Peter Maydell [Tue, 22 Jul 2014 12:16:04 +0000 (13:16 +0100)]
Merge remote-tracking branch 'remotes/amit-virtio-rng/for-2.1' into staging
* remotes/amit-virtio-rng/for-2.1:
virtio-rng: Add human-readable error message for negative max-bytes parameter
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
John Snow [Mon, 21 Jul 2014 21:44:37 +0000 (17:44 -0400)]
virtio-rng: Add human-readable error message for negative max-bytes parameter
If a negative integer is used for the max_bytes parameter, QEMU currently
calls abort() and leaves behind a core dump. This patch replaces the
abort with a simple error message to make the reason for the termination
clearer. This also ensures device-hotplug with invalid input doesn't
cause qemu to quit.
There is an underlying insufficiency in the parameter parsing code of QEMU
that renders it unable to reject negative values for unsigned properties,
thus the error message "a non-negative integer below 2^63" is the most
user-friendly and correct message we can give until the underlying
insufficiency is corrected.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Peter Maydell [Tue, 22 Jul 2014 11:03:44 +0000 (12:03 +0100)]
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
One of the two pending migration fix, and a small KVM patch.
# gpg: Signature made Tue 22 Jul 2014 11:49:30 BST using RSA key ID
9B4D86F2
# gpg: Can't check signature: public key not found
* remotes/bonzini/tags/for-upstream:
kvm-all: Use 'tmpcpu' instead of 'cpu' in sub-looping to avoid 'cpu' be NULL
exec: fix migration with devices that use address_space_rw
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Chen Gang [Sat, 19 Jul 2014 01:21:46 +0000 (09:21 +0800)]
kvm-all: Use 'tmpcpu' instead of 'cpu' in sub-looping to avoid 'cpu' be NULL
If kvm_arch_remove_sw_breakpoint() in CPU_FOREACH() always be fail, it
will let 'cpu' NULL. And the next kvm_arch_remove_sw_breakpoint() in
QTAILQ_FOREACH_SAFE() will get NULL parameter for 'cpu'.
And kvm_arch_remove_sw_breakpoint() can assumes 'cpu' must never be NULL,
so need define additional temporary variable for 'cpu' to avoid the case.
Cc: qemu-stable@nongnu.org
Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Mon, 21 Jul 2014 14:45:18 +0000 (16:45 +0200)]
exec: fix migration with devices that use address_space_rw
Devices that use address_space_rw to write large areas to memory
(as opposed to address_space_map/unmap) were broken with respect
to migration since fe680d0 (exec: Limit translation limiting in
address_space_translate to xen, 2014-05-07). Such devices include
IDE CD-ROMs.
The reason is that invalidate_and_set_dirty (called by address_space_rw
but not address_space_map/unmap) was only setting the dirty bit for
the first page in the translation.
To fix this, introduce cpu_physical_memory_set_dirty_range_nocode that
is the same as cpu_physical_memory_set_dirty_range except it does not
muck with the DIRTY_MEMORY_CODE bitmap. This function can be used if
the caller invalidates translations with tb_invalidate_phys_page_range.
There is another difference between cpu_physical_memory_set_dirty_range
and cpu_physical_memory_set_dirty_flag; the former includes a call
to xen_modified_memory. This is handled separately in
invalidate_and_set_dirty, and is not needed in other callers of
cpu_physical_memory_set_dirty_range_nocode, so leave it alone.
Just one nit: now that invalidate_and_set_dirty takes care of handling
multiple pages, there is no need for address_space_unmap to wrap it
in a loop. In fact that loop would now be O(n^2).
Reported-by: Dave Gilbert <dgilbert@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Peter Maydell [Mon, 21 Jul 2014 17:06:12 +0000 (18:06 +0100)]
Merge remote-tracking branch 'remotes/afaerber/tags/qom-devices-for-2.1' into staging
QOM and device refactorings
* Machine: Property name fixups for 2.1 ABI
# gpg: Signature made Mon 21 Jul 2014 18:00:23 BST using RSA key ID
3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg: aka "Andreas Färber <afaerber@suse.com>"
* remotes/afaerber/tags/qom-devices-for-2.1:
machine: Replace underscores in machine's property names
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Marcel Apfelbaum [Fri, 18 Jul 2014 16:32:37 +0000 (19:32 +0300)]
machine: Replace underscores in machine's property names
Replaced '_' with '-' to comply with QOM guidelines.
Made the conversion from command line to QMP in vl.c.
Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Peter Maydell [Fri, 18 Jul 2014 15:59:29 +0000 (16:59 +0100)]
Merge remote-tracking branch 'remotes/mjt/tags/trivial-patches-2014-07-18' into staging
trivial patches for 2014-07-18
# gpg: Signature made Fri 18 Jul 2014 15:04:43 BST using RSA key ID
A4C3D7DB
# gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>"
# gpg: aka "Michael Tokarev <mjt@corpit.ru>"
# gpg: aka "Michael Tokarev <mjt@debian.org>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5
# Subkey fingerprint: 6F67 E18E 7C91 C5B1 5514 66A7 BEE5 9D74 A4C3 D7DB
* remotes/mjt/tags/trivial-patches-2014-07-18:
tests: Add missing 'static' attributes (fix warnings from smatch)
migration: Add missing 'static' attribute
qga: Add missing 'static' attribute
hw/usb: Add missing 'static' attribute
doc: slirp supports ICMP echo if enabled in Linux
qemu-img: Remove redundancy "ret = -1"
Fix new typos in comments (found by codespell)
slirp: Give error message if hostfwd_add/remove for unrecognized vlan/stack
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Fri, 18 Jul 2014 13:46:53 +0000 (14:46 +0100)]
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
Andreas's fixes to --enable-modules, two 2.1 regression fixes, and a
new qtest. Michael sent a pull request of his own, so I dropped
the vhost changes.
# gpg: Signature made Fri 18 Jul 2014 14:30:34 BST using RSA key ID
9B4D86F2
# gpg: Can't check signature: public key not found
* remotes/bonzini/tags/for-upstream:
Revert "kvmclock: Ensure time in migration never goes backward"
Revert "kvmclock: Ensure proper env->tsc value for kvmclock_current_nsec calculation"
module: Don't complain when a module is absent
module: Simplify module_load()
qtest: new test for wdt_ib700
target-i386: Allow execute from user mode when SMEP is enabled.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Stefan Weil [Mon, 7 Jul 2014 19:03:38 +0000 (21:03 +0200)]
tests: Add missing 'static' attributes (fix warnings from smatch)
Smatch also complains about 0 used for pointers, so replace those by
NULL in test-visitor-serialization.c, too.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Stefan Weil [Mon, 7 Jul 2014 19:09:30 +0000 (21:09 +0200)]
migration: Add missing 'static' attribute
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Stefan Weil [Mon, 7 Jul 2014 19:07:29 +0000 (21:07 +0200)]
qga: Add missing 'static' attribute
This fixes a warning from the static code analysis (smatch).
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Stefan Weil [Mon, 7 Jul 2014 19:05:30 +0000 (21:05 +0200)]
hw/usb: Add missing 'static' attribute
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Gernot Hillier [Thu, 10 Jul 2014 14:01:25 +0000 (16:01 +0200)]
doc: slirp supports ICMP echo if enabled in Linux
Since QEMU 0.15, slirp (user mode networking) supports ping to the
Internet, see
e6d43cfb1f9
Signed-off-by: Gernot Hillier <gernot.hillier@siemens.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Chen Gang [Thu, 3 Jul 2014 15:57:15 +0000 (23:57 +0800)]
qemu-img: Remove redundancy "ret = -1"
In this case, 'ret' is already '-1', so need not do it again.
Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Stefan Weil [Mon, 7 Jul 2014 19:00:41 +0000 (21:00 +0200)]
Fix new typos in comments (found by codespell)
arbitary -> arbitrary
basicly -> basically
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Peter Maydell [Mon, 16 Jun 2014 15:47:11 +0000 (16:47 +0100)]
slirp: Give error message if hostfwd_add/remove for unrecognized vlan/stack
If the user specified a (vlan ID, slirp stack name) tuple in a monitor
hostfwd_add/remove command and we can't find it, give the user an
error message rather than silently doing nothing.
This brings this error case in slirp_lookup() into line with the
other two.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Paolo Bonzini [Tue, 15 Jul 2014 19:46:02 +0000 (21:46 +0200)]
Revert "kvmclock: Ensure time in migration never goes backward"
This reverts commit
a096b3a6732f846ec57dc28b47ee9435aa0609bf.
This patch caused a hang that was fixed by commit 9b17868 (kvmclock:
Ensure proper env->tsc value for kvmclock_current_nsec calculation,
2014-06-03), and we just had to revert that commit. Drop this one
too.
Cc: agraf@suse.de
Cc: mtosatti@redhat.com
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Tue, 15 Jul 2014 19:45:42 +0000 (21:45 +0200)]
Revert "kvmclock: Ensure proper env->tsc value for kvmclock_current_nsec calculation"
This reverts commit
9b1786829aefb83f37a8f3135e3ea91c56001b56.
This patch fixed a hang introduced by commit a096b3a (kvmclock: Ensure
time in migration never goes backward, 2014-05-16), but it causes
a regression in migration whose cause is not quite clear.
Because of this, I'm choosing to revert both patches. This trades a
2.1 regression for a bug that's been there forever.
Cc: agraf@suse.de
Cc: mtosatti@redhat.com
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Andreas Färber [Tue, 15 Jul 2014 14:04:26 +0000 (16:04 +0200)]
module: Don't complain when a module is absent
The current implementation depends on a configure-time generated list of
block modules. When any of them is absent, module_load() emits a warning.
This is suboptimal because extracting code to modules was mainly done to
allow separate packaging of modules with intrusive dependencies. Absence
of optional packages then leads to absence of modules and an error
message, which users may recognize as new and report as error.
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Andreas Färber [Tue, 15 Jul 2014 14:04:25 +0000 (16:04 +0200)]
module: Simplify module_load()
The file path is not used for error reporting, so we can free it
directly after use.
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Tue, 15 Jul 2014 12:57:06 +0000 (14:57 +0200)]
qtest: new test for wdt_ib700
Since the "pause" watchdog action had a regression and it went
unnoticed for a while, let's add a test for it.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Peter Maydell [Fri, 18 Jul 2014 12:47:22 +0000 (13:47 +0100)]
Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging
Block pull request
# gpg: Signature made Fri 18 Jul 2014 13:39:43 BST using RSA key ID
81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>"
* remotes/stefanha/tags/block-pull-request:
qemu-iotests: fix 028 failure due to disk image path
raw-posix: Fail gracefully if no working alignment is found
block: Add Error argument to bdrv_refresh_limits()
qcow2: Fix error path for unknown incompatible features
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Stefan Hajnoczi [Thu, 17 Jul 2014 18:09:39 +0000 (19:09 +0100)]
qemu-iotests: fix 028 failure due to disk image path
The disk image path is echoed by QEMU's readline when the "drive_backup
disk ${TEST_IMG}.copy" HMP command is issued. Unfortunately it is very
hard to filter out the path due to readline's character-by-character
output (with terminal escape sequences). Just redirect this command to
/dev/null for now.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Kevin Wolf [Wed, 16 Jul 2014 15:48:17 +0000 (17:48 +0200)]
raw-posix: Fail gracefully if no working alignment is found
If qemu couldn't find out what O_DIRECT alignment to use with a given
file, it would run into assert(bdrv_opt_mem_align(bs) != 0); in block.c
and confuse users. This adds a more descriptive error message for such
cases.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Kevin Wolf [Wed, 16 Jul 2014 15:48:16 +0000 (17:48 +0200)]
block: Add Error argument to bdrv_refresh_limits()
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Kevin Wolf [Thu, 17 Jul 2014 09:41:53 +0000 (11:41 +0200)]
qcow2: Fix error path for unknown incompatible features
qcow2's report_unsupported_feature() had two bugs: A 32 bit truncation
would prevent feature table entries for bits 32-63 from being used, and
it could assign errp multiple times if there was more than one unknown
feature, resulting in an error_set() assertion failure.
Fix the truncation, make sure to set the error exactly once and add a
qemu-iotests case for it.
This fixes https://bugs.launchpad.net/qemu/+bug/1342704/
Reported-by: Maria Kustova <maria.k@catit.be>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Peter Maydell [Fri, 18 Jul 2014 08:35:51 +0000 (09:35 +0100)]
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
pc,vhost,test fixes
Minor bugfixes all over the place.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Fri 18 Jul 2014 00:43:04 BST using RSA key ID
D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
* remotes/mst/tags/for_upstream:
vhost-user: minor cleanups
qtest: Adapt vhost-user-test to latest vhost-user changes
vhost-user: Fix VHOST_SET_MEM_TABLE processing
qtest: fix vhost-user-test compilation with old GLib
fix typo: apci -> acpi
pc_piix: Reuse pc_compat_1_2() for pc-0.1[0123]
pc: fix qemu exiting with error when -m X < 128 with old machines types
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Michael S. Tsirkin [Thu, 17 Jul 2014 23:22:24 +0000 (02:22 +0300)]
vhost-user: minor cleanups
assert to verify cast does not discard information
minor style fixup.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Nikolay Nikolaev [Sat, 12 Jul 2014 01:43:19 +0000 (04:43 +0300)]
qtest: Adapt vhost-user-test to latest vhost-user changes
A new field mmap_offset was added in the vhost-user message, we need to reflect
this change in the test too.
Signed-off-by: Nikolay Nikolaev <n.nikolaev@virtualopensystems.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Nikolay Nikolaev [Sat, 12 Jul 2014 01:42:35 +0000 (04:42 +0300)]
vhost-user: Fix VHOST_SET_MEM_TABLE processing
qemu_get_ram_fd doesn't accept a guest physical address. ram_addr_t are
opaque values that are assigned in qemu_ram_alloc.
Find the ram_addr_t corresponding to the userspace_addr using qemu_ram_addr_from_host,
and then call qemu_get_ram_fd on it.
Thanks to Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Nikolay Nikolaev <n.nikolaev@virtualopensystems.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Igor Mammedov [Tue, 8 Jul 2014 13:29:46 +0000 (15:29 +0200)]
pc: fix qemu exiting with error when -m X < 128 with old machine types
If machine doesn't support memory hotplug then starting QEMU
with initial memory less than default will make QEMU exit with
following error message:
$QEMU -m 16 -M isapc
qemu-system-i386: "-memory 'slots|maxmem'" is not supported by: isapc
Set maxram_size to initial memory value before parsing
'maxmem' option allows to keep maxmem in sync with initial
memory size if no maxmem option was specified.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
CC: Bruce Rogers <brogers@suse.com>
Reviewed-By: Bruce Rogers <brogers@suse.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
KONRAD Frederic [Tue, 15 Jul 2014 15:18:44 +0000 (17:18 +0200)]
cadence_uart: check for serial backend before using it.
This checks that s->chr is not NULL before using it.
Signed-off-by: KONRAD Frederic <fred.konrad@greensocs.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Thu, 17 Jul 2014 11:17:28 +0000 (12:17 +0100)]
Merge remote-tracking branch 'remotes/amit-migration/for-2.1' into staging
* remotes/amit-migration/for-2.1:
vmstate static checker: detect section renames
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Thu, 17 Jul 2014 10:18:51 +0000 (11:18 +0100)]
Merge remote-tracking branch 'remotes/amit/for-2.1' into staging
* remotes/amit/for-2.1:
virtio-serial-bus: keep port 0 reserved for virtconsole even on unplug
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Amit Shah [Mon, 14 Jul 2014 11:21:56 +0000 (16:51 +0530)]
virtio-serial-bus: keep port 0 reserved for virtconsole even on unplug
We keep port 0 reserved for compat with older guests, where only
virtio-console was expected. Even if a system is started without a
virtio-console port, port #0 is kept aside. However, after a
virtconsole port is unplugged, port id 0 became available, and the next
hotplug of a virtserialport caused failure due to it not being a console
port.
Steps to reproduce:
$ ./x86_64-softmmu/qemu-system-x86_64 -m 512 -cpu host -enable-kvm -device virtio-serial-pci -monitor stdio -vnc :1
QEMU 2.0.91 monitor - type 'help' for more information
(qemu) device_add virtconsole,id=p1
(qemu) device_del p1
(qemu) device_add virtserialport,id=p1
Port number 0 on virtio-serial devices reserved for virtconsole devices for backward compatibility.
Device 'virtserialport' could not be initialized
(qemu) quit
Reported-by: dengmin <mdeng@redhat.com>
Reviewed-by: Amos Kong <akong@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Amit Shah [Fri, 11 Jul 2014 12:40:45 +0000 (18:10 +0530)]
vmstate static checker: detect section renames
Commit
292b1634 changed the section name of "ICH9 LPC" to "ICH9-LPC",
and that causes the static checker to flag this:
Section "ICH9 LPC" does not exist in dest
This patch introduces a function that checks for section renames and
also a dictionary that maps those renames.
Reported-by: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
---
This is a small patch to a script; doesn't break qemu and helps with the
static checker, so it's a very low-risk patch for 2.1.
Peter Maydell [Tue, 15 Jul 2014 17:55:37 +0000 (18:55 +0100)]
Update version for v2.1.0-rc2 release
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 15 Jul 2014 17:30:41 +0000 (18:30 +0100)]
tests/Makefile: Only run vhost-user-test on Linux
vhost-user-test uses the linux/vhost.h header, so it must only be
enabled if CONFIG_LINUX is defined. (Previously it was enabled
for CONFIG_POSIX, which broke 'make check' on MacOSX.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Ricky Zhou [Mon, 14 Jul 2014 20:54:47 +0000 (13:54 -0700)]
target-i386: Allow execute from user mode when SMEP is enabled.
Previously, execute would be disabled for all pages with SMEP enabled,
regardless of what mode the access took place in.
Signed-off-by: Ricky Zhou <ricky@rzhou.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Peter Maydell [Tue, 15 Jul 2014 15:49:28 +0000 (16:49 +0100)]
Merge remote-tracking branch 'remotes/riku/linux-user-for-upstream' into staging
* remotes/riku/linux-user-for-upstream:
linux-user: use TARGET_SA_ONSTACK in get_sigframe
alloca one extra byte sockets
linux-user: handle AF_PACKET sockaddrs in target_to_host_sockaddr
qemu-user: Impl. setsockopt(SO_BINDTODEVICE)
SIOCGIFINDEX: fix typo
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 15 Jul 2014 14:51:12 +0000 (15:51 +0100)]
Merge remote-tracking branch 'remotes/agraf/tags/signed-ppc-for-upstream' into staging
Patch queue for ppc - 2014-07-15
Some more bug fixes during the RC phase:
- Fix huge page mapping regressions
- Fix Book3S thread number enumeration
- Fix Book3S VFIO permission issue
# gpg: Signature made Tue 15 Jul 2014 15:13:54 BST using RSA key ID
03FEDC60
# gpg: Can't check signature: public key not found
* remotes/agraf/tags/signed-ppc-for-upstream:
sPAPR/IOMMU: Fix TCE entry permission
spapr: Enable use of huge pages
spapr: Move RMA memory region registration code
ppc: memory: Replace memory_region_init_ram with memory_region_allocate_system_memory
target-ppc: Fix number of threads per core limit
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Gavin Shan [Mon, 14 Jul 2014 12:09:43 +0000 (22:09 +1000)]
sPAPR/IOMMU: Fix TCE entry permission
The permission of TCE entry should exclude physical base address.
Otherwise, unmapping TCE entry can be interpreted to mapping TCE
entry wrongly for VFIO devices.
Signed-off-by: Gavin Shan <gwshan@linux.vnet.ibm.com>
Acked-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Alexey Kardashevskiy [Thu, 10 Jul 2014 15:03:42 +0000 (01:03 +1000)]
spapr: Enable use of huge pages
0b183fc87 "memory: move mem_path handling to
memory_region_allocate_system_memory" disabled -mempath use for all
machines that do not use memory_region_allocate_system_memory() to
register RAM. Since SPAPR uses memory_region_init_ram(), the huge pages
support was disabled for it.
This replaces memory_region_init_ram()+vmstate_register_ram_global() with
memory_region_allocate_system_memory() to get huge pages back.
This changes RAM size from (ram_limit - rma_alloc_size) to ram_limit as
the previous patch moved RMA memory region allocation after RAM allocation
and therefore this change does not have immediate effect but simplifies
the code.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
Alexey Kardashevskiy [Thu, 10 Jul 2014 15:03:41 +0000 (01:03 +1000)]
spapr: Move RMA memory region registration code
PPC970 does not support VRMA (virtual RMA) so real memory required
for SLOF to execute must be allocated by the KVM_ALLOCATE_RMA ioctl.
Later this memory is used as a part of the guest RAM area.
The RMA allocating code also registers a memory region for this piece
of RAM.
We are going to simplify memory regions layout: RMA memory region
will be a subregion in the RAM memory region, both starting from zero.
This way we will not have to take care of start address alignment for
the piece of RAM next to the RMA.
This moves memory region business closer to the RAM memory region
creation/allocation code.
As this is a mechanical patch, no change in behaviour is expected.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
[agraf: fix compilation on non-kvm systems]
Signed-off-by: Alexander Graf <agraf@suse.de>
Shreyas B. Prabhu [Thu, 10 Jul 2014 12:01:03 +0000 (17:31 +0530)]
ppc: memory: Replace memory_region_init_ram with memory_region_allocate_system_memory
Commit
0b183fc871:"memory: move mem_path handling to
memory_region_allocate_system_memory" split memory_region_init_ram and
memory_region_init_ram_from_file. Also it moved mem-path handling a step
up from memory_region_init_ram to memory_region_allocate_system_memory.
Therefore for any board that uses memory_region_init_ram directly,
-mem-path is not supported.
Fix this by replacing memory_region_init_ram with
memory_region_allocate_system_memory.
Signed-off-by: Shreyas B. Prabhu <shreyas@linux.vnet.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Alexey Kardashevskiy [Wed, 9 Jul 2014 14:40:56 +0000 (00:40 +1000)]
target-ppc: Fix number of threads per core limit
The number of threads per core is different for POWER6/7/8 CPUs.
Guest systems do not expect to see more threads per core than
a specific CPU supports so we need to limit this number.
This limit is implemented by ppc_get_compat_smt_threads().
However it has a problem as it checks for PCR (Processor Compatibility
Register) mask, 2.05 means 2 threads per core, 2.06 - 4 threads.
For POWER8 one would expect PCR_COMPAT_2_07 bit set and
ppc_get_compat_smt_threads() checking for it to return 8 threads
per core. But the latest PowerISA spec now is 2.07 and there is
no 2.07 compatibility mode defined, QEMU does not define it either
(will be in PowerISA 2.08).
Instead of relying on a PCR mask, this uses kvmppc_smt_threads()
which returns the maximum supported threads number for KVM or
1 for TCG.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
Riku Voipio [Tue, 15 Jul 2014 14:01:55 +0000 (17:01 +0300)]
linux-user: use TARGET_SA_ONSTACK in get_sigframe
As reported by Laurent, which should use TARGET_SA_ONSTACK
on arm, microblaze and openrisc targets like we do on all
others. Practical matter is minimal as for almost all archs
SA_ONSTACK is 0x08000000:
http://lxr.free-electrons.com/ident?i=SA_ONSTACK
Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Peter Maydell [Tue, 15 Jul 2014 14:06:17 +0000 (15:06 +0100)]
Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging
Block pull request
# gpg: Signature made Tue 15 Jul 2014 14:49:01 BST using RSA key ID
81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>"
* remotes/stefanha/tags/block-pull-request:
virtio-blk: dataplane: notify guest as a batch
virtio-blk: data-plane: fix save/set .complete_request in start
linux-aio: Fix laio resource leak
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Ming Lei [Sat, 12 Jul 2014 04:08:53 +0000 (12:08 +0800)]
virtio-blk: dataplane: notify guest as a batch
Now requests are submitted as a batch, so it is natural
to notify guest as a batch too.
This may suppress interrupt notification to VM a lot:
- in my test, decreased by ~13K/sec
Signed-off-by: Ming Lei <ming.lei@canonical.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Ming Lei [Sat, 12 Jul 2014 04:08:52 +0000 (12:08 +0800)]
virtio-blk: data-plane: fix save/set .complete_request in start
The callback has to be saved and reset in virtio_blk_data_plane_start(),
otherwise dataplane's requests will be completed in qemu aio context.
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Ming Lei <ming.lei@canonical.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Gonglei [Sat, 12 Jul 2014 03:43:37 +0000 (11:43 +0800)]
linux-aio: Fix laio resource leak
when hotplug virtio-scsi disks using laio, the aio_nr will
increase in laio_init() by io_setup(), we can see the number by
# cat /proc/sys/fs/aio-nr
128
if the aio_nr attach the maxnum, which found from
# cat /proc/sys/fs/aio-max-nr
65536
the hotplug process will fail because of aio context leak.
Fix it by io_destroy in laio_cleanup().
Reported-by: daifulai <daifulai@huawei.com>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Joakim Tjernlund [Fri, 11 Jul 2014 15:18:03 +0000 (17:18 +0200)]
alloca one extra byte sockets
target_to_host_sockaddr() may increase the lenth with 1 byte
for AF_UNIX sockets so allocate 1 extra byte.
Signed-off-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Joakim Tjernlund [Sat, 12 Jul 2014 13:47:07 +0000 (15:47 +0200)]
linux-user: handle AF_PACKET sockaddrs in target_to_host_sockaddr
Implement conversion of the AF_PACKET sockaddr subtype
in target_to_host_sockaddr.
Signed-off-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Joakim Tjernlund [Sat, 12 Jul 2014 13:47:06 +0000 (15:47 +0200)]
qemu-user: Impl. setsockopt(SO_BINDTODEVICE)
Signed-off-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Joakim Tjernlund [Fri, 11 Jul 2014 01:02:02 +0000 (03:02 +0200)]
SIOCGIFINDEX: fix typo
Wrong type was used in ioctl definition.
Signed-off-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Andreas Färber [Mon, 14 Jul 2014 15:38:18 +0000 (17:38 +0200)]
libqos: Fix PC PCI endianness glitches
The libqos implementation of io_read{b,w,l} and io_write{b,w,l} hooks
was relying on qtest_mem{read,write}() respectively. With d81d410 (usb:
improve ehci/uhci test) this resulted in assertion failures on ppc hosts:
ERROR:tests/usb-hcd-ehci-test.c:78:ehci_port_test: assertion failed: ((value & mask) == (expect & mask))
ERROR:tests/usb-hcd-ehci-test.c:128:pci_uhci_port_2: assertion failed: (pcibus != NULL)
ERROR:tests/usb-hcd-ehci-test.c:150:pci_ehci_port_2: assertion failed: (pcibus != NULL)
qtest_read{b,w,l,q}() and qtest_write{b,w,l,q}() had been introduced
as endian-safe replacement for qtest_mem{read,write}() in I2C in
872536b (qtest: Add MMIO support). Use them for PCI as well.
Cc: Anthony Liguori <aliguori@amazon.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Fixes: c4efe1c qtest: add libqos including PCI support
Fixes: d81d410 usb: improve ehci/uhci test
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Mon, 14 Jul 2014 16:01:45 +0000 (17:01 +0100)]
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
Misc 2.1 fixes regarding character/serial devices and SCSI.
# gpg: Signature made Mon 14 Jul 2014 16:26:08 BST using RSA key ID
9B4D86F2
# gpg: Can't check signature: public key not found
* remotes/bonzini/tags/for-upstream:
serial-pci: remove memory regions from BAR before destroying them
virtio-scsi: fix with -M pc-i440fx-2.0
serial: change retry logic to avoid concurrency
qemu-char: fix deadlock with "-monitor pty"
scsi: Report error when lun number is in use
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Paolo Bonzini [Wed, 25 Jun 2014 18:21:37 +0000 (20:21 +0200)]
serial-pci: remove memory regions from BAR before destroying them
Otherwise, hot-unplug of pci-serial-2x trips the assertion
in memory_region_destroy:
(qemu) device_del gg
(qemu) qemu-system-x86_64: /work/armbru/tmp/qemu/memory.c:1021: memory_region_destroy: Assertion `((&mr->subregions)->tqh_first == ((void *)0))' failed.
Aborted (core dumped)
Reported-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Mon, 14 Jul 2014 10:03:09 +0000 (12:03 +0200)]
virtio-scsi: fix with -M pc-i440fx-2.0
Right now starting a machine with virtio-scsi and a <= 2.0 machine type
fails with:
qemu-system-x86_64: -device virtio-scsi-pci: Property .any_layout not found
This is because the any_layout bit was actually never set after
virtio-scsi was changed to support arbitrary layout for virtio buffers.
(This was just a cleanup and a preparation for virtio 1.0; no guest
actually checks the bit, but the new request parsing algorithms are
tested even with old guest).
Reported-by: David Gilbert <dgilbert@redhat.com>
Reviewed-by: David Gilbert <dgilbert@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Kirill Batuzov [Fri, 11 Jul 2014 09:41:08 +0000 (13:41 +0400)]
serial: change retry logic to avoid concurrency
Whenever serial_xmit fails to transmit a byte it adds a watch that would
call it again when the "line" becomes ready. This results in a retry
chain:
serial_xmit -> add_watch -> serial_xmit
Each chain is able to transmit one character, and for every character
passed to serial by the guest driver a new chain is spawned.
The problem lays with the fact that a new chain is spawned even when
there is one already waiting on the watch. So there can be several retry
chains waiting concurrently on one "line". Every chain tries to transmit
current character, so character order is not messed up. But also every
chain increases retry counter (tsr_retry). If there are enough
concurrent chains this counter will hit MAX_XMIT_RETRY value and
the character will be dropped.
To reproduce this bug you need to feed serial output to some program
consuming it slowly enough. A python script from bug #1335444
description is an example of such program.
This commit changes retry logic in the following way to avoid
concurrency: instead of spawning a new chain for each character being
transmitted spawn only one and make it transmit characters until FIFO is
empty.
The change consists of two parts:
- add a do {} while () loop in serial_xmit (diff is a bit erratic
for this part, diff -w will show actual change),
- do not call serial_xmit from serial_ioport_write if there is one
waiting on the watch already.
This should fix another issue causing bug #1335444.
Signed-off-by: Kirill Batuzov <batuzovk@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Fri, 11 Jul 2014 10:11:38 +0000 (12:11 +0200)]
qemu-char: fix deadlock with "-monitor pty"
qemu_chr_be_generic_open cannot be called with the write lock taken,
because it calls client code that may call qemu_chr_fe_write. This
actually happens for the monitor:
0x00007ffff27dbf79 in __GI_raise (sig=sig@entry=6)
0x00007ffff27df388 in __GI_abort ()
0x00005555555ef489 in error_exit (err=<optimized out>, msg=msg@entry=0x5555559796d0 <__func__.5959> "qemu_mutex_lock")
0x00005555558f9080 in qemu_mutex_lock (mutex=mutex@entry=0x555556248a30)
0x0000555555713936 in qemu_chr_fe_write (s=0x555556248a30, buf=buf@entry=0x5555563d8870 "QEMU 2.0.90 monitor - type 'help' for more information\r\n", len=56)
0x00005555556217fd in monitor_flush_locked (mon=mon@entry=0x555556251fd0)
0x0000555555621a12 in monitor_flush_locked (mon=0x555556251fd0)
monitor_puts (mon=mon@entry=0x555556251fd0, str=0x55555634bfa7 "", str@entry=0x55555634bf70 "QEMU 2.0.90 monitor - type 'help' for more information\n")
0x0000555555624359 in monitor_vprintf (mon=0x555556251fd0, fmt=<optimized out>, ap=<optimized out>)
0x0000555555624414 in monitor_printf (mon=<optimized out>, fmt=fmt@entry=0x5555559105a0 "QEMU %s monitor - type 'help' for more information\n")
0x0000555555629806 in monitor_event (opaque=0x555556251fd0, event=<optimized out>)
0x000055555571343c in qemu_chr_be_generic_open (s=0x555556248a30)
To avoid this, defer the call to an idle callback, which will be
called as soon as the main loop is re-entered. In order to simplify
the cleanup and do it in one place only, change pty_chr_close to
call pty_chr_state.
To reproduce, run with "-monitor pty", then try to read from the
slave /dev/pts/FOO that it creates.
Fixes:
9005b2a7589540a3733b3abdcfbccfe7746cd1a1
Reported-by: Li Liang <liangx.z.li@intel.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Peter Maydell [Mon, 14 Jul 2014 12:09:29 +0000 (13:09 +0100)]
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
Block patches for 2.1.0-rc2 (v2)
# gpg: Signature made Mon 14 Jul 2014 11:04:12 BST using RSA key ID
C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"
* remotes/kevin/tags/for-upstream: (22 commits)
ide: Treat read/write beyond end as invalid
virtio-blk: Treat read/write beyond end as invalid
virtio-blk: Bypass error action and I/O accounting on invalid r/w
virtio-blk: Factor common checks out of virtio_blk_handle_read/write()
dma-helpers: Fix too long qiov
qtest: fix vhost-user-test compilation with old GLib
tests: Fix unterminated string output visitor enum human string
AioContext: do not rely on aio_poll(ctx, true) result to end a loop
virtio-blk: embed VirtQueueElement in VirtIOBlockReq
virtio-blk: avoid g_slice_new0() for VirtIOBlockReq and VirtQueueElement
dataplane: do not free VirtQueueElement in vring_push()
virtio-blk: avoid dataplane VirtIOBlockReq early free
block: Assert qiov length matches request length
qed: Make qiov match request size until backing file EOF
qcow2: Make qiov match request size until backing file EOF
block: Make qiov match the request size until EOF
AioContext: speed up aio_notify
test-aio: fix GSource-based timer test
block: drop aio functions that operate on the main AioContext
block: prefer aio_poll to qemu_aio_wait
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Mon, 14 Jul 2014 10:04:11 +0000 (11:04 +0100)]
Merge remote-tracking branch 'remotes/cohuck/tags/s390x-
20140714' into staging
A s390x/kvm bugfix for missing floating point register synchronization.
# gpg: Signature made Mon 14 Jul 2014 08:21:54 BST using RSA key ID
C6F02FAF
# gpg: Can't check signature: public key not found
* remotes/cohuck/tags/s390x-
20140714:
s390x/kvm: synchronize guest floating point registers
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Markus Armbruster [Wed, 9 Jul 2014 17:07:32 +0000 (19:07 +0200)]
ide: Treat read/write beyond end as invalid
The block layer fails such reads and writes just fine. However, they
then get treated like valid operations that fail: the error action
gets executed. Unwanted; reporting the error to the guest is the only
sensible action.
Reject them before passing them to the block layer. This bypasses the
error action and I/O accounting. Not quite correct for DMA, because
DMA can fail after some success, and when that happens, the part that
succeeded isn't counted. Tolerable, because I/O accounting is an
inconsistent mess anyway.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Markus Armbruster [Wed, 9 Jul 2014 17:07:31 +0000 (19:07 +0200)]
virtio-blk: Treat read/write beyond end as invalid
The block layer fails such reads and writes just fine. However, they
then get treated like valid operations that fail: the error action
gets executed. Unwanted; reporting the error to the guest is the only
sensible action.
Reject them before passing them to the block layer. This bypasses the
error action and I/O accounting.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Markus Armbruster [Wed, 9 Jul 2014 17:07:30 +0000 (19:07 +0200)]
virtio-blk: Bypass error action and I/O accounting on invalid r/w
When a device model's I/O operation fails, we execute the error
action. This lets layers above QEMU implement thin provisioning, or
attempt to correct errors before they reach the guest. But when the
I/O operation fails because it's invalid, reporting the error to the
guest is the only sensible action.
If the guest's read or write asks for an invalid sector range, fail
the request right away, without considering the error action. No
change with error action BDRV_ACTION_REPORT.
Furthermore, bypass I/O accounting, because we want to track only I/O
that actually reaches the block layer.
The next commit will extend "invalid sector range" to cover attempts
to read/write beyond the end of the medium.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Markus Armbruster [Wed, 9 Jul 2014 17:07:29 +0000 (19:07 +0200)]
virtio-blk: Factor common checks out of virtio_blk_handle_read/write()
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Kevin Wolf [Wed, 9 Jul 2014 17:17:30 +0000 (19:17 +0200)]
dma-helpers: Fix too long qiov
If the size of the scatter/gather list isn't a multiple of 512, the
number of sectors for the block layer request is rounded down, resulting
in a qiov that doesn't match the request length. Truncate the qiov to the
new length of the request.
This fixes the IDE qtest case /x86_64/ide/bmdma/short_prdt.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Nikolay Nikolaev [Wed, 9 Jul 2014 15:06:32 +0000 (18:06 +0300)]
qtest: fix vhost-user-test compilation with old GLib
Mising G_TIME_SPAN_SECOND definition breaks the RHEL6 compilation as GLib
version before 2.26 does not have it. In such case just define it.
Reported-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Nikolay Nikolaev <n.nikolaev@virtualopensystems.com>
Tested-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Andreas Färber [Wed, 9 Jul 2014 20:28:49 +0000 (22:28 +0200)]
tests: Fix unterminated string output visitor enum human string
The buffer was being allocated of size string length plus two.
Around the string two quotes were being added, but no terminating NUL.
It was then compared using g_assert_cmpstr(), resulting in fairly random
assertion failures:
ERROR:tests/test-string-output-visitor.c:213:test_visitor_out_enum: assertion failed (str == str_human): ("\"value1\"" == "\"value1\"\
001EEEEEEEEEEEEEE\0171")
There is no g_assert_cmpnstr() counterpart, so use g_strdup_printf()
for safely assembling the string in the first place.
Cc: Hu Tao <hutao@cn.fujitsu.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Suggested-by: Eric Blake <eblake@redhat.com>
Fixes: b4900c0 tests: add human format test for string output visitor
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Paolo Bonzini [Wed, 9 Jul 2014 08:49:46 +0000 (10:49 +0200)]
AioContext: do not rely on aio_poll(ctx, true) result to end a loop
Currently, whenever aio_poll(ctx, true) has completed all pending
work it returns true *and* the next call to aio_poll(ctx, true)
will not block.
This invariant has its roots in qemu_aio_flush()'s implementation
as "while (qemu_aio_wait()) {}". However, qemu_aio_flush() does
not exist anymore and bdrv_drain_all() is implemented differently;
and this invariant is complicated to maintain and subtly different
from the return value of GMainLoop's g_main_context_iteration.
All calls to aio_poll(ctx, true) except one are guarded by a
while() loop checking for a request to be incomplete, or a
BlockDriverState to be idle. The one remaining call (in
iothread.c) uses this to delay the aio_context_release/acquire
pair until the AioContext is quiescent, however:
- we can do the same just by using non-blocking aio_poll,
similar to how vl.c invokes main_loop_wait
- it is buggy, because it does not ensure that the AioContext
is released between an aio_notify and the next time the
iothread goes to sleep. This leads to hangs when stopping
the dataplane thread.
In the end, these semantics are a bad match for the current
users of AioContext. So modify that one exception in iothread.c,
which also fixes the hangs, as well as the testcase so that
it use the same idiom as the actual QEMU code.
Reported-by: Christian Borntraeger <borntraeger@de.ibm.com>
Tested-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Hajnoczi [Wed, 9 Jul 2014 08:05:49 +0000 (10:05 +0200)]
virtio-blk: embed VirtQueueElement in VirtIOBlockReq
The memory allocation between hw/block/virtio-blk.c,
hw/block/dataplane/virtio-blk.c, and hw/virtio/dataplane/vring.c is
messy. Structs are allocated in different files than they are freed in.
This is risky and makes memory leaks easier.
Embed VirtQueueElement in VirtIOBlockReq to reduce the amount of memory
allocation we need to juggle. This also makes vring.c and virtio.c
slightly more similar.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Hajnoczi [Wed, 9 Jul 2014 08:05:48 +0000 (10:05 +0200)]
virtio-blk: avoid g_slice_new0() for VirtIOBlockReq and VirtQueueElement
In commit
de6c8042ec55da18702fa51f09072fcaa315edc3 ("virtio-blk: Avoid
zeroing every request structure") we avoided the 40 KB memset when
allocating VirtIOBlockReq.
The memset was reintroduced in commit
671ec3f056559f22a2531a91dce3a258b9b5eb8a ("virtio-blk: Convert
VirtIOBlockReq.elem to pointer").
It must be fixed again to avoid a performance regression.
Cc: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Hajnoczi [Wed, 9 Jul 2014 08:05:47 +0000 (10:05 +0200)]
dataplane: do not free VirtQueueElement in vring_push()
VirtQueueElement is allocated in vring_pop() so it seems to make sense
that vring_push() should free it. Alas, virtio-blk frees
VirtQueueElement itself in virtio_blk_free_request().
This patch solves a double-free assertion in glib's g_slice_free().
Rename vring_free_element() to vring_unmap_element() since it no longer
frees the VirtQueueElement.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Tested-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Hajnoczi [Wed, 9 Jul 2014 08:05:46 +0000 (10:05 +0200)]
virtio-blk: avoid dataplane VirtIOBlockReq early free
VirtIOBlockReq is freed later by virtio_blk_free_request() in
hw/block/virtio-blk.c. Remove this extraneous g_slice_free().
This patch fixes the following segfault:
0x00005555556373af in virtio_blk_rw_complete (opaque=0x5555565ff5e0, ret=0) at hw/block/virtio-blk.c:99
99 bdrv_acct_done(req->dev->bs, &req->acct);
(gdb) print req
$1 = (VirtIOBlockReq *) 0x5555565ff5e0
(gdb) print req->dev
$2 = (VirtIOBlock *) 0x0
(gdb) bt
#0 0x00005555556373af in virtio_blk_rw_complete (opaque=0x5555565ff5e0, ret=0) at hw/block/virtio-blk.c:99
#1 0x0000555555840ebe in bdrv_co_em_bh (opaque=0x5555566152d0) at block.c:4675
#2 0x000055555583de77 in aio_bh_poll (ctx=ctx@entry=0x5555563a8150) at async.c:81
#3 0x000055555584b7a7 in aio_poll (ctx=0x5555563a8150, blocking=blocking@entry=true) at aio-posix.c:188
#4 0x00005555556e520e in iothread_run (opaque=0x5555563a7fd8) at iothread.c:41
#5 0x00007ffff42ba124 in start_thread () from /usr/lib/libpthread.so.0
#6 0x00007ffff16d14bd in clone () from /usr/lib/libc.so.6
Reported-by: Max Reitz <mreitz@redhat.com>
Cc: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Tested-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Kevin Wolf [Tue, 1 Jul 2014 14:09:54 +0000 (16:09 +0200)]
block: Assert qiov length matches request length
At least raw-posix relies on this because it can allocate bounce buffers
based on the request length, but access it using all of the qiov entries
later.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Kevin Wolf [Fri, 4 Jul 2014 15:11:28 +0000 (17:11 +0200)]
qed: Make qiov match request size until backing file EOF
If a QED image has a shorter backing file and a read request to
unallocated clusters goes across EOF of the backing file, the backing
file sees a shortened request and the rest is filled with zeros.
However, the original too long qiov was used with the shortened request.
This patch makes the qiov size match the request size, avoiding a
potential buffer overflow in raw-posix.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Kevin Wolf [Thu, 3 Jul 2014 12:43:32 +0000 (14:43 +0200)]
qcow2: Make qiov match request size until backing file EOF
If a qcow2 image has a shorter backing file and a read request to
unallocated clusters goes across EOF of the backing file, the backing
file sees a shortened request and the rest is filled with zeros.
However, the original too long qiov was used with the shortened request.
This patch makes the qiov size match the request size, avoiding a
potential buffer overflow in raw-posix.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Kevin Wolf [Thu, 3 Jul 2014 11:21:24 +0000 (13:21 +0200)]
block: Make qiov match the request size until EOF
If a read request goes across EOF, the block driver sees a shortened
request that stops at EOF (the rest is memsetted in block.c), however
the original qiov was used for this request.
This patch makes the qiov size match the request size, avoiding a
potential buffer overflow in raw-posix.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Fam Zheng [Tue, 10 Jun 2014 06:55:58 +0000 (14:55 +0800)]
scsi: Report error when lun number is in use
In the case that the lun number is taken by another scsi device, don't
release the existing device siliently, but report an error to user.
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Jason J. Herne [Thu, 29 Nov 2012 15:09:42 +0000 (10:09 -0500)]
s390x/kvm: synchronize guest floating point registers
Add code to kvm_arch_get_registers and kvm_arch_put_registers to
save/restore floating point registers. This missing sync was
unnoticed until migration of userspace that uses fprs.
Signed-off-by: Jason J. Herne <jjherne@us.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
[Update patch to latest upstream]
Cc: qemu-stable@nongnu.org
Reviewed-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Nikolay Nikolaev [Wed, 9 Jul 2014 15:06:32 +0000 (18:06 +0300)]
qtest: fix vhost-user-test compilation with old GLib
Mising G_TIME_SPAN_SECOND definition breaks the RHEL6 compilation as GLib
version before 2.26 does not have it. In such case just define it.
Reported-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Nikolay Nikolaev <n.nikolaev@virtualopensystems.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Hu Tao [Thu, 13 Jun 2013 10:51:48 +0000 (18:51 +0800)]
fix typo: apci -> acpi
Signed-off-by: Hu Tao <hutao@cn.fujitsu.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
MST: rebase
Eduardo Habkost [Mon, 7 Jul 2014 18:30:52 +0000 (15:30 -0300)]
pc_piix: Reuse pc_compat_1_2() for pc-0.1[0123]
pc-0.13 and older were missing some compat code that was present on
newer machine-types:
* x86_cpu_compat_disable_kvm_features(FEAT_1_ECX, CPUID_EXT_X2APIC);
(pc-i440fx-1.7 and older)
(added by commit
ef02ef5f4536dba090b12360a6c862ef0e57e3bc)
* x86_cpu_compat_set_features("n270", FEAT_1_ECX, 0, CPUID_EXT_MOVBE);
(pc-i440fx-1.4 and older)
(added by commit
4458c23672904fa131e69897007eeb7c953be7e5
* x86_cpu_compat_set_features("Westmere", FEAT_1_ECX, 0, CPUID_EXT_PCLMULQDQ);
(pc-i440fx-1.4 and older)
(added by commit
56383703c060777fd01aaf8d63d5f46d660e9fb9)
Instead of duplicating the code from the previous pc_compat_*()
functions, we can now reuse pc_compat_1_2() and fix those issues.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Igor Mammedov [Tue, 8 Jul 2014 13:29:46 +0000 (15:29 +0200)]
pc: fix qemu exiting with error when -m X < 128 with old machines types
If machine doesn't support memory hotplug then staring QEMU
with initial memory less than default will make QEMU exit with
following error message:
$QEMU -m 16 -M isapc
qemu-system-i386: "-memory 'slots|maxmem'" is not supported by: isapc
Set maxram_size to initial memory value before parsing
'maxmem' option allows to keep maxmem in sync with initial
memory size if no maxmem option was specified.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
CC: Bruce Rogers <brogers@suse.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Peter Maydell [Fri, 11 Jul 2014 16:50:38 +0000 (17:50 +0100)]
Merge remote-tracking branch 'remotes/kraxel/tags/pull-vga-
20140711-1' into staging
vga: some cirrus fixes.
# gpg: Signature made Fri 11 Jul 2014 10:38:32 BST using RSA key ID
D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
* remotes/kraxel/tags/pull-vga-
20140711-1:
cirrus: Fix host CPU blits
cirrus: Fix build of debug code
cirrus_vga: adding sanity check for vram size
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Fri, 11 Jul 2014 15:01:38 +0000 (16:01 +0100)]
Merge remote-tracking branch 'remotes/kraxel/tags/pull-usb-
20140711-1' into staging
mtp: linux guest detection fix
# gpg: Signature made Fri 11 Jul 2014 11:32:20 BST using RSA key ID
D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
* remotes/kraxel/tags/pull-usb-
20140711-1:
mtp: linux guest detection fix.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Fri, 11 Jul 2014 13:50:18 +0000 (14:50 +0100)]
Merge remote-tracking branch 'remotes/spice/tags/pull-spice-
20140711-1' into staging
spice: auth fixes
# gpg: Signature made Fri 11 Jul 2014 10:17:15 BST using RSA key ID
D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
* remotes/spice/tags/pull-spice-
20140711-1:
spice: auth fixes
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Fri, 11 Jul 2014 12:48:07 +0000 (13:48 +0100)]
Merge remote-tracking branch 'remotes/kraxel/tags/pull-gtk-
20140711-1' into staging
ui/gtk: Restore keyboard focus after Page change
# gpg: Signature made Fri 11 Jul 2014 09:46:21 BST using RSA key ID
D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
* remotes/kraxel/tags/pull-gtk-
20140711-1:
ui/gtk: Restore keyboard focus after Page change
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Gerd Hoffmann [Tue, 1 Jul 2014 15:49:25 +0000 (17:49 +0200)]
mtp: linux guest detection fix.
Attach a name to the MTP interface (android phones have this too).
With this patch recent linux guests such as fedora 20 happily detect and
use the device. It shows up in nautilus file manager automatically, and
simple-mtpfs can mount it.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
John Snow [Tue, 8 Jul 2014 18:28:57 +0000 (14:28 -0400)]
ui/gtk: Restore keyboard focus after Page change
(Resending for correct email addresses via MAINTAINERS ...)
In the GTK UI, after changing focus to the qemu monitor Notebook Page,
when restoring focus to the virtual machine page, the keyboard focus is lost
to a hidden GTK widget. Focus can only be restored to the virtual machine by
pressing "tab" or any of the four directional arrow keys.
Clicking in the window or grabbing/ungrabbing input does not restore keyboard
focus to the child widget.
This patch adjusts the Notebook page switching callback to automatically
steal keyboard focus on the Page switch event, so that keyboard input
does not appear to break or disappear after tabbing to the QEMU monitor.
Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Benjamin Herrenschmidt [Mon, 7 Jul 2014 00:32:34 +0000 (10:32 +1000)]
cirrus: Fix host CPU blits
Commit
b2eb849d4b1fdb6f35d5c46958c7f703cf64cfef
"CVE-2007-1320 - Cirrus LGD-54XX "bitblt" heap overflow" broke
cpu to video blits.
When the ROP function is called from cirrus_bitblt_cputovideo_next(),
we pass 0 for the pitch but only operate on one line at a time. The
added test was tripping because after the initial substraction, the
pitch becomes negative. Make the test only trip when the height is
larger than one (ie. the pitch is actually used).
This fixes HW cursor support in Windows NT4.0 (which otherwise was
a white rectangle) and general display of icons in that OS when using
8bpp mode.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Benjamin Herrenschmidt [Wed, 2 Jul 2014 10:32:08 +0000 (20:32 +1000)]
cirrus: Fix build of debug code
Use PRIu64 to print uint64_t
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Gonglei [Mon, 12 May 2014 07:10:38 +0000 (15:10 +0800)]
cirrus_vga: adding sanity check for vram size
when configure a invalid vram size for cirrus card, such as less
2 MB, which will crash qemu. Follow the real hardware, the cirrus
card has 4 MB video memory. Also for backward compatibility, accept
8 MB and 16 MB vram size.
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Gerd Hoffmann [Wed, 2 Jul 2014 10:56:42 +0000 (12:56 +0200)]
spice: auth fixes
Set auth to sasl when sasl is enabled, this makes "info spice" correctly
display sasl auth. Also throw an error in case someone tries to set
a spice password via monitor without auth mode being "spice".
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Peter Maydell [Thu, 10 Jul 2014 16:37:16 +0000 (17:37 +0100)]
Merge remote-tracking branch 'remotes/kvm/uq/master' into staging
* remotes/kvm/uq/master:
qtest: fix vhost-user-test compilation with old GLib
mc146818rtc: register the clock reset notifier on the right clock
oslib-posix: Fix new compiler error with -Wclobbered
target-i386: Add "kvmclock-stable-bit" feature bit name
Enforce stack protector usage
watchdog: fix deadlock with -watchdog-action pause
mips_malta: Catch kernels linked at wrong address
mips_malta: Remove incorrect KVM T&E references
mips/kvm: Disable FPU on reset with KVM
mips/kvm: Init EBase to correct KSEG0
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Nikolay Nikolaev [Wed, 9 Jul 2014 15:06:32 +0000 (18:06 +0300)]
qtest: fix vhost-user-test compilation with old GLib
Mising G_TIME_SPAN_SECOND definition breaks the RHEL6 compilation as GLib
version before 2.26 does not have it. In such case just define it.
Reported-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Nikolay Nikolaev <n.nikolaev@virtualopensystems.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Tue, 8 Jul 2014 05:42:05 +0000 (07:42 +0200)]
mc146818rtc: register the clock reset notifier on the right clock
Commit 884f17c (aio / timers: Convert rtc_clock to be a QEMUClockType,
2013-08-21) erroneously changed an occurrence of rtc_clock to
QEMU_CLOCK_REALTIME, which broke the RTC reset notifier in
mc146818rtc. Fix this.
I redid the patch myself since the original reporter did not sign
off on his.
Cc: qemu-stable@nongnu.org
Reported-by: Lb peace <peaceustc@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Stefan Weil [Tue, 24 Jun 2014 20:52:29 +0000 (22:52 +0200)]
oslib-posix: Fix new compiler error with -Wclobbered
Newer versions of gcc report a warning (or an error with -Werror) when
compiler option -Wclobbered (or -Wextra) is active:
util/oslib-posix.c:372:12: error:
variable ‘hpagesize’ might be clobbered by ‘longjmp’ or ‘vfork’ [-Werror=clobbered]
The rewritten code fixes this warning: variable 'hpagesize' is now set and
used in a block without any call of sigsetjmp or similar functions.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>