review.tizen.org Git - sdk/emulator/qemu.git/log

arch_init: Fix AltiVec build on Darwin/ppc

Commit f29a56147b66845914d0a645bf9b4c5bb9a6af57 (implement
-no-user-config command-line option (v3)) introduced uses of bool
in arch_init.c. Shortly before that usage is support code for
AltiVec (conditional to __ALTIVEC__).

GCC's altivec.h may in a !__APPLE_ALTIVEC__ code path redefine bool,
leading to type mismatches. altivec.h recommends to #undef for C++
compatibility, but doing so in C leads to bool remaining undefined.

Fix by redefining bool to _Bool as mandated for stdbool.h by POSIX.

Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>

tcg/ppc: Handle _CALL_DARWIN being undefined on Darwin

powerpc-apple-darwin9-gcc-4.2.1 (GCC) 4.2.1 (Apple Inc. build 5577)
does not define _CALL_DARWIN, leading to unexpected behavior w.r.t.
register clobbering and stack frame layout.

Since _CALL_DARWIN is a reserved identifier, define a custom
TCG_TARGET_CALL_DARWIN based on either _CALL_DARWIN or __APPLE__.

Signed-off-by: Andreas F?rber <andreas.faerber@web.de>
Signed-off-by: malc <av1474@comtv.ru>

audio: Always call fini on exit

Not only clean up enabled voices but any registered one. Backends like
pulsaudio rely on unconditional fini handler invocations.

This fixes "Memory pool destroyed but not all memory blocks freed!"
warnings on VM shutdowns when pa is used and lockups of QEMU on shutdown
as it got stuck on some pa-internal synchronization point.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: malc <av1474@comtv.ru>

es1370: Fix debug code

When DEBUG_ES1370 is defined, the compiler shows these warnings:

hw/es1370.c: In function ?es1370_update_voices?:
hw/es1370.c:414: warning: format ?%d? expects type ?int?, but argument 3 has type ?size_t?
hw/es1370.c: In function ?es1370_writel?:
hw/es1370.c:582: warning: format ?%d? expects type ?int?, but argument 3 has type ?long int?
hw/es1370.c:592: warning: format ?%d? expects type ?int?, but argument 3 has type ?long int?
hw/es1370.c:609: warning: format ?%d? expects type ?int?, but argument 3 has type ?long int?
hw/es1370.c: In function ?es1370_readl?:
hw/es1370.c:751: warning: suggest braces around empty body in an ?if? statement

Fix the format strings and add the missing braces.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: malc <av1474@comtv.ru>

Update version for 1.1.0-rc3

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

xen: Fix PV-on-HVM

In the context of PV-on-HVM under Xen, the emulated nics are supposed to be
unplug before the guest drivers are initialized, when the guest write to a
specific IO port.

Without this patch, the guest end up with two nics with the same MAC, the
emulated nic and the PV nic.

Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

qdev: Fix memory leak

The str allocated in visit_type_str was not freed.

The visit_type_str function is an input visitor(<QMP/String/etc>-to-native)
here, it will allocate memory for caller, so the caller is responsible for
freeing the memory.

Reviewed-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: dunrong huang <riegamaths@gmail.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

virtio: check virtio_load return code

Otherwise we crash on error.

Signed-off-by: Ulrich Obergfell <uobergfe@redhat.com>
Signed-off-by: Orit Wassermann <owasserm@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

virtio-blk: always enable VIRTIO_BLK_F_SCSI

VIRTIO_BLK_F_SCSI is supposed to mean whether the host can *parse*
SCSI requests, not *execute* them.  You could run QEMU with scsi=on
and a file-backed disk, and QEMU would fail all SCSI requests even
though it advertises VIRTIO_BLK_F_SCSI.

Because we need to do this to fix a migration compatibility problem
related to how QEMU is invoked by management, we must do this
unconditionally even on older machine types.  This more or less assumes
that no one ever invoked QEMU with scsi=off.

Here is how testing goes:

- old QEMU, scsi=on -> new QEMU, scsi=on
- new QEMU, scsi=on -> old QEMU, scsi=on
- old QEMU, scsi=off -> new QEMU, scsi=on
- new QEMU, scsi=off -> old QEMU, scsi=on
        ok (new QEMU has VIRTIO_BLK_F_SCSI, adding host features is fine)

- old QEMU, scsi=off -> new QEMU, scsi=off
        ok (new QEMU has VIRTIO_BLK_F_SCSI, adding host features is fine)

- old QEMU, scsi=on -> new QEMU, scsi=off
        ok, bug fixed

- new QEMU, scsi=on -> old QEMU, scsi=off
        doesn't work (same as: old QEMU, scsi=on -> old QEMU, scsi=off)

- new QEMU, scsi=off -> old QEMU, scsi=off
        broken by the patch

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

virtio-blk: define VirtIOBlkConf

We will have to add another field to the virtio-blk configuration in
the next patch. Avoid a proliferation of arguments to virtio_blk_init.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

virtio-blk: blockdev_mark_auto_del is transport-independent

Move it from virtio_blk_exit_pci to virtio_blk_exit.

This is included here because the next patch removes proxy->block.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

virtio-blk: report non-zero status when failing SG_IO requests

Linux really looks only at scsi->errors for SG_IO requests; it does
not look at the virtio request status at all.  Because of this, when
a SG_IO request is failed early with virtio_blk_req_complete(req,
VIRTIO_BLK_S_UNSUPP), without writing hdr.status, it will look like
a success to the guest.

This is their bug, but we can make it safe for older guests now by
forcing scsi->errors to have a non-zero value whenever a request
has to be failed.

But if we fix the bug in the guest driver, we will have another problem
because QEMU returns VIRTIO_BLK_S_IOERR if the status is non-zero, and
Linux translates that to -EIO.  Rather, the guest should succeed the
request and pass the non-zero status via the userspace-provided SG_IO
structure.  So, remove the case where virtio_blk_handle_scsi can
return VIRTIO_BLK_S_IOERR.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

use an uint64_t for the max_sz parameter in load_image_targphys

Allow load_image_targphys to load files on systems with more than 2G of
emulated memory by changing the max_sz parameter from an int to an
uint64_t.

Reviewed-by: Andreas F=E4rber <afaerber@suse.de>
Acked-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Mark Langsdorf <mark.langsdorf@calxeda.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

Merge remote-tracking branch 'mdroth/qga-pull-5-15-12' into staging

* mdroth/qga-pull-5-15-12:
  qemu-ga: align versioning with QEMU_VERSION
  qemu-ga: fix segv after failure to open log file
  qemu-ga: guest-shutdown: use only async-signal-safe functions
  qemu-ga: guest-shutdown: become synchronous
  qemu-ga: guest-suspend: make the API synchronous
  qemu-ga: become_daemon(): reopen standard fds to /dev/null
  qemu-ga: make reopen_fd_to_null() public
  qemu-ga: guest-suspend-hybrid: don't emit a success response
  qemu-ga: guest-suspend-ram: don't emit a success response
  qemu-ga: guest-suspend-disk: don't emit a success response
  qemu-ga: guest-shutdown: don't emit a success response
  qemu-ga: don't warn on no command return
  qapi: add support for command options

tests: Add rtc-test (fix test regression)

Commit 93e9eb6808c886f5f1c903b7ced1eed65de2ba39 added fdc-test,
but accidentally removed rtc-test because check-qtest-i386-y was
not enhanced but set twice.

This patch adds rtc-test again (and sorts both tests alphabetically).

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

tests: Fix linker failure for fdc-test

When QEMU was built with the simple trace backend, linking failed:

LINK tests/fdc-test
oslib-posix.o: In function `trace_qemu_memalign':
qemu/bin/debug/x86/./trace.h:31: undefined reference to `trace3'
oslib-posix.o: In function `trace_qemu_vmalloc':
qemu/bin/debug/x86/./trace.h:35: undefined reference to `trace2'
oslib-posix.o: In function `trace_qemu_vfree':
qemu/bin/debug/x86/./trace.h:39: undefined reference to `trace1'
collect2: error: ld returned 1 exit status
make: *** [tests/fdc-test] Fehler 1

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

mips: Fix BC1ANY[24]F instructions

There's some dodgy application of De Morgan's law in the emulation
of the MIPS BC1ANY[24]F instructions: they end up branching only
if all CCs are false, rather than if one CC is.

Tested on mips64-linux-gnu, where it fixes the GCC MIPS3D tests.

Signed-off-by: Richard Sandiford <rdsandiford@googlemail.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

linux-user: Fix stale tbs after mmap

If we execute linux-user code that does the following:

  * A = mmap()
  * execute code in A
  * munmap(A)
  * B = mmap(), but mmap returns the same address as A
  * execute code in B

we end up executing a stale cached tb that contains translated code
from A, while we want new code from B.

This patch adds a TB flush for mmap'ed regions, before we return them,
avoiding the whole issue. It also adds a flush for munmap, so that we
don't execute stale TBs instead of getting a segfault.

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Riku Voipio <riku.voipio@linaro.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

virtio-pci: add missing 'static'

There are no outside references to virtio_portio.
Add missing 'static' specifier.

Reviewed-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

sparc64: fix initrd loading

Initrd load address is too low, it conflicts with kernel load
address:
rom: requested regions overlap (rom phdr #0: /tmp/vmlinux-debian-6.0.4-sparc64. free=0x0000000000742519, addr=0x0000000000400000)
rom loading failed

Fix by making the initrd address variable, load initrd after kernel
image. Use 64 bit variables instead of longs or 32 bit types.

Tested-by: Artyom Tarasenko <atar4qemu@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

audio: split IN_T into two separate constants

Split IN_T into BSIZE and ITYPE, to avoid expansion if the OS has
defined macros for the intX_t and uintX_t types. The IN_T constant is
then defined in mixeng_template.h so it can be used by the
functions/macros on this header file.

This change has been tested successfully under Debian Linux and NetBSD
6.0BETA.

Cc: Vassili Karpov (malc) <av1474@comtv.ru>
Signed-off-by: Roger Pau Monne <roger.pau@citrix.com>
Signed-off-by: malc <av1474@comtv.ru>

target-microblaze: impelemented swapx instructions

Implemented the swapb and swaph byte/halfword reversal instructions added
to microblaze v8.30

Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>

qemu-ga: align versioning with QEMU_VERSION

Previously qemu-ga version was defined seperately. Since it is aligned
with QEMU releases, use QEMU_VERSION instead. This also implies the
version bump for 1.1[-rcN] release of qemu-ga.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Acked-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

qemu-ga: fix segv after failure to open log file

Currently, if we fail to open the specified log file (generally due to a
permissions issue), we'll assign NULL to the logfile handle (stderr,
initially) used by the logging routines, which can cause a segfault to
occur when we attempt to report the error before exiting.

Instead, only re-assign if the open() was successful.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

qemu-ga: guest-shutdown: use only async-signal-safe functions

POSIX mandates[1] that a child process of a multi-thread program uses
only async-signal-safe functions before exec(). We consider qemu-ga
to be multi-thread, because it uses glib.

However, qmp_guest_shutdown() uses functions that are not
async-signal-safe. Fix it the following way:

- fclose() -> reopen_fd_to_null()
- execl() -> execle()
- exit() -> _exit()
- drop slog() usage (which is not safe)

[1] http://pubs.opengroup.org/onlinepubs/009695399/functions/fork.html

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

qemu-ga: guest-shutdown: become synchronous

Last commit dropped qemu-ga's SIGCHLD handler, used to automatically
reap terminated children processes. This introduced a bug to
qmp_guest_shutdown(): it will generate zombies.

This problem probably doesn't matter in the success case, as the VM
will shutdown anyway, but let's do the right thing and reap the
created process. This ultimately means that guest-shutdown is now a
synchronous command.

An interesting side effect is that guest-shutdown is now able to
report an error to the client if shutting down fails.

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

qemu-ga: guest-suspend: make the API synchronous

Currently, qemu-ga has a SIGCHLD handler that automatically reaps terminated
children processes. The idea is to avoid having qemu-ga commands blocked
waiting for children to terminate.

That approach has two problems:

1. qemu-ga is unable to detect errors in the child, meaning that qemu-ga
returns success even if the child fails to perform its task

2. if a command does depend on the child exit status, the command has to
play tricks to bypass the automatic reaper

Case 2 impacts the guest-suspend-* API, because it has to execute an external
program to check for suspend support. Today, to bypass the automatic reaper,
suspend code has to double fork and pass exit status information through a
pipe. Besides being complex, this is prone to race condition bugs. Indeed,
the current code does have such bugs.

Making the guest-suspend-* API synchronous (ie. by dropping the SIGCHLD
handler and calling waitpid() from commands) is a much simpler approach,
which fixes current race conditions bugs and enables commands to detect
errors in the child.

This commit does just that. There's a side effect though, guest-shutdown
will generate zombies if shutting down fails. This will be fixed by the
next commit.

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

qemu-ga: become_daemon(): reopen standard fds to /dev/null

This fixes a bug where qemu-ga doesn't suspend the guest because it
fails to detect suspend support even when the guest does support
suspend. This happens because of the way qemu-ga fds are managed in
daemon mode.

When starting qemu-ga with --daemon, become_daemon() will close all
standard fds. This will cause qemu-ga to end up with the following
fds (if started with 'qemu-ga --daemon'):

    0 -> /dev/vport0p1
    3 -> /run/qemu-ga.pid

Then a guest-suspend-* function is issued. They call bios_supports_mode(),
which will call pipe(), and qemu-ga's fd will be:

    0 -> /dev/vport0p1
    1 -> pipe:[16247]
    2 -> pipe:[16247]
    3 -> /run/qemu-ga.pid

bios_supports_mode() forks off a child and blocks waiting for the child
to write something to the pipe. The child, however, closes its reading
end of the pipe _and_ reopen all standard fds to /dev/null. This will
cause the child's fds to be:

    0 -> /dev/null
    1 -> /dev/null
    2 -> /dev/null
    3 -> /run/qemu-ga.pid

In other words, the child's writing end of the pipe is now /dev/null.
It writes there and exits. The parent process (blocked on read()) will
get an EOF and interpret this as "something unexpected happened in
the child, let's assume the guest doesn't support suspend". And suspend
will fail.

To solve this problem we have to reopen standard fds to /dev/null
in become_daemon(), instead of closing them.

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

qemu-ga: make reopen_fd_to_null() public

The next commit wants to use it.

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

qemu-ga: guest-suspend-hybrid: don't emit a success response

Today, qemu-ga may not be able to emit a success response when
guest-suspend-hybrid completes. This happens because the VM may
suspend before qemu-ga is able to emit a response.

This semantic is a bit confusing, as it's not clear for clients if
they should wait for a response or how they should check for success.

This commit solves that problem by changing guest-suspend-hybrid to
never emit a success response and suggests in the documentation
what clients should do to check for success.

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

qemu-ga: guest-suspend-ram: don't emit a success response

Today, qemu-ga may not be able to emit a success response when
guest-suspend-ram completes. This happens because the VM may
suspend before qemu-ga is able to emit a response.

This semantic is a bit confusing, as it's not clear for clients if
they should wait for a response or how they should check for success.

This commit solves that problem by changing guest-suspend-ram to
never emit a success response and suggests in the documentation
what clients should do to check for success.

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

qemu-ga: guest-suspend-disk: don't emit a success response

Today, qemu-ga may not be able to emit a success response when
guest-suspend-disk completes. This happens because the VM may
vanish before qemu-ga is able to emit a response.

This semantic is a bit confusing, as it's not clear for clients if
they should wait for a response or how they should check for success.

This commit solves that problem by changing guest-suspend-disk to
never emit a success response and suggests in the documentation
what clients could do to check for success.

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

qemu-ga: guest-shutdown: don't emit a success response

Today, qemu-ga may not be able to emit a success response when
guest-shutdown completes. This happens because the VM may vanish
before qemu-ga is able to emit a response.

This semantic is a bit confusing, as it's not clear for clients if
they should wait for a response or how they should check for success.

This commit solves that problem by changing guest-shutdown to never
emit a success response and suggests in the documentation what
clients could do to check for success.

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

qemu-ga: don't warn on no command return

This is a valid condition when a command chooses to not emit a
success response.

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

qapi: add support for command options

Options allow for changes in commands behavior. This commit introduces
the QCO_NO_SUCCESS_RESP option, which causes a command to not emit a
success response.

This is needed by commands such as qemu-ga's guest-shutdown, which
may not be able to complete before the VM vanishes. In this case, it's
useful and simpler not to bother sending a success response.

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

Update version to 1.1.0-rc2

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

tcg/ppc64: Fix CONFIG_TCG_PASS_AREG0

In qemu_ld/st load the registers for the helper calls directly rather
than rotating them around afterwards for AREG0.

Also clobber the additional register.

Signed-off-by: Andreas F?rber <afaerber@suse.de>
Signed-off-by: malc <av1474@comtv.ru>

tcg/ppc64: Don't hardcode register numbers for qemu_ld/st

Facilitates using r3 for prepended AREG0.

Signed-off-by: Andreas F?rber <afaerber@suse.de>
Signed-off-by: malc <av1474@comtv.ru>

Merge remote-tracking branch 'kwolf/for-anthony' into staging

* kwolf/for-anthony:
  qemu-img: Fix segmentation fault
  qcow2: Don't ignore failure to clear autoclear flags
  coroutine: Fix setup of sigaltstack coroutines

Merge remote-tracking branch 'qmp/queue/qmp' into staging

* qmp/queue/qmp:
qapi: QMP input visitor, handle floats parsed as ints

Merge remote-tracking branch 'afaerber-or/qom-1.1' into staging

* afaerber-or/qom-1.1:
  mips_fulong2e: Don't register "cpu" VMState twice
  pc: Add back PCI.rombar compat property
  qdev: Fix adding of ptr properties
  qdev: Use object_property_print() in info qtree
  target-i386: Defer MCE init
  qom: Documentation addition for object_class_by_name()
  target-mips: Remove commented-out function declaration

Merge remote-tracking branch 'kraxel/usb.50' into staging

* kraxel/usb.50:
usb-host: handle guest-issued clear halt

Merge remote-tracking branch 'spice/spice.v55' into staging

* spice/spice.v55:
qxl: set size of PCI IO BAR correctly (16) for revision 2

Merge remote-tracking branch 'sweil/for-1.1' into staging

* sweil/for-1.1:
  qemu-doc: Use QEMU instead of qemu for product name
  qemu-doc: Fix executable name in examples
  qemu-doc: Add missing parameter in description of -D option
  configure: Use QEMU instead of Qemu
  fix some common typos
  qemu-timer: Fix wrong error message

qdev: fix -device foo,?

Since most property types do not have a parse property now, this was
broken. Fix it by looking at the setter instead.

Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Acked-by: Andreas F=E4rber <afaerber@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

qemu-img: Fix segmentation fault

The following command generates a segmentation fault.
qemu-img convert -O vpc -o ? test test2
This is because the 'goto out;' statement calls qemu_progress_end
before qemu_progress_init is called resulting in a NULL pointer
invocation.

Signed-off-by: Charles Arnold <carnold@suse.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

qcow2: Don't ignore failure to clear autoclear flags

Signed-off-by: Kevin Wolf <kwolf@redhat.com>

coroutine: Fix setup of sigaltstack coroutines

Use pthread_kill instead of process-wide kill to invoke the signal
handler used for stack switching. This may fix spurious lock-ups with
this backend, easily triggerable by extending the time window between
kill and sigsuspend.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

Merge remote-tracking branch 'origin/master' into staging

* origin/master:
  sun4u: implement interrupt clearing registers
  sun4u: initialize OBIO interrupt mappings
  fix block loads broken in commit 30038fd818
  Implement address masking for SPARC v9 CPUs
  vga: disable default VGA if appropriate -device is used
  cputlb: fix watchpoints handling

qapi: QMP input visitor, handle floats parsed as ints

JSON numbers can be interpreted as either integers or floating point
values depending on their representation. As a result, QMP input visitor
might visit a QInt when it was expecting a QFloat, so add handling to
account for this.

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Acked-by: Andreas Färber <afaerber@suse.de>

usb-host: handle guest-issued clear halt

Most important here is to update our internal endpoint state so we know
the endpoint isn't in halted state any more. Without this usb-host
tries to clear halt again with the next data transfer submitted. Doing
this twice is (a) not correct and (b) confuses some usb devices,
rendering them non-functional in the guest.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

qxl: set size of PCI IO BAR correctly (16) for revision 2

Also move it up into switch(qxl->revision) block

Signed-off-by: Uri Lublin <uril@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

qemu-doc: Use QEMU instead of qemu for product name

When 'qemu' was used as a product name or as a generic process name,
it is now replaced by the official upper case 'QEMU'.

v2:
Added missing period (hint from Andreas Färber).

Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Stefan Weil <sw@weilnetz.de>

qemu-doc: Fix executable name in examples

The executable name qemu was replaced some time ago by qemu-system-i386.
Fix all examples accordingly.

Some examples will only work with qemu-system-i386 or qemu-system-x86_64
for obvious reasons ("dos.img").

To keep things simple, I did not vary the executable name.
Place holders like qemu-system-TARGET were also only used once
in the enhanced description for QEMU launches using Wine.

Signed-off-by: Stefan Weil <sw@weilnetz.de>

qemu-doc: Add missing parameter in description of -D option

'logfile' is a place holder for a non optional parameter.

Signed-off-by: Stefan Weil <sw@weilnetz.de>

configure: Use QEMU instead of Qemu

This new 'Qemu' was recently added.
Replace it by the official all upper case 'QEMU'.

Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Stefan Weil <sw@weilnetz.de>

fix some common typos

These were identified using: http://github.com/lyda/misspell-check
and run like this to create a bourne shell script using GNU sed's
-i option:

git ls-files|grep -vF .bin | misspellings -f - |grep -v '^ERROR:' |perl \
-pe 's/^(.*?)\[(\d+)\]: (\w+) -> "(.*?)"$/sed -i '\''${2}s!$3!$4!'\'' $1/'

Manually eliding the FP, "rela->real" and resolving "addres" to
address (not "adders") we get this:

  sed -i '450s!thru!through!' Changelog
  sed -i '260s!neccessary!necessary!' coroutine-sigaltstack.c
  sed -i '54s!miniscule!minuscule!' disas.c
  sed -i '1094s!thru!through!' hw/usb/hcd-ehci.c
  sed -i '1095s!thru!through!' hw/usb/hcd-ehci.c
  sed -i '21s!unecessary!unnecessary!' qapi-schema-guest.json
  sed -i '307s!explictly!explicitly!' qemu-ga.c
  sed -i '490s!preceeding!preceding!' qga/commands-posix.c
  sed -i '792s!addres!address!' qga/commands-posix.c
  sed -i '6s!beeing!being!' tests/tcg/test-mmap.c

Also, manually fix "arithmentic", spotted by Peter Maydell:

  sed -i 's!arithmentic!arithmetic!' coroutine-sigaltstack.c

Signed-off-by: Jim Meyering <meyering@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

qemu-timer: Fix wrong error message

Function timeSetEvent returns 0 when it fails, but it does not set
an error code which can be retrieved by GetLastError.

Therefore calling GetLastError is useless.

Signed-off-by: Stefan Weil <sw@weilnetz.de>

mips_fulong2e: Don't register "cpu" VMState twice

We have the following simplified callgraph in mips_fulong2e_init():

  cpu_init() => cpu_mips_init()
    object_new()
      mips_cpu_initfn()
        cpu_exec_init()
          register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
                          cpu_save, cpu_load, env)
  register_savevm(NULL, "cpu", 0, 3, cpu_save, cpu_load, env)

CPU_SAVE_VERSION is defined as 3 in target-mips/cpu.h.
fulong2e instantiates one CPU, so its cpu_index is 0.
Thus the two are fully identical.

Therefore just remove the second call in fulong2e.

Signed-off-by: Juan Quintela <quintela@redhat.com>
[AF: Extend explanation in commit message]
Signed-off-by: Andreas Färber <afaerber@suse.de>

pc: Add back PCI.rombar compat property

This was erroneously dropped in d6c730086cbf24382eb8cff25551798769edfd84
(pc: reduce duplication in compat machine types).

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Michael S. Tsirkin <mst@redhat.com>

qdev: Fix adding of ptr properties

ptr properties have neither a get/set or a print/parse which means that when
they're added they aren't treated as static or legacy properties.

Just assume properties like this are legacy properties and treat them as such.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>

qdev: Use object_property_print() in info qtree

Otherwise, non-string properties without a legacy counterpart are missed.
Also fix error propagation in object_property_print() itself.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>

target-i386: Defer MCE init

Commit de024815e3b523addf58f1f79846b7fe74643678 (target-i386: QOM'ify
CPU init) moved mce_init() call from helper.c:cpu_x86_init() into
X86CPU's cpu.c:x86_cpu_initfn().
mce_init() checks for a family >= 6 though, so we could end up with a
sequence such as for -cpu somecpu,family=6:

  x86_cpu_initfn => X86CPU::family == 5
    mce_init => no-op
  cpu_x86_register => X86CPU::family = 6
  => MCE unexpectedly not init'ed

or for -cpu someothercpu,family=5:

  x86_cpu_initfn => X86CPU::family == 6
    mce_init => init'ed
  cpu_x86_register => X86CPU::family = 5
  => MCE unexpectedly init'ed

Therefore partially revert the above commit. To avoid moving
mce_init() back into helper.c, foresightedly move it into a
new x86_cpu_realize() function and, in lack of ObjectClass::realize,
call it directly from cpu_x86_init().

While at it, move the qemu_init_vcpu() call that used to follow
mce_init() in cpu_x86_init() into the new realizefn as well.

Reported-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>

qom: Documentation addition for object_class_by_name()

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
[AF: Document the possible NULL return value]
Signed-off-by: Andreas Färber <afaerber@suse.de>

target-mips: Remove commented-out function declaration

There is no function cpu_mips_get_clock(), so drop it.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Stefan Weil <sw@weilnetz.de>

sun4u: implement interrupt clearing registers

Implement registers for clearing OBIO and PCI interrupts

Signed-off-by: Artyom Tarasenko <atar4qemu@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

sun4u: initialize OBIO interrupt mappings

Similarly to PCI interrupt mappings, the OBIO ones have to be initialized.

Signed-off-by: Artyom Tarasenko <atar4qemu@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

fix block loads broken in commit 30038fd818

Fix UltraSPARC/JPS1/UA2007 VIS block load instructions broken in
30038fd81808f7c3bca92be2369e74c8ca7b3d69.

Signed-off-by: Artyom Tarasenko <atar4qemu@gmail.com>
[blauwirbel@gmail.com: trimmed unwanted part of patch]
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

Implement address masking for SPARC v9 CPUs

According to UltraSPARC - IIi User's manual:

14.1.11 Address Masking (Impdep #125)
When PSTATE.AM=1, the CALL, JMPL, and RDPC instructions and all traps
transmit zero in the high-order 32-bits of the PC to their specified
destination registers.

Signed-off-by: Artyom Tarasenko <atar4qemu@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

vga: disable default VGA if appropriate -device is used

This is a partial revert of commits a369da5 (vga: improve VGA logic,
committed 2012-01-22) and c5bd4f3 (vga: fix -nodefaults -device VGA,
2012-01-24) which broke command-line option parsing in different ways.

Since commit a369da5 it has become impossible to specify a VGA device
entirely with QemuOpts-enabled options, i.e. without needing an explicit
"-vga none".

In addition, until commit c5bd4f3 -nodefaults would not disable the device
you specified with the legacy "-vga" option, independent of the order.
Since commit c5bd4f3 QEMU -nodefaults will override a previous -vga
option.

I did not reintroduce machine->no_vga. Boards can simply ignore the
vga_interface_type variable, and most will indeed do so.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

cputlb: fix watchpoints handling

Cleanup commit e554861766d9ae84dd5720baa4869f4ed711506f have changed
code_address calculation in the tlb_set_page function in case of access
to a page with a watchpoint. This caused QEMU segfault in the xtensa
test_break unit test. Fix it by moving code_address assignment above
memory_region_section_get_iotlb call.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

use inet_listen()/inet_connect() to support ipv6 migration

Use help functions in qemu-socket.c for tcp migration,
which already support ipv6 addresses.

Currently errp will be set to UNDEFINED_ERROR when migration fails,
qemu would output "migration failed: ...", and current user can
see a message("An undefined error has occurred") in monitor.

This patch changed tcp_start_outgoing_migration()/inet_connect()
/inet_connect_opts(), socket error would be passed back,
then current user can see a meaningful err message in monitor.

Qemu will exit if listening fails, so output socket error
to qemu stderr.

For IPv6 brackets must be mandatory if you require a port.
Referencing to RFC5952, the recommended format is:
[2312::8274]:5200

test status: Successed
listen side: qemu-kvm .... -incoming tcp:[2312::8274]:5200
client side: qemu-kvm ...
(qemu) migrate -d tcp:[2312::8274]:5200

Signed-off-by: Amos Kong <akong@redhat.com>
Reviewed-by: Orit Wasserman <owasserm@redhat.com>
Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

sockets: use error class to pass listen error

Add a new argument in inet_listen()/inet_listen_opts()
to pass back listen error.

Change nbd, qemu-char, vnc to use new interface.

Signed-off-by: Amos Kong <akong@redhat.com>
Reviewed-by: Orit Wasserman <owasserm@redhat.com>
Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

sockets: change inet_connect() to support nonblock socket

Add a bool argument to inet_connect() to assign if set socket
to block/nonblock, and delete original argument 'socktype'
that is unused.
Add a new argument to inet_connect()/inet_connect_opts(),
to pass back connect error by error class.

Retry to connect when -EINTR is got. Connect's successful
for nonblock socket when following errors are got, user
should wait for connecting by select():
  -EINPROGRESS
  -EWOULDBLOCK (win32)
  -WSAEALREADY (win32)

Change nbd, vnc to use new interface.

Signed-off-by: Amos Kong <akong@redhat.com>
Reviewed-by: Orit Wasserman <owasserm@redhat.com>
Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

qerror: add five qerror strings

Add five new qerror strings, they are about listen/connect socket:
  QERR_SOCKET_CONNECT_IN_PROGRESS
  QERR_SOCKET_CONNECT_FAILED
  QERR_SOCKET_LISTEN_FAILED
  QERR_SOCKET_BIND_FAILED
  QERR_SOCKET_CREATE_FAILED

Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Amos Kong <akong@redhat.com>
Reviewed-by: Orit Wasserman <owasserm@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

move CPU definitions to /usr/share/qemu/cpus-x86_64.conf (v2)

Changes v1 -> v2:
- userconfig variable is now bool, not int

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

implement -no-user-config command-line option (v3)

Changes v2 -> v3:
- Rebase against latest qemu.git

Changes v1 -> v2:
- Change 'userconfig' field/variables to bool instead of int
- Coding style change

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

vl.c: change 'defconfig' variable to bool (v2)

Changes v1 -> v2:
- Actually change the variable type declaration to 'bool'

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

move list of default config files to an array

More files will be added to the list, with additional attributes, later.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

eliminate arch_config_name variable

Not needed anymore, as the code that uses the variable is already inside
arch_init.c.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

move code to read default config files to a separate function (v2)

Function added to arch_init.c because it depends on arch-specific
settings.

Changes v1 -> v2:
- Move qemu_read_default_config_file() prototype to qemu-config.h

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

block: fix warning introduced in efcc7a23

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

Switch SIG_IPI to SIGUSR1

Use SIGUSR1 unconditionally as SIG_IPI. First, ucontext coroutines tend
to corrupt RT signal masks due to a 32-on-64-bit Linux kernel bug. And,
second, there appears to be no advantage in using RT signals for VCPU
kicking.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

Merge remote-tracking branch 'pmaydell/target-arm.for-upstream' into staging

* pmaydell/target-arm.for-upstream:
target-arm/cpu.h: Make cpu_init("nonexistent cpu") return NULL
target-arm: When setting FPSCR.QC, don't clear other FPSCR bits

Merge remote-tracking branch 'kwolf/for-anthony' into staging

* kwolf/for-anthony: (30 commits)
  declare ECANCELED on all machines
  tests/Makefile: Add missing $(EXESUF)
  stream: do not copy unallocated sectors from the base
  stream: fix ratelimiting corner case
  stream: fix HMP block_job_set_speed
  stream: pass new base image format to bdrv_change_backing_file
  stream: add testcase for partial streaming
  stream: fix sectors not allocated test
  qemu-io: fix the alloc command
  qemu-io: correctly print non-integer values as decimals
  qemu-img: make "info" backing file output correct and easier to use
  block: move field reset from bdrv_open_common to bdrv_close
  block: protect path_has_protocol from filenames with colons
  block: simplify path_is_absolute
  block: wait for job callback in block_job_cancel_sync
  block: add block_job_sleep_ns
  block: fully delete bs->file when closing
  block: do not reuse the backing file across bdrv_close/bdrv_open
  block: another bdrv_append fix
  block: fix snapshot on QED
  ...

Merge remote-tracking branch 'qemu-kvm/uq/master' into staging

* qemu-kvm/uq/master:
kvm: Fix dirty tracking with large kernel page size

target-arm/cpu.h: Make cpu_init("nonexistent cpu") return NULL

The macro definition of cpu_init meant that if cpu_arm_init()
returned NULL this wouldn't result in cpu_init() itself returning
NULL. This had the effect that "-cpu foo" for some unknown CPU
name 'foo' would cause ARM targets to segfault rather than
generating a useful error message. Fix this by making cpu_init
a simple inline function.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Andreas Färber <afaerber@suse.de>

target-arm: When setting FPSCR.QC, don't clear other FPSCR bits

This patch fixes a bug affecting a variety of Neon instructions, such as
VQADD.

Signed-off-by: Matt Craighead <mjcraighead@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

kvm: Fix dirty tracking with large kernel page size

If the kernel page size is larger than TARGET_PAGE_SIZE, which
happens for example on ppc64 with kernels compiled for 64K pages,
the dirty tracking doesn't work.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Avi Kivity <avi@redhat.com>

declare ECANCELED on all machines

This is needed in particular on Win32.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

tests/Makefile: Add missing $(EXESUF)

Signed-off-by: Kevin Wolf <kwolf@redhat.com>

stream: do not copy unallocated sectors from the base

Unallocated sectors should really never be accessed by the guest,
so there's no need to copy them during the streaming process.
If they are read by the guest during streaming, guest-initiated
copy-on-read will copy them (we're in the base == NULL case, which
enables copy on read). If they are read after we disconnect the
image from the base, they will read as zeroes anyway.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

stream: fix ratelimiting corner case

This fixes inability to make progress in streaming if the quota is set
to less than the amount of data that an I/O operation has to write.

In this case, limit->dispatched + n will always be above the quota and,
due to the "goto retry" to recheck cancellation and allocation, streaming
will livelock.

This can be reproduced with "block_job_set_speed ide0-hd0 1b". Of course,
with this patch the requested limit will not be obeyed. That could be
done with another patch that caps is_allocated's n argument by the slice
quota.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

stream: fix HMP block_job_set_speed

The change of the argument name from value to speed was not propagated there.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

stream: pass new base image format to bdrv_change_backing_file

When an image is modified to point to the new backing file, the backing
file format is set to NULL, which means auto-probe. This is wrong, in
fact it is a small security problem.

Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

stream: add testcase for partial streaming

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

stream: fix sectors not allocated test

The test on sectors not allocated can fail if the L1/L2 tables are
not on disk yet. Allow tests to shutdown the VM early.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

qemu-io: fix the alloc command

Because sector_num is not updated, the loop would either go on
forever or return garbage.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

qemu-io: correctly print non-integer values as decimals

qemu-io's cvtstr function sometimes will incorrectly omit the
decimal part of the number, and sometimes will incorrectly include
it. This patch fixes both. The former is more serious, and can
be seen in the patches to 027.out and 033.out.

The changes to all other files were scripted with sed, so there were
no "surprises" beyond 027.out and 033.out.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

qemu-img: make "info" backing file output correct and easier to use

qemu-img info should use the same logic as qemu when printing the
backing file path, or debugging becomes quite tricky. We can also
simplify the output in case the backing file has an absolute path
or a protocol.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>