sdk/emulator/qemu.git
10 years agoblock/iscsi: fix memory corruption on iscsi resize
Peter Lieven [Fri, 22 Aug 2014 08:08:49 +0000 (10:08 +0200)]
block/iscsi: fix memory corruption on iscsi resize

bs->total_sectors is not yet updated at this point. resulting
in memory corruption if the volume has grown and data is written
to the newly availble areas.

CC: qemu-stable@nongnu.org
Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
10 years agoblock/vvfat.c: remove debugging code to reinit stderr if NULL
Michael Tokarev [Wed, 20 Aug 2014 15:02:38 +0000 (19:02 +0400)]
block/vvfat.c: remove debugging code to reinit stderr if NULL

Just log to stderr unconditionally, like other similar code does.

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
10 years agoiotests: Add test for image filename construction
Max Reitz [Fri, 18 Jul 2014 18:25:01 +0000 (20:25 +0200)]
iotests: Add test for image filename construction

Testing a real in-use protocol such as NBD is hard; testing blkdebug and
blkverify in its stead is easier and tests basically the same
functionality.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
10 years agoquorum: Implement bdrv_refresh_filename()
Max Reitz [Fri, 18 Jul 2014 18:25:00 +0000 (20:25 +0200)]
quorum: Implement bdrv_refresh_filename()

Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
10 years agonbd: Implement bdrv_refresh_filename()
Max Reitz [Fri, 18 Jul 2014 18:24:59 +0000 (20:24 +0200)]
nbd: Implement bdrv_refresh_filename()

Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
10 years agoblkverify: Implement bdrv_refresh_filename()
Max Reitz [Fri, 18 Jul 2014 18:24:58 +0000 (20:24 +0200)]
blkverify: Implement bdrv_refresh_filename()

Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
10 years agoblkdebug: Implement bdrv_refresh_filename()
Max Reitz [Fri, 18 Jul 2014 18:24:57 +0000 (20:24 +0200)]
blkdebug: Implement bdrv_refresh_filename()

Because blkdebug cannot simply create a configuration file, simply
refuse to reconstruct a plain filename and only generate an options
QDict from the rules instead.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
10 years agoblock: Add bdrv_refresh_filename()
Max Reitz [Fri, 18 Jul 2014 18:24:56 +0000 (20:24 +0200)]
block: Add bdrv_refresh_filename()

Some block devices may not have a filename in their BDS; and for some,
there may not even be a normal filename at all. To work around this, add
a function which tries to construct a valid filename for the
BDS.filename field.

If a filename exists or a block driver is able to reconstruct a valid
filename (which is placed in BDS.exact_filename), this can directly be
used.

If no filename can be constructed, we can still construct an options
QDict which is then converted to a JSON object and prefixed with the
"json:" pseudo protocol prefix. The QDict is placed in
BDS.full_open_options.

For most block drivers, this process can be done automatically; those
that need special handling may define a .bdrv_refresh_filename() method
to fill BDS.exact_filename and BDS.full_open_options themselves.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
10 years agovirtio-blk: fix reference a pointer which might be freed
zhanghailiang [Mon, 18 Aug 2014 07:42:50 +0000 (15:42 +0800)]
virtio-blk: fix reference a pointer which might be freed

In function virtio_blk_handle_request, it may freed memory pointed by req,
So do not access member of req after calling this function.

Cc: qemu-stable@nongnu.org
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
10 years agovirtio-blk: allow block_resize with dataplane
Stefan Hajnoczi [Mon, 18 Aug 2014 13:52:29 +0000 (14:52 +0100)]
virtio-blk: allow block_resize with dataplane

Now that block_resize acquires the AioContext we can safely allow
resizing the disk.

Reported-by: Andrey Korolyov <andrey@xdel.ru>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
10 years agoblock: acquire AioContext in qmp_block_resize()
Stefan Hajnoczi [Mon, 18 Aug 2014 13:52:28 +0000 (14:52 +0100)]
block: acquire AioContext in qmp_block_resize()

Make block_resize safe for dataplane where another thread may be running
the BlockDriverState's AioContext.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
10 years agoqemu-iotests: Fix 028 reference output for qed
Kevin Wolf [Tue, 19 Aug 2014 17:28:58 +0000 (19:28 +0200)]
qemu-iotests: Fix 028 reference output for qed

We need to filter out driver-specific options in the "Formatting..."
string printed by qemu when creating the backup image.

Reported-by: Peter Wu <peter@lekensteyn.nl>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Tested-by: Peter Wu <peter@lekensteyn.nl>
10 years agotest-coroutine: test cost introduced by coroutine
Ming Lei [Wed, 13 Aug 2014 10:08:47 +0000 (18:08 +0800)]
test-coroutine: test cost introduced by coroutine

This test runs dummy function with coroutine by using
two enter and one yield since which is a common usage.

So we can see the cost introduced by corouting for running
one function, for example:

Run operation 20000000 iterations 4.841071 s, 4131K operations/s
242ns per coroutine

Signed-off-by: Ming Lei <ming.lei@canonical.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
10 years agoiotests: Add test for qcow2's cache options
Max Reitz [Mon, 18 Aug 2014 20:07:34 +0000 (22:07 +0200)]
iotests: Add test for qcow2's cache options

Add a test which tests various combinations of qcow2's cache options
(some of which are valid, some of which are not).

Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
10 years agoqcow2: Add runtime options for cache sizes
Max Reitz [Mon, 18 Aug 2014 20:07:33 +0000 (22:07 +0200)]
qcow2: Add runtime options for cache sizes

Add options for specifying the size of the metadata caches. This can
either be done directly for each cache (if only one is given, the other
will be derived according to a default ratio) or combined for both.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
10 years agoqcow2: Use g_try_new0() for cache array
Max Reitz [Mon, 18 Aug 2014 20:07:32 +0000 (22:07 +0200)]
qcow2: Use g_try_new0() for cache array

With a variable cache size, the number given to qcow2_cache_create() may
be huge. Therefore, use g_try_new0().

While at it, use g_new0() instead of g_malloc0() for allocating the
Qcow2Cache object.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
10 years agoqcow2: Constant cache size in bytes
Max Reitz [Mon, 18 Aug 2014 20:07:31 +0000 (22:07 +0200)]
qcow2: Constant cache size in bytes

Specifying the metadata cache sizes in clusters results in less clusters
(and much less bytes) covered for small cluster sizes and vice versa.
Using a constant byte size reduces this difference, and makes it
possible to manually specify the cache size in an easily comprehensible
unit.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
10 years agorunner: Kill a program under test by time-out
Maria Kustova [Mon, 18 Aug 2014 20:02:35 +0000 (00:02 +0400)]
runner: Kill a program under test by time-out

If a program under test get frozen, the test should finish and report about its
failure.
In such cases the runner waits for 10 minutes until the program ends its
execution. After this time-out the program will be terminated and the test will
be marked as failed.

For current limitation of test image size to 10 MB as a maximum an execution of
each command takes about several seconds in general, so 10 minutes is enough to
discriminate freeze, but not drastically increase an overall test duration.

Signed-off-by: Maria Kustova <maria.k@catit.be>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
10 years agorunner: Add an argument for test duration
Maria Kustova [Mon, 18 Aug 2014 20:02:34 +0000 (00:02 +0400)]
runner: Add an argument for test duration

After the specified duration the runner stops executing new tests, but it
doesn't interrupt running ones.

Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Maria Kustova <maria.k@catit.be>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
10 years agoblock: Drop some superfluous casts from void *
Markus Armbruster [Tue, 19 Aug 2014 08:31:11 +0000 (10:31 +0200)]
block: Drop some superfluous casts from void *

They clutter the code.  Unfortunately, I can't figure out how to make
Coccinelle drop all of them, so I have to settle for common special
cases:

    @@
    type T;
    T *pt;
    void *pv;
    @@
    - pt = (T *)pv;
    + pt = pv;
    @@
    type T;
    @@
    - (T *)
      (\(g_malloc\|g_malloc0\|g_realloc\|g_new\|g_new0\|g_renew\|
 g_try_malloc\|g_try_malloc0\|g_try_realloc\|
 g_try_new\|g_try_new0\|g_try_renew\)(...))

Topped off with minor manual style cleanups.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
10 years agoqemu-io-cmds: g_renew() can't fail, bury dead error handling
Markus Armbruster [Tue, 19 Aug 2014 08:31:10 +0000 (10:31 +0200)]
qemu-io-cmds: g_renew() can't fail, bury dead error handling

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
10 years agoblock: Use g_new() & friends to avoid multiplying sizes
Markus Armbruster [Tue, 19 Aug 2014 08:31:09 +0000 (10:31 +0200)]
block: Use g_new() & friends to avoid multiplying sizes

g_new(T, n) is safer than g_malloc(sizeof(*v) * n) for two reasons.
One, it catches multiplication overflowing size_t.  Two, it returns
T * rather than void *, which lets the compiler catch more type
errors.

Perhaps a conversion to g_malloc_n() would be neater in places, but
that's merely four years old, and we can't use such newfangled stuff.

This commit only touches allocations with size arguments of the form
sizeof(T), plus two that use 4 instead of sizeof(uint32_t).  We can
make the others safe by converting to g_malloc_n() when it becomes
available to us in a couple of years.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
10 years agoblock: Use g_new() & friends where that makes obvious sense
Markus Armbruster [Tue, 19 Aug 2014 08:31:08 +0000 (10:31 +0200)]
block: Use g_new() & friends where that makes obvious sense

g_new(T, n) is neater than g_malloc(sizeof(T) * n).  It's also safer,
for two reasons.  One, it catches multiplication overflowing size_t.
Two, it returns T * rather than void *, which lets the compiler catch
more type errors.

Patch created with Coccinelle, with two manual changes on top:

* Add const to bdrv_iterate_format() to keep the types straight

* Convert the allocation in bdrv_drop_intermediate(), which Coccinelle
  inexplicably misses

Coccinelle semantic patch:

    @@
    type T;
    @@
    -g_malloc(sizeof(T))
    +g_new(T, 1)
    @@
    type T;
    @@
    -g_try_malloc(sizeof(T))
    +g_try_new(T, 1)
    @@
    type T;
    @@
    -g_malloc0(sizeof(T))
    +g_new0(T, 1)
    @@
    type T;
    @@
    -g_try_malloc0(sizeof(T))
    +g_try_new0(T, 1)
    @@
    type T;
    expression n;
    @@
    -g_malloc(sizeof(T) * (n))
    +g_new(T, n)
    @@
    type T;
    expression n;
    @@
    -g_try_malloc(sizeof(T) * (n))
    +g_try_new(T, n)
    @@
    type T;
    expression n;
    @@
    -g_malloc0(sizeof(T) * (n))
    +g_new0(T, n)
    @@
    type T;
    expression n;
    @@
    -g_try_malloc0(sizeof(T) * (n))
    +g_try_new0(T, n)
    @@
    type T;
    expression p, n;
    @@
    -g_realloc(p, sizeof(T) * (n))
    +g_renew(T, p, n)
    @@
    type T;
    expression p, n;
    @@
    -g_try_realloc(p, sizeof(T) * (n))
    +g_try_renew(T, p, n)

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
10 years agoRevert "memory: Use canonical path component as the name"
Peter Maydell [Tue, 19 Aug 2014 19:05:46 +0000 (20:05 +0100)]
Revert "memory: Use canonical path component as the name"

This reverts commit b0225c2c0d89200a29dc3d0b59d2e87a79cbaeb8
(which breaks building with Xen enabled and also leaks memory).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agoMerge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
Peter Maydell [Tue, 19 Aug 2014 12:00:57 +0000 (13:00 +0100)]
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

SCSI changes that enable sending vendor-specific commands via virtio-scsi.

Memory changes for QOMification and automatic tracking of MR lifetime.

# gpg: Signature made Mon 18 Aug 2014 13:03:09 BST using RSA key ID 9B4D86F2
# gpg: Good signature from "Paolo Bonzini <pbonzini@redhat.com>"
# gpg:                 aka "Paolo Bonzini <bonzini@gnu.org>"

* remotes/bonzini/tags/for-upstream:
  mtree: remove write-only field
  memory: Use canonical path component as the name
  memory: Use memory_region_name for name access
  memory: constify memory_region_name
  exec: Abstract away ref to memory region names
  loader: Abstract away ref to memory region names
  tpm_tis: remove instance_finalize callback
  memory: remove memory_region_destroy
  memory: convert memory_region_destroy to object_unparent
  ioport: split deletion and destruction
  nic: do not destroy memory regions in cleanup functions
  vga: do not dynamically allocate chain4_alias
  sysbus: remove unused function sysbus_del_io
  qom: object: move unparenting to the child property's release callback
  qom: object: delete properties before calling instance_finalize
  virtio-scsi: implement parse_cdb
  scsi-block, scsi-generic: implement parse_cdb
  scsi-block: extract scsi_block_is_passthrough
  scsi-bus: introduce parse_cdb in SCSIDeviceClass and SCSIBusInfo
  scsi-bus: prepare scsi_req_new for introduction of parse_cdb

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agoMerge remote-tracking branch 'remotes/qmp-unstable/queue/qmp' into staging
Peter Maydell [Tue, 19 Aug 2014 09:30:36 +0000 (10:30 +0100)]
Merge remote-tracking branch 'remotes/qmp-unstable/queue/qmp' into staging

* remotes/qmp-unstable/queue/qmp:
  monitor: fix use after free
  dump.c: Fix memory leak issue in cleanup processing for dump_init()
  monitor: Remove hardcoded watchdog event names

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agomonitor: fix use after free
Michael S. Tsirkin [Sun, 17 Aug 2014 09:45:17 +0000 (11:45 +0200)]
monitor: fix use after free

The function monitor_fdset_dup_fd_find_remove() references member of
'mon_fdset' which - when remove flag is set - may be freed in function
monitor_fdset_cleanup().
remove is set by monitor_fdset_dup_fd_remove which in practice
does not need the returned value, so make it void,
and return -1 from monitor_fdset_dup_fd_find_remove.

Reported-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
10 years agodump.c: Fix memory leak issue in cleanup processing for dump_init()
Chen Gang [Sun, 3 Aug 2014 15:28:56 +0000 (23:28 +0800)]
dump.c: Fix memory leak issue in cleanup processing for dump_init()

In dump_init(), when failure occurs, need notice about 'fd' and memory
mapping. So call dump_cleanup() for it (need let all initializations at
front).

Also simplify dump_cleanup(): remove redundant 'ret' and redundant 'fd'
checking.

Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
10 years agomonitor: Remove hardcoded watchdog event names
Hani Benhabiles [Tue, 29 Jul 2014 22:22:40 +0000 (23:22 +0100)]
monitor: Remove hardcoded watchdog event names

Signed-off-by: Hani Benhabiles <hani@linux.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
10 years agoMerge remote-tracking branch 'remotes/amit/for-2.2' into staging
Peter Maydell [Mon, 18 Aug 2014 17:24:38 +0000 (18:24 +0100)]
Merge remote-tracking branch 'remotes/amit/for-2.2' into staging

* remotes/amit/for-2.2:
  virtio-serial: search for duplicate port names before adding new ports
  virtio-serial: create a linked list of all active devices

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agovirtio-serial: search for duplicate port names before adding new ports
Amit Shah [Tue, 15 Jul 2014 04:47:02 +0000 (10:17 +0530)]
virtio-serial: search for duplicate port names before adding new ports

Before adding new ports to VirtIOSerial devices, check if there's a
conflict in the 'name' parameter.  This ensures two virtserialports with
identical names are not initialized.

Reported-by: <mazhang@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
10 years agovirtio-serial: create a linked list of all active devices
Amit Shah [Wed, 16 Jul 2014 11:08:50 +0000 (16:38 +0530)]
virtio-serial: create a linked list of all active devices

To ensure two virtserialports don't get added to the system with the
same 'name' parameter, we need to access all the ports on all the
devices added, and compare the names.

We currently don't have a list of all VirtIOSerial devices added to the
system.  This commit adds a simple linked list in which devices are put
when they're initialized, and removed when they go away.

Signed-off-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
10 years agoMerge remote-tracking branch 'remotes/mcayland/qemu-sparc' into staging
Peter Maydell [Mon, 18 Aug 2014 11:55:02 +0000 (12:55 +0100)]
Merge remote-tracking branch 'remotes/mcayland/qemu-sparc' into staging

* remotes/mcayland/qemu-sparc:
  target-sparc64: implement Short Floating-Point Store Instructions
  apb: add IOMMU flush register implementation
  sun4u: switch second PCI-ebus bridge BAR over to PCI IO space

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agoMerge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging
Peter Maydell [Mon, 18 Aug 2014 10:59:26 +0000 (11:59 +0100)]
Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging

Block pull request

# gpg: Signature made Fri 15 Aug 2014 18:04:23 BST using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"

* remotes/stefanha/tags/block-pull-request: (55 commits)
  qcow2: fix new_blocks double-free in alloc_refcount_block()
  image-fuzzer: Reduce number of generator functions in __init__
  image-fuzzer: Add generators of L1/L2 tables
  image-fuzzer: Add fuzzing functions for L1/L2 table entries
  docs: Expand the list of supported image elements with L1/L2 tables
  image-fuzzer: Public API for image-fuzzer/runner/runner.py
  image-fuzzer: Generator of fuzzed qcow2 images
  image-fuzzer: Fuzzing functions for qcow2 images
  image-fuzzer: Tool for fuzz tests execution
  docs: Specification for the image fuzzer
  ide: only constrain read/write requests to drive size, not other types
  virtio-blk: Correct bug in support for flexible descriptor layout
  libqos: Change free function called in malloc
  libqos: Correct mask to align size to PAGE_SIZE in malloc-pc
  libqtest: add QTEST_LOG for debugging qtest testcases
  ide: Fix segfault when flushing a device that doesn't exist
  qemu-options: add missing -drive discard option to cmdline help
  parallels: 2TB+ parallels images support
  parallels: split check for parallels format in parallels_open
  parallels: replace tabs with spaces in block/parallels.c
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agomtree: remove write-only field
Paolo Bonzini [Wed, 11 Dec 2013 11:51:46 +0000 (12:51 +0100)]
mtree: remove write-only field

ml->printed is never set to true.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
10 years agomemory: Use canonical path component as the name
Peter Crosthwaite [Fri, 15 Aug 2014 06:56:08 +0000 (23:56 -0700)]
memory: Use canonical path component as the name

Rather than having the name as separate state. This prepares support
for creating a MemoryRegion dynamically (i.e. without
memory_region_init() and friends) and the MemoryRegion still getting
a usable name.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
10 years agomemory: Use memory_region_name for name access
Peter Crosthwaite [Fri, 15 Aug 2014 06:55:36 +0000 (23:55 -0700)]
memory: Use memory_region_name for name access

Despite being local to memory.c, use the helper function. This prepares
support for fully QOMifiying the name field of MR (which will remove
this state from MR completely).

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
10 years agomemory: constify memory_region_name
Peter Crosthwaite [Fri, 15 Aug 2014 06:55:03 +0000 (23:55 -0700)]
memory: constify memory_region_name

It doesn't change the MR and some prospective call sites will have
const MRs at hand.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
10 years agoexec: Abstract away ref to memory region names
Peter Crosthwaite [Fri, 15 Aug 2014 06:54:29 +0000 (23:54 -0700)]
exec: Abstract away ref to memory region names

Use the function provided rather than spying on the struct.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
10 years agoloader: Abstract away ref to memory region names
Peter Crosthwaite [Fri, 15 Aug 2014 06:53:55 +0000 (23:53 -0700)]
loader: Abstract away ref to memory region names

Use the function provided rather than spying on the struct.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
10 years agotpm_tis: remove instance_finalize callback
Paolo Bonzini [Wed, 11 Jun 2014 10:57:16 +0000 (12:57 +0200)]
tpm_tis: remove instance_finalize callback

It is never used, since ISA device are not hot-unpluggable.

Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
10 years agomemory: remove memory_region_destroy
Paolo Bonzini [Wed, 11 Jun 2014 10:50:43 +0000 (12:50 +0200)]
memory: remove memory_region_destroy

The function is empty after the previous patch, so remove it.

Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
10 years agomemory: convert memory_region_destroy to object_unparent
Paolo Bonzini [Wed, 11 Jun 2014 10:42:01 +0000 (12:42 +0200)]
memory: convert memory_region_destroy to object_unparent

Explicitly call object_unparent in the few places where we
will re-create the memory region.  If the memory region is
simply being destroyed as part of device teardown, let QOM
handle it.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
10 years agoioport: split deletion and destruction
Paolo Bonzini [Wed, 11 Jun 2014 11:02:51 +0000 (13:02 +0200)]
ioport: split deletion and destruction

Of the two functions portio_list_del and portio_list_destroy,
the latter is just freeing a memory area.  However, portio_list_del
is the logical equivalent of memory_region_del_subregion so
destruction of memory regions does not belong there.

Actually, neither of these APIs are in use; portio is mostly used by
ISA devices or VGAs, and neither of these is currently hot-unpluggable.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
10 years agonic: do not destroy memory regions in cleanup functions
Paolo Bonzini [Wed, 11 Jun 2014 10:23:03 +0000 (12:23 +0200)]
nic: do not destroy memory regions in cleanup functions

The memory regions should be destroyed in the unrealize function;
since these NICs are not even qdev-ified, they cannot be unplugged
and they do not have to do anything to destroy their memory regions.

Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
10 years agovga: do not dynamically allocate chain4_alias
Paolo Bonzini [Wed, 11 Jun 2014 10:19:25 +0000 (12:19 +0200)]
vga: do not dynamically allocate chain4_alias

Instead, add a boolean variable to indicate the presence of the region.
This avoids a repeated malloc/free (later we can also avoid the
add_child/unparent by changing the offset/size of the alias).

Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
10 years agosysbus: remove unused function sysbus_del_io
Paolo Bonzini [Wed, 11 Jun 2014 10:15:49 +0000 (12:15 +0200)]
sysbus: remove unused function sysbus_del_io

Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
10 years agoqom: object: move unparenting to the child property's release callback
Paolo Bonzini [Wed, 11 Jun 2014 09:57:38 +0000 (11:57 +0200)]
qom: object: move unparenting to the child property's release callback

This ensures that the unparent callback is called automatically
when the parent object is finalized.

Note that there's no need to keep a reference neither in
object_unparent nor in object_finalize_child_property.  The
reference held by the child property itself will do.

Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
10 years agoqom: object: delete properties before calling instance_finalize
Paolo Bonzini [Wed, 11 Jun 2014 09:58:30 +0000 (11:58 +0200)]
qom: object: delete properties before calling instance_finalize

This ensures that the children's unparent callback will still
have a usable parent.

Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
10 years agotarget-sparc64: implement Short Floating-Point Store Instructions
Artyom Tarasenko [Fri, 8 Aug 2014 20:48:00 +0000 (22:48 +0200)]
target-sparc64: implement Short Floating-Point Store Instructions

Implement Short Floating-Point Store Instructions as described
in the chapter 13.5.2 of UltraSPARC-IIi User's Manual.

Particularly this instructions are used by NetBSD 4.0.1+ /sparc64

Signed-off-by: Artyom Tarasenko <atar4qemu@gmail.com>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
10 years agoapb: add IOMMU flush register implementation
Mark Cave-Ayland [Mon, 11 Aug 2014 11:22:52 +0000 (12:22 +0100)]
apb: add IOMMU flush register implementation

The IOMMU flush register is a write-only register used to remove entries from the
hardware TLB. Allow guest writes to this register as a no-op, and return a value
of 0 for reads.

This fixes IOMMU DMA operations under NetBSD SPARC64.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
10 years agosun4u: switch second PCI-ebus bridge BAR over to PCI IO space
Mark Cave-Ayland [Mon, 4 Aug 2014 17:13:11 +0000 (18:13 +0100)]
sun4u: switch second PCI-ebus bridge BAR over to PCI IO space

The ebus is the sun4u equivalent of the old ISA bus which is already mapped at
the beginning of PCI IO space within QEMU. NetBSD attempts to find the physical
addresses of devices connected to the ebus by parsing the BARs of the PCI-ebus
bridge and using the base address found by matching both the address space
type and range for a particular ebus address.

Since the second PCI-ebus bridge BAR is already aliased onto IO space, switch
the BAR over to match and reduce the size to 0x1000 which is enough to cover
all the legacy ioport devices whilst leaving the remaining IO space for other
PCI devices. This allows NetBSD SPARC64 to correctly detect and access devices
on the ebus.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
10 years agoMerge remote-tracking branch 'remotes/mjt/tags/trivial-patches-2014-08-15' into staging
Peter Maydell [Fri, 15 Aug 2014 17:44:47 +0000 (18:44 +0100)]
Merge remote-tracking branch 'remotes/mjt/tags/trivial-patches-2014-08-15' into staging

trivial patches for 2014-08-15

# gpg: Signature made Fri 15 Aug 2014 16:13:03 BST using RSA key ID A4C3D7DB
# gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>"
# gpg:                 aka "Michael Tokarev <mjt@corpit.ru>"
# gpg:                 aka "Michael Tokarev <mjt@debian.org>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6EE1 95D1 886E 8FFB 810D  4324 457C E0A0 8044 65C5
#      Subkey fingerprint: 6F67 E18E 7C91 C5B1 5514  66A7 BEE5 9D74 A4C3 D7DB

* remotes/mjt/tags/trivial-patches-2014-08-15:
  ivshmem: check the value returned by fstat()
  l2cap: fix access to freed memory
  intc: i8259: Convert Array allocation to g_new0
  ppc: convert g_new(qemu_irq usages to g_new0
  ssi: xilinx_spi: Initialise CS GPIOs as NULL
  vl: free err
  qemu-options.hx: fix typo about l2tpv3
  vmxnet3: don't use 'Yoda conditions'
  vl: don't use 'Yoda conditions'
  spice: don't use 'Yoda conditions'
  don't use 'Yoda conditions'
  isa-bus: don't use 'Yoda conditions'
  audio: don't use 'Yoda conditions'
  usb: don't use 'Yoda conditions'
  CODING_STYLE: Section about conditional statement
  pci-host: update uncorresponding description
  pci-host: update obsolete reference about piix_pci.c
  qemu-options.hx: fix a typo of chardev
  memory: Update obsolete comment about AddrRange field type
  apic: Fix reported DFR content

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10 years agoqcow2: fix new_blocks double-free in alloc_refcount_block()
Stefan Hajnoczi [Fri, 15 Aug 2014 16:59:54 +0000 (17:59 +0100)]
qcow2: fix new_blocks double-free in alloc_refcount_block()

Commit de82815db1c89da058b7fb941dab137d6d9ab738 ("qcow2: Handle failure
for potentially large allocations") introduced a double-free of
new_blocks in the alloc_refcount_block() error path.

The qemu-iotests qcow2 026 test case was failing because qemu-io
segfaulted.

Make sure new_blocks is NULL after we free it the first time.

Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoimage-fuzzer: Reduce number of generator functions in __init__
Maria Kustova [Mon, 11 Aug 2014 11:27:46 +0000 (15:27 +0400)]
image-fuzzer: Reduce number of generator functions in __init__

Some issues can be found only when a fuzzed image has a partial structure,
e.g. has L1/L2 tables but no refcount ones. Generation of an entirely
defined image limits these cases. Now the Image constructor creates only
a header and a backing file name (if any), other image elements are generated
in the 'create_image' API.

Signed-off-by: Maria Kustova <maria.k@catit.be>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoimage-fuzzer: Add generators of L1/L2 tables
Maria Kustova [Mon, 11 Aug 2014 11:01:10 +0000 (15:01 +0400)]
image-fuzzer: Add generators of L1/L2 tables

Entries in L1/L2 entries are based on a portion of random guest clusters.
L2 entries contain offsets to host image clusters filled with random data.
Clusters for L1/L2 tables and guest data are selected randomly.

Signed-off-by: Maria Kustova <maria.k@catit.be>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoimage-fuzzer: Add fuzzing functions for L1/L2 table entries
Maria Kustova [Mon, 11 Aug 2014 11:01:09 +0000 (15:01 +0400)]
image-fuzzer: Add fuzzing functions for L1/L2 table entries

Signed-off-by: Maria Kustova <maria.k@catit.be>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agodocs: Expand the list of supported image elements with L1/L2 tables
Maria Kustova [Mon, 11 Aug 2014 11:01:08 +0000 (15:01 +0400)]
docs: Expand the list of supported image elements with L1/L2 tables

Signed-off-by: Maria Kustova <maria.k@catit.be>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoimage-fuzzer: Public API for image-fuzzer/runner/runner.py
Maria Kustova [Mon, 11 Aug 2014 10:34:02 +0000 (14:34 +0400)]
image-fuzzer: Public API for image-fuzzer/runner/runner.py

__init__.py provides the public API required by the test runner

Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Maria Kustova <maria.k@catit.be>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoimage-fuzzer: Generator of fuzzed qcow2 images
Maria Kustova [Mon, 11 Aug 2014 10:34:01 +0000 (14:34 +0400)]
image-fuzzer: Generator of fuzzed qcow2 images

The layout submodule of the qcow2 package creates a random valid image,
randomly selects some amount of its fields, fuzzes them and write the fuzzed
image to the file. Fuzzing process can be controlled by an external
configuration.

Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Maria Kustova <maria.k@catit.be>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoimage-fuzzer: Fuzzing functions for qcow2 images
Maria Kustova [Mon, 11 Aug 2014 10:34:00 +0000 (14:34 +0400)]
image-fuzzer: Fuzzing functions for qcow2 images

The fuzz submodule of the qcow2 image generator contains fuzzing functions for
image fields.
Each fuzzing function contains a list of constraints and a call of a helper
function that randomly selects a fuzzed value satisfied to one of constraints.
For now constraints include only known as invalid or potentially dangerous
values. But after investigation of code coverage by fuzz tests they will be
expanded by heuristic values based on inner checks and flows of a program
under test.

Now fuzzing of a header, header extensions and a backing file name is
supported.

Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Maria Kustova <maria.k@catit.be>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoimage-fuzzer: Tool for fuzz tests execution
Maria Kustova [Mon, 11 Aug 2014 10:33:59 +0000 (14:33 +0400)]
image-fuzzer: Tool for fuzz tests execution

The purpose of the test runner is to prepare the test environment (e.g. create
a work directory, a test image, etc), execute a program under test with
parameters, indicate a test failure if the program was killed during the test
execution and collect core dumps, logs and other test artifacts.

The test runner doesn't depend on an image format, so it can be used with any
external image generator.

[Fixed path to qcow2 format module "qcow2" instead of "../qcow2" since
runner.py is no longer in a sub-directory.
--Stefan]

Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Maria Kustova <maria.k@catit.be>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agodocs: Specification for the image fuzzer
Maria Kustova [Mon, 11 Aug 2014 10:33:58 +0000 (14:33 +0400)]
docs: Specification for the image fuzzer

'Overall fuzzer requirements' chapter contains the current product vision and
features done and to be done. This chapter is still in progress.

Signed-off-by: Maria Kustova <maria.k@catit.be>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoide: only constrain read/write requests to drive size, not other types
Michael Tokarev [Wed, 13 Aug 2014 07:23:31 +0000 (11:23 +0400)]
ide: only constrain read/write requests to drive size, not other types

Commit 58ac321135a introduced a check to ide dma processing which
constrains all requests to drive size.  However, apparently, some
valid requests (like TRIM) does not fit in this constraint, and
fails in 2.1.  So check the range only for reads and writes.

Cc: qemu-stable@nongnu.org
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agovirtio-blk: Correct bug in support for flexible descriptor layout
Marc Marí [Tue, 12 Aug 2014 11:41:51 +0000 (13:41 +0200)]
virtio-blk: Correct bug in support for flexible descriptor layout

Without this correction, only a three descriptor layout is accepted, and
requests with just two descriptors are not completed and no error message is
displayed.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Marc Marí <marc.mari.barcelo@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agolibqos: Change free function called in malloc
Marc Marí [Tue, 12 Aug 2014 11:41:50 +0000 (13:41 +0200)]
libqos: Change free function called in malloc

Reviewed-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Marc Marí <marc.mari.barcelo@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agolibqos: Correct mask to align size to PAGE_SIZE in malloc-pc
Marc Marí [Tue, 12 Aug 2014 11:41:49 +0000 (13:41 +0200)]
libqos: Correct mask to align size to PAGE_SIZE in malloc-pc

Reviewed-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Marc Marí <marc.mari.barcelo@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agolibqtest: add QTEST_LOG for debugging qtest testcases
Marc Marí [Tue, 12 Aug 2014 11:41:48 +0000 (13:41 +0200)]
libqtest: add QTEST_LOG for debugging qtest testcases

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Marc Marí <marc.mari.barcelo@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoide: Fix segfault when flushing a device that doesn't exist
Kevin Wolf [Tue, 12 Aug 2014 16:29:41 +0000 (18:29 +0200)]
ide: Fix segfault when flushing a device that doesn't exist

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoqemu-options: add missing -drive discard option to cmdline help
Peter Lieven [Mon, 28 Jul 2014 19:53:02 +0000 (21:53 +0200)]
qemu-options: add missing -drive discard option to cmdline help

Signed-off-by: Peter Lieven <pl@kamp.de>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoparallels: 2TB+ parallels images support
Denis V. Lunev [Mon, 28 Jul 2014 16:23:55 +0000 (20:23 +0400)]
parallels: 2TB+ parallels images support

Parallels has released in the recent updates of Parallels Server 5/6
new addition to his image format. Images with signature WithouFreSpacExt
have offsets in the catalog coded not as offsets in sectors (multiple
of 512 bytes) but offsets coded in blocks (i.e. header->tracks * 512)

In this case all 64 bits of header->nb_sectors are used for image size.

This patch implements support of this for qemu-img and also adds specific
check for an incorrect image. Images with block size greater than
INT_MAX/513 are not supported. The biggest available Parallels image
cluster size in the field is 1 Mb. Thus this limit will not hurt
anyone.

Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Jeff Cody <jcody@redhat.com>
CC: Kevin Wolf <kwolf@redhat.com>
CC: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoparallels: split check for parallels format in parallels_open
Denis V. Lunev [Mon, 28 Jul 2014 16:23:54 +0000 (20:23 +0400)]
parallels: split check for parallels format in parallels_open

and rework error path a bit. There is no difference at the moment, but
the code will be definitely shorter when additional processing will
be required for WithouFreSpacExt

Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Jeff Cody <jcody@redhat.com>
CC: Kevin Wolf <kwolf@redhat.com>
CC: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoparallels: replace tabs with spaces in block/parallels.c
Denis V. Lunev [Mon, 28 Jul 2014 16:23:53 +0000 (20:23 +0400)]
parallels: replace tabs with spaces in block/parallels.c

Signed-off-by: Denis V. Lunev <den@openvz.org>
Reviewed-by: Jeff Cody <jcody@redhat.com>
CC: Kevin Wolf <kwolf@redhat.com>
CC: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoparallels: extend parallels format header with actual data values
Denis V. Lunev [Mon, 28 Jul 2014 16:23:52 +0000 (20:23 +0400)]
parallels: extend parallels format header with actual data values

Parallels image format has several additional fields inside:
- nb_sectors is actually 64 bit wide. Upper 32bits are not used for
  images with signature "WithoutFreeSpace" and must be explicitly
  zeroed according to Parallels. They will be used for images with
  signature "WithouFreSpacExt"
- inuse is magic which means that the image is currently opened for
  read/write or was not closed correctly, the magic is 0x746f6e59
- data_off is the location of the first data block. It can be zero
  and in this case data starts just beyond the header aligned to
  512 bytes. Though this field does not matter for read-only driver

This patch adds these values to struct parallels_header and adds
proper handling of nb_sectors for currently supported WithoutFreeSpace
images.

WithouFreSpacExt will be covered in next patches.

Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Kevin Wolf <kwolf@redhat.com>
CC: Stefan Hajnoczi <stefanha@redhat.com>
CC: Jeff Cody <jcody@redhat.com>
Reviewed-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agodataplane: stop trying on notifier error
Cornelia Huck [Fri, 25 Jul 2014 12:10:48 +0000 (14:10 +0200)]
dataplane: stop trying on notifier error

If we fail to set up guest or host notifiers, there's no use trying again
every time the guest kicks, so disable dataplane in that case.

Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agodataplane: fail notifier setting gracefully
Cornelia Huck [Fri, 25 Jul 2014 12:10:47 +0000 (14:10 +0200)]
dataplane: fail notifier setting gracefully

The dataplane code is currently doing a hard exit if it fails to set
up either guest or host notifiers. In practice, this may mean that a
guest suddenly dies after a dataplane device failed to come up (e.g.,
when a file descriptor limit is hit for tne nth device).

Let's just try to unwind the setup instead and return.

Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agodataplane: print why starting failed
Cornelia Huck [Fri, 25 Jul 2014 12:10:46 +0000 (14:10 +0200)]
dataplane: print why starting failed

Setting up guest or host notifiers may fail, but the user will have
no idea why: Let's print the error returned by the callback.

Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agochannel-posix: using qemu_set_nonblock() instead of fcntl(O_NONBLOCK)
Gonglei [Mon, 11 Aug 2014 09:34:21 +0000 (17:34 +0800)]
channel-posix: using qemu_set_nonblock() instead of fcntl(O_NONBLOCK)

Technically, fcntl(soc, F_SETFL, O_NONBLOCK)
is incorrect since it clobbers all other file flags.
We can use F_GETFL to get the current flags, set or
clear the O_NONBLOCK flag, then use F_SETFL to set the flags.

Using the qemu_set_nonblock() wrapper.

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Wangxin <wangxinxin.wang@huawei.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoqemu-char: using qemu_set_nonblock() instead of fcntl(O_NONBLOCK)
Gonglei [Mon, 11 Aug 2014 09:34:20 +0000 (17:34 +0800)]
qemu-char: using qemu_set_nonblock() instead of fcntl(O_NONBLOCK)

Technically, fcntl(soc, F_SETFL, O_NONBLOCK)
is incorrect since it clobbers all other file flags.
We can use F_GETFL to get the current flags, set or
clear the O_NONBLOCK flag, then use F_SETFL to set the flags.

Using the qemu_set_nonblock() wrapper.

Signed-off-by: Wangxin <wangxinxin.wang@huawei.com>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agocmd646: synchronise UDMA interrupt status with DMA interrupt status
Mark Cave-Ayland [Fri, 8 Aug 2014 16:23:36 +0000 (17:23 +0100)]
cmd646: synchronise UDMA interrupt status with DMA interrupt status

Make sure that both registers are synchronised when being accessed through
PCI configuration space.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agocmd646: allow MRDMODE interrupt status bits clearing from PCI config space
Mark Cave-Ayland [Fri, 8 Aug 2014 16:23:35 +0000 (17:23 +0100)]
cmd646: allow MRDMODE interrupt status bits clearing from PCI config space

Make sure that we also update the normal DMA interrupt status bits at the
same time, and alter the IRQ if being cleared accordingly.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agocmd646: switch cmd646_update_irq() to accept PCIDevice instead of PCIIDEState
Mark Cave-Ayland [Fri, 8 Aug 2014 16:23:34 +0000 (17:23 +0100)]
cmd646: switch cmd646_update_irq() to accept PCIDevice instead of PCIIDEState

This is in preparation for adding configuration space accessors which accept
PCIDevice as a parameter.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agocmd646: synchronise DMA interrupt status with UDMA interrupt status
Mark Cave-Ayland [Fri, 8 Aug 2014 16:23:33 +0000 (17:23 +0100)]
cmd646: synchronise DMA interrupt status with UDMA interrupt status

Make sure that the standard DMA interrupt status bits reflect any changes made
to the UDMA interrupt status bits. The CMD646U2 datasheet claims that these
bits are equivalent, and they must be synchronised for guests that manipulate
both registers.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agocmd646: add constants for CNTRL register access
Mark Cave-Ayland [Fri, 8 Aug 2014 16:23:32 +0000 (17:23 +0100)]
cmd646: add constants for CNTRL register access

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoqtest/ide: Fix small memory leak
John Snow [Mon, 4 Aug 2014 21:11:25 +0000 (17:11 -0400)]
qtest/ide: Fix small memory leak

For libqos debugging purposes, it's nice to
be able to assert that tests and associated libraries
have no memory leaks. To that end, free up the
trivial cmdline leak.

The remaining leaks caused by pc_alloc_init are fixed
instead by my first-fit pc_alloc implementation already
on the qemu-devel mailing list.

Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agolibqos: allow qpci_iomap to return BAR mapping size
John Snow [Mon, 4 Aug 2014 21:11:24 +0000 (17:11 -0400)]
libqos: allow qpci_iomap to return BAR mapping size

This patch allows qpci_iomap to return the size of the
BAR mapping that it created, to allow driver applications
(e.g, ahci-test) to make determinations about the suitability
or the mapping size, or in the specific case of AHCI, how
many ports are supported by the HBA.

Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agolibqos: Fixes a small memory leak.
John Snow [Mon, 4 Aug 2014 21:11:23 +0000 (17:11 -0400)]
libqos: Fixes a small memory leak.

Allow users the chance to clean up the QPCIBusPC structure
by adding a small cleanup routine. Helps clear up small
memory leaks during setup/teardown, to allow for cleaner
debug output messages.

Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agolibqtest: Correct small memory leak.
John Snow [Mon, 4 Aug 2014 21:11:22 +0000 (17:11 -0400)]
libqtest: Correct small memory leak.

Fixes a small memory leak inside of libqtest.
After we produce a test path and glib copies the string
for itself, we should clean up our temporary copy.

Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agolibqos: Correct memory leak
John Snow [Mon, 4 Aug 2014 21:11:21 +0000 (17:11 -0400)]
libqos: Correct memory leak

Fix a small memory leak inside of libqos, in the pc_alloc_init routine.

Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoqtest: Adding qtest_memset and qmemset.
John Snow [Mon, 4 Aug 2014 21:11:20 +0000 (17:11 -0400)]
qtest: Adding qtest_memset and qmemset.

Currently, libqtest allows for memread and memwrite, but
does not offer a simple way to zero out regions of memory.
This patch adds a simple function to do so.

Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoq35: Enable the ioapic device to be seen by qtest.
John Snow [Mon, 4 Aug 2014 21:11:19 +0000 (17:11 -0400)]
q35: Enable the ioapic device to be seen by qtest.

Currently, the ioapic device can not be found in a qtest environment
when requesting "irq_interrupt_in ioapic" via the qtest socket.

By mirroring how the ioapic is added in i44ofx (hw/i440/pc_piix.c),
as a child of "q35," the device is able to be seen by qtest.

Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoahci: construct PIO Setup FIS for PIO commands
Paolo Bonzini [Mon, 4 Aug 2014 21:11:18 +0000 (17:11 -0400)]
ahci: construct PIO Setup FIS for PIO commands

PIO commands should put a PIO Setup FIS in the receive area when data
transfer ends.  Currently QEMU does not do this and only places the
D2H FIS at the end of the operation.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoide: make all commands go through cmd_done
Paolo Bonzini [Mon, 4 Aug 2014 21:11:17 +0000 (17:11 -0400)]
ide: make all commands go through cmd_done

AHCI has code to fill in the D2H FIS trigger the IRQ all over the place.
Centralize this in a single cmd_done callback by generalizing the existing
async_cmd_done callback.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoide: stop PIO transfer on errors
Paolo Bonzini [Mon, 4 Aug 2014 21:11:16 +0000 (17:11 -0400)]
ide: stop PIO transfer on errors

This will provide a hook for sending the result of the command via the
FIS receive area.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoahci: remove duplicate PORT_IRQ_* constants
Paolo Bonzini [Mon, 4 Aug 2014 21:11:15 +0000 (17:11 -0400)]
ahci: remove duplicate PORT_IRQ_* constants

These are defined twice, just use one set consistently.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoide: move retry constants out of BM_STATUS_* namespace
Paolo Bonzini [Mon, 4 Aug 2014 21:11:14 +0000 (17:11 -0400)]
ide: move retry constants out of BM_STATUS_* namespace

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoide: move BM_STATUS bits to pci.[ch]
Paolo Bonzini [Mon, 4 Aug 2014 21:11:13 +0000 (17:11 -0400)]
ide: move BM_STATUS bits to pci.[ch]

They are not used by AHCI, and should not be even available there.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoide: fold add_status callback into set_inactive
Paolo Bonzini [Mon, 4 Aug 2014 21:11:12 +0000 (17:11 -0400)]
ide: fold add_status callback into set_inactive

It is now called only after the set_inactive callback.  Put the two together.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoide: remove wrong setting of BM_STATUS_INT
Paolo Bonzini [Mon, 4 Aug 2014 21:11:11 +0000 (17:11 -0400)]
ide: remove wrong setting of BM_STATUS_INT

Similar to the case removed in commit 69c38b8 (ide/core: Remove explicit
setting of BM_STATUS_INT, 2011-05-19), the only remaining use of
add_status(..., BM_STATUS_INT) is for short PRDs.  The flag should
not be raised in this case.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
10 years agoide: wrap start_dma callback
Paolo Bonzini [Mon, 4 Aug 2014 21:11:10 +0000 (17:11 -0400)]
ide: wrap start_dma callback

Make it optional and prepare for the next patches.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>