qemu.git
9 years agoconfigure: build position independent executables on x86-Linux hosts
Avi Kivity [Tue, 15 Nov 2011 18:12:17 +0000 (20:12 +0200)] 
configure: build position independent executables on x86-Linux hosts

Change the default on x86 Linux hosts to building PIE (position
independent executables); instead of restricting the option to
user-only targets, apply it to all targets.

In addition, set the relocation sections to read-only (relro) when
available; this reduces the attack surface by disallowing changes to
relocation tables at runtime.

While PIE reduces performance and relro increases load time, it
greatly improves security, with the potential to reduce a code
execution vulnerability to a self denial of service.

Non-x86 are not changed, as they require TCG changes; neither are
non-Linux, due to lack of test coverage.

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
9 years agoivshmem: fix PCI BAR2 registration during initialization
Hongyong Zang [Mon, 21 Nov 2011 10:56:18 +0000 (18:56 +0800)] 
ivshmem: fix PCI BAR2 registration during initialization

Ivshmem cannot work, and the command lspci cannot show ivshmem BAR2 in the guest.
As for pci_register_bar(), parameter MemoryRegion should be s->bar instead of s->ivshmem.

Reviewed-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Hongyong Zang <zanghongyong@huawei.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
9 years agomsix: avoid mask updates if mask is unchanged
Michael S. Tsirkin [Mon, 21 Nov 2011 16:57:50 +0000 (18:57 +0200)] 
msix: avoid mask updates if mask is unchanged

Check pending bit only if vector mask status changed.
This is not really important for qemu.git but helps
fix a bug in qemu-kvm.git.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
9 years agomsix: Prevent bogus mask updates on MMIO accesses
Michael S. Tsirkin [Mon, 21 Nov 2011 16:57:31 +0000 (18:57 +0200)] 
msix: Prevent bogus mask updates on MMIO accesses

>From: Jan Kiszka <jan.kiszka@siemens.com>

Only accesses to the MSI-X table must trigger a call to
msix_handle_mask_update, otherwise the vector
value might be out of range.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
9 years agomsix: track function masked in pci device state
Michael S. Tsirkin [Mon, 21 Nov 2011 16:57:21 +0000 (18:57 +0200)] 
msix: track function masked in pci device state

Only go over the table when function is masked.
This is not really important for qemu.git but helps
fix a bug in qemu-kvm.git.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
9 years agoInclude zlib.h using #include <>
Stefan Weil [Sun, 20 Nov 2011 11:34:30 +0000 (12:34 +0100)] 
Include zlib.h using #include <>

zlib.h is not a local include file, therefore it should be included
using <> instead of "".

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
9 years ago9p: pass dotl flags to the unlinkat method
Paolo Bonzini [Fri, 18 Nov 2011 16:35:38 +0000 (17:35 +0100)] 
9p: pass dotl flags to the unlinkat method

AT_REMOVEDIR is not defined on all systems.  Pass the raw flags from the
9p protocol, which are always there.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
9 years ago9p: allow compiling the dummy virtio-9p-handle.c code on Linux
Paolo Bonzini [Fri, 18 Nov 2011 16:35:37 +0000 (17:35 +0100)] 
9p: allow compiling the dummy virtio-9p-handle.c code on Linux

Avoid a conflict on the definition of struct file_handle by
using a replacement name.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
9 years agoqed: add migration blocker (v2)
Anthony Liguori [Mon, 14 Nov 2011 21:09:47 +0000 (15:09 -0600)] 
qed: add migration blocker (v2)

Now when you try to migrate with qed, you get:

(qemu) migrate tcp:localhost:1025
Block format 'qed' used by device 'ide0-hd0' does not support feature 'live migration'
(qemu)

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
9 years agoqcow2: implement bdrv_invalidate_cache (v2)
Anthony Liguori [Mon, 14 Nov 2011 21:09:46 +0000 (15:09 -0600)] 
qcow2: implement bdrv_invalidate_cache (v2)

We don't reopen the actual file, but instead invoke the close and open routines.
We specifically ignore the backing file since it's contents are read-only and
therefore immutable.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
9 years agoblock: allow migration to work with image files (v3)
Anthony Liguori [Mon, 14 Nov 2011 21:09:45 +0000 (15:09 -0600)] 
block: allow migration to work with image files (v3)

Image files have two types of data: immutable data that describes things like
image size, backing files, etc. and mutable data that includes offset and
reference count tables.

Today, image formats aggressively cache mutable data to improve performance.  In
some cases, this happens before a guest even starts.  When dealing with live
migration, since a file is open on two machines, the caching of meta data can
lead to data corruption.

This patch addresses this by introducing a mechanism to invalidate any cached
mutable data a block driver may have which is then used by the live migration
code.

NB, this still requires coherent shared storage.  Addressing migration without
coherent shared storage (i.e. NFS) requires additional work.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
9 years agoivshmem: use migration blockers to prevent live migration in peer mode (v2)
Anthony Liguori [Mon, 14 Nov 2011 21:09:44 +0000 (15:09 -0600)] 
ivshmem: use migration blockers to prevent live migration in peer mode (v2)

Now when you try to migrate with ivshmem, you get a proper QMP error:

(qemu) migrate tcp:localhost:1025
Migration is disabled when using feature 'peer mode' in device 'ivshmem'
(qemu)

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
9 years agomigrate: add migration blockers
Anthony Liguori [Mon, 14 Nov 2011 21:09:43 +0000 (15:09 -0600)] 
migrate: add migration blockers

This lets different subsystems register an Error that is thrown whenever
migration is attempted.  This works nicely because it gracefully supports
things like hotplug.

Right now, if multiple errors are registered, only one of them is reported.
I expect that for 1.1, we'll extend query-migrate to return all of the reasons
why migration is disabled at any given point in time.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
9 years agoMerge remote-tracking branch 'kraxel/usb.31' into staging
Anthony Liguori [Mon, 21 Nov 2011 20:44:04 +0000 (14:44 -0600)] 
Merge remote-tracking branch 'kraxel/usb.31' into staging

9 years agoMerge remote-tracking branch 'origin/master' into staging
Anthony Liguori [Mon, 21 Nov 2011 20:36:55 +0000 (14:36 -0600)] 
Merge remote-tracking branch 'origin/master' into staging

9 years agousb-linux: fix /proc/bus/usb/devices scan
Gerd Hoffmann [Fri, 11 Nov 2011 16:14:15 +0000 (17:14 +0100)] 
usb-linux: fix /proc/bus/usb/devices scan

Commit 0c402e5abb8c2755390eee864b43a98280fc2453 is incomplete
and misses one of the two function pointer calls in
usb_host_scan_dev().  Add the additional port handling logic
to the other call too.

Spotted by Coverity.

Cc: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
9 years agoehci: add assert
Gerd Hoffmann [Wed, 9 Nov 2011 11:20:20 +0000 (12:20 +0100)] 
ehci: add assert

Coverity thinks q could be NULL there and warns.
I believe it can't be NULL there.
Add assert to prove it.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
9 years agousb-storage: don't try to send the status early.
Gerd Hoffmann [Mon, 21 Nov 2011 13:01:26 +0000 (14:01 +0100)] 
usb-storage: don't try to send the status early.

Until recently all scsi commands sent to scsi-disk did either transfer
data or finished instantly.  The correct implementation of
SYNCRONIZE_CACHE changed the picture though, and usb-storage needs
a fix to handle that case correctly.

9 years agousb-storage: drop result from device state.
Gerd Hoffmann [Mon, 21 Nov 2011 10:41:30 +0000 (11:41 +0100)] 
usb-storage: drop result from device state.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
9 years agousb-storage: drop tag from device state.
Gerd Hoffmann [Mon, 21 Nov 2011 10:36:17 +0000 (11:36 +0100)] 
usb-storage: drop tag from device state.

scsi keeps track of the tag in SCSIRequest,
no need to store a separate copy.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
9 years agousb-storage: fill status in complete callback.
Gerd Hoffmann [Mon, 21 Nov 2011 10:29:27 +0000 (11:29 +0100)] 
usb-storage: fill status in complete callback.

Put status word into device state, fill it in command_complete, have
usb_msd_send_status just send it out.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
9 years agousb-storage: move status debug message to usb_msd_send_status.
Gerd Hoffmann [Mon, 21 Nov 2011 10:17:59 +0000 (11:17 +0100)] 
usb-storage: move status debug message to usb_msd_send_status.

usb_msd_send_status can be called from different code paths, move the
debug message into the function to make sure it is printed
unconditionally.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
9 years agox86: fix pcmpestrm and pcmpistrm
Blue Swirl [Sun, 13 Nov 2011 11:11:52 +0000 (11:11 +0000)] 
x86: fix pcmpestrm and pcmpistrm

Fix obvious typos (decrement and off-by-one error) in pcmpestrm and pcmpistrm
which resulted in infinite loop. Reported by Frank Mehnert,
spotted also by Coverity (bug 84752853).

Reported-by: Frank Mehnert <frank.mehnert@oracle.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
9 years agoloader: Fix read_targphys() to behave when read() fails
Markus Armbruster [Wed, 16 Nov 2011 18:41:56 +0000 (19:41 +0100)] 
loader: Fix read_targphys() to behave when read() fails

Happily passes (size_t)-1 to rom_add_blob_fixed(), which promptly dies
attempting to malloc that much.  Spotted by Coverity.

Bonus fix for ROMs larger than INT_MAX bytes: return ssize_t instead
of int.  Bug can't bite, because the only user load_aout() limits ROM
size to an int value.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
9 years agoImprove "ta 0" shutdown
Fabien Chouteau [Thu, 3 Nov 2011 15:10:04 +0000 (16:10 +0100)] 
Improve "ta 0" shutdown

This patch replace the previous implementation with this simplified and
more complete version (no shutdown when psret == 1).

Signed-off-by: Fabien Chouteau <chouteau@adacore.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
9 years agogdbstub: Fix memory leak
Stefan Weil [Tue, 18 Oct 2011 20:25:38 +0000 (22:25 +0200)] 
gdbstub: Fix memory leak

cppcheck report:
  gdbstub.c:1781: error: Memory leak: s

Rearranging of the code avoids the leak.

v2:
Replace the g_malloc0() by g_new0() (suggested by Stuart Brady).

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
9 years agotcg-sparc: Fix set-but-not used warnings.
Richard Henderson [Wed, 9 Nov 2011 18:03:35 +0000 (10:03 -0800)] 
tcg-sparc: Fix set-but-not used warnings.

In both cases, val is computed, but then not used in the
subsequent line, which then re-computes the quantity in
a different type (int32_t vs unsigned long).

Keep the computation type that's been working so far.

Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
9 years agoMerge branch 's390-1.0' of git://repo.or.cz/qemu/agraf
Blue Swirl [Sat, 19 Nov 2011 11:17:58 +0000 (11:17 +0000)] 
Merge branch 's390-1.0' of git://repo.or.cz/qemu/agraf

* 's390-1.0' of git://repo.or.cz/qemu/agraf:
  s390x: initialize virtio dev region
  tcg: Use TCGReg for standard tcg-target entry points.
  tcg: Standardize on TCGReg as the enum for hard registers
  s390x: Add shutdown for TCG s390-virtio machine
  s390: Fix cpu shutdown for KVM
  s390: fix short kernel command lines
  s390: fix reset hypercall to reset the status
  s390x: implement SIGP restart and shutdown
  s390x: implement rrbe instruction properly
  s390x: update R and C bits in storage key
  s390x: make ipte 31-bit aware
  s390x: add ldeb instruction

9 years agoMerge branch 'ppc-1.0' of git://repo.or.cz/qemu/agraf
Blue Swirl [Sat, 19 Nov 2011 11:17:11 +0000 (11:17 +0000)] 
Merge branch 'ppc-1.0' of git://repo.or.cz/qemu/agraf

* 'ppc-1.0' of git://repo.or.cz/qemu/agraf:
  pseries: Fix qdev.id handling in the VIO bus code
  pseries: Allow kernel's early debug output to work
  pseries: Default reg for vty should be SPAPR_VTY_BASE_ADDRESS
  pseries: Check we have a chardev in spapr_vty_init()
  pseries: Fix buggy spapr_vio_find_by_reg()
  pseries: Correct RAM size check for SLOF
  PPC: Fix for the gdb single step problem on an rfi instruction
  tcg-ppc64: Fix compile errors for userspace only builds with gcc 4.6
  pseries: Fix initialization of sPAPREnvironment structure

9 years agoMerge remote-tracking branch 'kwolf/block-stable' into staging
Anthony Liguori [Fri, 18 Nov 2011 19:30:08 +0000 (13:30 -0600)] 
Merge remote-tracking branch 'kwolf/block-stable' into staging

9 years agoMerge remote-tracking branch 'qmp/queue/qmp-1.0' into staging
Anthony Liguori [Fri, 18 Nov 2011 19:23:38 +0000 (13:23 -0600)] 
Merge remote-tracking branch 'qmp/queue/qmp-1.0' into staging

9 years agofmodaudio: Remove unused variable 'bits16' (reported by cppcheck)
Stefan Weil [Fri, 18 Nov 2011 17:16:20 +0000 (18:16 +0100)] 
fmodaudio: Remove unused variable 'bits16' (reported by cppcheck)

The variable is assigned a value which is never used,
so remove variable and assignment.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: malc <av1474@comtv.ru>
9 years agopseries: Fix qdev.id handling in the VIO bus code
Michael Ellerman [Tue, 15 Nov 2011 18:53:13 +0000 (18:53 +0000)] 
pseries: Fix qdev.id handling in the VIO bus code

When the user creates a device on the command line with -device, they
can specify the id, using id=foo. Currently the VIO bus code overwrites
this id with it's own value. We should only set qdev.id if it is not
already set by the user.

The device tree code uses qdev.id for the device tree node name, however
we can't rely on the user specifiying the id using proper device tree
syntax, ie. device@reg. So separate the device tree node name from the
qdev.id, but use the same syntax, so they will match by default.

Signed-off-by: Michael Ellerman <michael@ellerman.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
9 years agopseries: Allow kernel's early debug output to work
David Gibson [Sun, 13 Nov 2011 17:19:01 +0000 (17:19 +0000)] 
pseries: Allow kernel's early debug output to work

The PAPR specification defines a virtual TTY/console interface for guest
OSes to use via the H_PUT_TERM_CHAR and H_GET_TERM_CHAR hypercalls.  There
can be multiple virtual ttys, so these take a "termno" parameter.  This
encodes which vty to use as the 'reg' property on the device tree node
associated with that vty.

However, with the early debug options enabled, the Linux kernel will
attempt debugging output through the vty very early, before it has read
the device tree.  In this case it always uses a termno of 0.  This works
on the existing PowerVM hypervisor, so we assume there must be a hack /
feature in there which interprets termno==0 to mean the default primary
console.

To help with debugging kernels, including existing distribution kernels,
this patch implements a similar feature / hack in qemu.  If termno==0
is supplied to H_{GET,PUT}_TERM_CHAR, they use the first available vty
device instead.

We need to be careful in the case that the user has manually created
an spapr-vty at address 0. So first we search for the specified reg and
only if that doesn't match do we fall back.

Signed-off-by: Michael Ellerman <michael@ellerman.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
9 years agopseries: Default reg for vty should be SPAPR_VTY_BASE_ADDRESS
Michael Ellerman [Sun, 13 Nov 2011 17:19:00 +0000 (17:19 +0000)] 
pseries: Default reg for vty should be SPAPR_VTY_BASE_ADDRESS

In commit b4a78527359a4540d84d4cdf629d01cbb262f698 ("Place pseries vty
devices at addresses more similar to existing machines"), we changed the
default reg for the vty to 0x30000000, however we didn't update the default
value for a user specified vty device. Fix that.

Signed-off-by: Michael Ellerman <michael@ellerman.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
9 years agopseries: Check we have a chardev in spapr_vty_init()
Michael Ellerman [Sun, 13 Nov 2011 17:18:59 +0000 (17:18 +0000)] 
pseries: Check we have a chardev in spapr_vty_init()

If qemu is run like:

 qemu-system-ppc64 -nodefaults -device spapr-vty

We end up in spapr_vty_init() with dev->chardev == NULL. Currently
that leads to a segfault because we unconditionally call
qemu_chr_add_handlers().

Although we could make that call conditional, I think a spapr-vty
without a chardev is basically useless so fail the init. This is
similar to what the serial code does for example.

Signed-off-by: Michael Ellerman <michael@ellerman.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
9 years agopseries: Fix buggy spapr_vio_find_by_reg()
David Gibson [Sun, 13 Nov 2011 17:18:58 +0000 (17:18 +0000)] 
pseries: Fix buggy spapr_vio_find_by_reg()

The spapr_vio_find_by_reg() function in hw/spapr_vio.c is supposed to find
the device structure for a PAPR virtual IO device with the given reg value,
and return NULL if none exists.

It does the first ok, but if no device with that reg exists, it just
returns the last device traversed in the list.  This patch fixes it.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
9 years agopseries: Correct RAM size check for SLOF
David Gibson [Sun, 13 Nov 2011 17:18:57 +0000 (17:18 +0000)] 
pseries: Correct RAM size check for SLOF

The SLOF firmware used on the pseries machine needs a reasonable amount of
(guest) RAM in order to run, so we have a check in the machine init
function to check that this is available.  However, SLOF runs in real mode
(MMU off) which means it can only actually access the RMA (Real Mode Area),
not all of RAM.  In many cases the RMA is the same as all RAM, but when
running with Book3S HV KVM on PowerPC 970, the RMA must be especially
allocated to be (host) physically contiguous.  In this case, the RMA size
is determined by what the host admin allocated at boot time, and will
usually be less than the whole guest RAM size.

This patch corrects the test to see if SLOF has enough memory for this
case.

In addition, more recent versions of SLOF that were committed earlier don't
need quite as much memory as earlier versions.  Therefore, this patch also
reduces the amount of RAM we require to run SLOF.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
9 years agoscsi-block: always use SG_IO for MMC devices
Paolo Bonzini [Mon, 14 Nov 2011 13:31:52 +0000 (14:31 +0100)] 
scsi-block: always use SG_IO for MMC devices

CD burning messes up the state of the host page cache and host block
device.  Just pass all operations down to the device, even though that
might have slightly worse performance.  Everything else just is not
reliable in combination with burning.

Reported-by: Thomas Schmitt <scdbackup@gmx.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
9 years agoscsi: pass down REQUEST SENSE to the device when there is no stored sense
Paolo Bonzini [Mon, 14 Nov 2011 13:31:51 +0000 (14:31 +0100)] 
scsi: pass down REQUEST SENSE to the device when there is no stored sense

This will let scsi-block/scsi-generic report progress on long
operations.

Reported-by: Thomas Schmitt <scdbackup@gmxbackup.net>
Tested-by: Thomas Schmitt <scdbackup@gmxbackup.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
9 years agoscsi: remove block descriptors from CDs
Paolo Bonzini [Mon, 14 Nov 2011 13:31:50 +0000 (14:31 +0100)] 
scsi: remove block descriptors from CDs

Reported-by: Thomas Schmitt <scdbackup@gmx.net>
Tested-by: Thomas Schmitt <scdbackup@gmx.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
9 years agoscsi: fix parsing of allocation length field
Paolo Bonzini [Mon, 14 Nov 2011 13:31:49 +0000 (14:31 +0100)] 
scsi: fix parsing of allocation length field

- several MMC commands were parsed wrong by QEMU because their allocation
length/parameter list length is placed in a non-standard position in
the CDB (i.e. it is different from most commands with the same value in
bits 5-7).

- SEND VOLUME TAG length was multiplied by 40 which is not in SMC.  The
parameter list length is between 32 and 40 bytes.  Same for MEDIUM SCAN
(spec found at http://ldkelley.com/SCSI2/SCSI2-16.html but not in any of
the PDFs I have here).

- READ_POSITION (SSC) conflicts with PRE_FETCH (SBC).  READ_POSITION's
transfer length is not hardcoded to 20 in SSC; for PRE_FETCH cmd->xfer
should be 0.  Both fixed.

- FORMAT MEDIUM (the SSC name for FORMAT UNIT) was missing.  The FORMAT
UNIT command is still somewhat broken for block devices because its
parameter list length is not in the CDB.  However it works for CD/DVD
drives, which mandate the length of the payload.

- fixed wrong sign-extensions for 32-bit fields (for the LBA field,
this affects disks >1 TB).

- several other SBC or SSC commands were missing or parsed wrong.

- some commands were not in the list of "write" commands.

Reported-by: Thomas Schmitt <scdbackup@gmx.net>
Tested-by: Thomas Schmitt <scdbackup@gmx.net> (MMC bits only)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
9 years agoscsi: update list of commands
Paolo Bonzini [Mon, 14 Nov 2011 13:31:48 +0000 (14:31 +0100)] 
scsi: update list of commands

Add more commands and their names, and remove SEEK(6) which is obsolete.
Instead, use SET_CAPACITY which is still in SSC.

Tested-by: Thomas Schmitt <scdbackup@gmx.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
9 years agoatapi: kill MODE SENSE(6), fix MODE SENSE(10)
Paolo Bonzini [Mon, 14 Nov 2011 13:31:47 +0000 (14:31 +0100)] 
atapi: kill MODE SENSE(6), fix MODE SENSE(10)

Mode page 2A of emulated ATAPI DVD-ROM should have page length 0x14
like SCSI CD-ROM, rather than 0x12.

Mode page length is off by 8, as it should contain the length of the
payload after the first two bytes.

MODE SENSE(6) should be thrown out of ATAPI DVD-ROM emulation.  It is
not specified in the ATAPI list of MMC-2, and MMC-5 prescribes to use
MODE SENSE(10).  Anyway, its implementation is wrong.

Reported-by: Thomas Schmitt <scdbackup@gmx.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
9 years agoscsi-disk: guess geometry
Paolo Bonzini [Tue, 15 Nov 2011 15:57:50 +0000 (16:57 +0100)] 
scsi-disk: guess geometry

Old operating systems rely on correct geometry to convert from CHS
addresses to LBA.  Providing correct data is necessary for them to boot.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
9 years agoscsi: fix fw path
Paolo Bonzini [Tue, 15 Nov 2011 16:36:38 +0000 (17:36 +0100)] 
scsi: fix fw path

The pre-1.0 firmware path for SCSI devices already included the LUN
using the suffix argument to add_boot_device_path.  I missed that when
making channel and LUN customizable.  Avoid that it is included twice, and
convert the colons to commas for consistency with other kinds of devices

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
9 years agoDocumentation: Add section about iSCSI LUNS to qemu-doc
Ronnie Sahlberg [Sat, 12 Nov 2011 00:06:30 +0000 (11:06 +1100)] 
Documentation: Add section about iSCSI LUNS to qemu-doc

Add a new section about using iSCSI LUNs with qemu
and provide a short example on how to set up a target and access it
using the built-in initiator

Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
9 years agoMakefile: fix qga dependencies
Michael S. Tsirkin [Wed, 16 Nov 2011 21:58:31 +0000 (23:58 +0200)] 
Makefile: fix qga dependencies

.c files include .h files, so .o depends on .h,
and the linked result depends on .o.
We got it wrong for qga rules, fix it up.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
9 years agoMakefile: dependency fix
Michael S. Tsirkin [Wed, 16 Nov 2011 21:58:24 +0000 (23:58 +0200)] 
Makefile: dependency fix

qga/guest-agent-commands.c includes qga-qmp-commands.h,
but it was missing in its dependencies. Add it in QGALIB_GEN.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
9 years agoMakefile: fix dependencies for generated .h, .c
Michael S. Tsirkin [Wed, 16 Nov 2011 21:58:18 +0000 (23:58 +0200)] 
Makefile: fix dependencies for generated .h, .c

We have a single rule generating .c and .h files,
so .h doesn't depend on .c: both depend on the
source schema.

Fix Makefile to reflect that - without this,
if .c is there and .h is missing, Makefile does
not know how to remake .h and assumes it's
a dummy target, triggering endless rebuilds.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
9 years agoMakefile: remove more generated files on clean
Michael S. Tsirkin [Wed, 16 Nov 2011 21:58:46 +0000 (23:58 +0200)] 
Makefile: remove more generated files on clean

make clean missed the source qmp files generated
by python. Fix that.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
9 years agoqapi: Check for negative enum values
Luiz Capitulino [Mon, 14 Nov 2011 13:25:09 +0000 (11:25 -0200)] 
qapi: Check for negative enum values

We don't currently check for negative enum values in qmp_output_type_enum(),
this will very likely generate a segfault when triggered.

However, it _seems_ that no code in tree can trigger this today.

Acked-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
9 years agomonitor: Fix file_completion() to check for stat() failure
Markus Armbruster [Wed, 16 Nov 2011 14:43:47 +0000 (15:43 +0100)] 
monitor: Fix file_completion() to check for stat() failure

stat() can fail for a file name just read with readdir().  Easiest way
to trigger is a dangling symbolic link --- look ma, no race!  When it
fails, file_completion() uses sb.st_mode uninitialized.  If the
directory bit happens to be set, it appends a "/" to the completed
name.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
9 years agoFixing some spelling in docs/libcacard.txt
Matthias Brugger [Tue, 15 Nov 2011 11:57:14 +0000 (11:57 +0000)] 
Fixing some spelling in docs/libcacard.txt

Reviewed-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Matthias Brugger <matthias.bgg@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
9 years agoFix typo: runnning -> running
Vagrant Cascadian [Mon, 14 Nov 2011 22:06:23 +0000 (14:06 -0800)] 
Fix typo: runnning -> running

One n too many for running, need we say more.

Signed-Off-By: Vagrant Cascadian <vagrant@freegeek.org>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
9 years agoFix some spelling bugs in documentation and comments
Stefan Weil [Sun, 13 Nov 2011 21:24:27 +0000 (22:24 +0100)] 
Fix some spelling bugs in documentation and comments

These errors were detected by codespell:

remaing -> remaining
soley -> solely
virutal -> virtual
seperate -> separate

libcacard.txt still needs some more patches.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
9 years agoFix spelling in documentation and comments (similiar -> similar)
Stefan Weil [Sun, 13 Nov 2011 21:24:26 +0000 (22:24 +0100)] 
Fix spelling in documentation and comments (similiar -> similar)

This bug was detected by codespell.
In mips_mipssim.c a grammatical error was fixed, too.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
9 years agoUpdate version to 1.0-rc2 v1.0-rc2
Anthony Liguori [Mon, 14 Nov 2011 17:02:38 +0000 (11:02 -0600)] 
Update version to 1.0-rc2

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
9 years agopc_piix: set qxl revision to 2 for pc-0.14
Alon Levy [Sun, 13 Nov 2011 13:27:51 +0000 (15:27 +0200)] 
pc_piix: set qxl revision to 2 for pc-0.14

The default is still 3, and I didn't change older machine types.

Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
9 years agohw/omap_gpio: Fix infinite recursion when doing 8/16 bit reads
Peter Maydell [Mon, 7 Nov 2011 13:25:45 +0000 (13:25 +0000)] 
hw/omap_gpio: Fix infinite recursion when doing 8/16 bit reads

Fix a long-standing bug which meant that any attempt to do an
8 or 16 bit read from the OMAP GPIO module would cause qemu to
crash due to an infinite recursion.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
9 years agoRevert bugfix e7852674d5 until tested or until after the release.
Andrzej Zaborowski [Mon, 14 Nov 2011 17:17:59 +0000 (18:17 +0100)] 
Revert bugfix e7852674d5 until tested or until after the release.

Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
9 years agos390x: initialize virtio dev region
Alexander Graf [Thu, 10 Nov 2011 00:59:23 +0000 (01:59 +0100)] 
s390x: initialize virtio dev region

When running the s390x virtio machine we can potentially use uninitialized
memory for the virtio device backing ram. That can lead to weird breakge.

So let's better initialize it to 0 properly.

Reported-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
---

v1 -> v2:

  - use target_phys_addr_t

9 years agotcg: Use TCGReg for standard tcg-target entry points.
Richard Henderson [Wed, 9 Nov 2011 08:03:34 +0000 (08:03 +0000)] 
tcg: Use TCGReg for standard tcg-target entry points.

Including tcg_out_ld, tcg_out_st, tcg_out_mov, tcg_out_movi.

Signed-off-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
9 years agotcg: Standardize on TCGReg as the enum for hard registers
Richard Henderson [Wed, 9 Nov 2011 08:03:33 +0000 (08:03 +0000)] 
tcg: Standardize on TCGReg as the enum for hard registers

Most targets did not name the enum; tci used TCGRegister.

Signed-off-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
9 years agos390x: Add shutdown for TCG s390-virtio machine
Alexander Graf [Fri, 7 Oct 2011 07:51:50 +0000 (09:51 +0200)] 
s390x: Add shutdown for TCG s390-virtio machine

Now that we have code in place to do refcounting of online CPUs, we
can drag the TCG code along and implement shutdown for that one too,
so it doesn't feel left out by its KVM counterpart.

Signed-off-by: Alexander Graf <agraf@suse.de>
9 years agos390: Fix cpu shutdown for KVM
Christian Borntraeger [Tue, 4 Oct 2011 05:20:59 +0000 (05:20 +0000)] 
s390: Fix cpu shutdown for KVM

On s390 a shutdown is the state of all CPUs being either stopped
or disabled (for interrupts) waiting. We have to track the overall
number of running CPUs to call the shutdown sequence accordingly.
This patch implements the counting and shutdown handling for the
kvm path in qemu.
Lets also wrap changes to env->halted and env->exception_index.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
9 years agos390: fix short kernel command lines
Christian Borntraeger [Fri, 23 Sep 2011 03:38:12 +0000 (03:38 +0000)] 
s390: fix short kernel command lines

The default kernel command line for s390 is
"root=/dev/ram0 ro"

When overriding this line, we have to ensure to also copy the \0 to
avoid false lines, for example, -append "root=/dev/vda" will result in
"root=/dev/vda0 ro" with the current code.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
9 years agos390: fix reset hypercall to reset the status
Christian Borntraeger [Wed, 14 Sep 2011 22:22:19 +0000 (22:22 +0000)] 
s390: fix reset hypercall to reset the status

This patch fixes the reset hypercall which is supposed to also
reset the device status in device memory.
This fixes the following bug:

[root@localhost driver]# echo virtio0 > unbind
[   35.056966] ------------[ cut here ]------------
[   35.057054] kernel BUG at drivers/virtio/virtio.c:157!
[   35.057113] illegal operation: 0001 [#1] SMP
[   35.057181] Modules linked in:
[   35.057243] CPU: 0 Not tainted 3.0.0-rc1-00180-g0792644-dirty #51
[   35.057323] Process bash (pid: 497, task: 000000003e58c538, ksp: 000000003ef43978)
[   35.057409] Krnl PSW : 0704100180000000 00000000003d46f8 (virtio_check_driver_offered_feature+0x0/0x38)
[   35.057528]            R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:0 CC:1 PM:0 EA:3
[   35.057616] Krnl GPRS: 0000000000000000 0000000040000000 0000000000000007 0000000000000000
[   35.057716]            00000000003b3be4 0000000000000001 000000003ef4d380 000000003f1cff00
[   35.057805]            000000003ef43f18 00000000005ca620 0000000000000008 0000000000838e88
[   35.057919]            000000000083c860 000000003f7c2e00 00000000003d46b0 000000003ef43d10
[   35.058027] Krnl Code: 00000000003d46e8f0b00004ebcf srp 4(12,%r0),3023(%r14),0
[   35.058115]            00000000003d46eef0a0000407f4 srp 4(11,%r0),2036,0
[   35.058207]            00000000003d46f4a7f40001 brc 15,3d46f6
[   35.058295]           >00000000003d46f8e31020900004 lg %r1,144(%r2)
[   35.058383]            00000000003d46febf2f1080 icm %r2,15,128(%r1)
[   35.058470]            00000000003d4702a784000d brc 8,3d471c
[   35.058557]            00000000003d4706e32010780004 lg %r2,120(%r1)
[   35.058645]            00000000003d470c59302000 c %r3,0(%r2)
[   35.058748] Call Trace:
[   35.058777] ([<00000000003d469e>] virtio_dev_remove+0x36/0x90)
[   35.058852]  [<00000000003f3a40>] __device_release_driver+0x7c/0xec
[   35.058936]  [<00000000003f3ae8>] device_release_driver+0x38/0x48
[   35.059023]  [<00000000003f2a98>] driver_unbind+0xa4/0xc4
[   35.059111]  [<00000000002acb70>] sysfs_write_file+0xe8/0x19c
[   35.059226]  [<000000000022e7a4>] vfs_write+0xb0/0x18c
[   35.059317]  [<000000000022eb18>] SyS_write+0x58/0xb4
[   35.059398]  [<000000000057e674>] sysc_noemu+0x16/0x1c
[   35.059475]  [<000003fffd44b6c0>] 0x3fffd44b6c0
[   35.059531] Last Breaking-Event-Address:
[   35.059576]  [<00000000003d46f4>] virtio_dev_remove+0x8c/0x90
[   35.059646]
[   35.059661] ---[ end trace 9b1959188f21ee11 ]---

Signed-off-by: Christian Borntraeger<borntraeger@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
9 years agos390x: implement SIGP restart and shutdown
Alexander Graf [Thu, 14 Jul 2011 09:52:08 +0000 (11:52 +0200)] 
s390x: implement SIGP restart and shutdown

An s390x OS does reboot and shutdown triggers through hypercalls that
we didn't implement on the TCG backend yet. That means that so far we
couldn't shut down virtual machines for example, having them hang on
shutdown when not using KVM.

With this patch, this restriction is gone. We can now shut down and
reboot s390x virtual machines even when using the TCG backend.

Signed-off-by: Alexander Graf <agraf@suse.de>
9 years agos390x: implement rrbe instruction properly
Alexander Graf [Thu, 14 Jul 2011 09:50:33 +0000 (11:50 +0200)] 
s390x: implement rrbe instruction properly

The rrbe instruction resets the reference bit in the given storage key.
So far, we merely made it a nop and also returned an invalid CC value,
so that the kernel never knew if a page actually got accessed.

This patch implements it properly, flushing the R bit and returning the
correct CC value.

Signed-off-by: Alexander Graf <agraf@suse.de>
9 years agos390x: update R and C bits in storage key
Alexander Graf [Thu, 14 Jul 2011 09:49:08 +0000 (11:49 +0200)] 
s390x: update R and C bits in storage key

When the s390x maps a page or writes happen to a page, the R and C
bits get updated. The easiest way to implement this in qemu is to
simply update them whenever we map a TLB translation and act according
to the permissions.

Signed-off-by: Alexander Graf <agraf@suse.de>
9 years agos390x: make ipte 31-bit aware
Alexander Graf [Thu, 14 Jul 2011 09:45:07 +0000 (11:45 +0200)] 
s390x: make ipte 31-bit aware

When running 31-bit code we can potentially map the same virtual
address twice - once as 0x0yyyyyyy and once as 0x8yyyyyyy, because
the upper bit gets ignored.

This also should be reflected in the tlb invalidation path, so we
really invalidate also the transparently created tlb entries.

Signed-off-by: Alexander Graf <agraf@suse.de>
9 years agos390x: add ldeb instruction
Alexander Graf [Thu, 14 Jul 2011 09:44:11 +0000 (11:44 +0200)] 
s390x: add ldeb instruction

While running perl, we encountered the ldeb instruction to be used,
so we implement it :).

Signed-off-by: Alexander Graf <agraf@suse.de>
9 years agohw/onenand: reject read-only drives
Juha Riihimäki [Thu, 20 Oct 2011 12:53:35 +0000 (14:53 +0200)] 
hw/onenand: reject read-only drives

Signed-off-by: Juha Riihimäki <juha.riihimaki@nokia.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
9 years agohw/nand: reject read-only drives
Juha Riihimäki [Thu, 20 Oct 2011 12:53:34 +0000 (14:53 +0200)] 
hw/nand: reject read-only drives

also gracefully fail on nand_device_init() for unsupported block
size instead of aborting.

Signed-off-by: Juha Riihimäki <juha.riihimaki@nokia.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
9 years agohw/arm_sysctl: Fix RESETCTL for realview-pb-a8 and -pbx-a9
Jean-Christophe DUBOIS [Mon, 14 Nov 2011 02:09:20 +0000 (03:09 +0100)] 
hw/arm_sysctl: Fix RESETCTL for realview-pb-a8 and -pbx-a9

Depending on the considered baseboard the bit used to
reset the platform is different.

Here is the list of considered Realview/Versatile platforms:

Realview/Versatile AB for ARM926EJ-S: BOARD_ID = 0x100 = BOARD_ID_PB9
http://infocenter.arm.com/help/topic/com.arm.doc.dui0225d/CACCIFGI.html

RealView Emulation Baseboard: BOARD_ID = 0x140 = BOARD_ID_EB
No reset register

RealView PB for Cortex-A8: BOARD_ID = 0x178 = BOARD_ID_PBA8
http://infocenter.arm.com/help/topic/com.arm.doc.dui0417d/BBACIGAD.html

RealView PB for Cortex-A9: BOARD_ID = 0x182 = BOARD_ID_PBX
http://infocenter.arm.com/help/topic/com.arm.doc.dui0440b/CACCHBFB.html

Motherboard Express =C2=B5ATX: BOARD_ID = 0x190 = BOARD_ID_VEXPRESS
No reset register

Signed-off-by: Jean-Christophe DUBOIS <jcd@tribudubois.net>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
9 years agohw/pxa2xx.c: Fix handling of RW bits in PMCR
Peter Maydell [Sun, 13 Nov 2011 14:18:39 +0000 (14:18 +0000)] 
hw/pxa2xx.c: Fix handling of RW bits in PMCR

Fix an error in commit afd4a6522 which meant that writing a zero
to the RW bits in the PMCR wouldn't actually clear them. (Error
spotted by Andrzej Zaborowski.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
9 years agohw/usb-net.c: Fix precedence bug when checking rndis_state
Peter Maydell [Wed, 9 Nov 2011 21:09:23 +0000 (21:09 +0000)] 
hw/usb-net.c: Fix precedence bug when checking rndis_state

"!X == 2" is always false (spotted by Coverity), so the checks
for whether rndis is in the correct state would never fire.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
9 years agomemory: fix 'info mtree' segfaults
Avi Kivity [Sun, 13 Nov 2011 10:00:55 +0000 (12:00 +0200)] 
memory: fix 'info mtree' segfaults

'info mtree' accesses invalid memory in two cases, both due to incorrect
(and unsafe) usage of QTAILQ_FOREACH_SAFE().

Reported-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Avi Kivity <avi@redhat.com>
9 years agoMerge remote-tracking branch 'kwolf/block-stable' into staging
Anthony Liguori [Fri, 11 Nov 2011 23:26:37 +0000 (17:26 -0600)] 
Merge remote-tracking branch 'kwolf/block-stable' into staging

9 years agovl.c: prohibit simultaneous use of -icount with kvm or xen
Max Filippov [Thu, 10 Nov 2011 11:38:42 +0000 (15:38 +0400)] 
vl.c: prohibit simultaneous use of -icount with kvm or xen

With -icount, The vm_clock is updated with help from TCG (it counts
instructions at 2^ICOUNT ns/instructions). With KVM, the instruction
count is not available so KVM cannot provide this help.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
9 years agohw/arm_timer.c: Fix bounds check for Integrator timer accesses
Peter Maydell [Fri, 11 Nov 2011 13:30:15 +0000 (13:30 +0000)] 
hw/arm_timer.c: Fix bounds check for Integrator timer accesses

There are only three counter/timers on the integrator board:
correct the bounds check to avoid an array overrun. (Spotted
by Coverity, see bug 887883).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
9 years agohw/pxa2xx.c: Fix handling of R/WC bits in PMCR
Peter Maydell [Wed, 9 Nov 2011 20:46:35 +0000 (20:46 +0000)] 
hw/pxa2xx.c: Fix handling of R/WC bits in PMCR

Fix a bug in handling the write-one-to-clear bits in the PMCR
which meant that we would always clear the bit even if the
value written was a zero. Spotted by Coverity (see bug 887883).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
9 years agohw/pl061: Remove pointless comparison of array to null
Peter Maydell [Wed, 9 Nov 2011 20:04:54 +0000 (20:04 +0000)] 
hw/pl061: Remove pointless comparison of array to null

Remove a pointless comparison of an array to null. (There is
no need to check whether s->out[i] is non-null as qemu_set_irq
will do that for us.) Spotted by Coverity (see bug 887883).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
9 years agohw/tc58128.c: Remove unnecessary check for g_malloc failure
Peter Maydell [Wed, 9 Nov 2011 19:34:28 +0000 (19:34 +0000)] 
hw/tc58128.c: Remove unnecessary check for g_malloc failure

Remove a check for g_malloc failing: this never happens.
Also use g_malloc rather than g_malloc0 as we immediately
memset the entire region and so zero-initialising it is pointless.
Spotted by Coverity (see bug 887883).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
9 years agolinux-user/elfload.c: Don't memset(NULL..) if malloc() failed
Peter Maydell [Wed, 9 Nov 2011 19:22:11 +0000 (19:22 +0000)] 
linux-user/elfload.c: Don't memset(NULL..) if malloc() failed

If a malloc() in copy_elf_strings() failed we would call memset()
before the "did malloc fail?" check. Fix this by moving to the
glib alloc/free routines for this memory so we can use g_try_malloc0
rather than having a separate memset(). Spotted by Coverity (see
bug 887883).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
9 years agohw/omap_intc.c: Avoid crash on access to nonexistent banked registers
Peter Maydell [Wed, 9 Nov 2011 18:45:38 +0000 (18:45 +0000)] 
hw/omap_intc.c: Avoid crash on access to nonexistent banked registers

Avoid a crash due to null pointer dereference if a guest attempts
to access banked registers for a nonexistent bank. Spotted by
Coverity (see bug 887883).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
9 years agoos-posix: Plug fd leak in qemu_create_pidfile()
Markus Armbruster [Fri, 11 Nov 2011 09:40:09 +0000 (10:40 +0100)] 
os-posix: Plug fd leak in qemu_create_pidfile()

Spotted by Coverity.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
9 years agoposix-aio-compat: Plug memory leak on paio_init() error path
Markus Armbruster [Fri, 11 Nov 2011 09:40:08 +0000 (10:40 +0100)] 
posix-aio-compat: Plug memory leak on paio_init() error path

Spotted by Coverity.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
9 years agoqemu-sockets: Plug fd leak on unix_connect_opts() error path
Markus Armbruster [Fri, 11 Nov 2011 09:40:07 +0000 (10:40 +0100)] 
qemu-sockets: Plug fd leak on unix_connect_opts() error path

Spotted by Coverity.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
9 years agoui: Plug memory leaks on parse_keyboard_layout() error path
Markus Armbruster [Fri, 11 Nov 2011 09:40:06 +0000 (10:40 +0100)] 
ui: Plug memory leaks on parse_keyboard_layout() error path

Spotted by Coverity.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
9 years agoqemu-char: Plug memory leak on qemu_chr_open_pty() error path
Markus Armbruster [Fri, 11 Nov 2011 09:40:05 +0000 (10:40 +0100)] 
qemu-char: Plug memory leak on qemu_chr_open_pty() error path

Spotted by Coverity.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
9 years agomigration: fix detached migration with fd
Juan Quintela [Wed, 9 Nov 2011 20:29:01 +0000 (21:29 +0100)] 
migration: fix detached migration with fd

Migration with fd uses s->mon to pass the fd.  But we only assign the
s->mon for !detached migration.  Fix it.  Once there add a comment
indicating that s->mon has two uses.

Bug reported by:  Wen Congyang <wency@cn.fujitsu.com>

Signed-off-by: Juan Quintela <quintela@redhat.com>
CC: Wen Congyang <wency@cn.fujitsu.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
9 years agoconfigure: Do not use 'sed -i'
Pavel Borzenkov [Thu, 10 Nov 2011 20:26:59 +0000 (00:26 +0400)] 
configure: Do not use 'sed -i'

'sed -i' is not defined in POSIX. It doesn't work on Mac OS X the way
it's used in configure (without suffix argument). This patch implements
Peter Maydell's idea of xattr.h detection.

Cc: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
9 years agoPPC: Fix for the gdb single step problem on an rfi instruction
Sebastian Bauer [Wed, 10 Aug 2011 01:41:48 +0000 (01:41 +0000)] 
PPC: Fix for the gdb single step problem on an rfi instruction

When using gdb to single step a ppc interrupt routine, the execution
flow passes the rfi instruction without actually returning from the
interrupt.

The patch fixes this by avoiding to update the nip when the debug
exception is raised and a previous POWERPC_EXCP_SYNC was set.

The latter is the case only, if code for rfi or a related instruction
was generated.

Signed-off-by: Sebastian Bauer <mail@sebastianbauer.info>
Signed-off-by: Alexander Graf <agraf@suse.de>
9 years agotcg-ppc64: Fix compile errors for userspace only builds with gcc 4.6
David Gibson [Sun, 30 Oct 2011 19:57:33 +0000 (19:57 +0000)] 
tcg-ppc64: Fix compile errors for userspace only builds with gcc 4.6

tcg/ppc64/tcg-target.c has a couple of places where variables are set
unconditionally, but otherwise used only for softmmu builds, not
userspace only builds.  This causes compiler warnings (which are fatal
by default) when compiling for a ppc64 host with gcc 4.6.  This patch
fixes the problem by moving the code which defines and sets the
variables into the CONFIG_SOFTMMU guarded regions.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
9 years agopseries: Fix initialization of sPAPREnvironment structure
David Gibson [Tue, 1 Nov 2011 16:49:05 +0000 (16:49 +0000)] 
pseries: Fix initialization of sPAPREnvironment structure

Since we added PCI support to the pseries machine, we include a qlist of
PCI host bridges in the sPAPREnvironment structure.  However this list
was never properly initialized it.  Somehow we got away with this until
some other recent change broke it, and we now segfault immediately on
startup.

This patch adds the required QLIST_INIT(), and while we're at it makes sure
we initialize the rest of the sPAPREnvironment structure to 0, to avoid
future nasty surprises.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
9 years agovl.c: Fail gracefully if no machine is found
Andreas Färber [Thu, 10 Nov 2011 15:35:32 +0000 (16:35 +0100)] 
vl.c: Fail gracefully if no machine is found

machine defaults to find_default_machine(),
then gets overridden via -M and machine_parse().

If no -M is specified and find_default_machine() returns NULL
(when no machine compiled in), exit with an error.

Avoids a segfault when setting machine->max_cpus.

Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
9 years agoblock: Make cache=unsafe flush to the OS
Kevin Wolf [Thu, 10 Nov 2011 17:13:59 +0000 (18:13 +0100)] 
block: Make cache=unsafe flush to the OS

cache=unsafe completely ignored bdrv_flush, because flushing the host disk
costs a lot of performance. However, this means that qcow2 images (and
potentially any other format) can lose data even after the guest has issued a
flush if the qemu process crashes/is killed. In case of a host crash, data loss
is certainly expected with cache=unsafe, but if just the qemu process dies this
is a bit too unsafe.

Now that we have two separate flush functions, we can choose to flush
everythign to the OS, but don't enforce that it's physically written to the
disk.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
9 years agoblock: Introduce bdrv_co_flush_to_os
Kevin Wolf [Thu, 10 Nov 2011 17:10:11 +0000 (18:10 +0100)] 
block: Introduce bdrv_co_flush_to_os

qcow2 has a writeback metadata cache, so flushing a qcow2 image actually
consists of writing back that cache to the protocol and only then flushes the
protocol in order to get everything stable on disk.

This introduces a separate bdrv_co_flush_to_os to reflect the split.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>