review.tizen.org Git - sdk/emulator/qemu.git/log

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

virtio update

looks like a quiet week
minor bugfix in virtio by myself

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Tue 13 May 2014 14:37:23 BST using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"

* remotes/mst/tags/for_upstream:
virtio: allow mapping up to max queue size

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/juanquintela/tags/migration/20140515' into staging

migration/next for 20140515

# gpg: Signature made Thu 15 May 2014 02:32:25 BST using RSA key ID 5872D723
# gpg: Can't check signature: public key not found

* remotes/juanquintela/tags/migration/20140515:
  usb: fix up post load checks
  migration: show average throughput when migration finishes
  savevm: Remove all the unneeded version_minimum_id_old (rest)
  savevm: Remove all the unneeded version_minimum_id_old (usb)
  Split ram_save_block
  arch_init: Simplify code for load_xbzrle()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/rth/fix-mov' into staging

* remotes/rth/fix-mov:
tcg: Fix tcg_reg_alloc_mov vs no-op truncation

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20140513' into staging

target-arm queue:
* update libvixl to 1.4
* remove version_minimum_id_old from ARM devices
* stellaris_enet tx/rx/migration overhaul
* various minor fixes for coverity issues

# gpg: Signature made Tue 13 May 2014 16:25:12 BST using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"

* remotes/pmaydell/tags/pull-target-arm-20140513:
  hw/arm/omap_gpmc: Avoid buffer overrun filling prefetch FIFO
  hw/arm/stellaris: Correct handling of GPTM TAR register
  hw/timer/exynos4210_mct: Avoid overflow in exynos4210_ltick_recalc_count
  hw/dma/omap_dma: Add (uint32_t) casts when shifting uint16_t by 16
  hw/arm/omap1: Avoid unintended sign extension writing omap_rtc YEARS_REG
  hw/net/cadence_gem: Remove dead code
  hw/intc/allwinner-a10-pic: Add missing 'break'
  target-arm/helper.c: Don't flush the TLB if SCTLR is rewritten unchanged
  hw/net/stellaris_enet: Convert to vmstate
  hw/net/stellaris_enet: Get rid of rx_fifo pointer
  hw/net/stellaris_enet: Fix debug format strings
  hw/net/stellaris_enet: Correctly implement the TR and THR registers
  hw/net/stellaris_enet: Rewrite tx fifo handling code
  hw/net/stellaris_enet: Correct handling of packet padding
  hw/net/stellaris_enet: Restructure tx_fifo code to avoid buffer overrun
  savevm: Remove all the unneeded version_minimum_id_old (arm)
  disas/libvixl: Update to libvixl 1.4

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/kvm/uq/master' into staging

* remotes/kvm/uq/master:
  pc: port 92 reset requires a low->high transition
  cpu: make CPU_INTERRUPT_RESET available on all targets
  apic: do not accept SIPI on the bootstrap processor
  target-i386: preserve FPU and MSR state on INIT
  target-i386: fix set of registers zeroed on reset
  kvm: forward INIT signals coming from the chipset
  kvm: reset state from the CPU's reset method
  target-i386: the x86 CPL is stored in CS.selector - auto update hflags accordingly.
  target-i386: set eflags prior to calling cpu_x86_load_seg_cache() in seg_helper.c
  target-i386: set eflags and cr0 prior to calling cpu_x86_load_seg_cache() in smm_helper.c
  target-i386: set eflags prior to calling svm_load_seg_cache() in svm_helper.c
  pci-assign: limit # of msix vectors
  pci-assign: Fix a bug when map MSI-X table memory failed
  kvm: make one_reg helpers available for everyone
  target-i386: Remove unused data from local array

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/rth/tags/pull-tgt-i386-20140512' into staging

Fix BT zero flag for new Intel manuals

# gpg: Signature made Mon 12 May 2014 22:26:01 BST using RSA key ID 4DD0279B
# gpg: Can't check signature: public key not found

* remotes/rth/tags/pull-tgt-i386-20140512:
target-i386: Preserve the Z bit for bt/bts/btr/btc

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Revert "iotests: Use configured python"

This reverts commit f915db07ef9c368ea6db6430256de064fdd1525f.

This commit is broken because it does not account for the
build tree and the source tree being different, and can cause
build failures for out-of-tree builds. Revert it until we can
identify a better solution to the problem.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1400153676-30180-1-git-send-email-peter.maydell@linaro.org
Acked-by: Kevin Wolf <kwolf@redhat.com>

tcg: Fix tcg_reg_alloc_mov vs no-op truncation

Commit af3cbfbe8018ccc16fb3a0048e928f66f0d05e87 hoisted some "common"
loads of the temporary type, forgetting that the types could differ
during truncating moves. This affects the correctness of the memory
offset on big-endian hosts.

Tested-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>

usb: fix up post load checks

Correct post load checks:
1. dev->setup_len == sizeof(dev->data_buf)
    seems fine, no need to fail migration
2. When state is DATA, passing index > len
   will cause memcpy with negative length,
   resulting in heap overflow

First of the issues was reported by dgilbert.

Reported-by: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>

migration: show average throughput when migration finishes

currently the value of the throughput field contains whatever
was the last calculated throughput shortly before the migration
finished.

This patch updates the post migration contents of the field to
the average throughput.

Signed-off-by: Peter Lieven <pl@kamp.de>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>

savevm: Remove all the unneeded version_minimum_id_old (rest)

After previous Peter patch, they are redundant.  This way we don't
assign them except when needed.  Once there, there were lots of case
where the ".fields" indentation was wrong:

     .fields = (VMStateField []) {
and
     .fields =      (VMStateField []) {

Change all the combinations to:

     .fields = (VMStateField[]){

The biggest problem (appart from aesthetics) was that checkpatch complained
when we copy&pasted the code from one place to another.

Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

savevm: Remove all the unneeded version_minimum_id_old (usb)

After previous Peter patch, they are redundant.  This way we don't
assign them except when needed.  Once there, there were lots of case
where the ".fields" indentation was wrong:

     .fields = (VMStateField []) {
and
     .fields =      (VMStateField []) {

Change all the combinations to:

     .fields = (VMStateField[]){

The biggest problem (appart from aesthetics) was that checkpatch complained
when we copy&pasted the code from one place to another.

Signed-off-by: Juan Quintela <quintela@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>

Split ram_save_block

ram_save_block is getting a bit too complicated, and does two separate
things:
1) Finds a page to send
2) Sends the page (dealing with compression etc)

Split into 'ram_save_page' to send the page and deal with compression (2)
Rename remaining function to 'ram_find_and_save_block'

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>

arch_init: Simplify code for load_xbzrle()

For xbzrle_decode_buffer(), when decoding contents will exceed writing
buffer, it will return -1, so need not check the return value whether
large than writing buffer.

And when failure occurs within load_xbzrle(), it always return -1
without any resources which need release.

So can remove the related checking statements, and also can remove 'rc'
and 'ret' local variables,

Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>

Merge remote-tracking branch 'remotes/rth/fix-i386' into staging

* remotes/rth/fix-i386:
exec-all.h: Use stl_le_p instead of stl_p patching x86

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

exec-all.h: Use stl_le_p instead of stl_p patching x86

We got the wrong version of stl_p, the one that bswaps as appropriate
for the target. Since x86 is always little-endian, the "_le_" routine
will resolve to what we want.

Signed-off-by: Richard Henderson <rth@twiddle.net>

hw/arm/omap_gpmc: Avoid buffer overrun filling prefetch FIFO

In fill_prefetch_fifo(), if the device we are reading from is 16 bit,
then we must not try to transfer an odd number of bytes into the FIFO.
This could otherwise have resulted in our overrunning the prefetch.fifo
array by one byte.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>

hw/arm/stellaris: Correct handling of GPTM TAR register

We don't implement very much of the GPTM TAR register, and what we
do is wrong. The "are we in RT mode?" field is in s->config, not
s->control. Correct this, use LOG_UNIMP rather than hw_error()
for the cases we don't support, and avoid an unlabelled fallthrough
that makes Coverity complain.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>

hw/timer/exynos4210_mct: Avoid overflow in exynos4210_ltick_recalc_count

Add casts to avoid potentially overflowing the multiplications
of 32 bit quantities in exynos4210_ltick_recalc_count().

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>

hw/dma/omap_dma: Add (uint32_t) casts when shifting uint16_t by 16

Add missing (uint32_t) casts in cases where we're trying to
put a uint16_t value into the top half of a 32-bit field.
These were already present in some but not all places.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>

hw/arm/omap1: Avoid unintended sign extension writing omap_rtc YEARS_REG

When writing to the YEARS_REG register, if the year value is
99 then the multiplication by 31536000 will overflow into
the sign bit of a 32 bit value and then be erroneously
sign-extended if time_t is 64 bits. Add a cast to avoid this.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>

hw/net/cadence_gem: Remove dead code

Commit 191946c moved the code to handle padding to minimum
length from after the handling of the CRC to before it.
This means that the CRC code doesn't need to cope with the
possibility that the size is less than 60; remove this
dead code.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>

hw/intc/allwinner-a10-pic: Add missing 'break'

Add missing 'break' after handling of AW_A10_PIC_BASE_ADDR write.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>

target-arm/helper.c: Don't flush the TLB if SCTLR is rewritten unchanged

Linux makes a habit of writing the same value to the SCTLR that it
already holds. In a sample boot of the kernel to a shell prompt
it wrote the SCTLR with the value it already held 325465 times,
and wrote different values just 3 times.

Skip flushing the TLB if the SCTLR value isn't actually being changed;
this speeds up my sample boot by 3-5%.

Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1399560029-19007-1-git-send-email-peter.maydell@linaro.org

hw/net/stellaris_enet: Convert to vmstate

Convert this device to use vmstate for its save/load, including
providing a post_load function that sanitizes inbound data to
avoid possible buffer overflows if it is malicious.

The sanitizing fixes CVE-2013-4532 (though nobody should be
relying on the security properties of most of the unmaintained
ARM board models anyway, and migration doesn't actually
work on this board due to issues in other device models).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>

hw/net/stellaris_enet: Get rid of rx_fifo pointer

The rx_fifo pointer is awkward to migrate, and is actually
redundant since it is always possible to determine it from
the current rx[].len/.data and rx_fifo_len. Remove both
rx_fifo and rx_fifo_len from the state, replacing them with
a simple rx_fifo_offset which points at the current location
in the RX fifo.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>

hw/net/stellaris_enet: Fix debug format strings

Fix various debug format strings which were incorrect for the
data type, so that building with debug enabled is possible.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>

hw/net/stellaris_enet: Correctly implement the TR and THR registers

Packet transmission for the stellaris ethernet controller can be triggered
in one of two ways:
* by setting a threshold value in the THR register; when the FIFO
   fill level reaches the threshold, the h/w starts transmitting.
   Software has to finish filling the FIFO before the transmit
   process completes to avoid a (silent) underrun
* by software writing to the TR register to explicitly trigger
   transmission

Since QEMU transmits packets instantaneously (from the guest's
point of view), implement "transmit based on threshold" with
our existing mechanism of "transmit as soon as we have the whole
packet", with the additional wrinkle that we don't transmit if
the packet size is below the specified threshold, and implement
"transmit by specific request" properly.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>

hw/net/stellaris_enet: Rewrite tx fifo handling code

The datasheet is clear that the frame length written to the DATA
register is actually stored in the TX FIFO; this means we don't
need to keep both tx_frame_len and tx_fifo_len state separately.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>

hw/net/stellaris_enet: Correct handling of packet padding

The PADEN bit in the transmit control register enables padding of short
data packets out to the required minimum length. However a typo here
meant we were adjusting tx_fifo_len rather than tx_frame_len, so the
padding didn't actually happen. Fix this bug.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Cc: qemu-stable@nongnu.org

hw/net/stellaris_enet: Restructure tx_fifo code to avoid buffer overrun

The current tx_fifo code has a corner case where the guest can overrun
the fifo buffer: if automatic CRCs are disabled we allow the guest to write
the CRC word even if there isn't actually space for it in the FIFO.
The datasheet is unclear about exactly how the hardware deals with this
situation; the most plausible answer seems to be that the CRC word is
just lost.

Implement this fix by separating the "can we stuff another word in the
FIFO" logic from the "should we transmit the packet now" check. This
also moves us closer to the real hardware, which has a number of ways
it can be configured to trigger sending the packet, some of which we
don't implement.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Cc: qemu-stable@nongnu.org

savevm: Remove all the unneeded version_minimum_id_old (arm)

After commit 767adce2d, they are redundant.  This way we don't assign them
except when needed.  Once there, there were lots of cases where the ".fields"
indentation was wrong:

     .fields = (VMStateField []) {
and
     .fields =      (VMStateField []) {

Change all the combinations to:

     .fields = (VMStateField[]){

The biggest problem (apart from aesthetics) was that checkpatch complained
when we copy&pasted the code from one place to another.

Signed-off-by: Juan Quintela <quintela@redhat.com>
[PMM: fixed minor conflict, corrected commit message typos]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

disas/libvixl: Update to libvixl 1.4

Update our copy of libvixl to upstream's 1.4 release.
Note that we no longer need any local fixes for compilation
on 32 bit hosts -- they have all been integrated upstream.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1399040419-9227-1-git-send-email-peter.maydell@linaro.org
Acked-by: Richard Henderson <rth@twiddle.net>

Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20140512' into staging

tcg updates for 20140512

# gpg: Signature made Tue 13 May 2014 00:19:56 BST using RSA key ID 4DD0279B
# gpg: Can't check signature: public key not found

* remotes/rth/tags/pull-tcg-20140512: (26 commits)
  tcg: Remove unreachable code in tcg_out_op and op_defs
  tcg: Use tcg_target_available_regs in tcg_reg_alloc_mov
  tcg: Make call address a constant parameter
  tci: Create tcg_out_call
  tcg-mips: Split out tcg_out_call
  tcg-sparc: Create tcg_out_call
  tcg-ppc64: Rename tcg_out_calli to tcg_out_call
  tcg-ppc: Split out tcg_out_call
  tcg-s390: Rename tgen_calli to tcg_out_call
  tcg-i386: Rename tcg_out_calli to tcg_out_call
  tcg: Require TCG_TARGET_INSN_UNIT_SIZE
  tci: Define TCG_TARGET_INSN_UNIT_SIZE
  tcg-mips: Define TCG_TARGET_INSN_UNIT_SIZE
  tcg-ia64: Define TCG_TARGET_INSN_UNIT_SIZE
  tcg-s390: Define TCG_TARGET_INSN_UNIT_SIZE
  tcg-aarch64: Define TCG_TARGET_INSN_UNIT_SIZE
  tcg-arm: Define TCG_TARGET_INSN_UNIT_SIZE
  tcg-sparc: Define TCG_TARGET_INSN_UNIT_SIZE
  tcg-ppc: Define TCG_TARGET_INSN_UNIT_SIZE
  tcg-ppc64: Define TCG_TARGET_INSN_UNIT_SIZE
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

bsd-user: Remove reference to CONFIG_UNAME_RELEASE

Commit e586822a5 broke the bsd-user build when it removed the
CONFIG_UNAME_RELEASE define but forgot to remove the use of it
in bsd-user. Fix this in the simplest possible way (bsd-user
doesn't make any use at all of the qemu_uname_release variable
except to allow it to be pointlessly set by the user, so this
is all we need to do.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1399648001-20980-1-git-send-email-peter.maydell@linaro.org

pc: port 92 reset requires a low->high transition

The PIIX datasheet says that "before another INIT pulse can be
generated via [port 92h], [bit 0] must be written back to a
zero.

This bug is masked right now because a full reset will clear the
value of port 92h. But once we implement soft reset correctly,
the next attempt to enable the A20 line by setting bit 1 (and
leaving the others untouched) will cause another reset.

Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

cpu: make CPU_INTERRUPT_RESET available on all targets

On the x86, some devices need access to the CPU reset pin (INIT#).
Provide a generic service to do this, using one of the internal
cpu_interrupt targets. Generalize the PPC-specific code for
CPU_INTERRUPT_RESET to other targets.

Since PPC does not support migration across QEMU versions (its
machine types are not versioned yet), I picked the value that
is used on x86, CPU_INTERRUPT_TGT_INT_1. Consequently, TGT_INT_2
and TGT_INT_3 are shifted down by one while keeping their value.

Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

apic: do not accept SIPI on the bootstrap processor

SIPI interrupts are ignored on the bootstrap. Never accept one.

Cc: Andreas Faerber <afaerber@suse.de>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target-i386: preserve FPU and MSR state on INIT

Most MSRs, plus the FPU, MMX, MXCSR, XMM and YMM registers should not
be zeroed on INIT (Table 9-1 in the Intel SDM). Copy them out of
CPUX86State and back in, instead of special casing env->pat.

The relevant fields are already consecutive except PAT and SMBASE.
However:

- KVM and Hyper-V MSRs should be reset because they include memory
locations written by the hypervisor. These MSRs are moved together
at the end of the preserved area.

- SVM state can be moved out of the way since it is written by VMRUN.

Cc: Andreas Faerber <afaerber@suse.de>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target-i386: fix set of registers zeroed on reset

BND0-3, BNDCFGU, BNDCFGS, BNDSTATUS were not zeroed on reset, but they
should be (Intel Instruction Set Extensions Programming Reference
319433-015, pages 9-4 and 9-6). Same for YMM.

XCR0 should be reset to 1.

TSC and TSC_RESET were zeroed already by the memset, remove the explicit
assignments.

Cc: Andreas Faerber <afaerber@suse.de>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

kvm: forward INIT signals coming from the chipset

Reviewed-by: Gleb Natapov <gnatapov@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

kvm: reset state from the CPU's reset method

Now that we have a CPU object with a reset method, it is better to
keep the KVM reset close to the CPU reset. Using qemu_register_reset
as we do now keeps them far apart.

With this patch, PPC no longer calls the kvm_arch_ function, so
it can get removed there. Other arches call it from their CPU
reset handler, and the function gets an ARMCPU/X86CPU/S390CPU.

Note that ARM- and s390-specific functions are called kvm_arm_*
and kvm_s390_*, while x86-specific functions are called kvm_arch_*.
That follows the convention used by the different architectures.
Changing that is the topic of a separate patch.

Reviewed-by: Gleb Natapov <gnatapov@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target-i386: the x86 CPL is stored in CS.selector - auto update hflags accordingly.

Instead of manually calling cpu_x86_set_cpl() when the CPL changes,
check for CPL changes on calls to cpu_x86_load_seg_cache(R_CS). Every
location that called cpu_x86_set_cpl() also called
cpu_x86_load_seg_cache(R_CS), so cpu_x86_set_cpl() is no longer
required.

This fixes the SMM handler code as it was not setting/restoring the
CPL level manually.

Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target-i386: set eflags prior to calling cpu_x86_load_seg_cache() in seg_helper.c

The cpu_x86_load_seg_cache() function inspects eflags, so make sure
all changes to eflags are done prior to loading the segment caches.

Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target-i386: set eflags and cr0 prior to calling cpu_x86_load_seg_cache() in smm_helper.c

The cpu_x86_load_seg_cache() function inspects cr0 and eflags, so make
sure all changes to eflags and cr0 are done prior to loading the
segment caches.

Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target-i386: set eflags prior to calling svm_load_seg_cache() in svm_helper.c

The svm_load_seg_cache() function calls cpu_x86_load_seg_cache() which
inspects env->eflags. So, make sure all changes to eflags are done
prior to loading the segment cache.

Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

pci-assign: limit # of msix vectors

KVM only supports MSIX table size up to 256 vectors,
but some assigned devices support more vectors,
at the moment attempts to assign them fail with EINVAL.

Tweak the MSIX capability exposed to guest to limit table size
to a supported value.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Gonglei <arei.gonglei@huawei.com>
Cc: qemu-stable@nongnu.org
Acked-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

pci-assign: Fix a bug when map MSI-X table memory failed

When mmapping memory for the MSI-X table failsthe dev->msix_table is
not set to NULL and assigned_dev_unregister_msix_mmio() will cause
a segfault when trying to munmap it.

Signed-off-by: Gonglei Arei <arei.gonglei@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>

kvm: make one_reg helpers available for everyone

s390x introduced helper functions for getting/setting one_regs with
commit 860643bc. However, nothing about these is s390-specific.

Alexey Kardashevskiy had already posted a general version, so let's
merge the two patches and massage the code a bit.

CC: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target-i386: Remove unused data from local array

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Merge remote-tracking branch 'remotes/bonzini/configure' into staging

* remotes/bonzini/configure:
  libcacard: remove libcacard-specific CFLAGS and LIBS from global vars
  build: simplify and fix fix-obj-vars
  build: convert some obj-specific CFLAGS to use new foo.o-cflags syntax
  build: add support for per-object -cflags and -libs to all rules
  Makefile: use $(INSTALL_LIB) for modules not $(INSTALL_PROG)
  Makefile.target: use $(INSTALL_PROG) for installing, not $(INSTALL)
  Makefile: strip tools and modules too
  build: simplify Makefile.target around unnest-vars invocations
  build: simplify Makefile.target a bit, use just one rule for softmmu
  build: Fix per-object variables for Makefile.target

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging

Block pull request

# gpg: Signature made Fri 09 May 2014 19:57:53 BST using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"

* remotes/stefanha/tags/block-pull-request:
  glib: fix g_poll early timeout on windows
  block: qemu-iotests - test for live migration
  block: qemu-iotests - update 085 to use common.qemu
  block: qemu-iotests - add common.qemu, for bash-controlled qemu tests
  block/raw-posix: Try both FIEMAP and SEEK_HOLE
  gluster: Correctly propagate errors when volume isn't accessible
  vl.c: remove init_clocks call from main
  block: Fix open flags with BDRV_O_SNAPSHOT
  qemu-iotests: Test converting to streamOptimized from small cluster size
  vmdk: Implement .bdrv_get_info()
  vmdk: Implement .bdrv_write_compressed
  qemu-img: Convert by cluster size if target is compressed
  block/iscsi: bump year in copyright notice
  block/nfs: Check for NULL server part
  qemu-img: sort block formats in help message
  iotests: Use configured python
  qcow2: Fix alloc_clusters_noref() overflow detection

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

microblaze: boot: Don't hack the elf entry point

There was some modulo logic to ensure that Microblaze always booted into
physical RAM regardless of the elf entry. Removed it, as QEMU should fail
gracefully when given a bad elf, rather than attempt to run it.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>

xilinx_timer: Fix writes into TCSR register

The TCSR register has only 11 valid bits. This is now used by the
linux kernel to auto-detect endianness, and causes Linux 3.15-rc1
and later to hang when run under qemu-microblaze. Mask valid bits
before writing the register to solve the problem.

Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>

xilinx_intc: Fix writes into MER register

The MER register only has two valid bits. This is now used by
the linux kernel to auto-detect endianness, and causes Linux 3.15-rc1
and later to hang when run under qemu-microblaze. Mask valid bits before
writing the register to solve the problem.

Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
[Edgar: Untabified]
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>

microblaze: Respect the reset vector

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>

microblaze: Support loading of u-boot initrd images

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>

target-i386: Preserve the Z bit for bt/bts/btr/btc

Older Intel manuals (pre-2010) and current AMD manuals describe Z as
undefined, but newer Intel manuals describe Z as unchanged.

Cc: qemu-stable@nongnu.org
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg: Remove unreachable code in tcg_out_op and op_defs

The INDEX_op_call case has just been obsoleted; the mov and movi
cases have not been reachable for years. Attempt to document this
both in each tcg_out_op switch, and via TCG_OPF_NOT_PRESENT.

Because of the TCG_OPF_NOT_PRESENT change, this must be done for
all targets in a single commit.

Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg: Use tcg_target_available_regs in tcg_reg_alloc_mov

The move opcodes are special in that their constraints must cover
all available registers. So instead of checking the constraints,
just use the available registers.

Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg: Make call address a constant parameter

Avoid allocating a tcg temporary to hold the constant address,
and instead place it directly into the op_call arguments.

At the same time, convert to the newly introduced tcg_out_call
backend function, rather than invoking tcg_out_op for the call.

Signed-off-by: Richard Henderson <rth@twiddle.net>

tci: Create tcg_out_call

Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg-mips: Split out tcg_out_call

Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg-sparc: Create tcg_out_call

Rename the existing tcg_out_calli to tcg_out_call_nodelay.

Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg-ppc64: Rename tcg_out_calli to tcg_out_call

Merge the existing tcg_out_call into tcg_out_op.

Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg-ppc: Split out tcg_out_call

Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg-s390: Rename tgen_calli to tcg_out_call

Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg-i386: Rename tcg_out_calli to tcg_out_call

Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg: Require TCG_TARGET_INSN_UNIT_SIZE

Now that all backends do define TCG_TARGET_INSN_UNIT_SIZE,
remove the fallback definition.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>

tci: Define TCG_TARGET_INSN_UNIT_SIZE

And use tcg pointer differencing functions as appropriate.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg-mips: Define TCG_TARGET_INSN_UNIT_SIZE

And use tcg pointer differencing functions as appropriate.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg-ia64: Define TCG_TARGET_INSN_UNIT_SIZE

Using a 16-byte aligned structure achieves best results, both for code
cleanliness and compiled code size. However, this means that we can't
use the trick of encoding the slot number into the low 2 bits.

Thankfully, we only ever use slot2, so make that explicit in the names
of the relocation functions, and drop the code for other slots.

Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg-s390: Define TCG_TARGET_INSN_UNIT_SIZE

And use tcg pointer differencing functions as appropriate.

Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg-aarch64: Define TCG_TARGET_INSN_UNIT_SIZE

And use tcg pointer differencing functions as appropriate.

Acked-by: Claudio Fontana <claudio.fontana@huawei.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg-arm: Define TCG_TARGET_INSN_UNIT_SIZE

And use tcg pointer differencing functions as appropriate.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg-sparc: Define TCG_TARGET_INSN_UNIT_SIZE

And use tcg pointer differencing functions as appropriate.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg-ppc: Define TCG_TARGET_INSN_UNIT_SIZE

And use tcg pointer differencing functions as appropriate.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg-ppc64: Define TCG_TARGET_INSN_UNIT_SIZE

And use tcg pointer differencing functions as appropriate.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg-i386: Define TCG_TARGET_INSN_UNIT_SIZE

And use tcg pointer differencing functions as appropriate.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg: Define tcg_insn_unit for code pointers

To be defined by the tcg backend based on the elemental unit of the ISA.
During the transition, allow TCG_TARGET_INSN_UNIT_SIZE to be undefined,
which allows us to default tcg_insn_unit to the current uint8_t.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg: Introduce byte pointer arithmetic helpers

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg: Avoid undefined behaviour patching code at unaligned addresses

To avoid C undefined behaviour when patching generated code,
provide wrappers tcg_patch8/16/32/64 which use the usual memcpy
trick, and use them in the i386 backend.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg: Avoid stores to unaligned addresses

Avoid stores to unaligned addresses in TCG code generation, by using the
usual memcpy() approach. (Using bswap.h would drag a lot of QEMU baggage
into TCG, so it's simpler just to do direct memcpy() here.)

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>

exec-all.h: Use stl_p to avoid undefined behaviour patching x86 jumps

The code which patches x86 jump instructions assumes it can do an
unaligned write of a uint32_t. This is actually safe on x86, but it's
still undefined behaviour. We have infrastructure for doing efficient
unaligned accesses which doesn't engage in undefined behaviour, so
use it.

This is technically fractionally less efficient, at least with gcc 4.6;
instead of one instruction:
7b2:   89 3e                   mov    %edi,(%rsi)
we get an extra spurious store to the stack slot:
7b2:   89 7c 24 64             mov    %edi,0x64(%rsp)
7b6:   89 3e                   mov    %edi,(%rsi)

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>

virtio: allow mapping up to max queue size

It's a loop from i < num_sg and the array is VIRTQUEUE_MAX_SIZE - so
it's OK if the value read is VIRTQUEUE_MAX_SIZE.

Not a big problem in practice as people don't use
such big queues, but it's inelegant.

Reported-by: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

libcacard: remove libcacard-specific CFLAGS and LIBS from global vars

Currently all what's needed for single file libcacard/vcard_emul_nss.c
(libnss cflags) and hw/usb/ccid-card-emulated.c (libcacard includes)
together with the libs is added to global QEMU_CFLAGS and libs_softmmu.

Use the cflags only where really used (for two mentioned files), and
libs only where needed.

While at it, rename variables to better reflect reality: libcacard_*
is really nss_*.

This needs a bit more tweaking: $(NSS_LIBS) should not contain $glib_libs
(ditto for _cflags). But in order to fix it, some more preparations
should be made first. So add a FIXME comment.

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

build: simplify and fix fix-obj-vars

fix-obj-vars has the undesired side effect of breaking -cflags
-objs and -libs variables in the toplevel Makefile.objs. The
variables in the toplevel Makefile.objs do not need any fix,
so fix-obj-vars need not do anything.

Since we are touching it, remove the now unnecessary $(if)
in the callers.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

glib: fix g_poll early timeout on windows

g_poll has a problem on Windows when using
timeouts < 10ms, in glib/gpoll.c:

/* If not, and we have a significant timeout, poll again with
* timeout then. Note that this will return indication for only
* one event, or only for messages. We ignore timeouts less than
* ten milliseconds as they are mostly pointless on Windows, the
* MsgWaitForMultipleObjectsEx() call will timeout right away
* anyway.
*/
if (retval == 0 && (timeout == INFINITE || timeout >= 10))
retval = poll_rest (poll_msgs, handles, nhandles, fds, nfds, timeout);

so whenever g_poll is called with timeout < 10ms it does
a quick poll instead of wait, this causes significant performance
degradation of QEMU, thus we should use WaitForMultipleObjectsEx
directly

Signed-off-by: Stanislav Vorobiov <s.vorobiov@samsung.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

block: qemu-iotests - test for live migration

This is an initial, simple live migration test from one
running VM to another, using monitor commands.

This is also an example of using the new common.qemu functions
for controlling multiple running qemu instances, for tests that
need a live qemu vm.

Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

block: qemu-iotests - update 085 to use common.qemu

The new functionality of common.qemu implements the QEMU control
and communication functionality that was originally in test 085.

This removes that now-duplicate functionality, and uses the
common.qemu functions.

The QEMU commandline changes slightly due to this; in addition to
monitor and qmp i/o options, the new QEMU commandline from inside
common.qemu now introduces -machine accel=qtest.

Reviewed-by: Benoit Canet <benoit@irqsave.net>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

block: qemu-iotests - add common.qemu, for bash-controlled qemu tests

This creates some common functions for bash language qemu-iotests
to control, and communicate with, a running QEMU process.

4 functions are introduced:

    1. _launch_qemu()
        This launches the QEMU process(es), and sets up the file
        descriptors and fifos for communication.  You can choose to
        launch each QEMU process listening for either QMP or HMP
        monitor.  You can call this function multiple times, and
        save the handle returned from each.  The returned handle is
        in $QEMU_HANDLE.  You must copy this value.

Commands 2 and 3 use the handle received from _launch_qemu(), to talk
to the appropriate process.

    2. _send_qemu_cmd()
        Sends a command string, specified by $2, to QEMU.  If $3 is
        non-NULL, _send_qemu_cmd() will wait to receive $3 as a
        required result string from QEMU.  Failure to receive $3 will
        cause the test to fail.  The command can optionally be retried
        $qemu_cmd_repeat number of times.  Set $qemu_error_no_exit
        to not force the test the fail on exit; in this case,
        $QEMU_STATUS[$1] will be set to -1 on failure.

    3. _timed_wait_for()
        Waits for a response, for up to a default of 10 seconds.  If
        $2 is not seen in that time (anywhere in the response), then
        the test fails.  Primarily used by _send_qemu_cmd, but could
        be useful standalone, as well.  To prevent automatic exit
        (and therefore test failure), set $qemu_error_no_exit to a
        non-NULL value.  If $silent is a non-NULL value, then output
        to stdout will be suppressed.

    4. _cleanup_qemu()
        Kills the running QEMU processes, and removes the fifos.

Signed-off-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

block/raw-posix: Try both FIEMAP and SEEK_HOLE

The current version of raw-posix always uses ioctl(FS_IOC_FIEMAP) if
FIEMAP is available; lseek with SEEK_HOLE/SEEK_DATA are not even
compiled in in this case. However, there may be implementations which
support the latter but not the former (e.g., NFSv4.2) as well as vice
versa.

To cover both cases, try FIEMAP first (as this will return -ENOTSUP if
not supported instead of returning a failsafe value (everything
allocated as a single extent)) and if that does not work, fall back to
SEEK_HOLE/SEEK_DATA.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

gluster: Correctly propagate errors when volume isn't accessible

The docs for glfs_init suggest that the function sets errno on every
failure. In fact it doesn't. As other functions such as
qemu_gluster_open() in the gluster block code report their errors based
on this fact we need to make sure that errno is set on each failure.

This fixes a crash of qemu-img/qemu when a gluster brick isn't
accessible from given host while the server serving the volume
description is.

Thread 1 (Thread 0x7ffff7fba740 (LWP 203880)):
#0  0x00007ffff77673f8 in glfs_lseek () from /usr/lib64/libgfapi.so.0
#1  0x0000555555574a68 in qemu_gluster_getlength ()
#2  0x0000555555565742 in refresh_total_sectors ()
#3  0x000055555556914f in bdrv_open_common ()
#4  0x000055555556e8e8 in bdrv_open ()
#5  0x000055555556f02f in bdrv_open_image ()
#6  0x000055555556e5f6 in bdrv_open ()
#7  0x00005555555c5775 in bdrv_new_open ()
#8  0x00005555555c5b91 in img_info ()
#9  0x00007ffff62c9c05 in __libc_start_main () from /lib64/libc.so.6
#10 0x00005555555648ad in _start ()

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

vl.c: remove init_clocks call from main

Clocks are initialized in qemu_init_main_loop. They are not needed before it.
Initializing them twice is not only unnecessary but is harmful: it results in
memory leak and potentially can lead to a situation where different parts of
QEMU use different sets of timers.

To avoid it remove init_clocks call from main and add an assertion to
qemu_clock_init that corresponding clock has not been initialized yet.

Signed-off-by: Kirill Batuzov <batuzovk@ispras.ru>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

block: Fix open flags with BDRV_O_SNAPSHOT

The immediately visible effect of this patch is that it fixes committing
a temporary snapshot to its backing file. Previously, it would fail with
a "permission denied" error because bdrv_inherited_flags() forced the
backing file to be read-only, ignoring the r/w reopen of bdrv_commit().

The bigger problem this revealed is that the original open flags must
actually only be applied to the temporary snapshot, and the original
image file must be treated as a backing file of the temporary snapshot
and get the right flags for that.

Reported-by: Jan Kiszka <jan.kiszka@web.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

Merge remote-tracking branch 'remotes/qmp-unstable/queue/qmp' into staging

* remotes/qmp-unstable/queue/qmp: (38 commits)
  Revert "qapi: Clean up superfluous null check in qapi_dealloc_type_str()"
  qapi: Document optional arguments' backwards compatibility
  qmp: use valid JSON in transaction example
  qmp: Don't use error_is_set() to suppress additional errors
  dump: Drop pointless error_is_set(), DumpState member errp
  qemu-option: Clean up fragile use of error_is_set()
  qga: Drop superfluous error_is_set()
  qga: Clean up fragile use of error_is_set()
  qapi: Clean up fragile use of error_is_set()
  tests/qapi-schema: Drop superfluous error_is_set()
  qapi: Drop redundant, unclean error_is_set()
  hmp: Guard against misuse of hmp_handle_error()
  qga: Use return values instead of error_is_set(errp)
  error: Consistently name Error ** objects errp, and not err
  qmp: Consistently name Error ** objects errp, and not err
  qga: Consistently name Error ** objects errp, and not err
  qmp hmp: Consistently name Error * objects err, and not errp
  pci-assign: assigned_initfn(): set monitor error in common error handler
  pci-assign: propagate errors from assign_intx()
  pci-assign: propagate errors from assign_device()
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Revert "qapi: Clean up superfluous null check in qapi_dealloc_type_str()"

This reverts commit 25a7017555f1b4aeb543b5d323ff4afb8f9c5437.

Turns out the argument *can* be null: QEMU now segfaults if it
receives an invalid parameter via a qmp command instead of throwing an
error.

For example:
{ "execute": "blockdev-add",
"arguments": { "options" : { "driver": "invalid-driver" } } }

CC: qemu-stable@nongnu.org
Signed-off-by: Peter Lieven <pl@kamp.de>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

qapi: Document optional arguments' backwards compatibility

Signed-off-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

qmp: use valid JSON in transaction example

Our example should use the correct quotes to match what someone
could actually pass over the wire.

* qmp-commands.hx: Use correct JSON quotes.

Signed-off-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

qmp: Don't use error_is_set() to suppress additional errors

Using error_is_set(errp) that way can sweep programming errors under
the carpet when we get called incorrectly with an error set.

encrypted_bdrv_it() does it, because there's no way to make
bdrv_iterate() break its loop. Actually safe, because qmp_cont()
clears the error before the loop. Clean it up anyway: replace
bdrv_iterate() by bdrv_next(), break the loop on error.

Replace both occurrences, for consistency.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>