qemu-stable-0.14.git
7 years agoVersion 0.14.1 master v0.14.1
Justin M. Forbes [Wed, 4 May 2011 18:50:56 +0000 (13:50 -0500)] 
Version 0.14.1

7 years agovirtio-blk: fail unaligned requests
Christoph Hellwig [Wed, 6 Apr 2011 18:28:34 +0000 (20:28 +0200)] 
virtio-blk: fail unaligned requests

Like all block drivers virtio-blk should not allow small than block size
granularity access.  But given that the protocol specifies a
byte unit length field we currently accept such requests, which cause
qemu to abort() in lower layers.  Add checks to the main read and
write handlers to catch them early.

Reported-by: Conor Murphy <conor_murphy_virt@hotmail.com>
Tested-by: Conor Murphy <conor_murphy_virt@hotmail.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
7 years agoqed: Fix consistency check on 32-bit hosts
Stefan Hajnoczi [Sun, 24 Apr 2011 17:38:58 +0000 (18:38 +0100)] 
qed: Fix consistency check on 32-bit hosts

The qed_bytes_to_clusters() function is normally used with size_t
lengths.  Consistency check used it with file size length and therefore
failed on 32-bit hosts when the image file is 4 GB or more.

Make qed_bytes_to_clusters() explicitly 64-bit and update consistency
check to keep 64-bit cluster counts.

Reported-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
7 years agoexit if -drive specified is invalid instead of ignoring the "wrong" -drive
Michael Tokarev [Wed, 30 Mar 2011 12:31:05 +0000 (16:31 +0400)] 
exit if -drive specified is invalid instead of ignoring the "wrong" -drive

This fixes the problem when qemu continues even if -drive specification
is somehow invalid, resulting in a mess.  Applicable for both current
master and for stable-0.14 (and the same issue exist 0.13 and 0.12 too).

The prob can actually be seriuos: when you start guest with two drives
and make an error in the specification of one of them, and the guest
has something like a raid array on the two drives, guest may start failing
that array or kick "missing" drives which may result in a mess - this is
what actually happened to me, I did't want a resync at all, and a resync
resulted in re-writing (and allocating) a 4TB virtual drive I used for
testing, which in turn resulted in my filesystem filling up and whole
thing failing badly.  Yes it was just testing VM, I experimented with
larger raid arrays, but the end result was quite, well, unexpected.

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Acked-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
7 years agovhost: fix dirty page handling
Michael S. Tsirkin [Wed, 16 Mar 2011 10:09:09 +0000 (12:09 +0200)] 
vhost: fix dirty page handling

vhost was passing a physical address to cpu_physical_memory_set_dirty,
which is wrong: we need to translate to ram address first.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Note: this lead to crashes during migration, so the patch
is needed on the stable branch too.

7 years agoDo not delete BlockDriverState when deleting the drive
Ryan Harper [Wed, 30 Mar 2011 01:51:47 +0000 (20:51 -0500)] 
Do not delete BlockDriverState when deleting the drive

When removing a drive from the host-side via drive_del we currently have
the following path:

drive_del
qemu_aio_flush()
bdrv_close()    // zaps bs->drv, which makes any subsequent I/O get
                // dropped.  Works as designed
drive_uninit()
bdrv_delete()   // frees the bs.  Since the device is still connected to
                // bs, any subsequent I/O is a use-after-free.

The value of bs->drv becomes unpredictable on free.  As long as it
remains null, I/O still gets dropped, however it could become non-null
at any point after the free resulting SEGVs or other QEMU state
corruption.

To resolve this issue as simply as possible, we can chose to not
actually delete the BlockDriverState pointer.  Since bdrv_close()
handles setting the drv pointer to NULL, we just need to remove the
BlockDriverState from the QLIST that is used to enumerate the block
devices.  This is currently handled within bdrv_delete, so move this
into its own function, bdrv_make_anon().

The result is that we can now invoke drive_del, this closes the file
descriptors and sets BlockDriverState->drv to NULL which prevents futher
IO to the device, and since we do not free BlockDriverState, we don't
have to worry about the copy retained in the block devices.

We also don't attempt to remove the qdev property since we are no longer
deleting the BlockDriverState on drives with associated drives.  This
also allows for removing Drives with no devices associated either.

Reported-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Ryan Harper <ryanh@us.ibm.com>
Acked-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
7 years agovnc: tight: Fix crash after 2GB of output
Michael Tokarev [Mon, 21 Mar 2011 08:34:35 +0000 (09:34 +0100)] 
vnc: tight: Fix crash after 2GB of output

fix 2Gb integer overflow in in VNC tight and zlib encodings

As found by Roland Dreier <roland@purestorage.com> (excellent
catch!), when amount of VNC compressed data produced by zlib
and sent to client exceeds 2Gb, integer overflow occurs because
currently, we calculate amount of data produced at each step by
comparing saved total_out with new total_out, and total_out is
something which grows without bounds.  Compare it with previous
avail_out instead of total_out, and leave total_out alone.

The same code is used in vnc-enc-tight.c and vnc-enc-zlib.c,
so fix both cases.

There, there's no actual need to save previous_out value, since
capacity-offset (which is how that value is calculated) stays
the same so it can be recalculated again after call to deflate(),
but whole thing becomes less readable this way.

Reported-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Corentin Chary <corentin.chary@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
7 years agolan9118: Ignore write to MAC_VLAN1 register
Atsushi Nemoto [Tue, 5 Apr 2011 14:34:04 +0000 (23:34 +0900)] 
lan9118: Ignore write to MAC_VLAN1 register

On Mon, 4 Apr 2011 20:15:30 +0200, Aurelien Jarno <aurelien@aurel32.net> wrote:
> Is it really safe ignoring write to this register? If yes, it's probably
> a good idea to explain why in a comment. In any case, if supporting this
> register is easy to do, it would be the best option.

I think it is safe.  Please see an updated comment below.

And though implementing this register might be possible, I suppose it
is not worth to supporting FrameTooLong detection, for now at least.

Thank you for comments.

>8---------------------------------------------------------------------
From: Atsushi Nemoto <anemo@mba.ocn.ne.jp>
Date: Tue, 5 Apr 2011 23:12:07 +0900
Subject: [PATCH] lan9118: Ignore write to MAC_VLAN1 register

Since linux 2.6.38, smsc911x driver writes to VLAN1 registger.
Since this register only affects FrameTooLong detection, ignoring
write to this register should be safe.

Signed-off-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit a0313c00fcd26530a025ff93edee32959917be8d)

7 years agoDon't allow multiwrites against a block device without underlying medium
Ryan Harper [Mon, 7 Mar 2011 16:01:04 +0000 (10:01 -0600)] 
Don't allow multiwrites against a block device without underlying medium

If the block device has been closed, we no longer have a medium to submit
IO against, check for this before submitting io.  This prevents a segfault
further in the code where we dereference elements of the block driver.

Signed-off-by: Ryan Harper <ryanh@us.ibm.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
7 years agolsi53c895a: add support for ABORT messages
Bernhard Kohl [Mon, 6 Sep 2010 04:42:54 +0000 (04:42 +0000)] 
lsi53c895a: add support for ABORT messages

If these messages are not handled correctly the guest driver may hang.

Always mandatory:
- ABORT
- BUS DEVICE RESET

Mandatory if tagged queuing is implemented (which disks usually do):
- ABORT TAG
- CLEAR QUEUE

Signed-off-by: Bernhard Kohl <bernhard.kohl@nsn.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 508240c0daecdd62ab46727f37145f2dbb029ff7)

7 years agovirtio-pci: fix bus master work around on load
Michael S. Tsirkin [Sat, 19 Mar 2011 17:28:19 +0000 (19:28 +0200)] 
virtio-pci: fix bus master work around on load

Commit c81131db15dd1844d0db1d51f3cd7a105cfd2cf3
detects old guests by comparing virtio and
PCI status. It attempts to do this on load,
as well, but load_config callback in a binding
is invoked too early and so the virtio status
isn't set yet.

We could add yet another callback to the
binding, to invoke after load, but it
seems easier to reuse the existing vmstate
callback.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Cc: Alexander Graf <agraf@suse.de>
(cherry picked from commit 89c473fd82daf7dddad8162a683bcd0ef671ecda)

7 years agofix applesmc REV key
René Rebe [Mon, 21 Mar 2011 10:33:21 +0000 (11:33 +0100)] 
fix applesmc REV key

Fix applesmc REV key string literal hex encoding.

Signed-off-by: René Rebe <rene@exactcode.de>
Acked-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 7f90fa77b8f0dbe2e9d221953b8f9a6af6a3128a)

7 years agorbd: don't link with -lcrypto
Aurelien Jarno [Mon, 7 Mar 2011 06:17:49 +0000 (07:17 +0100)] 
rbd: don't link with -lcrypto

rbd support tries to both link with -lrados and -lcrypto. While the
first one is of course necessary, the second is not necessary (only
librados ifself needs to link with libcrypto).

This fixes a licensing issue: qemu as a whole is GPL v2, and thus can't
be linked with OpenSSL without an exception in the license, which seems
difficult to get given the number of persons involved.

Cc: Christian Brunner <chb@muc.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit cc4e8741ccdaa905017f3c7c59e14c685a239c2d)

7 years agonet: Add the missing option declaration of "vhostforce"
Jason Wang [Fri, 25 Feb 2011 08:11:27 +0000 (16:11 +0800)] 
net: Add the missing option declaration of "vhostforce"

Signed-off-by: Jason Wang <jasowang@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 96c94b298f99d6edf4e49d03cc8458f5b6e9d5f0)

7 years agolsi53c895a: Update dnad when skipping MSGOUT bytes
Stefan Hajnoczi [Wed, 26 Jan 2011 12:31:00 +0000 (12:31 +0000)] 
lsi53c895a: Update dnad when skipping MSGOUT bytes

Update not only dbc but also dnad when skipping bytes during the MSGOUT
phase.  Previously only dbc was updated which is probably wrong and
could lead to bogus message codes being read.

Tested on Linux and Windows Server 2003.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 444dd39b5f226926e8b8a950821e6f48a5da3ccd)

7 years agoRevert "prep: Disable second IDE channel, as long as ISA IDE emulation doesn't suppor...
Aurelien Jarno [Mon, 21 Feb 2011 14:53:05 +0000 (15:53 +0100)] 
Revert "prep: Disable second IDE channel, as long as ISA IDE emulation doesn't support same irq for both channels"

This reverts commit 491e2a338fdf8310c84f6ebaed1683a871a0700e.
(cherry picked from commit 81aa06471a5c0ae45537b15f5b44e3f82488cdf5)

7 years agoisa-bus: Remove bogus IRQ sharing check
Jan Kiszka [Sat, 19 Feb 2011 17:56:22 +0000 (18:56 +0100)] 
isa-bus: Remove bogus IRQ sharing check

Nothing prevented IRQ sharing on the ISA bus in principle. Not all
boards supported this, neither each and every card nor driver and OS.
Still, there existed valid IRQ sharing scenarios, (at least) two of them
can also be found in QEMU: >2 PC UARTs and the PREP IDE buses.

So remove this artificial restriction from our ISA model.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit ee951a37d8873bff7aa58e23222dfd984111b6cb)

7 years agovirtio-net: Fix lduw_p() pointer argument of wrong size
Stefan Hajnoczi [Thu, 3 Mar 2011 21:42:28 +0000 (21:42 +0000)] 
virtio-net: Fix lduw_p() pointer argument of wrong size

A pointer to a size_t variable was passed as the void * pointer to
lduw_p() in virtio_net_receive().  Instead of acting on the 16-bit value
this caused failure on big-endian hosts.

Avoid this issue in the future by using stw_p() instead.  In general we
should use ld*_p() for loading from target memory and st*_p() for
storing to target memory anyway, not the other way around.

Also tighten up a correct use of lduw_p() when stw_p() should be used
instead in virtio_net_get_config().

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit b46d97f2d2fd7c099b11e610de630918dfd11fa1)

7 years agohw/sd.c: Add missing state change for SD_STATUS, SEND_NUM_WR_BLOCKS
Peter Maydell [Fri, 18 Feb 2011 13:39:00 +0000 (13:39 +0000)] 
hw/sd.c: Add missing state change for SD_STATUS, SEND_NUM_WR_BLOCKS

The SD_STATUS and SEND_NUM_WR_BLOCKS commands are supposed to cause
the card to send data back to the host. However sd.c was missing the
state change to sd_sendingdata_state for these commands, with the effect
that the Linux driver would either hang indefinitely waiting for
nonexistent data (pl181) or read zeroes and provoke a qemu warning
message (omap).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
7 years agovnc: Fix fatal crash with vnc reverse mode
Stefan Weil [Wed, 16 Feb 2011 19:48:00 +0000 (20:48 +0100)] 
vnc: Fix fatal crash with vnc reverse mode

Reverse mode is unusable:

qemu -vnc localhost:5500,reverse

crashes in vnc_refresh_server_surface because some pointers are NULL.

Fix this by calling vnc_dpy_resize (which initializes these pointers)
before calling vnc_refresh.

Cc: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
7 years agoqemu-char: Check for missing backend name
Stefan Hajnoczi [Sat, 22 Jan 2011 13:07:26 +0000 (13:07 +0000)] 
qemu-char: Check for missing backend name

Check if the backend option is missing before searching the backend
table.  This fixes a NULL pointer dereference when QEMU is invoked with
the following invalid command-line:

  $ qemu -chardev id=foo,path=/tmp/socket

Previously QEMU would segfault, now it produces this error message:

  chardev: "foo" missing backend

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
7 years agoUpdate version for 0.14.0 v0.14.0
Anthony Liguori [Wed, 16 Feb 2011 14:42:46 +0000 (08:42 -0600)] 
Update version for 0.14.0

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
7 years agoUpdate version for 0.14.0-rc2 v0.14.0-rc2
Anthony Liguori [Mon, 14 Feb 2011 22:01:01 +0000 (16:01 -0600)] 
Update version for 0.14.0-rc2

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
7 years agoFix build from previous commit
Anthony Liguori [Mon, 14 Feb 2011 20:24:24 +0000 (14:24 -0600)] 
Fix build from previous commit

I unfortunately got on an unnamed branch and pushed the wrong bits

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
7 years agoPATCH] slirp: fix buffer overrun
Bruce Rogers [Sat, 5 Feb 2011 21:47:56 +0000 (14:47 -0700)] 
PATCH] slirp: fix buffer overrun

Since the addition of the slirp member to struct mbuf, the value of
SLIRP_MSIZE and the initialization of m_size have not been correct,
resulting in overrunning the end of the malloc'd buffer in some cases.

Signed-off-by: Bruce Rogers <brogers@novell.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
7 years agocorrectly check ppr priority during interrupt injection]
Gleb Natapov [Mon, 7 Feb 2011 14:14:44 +0000 (16:14 +0200)] 
correctly check ppr priority during interrupt injection]

TPR blocks all interrupts in a priority class, so simple "less or
equal" check is not enough.

Signed-off-by: Gleb Natapov <gleb@redhat.com>
Reviewed-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
7 years agoMerge branch 'linux-user-for-0.14' of git://gitorious.org/qemu-maemo/qemu
Justin M. Forbes [Mon, 14 Feb 2011 18:11:43 +0000 (12:11 -0600)] 
Merge branch 'linux-user-for-0.14' of git://gitorious.org/qemu-maemo/qemu

7 years agoqcow2: Fix order in L2 table COW
Kevin Wolf [Wed, 9 Feb 2011 16:36:19 +0000 (17:36 +0100)] 
qcow2: Fix order in L2 table COW

When copying L2 tables (this happens only with internal snapshots), the order
wasn't completely safe, so that after a crash you could end up with a L2 table
that has too low refcount, possibly leading to corruption in the long run.

This patch puts the operations in the right order: First allocate the new
L2 table and replace the reference, and only then decrease the refcount of the
old table.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 16fde5f2c2788232b16c06d34d0459a5c1ec1f6c)

7 years agoqemu-img: Improve error messages for failed bdrv_open
Kevin Wolf [Wed, 9 Feb 2011 10:25:53 +0000 (11:25 +0100)] 
qemu-img: Improve error messages for failed bdrv_open

Output the error message string of the bdrv_open return code. Also set a
non-empty device name for the images because the unknown feature error message
includes it.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit b9eaf9ecb15a9c69a592f386159163d5efc3b919)

7 years agoqed: Report error for unsupported features
Kevin Wolf [Wed, 9 Feb 2011 10:13:26 +0000 (11:13 +0100)] 
qed: Report error for unsupported features

Instead of just returning -ENOTSUP, generate a more detailed error.

Unfortunately we don't have a helpful text for features that we don't know yet,
so just print the feature mask. It might be useful at least if someone asks for
help.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Acked-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
(cherry picked from commit 10b758e85c9b38b4b370cff81435f6ed26024a26)

7 years agoqcow2: Report error for version > 2
Kevin Wolf [Wed, 9 Feb 2011 10:11:07 +0000 (11:11 +0100)] 
qcow2: Report error for version > 2

The qcow2 driver is now declared responsible for any QCOW image that has
version 2 or greater (before this, version 3 would be detected as raw).

For everything newer than version 2, an error is reported.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit e8cdcec123facf0ed273d941caeeeb9b08f14955)

7 years agoqerror: Add QERR_UNKNOWN_BLOCK_FORMAT_FEATURE
Kevin Wolf [Wed, 9 Feb 2011 10:09:38 +0000 (11:09 +0100)] 
qerror: Add QERR_UNKNOWN_BLOCK_FORMAT_FEATURE

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit f54e3641122e51c6343d587805422642f307462e)

7 years agoqcow2: Fix error handling for reading compressed clusters
Kevin Wolf [Wed, 9 Feb 2011 09:26:06 +0000 (10:26 +0100)] 
qcow2: Fix error handling for reading compressed clusters

When reading a compressed cluster failed, qcow2 falsely returned success.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
(cherry picked from commit 8af364884355b3f0c5d60a2d2f427927739658ea)

7 years agoqcow2: Fix error handling for immediate backing file read failure
Kevin Wolf [Tue, 8 Feb 2011 17:12:35 +0000 (18:12 +0100)] 
qcow2: Fix error handling for immediate backing file read failure

Requests could return success even though they failed when bdrv_aio_readv
returned NULL for a backing file read.

Reported-by: Chunqiang Tang <ctang@us.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 3ab4c7e92d39d40e6dc0bdb1c2320889543691cb)

7 years agoQCOW2: bug fix - read base image beyond its size
Chunqiang Tang [Thu, 3 Feb 2011 15:12:49 +0000 (10:12 -0500)] 
QCOW2: bug fix - read base image beyond its size

This patch fixes the following bug in QCOW2. For a QCOW2 image that is larger
than its base image, when handling a read request straddling over the end of the
base image, the QCOW2 driver attempts to read beyond the end of the base image
and the request would fail.

This bug was found by Fast Virtual Disk (FVD)'s fully automated testing tool.
The following test triggered the bug.

dd if=/dev/zero of=/var/ramdisk/truth.raw count=0 bs=1 seek=1098561536
dd if=/dev/zero of=/var/ramdisk/zero-500M.raw count=0 bs=1 seek=593099264
./qemu-img create -f qcow2 -ocluster_size=65536,backing_fmt=blksim -b /var/ramdisk/zero-500M.raw /var/ramdisk/test.qcow2 1098561536
./qemu-io --auto --seed=30477694 --truth=/var/ramdisk/truth.raw --format=qcow2 --test=blksim:/var/ramdisk/test.qcow2 --verify_write=true --compare_before=false --compare_after=true --round=100000 --parallel=100 --io_size=10485760 --fail_prob=0 --cancel_prob=0 --instant_qemubh=true

Signed-off-by: Chunqiang Tang <ctang@us.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit e0d9c6f93729c9bfc98fcafcd73098bb8e131aeb)

7 years agoChange snapshot_blkdev hmp to use correct argument type for device
Jes Sorensen [Fri, 4 Feb 2011 08:22:14 +0000 (09:22 +0100)] 
Change snapshot_blkdev hmp to use correct argument type for device

Pointed out by Markus

Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 982aa95532a3a7b549695d5b3e18442975eecfb5)

7 years agolinux-user: Fix possible realloc memory leak
Stefan Weil [Mon, 17 Jan 2011 20:36:06 +0000 (21:36 +0100)] 
linux-user: Fix possible realloc memory leak

Extract from "man realloc":
"If realloc() fails the original block is left untouched;
it is not freed or moved."

Fix a possible memory leak (reported by cppcheck).

Cc: Riku Voipio <riku.voipio@iki.fi>
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Riku Voipio <riku.voipio@nokia.com>
(cherry picked from commit 8d79de6e42947a4a11ad7c7bb87e8f745a4f8321)

7 years agolinux-user: Fix possible realloc memory leak
Stefan Weil [Mon, 17 Jan 2011 20:36:06 +0000 (21:36 +0100)] 
linux-user: Fix possible realloc memory leak

Extract from "man realloc":
"If realloc() fails the original block is left untouched;
it is not freed or moved."

Fix a possible memory leak (reported by cppcheck).

Cc: Riku Voipio <riku.voipio@iki.fi>
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Riku Voipio <riku.voipio@nokia.com>
7 years agolinux-user: fix for loopmount ioctl
Martin Mohring [Tue, 8 Feb 2011 12:48:56 +0000 (14:48 +0200)] 
linux-user: fix for loopmount ioctl

In case a chrooted build uses XEN or KVM, a looped mount needs to be done to setup the chroot.
The ioctl for loop mount works correctly for arm, mips, ppc32 and sh4, so its now activated.

Signed-off-by: Riku Voipio <riku.voipio@nokia.com>
7 years agoMerge branch 'master' of git+ssh://git.qemu.org/pub/git/qemu-stable-0.14
Justin M. Forbes [Tue, 8 Feb 2011 18:41:18 +0000 (12:41 -0600)] 
Merge branch 'master' of git+ssh://git.qemu.org/pub/git/qemu-stable-0.14

7 years agoblockdev: Plug memory leak in drive_init() error paths
Markus Armbruster [Tue, 8 Feb 2011 14:12:39 +0000 (15:12 +0100)] 
blockdev: Plug memory leak in drive_init() error paths

Should have spotted this when doing commit 319ae529.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
7 years agoblockdev: Plug memory leak in drive_uninit()
Markus Armbruster [Tue, 8 Feb 2011 14:12:38 +0000 (15:12 +0100)] 
blockdev: Plug memory leak in drive_uninit()

Started leaking in commit 1dae12e6.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
7 years agox86: Fix MCA broadcast parameters for TCG case
Jan Kiszka [Fri, 4 Feb 2011 15:47:25 +0000 (13:47 -0200)] 
x86: Fix MCA broadcast parameters for TCG case

When broadcasting MCEs, we need to set MCIP and RIPV in mcg_status like
it is done for KVM. Use the symbolic constants at this chance.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 29057492871e63caeab8ee7cdf1062c0270f19d8)

7 years agoqemu-timer: Fix compilation of new timer code for w32, w64
Stefan Weil [Fri, 4 Feb 2011 21:01:32 +0000 (22:01 +0100)] 
qemu-timer: Fix compilation of new timer code for w32, w64

qemu_next_alarm_deadline() is needed by MinGW, too.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Anthony Liguori <aliguori@us.ibm.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit f26e5a54f0554798a2e6f7a074b809b13635d007)

7 years agoUpdate version for 0.14.0-rc1 v0.14.0-rc1
Anthony Liguori [Mon, 7 Feb 2011 19:36:28 +0000 (13:36 -0600)] 
Update version for 0.14.0-rc1

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
7 years agoblock: enable in_use flag
Marcelo Tosatti [Wed, 26 Jan 2011 14:12:35 +0000 (12:12 -0200)] 
block: enable in_use flag

Set block device in use during block migration, disallow drive_del and
bdrv_truncate for in use devices.

Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 8591675f44929a9e4b5d3a5fd702a4b6d41c7903)

7 years agoAdd flag to indicate external users to block device
Marcelo Tosatti [Wed, 26 Jan 2011 14:12:34 +0000 (12:12 -0200)] 
Add flag to indicate external users to block device

Certain operations such as drive_del or resize cannot be performed
while external users (eg. block migration) reference the block device.

Add a flag to indicate that.

Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit db593f2565dc12442d6bac9e8eaefa027dfcada9)

7 years agoblock-migration: add reference to target DriveInfo
Marcelo Tosatti [Wed, 26 Jan 2011 14:12:33 +0000 (12:12 -0200)] 
block-migration: add reference to target DriveInfo

So that ejection of attached device by guest does not free data
in use by block migration instance.

Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
CC: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit f48905d44f670cd83227b3a8d06ae1406f0c771c)

7 years agoblockdev: add refcount to DriveInfo
Marcelo Tosatti [Wed, 26 Jan 2011 14:12:32 +0000 (12:12 -0200)] 
blockdev: add refcount to DriveInfo

The host part of a block device can be deleted with in progress
block migration.

To fix this, add a reference count to DriveInfo, freeing resources
on last reference.

Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
CC: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 84fb392526479d54602a3830326d50d44657f630)

7 years agoblock-migration: actually disable dirty tracking on cleanup
Marcelo Tosatti [Wed, 26 Jan 2011 14:12:31 +0000 (12:12 -0200)] 
block-migration: actually disable dirty tracking on cleanup

Call to set_dirty_tracking() is misplaced.

Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 8f794c557c4b51c7a957d47ef6a2230114bb9e79)

7 years agoahci: make number of ports runtime determined
Alexander Graf [Tue, 1 Feb 2011 14:51:31 +0000 (15:51 +0100)] 
ahci: make number of ports runtime determined

Different AHCI controllers have a different number of ports, so the core
shouldn't care about the amount of ports available.

This patch makes the number of ports available to the AHCI core runtime
configurable, allowing us to have multiple different AHCI implementations
with different amounts of ports.

Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 2c4b9d0ea42c27ec2112e437a0fa954afe73bd23)

7 years agoahci: Implement HBA reset
Alexander Graf [Tue, 1 Feb 2011 14:51:30 +0000 (15:51 +0100)] 
ahci: Implement HBA reset

The ahci code was missing its soft reset functionality. This wasn't really an
issue for Linux guests, but Windows gets confused when the controller doesn't
reset when it tells it so.

Using this patch I can now successfully boot Windows 7 from AHCI using AHCI
enabled SeaBIOS.

Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 760c3e44d3a1d8a7e9d22f0429b1805d1c688178)

7 years agoahci: send init d2h fis on fis enable
Alexander Graf [Tue, 1 Feb 2011 14:51:29 +0000 (15:51 +0100)] 
ahci: send init d2h fis on fis enable

The drive sends a d2h init fis on initialization. Usually, the guest doesn't
receive fises yet at that point though, so the delivery is deferred.

Let's reflect that by sending the init fis on fis receive enablement.

Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 87e62065bb5e0e544e45e6935e3ac2b053fe446e)

7 years agoahci: split ICH and AHCI even more
Alexander Graf [Tue, 1 Feb 2011 14:51:28 +0000 (15:51 +0100)] 
ahci: split ICH and AHCI even more

Sebastian's patch already did a pretty good job at splitting up ICH-9
AHCI code and the AHCI core. We need some more though. Copyright was missing,
the lspci dump belongs to ICH-9, we don't need the AHCI core to have its
own qdev device duplicate.

So let's split them a bit more in this patch, making things easier to
read an understand.

Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 7fb6577b130c615e42e1ccf8dad69c27c3eef085)

7 years agoahci: add license header in ahci.h
Alexander Graf [Tue, 1 Feb 2011 14:51:27 +0000 (15:51 +0100)] 
ahci: add license header in ahci.h

Due to popular request, this patch adds a license header to ahci.h

Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit f83a40dcd7c38aef8cb4aa93e1f6f0e21c750992)

7 years agoahci: split ICH9 from core
Sebastian Herbszt [Tue, 1 Feb 2011 14:51:26 +0000 (15:51 +0100)] 
ahci: split ICH9 from core

There are multiple ahci devices out there. The currently implemented ich-9
is only one of the many. So let's split that one out into a separate file
to stress the difference.

Signed-off-by: Sebastian Herbszt <herbszt@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 03c7a6a8e7122b9c12a532577046094a69593116)

7 years agoblock/vdi: Fix wrong size in conditionally used memset, memcmp
Stefan Weil [Fri, 4 Feb 2011 20:01:16 +0000 (21:01 +0100)] 
block/vdi: Fix wrong size in conditionally used memset, memcmp

Error report from cppcheck:
block/vdi.c:122: error: Using sizeof for array given as function argument returns the size of pointer.
block/vdi.c:128: error: Using sizeof for array given as function argument returns the size of pointer.

Fix both by setting the correct size.

The buggy code is only used when QEMU is build without uuid support.
The bug is not critical, so there is no urgent need to apply it to
old versions of QEMU.

Cc: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 4f3669ea5bd73ade0dce5f1155cb9ad9788fd54c)

7 years agoDocumentation: add Sheepdog disk images
MORITA Kazutaka [Mon, 7 Feb 2011 07:04:04 +0000 (16:04 +0900)] 
Documentation: add Sheepdog disk images

Signed-off-by: MORITA Kazutaka <morita.kazutaka@lab.ntt.co.jp>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 42af9c30ea9a963ce604ac96230fde2f987634db)

7 years agoqcow2: Really use cache=unsafe for image creation
Kevin Wolf [Thu, 27 Jan 2011 15:46:01 +0000 (16:46 +0100)] 
qcow2: Really use cache=unsafe for image creation

For cache=unsafe we also need to set BDRV_O_CACHE_WB, otherwise we have some
strange unsafe writethrough mode.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
(cherry picked from commit e1a7107f2d92af646ec37b74d074dc150e688559)

7 years agodo not pass NULL to strdup.
Gleb Natapov [Wed, 2 Feb 2011 15:34:34 +0000 (17:34 +0200)] 
do not pass NULL to strdup.

Also use qemu_strdup() instead of strdup() in bootindex code.

Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 4fef930af8d7fab4b6c777fa4c6e2b902359262a)

7 years agoSet the right overflow bit for neon 32 and 64 bit saturating add/sub.
Christophe Lyon [Fri, 4 Feb 2011 14:17:51 +0000 (15:17 +0100)] 
Set the right overflow bit for neon 32 and 64 bit saturating add/sub.

Signed-off-by: Christophe Lyon <christophe.lyon@st.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 72902672dc2ed6281cdb205259c1d52ecf01f6b2)

7 years agotarget-arm: Fix Neon vsra instructions.
Christophe Lyon [Tue, 25 Jan 2011 17:18:08 +0000 (18:18 +0100)] 
target-arm: Fix Neon vsra instructions.

This patch fixes the errors reported by my tests in VSRA.

Signed-off-by: Christophe Lyon <christophe.lyon@st.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 5371cb81405a35ca4c1f6ab23f93a4f7260ffa53)

7 years agotarget-sh4: fix negc
Aurelien Jarno [Fri, 4 Feb 2011 19:19:33 +0000 (20:19 +0100)] 
target-sh4: fix negc

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 7026259f79ffc85ceaaaeee32df518ea96863ee4)

7 years agoioapic: Style & magics cleanup
Jan Kiszka [Thu, 3 Feb 2011 21:54:14 +0000 (22:54 +0100)] 
ioapic: Style & magics cleanup

Fix a few style issues and convert magic numbers into prober symbolic
constants, also fixing the wrong but unused IOAPIC_DM_SIPI value.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 1f5e71a8e6b24dce74b156472ff9253b9bd33a11)

7 years agoioapic: Add support for qemu-kvm's vmstate v2
Jan Kiszka [Thu, 3 Feb 2011 21:54:13 +0000 (22:54 +0100)] 
ioapic: Add support for qemu-kvm's vmstate v2

qemu-kvm carries the IOAPIC base address in its v2 vmstate. We only
support the default base address so far, and saving even that in the
device state was rejected.

Add a padding field to be able to read qemu-kvm's old state, but
increase our version to 3, indicating that we are not saving a valid
address. This also gives downstream the chance to change to stop
evaluating the base_address and move to v3 as well.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 5dce499948e4a4abe62f010baf4a7ed3d49e53cb)

7 years agoioapic: Save/restore irr
Jan Kiszka [Thu, 3 Feb 2011 21:54:12 +0000 (22:54 +0100)] 
ioapic: Save/restore irr

This is a guest modifiable state that must be saved/restored properly.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 35a74c5c5941b474d8b985237e1bde0b8cd2a20f)

7 years agoioapic: Implement EOI handling for level-triggered IRQs
Jan Kiszka [Thu, 3 Feb 2011 21:54:11 +0000 (22:54 +0100)] 
ioapic: Implement EOI handling for level-triggered IRQs

Add the missing EOI broadcast from local APIC to the IOAPICs on
completion of level-triggered IRQs. This ensures that a still asserted
IRQ source properly re-triggers an APIC IRQ.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 0280b571c1a153f8926612d8c8d7359242d596f5)

7 years agovnc: qemu can die if the client is disconnected while updating screen
Corentin Chary [Fri, 4 Feb 2011 08:05:53 +0000 (09:05 +0100)] 
vnc: qemu can die if the client is disconnected while updating screen

agraf reported that qemu_mutex_destroy(vs->output_mutex) while failing
in vnc_disconnect_finish().

It's because vnc_worker_thread_loop() tries to unlock the mutex while
not locked. The unlocking call doesn't fail (pthread bug ?), but
the destroy call does.

Signed-off-by: Corentin Chary <corentincj@iksaif.net>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 73eb4c04e9e8ea7f6eb83694cb0c43e38d882a7c)

7 years agovirtio-serial: Make sure virtqueue is ready before discarding data
Amit Shah [Fri, 4 Feb 2011 08:54:18 +0000 (14:24 +0530)] 
virtio-serial: Make sure virtqueue is ready before discarding data

This can happen if a port gets unplugged before guest has chance to
initialise vqs.

Reported-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 7185f9315bcf90e99b123370cf4d19b8c20afbd5)

7 years agoui/sdl: Fix handling of caps lock and num lock keys
Stefan Weil [Thu, 3 Feb 2011 21:35:07 +0000 (22:35 +0100)] 
ui/sdl: Fix handling of caps lock and num lock keys

Starting with SDL version 1.2.14, caps lock and num lock keys
will send a SDL_KEYUP when SDL_DISABLE_LOCK_KEYS=1 is set in
the environment.

The new code sets the environment unconditionally
(it won't harm old versions which do not know it).

The workaround for SDL_KEYUP is only compiled with old SDL versions.

A similar patch without handling of old SDL versions was already
published by Benjamin Drung for Ubuntu.

Cc: Anthony Liguori <aliguori@us.ibm.com>
Cc: Kevin Wolf <kwolf@redhat.com>
Cc: Benjamin Drung <benjamin.drung@gmail.com>
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 4e79bcbb96d3c189e50adbdac7b1e28d834ba43e)

7 years agoUnify alarm deadline computation
Paolo Bonzini [Thu, 3 Feb 2011 13:49:01 +0000 (14:49 +0100)] 
Unify alarm deadline computation

This patch shows how using the correct formula for
qemu_next_deadline_dyntick can simplify the code of
host_alarm_handler and eliminate useless duplication.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 4c3d45eb694de3e0bda10841a06ba98be4d569b1)

7 years agoCorrect alarm deadline computation
Paolo Bonzini [Thu, 3 Feb 2011 13:49:00 +0000 (14:49 +0100)] 
Correct alarm deadline computation

When the QEMU_CLOCK_HOST clock was added, computation of its
deadline was added to qemu_next_deadline, which is correct but
incomplete.

I noticed this by reading the very convoluted rules whereby
qemu_next_deadline_dyntick is computed, which miss QEMU_CLOCK_HOST
when use_icount is true.  This patch inlines qemu_next_deadline
into qemu_next_deadline_dyntick, and then corrects the logic to skip
only QEMU_CLOCK_VIRTUAL when use_icount is true.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Cc: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 6ad0a1ed21ecd187dbe3239eb45c3598672af6a8)

7 years agouse nanoseconds everywhere for timeout computation
Paolo Bonzini [Thu, 3 Feb 2011 13:48:59 +0000 (14:48 +0100)] 
use nanoseconds everywhere for timeout computation

Suggested by Aurelien Jarno.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 9c13246ac13a87e05b5e6e7158e715dfa65fc7aa)

7 years agosavevm: fix corruption in vmstate_subsection_load().
Yoshiaki Tamura [Thu, 3 Feb 2011 04:34:08 +0000 (13:34 +0900)] 
savevm: fix corruption in vmstate_subsection_load().

Although it's rare to happen in live migration, when the head of a
byte stream contains 0x05 which is the marker of subsection, the
loader gets corrupted because vmstate_subsection_load() continues even
the device doesn't require it.  This patch adds a checker whether
subsection is needed, and skips following routines if not needed.

Signed-off-by: Yoshiaki Tamura <tamura.yoshiaki@lab.ntt.co.jp>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit eb60260de0b050a5e8ab725e84d377d0b44c43ae)

7 years agoRevert "Open up the 0.15 development branch"
Aurelien Jarno [Wed, 2 Feb 2011 07:39:44 +0000 (08:39 +0100)] 
Revert "Open up the 0.15 development branch"

This reverts commit 0e1272f22bd059c3420b6dfe355b042038cc7806.

7 years agoOpen up the 0.15 development branch
Anthony Liguori [Wed, 2 Feb 2011 02:15:26 +0000 (20:15 -0600)] 
Open up the 0.15 development branch

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
7 years agoUpdate version for 0.14.0-rc0 v0.14.0-rc0
Anthony Liguori [Tue, 1 Feb 2011 22:59:46 +0000 (16:59 -0600)] 
Update version for 0.14.0-rc0

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
7 years agoUpdate SeaBIOS to 0.6.1.2
Anthony Liguori [Tue, 1 Feb 2011 22:57:00 +0000 (16:57 -0600)] 
Update SeaBIOS to 0.6.1.2

 - 06d0bdd Minor build fixes.
 - 33abfc0 Update version to 0.6.1.2.
 - 484dd56 fix virtio-blk failure after reboot
 - dd9c0d3 Update version to 0.6.1.1.
 - 50ecfa8 mark irq9 active high in DSDT

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
7 years agovhost: force vhost off for non-MSI guests
mst@redhat.com [Tue, 1 Feb 2011 20:13:42 +0000 (22:13 +0200)] 
vhost: force vhost off for non-MSI guests

When MSI is off, each interrupt needs to be bounced through the io
thread when it's set/cleared, so vhost-net causes more context switches and
higher CPU utilization than userspace virtio which handles networking in
the same thread.

We'll need to fix this by adding level irq support in kvm irqfd,
for now disable vhost-net in these configurations.

Added a vhostforce flag to force vhost-net back on.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
7 years agotap: safe sndbuf default
Michael S. Tsirkin [Tue, 1 Feb 2011 12:25:40 +0000 (14:25 +0200)] 
tap: safe sndbuf default

With current sndbuf default value, a blocked
target guest can prevent another guest from
transmitting any packets. While current
sndbuf value (1M) is reported to help some
UDP based workloads, the default should
be safe (0).

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
7 years agoAdd boot index documentation.
Gleb Natapov [Sun, 30 Jan 2011 10:29:19 +0000 (12:29 +0200)] 
Add boot index documentation.

Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
7 years agoAdd bootindex handling into usb storage device.
Gleb Natapov [Sun, 30 Jan 2011 10:29:18 +0000 (12:29 +0200)] 
Add bootindex handling into usb storage device.

Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
7 years agofix QemuOpts leak
Paolo Bonzini [Thu, 23 Dec 2010 12:42:54 +0000 (13:42 +0100)] 
fix QemuOpts leak

Now that no backend's open function saves the passed QemuOpts, fix a leak
in the qemu_chr_open backwards-compatible parser.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
7 years agoremove text_console_opts
Paolo Bonzini [Thu, 23 Dec 2010 12:42:53 +0000 (13:42 +0100)] 
remove text_console_opts

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
7 years agoadd set_echo implementation for text consoles
Paolo Bonzini [Thu, 23 Dec 2010 12:42:52 +0000 (13:42 +0100)] 
add set_echo implementation for text consoles

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
7 years agocreate TextConsole together with the CharDeviceState
Paolo Bonzini [Thu, 23 Dec 2010 12:42:51 +0000 (13:42 +0100)] 
create TextConsole together with the CharDeviceState

A nicer solution would be to get rid of the opaque pointer and
use containment, but it would also be a much bigger patch.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
7 years agoadd set_echo implementation for qemu_chr_stdio
Paolo Bonzini [Thu, 23 Dec 2010 12:42:50 +0000 (13:42 +0100)] 
add set_echo implementation for qemu_chr_stdio

This also requires moving QemuOpts out of term_init.

Clearing ISIG is independent of whether echo is enabled or disabled.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
7 years agomove atexit(term_exit) and O_NONBLOCK to qemu_chr_open_stdio
Paolo Bonzini [Thu, 23 Dec 2010 12:42:49 +0000 (13:42 +0100)] 
move atexit(term_exit) and O_NONBLOCK to qemu_chr_open_stdio

In the next patch, term_init will be changed to enable or disable
echo at will.  Move extraneous stuff out of it.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
7 years agoadd qemu_chr_set_echo
Paolo Bonzini [Thu, 23 Dec 2010 12:42:48 +0000 (13:42 +0100)] 
add qemu_chr_set_echo

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
7 years agoremove broken code for tty
Paolo Bonzini [Thu, 23 Dec 2010 12:42:47 +0000 (13:42 +0100)] 
remove broken code for tty

This code is taking the settings for a serial port and moving it to
fd 0 when qemu exits.  This is likely just cut-and-paste, rip it.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
7 years agoMerge remote branch 'qemu-kvm/uq/master' into staging
Anthony Liguori [Tue, 1 Feb 2011 21:23:24 +0000 (15:23 -0600)] 
Merge remote branch 'qemu-kvm/uq/master' into staging

aliguori: fix build with !defined(KVM_CAP_ASYNC_PF)

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
7 years agoMerge remote branch 'spice/spice.v29.pull' into staging
Anthony Liguori [Tue, 1 Feb 2011 21:22:48 +0000 (15:22 -0600)] 
Merge remote branch 'spice/spice.v29.pull' into staging

Conflicts:
trace-events

7 years agoMerge remote branch 'spice/usb.5' into staging
Anthony Liguori [Tue, 1 Feb 2011 21:21:23 +0000 (15:21 -0600)] 
Merge remote branch 'spice/usb.5' into staging

7 years agoMerge remote branch 'amit/for-anthony' into staging
Anthony Liguori [Tue, 1 Feb 2011 21:20:56 +0000 (15:20 -0600)] 
Merge remote branch 'amit/for-anthony' into staging

7 years agovnc: Fix password expiration through 'change vnc ""' (v2)
Anthony Liguori [Mon, 31 Jan 2011 20:27:36 +0000 (14:27 -0600)] 
vnc: Fix password expiration through 'change vnc ""' (v2)

commit 52c18be9e99dabe295321153fda7fce9f76647ac introduced a regression in the
change vnc password command that changed the behavior of setting the VNC
password to an empty string from disabling login to disabling authentication.

This commit refactors the code to eliminate this overloaded semantics in
vnc_display_password and instead introduces the vnc_display_disable_login.   The
monitor implementation then determines the behavior of an empty or missing
string.

Recently, a set_password command was added that allows both the Spice and VNC
password to be set.  This command has not shown up in a release yet so the
behavior is not yet defined.

This patch proposes that an empty password be treated as an empty password with
no special handling.  For specifically disabling login, I believe a new command
should be introduced instead of overloading semantics.

I'm not sure how Spice handles this but I would recommend that we have Spice
and VNC have consistent semantics here for the 0.14.0 release.

Reported-by: Neil Wilson <neil@aldur.co.uk>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
---
v1 -> v2
 - Add a proper return to make sure that login is really disabled instead of
   relying on the VNC server to treat empty passwords specially

7 years agolinux-user: avoid gcc array overrun warning for sparc
Peter Maydell [Tue, 1 Feb 2011 15:54:52 +0000 (15:54 +0000)] 
linux-user: avoid gcc array overrun warning for sparc

Suppress a gcc array bounds overrun warning when filling in the SPARC
signal frame by adjusting our definition of the structure so that the
fp and callers_pc membes are part of the ins[] array rather than
separate fields; since qemu has no need to access the fields individually
there is no need to follow the kernel's structure field naming exactly.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
7 years agohw/slavio_intctl.c: fix gcc warning about array bounds overrun
Peter Maydell [Mon, 31 Jan 2011 10:42:26 +0000 (10:42 +0000)] 
hw/slavio_intctl.c: fix gcc warning about array bounds overrun

The Ubuntu 10.10 gcc for ARM complains that we might be overrunning
the cpu_irqs[][] array: silence this by correcting the bounds on the
loop. (In fact we would not have overrun the array because bit
MAX_PILS in pil_pending and irl_out will always be 0.)

Also add a comment about why the loop's lower bound is OK.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
7 years agoSPARC: Fix Leon3 cache control
Fabien Chouteau [Mon, 31 Jan 2011 10:36:54 +0000 (11:36 +0100)] 
SPARC: Fix Leon3 cache control

The "leon3_cache_control_int" (op_helper.c) function is called within leon3.c
which leads to segfault error with the global "env".

Now cache control is a CPU feature and everything is handled in op_helper.c.

Signed-off-by: Fabien Chouteau <chouteau@adacore.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
7 years agoMerge remote branch 'mst/for_anthony' into staging
Anthony Liguori [Mon, 31 Jan 2011 18:07:17 +0000 (12:07 -0600)] 
Merge remote branch 'mst/for_anthony' into staging

7 years agoblockdev: Fix drive_add for drives without media
Markus Armbruster [Fri, 28 Jan 2011 10:21:46 +0000 (11:21 +0100)] 
blockdev: Fix drive_add for drives without media

Watch this:

    (qemu) drive_add 0 if=none
    (qemu) info block
    none0: type=hd removable=0 [not inserted]
    (qemu) drive_del none0
    Segmentation fault (core dumped)

add_init_drive() is confused about drive_init()'s failure modes, and
cleans up when it shouldn't.  This leaves the DriveInfo with member
opts dangling.  drive_del attempts to free it, and dies.

drive_init() behaves as follows:

* If it created a drive with media, it returns its DriveInfo.

* If it created a drive without media, it clears *fatal_error and
  returns NULL.

* If it couldn't create a drive, it sets *fatal_error and returns
  NULL.

Of its three callers:

* drive_init_func() is correct.

* usb_msd_init() assumes drive_init() failed when it returns NULL.
  This is correct only because it always passes option "file", and
  "drive without media" can't happen then.

* add_init_drive() assumes drive_init() failed when it returns NULL.
  This is incorrect.

Clean up drive_init() to return NULL on failure and only on failure.
Drop its parameter fatal_error.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>