qemu.git
7 years agomain-loop.c: Handle SIGINT, SIGHUP and SIGTERM synchronously
Peter Maydell [Thu, 25 Sep 2014 15:51:09 +0000 (16:51 +0100)] 
main-loop.c: Handle SIGINT, SIGHUP and SIGTERM synchronously

Add the termination signals SIGINT, SIGHUP and SIGTERM to the
list of signals which we handle synchronously via a signalfd.
This avoids a race condition where if we took the SIGTERM
in the middle of qemu_shutdown_requested:
    int r = shutdown_requested;
[SIGTERM here...]
    shutdown_requested = 0;

then the setting of the shutdown_requested flag by
termsig_handler() would be lost and QEMU would fail to
shut down. This was causing 'make check' to hang occasionally.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1411660269-11081-1-git-send-email-peter.maydell@linaro.org
Cc: qemu-stable@nongnu.org
7 years agocpu-exec: Do CPU_INTERRUPT_HALT unconditionally
Richard Henderson [Sat, 13 Sep 2014 16:45:34 +0000 (09:45 -0700)] 
cpu-exec: Do CPU_INTERRUPT_HALT unconditionally

The signal is currently checked by 10 targets, but only actually
raised by Sparc and ARM.  For the sake of one test-and-branch,
we can handle this generic bit generically.

Signed-off-by: Richard Henderson <rth@twiddle.net>
Message-id: 1410626734-3804-24-git-send-email-rth@twiddle.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agotarget-i386: Use cpu_exec_interrupt qom hook
Richard Henderson [Sat, 13 Sep 2014 16:45:33 +0000 (09:45 -0700)] 
target-i386: Use cpu_exec_interrupt qom hook

Signed-off-by: Richard Henderson <rth@twiddle.net>
Message-id: 1410626734-3804-23-git-send-email-rth@twiddle.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agotarget-ppc: Use cpu_exec_interrupt qom hook
Richard Henderson [Sat, 13 Sep 2014 16:45:32 +0000 (09:45 -0700)] 
target-ppc: Use cpu_exec_interrupt qom hook

Cc: qemu-ppc@nongnu.org
Signed-off-by: Richard Henderson <rth@twiddle.net>
Message-id: 1410626734-3804-22-git-send-email-rth@twiddle.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agotarget-lm32: Use cpu_exec_interrupt qom hook
Richard Henderson [Sat, 13 Sep 2014 16:45:31 +0000 (09:45 -0700)] 
target-lm32: Use cpu_exec_interrupt qom hook

Cc: Michael Walle <michael@walle.cc>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Acked-by: Michael Walle <michael@walle.cc>
Message-id: 1410626734-3804-21-git-send-email-rth@twiddle.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agotarget-microblaze: Use cpu_exec_interrupt qom hook
Richard Henderson [Sat, 13 Sep 2014 16:45:30 +0000 (09:45 -0700)] 
target-microblaze: Use cpu_exec_interrupt qom hook

Cc: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Message-id: 1410626734-3804-20-git-send-email-rth@twiddle.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agotarget-mips: Use cpu_exec_interrupt qom hook
Richard Henderson [Sat, 13 Sep 2014 16:45:29 +0000 (09:45 -0700)] 
target-mips: Use cpu_exec_interrupt qom hook

Cc: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Tested-by: Leon Alrae <leon.alrae@imgtec.com>
Message-id: 1410626734-3804-19-git-send-email-rth@twiddle.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agotarget-tricore: Remove the dummy interrupt boilerplate
Richard Henderson [Sat, 13 Sep 2014 16:45:28 +0000 (09:45 -0700)] 
target-tricore: Remove the dummy interrupt boilerplate

It can go back in when it actually does something.

Cc: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-id: 1410626734-3804-18-git-send-email-rth@twiddle.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agotarget-openrisc: Use cpu_exec_interrupt qom hook
Richard Henderson [Sat, 13 Sep 2014 16:45:27 +0000 (09:45 -0700)] 
target-openrisc: Use cpu_exec_interrupt qom hook

Cc: Jia Liu <proljc@gmail.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Tested-by: Jia Liu <proljc@gmail.com>
Message-id: 1410626734-3804-17-git-send-email-rth@twiddle.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agotarget-sparc: Use cpu_exec_interrupt qom hook
Richard Henderson [Sat, 13 Sep 2014 16:45:26 +0000 (09:45 -0700)] 
target-sparc: Use cpu_exec_interrupt qom hook

Cc: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Message-id: 1410626734-3804-16-git-send-email-rth@twiddle.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agotarget-arm: Use cpu_exec_interrupt qom hook
Richard Henderson [Sat, 13 Sep 2014 16:45:25 +0000 (09:45 -0700)] 
target-arm: Use cpu_exec_interrupt qom hook

Cc: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Message-id: 1410626734-3804-15-git-send-email-rth@twiddle.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agotarget-unicore32: Use cpu_exec_interrupt qom hook
Richard Henderson [Sat, 13 Sep 2014 16:45:24 +0000 (09:45 -0700)] 
target-unicore32: Use cpu_exec_interrupt qom hook

Cc: Guan Xuetao <gxt@mprc.pku.edu.cn>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Message-id: 1410626734-3804-14-git-send-email-rth@twiddle.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agotarget-sh4: Use cpu_exec_interrupt qom hook
Richard Henderson [Sat, 13 Sep 2014 16:45:23 +0000 (09:45 -0700)] 
target-sh4: Use cpu_exec_interrupt qom hook

Cc: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Message-id: 1410626734-3804-13-git-send-email-rth@twiddle.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agotarget-alpha: Use cpu_exec_interrupt qom hook
Richard Henderson [Sat, 13 Sep 2014 16:45:22 +0000 (09:45 -0700)] 
target-alpha: Use cpu_exec_interrupt qom hook

Signed-off-by: Richard Henderson <rth@twiddle.net>
Message-id: 1410626734-3804-12-git-send-email-rth@twiddle.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agotarget-cris: Use cpu_exec_interrupt qom hook
Richard Henderson [Sat, 13 Sep 2014 16:45:21 +0000 (09:45 -0700)] 
target-cris: Use cpu_exec_interrupt qom hook

Cc: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1410626734-3804-11-git-send-email-rth@twiddle.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agotarget-m68k: Use cpu_exec_interrupt qom hook
Richard Henderson [Sat, 13 Sep 2014 16:45:20 +0000 (09:45 -0700)] 
target-m68k: Use cpu_exec_interrupt qom hook

Since do_interrupt_m68k_hardirq is no longer used outside
op_helper.c, make it static.

Signed-off-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1410626734-3804-10-git-send-email-rth@twiddle.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agotarget-s390x: Use cpu_exec_interrupt qom hook
Richard Henderson [Sat, 13 Sep 2014 16:45:19 +0000 (09:45 -0700)] 
target-s390x: Use cpu_exec_interrupt qom hook

Cc: Alexander Graf <agraf@suse.de>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1410626734-3804-9-git-send-email-rth@twiddle.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agotarget-xtensa: Use cpu_exec_interrupt qom hook
Richard Henderson [Sat, 13 Sep 2014 16:45:18 +0000 (09:45 -0700)] 
target-xtensa: Use cpu_exec_interrupt qom hook

Cc: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Max Filippov <jcmvbkbc@gmail.com>
Message-id: 1410626734-3804-8-git-send-email-rth@twiddle.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agoqom: Add cpu_exec_interrupt hook
Richard Henderson [Sat, 13 Sep 2014 16:45:17 +0000 (09:45 -0700)] 
qom: Add cpu_exec_interrupt hook

Continuing the removal of ifdefs from cpu_exec.

Cc: Andreas Färber <afaerber@suse.de>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Max Filippov <jcmvbkbc@gmail.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1410626734-3804-7-git-send-email-rth@twiddle.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agotarget-ppc: Use cpu_exec_enter qom hook
Richard Henderson [Sat, 13 Sep 2014 16:45:16 +0000 (09:45 -0700)] 
target-ppc: Use cpu_exec_enter qom hook

Cc: qemu-ppc@nongnu.org
Signed-off-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1410626734-3804-6-git-send-email-rth@twiddle.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agotarget-m68k: Use cpu_exec_enter/exit qom hooks
Richard Henderson [Sat, 13 Sep 2014 16:45:15 +0000 (09:45 -0700)] 
target-m68k: Use cpu_exec_enter/exit qom hooks

Signed-off-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1410626734-3804-5-git-send-email-rth@twiddle.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agotarget-i386: Use cpu_exec_enter/exit qom hooks
Richard Henderson [Sat, 13 Sep 2014 16:45:14 +0000 (09:45 -0700)] 
target-i386: Use cpu_exec_enter/exit qom hooks

Note that the code that was within the "exit" ifdef block
was identical to the cpu_compute_eflags inline, so make that
simplification at the same time.

Signed-off-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1410626734-3804-4-git-send-email-rth@twiddle.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agocpu-exec: Remove do-nothing ifdef chains
Richard Henderson [Sat, 13 Sep 2014 16:45:13 +0000 (09:45 -0700)] 
cpu-exec: Remove do-nothing ifdef chains

Around the cpu_exec_enter/exit hooks contain many empty
ifdef blocks.  Delete all of these to highlight those
targets for which we actually need to do work.

Signed-off-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1410626734-3804-3-git-send-email-rth@twiddle.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agoqom: Add cpu_exec_enter and cpu_exec_exit hooks
Richard Henderson [Sat, 13 Sep 2014 16:45:12 +0000 (09:45 -0700)] 
qom: Add cpu_exec_enter and cpu_exec_exit hooks

In preparation for removing a bunch of ifdefs from cpu_exec.

Cc: Andreas Färber <afaerber@suse.de>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1410626734-3804-2-git-send-email-rth@twiddle.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agoMerge remote-tracking branch 'remotes/mcayland/tags/qemu-openbios-signed' into staging
Peter Maydell [Thu, 25 Sep 2014 15:58:04 +0000 (16:58 +0100)] 
Merge remote-tracking branch 'remotes/mcayland/tags/qemu-openbios-signed' into staging

Update OpenBIOS images

# gpg: Signature made Thu 25 Sep 2014 13:35:55 BST using RSA key ID AE0F321F
# gpg: Good signature from "Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: CC62 1AB9 8E82 200D 915C  C9C4 5BC2 C56F AE0F 321F

* remotes/mcayland/tags/qemu-openbios-signed:
  Update OpenBIOS images

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agoUpdate OpenBIOS images
Mark Cave-Ayland [Thu, 25 Sep 2014 12:34:03 +0000 (13:34 +0100)] 
Update OpenBIOS images

Update OpenBIOS images to SVN r1320 built from submodule.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
7 years agoMerge remote-tracking branch 'remotes/mcayland/tags/qemu-sparc-signed' into staging
Peter Maydell [Wed, 24 Sep 2014 12:45:12 +0000 (13:45 +0100)] 
Merge remote-tracking branch 'remotes/mcayland/tags/qemu-sparc-signed' into staging

tcx: Implement hardware acceleration

# gpg: Signature made Tue 23 Sep 2014 22:52:34 BST using RSA key ID AE0F321F
# gpg: Can't check signature: public key not found

* remotes/mcayland/tags/qemu-sparc-signed:
  tcx: Implement hardware acceleration

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agovirtio: Fix wrong type cast from pointer to long
Stefan Weil [Wed, 24 Sep 2014 05:20:02 +0000 (07:20 +0200)] 
virtio: Fix wrong type cast from pointer to long

Compiler warning (w32, w64):

include/hw/virtio/virtio_ring.h:142:26: warning:
 cast from pointer to integer of different size [-Wpointer-to-int-cast]

When sizeof(long) < sizeof(void *), this is not only a warning but a
real program error.

Add also missing blanks in the same statement.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1411536002-14088-1-git-send-email-sw@weilnetz.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agoMerge remote-tracking branch 'remotes/awilliam/tags/vfio-pci-for-qemu-20140923.0...
Peter Maydell [Wed, 24 Sep 2014 11:00:08 +0000 (12:00 +0100)] 
Merge remote-tracking branch 'remotes/awilliam/tags/vfio-pci-for-qemu-20140923.0' into staging

Endian updates to re-fix cross endian host and guest and
enable the same for ROM loading (Alexey)

# gpg: Signature made Tue 23 Sep 2014 18:03:03 BST using RSA key ID 3BB08B22
# gpg: Can't check signature: public key not found

* remotes/awilliam/tags/vfio-pci-for-qemu-20140923.0:
  vfio: make rom read endian sensitive
  Revert "vfio: Make BARs native endian"

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agotcx: Implement hardware acceleration
Mark Cave-Ayland [Sat, 13 Sep 2014 09:44:07 +0000 (10:44 +0100)] 
tcx: Implement hardware acceleration

The S24/TCX framebuffer is a mildly accelerated video card with
blitter, stippler and hardware cursor.

* Solaris and NetBSD 6.x use all the hardware acceleration features
* The Xorg driver (used by Linux) can use the hardware cursor only

This patch implements hardware acceleration in both 8 bit and 24 bit
modes. It is based on the NetBSD driver sources and from tests with
Solaris.

Signed-off-by: Olivier Danet <odanet@caramail.com>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
7 years agoslirp: udp: fix NULL pointer dereference because of uninitialized socket
Petr Matousek [Thu, 18 Sep 2014 06:35:37 +0000 (08:35 +0200)] 
slirp: udp: fix NULL pointer dereference because of uninitialized socket

When guest sends udp packet with source port and source addr 0,
uninitialized socket is picked up when looking for matching and already
created udp sockets, and later passed to sosendto() where NULL pointer
dereference is hit during so->slirp->vnetwork_mask.s_addr access.

Fix this by checking that the socket is not just a socket stub.

This is CVE-2014-3640.

Signed-off-by: Petr Matousek <pmatouse@redhat.com>
Reported-by: Xavier Mehrenberger <xavier.mehrenberger@airbus.com>
Reported-by: Stephane Duverger <stephane.duverger@eads.net>
Reviewed-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Message-id: 20140918063537.GX9321@dhcp-25-225.brq.redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agoMerge remote-tracking branch 'remotes/kraxel/tags/pull-usb-20140923-1' into staging
Peter Maydell [Tue, 23 Sep 2014 13:43:47 +0000 (14:43 +0100)] 
Merge remote-tracking branch 'remotes/kraxel/tags/pull-usb-20140923-1' into staging

usb: enable hotplug, switch to realize, ohci tracing, misc fixes.

# gpg: Signature made Tue 23 Sep 2014 12:42:29 BST using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-usb-20140923-1: (26 commits)
  usb: tag standalone ehci as hotpluggable
  usb: tag standalone uhci as hotpluggable
  usb: tag xhci as hotpluggable
  usb-serial: only check speed once at realize time
  usb-bus: introduce a wrapper function to check speed
  usb-bus: remove "init" from USBDeviceClass struct
  usb-mtp: convert init to realize
  usb-redir: convert init to realize
  usb-audio: convert init to realize
  dev-wacom: convert init to realize
  dev-hid: convert init to realize
  usb-ccid: convert init to realize
  dev-serial: convert init to realize
  dev-bluetooth: convert init to realize
  dev-uas: using error_report instead of fprintf
  dev-uas: convert init to realize
  dev-storage: usring error_report instead of fprintf/printf
  dev-storage: convert init to realize
  usb-hub: convert init to realize
  libusb: using error_report instead of fprintf
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agoMerge remote-tracking branch 'remotes/borntraeger/tags/s390x-20140923' into staging
Peter Maydell [Tue, 23 Sep 2014 12:28:06 +0000 (13:28 +0100)] 
Merge remote-tracking branch 'remotes/borntraeger/tags/s390x-20140923' into staging

s390x/kvm: some fixes and cleanups

1. sclp: get of of duplicate defines
2. ccw: implement and fix handling of some special cases

# gpg: Signature made Tue 23 Sep 2014 13:10:47 BST using RSA key ID B5A61C7C
# gpg: Can't check signature: public key not found

* remotes/borntraeger/tags/s390x-20140923:
  s390x/css: catch ccw sequence errors
  s390x/css: support format-0 ccws
  s390x: remove duplicate defines in SCLP code

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agos390x/css: catch ccw sequence errors
Cornelia Huck [Fri, 5 Sep 2014 07:33:18 +0000 (09:33 +0200)] 
s390x/css: catch ccw sequence errors

We must not allow chains of more than 255 ccws without data transfer.

Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
7 years agos390x/css: support format-0 ccws
Cornelia Huck [Fri, 5 Sep 2014 07:33:17 +0000 (09:33 +0200)] 
s390x/css: support format-0 ccws

Add support for format-0 ccws in channel programs. As a format-1 ccw
contains the same information as format-0 ccws, only supporting larger
addresses, simply convert every ccw to format-1 as we walk the chain.

Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
7 years agos390x: remove duplicate defines in SCLP code
Jens Freimann [Fri, 5 Sep 2014 07:33:16 +0000 (09:33 +0200)] 
s390x: remove duplicate defines in SCLP code

Let's get rid of these duplicate defines.

Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
7 years agoMerge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging
Peter Maydell [Tue, 23 Sep 2014 11:08:55 +0000 (12:08 +0100)] 
Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging

# gpg: Signature made Mon 22 Sep 2014 12:41:59 BST using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"

* remotes/stefanha/tags/block-pull-request: (59 commits)
  block: Always compile virtio-blk dataplane
  vring: Better error handling if num is too large
  virtio: Import virtio_vring.h
  async: aio_context_new(): Handle event_notifier_init failure
  block: vhdx - fix reading beyond pointer during image creation
  block: delete cow block driver
  block/archipelago: Fix typo in qemu_archipelago_truncate()
  ahci: Add test_identify case to ahci-test.
  ahci: Add test_hba_enable to ahci-test.
  ahci: Add test_hba_spec to ahci-test.
  ahci: properly shadow the TFD register
  ahci: add test_pci_enable to ahci-test.
  ahci: Add test_pci_spec to ahci-test.
  ahci: MSI capability should be at 0x80, not 0x50.
  ahci: Adding basic functionality qtest.
  layout: Add generators for refcount table and blocks
  fuzz: Add fuzzing functions for entries of refcount table and blocks
  docs: List all image elements currently supported by the fuzzer
  qapi/block-core: Add "new" qcow2 options
  qcow2: Add overlap-check.template option
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agousb: tag standalone ehci as hotpluggable
Gerd Hoffmann [Fri, 29 Aug 2014 12:40:08 +0000 (14:40 +0200)] 
usb: tag standalone ehci as hotpluggable

Add a flag to EHCIPCIInfo saying whenever the controller supports
companions or not.  Make sure we only allow registering companions for
ehci versions supporting that.  Enable pci hotplug for the ehci
variants not supporting companions.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
7 years agousb: tag standalone uhci as hotpluggable
Gerd Hoffmann [Fri, 29 Aug 2014 12:13:11 +0000 (14:13 +0200)] 
usb: tag standalone uhci as hotpluggable

uhci hostadapters in companion setups can't be hotplugged.  So leave
hotplug disabled for all ich9 variants (which are already tagged with
unplug = true in the info struct).  For the other variants we'll enable
hotplug and remove the companion setup properties.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
7 years agousb: tag xhci as hotpluggable
Gerd Hoffmann [Fri, 29 Aug 2014 12:06:15 +0000 (14:06 +0200)] 
usb: tag xhci as hotpluggable

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
7 years agousb-serial: only check speed once at realize time
Gonglei [Fri, 19 Sep 2014 07:25:21 +0000 (15:25 +0800)] 
usb-serial: only check speed once at realize time

Whatever the chardev is open or not, we should assure
the speed is matched each other. So, call usb_check_attach()
check speed. And then pass &error_abort at all calls to
usb_device_attach().

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
7 years agousb-bus: introduce a wrapper function to check speed
Gonglei [Fri, 19 Sep 2014 07:25:20 +0000 (15:25 +0800)] 
usb-bus: introduce a wrapper function to check speed

In this way, we can check speed directly, don't need
call usb_device_attach(), which has other conditions,
such as checking the chardev is open.

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
7 years agousb-bus: remove "init" from USBDeviceClass struct
Gonglei [Fri, 19 Sep 2014 06:48:41 +0000 (14:48 +0800)] 
usb-bus: remove "init" from USBDeviceClass struct

All usb-bus devices are realized by realize(),
remove init callback function from USBDeviceClass struct.

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
7 years agousb-mtp: convert init to realize
Gonglei [Fri, 19 Sep 2014 06:48:40 +0000 (14:48 +0800)] 
usb-mtp: convert init to realize

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
7 years agousb-redir: convert init to realize
Gonglei [Fri, 19 Sep 2014 06:48:39 +0000 (14:48 +0800)] 
usb-redir: convert init to realize

In this way, all the implementations now use
error_setg instead of qerror_report for reporting error.

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
7 years agousb-audio: convert init to realize
Gonglei [Fri, 19 Sep 2014 06:48:38 +0000 (14:48 +0800)] 
usb-audio: convert init to realize

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
7 years agodev-wacom: convert init to realize
Gonglei [Fri, 19 Sep 2014 06:48:37 +0000 (14:48 +0800)] 
dev-wacom: convert init to realize

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
7 years agodev-hid: convert init to realize
Gonglei [Fri, 19 Sep 2014 06:48:36 +0000 (14:48 +0800)] 
dev-hid: convert init to realize

In this way, all the implementations now use
error_setg instead of error_report for reporting error.

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
7 years agousb-ccid: convert init to realize
Gonglei [Fri, 19 Sep 2014 06:48:35 +0000 (14:48 +0800)] 
usb-ccid: convert init to realize

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
7 years agodev-serial: convert init to realize
Gonglei [Fri, 19 Sep 2014 06:48:34 +0000 (14:48 +0800)] 
dev-serial: convert init to realize

In this way, all the implementations now use
error_setg instead of error_report for reporting error.

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
7 years agodev-bluetooth: convert init to realize
Gonglei [Fri, 19 Sep 2014 06:48:33 +0000 (14:48 +0800)] 
dev-bluetooth: convert init to realize

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
7 years agodev-uas: using error_report instead of fprintf
Gonglei [Fri, 19 Sep 2014 06:48:32 +0000 (14:48 +0800)] 
dev-uas: using error_report instead of fprintf

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
7 years agodev-uas: convert init to realize
Gonglei [Fri, 19 Sep 2014 06:48:31 +0000 (14:48 +0800)] 
dev-uas: convert init to realize

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
7 years agodev-storage: usring error_report instead of fprintf/printf
Gonglei [Fri, 19 Sep 2014 06:48:30 +0000 (14:48 +0800)] 
dev-storage: usring error_report instead of fprintf/printf

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
7 years agodev-storage: convert init to realize
Gonglei [Fri, 19 Sep 2014 06:48:29 +0000 (14:48 +0800)] 
dev-storage: convert init to realize

In this way, all the implementations now use
error_setg instead of error_report for reporting error.

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
7 years agousb-hub: convert init to realize
Gonglei [Fri, 19 Sep 2014 06:48:28 +0000 (14:48 +0800)] 
usb-hub: convert init to realize

In this way, all the implementations now use
error_setg instead of error_report for reporting error.

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
7 years agolibusb: using error_report instead of fprintf
Gonglei [Fri, 19 Sep 2014 06:48:27 +0000 (14:48 +0800)] 
libusb: using error_report instead of fprintf

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
7 years agolibusb: convert init to realize
Gonglei [Fri, 19 Sep 2014 06:48:26 +0000 (14:48 +0800)] 
libusb: convert init to realize

In this way, all the implementations now use
error_setg instead of error_report for reporting error.

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
7 years agousb-net: convert init to realize
Gonglei [Fri, 19 Sep 2014 06:48:25 +0000 (14:48 +0800)] 
usb-net: convert init to realize

meanwhile, qerror_report_err() is a transitional interface to
help with converting existing HMP commands to QMP. It should
not be used elsewhere.

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
7 years agousb-bus: convert USBDeviceClass init to realize
Gonglei [Fri, 19 Sep 2014 06:48:24 +0000 (14:48 +0800)] 
usb-bus: convert USBDeviceClass init to realize

Add "realize/unrealize" in USBDeviceClass, which has errp
as a parameter. So all the implementations now use
error_setg instead of error_report for reporting error.

Note: this patch still keep "init" in USBDeviceClass, and
call kclass->init in usb_device_realize(), avoid breaking
git bisect. After realize all usb devices, will be removed.

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
7 years agoohci: Convert fprint/DPRINTF/print to traces
Alexey Kardashevskiy [Fri, 12 Sep 2014 08:55:26 +0000 (18:55 +1000)] 
ohci: Convert fprint/DPRINTF/print to traces

This converts many kinds of debug prints to traces.

This implements packets logging to avoid unnecessary calculations if
usb_ohci_td_pkt_short/usb_ohci_td_pkt_long is not enabled.

This makes OHCI errors (such as "DMA error") invisible by default.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
7 years agoMerge remote-tracking branch 'remotes/mjt/tags/trivial-patches-2014-09-22' into staging
Peter Maydell [Tue, 23 Sep 2014 10:00:07 +0000 (11:00 +0100)] 
Merge remote-tracking branch 'remotes/mjt/tags/trivial-patches-2014-09-22' into staging

trivial patches for 2014-09-22

# gpg: Signature made Mon 22 Sep 2014 09:10:03 BST using RSA key ID A4C3D7DB
# gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>"
# gpg:                 aka "Michael Tokarev <mjt@corpit.ru>"
# gpg:                 aka "Michael Tokarev <mjt@debian.org>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6EE1 95D1 886E 8FFB 810D  4324 457C E0A0 8044 65C5
#      Subkey fingerprint: 6F67 E18E 7C91 C5B1 5514  66A7 BEE5 9D74 A4C3 D7DB

* remotes/mjt/tags/trivial-patches-2014-09-22:
  arch_init: Setting QEMU_ARCH enum straight
  pc: Add missing 'static' attribute
  block: allow creation of fixed vhdx images
  vl: Print maxmem in hex format for error message
  configure: trivial fixes
  xen-hvm.c: Always return -1 when failure occurs in xen_hvm_init()
  rdma: Fix incorrect description in comments
  Fix typos and misspellings in comments
  qemu-char: Permit only a single "stdio" character device

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7 years agousb-storage: fix possible memory leak and missing error message
Gonglei [Fri, 19 Sep 2014 06:48:23 +0000 (14:48 +0800)] 
usb-storage: fix possible memory leak and missing error message

When scsi_bus_legacy_add_drive() return NULL, meanwhile err will
be not NULL, which will casue memory leak and missing error message.

Cc: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
7 years agovfio: make rom read endian sensitive
Nikunj A Dadhania [Mon, 22 Sep 2014 21:27:43 +0000 (15:27 -0600)] 
vfio: make rom read endian sensitive

All memory regions used by VFIO are LITTLE_ENDIAN and they
already take care of endiannes when accessing real device BARs
except ROM - it was broken on BE hosts.

This fixes endiannes for ROM BARs the same way as it is done
for other BARs.

This has been tested on PPC64 BE/LE host/guest in all possible
combinations including TCG.

Signed-off-by: Nikunj A Dadhania <nikunj@linux.vnet.ibm.com>
[aik: added commit log]
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
7 years agoRevert "vfio: Make BARs native endian"
Alexey Kardashevskiy [Mon, 22 Sep 2014 21:26:36 +0000 (15:26 -0600)] 
Revert "vfio: Make BARs native endian"

This reverts commit c40708176a6b52b73bec14796b7c71b882ceb102.

The resulting code wrongly assumed target and host endianness are
the same which is not always the case for PPC64.

[aw: or potentially any host supporting VFIO and TCG]

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
7 years agoblock: Always compile virtio-blk dataplane
Fam Zheng [Wed, 10 Sep 2014 06:17:51 +0000 (14:17 +0800)] 
block: Always compile virtio-blk dataplane

Dataplane doesn't depend on linux-aio any more, so we don't need the
compiling condition now.

Configure options are kept but just print a message.

Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1410329871-28885-4-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
7 years agovring: Better error handling if num is too large
Fam Zheng [Wed, 10 Sep 2014 06:17:50 +0000 (14:17 +0800)] 
vring: Better error handling if num is too large

To be more consistent inside this function.

Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1410329871-28885-3-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
7 years agovirtio: Import virtio_vring.h
Fam Zheng [Wed, 10 Sep 2014 06:17:49 +0000 (14:17 +0800)] 
virtio: Import virtio_vring.h

This header has no further dependencies. It only has some stable data
types and primitive functions, so we can copy it to include/hw/virtio in
order to allow vring code (and its user virtio-blk dataplane) to be
built unconditionally, even for cross compiling.

Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1410329871-28885-2-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
7 years agoasync: aio_context_new(): Handle event_notifier_init failure
Chrysostomos Nanakos [Thu, 18 Sep 2014 11:30:49 +0000 (14:30 +0300)] 
async: aio_context_new(): Handle event_notifier_init failure

On a system with a low limit of open files the initialization
of the event notifier could fail and QEMU exits without printing any
error information to the user.

The problem can be easily reproduced by enforcing a low limit of open
files and start QEMU with enough I/O threads to hit this limit.

The same problem raises, without the creation of I/O threads, while
QEMU initializes the main event loop by enforcing an even lower limit of
open files.

This commit adds an error message on failure:

 # qemu [...] -object iothread,id=iothread0 -object iothread,id=iothread1
 qemu: Failed to initialize event notifier: Too many open files in system

Signed-off-by: Chrysostomos Nanakos <cnanakos@grnet.gr>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
7 years agoblock: vhdx - fix reading beyond pointer during image creation
Jeff Cody [Tue, 16 Sep 2014 19:12:06 +0000 (15:12 -0400)] 
block: vhdx - fix reading beyond pointer during image creation

In vhdx_create_metadata(), we allocate 40 bytes to entry_buffer for
the various metadata table entries.  However, we write out 64kB from
that buffer into the new file.  Only write out the correct 40 bytes.

Signed-off-by: Jeff Cody <jcody@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
7 years agoblock: delete cow block driver
Stefan Hajnoczi [Tue, 16 Sep 2014 14:24:24 +0000 (15:24 +0100)] 
block: delete cow block driver

This patch removes support for the cow file format.

Normally we do not break backwards compatibility but in this case there
is no impact and it is the most logical option.  Extraordinary claims
require extraordinary evidence so I will show why removing the cow block
driver is the right thing to do.

The cow file format is the disk image format for Usermode Linux, a way
of running a Linux system in userspace.  The performance of UML was
never great and it was hacky, but it enjoyed some popularity before
hardware virtualization support became mainstream.

QEMU's block/cow.c is supposed to read this image file format.
Unfortunately the file format was underspecified:

1. Earlier Linux versions used the MAXPATHLEN constant for the backing
   filename field.  The value of MAXPATHLEN can change, so Linux
   switched to a 4096 literal but QEMU has a 1024 literal.

2. Padding was not used on the header struct (both in the Linux kernel
   and in QEMU) so the struct layout varied across architectures.  In
   particular, i386 and x86_64 were different due to int64_t alignment
   differences.  Linux now uses __attribute__((packed)), QEMU does not.

Therefore:

1. QEMU cow images do not conform to the Linux cow image file format.

2. cow images cannot be shared between different host architectures.

This means QEMU cow images are useless and QEMU has not had bug reports
from users actually hitting these issues.

Let's get rid of this thing, it serves no purpose and no one will be
affected.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1410877464-20481-1-git-send-email-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
7 years agoblock/archipelago: Fix typo in qemu_archipelago_truncate()
Chrysostomos Nanakos [Tue, 16 Sep 2014 09:17:11 +0000 (12:17 +0300)] 
block/archipelago: Fix typo in qemu_archipelago_truncate()

Fix a typo introduced by 94c80a438c85f2c19698547fbb115ea46d80c5f1

Signed-off-by: Chrysostomos Nanakos <cnanakos@grnet.gr>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
7 years agoahci: Add test_identify case to ahci-test.
John Snow [Thu, 21 Aug 2014 17:44:39 +0000 (13:44 -0400)] 
ahci: Add test_identify case to ahci-test.

Utilizing all of the bring-up code in pci_enable and hba_enable,
this test issues a simple IDENTIFY command via the HBA and retrieves
the response via the PIO receive mechanisms of the HBA.

Bugs: The DPS interrupt (Descriptor Processed Status) does not
currently get set. This will need to be adjusted in a future
patch series when the AHCI DMA pathways are reworked to allow
the feature, which may be utilized by OSX guests.

Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1408643079-30675-9-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
7 years agoahci: Add test_hba_enable to ahci-test.
John Snow [Thu, 21 Aug 2014 17:44:38 +0000 (13:44 -0400)] 
ahci: Add test_hba_enable to ahci-test.

This test engages the HBA functionality and initializes
values to sane defaults to allow for minimal HBA functionality.

Buffers are allocated and pointers are updated to allow minimal
I/O commands to complete as expected. Error registers and responses
are sanity checked for specification adherence.

Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1408643079-30675-8-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
7 years agoahci: Add test_hba_spec to ahci-test.
John Snow [Thu, 21 Aug 2014 17:44:37 +0000 (13:44 -0400)] 
ahci: Add test_hba_spec to ahci-test.

Add a test routine that checks the boot-up values of the HBA
configuration memory space against the AHCI 1.3 specification
and Intel ICH9 data sheet (for Q35 machines) for adherence and
sane values.

The HBA is not yet engaged or put into the idle state.

[Replaced g_assert_false(...) with g_assert(!...) for glib <2.38
compatibility, reported by Peter Maydell <peter.maydell@linaro.org>.
--Stefan]

Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1408643079-30675-7-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
7 years agoahci: properly shadow the TFD register
John Snow [Thu, 21 Aug 2014 17:44:36 +0000 (13:44 -0400)] 
ahci: properly shadow the TFD register

In a real AHCI device, several S/ATA registers are mirrored or shadowed
within the AHCI register set. These registers are not updated
synchronously for each read access, but are instead updated after a
Device-to-Host Register FIS packet is received. The D2H FIS contains
the values from these registers on the device.

In QEMU, by reaching directly into the device to grab these bits before
they are "sent," we may introduce race conditions where unexpected
values are present "before they are sent" which could cause issues for
some guests, particularly if an attempt is made to read the PxTFD
register prior to enabling the port, where incorrect values will be read.

This patch also addresses the boot-time values for the PxTFD and PxSIG
registers to bring them in line with the AHCI 1.3 specification.

Lastly, several fields (PxTFD, PxSIG and PxSACT) are read-only,
and any attempts to write to them should be ignored.

Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1408643079-30675-6-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
7 years agoahci: add test_pci_enable to ahci-test.
John Snow [Thu, 21 Aug 2014 17:44:35 +0000 (13:44 -0400)] 
ahci: add test_pci_enable to ahci-test.

This adds a test wherein we engage the PCI AHCI
device and ensure that the memory region for the
HBA functionality is now accessible.

Under Q35 environments, additional PCI configuration
is performed to ensure that the HBA functionality
will become usable.

Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1408643079-30675-5-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
7 years agoahci: Add test_pci_spec to ahci-test.
John Snow [Thu, 21 Aug 2014 17:44:34 +0000 (13:44 -0400)] 
ahci: Add test_pci_spec to ahci-test.

Adds a specification adherence test for AHCI
where the boot-up values for the PCI configuration space
are compared against the AHCI 1.3 specification.

This test does not itself attempt to engage the device.

Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1408643079-30675-4-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
7 years agoahci: MSI capability should be at 0x80, not 0x50.
John Snow [Thu, 21 Aug 2014 17:44:33 +0000 (13:44 -0400)] 
ahci: MSI capability should be at 0x80, not 0x50.

In the Intel ICH9 data sheet, the MSI capability offset
in the PCI configuration space for ICH9 AHCI devices is
specified to be 0x80.

Further, the PCI capability pointer should always point
to 0x80 in ICH9 devices, despite the fact that AHCI 1.3
specifies that it should be pointing to PMCAP (Which in
this instance would be 0x70) to maintain adherence to
the Intel data sheet specifications and real observed behavior.

Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1408643079-30675-3-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
7 years agoahci: Adding basic functionality qtest.
John Snow [Thu, 21 Aug 2014 17:44:32 +0000 (13:44 -0400)] 
ahci: Adding basic functionality qtest.

Currently, there is no qtest to test the functionality of
the AHCI functionality present within the Q35 machine type.

This patch adds a skeleton for an AHCI test suite,
and adds a simple sanity-check test case where we
identify that the AHCI device is present, then
disengage the virtual machine.

Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1408643079-30675-2-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
7 years agolayout: Add generators for refcount table and blocks
Maria Kustova [Tue, 19 Aug 2014 12:25:13 +0000 (16:25 +0400)] 
layout: Add generators for refcount table and blocks

Refcount structures are placed in clusters randomly selected from all
unallocated host clusters.

Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Maria Kustova <maria.k@catit.be>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-id: 7e2f38608db6fba2da53997390b19400d445c45d.1408450493.git.maria.k@catit.be
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
7 years agofuzz: Add fuzzing functions for entries of refcount table and blocks
Maria Kustova [Tue, 19 Aug 2014 12:25:12 +0000 (16:25 +0400)] 
fuzz: Add fuzzing functions for entries of refcount table and blocks

Reviewed-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Maria Kustova <maria.k@catit.be>
Message-id: c9f4027b6f401c67e9d18f94aed29be445e81d48.1408450493.git.maria.k@catit.be
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
7 years agodocs: List all image elements currently supported by the fuzzer
Maria Kustova [Tue, 19 Aug 2014 12:25:11 +0000 (16:25 +0400)] 
docs: List all image elements currently supported by the fuzzer

Reviewed-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Maria Kustova <maria.k@catit.be>
Message-id: cb71485d0f55d1d8401eebaead8324eb78673060.1408450493.git.maria.k@catit.be
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
7 years agoqapi/block-core: Add "new" qcow2 options
Max Reitz [Wed, 20 Aug 2014 17:59:36 +0000 (19:59 +0200)] 
qapi/block-core: Add "new" qcow2 options

qcow2 supports more than four options by now, add the new options
(overlap check mode and metadata cache size)

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1408557576-14574-5-git-send-email-mreitz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
7 years agoqcow2: Add overlap-check.template option
Max Reitz [Wed, 20 Aug 2014 17:59:35 +0000 (19:59 +0200)] 
qcow2: Add overlap-check.template option

Being able to set the overlap-check option to a string and then refine
it via the overlap-check.* options is a nice idea for the command line
but does not work so well for non-flattened dicts. In that case, one can
only specify either but not both, so add a field to overlap-check.*
which does the same as directly specifying overlap-check but can be used
in conjunction with the other fields in non-flattened dicts.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1408557576-14574-4-git-send-email-mreitz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
7 years agoqapi: Allow enums in anonymous unions
Max Reitz [Wed, 20 Aug 2014 17:59:34 +0000 (19:59 +0200)] 
qapi: Allow enums in anonymous unions

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1408557576-14574-3-git-send-email-mreitz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
7 years agoqcow2: Fix leak of QemuOpts in qcow2_open()
Max Reitz [Wed, 20 Aug 2014 17:59:33 +0000 (19:59 +0200)] 
qcow2: Fix leak of QemuOpts in qcow2_open()

Currently, the QemuOpts object opts is leaked if anything fails from its
creation up to and including the image repair block. Fix this by freeing
that object in the fail path.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Benoît Canet <benoit.canet@nodalink.com>
Message-id: 1408557576-14574-2-git-send-email-mreitz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
7 years agohmp: fix memory leak at hmp_info_block_jobs()
Gonglei [Tue, 16 Sep 2014 13:36:55 +0000 (21:36 +0800)] 
hmp: fix memory leak at hmp_info_block_jobs()

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1410874615-14292-1-git-send-email-arei.gonglei@huawei.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
7 years agoimage-fuzzer: Trivial readability and formatting improvements
Maria Kustova [Sun, 14 Sep 2014 12:07:02 +0000 (16:07 +0400)] 
image-fuzzer: Trivial readability and formatting improvements

Signed-off-by: Maria Kustova <maria.k@catit.be>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
7 years agoiotests: Add more tests for qcow2 corruption
Max Reitz [Fri, 5 Sep 2014 14:07:19 +0000 (16:07 +0200)] 
iotests: Add more tests for qcow2 corruption

Add tests for unaligned L1/L2/reftable entries and non-fatal corruption
reports.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1409926039-29044-6-git-send-email-mreitz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
7 years agoqcow2: Check L1/L2/reftable entries for alignment
Max Reitz [Fri, 5 Sep 2014 14:07:18 +0000 (16:07 +0200)] 
qcow2: Check L1/L2/reftable entries for alignment

Offsets taken from the L1, L2 and refcount tables are generally assumed
to be correctly aligned. However, this cannot be guaranteed if the image
has been written to by something different than qemu, thus check all
offsets taken from these tables for correct cluster alignment.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1409926039-29044-5-git-send-email-mreitz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
7 years agoqcow2: Use qcow2_signal_corruption() for overlaps
Max Reitz [Fri, 5 Sep 2014 14:07:17 +0000 (16:07 +0200)] 
qcow2: Use qcow2_signal_corruption() for overlaps

Use the new function in case of a failed overlap check.

This changes output in case of corruption, so adapt iotest 060's
reference output accordingly.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Benoît Canet <benoit.canet@nodalink.com>
Message-id: 1409926039-29044-4-git-send-email-mreitz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
7 years agoqcow2: Add qcow2_signal_corruption()
Max Reitz [Fri, 5 Sep 2014 14:07:16 +0000 (16:07 +0200)] 
qcow2: Add qcow2_signal_corruption()

Add a helper function for easily marking an image corrupt (on fatal
corruptions) while outputting an informative message to stderr and via
QAPI.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Benoît Canet <benoit.canet@nodalink.com>
Message-id: 1409926039-29044-3-git-send-email-mreitz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
7 years agoqapi/block: Add "fatal" to BLOCK_IMAGE_CORRUPTED
Max Reitz [Fri, 5 Sep 2014 14:07:15 +0000 (16:07 +0200)] 
qapi/block: Add "fatal" to BLOCK_IMAGE_CORRUPTED

Not every BLOCK_IMAGE_CORRUPTED event must be fatal; for example, when
reading from an image, they should generally not be. Nonetheless, even
an image only read from may of course be corrupted and this can be
detected during normal operation. In this case, a non-fatal event should
be emitted, but the image should not be marked corrupt (in accordance to
"fatal" set to false).

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1409926039-29044-2-git-send-email-mreitz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
7 years agoqapi: Sort items in BlockdevOptions definition
Fam Zheng [Thu, 11 Sep 2014 06:09:58 +0000 (14:09 +0800)] 
qapi: Sort items in BlockdevOptions definition

Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Benoît Canet <benoit.canet@nodalink.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1410415798-20673-4-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
7 years agoqapi: Sort BlockdevDriver enum data list
Fam Zheng [Thu, 11 Sep 2014 06:09:57 +0000 (14:09 +0800)] 
qapi: Sort BlockdevDriver enum data list

Reviewed-by: Benoît Canet <benoit.canet@nodalink.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1410415798-20673-3-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
7 years agoblock: Introduce "null" drivers
Fam Zheng [Thu, 11 Sep 2014 06:09:56 +0000 (14:09 +0800)] 
block: Introduce "null" drivers

This is an analogue to Linux null_blk. It can be used for testing or
benchmarking block device emulation and general block layer
functionalities such as coroutines and throttling, where disk IO is not
necessary or wanted.

Use null-aio:// for AIO version, and null-co:// for coroutine version.

[Resolved conflict with Fam's async bdrv_aio_cancel() series:
1. Drop .bdrv_aio_cancel() since it is now done by block.c
2. Rename qemu_aio_release() to qemu_aio_unref()
--Stefan]

Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Benoît Canet <benoit.canet@nodalink.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1410415798-20673-2-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
7 years agoaio-win32: avoid out-of-bounds access to the events array
Paolo Bonzini [Mon, 15 Sep 2014 12:52:58 +0000 (14:52 +0200)] 
aio-win32: avoid out-of-bounds access to the events array

If ret is WAIT_TIMEOUT and there was an event returned by select(),
we can write to a location after the end of the array.  But in
that case we can retry the WaitForMultipleObjects call with the
same set of events, so just move the event[ret - WAIT_OBJECT_0]
assignment inside the existin conditional.

Reported-by: TeLeMan <geleman@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: TeLeMan <geleman@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
7 years agoqdev-monitor: fix segmentation fault on qdev_device_help()
Gonglei [Tue, 16 Sep 2014 02:19:33 +0000 (10:19 +0800)] 
qdev-monitor: fix segmentation fault on qdev_device_help()

Normally, qmp_device_list_properties() may return NULL when
a device haven't special properties excpet Object and DeviceState
properties, such as virtio-balloon-device.

We just need check local_err instead of prop_list.

Example:

Segmentation fault (core dumped)

The backtrace as below:

Program received signal SIGSEGV, Segmentation fault.
0x00005555559af1a8 in error_get_pretty (err=0x0) at util/error.c:152
152         return err->msg;
(gdb) bt
    func=0x55555574a6ca <device_help_func>, opaque=0x0, abort_on_failure=0) at util/qemu-option.c:1072

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
7 years agoblock: Rename qemu_aio_release -> qemu_aio_unref
Fam Zheng [Thu, 11 Sep 2014 05:41:28 +0000 (13:41 +0800)] 
block: Rename qemu_aio_release -> qemu_aio_unref

Suggested-by: Benoît Canet <benoit.canet@irqsave.net>
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>