aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Update version for v2.5.0-rc4 releaseHEADmasterPeter Maydell2015-12-111-1/+1
| | | | Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* blockdev: Mark {insert, remove}-medium experimentalMax Reitz2015-12-115-33/+45
| | | | | | | | | | | | | | | | | | | | | | | | | | While in the long term we want throttling to be its own block filter BDS, in the short term we want it to be part of the BB instead of a BDS; even in the long term we may want legacy throttling to be automatically tied to the BB. blockdev-insert-medium and blockdev-remove-medium do not retain throttling information in the BB (deliberately so). Therefore, using them means tying this information to a BDS, which would break the model described above. (The same applies to other flags such as detect_zeroes.) We probably want to move this information to the BB or its own filter BDS before blockdev-{insert,remove}-medium can be considered completely stable. Therefore, mark these functions experimental for the time being. Suggested-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com> Acked-by: Markus Armbruster <armbru@redhat.com> Acked-by: Kevin Wolf <kwolf@redhat.com> Message-id: 1449847385-13986-2-git-send-email-mreitz@redhat.com Reviewed-by: Eric Blake <eblake@redhat.com> [PMM: fixed format nit (underlining) in qmp-commands.hx] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* Fix xbzrle vs last_sent_block updateDr. David Alan Gilbert2015-12-111-1/+10
| | | | | | | | | | | | | | | | | | | | | My fix (84e7b80a) replaced the last_sent_block update that I'd removed earlier; however it was too aggressive in the xbzrle case. save_xbzrle_page might return '0' to mean that the page didn't need sending since it was the same as the last sent version; in this case we can't update 'last_sent_block' since we didn't actually send it. Symptom: 'Illegal RAM offset 1018000' as we try and send a page to the wrong RAMBlock; potentially that could be a data corruption if you were really unlucky. Fixes: 84e7b80a05c0c44b90533c6cd2f1db5c932ccf77 Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Message-id: 1449765106-6528-1-git-send-email-dgilbert@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* Update language files for QEMU 2.5.0Peter Maydell2015-12-107-127/+127
| | | | | | | | Update translation files (change created via 'make -C po update'). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Stefan Weil <sw@weilnetz.de> Message-id: 1449754467-3496-1-git-send-email-peter.maydell@linaro.org
* sparc: allow CASA with ASI 0xa from user spaceAlex Zuepke2015-12-101-1/+2
| | | | | | | | | LEON3 allows the CASA instruction to be used from user space if the ASI is set to 0xa (user data). Signed-off-by: Alex Zuepke <azu@sysgo.de> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* MAINTAINERS: add maintainer to virtio-9pGreg Kurz2015-12-101-0/+1
| | | | | | | | | As suggested by Paolo, I add myself as maintainer for virtio-9p. Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Acked-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> Message-id: 20151130154016.20108.79073.stgit@bahia.huguette.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* virtio-9p-device: add minimal unrealize handlerGreg Kurz2015-12-101-0/+12
| | | | | | | | | | | | | | | | | | | | | Since commit 4652f1640e029e1f2433fa77ba6af285 "virtio-9p: add savevm handlers", if the user hot-unplugs a quiescent 9p device and live migrates, the source QEMU crashes before migration completetion... This happens because virtio-9p devices have a realize handler which calls virtio_init() and register_savevm(). Both calls store pointers to the device internals, that get dereferenced during migration even if the device got unplugged. This patch simply adds an unrealize handler to perform minimal cleanup and avoid the crash. Hot unplug of non-quiescent 9p devices is still not supported in QEMU, and not supported by linux guests either. Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Message-id: 20151208155457.27775.69441.stgit@bahia.huguette.org [PMM: rewrapped long lines in commit message] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* Update version for v2.5.0-rc3 releasePeter Maydell2015-12-071-1/+1
| | | | Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* sd: Mark brittle abuse of blk_attach_dev() FIXMEMarkus Armbruster2015-12-071-0/+1
| | | | | | | | | | | | | | blk_attach_dev() fails here only when we're working for device "sdhci-pci" (which already attached the backend), and then we don't want to attach a second time. If we ever create another failure mode, we're setting up ourselves to using the same backend from multiple frontends, which is likely to end in tears. Can't clean this up this close to the release, so mark it FIXME. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1449503710-3707-3-git-send-email-armbru@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* sdhci: Sanitize "sdhci-pci" properties for future qomificationMarkus Armbruster2015-12-072-3/+8
| | | | | | | | | | | | | | | | | | | | We currently fuse controller and card into a single device model, but we intend qomify things properly and separate the two. The properties that really belong to the card would then have to somehow pass-through to the card's properties. To avoid that complication, either mark them experimental or drop them. Properties "capareg", "maxcurr" and the usual PCI device properties belong to the controller. Property "drive" belongs to the card; rename it to "x-drive". Properties "logical_block_size", "physical_block_size", "min_io_size", "opt_io_size", "discard_granularity" belong to the card, but have no effect; drop them. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1449503710-3707-2-git-send-email-armbru@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* virtio-blk: Drop x-data-plane optionFam Zheng2015-12-073-15/+2
| | | | | | | | | | | | | | | | | | The official way of enabling dataplane is through the "iothread" property that references an iothread object created by "-object iothread". Since the old "x-data-plane=on" way now even crashes, it's probably easier to just drop it: $ qemu-system-x86_64 -drive file=null-co://,id=d0,if=none \ -device virtio-blk-pci,drive=d0,x-data-plane=on ERROR:/home/fam/work/qemu/qom/object.c:1515: object_get_canonical_path_component: assertion failed: (obj->parent != NULL) Aborted Signed-off-by: Fam Zheng <famz@redhat.com> Message-id: 1449485967-19240-1-git-send-email-famz@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into ↵Peter Maydell2015-12-074-11/+29
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | staging # gpg: Signature made Mon 07 Dec 2015 14:06:07 GMT using RSA key ID 398D6211 # gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>" # gpg: WARNING: This key is not certified with sufficiently trusted signatures! # gpg: It is not certain that the signature belongs to the owner. # Primary key fingerprint: 215D 46F4 8246 689E C77F 3562 EF04 965B 398D 6211 * remotes/jasowang/tags/net-pull-request: lan9118: log and ignore access to invalid registers, rather than aborting lan9118: fix emulation of MAC address loaded bit in E2P_CMD register vmxnet3: silence warning pcnet: fix rx buffer overflow(CVE-2015-7512) net: pcnet: add check to validate receive data size(CVE-2015-7504) e1000: fix hang of win2k12 shutdown with flood ping Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * lan9118: log and ignore access to invalid registers, rather than abortingAndrew Baumann2015-12-071-4/+8
| | | | | | | | | | | | | | | | | | | | | | With this change, access to invalid/unimplemented device registers are logged as a "guest error" rather than aborting qemu with hw_error. This enables drivers for similar devices (e.g. SMSC 9221), by simply ignoring the unimplemented writes. It's also closer to what real hardware does. Signed-off-by: Andrew Baumann <Andrew.Baumann@microsoft.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
| * lan9118: fix emulation of MAC address loaded bit in E2P_CMD registerAndrew Baumann2015-12-071-3/+5
| | | | | | | | | | | | | | | | | | | | There appears to have been a longstanding typo in the implementation of the "MAC address loaded" bit in the E2P_CMD (EEPROM command) register. The code was using 0x10, but the controller spec says it should be bit 8 (0x100). Signed-off-by: Andrew Baumann <Andrew.Baumann@microsoft.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
| * vmxnet3: silence warningMichael S. Tsirkin2015-12-071-1/+0
| | | | | | | | | | | | | | | | | | | | vmxnet3 always produces a warning under qtest. This is not a user error, don't warn. Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
| * pcnet: fix rx buffer overflow(CVE-2015-7512)Jason Wang2015-12-071-0/+6
| | | | | | | | | | | | | | | | | | | | | | Backends could provide a packet whose length is greater than buffer size. Check for this and truncate the packet to avoid rx buffer overflow in this case. Cc: Prasad J Pandit <pjp@fedoraproject.org> Cc: qemu-stable@nongnu.org Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
| * net: pcnet: add check to validate receive data size(CVE-2015-7504)Prasad J Pandit2015-12-071-3/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | In loopback mode, pcnet_receive routine appends CRC code to the receive buffer. If the data size given is same as the buffer size, the appended CRC code overwrites 4 bytes after s->buffer. Added a check to avoid that. Reported by: Qinghao Tang <luodalongde@gmail.com> Cc: qemu-stable@nongnu.org Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Signed-off-by: Jason Wang <jasowang@redhat.com>
| * e1000: fix hang of win2k12 shutdown with flood pingDenis V. Lunev2015-12-071-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | e1000 driver in Win2k12 is really well rotten. It 100% hangs on shutdown of UP VM under flood ping. The guest checks card state and reinjects itself interrupt in a loop. This is fatal for UP machine. There is no good way to fix this misbehavior but to kludge it. The emulation has interrupt throttling register aka ITR which limits interrupt rate and allows the guest to proceed this phase. There is no problem with this kludge for Linux guests - it adjust the value of it itself. On the other hand according to the initial research in commit e9845f0985f088dd01790f4821026df0afba5795 Author: Vincenzo Maffione <v.maffione@gmail.com> Date: Fri Aug 2 18:30:52 2013 +0200 e1000: add interrupt mitigation support ... Interrupt mitigation boosts performance when the guest suffers from an high interrupt rate (i.e. receiving short UDP packets at high packet rate). For some numerical results see the following link http://info.iet.unipi.it/~luigi/papers/20130520-rizzo-vm.pdf this should also boost performance a bit. See https://bugzilla.redhat.com/show_bug.cgi?id=874406 for additional details. Signed-off-by: Denis V. Lunev <den@openvz.org> CC: Vincenzo Maffione <v.maffione@gmail.com> CC: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
* | Merge remote-tracking branch 'remotes/afaerber/tags/qom-devices-for-peter' ↵Peter Maydell2015-12-047-22/+34
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | into staging QOM infrastructure fixes and device conversions * Documentation update * qom-test and related fixes # gpg: Signature made Fri 04 Dec 2015 17:54:55 GMT using RSA key ID 3E7E013F # gpg: Good signature from "Andreas Färber <afaerber@suse.de>" # gpg: aka "Andreas Färber <afaerber@suse.com>" * remotes/afaerber/tags/qom-devices-for-peter: qom-test: Fix qmp() leaks tests: Use proper functions types instead of void (*fn) qom: Update documentation comment of struct Object tests: Fix check-report-qtest-% target Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * | qom-test: Fix qmp() leaksMarc-André Lureau2015-12-041-7/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Before this patch ASAN reported: SUMMARY: AddressSanitizer: 677165875 byte(s) leaked in 1272437 allocation(s) After this patch: SUMMARY: AddressSanitizer: 465 byte(s) leaked in 32 allocation(s) Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <1448551895-871-1-git-send-email-marcandre.lureau@redhat.com> [Straightforwardly rebased onto the previous patch] Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
| * | tests: Use proper functions types instead of void (*fn)Markus Armbruster2015-12-044-10/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We have several function parameters declared as void (*fn). This is just a stupid way to write void *, and the only purpose writing it like that could serve is obscuring the sin of bypassing the type system without need. The original sin is commit 49ee359: its qtest_add_func() is a wrapper for g_test_add_func(). Fix the parameter type to match g_test_add_func()'s. This uncovers type errors in ide-test.c; fix them. Commit 7949c0e faithfully repeated the sin for qtest_add_data_func(). Fix it the same way, along with a harmless type error uncovered in vhost-user-test.c. Commit 063c23d repeated it for qtest_add_abrt_handler(). The screwy parameter gets assigned to GHook member func, so change its type to match. Requires wrapping kill_qemu() to keep the type checker happy. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> [AF/armbru: Inline GTestFunc/GTestDataFunc typedef for old GLib] Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
| * | qom: Update documentation comment of struct ObjectCao jin2015-12-031-3/+0
| | | | | | | | | | | | | | | | | | | | | It doesn't have "GSList *interfaces" anymore, drop the paragraph. Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
| * | tests: Fix check-report-qtest-% targetAndreas Färber2015-12-031-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit e253c28 ("tests: Fix how qom-test is run") introduced $(qtest-generic-y) and used it for check-qtest-% target, but did not update check-report-qtest-%. This causes check-report-qtest-aarch64.xml target to fail with a gtester usage error for lack of test arguments. Fix this by adding $(qtest-generic-y) in check-report-qtest-%. Also add it in check-clean target, spotted by Markus. Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
* | | Merge remote-tracking branch ↵Peter Maydell2015-12-049-31/+31
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 'remotes/mjt/tags/pull-trivial-patches-2015-12-04' into staging trivial patches for 2015-12-04 # gpg: Signature made Fri 04 Dec 2015 06:40:23 GMT using RSA key ID A4C3D7DB # gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>" # gpg: aka "Michael Tokarev <mjt@corpit.ru>" # gpg: aka "Michael Tokarev <mjt@debian.org>" * remotes/mjt/tags/pull-trivial-patches-2015-12-04: bt: check struct sizes typedefs: Put them back into alphabetical order scsi: remove scsi_req_free prototype gt64xxx: fix decoding of ISD register configure: use appropriate code fragment for -fstack-protector checks crypto: avoid two coverity false positive error reports configure: Diagnose broken linkers directly bt: avoid unintended sign extension util/id: fully allocate names table Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * | | bt: check struct sizesPaolo Bonzini2015-12-041-17/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | See http://permalink.gmane.org/gmane.linux.bluez.kernel/36505. For historical reasons these do not use sizeof, and Coverity caught a mistake in EVT_ENCRYPT_CHANGE_SIZE. In addition: - remove status from create_conn_cancel_cp; the "status" field is only in rp structs. Note that this means that the OCF_CREATE_CONN_CANCEL could never have worked (it would have failed the LENGTH_CHECK), but I am keeping it anyway. - OCF_READ_LINK_QUALITY similarly could never have worked, but I am fixing read_link_quality_cp anyway. - fix inquiry_info which is shorter by one: the kernel has a struct that is 14 byte long, but not counting the initial num_responses byte which the kernel parses separately; - remove extended_inquiry_info altogether, since it's not used and unlike the other inquiry structs does not have the initial num_responses byte. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
| * | | typedefs: Put them back into alphabetical orderMarkus Armbruster2015-12-041-7/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | "Please keep this list in alphabetical order" has been more honoured in the breach than in the observance. Clean up. While there, drop a redundant struct declaration. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
| * | | scsi: remove scsi_req_free prototypeHervé Poussineau2015-12-041-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Function has been deleted in ad2d30f79d3b0812f02c741be2189796b788d6d7. Signed-off-by: Hervé Poussineau <hpoussin@reactos.org> Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
| * | | gt64xxx: fix decoding of ISD registerPaolo Bonzini2015-12-041-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The GT64xxx's internal registers can be placed above the first 4 GiB in the address space, but not above the first 64 GiB. Correctly cast the register to a 64-bit integer, and mask away bits above bit 35. Datasheet at http://pdf.datasheetarchive.com/datasheetsmain/Datasheets-33/DSA-655889.pdf (bug reported by Coverity). Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
| * | | configure: use appropriate code fragment for -fstack-protector checksRodrigo Rebello2015-12-041-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The check for stack-protector support consisted in compiling and linking the test program below (output by function write_c_skeleton()) with the compiler flag -fstack-protector-strong first and then with -fstack-protector-all if the first one failed to work: int main(void) { return 0; } This caused false positives when using certain toolchains in which the compiler accepted -fstack-protector-strong but no support was provided by the C library, since for this stack-protector variant the compiler emits canary code only for functions that meet specific conditions (local arrays, memory references to local variables, etc.) and the code fragment under test included none of them (hence no stack protection code generated, no link failure). This fix changes the test program used for -fstack-protector checks to include a function that meets conditions which cause the compiler to generate canary code in all variants. Signed-off-by: Rodrigo Rebello <rprebello@gmail.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
| * | | crypto: avoid two coverity false positive error reportsDaniel P. Berrange2015-12-042-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In qcrypto_tls_creds_get_path() coverity complains that we are checking '*creds' for NULL, despite having dereferenced it previously. This is harmless bug due to fact that the trace call was too early. Moving it after the cleanup gets the desired semantics. In qcrypto_tls_creds_check_cert_key_purpose() coverity complains that we're passing a pointer to a previously free'd buffer into gnutls_x509_crt_get_key_purpose_oid() This is harmless because we're passing a size == 0, so gnutls won't access the buffer, but rather just report what size it needs to be. We can avoid it though by explicitly setting the buffer to NULL after free'ing it. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
| * | | configure: Diagnose broken linkers directlyPeter Maydell2015-12-041-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently if the user's compiler works for creating .o files but their linker is broken such that compiling an executable from a C file does not work, we will report a misleading error message about the compiler not supporting __thread (since that happens to be the first test we run which requires a working linker). Explicitly check that compile_prog works as well as compile_object, so that people whose toolchain setup is broken get a more helpful error message. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
| * | | bt: avoid unintended sign extensionPaolo Bonzini2015-12-041-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In the case of a 4-byte length, shifting a value by 24 may cause an unintended sign extension when converting from int to size_t. Use a uint32_t variable instead. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
| * | | util/id: fully allocate names tableJohn Snow2015-12-041-2/+2
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Trivial: this array should be allocated to have ID_MAX entries always. Otherwise if someone were to forget to expand this table, the assertion in the id generator won't actually trigger; it will read junk data. Signed-off-by: John Snow <jsnow@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Jeff Cody <jcody@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
* | | Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.5-20151204' ↵Peter Maydell2015-12-041-6/+35
|\ \ \ | |/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | into staging ppc patch queue for 2.5 2015-12-04 This contains some last minute QOM behaviour fixes from Markus Armbruster. # gpg: Signature made Fri 04 Dec 2015 06:43:54 GMT using RSA key ID 20D9B392 # gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>" # gpg: aka "David Gibson (Red Hat) <dgibson@redhat.com>" # gpg: aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>" # gpg: WARNING: This key is not certified with sufficiently trusted signatures! # gpg: It is not certain that the signature belongs to the owner. # Primary key fingerprint: 75F4 6586 AE61 A66C C44E 87DC 6C38 CACA 20D9 B392 * remotes/dgibson/tags/ppc-for-2.5-20151204: spapr_drc: Change value of property "fdt" from null back to {} spapr_drc: Make device "spapr-dr-connector" unavailable with -device spapr_drc: Handle visitor errors properly Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * | spapr_drc: Change value of property "fdt" from null back to {}Markus Armbruster2015-12-041-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | prop_get_fdt() misuses the visitor API: when fdt is null, it doesn't visit anything. object_property_get_qobject() happily object_property_get_qobject(). Amazingly, the latter survives the misuse. Turns out we've papered over it long before prop_get_fdt() existed, in commit 1d10b44. However, commit 6c2f9a1 changed how we paper over it, and as a side effect changed qom-get's value from {} to null. Change it right back by fixing the visitor misuse. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
| * | spapr_drc: Make device "spapr-dr-connector" unavailable with -deviceMarkus Armbruster2015-12-041-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | It should only be created via spapr_dr_connector_new(). Attempting to create it with -device crashes. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
| * | spapr_drc: Handle visitor errors properlyMarkus Armbruster2015-12-041-6/+26
|/ / | | | | | | | | | | | | | | Since prop_get_fdt() is only used with QmpOutputVisitor, errors shouldn't actually happen, so this is only a latent bug. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
* | ui: vnc: avoid floating point exceptionPrasad J Pandit2015-12-031-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | While sending 'SetPixelFormat' messages to a VNC server, the client could set the 'red-max', 'green-max' and 'blue-max' values to be zero. This leads to a floating point exception in write_png_palette while doing frame buffer updates. Reported-by: Lian Yihan <lianyihan@360.cn> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* | Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into ↵Peter Maydell2015-12-038-12/+49
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | staging # gpg: Signature made Thu 03 Dec 2015 04:59:48 GMT using RSA key ID 81AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" * remotes/stefanha/tags/block-pull-request: iotests: Add regresion test case for write notifier assertion failure iotests: Add "add_drive_raw" method block: Don't wait serialising for non-COR read requests iothread: include id in thread name Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * | iotests: Add regresion test case for write notifier assertion failureFam Zheng2015-12-032-2/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The idea is to let the top level bs have a big request alignment with blkdebug, so that the aio_write request issued from monitor will be serialised. This tests that QEMU doesn't crash upon the read request from the backup job's write notifier, which is a very special case of "reentrant" request. Signed-off-by: Fam Zheng <famz@redhat.com> Message-id: 1448962590-2842-4-git-send-email-famz@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
| * | iotests: Add "add_drive_raw" methodFam Zheng2015-12-031-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | This offers full manual control over the "-drive" options. Signed-off-by: Fam Zheng <famz@redhat.com> Message-id: 1448962590-2842-3-git-send-email-famz@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
| * | block: Don't wait serialising for non-COR read requestsFam Zheng2015-12-034-9/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The assertion problem was noticed in 06c3916b35a, but it wasn't completely fixed, because even though the req is not marked as serialising, it still gets serialised by wait_serialising_requests against other serialising requests, which could lead to the same assertion failure. Fix it by even more explicitly skipping the serialising for this specific case. Signed-off-by: Fam Zheng <famz@redhat.com> Message-id: 1448962590-2842-2-git-send-email-famz@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
| * | iothread: include id in thread namePaolo Bonzini2015-12-031-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This makes it easier to find the desired thread. Use "IO" plus the id; even with the 14 character limit on the thread name, enough of the id should be readable (e.g. "IO iothreadNNN" with three characters for the number). Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Message-id: 1448372804-5034-1-git-send-email-pbonzini@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* | | Merge remote-tracking branch 'remotes/juanquintela/tags/migration/20151203' ↵Peter Maydell2015-12-032-2/+3
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | into staging migration/next for 20151203 # gpg: Signature made Wed 02 Dec 2015 23:19:10 GMT using RSA key ID 5872D723 # gpg: Good signature from "Juan Quintela <quintela@redhat.com>" # gpg: aka "Juan Quintela <quintela@trasno.org>" * remotes/juanquintela/tags/migration/20151203: migration: do floating-point division migration: Clean up use of g_poll() in socket_writev_buffer() Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * | | migration: do floating-point divisionPaolo Bonzini2015-12-031-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Dividing integer expressions transferred_bytes and time_spent, and then converting the integer quotient to type double. Any remainder, or fractional part of the quotient, is ignored. Fix this. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
| * | | migration: Clean up use of g_poll() in socket_writev_buffer()Markus Armbruster2015-12-031-1/+2
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | socket_writev_buffer() writes in a loop, using g_poll() to block. If g_poll() fails, it tries to write more before the file descriptor is ready. In theory, this could go into a tight loop. In practice, errors other than EINTR are really unlikely, and when they happen, we're probably screwed anyway, so we can just as well loop. Clean it up a bit: retry poll on EINTR, keep ignoring other errors. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
* | | Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into stagingPeter Maydell2015-12-0212-43/+164
|\ \ \ | |/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | virtio,vhost,mmap fixes for 2.5 vhost test patches to fix the travis build virtio ccw patch to fix virtio 1 virtio pci patch to fix pci express vhost user bridge patch to fix fd leaks mmap-alloc patch to fix hugetlbfs on ppc64 remove dead code for vhost (trivial) Signed-off-by: Michael S. Tsirkin <mst@redhat.com> # gpg: Signature made Wed 02 Dec 2015 20:38:41 GMT using RSA key ID D28D5469 # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" * remotes/mst/tags/for_upstream: util/mmap-alloc: fix hugetlb support on ppc64 virtio-pci: Set the QEMU_PCI_CAP_EXPRESS capability early in its DeviceClass realize method virtio: handle non-virtio-1-capable backend for ccw tests/vhost-user-bridge.c: fix fd leakage vhost: drop dead code vhost-user: verify that number of queues is non-zero vhost-user-test: fix crash with glib < 2.36 vhost-user-test: use unix port for migration vhost-user-test: fix chardriver race Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * | util/mmap-alloc: fix hugetlb support on ppc64Michael S. Tsirkin2015-12-023-23/+42
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since commit 8561c9244ddf1122d "exec: allocate PROT_NONE pages on top of RAM", it is no longer possible to back guest RAM with hugepages on ppc64 hosts: mmap(NULL, 285212672, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x3fff57000000 mmap(0x3fff57000000, 268435456, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 19, 0) = -1 EBUSY (Device or resource busy) This is because on ppc64, Linux fixes a page size for a virtual address at mmap time, so we can't switch a range of memory from anonymous small pages to hugetlbs with MAP_FIXED. See commit d0f13e3c20b6fb73ccb467bdca97fa7cf5a574cd ("[POWERPC] Introduce address space "slices"") in Linux history for the details. Detect this and create the PROT_NONE mapping using the same fd. Naturally, this makes the guard page bigger with hugetlbfs. Based on patch by Greg Kurz. Acked-by: Rik van Riel <riel@redhat.com> Reviewed-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Tested-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
| * | virtio-pci: Set the QEMU_PCI_CAP_EXPRESS capability early in its DeviceClass ↵Shmulik Ladkani2015-12-022-5/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | realize method In 1811e64 'hw/virtio: Add PCIe capability to virtio devices', the QEMU_PCI_CAP_EXPRESS capability was added to virtio's pci_dev, within 'virtio_pci_realize' - the pci device object realization method. This occurs to late, as 'pci_qdev_realize' (DeviceClass.realize of TYPE_PCI_DEVICE) has already been called, without knowing that the device instance is indeed an "express" instance, thus allocating insufficient pci config space. As a result, device may crash upon attempt to write to the PCIE config space. Fix, by arming the QEMU_PCI_CAP_EXPRESS capability early in virtio-pci's own DeviceClass realize method. This also makes code cleaner, as 'virtio_pci_realize' may now access the 'pci_is_express' predicate when needed. Signed-off-by: Shmulik Ladkani <shmulik.ladkani@ravellosystems.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Marcel Apfelbaum <marcel@redhat.com> Tested-by: Marcel Apfelbaum <marcel@redhat.com>
| * | virtio: handle non-virtio-1-capable backend for ccwCornelia Huck2015-12-023-0/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If you run a qemu advertising VERSION_1 with an old kernel where vhost did not yet support VERSION_1, you'll end up with a device that is {modern pci|ccw revision 1} but does not advertise VERSION_1. This is not a sensible configuration and is rejected by the Linux guest drivers. To fix this, add a ->post_plugged() callback invoked after features have been queried that can handle the VERSION_1 bit being withdrawn and change ccw to fall back to revision 0 if VERSION_1 is gone. Note that pci is _not_ fixed; we'll need to rethink the approach for the next release but at least for pci it's not a regression. Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>