz@redhat.com>
Message-id: 1448962590-2842-4-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

iotests: Add "add_drive_raw" method

This offers full manual control over the "-drive" options.

Signed-off-by: Fam Zheng <famz@redhat.com>
Message-id: 1448962590-2842-3-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

block: Don't wait serialising for non-COR read requests

The assertion problem was noticed in 06c3916b35a, but it wasn't
completely fixed, because even though the req is not marked as
serialising, it still gets serialised by wait_serialising_requests
against other serialising requests, which could lead to the same
assertion failure.

Fix it by even more explicitly skipping the serialising for this
specific case.

Signed-off-by: Fam Zheng <famz@redhat.com>
Message-id: 1448962590-2842-2-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

iothread: include id in thread name

This makes it easier to find the desired thread. Use "IO" plus the id;
even with the 14 character limit on the thread name, enough of the id should
be readable (e.g. "IO iothreadNNN" with three characters for the number).

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-id: 1448372804-5034-1-git-send-email-pbonzini@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

virtio,vhost,mmap fixes for 2.5

vhost test patches to fix the travis build
virtio ccw patch to fix virtio 1
virtio pci patch to fix pci express
vhost user bridge patch to fix fd leaks
mmap-alloc patch to fix hugetlbfs on ppc64
remove dead code for vhost (trivial)

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Wed 02 Dec 2015 20:38:41 GMT using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"

* remotes/mst/tags/for_upstream:
  util/mmap-alloc: fix hugetlb support on ppc64
  virtio-pci: Set the QEMU_PCI_CAP_EXPRESS capability early in its DeviceClass realize method
  virtio: handle non-virtio-1-capable backend for ccw
  tests/vhost-user-bridge.c: fix fd leakage
  vhost: drop dead code
  vhost-user: verify that number of queues is non-zero
  vhost-user-test: fix crash with glib < 2.36
  vhost-user-test: use unix port for migration
  vhost-user-test: fix chardriver race

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

migration: do floating-point division

Dividing integer expressions transferred_bytes and time_spent, and then converting
the integer quotient to type double. Any remainder, or fractional part of the
quotient, is ignored. Fix this.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>

migration: Clean up use of g_poll() in socket_writev_buffer()

socket_writev_buffer() writes in a loop, using g_poll() to block. If
g_poll() fails, it tries to write more before the file descriptor is
ready. In theory, this could go into a tight loop. In practice,
errors other than EINTR are really unlikely, and when they happen,
we're probably screwed anyway, so we can just as well loop.

Clean it up a bit: retry poll on EINTR, keep ignoring other errors.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>

util/mmap-alloc: fix hugetlb support on ppc64

Since commit 8561c9244ddf1122d "exec: allocate PROT_NONE pages on top of
RAM", it is no longer possible to back guest RAM with hugepages on ppc64
hosts:

mmap(NULL, 285212672, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x3fff57000000
mmap(0x3fff57000000, 268435456, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED, 19, 0) = -1 EBUSY (Device or resource busy)

This is because on ppc64, Linux fixes a page size for a virtual address
at mmap time, so we can't switch a range of memory from anonymous
small pages to hugetlbs with MAP_FIXED.

See commit d0f13e3c20b6fb73ccb467bdca97fa7cf5a574cd
("[POWERPC] Introduce address space "slices"") in Linux
history for the details.

Detect this and create the PROT_NONE mapping using the same fd.

Naturally, this makes the guard page bigger with hugetlbfs.

Based on patch by Greg Kurz.

Acked-by: Rik van Riel <riel@redhat.com>
Reviewed-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Tested-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

virtio-pci: Set the QEMU_PCI_CAP_EXPRESS capability early in its DeviceClass realize method

In 1811e64 'hw/virtio: Add PCIe capability to virtio devices', the
QEMU_PCI_CAP_EXPRESS capability was added to virtio's pci_dev, within
'virtio_pci_realize' - the pci device object realization method.

This occurs to late, as 'pci_qdev_realize' (DeviceClass.realize of
TYPE_PCI_DEVICE) has already been called, without knowing that the
device instance is indeed an "express" instance, thus allocating
insufficient pci config space.

As a result, device may crash upon attempt to write to the PCIE config
space.

Fix, by arming the QEMU_PCI_CAP_EXPRESS capability early in virtio-pci's
own DeviceClass realize method.

This also makes code cleaner, as 'virtio_pci_realize' may now access the
'pci_is_express' predicate when needed.

Signed-off-by: Shmulik Ladkani <shmulik.ladkani@ravellosystems.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
Tested-by: Marcel Apfelbaum <marcel@redhat.com>

virtio: handle non-virtio-1-capable backend for ccw

If you run a qemu advertising VERSION_1 with an old kernel where
vhost did not yet support VERSION_1, you'll end up with a device
that is {modern pci|ccw revision 1} but does not advertise VERSION_1.
This is not a sensible configuration and is rejected by the Linux
guest drivers.

To fix this, add a ->post_plugged() callback invoked after features
have been queried that can handle the VERSION_1 bit being withdrawn
and change ccw to fall back to revision 0 if VERSION_1 is gone.

Note that pci is _not_ fixed; we'll need to rethink the approach
for the next release but at least for pci it's not a regression.

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

tests/vhost-user-bridge.c: fix fd leakage

This fixes file descriptor leakage in vhost-user-bridge
application. Whenever a new callfd or kickfd is set, the previous
one should be explicitly closed. File descriptors used to map
guest's memory are closed immediately after mmap call.

Signed-off-by: Victor Kaplansky <victork@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Block layer patches

# gpg: Signature made Wed 02 Dec 2015 15:57:35 GMT using RSA key ID C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"

* remotes/kevin/tags/for-upstream:
blkdebug: silence warning under qtest
qcow2: Fix potential qemu-img check crash on 32 bit hosts

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/cody/tags/block-pull-request' into staging

# gpg: Signature made Wed 02 Dec 2015 15:45:36 GMT using RSA key ID C0DE3057
# gpg: Good signature from "Jeffrey Cody <jcody@redhat.com>"
# gpg:                 aka "Jeffrey Cody <jeff@codyprime.org>"
# gpg:                 aka "Jeffrey Cody <codyprime@gmail.com>"

* remotes/cody/tags/block-pull-request:
  mirror: Quiesce source during "mirror_exit"

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

vhost: drop dead code

commit 1e7398a1 ("vhost: enable vhost without without MSI-X"_
dropped the implementation of vhost_dev_query,
drop it from the header file as well.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>

mirror: Quiesce source during "mirror_exit"

With dataplane, the ioeventfd events could be dispatched after
mirror_run releases the dirty bitmap, but before mirror_exit actually
does the device switch, because the iothread will still be running, and
it will cause silent data loss.

Fix this by adding a bdrv_drained_begin/end pair around the window, so
that no new external request will be handled.

Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Jeff Cody <jcody@redhat.com>

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

* exec.c use after free
* Xen 32-on-64 breakage
* missing EINTR
* naughty warning under qtest

# gpg: Signature made Wed 02 Dec 2015 12:13:55 GMT using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"

* remotes/bonzini/tags/for-upstream:
  translate-all: ensure host page mask is always extended with 1's
  main-loop: suppress warnings under qtest
  qemu-char: retry g_poll on EINTR
  exec: Stop using memory after free

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'mreitz/tags/pull-block-for-kevin-2015-12-02' into queue-block

One block patch for qemu 2.5-rc3.

# gpg: Signature made Wed Dec 2 16:29:17 2015 CET using RSA key ID E838ACAD
# gpg: Good signature from "Max Reitz <mreitz@redhat.com>"

* mreitz/tags/pull-block-for-kevin-2015-12-02:
blkdebug: silence warning under qtest

Signed-off-by: Kevin Wolf <kwolf@redhat.com>

blkdebug: silence warning under qtest

make check always outputs warnings, this
is not nice. Disable blkdebug warnings under qtest.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 1448883874-17933-1-git-send-email-mst@redhat.com
Signed-off-by: Max Reitz <mreitz@redhat.com>

vhost-user: verify that number of queues is non-zero

Fix QEMU crash when -netdev type=vhost-user,queues=n is passed
with zero number of queues.

Signed-off-by: Victor Kaplansky <victork@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>

vhost-user-test: fix crash with glib < 2.36

The prepare callback needs to be implemented with glib < 2.36,
quoting glib documentation:
"Since 2.36 this may be NULL, in which case the effect is as if the
function always returns FALSE with a timeout of -1."

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

vhost-user-test: use unix port for migration

TCP port 1234 may be used by another process concurrently. Instead use a
temporary unix socket.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

vhost-user-test: fix chardriver race

vhost-user-tests uses a helper thread to dispatch the vhost-user servers
sources. However the CharDriverState is not thread-safe. Therefore, when
it's given to the thread, it shouldn't be manipulated concurrently.

We dispatch cleaning the server in an idle source. By the end of the
test, we ensure not to leave anything behind by joining the thread and
finishing the sources dispatch.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

qcow2: Fix potential qemu-img check crash on 32 bit hosts

This crash was caught with qemu-iotests test case 138.

Commit b6d36de already fixed a few 32 bit truncation bugs that could
cause qemu-img check to allocate too little memory and consequently
it would segfault. On 32 bit hosts, there is one more place that needs
to be fixed because size_t was involved in the calculation and is a
32 bit type there.

Cc: qemu-stable@nongnu.org
Reported-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Tested-by: Michael S. Tsirkin <mst@redhat.com>

translate-all: ensure host page mask is always extended with 1's

Anthony reported that >4GB guests on Xen with 32bit QEMU broke after
commit 4ed023c ("Round up RAMBlock sizes to host page sizes", 2015-11-05).

In that patch sizes are masked against qemu_host_page_size/mask which
are uintptr_t, and thus 32bit on a 32bit QEMU, even though the ram space
might be bigger than 4GB on Xen.

Since ram_addr_t is not available on user-mode emulation targets, ensure
that we get a sign extension when masking away the low bits of the address.
Remove the ~10 year old scary comment that the type of these variables
is probably wrong, with another equally scary comment. The new comment
however does not have "???" in it, which is arguably an improvement.

For completeness use the alignment macros in linux-user and bsd-user
instead of manually doing an &. linux-user and bsd-user are not affected
by the Xen issue, however.

Reviewed-by: Juan Quintela <quintela@redhat.com>
Reported-by: Anthony PERARD <anthony.perard@citrix.com>
Fixes: 4ed023ce2a39ab5812d33cf4d819def168965a7f
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

main-loop: suppress warnings under qtest

commit 01c22f2cdd4fcf02276ea10f48253850a5fd7259 ("main-loop: Suppress
"I/O thread spun" warnings for qtest") doesn't actually disable the
warning for everyone since some tests don't run under the qtest
accelerator.

Check qtest_driver instead.

Cc: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Message-Id: <1448882964-22433-1-git-send-email-mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

qemu-char: retry g_poll on EINTR

This is a case where pty_chr_update_read_handler_locked's lack
of error checking can produce incorrect values. We are not using
SIGUSR1 anymore, so this is quite theoretical, but easy to fix.

Reported-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

exec: Stop using memory after free

memory_region_unref(mr) can free memory.

For example I got:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f43280d4700 (LWP 4462)]
0x00007f43323283c0 in phys_section_destroy (mr=0x7f43259468b0)
    at /home/don/xen/tools/qemu-xen-dir/exec.c:1023
1023        if (mr->subpage) {
(gdb) bt
    at /home/don/xen/tools/qemu-xen-dir/exec.c:1023
    at /home/don/xen/tools/qemu-xen-dir/exec.c:1034
    at /home/don/xen/tools/qemu-xen-dir/exec.c:2205
(gdb) p mr
$1 = (MemoryRegion *) 0x7f43259468b0

And this change prevents this.

Signed-off-by: Don Slutz <Don.Slutz@Gmail.com>
Message-Id: <1448921464-21845-1-git-send-email-Don.Slutz@Gmail.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20151201' into staging

Last minute fix

# gpg: Signature made Tue 01 Dec 2015 22:37:25 GMT using RSA key ID 4DD0279B
# gpg: Good signature from "Richard Henderson <rth7680@gmail.com>"
# gpg:                 aka "Richard Henderson <rth@redhat.com>"
# gpg:                 aka "Richard Henderson <rth@twiddle.net>"

* remotes/rth/tags/pull-tcg-20151201:
  tcg: Increase the highwater reservation

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

tcg: Increase the highwater reservation

If there are a lot of guest memory ops in the TB, the amount of
code generated by tcg_out_tb_finalize could be well more than 1k.
In the short term, increase the reservation larger than any TB
seen in practice.

Reported-by: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Tested-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Richard Henderson <rth@twiddle.net>

ui/cocoa.m: Prevent activation clicks from going to guest

When QEMU is brought to the foreground, the click event that activates QEMU
should not go to the guest. Accidents happen when they do go to the guest
without giving the user a chance to handle them. In particular, if the
guest input device is not an absolute-position one then the location of
the guest cursor (and thus the click) will likely not be the location of
the host cursor when it is clicked, and could be completely obscured
below another window. Don't send mouse clicks to QEMU unless the
window either has focus or has grabbed mouse events.

Reported-by: John Arbuckle <programmingkidx@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: John Arbuckle <programmingkidx@gmail.com>
Message-id: 1448551168-13196-1-git-send-email-peter.maydell@linaro.org

Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20151201' into staging

Last round of s390x fixes for 2.5:
- The bios should be built for the first z machine, so that newer
  instructions don't creep in.
- Silence annoying message when running make check.
- Fix a problem with the pci iommu exposed by recent changes.

# gpg: Signature made Tue 01 Dec 2015 08:59:42 GMT using RSA key ID C6F02FAF
# gpg: Good signature from "Cornelia Huck <huckc@linux.vnet.ibm.com>"
# gpg:                 aka "Cornelia Huck <cornelia.huck@de.ibm.com>"

* remotes/cohuck/tags/s390x-20151201:
  s390x/pci: fix up IOMMU size
  s390x: no deprecation warning while testing
  pc-bios/s390-ccw: rebuild image
  pc-bios/s390-ccw: build for z900

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

s390x/pci: fix up IOMMU size

Present code uses @size==UINT64_MAX to initialize IOMMU. It infers that it
can map any 64-bit IOVA whatsoever. But in fact, the largest DMA range for
each PCI Device on s390x is from ZPCI_SDMA_ADDR to ZPCI_EDMA_ADDR. The largest
value is returned from hardware, which is to indicate the largest range
hardware can support. But the real IOMMU size for specific PCI Device is
obtained once qemu intercepts mpcifc instruction that guest is requesting a
DMA range for that PCI Device. Therefore, before intercepting mpcifc instruction,
qemu cannot be aware of the size of IOMMU region that guest will use.

Moreover, iommu replay during device initialization for the whole region in
4k steps takes a very long time.

In conclusion, this patch intializes IOMMU region for each PCI Device when
intercept mpcifc instruction which is to register DMA range for the PCI Device.
And then, destroy IOMMU region when guest wants to deregister IOAT.

Signed-off-by: Yi Min Zhao <zyimin@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>

s390x: no deprecation warning while testing

'make check' tries to start all available machines; the deprecation
message for the s390-virtio machine is both useless and annoying
there. Silence it while testing.

Reported-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>

pc-bios/s390-ccw: rebuild image

Contains:
- pc-bios/s390-ccw: build for z900

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>

pc-bios/s390-ccw: build for z900

Newer distributions have an architecture level set to z9, z196
or similar - also as default option for the compiler.

We should build the bios for z900 to allow it to run with
all 64bit CPUs. This will become more important as soon as
QEMU/KVM does support CPU models.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Reviewed-By: Sascha Silbe <silbe@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>

Merge remote-tracking branch 'remotes/gkurz/tags/for-upstream' into staging

Two fixes for virtfs/9p from Paolo.

# gpg: Signature made Mon 30 Nov 2015 14:10:47 GMT using DSA key ID 0101DBC2
# gpg: Good signature from "Greg Kurz <gkurz@fr.ibm.com>"
# gpg:                 aka "Greg Kurz <groug@free.fr>"
# gpg:                 aka "Greg Kurz <gkurz@linux.vnet.ibm.com>"
# gpg:                 aka "Gregory Kurz (Groug) <groug@free.fr>"
# gpg:                 aka "Gregory Kurz (Cimai Technology) <gkurz@cimai.com>"
# gpg:                 aka "Gregory Kurz (Meiosys Technology) <gkurz@meiosys.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 2BD4 3B44 535E C0A7 9894  DBA2 02FC 3AEB 0101 DBC2

* remotes/gkurz/tags/for-upstream:
  virtio-9p: use QEMU thread pool
  fsdev-proxy-helper: avoid TOC/TOU race

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.5-20151130' into staging

ppc patch queue for qemu-2.5 20151130

target-ppc and related bugfix patches for qemu-2.5

I don't have the facilities to test the Macintosh and BookE related
patches.  I've sanity checked them (inspection + make check), but I'm
otherwise relying on the submitters.

# gpg: Signature made Mon 30 Nov 2015 08:42:01 GMT using RSA key ID 20D9B392
# gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>"
# gpg:                 aka "David Gibson (Red Hat) <dgibson@redhat.com>"
# gpg:                 aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 B392

* remotes/dgibson/tags/ppc-for-2.5-20151130:
  target-ppc/fpu_helper: fix FPSCR_FX bit shift operation
  target-ppc: Move the FPSCR bit update macros to cpu.h
  hw/ppc/ppc405_boards: Fix infinite recursion by converting taihu_cpld from old_mmio
  hw/ppc/spapr: Remove duplicated "pseries" alias
  mac_dbdma: always initialize channel field in DBDMA_channel

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/weil/tags/pull-wxx-20151130' into staging

wxx patch queue

# gpg: Signature made Mon 30 Nov 2015 05:48:33 GMT using RSA key ID 677450AD
# gpg: Good signature from "Stefan Weil <sw@weilnetz.de>"
# gpg:                 aka "Stefan Weil <stefan.weil@weilnetz.de>"
# gpg:                 aka "Stefan Weil <stefan.weil@bib.uni-mannheim.de>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 4923 6FEA 75C9 5D69 8EC2  B78A E08C 21D5 6774 50AD

* remotes/weil/tags/pull-wxx-20151130:
  w32: Use gcc option -mthreads
  oslib-win32: Change return type of function getpagesize
  trace/simple: Fix warning and wrong trace file name for MinGW

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

virtio-9p: use QEMU thread pool

The QEMU thread pool already has a mechanism to invoke callbacks in the main
thread. It does not need an EventNotifier and it is more efficient too.
Use it instead of GAsyncQueue + GThreadPool + glue.

As a side effect, it silences Coverity's complaint about an unchecked
return value for event_notifier_init.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
(removed no more needed #include <glib.h> from virtio-9p-coth.h)
Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>

fsdev-proxy-helper: avoid TOC/TOU race

There is a minor time of check/time of use race between statfs and chroot.
It can be fixed easily by stat-ing the root after it has been changed.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>

target-ppc/fpu_helper: fix FPSCR_FX bit shift operation

Currently in TCG mode, updating floating exception
summary bit (FPSCR_FX) in fpscr also updates
the upper 32bits of fpscr with all 1s.
Modify the bit shift operation statement to use
1ULL instead.

Signed-off-by: Madhavan Srinivasan <maddy@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

target-ppc: Move the FPSCR bit update macros to cpu.h

Move the FPSCR bit update macros defined in dfp_helper
to cpu.h. This way, fpu_helper functions can also use them

Signed-off-by: Madhavan Srinivasan <maddy@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

hw/ppc/ppc405_boards: Fix infinite recursion by converting taihu_cpld from old_mmio

The taihu_cpld_writel() function had an obvious typo that meant that
if it was ever called it would go into an infinite recursion. Newer
versions of clang will detect and warn about this:
hw/ppc/ppc405_boards.c:481:1: warning: all paths through this function will call itself [-Winfinite-recursion]

Fix this by converting taihu_cpld from the legacy old_mmio accessors
to new-style ones, with an impl {} declaration to cause the core
memory code to do the splitting of 16 bit and 32 bit accesses into
multiple 8-bit accesses.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

hw/ppc/spapr: Remove duplicated "pseries" alias

The "pseries" alias is currently set twice, one time for the
pseries-2.4 machine and one time for the "pseries-2.5" machine.
To avoid confusion with the alias, let's remove the one from
the older machine class. And while we're at it, also remove
the "is_default = 0" there since the is_default variable
should be set to zero by default already.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

mac_dbdma: always initialize channel field in DBDMA_channel

dbdma_from_ch() uses channel field to return the right DBDMA object.
Previous code was working if guest OS was only using registered DMA channels.
However, it lead to QEMU crashes if guest OS was using unregistered DMA channels.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

w32: Use gcc option -mthreads

QEMU uses threads / coroutines, therefore support for thread local storage
and thread safe libraries (-D_MT) must be enabled by using -mthreads.

Signed-off-by: Stefan Weil <sw@weilnetz.de>

oslib-win32: Change return type of function getpagesize

getpagesize on Linux returns an int. Fix QEMU's implementation for
Windows to return an int (instead of size_t), too.

This fixes a compiler warning which was introduced recently
(commit 093e3c42).

Signed-off-by: Stefan Weil <sw@weilnetz.de>

trace/simple: Fix warning and wrong trace file name for MinGW

On Windows, getpid() always returns an int value, but pid_t (which is
expected by the format string) is either a 32 bit or a 64 bit value.

Without a type cast (or a modified format string), the compiler prints
a warning when building for 64 bit Windows and the resulting trace_file_name
will include a wrong pid:

trace/simple.c:332:9: warning:
format ‘%lld’ expects argument of type ‘long long int’,
but argument 2 has type ‘int’ [-Wformat=]

Signed-off-by: Stefan Weil <sw@weilnetz.de>

Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging

# gpg: Signature made Fri 27 Nov 2015 02:42:02 GMT using RSA key ID 398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F  3562 EF04 965B 398D 6211

* remotes/jasowang/tags/net-pull-request:
  tap-win32: disable broken async write path
  tap-win32: skip unexpected nodes during registry enumeration
  eepro100: Prevent two endless loops

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

tap-win32: disable broken async write path

The code under the TUN_ASYNCHRONOUS_WRITES path makes two incorrect
assumptions about the behaviour of the WriteFile API for overlapped
file handles. First, WriteFile does not update the
lpNumberOfBytesWritten parameter when the write completes
asynchronously (the number of bytes written is known only when the
operation completes). Second, the buffer shouldn't be touched (or
freed) until the operation completes. This led to at least one bug
where tap_win32_write returned zero bytes written, which in turn
caused further writes ("receives") to be disabled for that device.

This change disables the asynchronous write path, while keeping most
of the code around in case someone sees value in resurrecting it. It
also adds some conditional debug output, similar to the read path.

Signed-off-by: Andrew Baumann <Andrew.Baumann@microsoft.com>
Acked-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Jason Wang <jasowang@redhat.com>

tap-win32: skip unexpected nodes during registry enumeration

In order to find a named tap device, get_device_guid() enumerates children of
HKLM\SYSTEM\CCS\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
(aka NETWORK_CONNECTIONS_KEY). For each child, it then looks for a
"Connection" subkey, but if this key doesn't exist, it aborts the
entire search. This was observed to fail on at least one Windows 10
machine, where there is an additional child of NETWORK_CONNECTIONS_KEY
(named "Descriptions"). Since registry enumeration doesn't guarantee
any particular sort order, we should continue to search for matching
children rather than aborting the search.

Signed-off-by: Andrew Baumann <Andrew.Baumann@microsoft.com>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Jason Wang <jasowang@redhat.com>

eepro100: Prevent two endless loops

http://lists.nongnu.org/archive/html/qemu-devel/2015-11/msg04592.html
shows an example how an endless loop in function action_command can
be achieved.

During my code review, I noticed a 2nd case which can result in an
endless loop.

Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Jason Wang <jasowang@redhat.com>

Update version for v2.5.0-rc2 release

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

vhost, pc: fixes for 2.5

Minor vhost fixes.  HW version tweak for PC.
Documentation and test updates.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Thu 26 Nov 2015 16:40:25 GMT using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"

* remotes/mst/tags/for_upstream:
  vhost-user-test: fix migration overlap test
  Fix memory leak on error
  Revert "vhost: send SET_VRING_ENABLE at start/stop"
  tests/vhost-user-bridge: read command line arguments
  tests/vhost-user-bridge: propose GUEST_ANNOUNCE feature
  vhost-user: clarify start and enable
  vhost-user: set link down when the char device is closed
  pc: Don't set hw_version on pc-*-2.5
  osdep: Change default value of qemu_hw_version() to "2.5+"

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

vhost-user-test: fix migration overlap test

During migration, source does GET_BASE, destination does SET_BASE.
Use that as opposed to fds being configured to detect
vhost user running on both source and destination.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

Merge remote-tracking branch 'remotes/armbru/tags/pull-monitor-2015-11-26' into staging

QMP and QObject patches

# gpg: Signature made Thu 26 Nov 2015 09:07:18 GMT using RSA key ID EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>"

* remotes/armbru/tags/pull-monitor-2015-11-26:
  qjson: Limit number of tokens in addition to total size
  qjson: surprise, allocating 6 QObjects per token is expensive
  qjson: store tokens in a GQueue
  qjson: Convert to parser to recursive descent
  qjson: replace QString in JSONLexer with GString
  qjson: Inline token_is_escape() and simplify
  qjson: Inline token_is_keyword() and simplify
  qjson: Give each of the six structural chars its own token type
  qjson: Spell out some silent assumptions
  check-qjson: Add test for JSON nesting depth limit
  qjson: Don't crash when input exceeds nesting limit
  qjson: Apply nesting limit more sanely
  monitor: Plug memory leak on QMP error

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

Small patches, without the one that introduces -fwrapv.

# gpg: Signature made Thu 26 Nov 2015 15:48:53 GMT using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"

* remotes/bonzini/tags/for-upstream:
  target-i386: kvm: Print warning when clearing mcg_cap bits
  target-i386: kvm: Use env->mcg_cap when setting up MCE
  target-i386: kvm: Abort if MCE bank count is not supported by host
  virtio-scsi: don't crash without a valid device
  target-sparc: fix 32-bit truncation in fpackfix
  exec: remove warning about mempath and hugetlbfs
  Revert "exec: silence hugetlbfs warning under qtest"
  call bdrv_drain_all() even if the vm is stopped
  MAINTAINERS: Update TCG CPU cores section

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target-i386: kvm: Print warning when clearing mcg_cap bits

Instead of silently clearing mcg_cap bits when the host doesn't
support them, print a warning when doing that.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
[Avoid \n at end of error_report. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <1448471956-66873-10-git-send-email-pbonzini@redhat.com>

target-i386: kvm: Use env->mcg_cap when setting up MCE

When setting up MCE, instead of using the MCE_*_DEF macros
directly, just filter the existing env->mcg_cap value.

As env->mcg_cap is already initialized as
MCE_CAP_DEF|MCE_BANKS_DEF at target-i386/cpu.c:mce_init(), this
doesn't change any behavior. But it will allow us to change
mce_init() in the future, to implement different defaults
depending on CPU model, machine-type or command-line parameters.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <1448471956-66873-9-git-send-email-pbonzini@redhat.com>

target-i386: kvm: Abort if MCE bank count is not supported by host

Instead of silently changing the number of banks in mcg_cap based
on kvm_get_mce_cap_supported(), abort initialization if the host
doesn't support MCE_BANKS_DEF banks.

Note that MCE_BANKS_DEF was always 10 since it was introduced in
QEMU, and Linux always returned 32 at KVM_CAP_MCE since
KVM_CAP_MCE was introduced, so no behavior is being changed and
the error can't be triggered by any Linux version. The point of
the new check is to ensure we won't silently change the bank
count if we change MCE_BANKS_DEF or make the bank count
configurable in the future.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
[Avoid Yoda condition and \n at end of error_report. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <1448471956-66873-8-git-send-email-pbonzini@redhat.com>

virtio-scsi: don't crash without a valid device

Make sure that we actually have a device when checking the aio
context. Otherwise guests could trigger QEMU crashes.

Signed-off-by: "Eugene (jno) Dvurechenski" <jno@linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Message-Id: <1448549135-6582-2-git-send-email-jno@linux.vnet.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target-sparc: fix 32-bit truncation in fpackfix

This is reported by Coverity. The algorithm description at
ftp://ftp.icm.edu.pl/packages/ggi/doc/hw/sparc/Sparc.pdf suggests
that the 32-bit parts of rs2, after the left shift, is treated
as a 64-bit integer. Bits 32 and above are used to do the
saturating truncation.

Message-Id: <1446473134-4330-1-git-send-email-pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

exec: remove warning about mempath and hugetlbfs

The gethugepagesize() method in exec.c printed a warning if
the file path for "-mem-path" or "-object memory-backend-file"
was not on a hugetlbfs filesystem. This warning is bogus, because
QEMU functions perfectly well with the path on a regular tmpfs
filesystem. Use of hugetlbfs vs tmpfs is a choice for the management
application or end user to make as best fits their needs. As such it
is inappropriate for QEMU to have an opinion on whether the user's
choice is right or wrong in this case.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <1448448749-1332-3-git-send-email-berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Revert "exec: silence hugetlbfs warning under qtest"

This reverts commit 1c7ba94a184df1eddd589d5400d879568d3e5d08.

That commit changed QEMU initialization order from

- object-initial, chardev, qtest, object-late

to

- chardev, qtest, object-initial, object-late

This breaks chardev setups which need to rely on objects
having been created. For example, when chardevs use TLS
encryption in the future, they need to have tls credential
objects created first.

This revert, restores the ordering introduced in

  commit f08f9271bfe3f19a5eb3d7a2f48532065304d5c8
  Author: Daniel P. Berrange <berrange@redhat.com>
  Date:   Wed May 13 17:14:04 2015 +0100

    vl: Create (most) objects before creating chardev backends

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <1448448749-1332-2-git-send-email-berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

call bdrv_drain_all() even if the vm is stopped

There are still I/O operations when the vm is stopped. For example,
stop the vm, and do block migration. In this case, we don't drain all
I/O operation, and may meet the following problem:

qemu-system-x86_64: migration/block.c:731: block_save_complete: Assertion `block_mig_state.submitted == 0' failed.

Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
Message-Id: <564EE92E.4070701@cn.fujitsu.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Fix memory leak on error

hw/ppc/spapr.c: Fix memory leak on error, it was introduced in bc09e0611
hw/acpi/memory_hotplug.c: Fix memory leak on error, it was introduced in 34f2af3d

Signed-off-by: Stefano Dong (董兴水) <opensource.dxs@aliyun.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

Merge remote-tracking branch 'remotes/kraxel/tags/pull-vnc-20151126-1' into staging

vnc: fix segfault

# gpg: Signature made Thu 26 Nov 2015 07:37:43 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-vnc-20151126-1:
  vnc: fix segfault

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/mdroth/tags/qga-pull-2015-11-25-v2-tag' into staging

qemu-ga patch queue for 2.5

* include additional w32 MSI install components needed for
  guest-exec
* fix 'make install' when compiling with --disable-tools
* fix potential data corruption/loss when accessing files
  bi-directionally via guest-file-{read,write}
* explicitly document how integer args for guest-file-seek map to
  SEEK_SET/SEEK_CUR/etc to avoid platform-specific differences

v2:
* fixed missing SoB

# gpg: Signature made Wed 25 Nov 2015 23:58:45 GMT using RSA key ID F108B584
# gpg: Good signature from "Michael Roth <flukshun@gmail.com>"
# gpg:                 aka "Michael Roth <mdroth@utexas.edu>"
# gpg:                 aka "Michael Roth <mdroth@linux.vnet.ibm.com>"

* remotes/mdroth/tags/qga-pull-2015-11-25-v2-tag:
  qga: added another non-interactive gspawn() helper file.
  qga: Better mapping of SEEK_* in guest-file-seek
  tests: add file-write-read test
  qga: flush explicitly when needed
  qga: gspawn() console helper to Windows guest agent msi build
  makefile: fix qemu-ga make install for --disable-tools

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Revert "vhost: send SET_VRING_ENABLE at start/stop"

This reverts commit 3a12f32229a046f4d4ab0a3a52fb01d2d5a1ab76.

In case of live migration several queues can be enabled and not only the
first one. So informing backend that only the first queue is enabled is
wrong.

Reported-by: Thibaut Collet <thibaut.collet@6wind.com>
Cc: Yuanhan Liu <yuanhan.liu@linux.intel.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>

Merge remote-tracking branch 'remotes/jnsnow/tags/ide-pull-request' into staging

# gpg: Signature made Wed 25 Nov 2015 20:25:21 GMT using RSA key ID AAFC390E
# gpg: Good signature from "John Snow (John Huston) <jsnow@redhat.com>"

* remotes/jnsnow/tags/ide-pull-request:
  ide-test: fix timeouts
  atapi: Fix code indentation
  atapi: Account for failed and invalid operations in cd_read_sector()
  ide-test: cdrom_pio_impl fixup

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

qjson: Limit number of tokens in addition to total size

Commit 29c75dd "json-streamer: limit the maximum recursion depth and
maximum token count" attempts to guard against excessive heap usage by
limiting total token size (it says "token count", but that's a lie).

Total token size is a rather imprecise predictor of heap usage: many
small tokens use more space than few large tokens with the same input
size, because there's a constant per-token overhead: 37 bytes on my
system.

Tighten this up: limit the token count to 2Mi. Chosen to roughly
match the 64MiB total token size limit.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <1448486613-17634-13-git-send-email-armbru@redhat.com>

qjson: surprise, allocating 6 QObjects per token is expensive

Replace the contents of the tokens GQueue with a simple struct. This cuts
the amount of memory allocated by tests/check-qjson from ~500MB to ~20MB,
and the execution time from 600ms to 80ms on my laptop. Still a lot (some
could be saved by using an intrusive list, such as QSIMPLEQ, instead of
the GQueue), but the savings are already massive and the right thing to
do would probably be to get rid of json-streamer completely.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <1448300659-23559-5-git-send-email-pbonzini@redhat.com>
[Straightforwardly rebased on my patches]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>

qjson: store tokens in a GQueue

Even though we still have the "streamer" concept, the tokens can now
be deleted as they are read. While doing so convert from QList to
GQueue, since the next step will make tokens not a QObject and we
will have to do the conversion anyway.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <1448300659-23559-4-git-send-email-pbonzini@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>

qjson: Convert to parser to recursive descent

We backtrack in parse_value(), even though JSON is LL(1) and thus can
be parsed by straightforward recursive descent. Do exactly that.

Based on an almost-correct patch from Paolo Bonzini.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1448486613-17634-10-git-send-email-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>

qjson: replace QString in JSONLexer with GString

JSONLexer only needs a simple resizable buffer. json-streamer.c
can allocate memory for each token instead of relying on reference
counting of QStrings.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <1448300659-23559-2-git-send-email-pbonzini@redhat.com>
[Straightforwardly rebased on my patches, checkpatch made happy]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>

qjson: Inline token_is_escape() and simplify

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1448486613-17634-8-git-send-email-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>

qjson: Inline token_is_keyword() and simplify

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1448486613-17634-7-git-send-email-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>

qjson: Give each of the six structural chars its own token type

Simplifies things, because we always check for a specific one.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1448486613-17634-6-git-send-email-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>

qjson: Spell out some silent assumptions

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1448486613-17634-5-git-send-email-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>

check-qjson: Add test for JSON nesting depth limit

This would have prevented the regression mentioned in the previous
commit.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <1448486613-17634-4-git-send-email-armbru@redhat.com>

qjson: Don't crash when input exceeds nesting limit

We limit nesting depth and input size to defend against input
triggering excessive heap or stack memory use (commit 29c75dd
json-streamer: limit the maximum recursion depth and maximum token
count). However, when the nesting limit is exceeded,
parser_context_peek_token()'s assertion fails.

Broken in commit 65c0f1e "json-parser: don't replicate tokens at each
level of recursion".

To reproduce stuff 1025 open braces or brackets into QMP.

Fix by taking the error exit instead of the normal one.

Reported-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <1448486613-17634-3-git-send-email-armbru@redhat.com>

qjson: Apply nesting limit more sanely

The nesting limit from commit 29c75dd "json-streamer: limit the
maximum recursion depth and maximum token count" applies separately to
braces and brackets. This makes no sense. Apply it to their sum,
because that's actually a measure of recursion depth.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <1448486613-17634-2-git-send-email-armbru@redhat.com>

monitor: Plug memory leak on QMP error

Leak introduced in commit 8a4f501..710aec9, v2.4.0.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1446117309-15322-1-git-send-email-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com>

vnc: fix segfault

Commit "c7628bf vnc: only alloc server surface with clients connected"
missed one rarely used codepath (cirrus with guest drivers using 2d
accel) where we have to check for the server surface being present,
to avoid qemu crashing with a NULL pointer dereference. Add the check.

Reported-by: Anthony PERARD <anthony.perard@citrix.com>
Tested-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

qga: added another non-interactive gspawn() helper file.

With previous commit we added gspawn-win64-helper-console.exe,
required for gspawn() mingw implementation.
Unfortunatly when running as a service without interactive
desktop, gspawn() also requires another helper app.

Added gspawn-win64-helper.exe and gspawn-win32-helper.exe
for corresponding architectures.

Signed-off-by: Yuri Pudgorodskiy <yur@virtuozzo.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Michael Roth <mdroth@linux.vnet.ibm.com>
* remove trailing whitespace
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

qga: Better mapping of SEEK_* in guest-file-seek

Exposing OS-specific SEEK_ constants in our qapi was a mistake
(if the host has SEEK_CUR as 1, but the guest has it as 2, then
the semantics are unclear what should happen); if we had a time
machine, we would instead expose only a symbolic enum. It's too
late to change the fact that we have an integer in qapi, but we
can at least document what mapping we want to enforce for all
qga clients (and luckily, it happens to be the mapping that both
Linux and Windows use); then fix the code to match that mapping.
It also helps us filter out unsupported SEEK_DATA and SEEK_HOLE.

In the future, we may wish to move our QGA_SEEK_* constants into
qga/qapi-schema.json, along with updating the schema to take an
alternate type (either the integer, or the string value of the
enum name) - but that's too much risk during hard freeze.

Signed-off-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

tests: add file-write-read test

This test exhibits a POSIX behaviour regarding switching between write
and read. It's undefined result if the application doesn't ensure a
flush between the two operations (with glibc, the flush can be implicit
when the buffer size is relatively small). The previous commit fixes
this test.

Related to:
https://bugzilla.redhat.com/show_bug.cgi?id=1210246

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

qga: flush explicitly when needed

According to the specification:
http://pubs.opengroup.org/onlinepubs/9699919799/functions/fopen.html

"the application shall ensure that output is not directly followed by
input without an intervening call to fflush() or to a file positioning
function (fseek(), fsetpos(), or rewind()), and input is not directly
followed by output without an intervening call to a file positioning
function, unless the input operation encounters end-of-file."

Without this change, an fwrite() followed by an fread() may lose the
previously written content, as shown in the following test.

Fixes:
https://bugzilla.redhat.com/show_bug.cgi?id=1210246

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
* don't confuse {write,read}() with f{write,read}() in
commit msg (Laszlo)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>