Kevin Wolf [Thu, 16 Aug 2012 08:56:35 +0000 (10:56 +0200)]
Documentation: Warn against qemu-img on active image
People have repeatedly expected that you can do things like snapshotting
an image with qemu-img while a qemu instance is running. Maybe we need
to consider locking the files while they are in use, but having a
warning in the qemu-img manpage is doable for 1.2 and can't hurt anyway.
Kevin Wolf [Thu, 16 Aug 2012 08:39:33 +0000 (10:39 +0200)]
vmdk: Read footer for streamOptimized images
The footer takes precedence over the header when it exists. It contains
the real grain directory offset that is missing in the header. Without
this patch, streamOptimized images with a footer cannot be read.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Reviewed-by: Jeff Cody <jcody@redhat.com>
(cherry picked from commit 65bd155c7356d448ffee7f89149c4d473076b0ba)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit ff961015529437f4b83fca0a92069aebcf533c9c)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Markus Armbruster [Wed, 15 Aug 2012 11:12:20 +0000 (13:12 +0200)]
pc: Fix RTC CMOS info on RAM for ram_size < 1MiB
pc_cmos_init() always claims 640KiB base memory, and ram_size - 1MiB
extended memory. The latter can underflow to "lots of extended
memory". Fix both, and clean up some.
Note: SeaBIOS currently requires 1MiB of RAM, and doesn't check
whether it got enough.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit e89001f72edde37fb36fa7c964daa1bbeb2eca26)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Jan Kiszka [Tue, 14 Aug 2012 08:24:47 +0000 (10:24 +0200)]
kvm: i8254: Finish time conversion fix
0cdd3d1444 fixed reading back the counter load time from the kernel
while assuming the kernel would always update its load time on writing
the state. That is only true for channel 1, and so pit_get_channel_info
returned wrong output pin states for high counter values.
Fix this by applying the offset also on kvm_pit_put. Now we also need to
update the offset when we write the state while the VM is stopped as it
keeps on changing in that state.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
(cherry picked from commit 050a46065de8e3d4ee5a04f5598d666f63d34800)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Jan Kiszka [Tue, 14 Aug 2012 08:24:03 +0000 (10:24 +0200)]
kvm: i8254: Cache kernel clock offset in KVMPITState
To prepare the final fix for clock calibration issues with the in-kernel
PIT, we want to cache the offset between vmclock and the clock used by
the in-kernel PIT. So far, we only need to update it when the VM state
changes between running and stopped because we only read the in-kernel
PIT state while the VM is running.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
(cherry picked from commit 205df4d1a87cbb14a50655fb2c0a987467fb29d6)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Jason Baron [Fri, 3 Aug 2012 19:57:06 +0000 (15:57 -0400)]
ahci: Fix ahci cdrom read corruptions for reads > 128k
While testing q35, which has its cdrom attached to the ahci controller, I found
that the Fedora 17 install would panic on boot. The panic occurs while
squashfs is trying to read from the cdrom. The errors are:
[ 8.622711] SQUASHFS error: xz_dec_run error, data probably corrupt
[ 8.625180] SQUASHFS error: squashfs_read_data failed to read block
0x20be48a
I was also able to produce corrupt data reads using an installed piix based
qemu machine, using 'dd'. I found that the corruptions were only occuring when
then read size was greater than 128k. For example, the following command
results in corrupted reads:
dd if=/dev/sr0 of=/tmp/blah bs=256k iflag=direct
The > 128k size reads exercise a different code path than 128k and below. In
ide_atapi_cmd_read_dma_cb() s->io_buffer_size is capped at 128k. Thus,
ide_atapi_cmd_read_dma_cb() is called a second time when the read is > 128k.
However, ahci_dma_rw_buf() restart the read from offset 0, instead of at 128k.
Thus, resulting in a corrupted read.
To fix this, I've introduced 'io_buffer_offset' field in IDEState to keep
track of the offset. I've also modified ahci_populate_sglist() to take a new
3rd offset argument, so that the sglist is property initialized.
I've tested this patch using 'dd' testing, and Fedora 17 now correctly boots
and installs on q35 with the cdrom ahci controller.
Signed-off-by: Jason Baron <jbaron@redhat.com> Tested-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 61f52e06f0a21bab782f98ef3ea789aa6d0aa046)
Conflicts:
hw/ide/ahci.c
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Jason Baron [Fri, 3 Aug 2012 19:57:10 +0000 (15:57 -0400)]
ahci: Fix sglist memleak in ahci_dma_rw_buf()
I noticed that in hw/ide/ahci:ahci_dma_rw_buf() we do not free the sglist. Thus,
I've added a call to qemu_sglist_destroy() to fix this memory leak.
In addition, I've adeed a call in qemu_sglist_destroy() to 0 all of the sglist
fields, in case there is some other codepath that tries to free the sglist.
Signed-off-by: Jason Baron <jbaron@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit ea8d82a1ed72634f089ed1bccccd9c84cc1ab855)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Jan Kiszka [Mon, 9 Jul 2012 14:42:32 +0000 (16:42 +0200)]
apic: Defer interrupt updates to VCPU thread
KVM performs TPR raising asynchronously to QEMU, specifically outside
QEMU's global lock. When an interrupt is injected into the APIC and TPR
is checked to decide if this can be delivered, a stale TPR value may be
used, causing spurious interrupts in the end.
Fix this by deferring apic_update_irq to the context of the target VCPU.
We introduce a new interrupt flag for this, CPU_INTERRUPT_POLL. When it
is set, the VCPU calls apic_poll_irq before checking for further pending
interrupts. To avoid special-casing KVM, we also implement this logic
for TCG mode.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Avi Kivity <avi@redhat.com>
(cherry picked from commit 5d62c43a17edaa7f6a88821c9086e6c8e0e5327d)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Jan Kiszka [Mon, 9 Jul 2012 14:42:31 +0000 (16:42 +0200)]
apic: Reevaluate pending interrupts on LVT_LINT0 changes
When the guest modifies the LVT_LINT0 register, we need to check if some
pending PIC interrupt can now be delivered.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Avi Kivity <avi@redhat.com>
(cherry picked from commit a94820ddc36f8c452b37f9dcb323f55ffdbc75f9)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Jan Kiszka [Mon, 9 Jul 2012 14:42:30 +0000 (16:42 +0200)]
apic: Resolve potential endless loop around apic_update_irq
Commit d96e173769 refactored the reinjection of pending PIC interrupts.
However, it missed the potential loop of apic_update_irq ->
apic_deliver_pic_intr -> apic_local_deliver -> apic_set_irq ->
apic_update_irq that /could/ occur if LINT0 is injected as APIC_DM_FIXED
and that vector is currently blocked via TPR.
Resolve this by reinjecting only where it matters: inside
apic_get_interrupt. This function may clear a vector while a
PIC-originated reason still exists.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Avi Kivity <avi@redhat.com>
(cherry picked from commit 3db3659bf60094657e1465cc809acb09551816ee)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
slirp: Ensure smbd and shared directory exist when enable smb
Users may pass the following parameters to qemu:
$ qemu-kvm -net nic -net user,smb= ...
$ qemu-kvm -net nic -net user,smb ...
$ qemu-kvm -net nic -net user,smb=bad_directory ...
In these cases, qemu started successfully while samba server
failed to start. Users will confuse since samba server
failed silently without any indication of what it did wrong.
To avoid it, we check whether the shared directory exist and
if users have permission to access this directory when QEMU's
"built-in" SMB server is enabled.
Signed-off-by: Dunrong Huang <riegamaths@gmail.com> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
(cherry picked from commit 927d811b282ffdf5386bd63f435c1507634ba49a)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Jan Kiszka [Thu, 5 Jul 2012 17:35:57 +0000 (19:35 +0200)]
slirp: Enforce host-side user of smb share
Windows 7 (and possibly other versions) cannot connect to the samba
share if the exported host directory is not world-readable. This can be
resolved by forcing the username used for access checks to the one
under which QEMU and smbd are running.
Michael Roth [Wed, 15 Aug 2012 18:45:44 +0000 (13:45 -0500)]
check-qjson: add test for large JSON objects
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 7109edfeb69c1d3c2164175837784dfcd210fed0)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Michael Roth [Wed, 15 Aug 2012 18:45:43 +0000 (13:45 -0500)]
json-parser: don't replicate tokens at each level of recursion
Currently, when parsing a stream of tokens we make a copy of the token
list at the beginning of each level of recursion so that we do not
modify the original list in cases where we need to fall back to an
earlier state.
In the worst case, we will only read 1 or 2 tokens off the list before
recursing again, which means an upper bound of roughly N^2 token allocations.
For a "reasonably" sized QMP request (in this a QMP representation of
cirrus_vga's device state, generated via QIDL, being passed in via
qom-set), this caused my 16GB's of memory to be exhausted before any
noticeable progress was made by the parser.
This patch works around the issue by using single copy of the token list
in the form of an indexable array so that we can save/restore state by
manipulating indices.
A subsequent commit adds a "large_dict" test case which exhibits the
same behavior as above. With this patch applied the test case successfully
completes in under a second.
Tested with valgrind, make check, and QMP.
Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 65c0f1e9558c7c762cdb333406243fff1d687117)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Michael Roth [Wed, 15 Aug 2012 18:45:42 +0000 (13:45 -0500)]
qlist: add qlist_size()
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit a86a4c2f7b7f0b72816ea1c219d8140699b6665b)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Hans de Goede [Fri, 6 Jul 2012 10:09:33 +0000 (12:09 +0200)]
usb-ehci: Fix an assert whenever isoc transfers are used
hcd-ehci.c is missing an usb_packet_init() call for the ipacket UsbPacket
it uses for isoc transfers, triggering an assert (taking the entire vm down)
in usb_packet_setup as soon as any isoc transfers are done by a high speed
USB device.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 7341ea075c09258b98a1d0efc60efd402cbfc9b4)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Hans de Goede [Fri, 6 Jul 2012 10:09:32 +0000 (12:09 +0200)]
usb-redir: Correctly handle the usb_redir_babble usbredir status
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit adae502c0ae4572ef08f71cb5b5ed5a8e90299fe)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
While hacking up uas support this turned out to be a problem. The linux
kernel can unlink and instantly relink the very same queue head, thereby
killing any async packets in flight. That alone isn't an issue yet, the
packet will canceled and resubmitted and everything is fine. We'll run
into trouble though in case the async packet is completed already, so we
can't cancel it any more. The transaction is simply lost then.
usb_ehci_qh_ptrs q (nil) - QH @ 39c4f000: next 39c4f122 qtds 00000000,00000001,39c50000
usb_ehci_qh_fields QH @ 39c4f000 - rl 0, mplen 0, eps 0, ep 0, dev 0
usb_ehci_qh_ptrs q 0x7f95feba90a0 - QH @ 39c4f000: next 39c4f122 qtds 00000000,00000001,39c50000
usb_ehci_qh_fields QH @ 39c4f000 - rl 0, mplen 0, eps 0, ep 0, dev 0
usb_ehci_qh_ptrs q 0x7f95fe515210 - QH @ 39c4f120: next 39c4f0c2 qtds 29dbce40,29dbc4e0,00000009
usb_ehci_qh_fields QH @ 39c4f120 - rl 4, mplen 512, eps 2, ep 1, dev 2
usb_ehci_packet_action q 0x7f95fe515210 p 0x7f95fdec32a0: alloc
usb_packet_state_change bus 0, port 2, ep 1, packet 0x7f95fdec32e0, state undef -> setup
usb_ehci_packet_action q 0x7f95fe515210 p 0x7f95fdec32a0: process
usb_uas_command dev 2, tag 0x2, lun 0, lun64 00000000-00000000
scsi_req_parsed target 0 lun 0 tag 2 command 42 dir 2 length 16384
scsi_req_parsed_lba target 0 lun 0 tag 2 command 42 lba 5933312
scsi_req_alloc target 0 lun 0 tag 2
scsi_req_continue target 0 lun 0 tag 2
scsi_req_data target 0 lun 0 tag 2 len 16384
usb_uas_scsi_data dev 2, tag 0x2, bytes 16384
usb_uas_write_ready dev 2, tag 0x2
usb_packet_state_change bus 0, port 2, ep 1, packet 0x7f95fdec32e0, state setup -> complete
usb_ehci_packet_action q 0x7f95fe515210 p 0x7f95fdec32a0: free
usb_ehci_qh_ptrs q 0x7f95fdec3210 - QH @ 39c4f0c0: next 39c4f002 qtds 29dbce40,00000001,00000009
usb_ehci_qh_fields QH @ 39c4f0c0 - rl 4, mplen 512, eps 2, ep 2, dev 2
usb_ehci_queue_action q 0x7f95fe5152a0: free
usb_packet_state_change bus 0, port 2, ep 2, packet 0x7f95feba9170, state async -> complete
^^^ async packets completes.
usb_ehci_packet_action q 0x7f95fdec3210 p 0x7f95feba9130: wakeup
usb_ehci_qh_ptrs q (nil) - QH @ 39c4f000: next 39c4f122 qtds 00000000,00000001,39c50000
usb_ehci_qh_fields QH @ 39c4f000 - rl 0, mplen 0, eps 0, ep 0, dev 0
usb_ehci_qh_ptrs q 0x7f95feba90a0 - QH @ 39c4f000: next 39c4f122 qtds 00000000,00000001,39c50000
usb_ehci_qh_fields QH @ 39c4f000 - rl 0, mplen 0, eps 0, ep 0, dev 0
usb_ehci_qh_ptrs q 0x7f95fe515210 - QH @ 39c4f120: next 39c4f002 qtds 29dbc4e0,29dbc8a0,00000009
usb_ehci_qh_fields QH @ 39c4f120 - rl 4, mplen 512, eps 2, ep 1, dev 2
usb_ehci_queue_action q 0x7f95fdec3210: free
usb_ehci_packet_action q 0x7f95fdec3210 p 0x7f95feba9130: free
^^^ endpoint #2 queue head removed from schedule, doorbell makes ehci zap the queue,
the (completed) usb packet is freed too and gets lost.
usb_ehci_qh_ptrs q (nil) - QH @ 39c4f000: next 39c4f0c2 qtds 00000000,00000001,39c50000
usb_ehci_qh_fields QH @ 39c4f000 - rl 0, mplen 0, eps 0, ep 0, dev 0
usb_ehci_qh_ptrs q 0x7f95feba90a0 - QH @ 39c4f000: next 39c4f0c2 qtds 00000000,00000001,39c50000
usb_ehci_qh_fields QH @ 39c4f000 - rl 0, mplen 0, eps 0, ep 0, dev 0
usb_ehci_queue_action q 0x7f9600dff570: alloc
usb_ehci_qh_ptrs q 0x7f9600dff570 - QH @ 39c4f0c0: next 39c4f122 qtds 29dbce40,00000001,00000009
usb_ehci_qh_fields QH @ 39c4f0c0 - rl 4, mplen 512, eps 2, ep 2, dev 2
usb_ehci_packet_action q 0x7f9600dff570 p 0x7f95feba9130: alloc
usb_packet_state_change bus 0, port 2, ep 2, packet 0x7f95feba9170, state undef -> setup
usb_ehci_packet_action q 0x7f9600dff570 p 0x7f95feba9130: process
usb_packet_state_change bus 0, port 2, ep 2, packet 0x7f95feba9170, state setup -> async
usb_ehci_packet_action q 0x7f9600dff570 p 0x7f95feba9130: async
^^^ linux kernel relinked the queue head, ehci creates a new usb packet,
but we should have delivered the completed one instead.
usb_ehci_qh_ptrs q 0x7f95fe515210 - QH @ 39c4f120: next 39c4f002 qtds 29dbc4e0,29dbc8a0,00000009
usb_ehci_qh_fields QH @ 39c4f120 - rl 4, mplen 512, eps 2, ep 1, dev 2
So instead of instantly zapping the queue we'll set a flag that the
queue needs revalidation in case we'll see it again in the schedule.
ehci then checks that the queue head fields addressing / describing the
endpoint and the qtd pointer match the cached content before reusing it.
Avi Kivity [Mon, 6 Aug 2012 12:49:03 +0000 (15:49 +0300)]
virtio-blk: fix use-after-free while handling scsi commands
The scsi passthrough handler falls through after completing a
request into the failure path, resulting in a use after free.
Reproducible by running a guest with aio=native on a block device.
Reported-by: Stefan Priebe <s.priebe@profihost.ag> Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 730a9c53b4e52681fcfe31cf38854cbf91e132c7)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
This error always existed as qdev_init() frees the object. But QOM
goes a bit further and purposefully sets the class pointer to NULL to
help find use-after-free. It worked :-)
Cc: Andreas Faerber <afaerber@suse.de> Reported-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 7de3abe505e34398cef5bddf6c4d0bd9ee47007f)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Christian Borntraeger [Mon, 23 Jul 2012 21:37:04 +0000 (21:37 +0000)]
s390: Fix error handling and condition code of service call
Invalid sccb addresses will cause specification or addressing exception.
Lets add those checks. Furthermore, the good case (cc=0) was incorrect
for KVM, we did not set the CC at all. We now use return codes < 0
as program checks and return codes > 0 as condition code values.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Alexander Graf <agraf@suse.de>
(cherry picked from commit 9abf567d95a4e840df868ca993219175fbef8c22)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
David Gibson [Mon, 6 Aug 2012 18:44:45 +0000 (18:44 +0000)]
ppc: Fix bug in handling of PAPR hypercall exits
Currently for powerpc, kvm_arch_handle_exit() always returns 1, meaning
that its caller - kvm_cpu_exec() - will always exit immediately afterwards
to the loop in qemu_kvm_cpu_thread_fn().
There's no need to do this. Once we've handled the hypercall there's no
reason we can't go straight around and KVM_RUN again, which is what ret = 0
will signal. The only exception might be for hypercalls which affect the
state of cpu_can_run(), however the only one that might do this is H_CEDE
and for kvm that is always handled in the kernel, not qemu.
Furtherm setting ret = 0 means that when exit_requested is set from a
hypercall, we will enter KVM_RUN once more with a signal which lets the
the kernel do its internal logic to complete the hypercall with out
actually executing any more guest code. This is important if our hypercall
also triggered a reset, which previously would re-initialize everything
without completing the hypercall. This caused the kernel to get confused
because it thought the guest was still in the middle of a hypercall when
it has actually been reset.
This patch therefore changes to ret = 0, which is both a bugfix and a small
optimization.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
(cherry picked from commit 78e8fde26c032931ca2ae13bfc7c59e38afd17ee)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Peter Maydell [Tue, 14 Aug 2012 14:35:34 +0000 (15:35 +0100)]
configure: Don't override user's --cpu on MacOS and Solaris
Both MacOS and Solaris have special case handling for the CPU
type, because the check_define probes will return i386 even if
the hardware is 64 bit and x86_64 would be preferable. Move
these checks earlier in the configure probing so that we can
do them only if the user didn't specify a CPU with --cpu. This
fixes a bug where the user's command line argument was being
ignored.
Reviewed-by: Andreas F=E4rber <afaerber@suse.de> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit bbea4050802a2e7e0296a21823c0925782c02b93)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Anthony Liguori [Wed, 27 Jun 2012 13:20:43 +0000 (08:20 -0500)]
qtest: fix infinite loop when QEMU aborts abruptly
From Markus:
Makes "make check" hang:
QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 gtester -k --verbose -m=quick tests/crash-test tests/rtc-test
TEST: tests/crash-test... (pid=972)
qemu-system-x86_64: Device needs media, but drive is empty
[Nothing happens, wait a while, then hit ^C]
make: *** [check-qtest-x86_64] Interrupt
This was due to the fact that we weren't checked for errors when
reading from the QMP socket. This patch adds appropriate error
checking.
Reported-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 039380a8e18f618cdacf72486449c04dc1b70eef)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Alexander Graf [Fri, 18 May 2012 00:36:26 +0000 (02:36 +0200)]
s390x: fix s390 virtio aliases
Some of the virtio devices have the same frontend name, but actually
implement different devices behind the scenes through aliases.
The indicator which device type to use is the architecture. On s390, we
want s390 virtio devices. On everything else, we want PCI devices.
Reflect this in the alias selection code. This way we fix commands like
-device virtio-blk on s390x which with this patch applied select the
correct virtio-blk-s390 device rather than virtio-blk-pci.
Reported-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> Signed-off-by: Alexander Graf <agraf@suse.de>
Jason Wang [Thu, 17 May 2012 05:25:43 +0000 (13:25 +0800)]
rtl8139: validate rx ring before receiving packets
Commit ff71f2e8cacefae99179993204172bc65e4303df prevent the possible
crash during initialization of linux driver by checking the operating
mode.This seems too strict as:
- the real card could still work in mode other than normal
- some buggy driver who does not set correct opmode after eeprom
access
So, considering rx ring address were reset to zero (which could be
safely trated as an address not intened to DMA to), in order to
both letting old guest work and preventing the unexpected DMA to
guest, we can forbid packet receiving when rx ring address is zero.
Tested-by: Avi Kivity <avi@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit fcce6fd25f3e233f9da9ef01230a668ab35bd343)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Stefan Hajnoczi [Wed, 13 Jun 2012 13:29:15 +0000 (14:29 +0100)]
qemu-img: document qed format on qemu-img man page
The qemu-img.1 man page is missing the qed format from its list of
supported formats. Document the image creation options for qed.
Suggested-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit f085800e245836fed27fddb3b624a29326637657)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
MORITA Kazutaka [Tue, 29 May 2012 16:05:15 +0000 (01:05 +0900)]
sheepdog: fix return value of do_load_save_vm_state
bdrv_save_vmstate and bdrv_load_vmstate should return the vmstate size
on success, and -errno on error.
Signed-off-by: MORITA Kazutaka <morita.kazutaka@lab.ntt.co.jp> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 6f3c714eb7730630241fd0b33b799352d7feb876)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Jan Beulich [Mon, 11 Jun 2012 09:52:27 +0000 (09:52 +0000)]
qemu/xendisk: set maximum number of grants to be used
Legacy (non-pvops) gntdev drivers may require this to be done when the
number of grants intended to be used simultaneously exceeds a certain
driver specific default limit.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
(cherry picked from commit 64c27e5b1fdb6d94bdc0bda3b1869d7383a35c65)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Pavel Hrdina [Wed, 13 Jun 2012 13:43:11 +0000 (15:43 +0200)]
fdc: fix implied seek while there is no media in drive
The Windows uses 'READ' command at the start of an instalation
without checking the 'dir' register. We have to abort the transfer
with an abnormal termination if there is no media in the drive.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit c52acf60b6c12ff5eb58eb6ac568c159ae0c8737)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Stefan Hajnoczi [Thu, 14 Jun 2012 10:42:23 +0000 (11:42 +0100)]
qcow2: fix autoclear image header update
The autoclear feature bits can be used for qcow2 file format features
that are safe to "drop" by old programs that do not understand the
feature. Upon opening the image file unknown autoclear feature bits are
cleared and the image file header is rewritten, but this was happening
too early in the code when critical header fields were not yet loaded.
Process autoclear feature bits after all necessary header information
has been loaded.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit af7b708db2d03eb47f7ba44a050439ad9ee65e7a)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Pavel Dovgaluk [Wed, 30 May 2012 06:08:04 +0000 (10:08 +0400)]
Prevent disk data loss when closing qemu
Prevent disk data loss when closing qemu console window
under Windows 7.
v3. Comment for Sleep() parameter was updated.
Signed-off-by: Pavel Dovgalyuk<pavel.dovgaluk@gmail.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit b75a02829dde98723dfe16fa098338cb267b28b9)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com> Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 87267753a36798e25262ee48264bea2ab70921aa)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Jason Baron [Thu, 3 May 2012 02:42:15 +0000 (22:42 -0400)]
pci_bridge_dev: fix error path in pci_bridge_dev_initfn()
Currently, we do not properly cleanup, if pci_bridge_dev_initfn
fails to initialize properly. Make sure to call pci_bridge_exitfn()
in the error path.
Signed-off-by: Jason Baron <jbaron@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 80aa796bf38b7ef21daa42673b4711510c450d8a)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Jason Baron [Thu, 3 May 2012 02:42:10 +0000 (22:42 -0400)]
qdev: release parent properties on dc->init failure
While looking into hot-plugging bridges, I can create a qemu segfault via:
$ device_add pci-bridge
Bridge chassis not specified. Each bridge is required to be assigned a unique chassis id > 0.
**
ERROR:qom/object.c:389:object_delete: assertion failed: (obj->ref == 0)
I'm proposing to fix this by adding a call to 'object_unparent()', before the
call to qdev_free(). I see there is already a precedent for this usage pattern as
seen in qdev_simple_unplug_cb():
/* can be used as ->unplug() callback for the simple cases */
int qdev_simple_unplug_cb(DeviceState *dev)
{
/* just zap it */
object_unparent(OBJECT(dev));
qdev_free(dev);
return 0;
}
Signed-off-by: Jason Baron <jbaron@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 266ca11a0433643a3cc3146a9837d9f2b0bfbe3b)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Jan Kiszka [Fri, 11 May 2012 14:42:35 +0000 (11:42 -0300)]
intel-hda: Fix reset of MSI function
Call msi_reset on device reset as still required by the core.
CC: Gerd Hoffmann <kraxel@redhat.com> CC: qemu-stable@nongnu.org Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 8e729e3b521d9fcd87fc2e40b6322e684f58bb2e)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Jan Kiszka [Fri, 11 May 2012 14:42:34 +0000 (11:42 -0300)]
ahci: Fix reset of MSI function
Call msi_reset on device reset as still required by the core.
CC: Alexander Graf <agraf@suse.de> CC: qemu-stable@nongnu.org Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 868a1a52267daddf933ee18480ae036da029b561)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Fernando Luis Vazquez Cao [Mon, 4 Jun 2012 14:35:11 +0000 (17:35 +0300)]
rtl8139: honor RxOverflow flag in can_receive method
Some drivers (Linux' 8139too among them) rely on the NIC
injecting an interrupt in the event of a receive buffer overflow
and, accordingly, set the RxOverflow bit in the interrupt
mask. Unfortunately rtl8139's can_receive method ignores the
RxOverflow flag, which may lead to a situation where rtl8139
stops receiving packets (can_receive returns 0) when the receive
buffer becomes full.
If the driver eventually read from the receive buffer or reset
the card the emulator could recover from this situation. However
some implementations only do this upon receiving an interrupt
with either RxOK or RxOverflow set in the ISR; interrupt that
will never come because QEMU's flow control mechanisms would
prevent rtl8139 from receiving any packet.
Letting packets go through when the overflow interrupt is enabled
makes the QEMU emulator compliant to the spec and solves the
problem.
This patch should fix a relatively common (in our experience)
network stall observed when running enterprise distros with
rtl8139 as the NIC; in some cases the 8139too device driver gets
loaded and when under heavy load the network eventually stops
working.
Reported-by: Hayato Kakuta <kakuta.hayato@oss.ntt.co.jp> Tested-by: Hayato Kakuta <kakuta.hayato@oss.ntt.co.jp> Acked-by: Igor Kovalenko <igor.v.kovalenko@gmail.com> Signed-off-by: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit fee9d348ffc5c9f80068086799a948996f633f7e)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Stefan Weil [Mon, 14 May 2012 09:47:20 +0000 (09:47 +0000)]
monitor: Fix memory leak with readline completion
Each string which is shown during readline completion in the QEMU monitor
is allocated dynamically but currently never deallocated.
Add the missing loop which calls g_free for the allocated strings.
Signed-off-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
(cherry picked from commit fc9fa4bd0a295ac18808c4cd2cfac484bc4649d3)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Kevin Wolf [Fri, 15 Jun 2012 11:43:18 +0000 (13:43 +0200)]
qcow2: Silence false warning
Some gcc versions seem not to be able to figure out that the switch
statement covers all possible values and that c is therefore always
initialised. Add a default branch for them.
Reported-by: malc <av1474@comtv.ru> Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: malc <av1474@comtv.ru>
(cherry picked from commit 1417d7e40eaf1418333fb2ec43d0c7f4245b10e7)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Jan Kiszka [Wed, 6 Jun 2012 14:28:42 +0000 (16:28 +0200)]
kvm: i8254: Fix conversion of in-kernel to userspace state
Due to a offset between the clock used to generate the in-kernel
count_load_time (CLOCK_MONOTONIC) and the clock used for processing this
in userspace (vm_clock), reading back the output of PIT channel 2 via
port 0x61 was broken. One use cases that suffered from it was the CPU
frequency calibration of SeaBIOS, which also affected IDE/AHCI timeouts.
This fixes it by calibrating the offset between both clocks on
kvm_pit_get and adjusting the kernel value before saving it in the
userspace state. As the calibration only works while the vm_clock is
running, we cache the in-kernel state across stopped phases.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Avi Kivity <avi@redhat.com>
(cherry picked from commit 0cdd3d14447da1a04e778c219c77db8b96f9cf33)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Jim Meyering [Thu, 10 May 2012 16:19:47 +0000 (18:19 +0200)]
kvm/apic: correct short memset
kvm_put_apic_state's attempt to clear *kapic before setting its
bits cleared sizeof(void*) bytes (no more than 8) rather than the
intended 1024 (KVM_APIC_REG_SIZE) bytes. Spotted by coverity.
Signed-off-by: Jim Meyering <meyering@redhat.com> Signed-off-by: Avi Kivity <avi@redhat.com>
(cherry picked from commit 0614cb82ca27bdffb83864e693fc29e29182667b)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Harsh Prateek Bora [Thu, 7 Jun 2012 21:50:43 +0000 (03:20 +0530)]
configure: report missing libraries for virtfs
Signed-off-by: Harsh Prateek Bora <harsh@linux.vnet.ibm.com> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
(cherry picked from commit 263ddcc81bf45d475ef86100a8567b3fb2129b8d)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Harsh Prateek Bora [Thu, 7 Jun 2012 21:50:42 +0000 (03:20 +0530)]
trace/simple.c: fix deprecated glib2 interface
Signed-off-by: Harsh Prateek Bora <harsh@linux.vnet.ibm.com> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
(cherry picked from commit 0d665005c7fd3800f1ae590701f60fe7e4c9a57a)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Max Filippov [Sun, 27 May 2012 23:18:33 +0000 (03:18 +0400)]
target-xtensa: fix CCOUNT for conditional branches
Taken conditional branches fail to update CCOUNT register because
accumulated ccount_delta is reset during translation of non-taken
branch. To fix it only update CCOUNT once per conditional branch
instruction translation.
This fixes guest linux freeze on LTP waitpid06 test.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit d865f307399441919d6646545b7735e57920da04)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Max Filippov [Sun, 27 May 2012 16:21:08 +0000 (20:21 +0400)]
exec: fix TB invalidation after breakpoint insertion/deletion
tb_invalidate_phys_addr has to be called with the exact physical address of
the breakpoint we add/remove, not just the page's base address.
Otherwise we easily fail to flush the right TB.
This breakage was introduced by the commit f3705d5329 "memory: make
phys_page_find() return an unadjusted".
This appeared to work for some guest architectures because their
cpu_get_phys_page_debug implementation returns full translated physical
address, not just the base of the TARGET_PAGE_SIZE-sized page.
Reported-by: TeLeMan <geleman@gmail.com> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit 9d70c4b7b8a580959cc4f739e7c9a04964d00d46)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Max Filippov [Sun, 27 May 2012 14:34:54 +0000 (18:34 +0400)]
target-xtensa: add MMU pagewalking tests
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit c305e32f4336e29fd3f86fc32ffce7b00e5bd9e1)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Max Filippov [Sun, 27 May 2012 14:34:53 +0000 (18:34 +0400)]
target-xtensa: control page table lookup explicitly
Hardware pagetable walking may not be nested. Stop guessing and pass
explicit flag to the get_physical_addr_mmu function that controls page
table lookup.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit 57705a676c65e6ecacc44c23b192f3d7ed2cdedd)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
This is to avoid interference of internal QEMU helpers
(cpu_get_phys_page_debug, tb_invalidate_virtual_addr) with guest-visible
TLB state.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit ae4e7982e6db8b88e90db74779f4693bc2c636a8)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Max Filippov [Sun, 27 May 2012 14:34:51 +0000 (18:34 +0400)]
target-xtensa: extract TLB entry setting method
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit 16bde77a298acfe15f5e948aceff550d0cb173e8)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Max Filippov [Sun, 27 May 2012 14:34:50 +0000 (18:34 +0400)]
target-xtensa: update EXCVADDR in case of page table lookup
According to ISA, 4.4.2.6, EXCVADDR may be changed by any TLB miss, even
if the miss is handled entirely by processor hardware.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit 39e7d37f0f25823c00d1105e8eb9b61182fd349c)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Max Filippov [Sun, 27 May 2012 14:34:49 +0000 (18:34 +0400)]
target-xtensa: flush TLB page for new MMU mapping
Both old and new mappings need flushing because their VPN may be
different in MMU case.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit e323bdeff28f3bd647bf02cc9df57971eff3e258)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Christian Borntraeger [Thu, 24 May 2012 11:22:55 +0000 (13:22 +0200)]
virtio-blk: Fix geometry sector calculation
Currently the sector value for the geometry is masked, even if the
user usesa command line parameter that explicitely gives a number.
This breaks dasd devices on s390. A dasd device can have
a physical block size of 4096 (== same for logical block size)
and a typcial geometry of 15 heads and 12 sectors per cyl.
The ibm partition detection relies on a correct geometry
reported by the device. Unfortunately the current code changes
12 to 8. This would be necessary if the total size is
not a multiple of logical sector size, but for dasd this
is not the case.
This patch checks the device size and only applies sector
mask if necessary.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> CC: Christoph Hellwig <hch@lst.de> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 136be99e6e2130d3cd960b6b7d0ca86b6f011e5f)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
In snapshot mode, bdrv_open creates an empty temporary file without
checking for mkstemp or close failure, and ignoring the possibility
of a buffer overrun given a surprisingly long $TMPDIR.
Change the get_tmp_filename function to return int (not void),
so that it can inform its two callers of those failures.
Also avoid the risk of buffer overrun and do not ignore mkstemp
or close failure.
Update both callers (in block.c and vvfat.c) to propagate
temp-file-creation failure to their callers.
get_tmp_filename creates and closes an empty file, while its
callers later open that presumed-existing file with O_CREAT.
The problem was that a malicious user could provoke mkstemp failure
and race to create a symlink with the selected temporary file name,
thus causing the qemu process (usually root owned) to open through
the symlink, overwriting an attacker-chosen file.
This addresses CVE-2012-2652.
http://bugzilla.redhat.com/CVE-2012-2652
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Jim Meyering <meyering@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Eduardo Habkost [Mon, 21 May 2012 14:27:02 +0000 (11:27 -0300)]
Expose CPUID leaf 7 only for -cpu host
Changes v2 -> v3;
- Check for kvm_enabled() before setting cpuid_7_0_ebx_features
Changes v1 -> v2:
- Use kvm_arch_get_supported_cpuid() instead of host_cpuid() on
cpu_x86_fill_host().
We should use GET_SUPPORTED_CPUID for all bits on "-cpu host"
eventually, but I am not changing all the other CPUID leaves because
we may not be able to test such an intrusive change in time for 1.1.
Description of the bug:
Since QEMU 0.15, the CPUID information on CPUID[EAX=7,ECX=0] is being
returned unfiltered to the guest, directly from the GET_SUPPORTED_CPUID
return value.
The problem is that this makes the resulting CPU feature flags
unpredictable and dependent on the host CPU and kernel version. This
breaks live-migration badly if migrating from a host CPU that supports
some features on that CPUID leaf (running a recent kernel) to a kernel
or host CPU that doesn't support it.
Migration also is incorrect (the virtual CPU changes under the guest's
feet) if you migrate in the opposite direction (from an old CPU/kernel
to a new CPU/kernel), but with less serious consequences (guests
normally query CPUID information only once on boot).
Fortunately, the bug affects only users using cpudefs with level >= 7.
The right behavior should be to explicitly enable those features on
[cpudef] config sections or on the "-cpu" command-line arguments. Right
now there is no predefined CPU model on QEMU that has those features:
the latest Intel model we have is Sandy Bridge.
I would like to get this fixed on 1.1, so I am submitting this patch,
that enables those features only if "-cpu host" is being used (as we
don't have any pre-defined CPU model that actually have those features).
After 1.1 is released, we can make those features properly configurable
on [cpudef] and -cpu configuration.
One problem is: with this patch, users with the following setup:
- Running QEMU 1.0;
- Using a cpudef having level >= 7;
- Running a kernel that supports the features on CPUID leaf 7; and
- Running on a CPU that supports some features on CPUID leaf 7
won't be able to live-migrate to QEMU 1.1. But for these users
live-migration is already broken (they can't live-migrate to hosts with
older CPUs or older kernels, already), I don't see how to avoid this
problem.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Michael Roth [Tue, 29 May 2012 15:08:50 +0000 (10:08 -0500)]
qemu-ga: avoid blocking on atime update when reading /etc/mtab
Currently we re-read/re-process /etc/mtab to get an updated list of
mounts when guest-fsfreeze-thaw is called. This can cause an atime
update on /etc/mtab, which will block if we're in a frozen state.
Instead, use /proc's version of mtab, which may not be up-to-date with
options passed via -o remount, but is compatible for our use cases since
we only care about the filesystem type.
Reported-by: Matsuda, Daiki <matsudadik@intellilink.co.jp> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Andreas Färber [Sun, 27 May 2012 15:02:20 +0000 (17:02 +0200)]
qemu-ga: Fix use of environ on Darwin
Use _NSGetEnviron() helper to access the environment.
Signed-off-by: Andreas Färber <andreas.faerber@web.de> Cc: Charlie Somerville <charlie@charliesomerville.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
The whole PCI slot should be removed once. Currently only one func
is cleaned in pci_unplug_device(), if you try to remove a single
func by monitor cmd.
free_qdev() are called for all functions in slot,
but unparent_delete() is only called for one
function.
Signed-off-by: XXXX Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Scott Moser [Mon, 26 Mar 2012 19:27:00 +0000 (15:27 -0400)]
fix multiboot loading if load_end_addr == 0
The previous multiboot load code did not treat the case where
load_end_addr was 0 specially. The multiboot specification says the
following:
* load_end_addr
Contains the physical address of the end of the data segment.
(load_end_addr - load_addr) specifies how much data to load. This
implies that the text and data segments must be consecutive in the
OS image; this is true for existing a.out executable formats. If
this field is zero, the boot loader assumes that the text and data
segments occupy the whole OS image file.
Signed-off-by: Scott Moser <smoser@ubuntu.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Avi Kivity [Wed, 9 May 2012 15:23:06 +0000 (18:23 +0300)]
vga: fix vram double-mapping with -vga std and -M pc-0.12
With pc-0.12, we map the video RAM both through the PCI BAR (the guest does
this) and through a fixed mapping at 0xe0000000. The memory API doesn't allow
this double map, and aborts.
Fix by using an alias.
Reported-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Andreas Färber [Sun, 27 May 2012 14:21:02 +0000 (16:21 +0200)]
arch_init: Fix AltiVec build on Darwin/ppc
Commit f29a56147b66845914d0a645bf9b4c5bb9a6af57 (implement
-no-user-config command-line option (v3)) introduced uses of bool
in arch_init.c. Shortly before that usage is support code for
AltiVec (conditional to __ALTIVEC__).
GCC's altivec.h may in a !__APPLE_ALTIVEC__ code path redefine bool,
leading to type mismatches. altivec.h recommends to #undef for C++
compatibility, but doing so in C leads to bool remaining undefined.
Fix by redefining bool to _Bool as mandated for stdbool.h by POSIX.
Signed-off-by: Andreas Färber <andreas.faerber@web.de> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Anthony Liguori [Tue, 29 May 2012 09:32:13 +0000 (04:32 -0500)]
Merge remote-tracking branch 'sstabellini/for_1.1_rc3' into staging
* sstabellini/for_1.1_rc3:
Call xc_domain_shutdown with the reboot flag when the guest requests a reboot.
xen: Fix PV-on-HVM
xen_disk: properly update stats in ioreq_release()
xen_disk: use bdrv_aio_flush instead of bdrv_flush
xen_disk: remove syncwrite option
xen: disable rtc_clock
xen: do not initialize the interval timer and PCSPK emulator
Anthony Liguori [Tue, 29 May 2012 09:30:49 +0000 (04:30 -0500)]
Merge remote-tracking branch 'kwolf/for-anthony' into staging
* kwolf/for-anthony:
fdc-test: introduced qtest no_media_on_start and cmos qtest for floppy
fdc: fix media detection
fdc: floppy drive should be visible after start without media
qemu-iotests: mark 035 qcow2-only
qcow2: Check qcow2_alloc_clusters_at() return value
sheepdog: use heap instead of stack for BDRVSheepdogState
sheepdog: return -errno on error
sheepdog: mark image as snapshot when tag is specified
qemu-img: Explain how rebase operation can be used to perform a 'diff' operation.
qcow2: don't leak buffer for unexpected qcow_version in header
Anthony Liguori [Tue, 29 May 2012 09:30:00 +0000 (04:30 -0500)]
Merge remote-tracking branch 'kiszka/queues/slirp' into staging
* kiszka/queues/slirp:
slirp: Avoid redefining MAX_TCPOPTLEN
slirp: Avoid statements without effect on Big Endian host
slirp: Untangle TCPOLEN_* from TCPOPT_*
Anthony Liguori [Tue, 29 May 2012 09:28:59 +0000 (04:28 -0500)]
Merge remote-tracking branch 'bonzini/scsi-next' into staging
* bonzini/scsi-next:
ISCSI: Switch to using READ16/WRITE16 for I/O to the LUN
ISCSI: Only call READCAPACITY16 for SBC devices, use READCAPACITY10 for MMC
ISCSI: get device type at connection time
ISCSI: change num_blocks to 64-bit
ISCSI: redo how we set up the events
scsi: declare vmstate_info_scsi_requests to be static
Andreas Färber [Mon, 28 May 2012 17:52:35 +0000 (19:52 +0200)]
slirp: Avoid redefining MAX_TCPOPTLEN
MAX_TCPOPTLEN is being defined as 32. Darwin already has it as 40,
causing a warning. The value is only used to declare an array,
into which currently 4 bytes are written at most.
Therefore always override MAX_TCPOPTLEN for now.
Suggested-by: Jan Kiszka <jan.kiszka@web.de> Reviewed-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Andreas Färber <andreas.faerber@web.de> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Andreas Färber [Mon, 28 May 2012 17:34:20 +0000 (19:34 +0200)]
slirp: Avoid statements without effect on Big Endian host
Darwin has HTON*/NTOH* macros that on BE simply return the argument.
This is incompatible with SLIRP's use of these macros as a statement.
Undefine the macros in the HOST_WORDS_BIGENDIAN code path to redefine
these macros as no-op, as already done when they were undefined.
Suggested-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Andreas Färber <andreas.faerber@web.de> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Ronnie Sahlberg [Tue, 22 May 2012 09:56:36 +0000 (19:56 +1000)]
ISCSI: redo how we set up the events
Call qemu_notify_event() after updating events. Otherwise, If we add
an event for -is-writeable but the socket is already writeable there
may be a delay before the event callback is actually triggered.
Those delays would in particular hurt performance during BIOS boot and
when the GRUB bootloader reads the kernel and initrd.
But first call out to the socket write functions directly, and only set up
the write event if the socket is full. This will happen very rarely and
this improves performance.
Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Andreas Färber [Fri, 27 Apr 2012 22:29:05 +0000 (00:29 +0200)]
slirp: Untangle TCPOLEN_* from TCPOPT_*
Commit b72210568ef0c0fb141a01cffb71a09c4efa0364 (slirp: clean up
conflicts with system headers) enclosed TCPOLEN_MAXSEG with an #ifdef
TCPOPT_EOL. This broke the build on illumos, which has TCPOPT_*
but not TCPOLEN_*.
Move them to their own #ifdef TCPOLEN_MAXSEG section to remedy this.
Cc: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Andreas Färber <andreas.faerber@web.de> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Andreas Färber [Sun, 27 May 2012 17:50:47 +0000 (19:50 +0200)]
tcg/ppc: Handle _CALL_DARWIN being undefined on Darwin
powerpc-apple-darwin9-gcc-4.2.1 (GCC) 4.2.1 (Apple Inc. build 5577)
does not define _CALL_DARWIN, leading to unexpected behavior w.r.t.
register clobbering and stack frame layout.
Since _CALL_DARWIN is a reserved identifier, define a custom
TCG_TARGET_CALL_DARWIN based on either _CALL_DARWIN or __APPLE__.
Signed-off-by: Andreas F?rber <andreas.faerber@web.de> Signed-off-by: malc <av1474@comtv.ru>
Pavel Hrdina [Thu, 24 May 2012 09:02:30 +0000 (11:02 +0200)]
fdc-test: introduced qtest no_media_on_start and cmos qtest for floppy
As default a guest has always one floppy drive so 0x10 byte in CMOS
has to have 0x40 value. Higher 4 bits means that the first floppy drive
is 1.44 Mb 3"5 drive and lower 4 bits means the second drive is not present.
After the guest starts DSKCHG bit in DIR register should be set. If there
is no media in drive, this bit should be set all the time.
Because we start the guest without media in drive, we have to swap
'eject' and 'change' in 'test_media_change'.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Pavel Hrdina [Thu, 24 May 2012 09:02:29 +0000 (11:02 +0200)]
fdc: fix media detection
We have to set up 'media_changed' after guest start so floppy driver
could detect that there is no media in drive. For this purpose we call
'fdctrl_change_cb' instead of 'fd_revalidate' in 'fdctrl_connect_drives'.
'fd_revalidate' is called inside 'fdctrl_change_cb'.
We still have to set default drive geometry in 'fd_revalidate' even
if there is no media in drive. When you try to open (windows) or mount (linux)
floppy the driver tries to seek on track 1. Linux guest stuck in loop then
kernel crashes and windows guest prints error message.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
projects / users / dwmw2 / qemu.git / log