qemu.git
8 years agoqga: set umask 0077 when daemonizing (CVE-2013-2007)
Laszlo Ersek [Wed, 24 Apr 2013 11:13:18 +0000 (13:13 +0200)] 
qga: set umask 0077 when daemonizing (CVE-2013-2007)

The qemu guest agent creates a bunch of files with insecure permissions
when started in daemon mode. For example:

  -rw-rw-rw- 1 root root /var/log/qemu-ga.log
  -rw-rw-rw- 1 root root /var/run/qga.state
  -rw-rw-rw- 1 root root /var/log/qga-fsfreeze-hook.log

In addition, at least all files created with the "guest-file-open" QMP
command, and all files created with shell output redirection (or
otherwise) by utilities invoked by the fsfreeze hook script are affected.

For now mask all file mode bits for "group" and "others" in
become_daemon().

Temporarily, for compatibility reasons, stick with the 0666 file-mode in
case of files newly created by the "guest-file-open" QMP call. Do so
without changing the umask temporarily.

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
8 years agovirtio-net: properly check the vhost status during status set
Jason Wang [Fri, 26 Apr 2013 10:27:40 +0000 (18:27 +0800)] 
virtio-net: properly check the vhost status during status set

Commit 32993698 (vhost: disable on tap link down) tries to disable the vhost
also when the peer's link is down. But the check was not done properly, the
vhost were only started when:

1) peer's link is not down
2) virtio-net has already been started.

Since == have a higher precedence than &&, place a brace to make sure both the
conditions were met then does the check. This fixes the crash when doing a savem
after set the link off which let qemu crash and complains:

virtio_net_save: Assertion `!n->vhost_started' failed.

Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Message-id: 1366972060-21606-1-git-send-email-jasowang@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
8 years agoMerge remote-tracking branch 'afaerber/qom-cpu' into staging
Anthony Liguori [Tue, 7 May 2013 11:32:00 +0000 (06:32 -0500)] 
Merge remote-tracking branch 'afaerber/qom-cpu' into staging

# By Eduardo Habkost (6) and others
# Via Andreas Färber
* afaerber/qom-cpu:
  target-i386: n270 can MOVBE
  target-i386: Introduce generic CPUID feature compat function
  target-i386: Change CPUID model of 486 to 8
  target-i386: Emulate X86CPU subclasses for global properties
  qdev: Introduce qdev_prop_set_globals_for_type()
  qdev: Let qdev_prop_parse() pass through Error
  target-i386: Add "filtered-features" property to X86CPU
  target-i386: Introduce X86CPU::filtered_features field
  target-i386: Add "feature-words" property to X86CPU
  target-i386: Use FeatureWord loop on filter_features_for_kvm()
  target-i386: Add ECX information to FeatureWordInfo

8 years agoMerge remote-tracking branch 'qemu-kvm/uq/master' into staging
Anthony Liguori [Mon, 6 May 2013 20:45:08 +0000 (15:45 -0500)] 
Merge remote-tracking branch 'qemu-kvm/uq/master' into staging

# By Marcelo Tosatti
# Via Gleb Natapov
* qemu-kvm/uq/master:
  kvmvapic: add ioport read accessor

Message-id: cover.1367844188.git.gleb@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
8 years agotarget-i386: n270 can MOVBE
Borislav Petkov [Thu, 25 Apr 2013 18:43:04 +0000 (15:43 -0300)] 
target-i386: n270 can MOVBE

The Atom core (cpu name "n270" in QEMU speak) supports MOVBE. This is
needed when booting 3.8 and later linux kernels built with the MATOM
target because we require MOVBE in order to boot properly now.

Signed-off-by: Borislav Petkov <bp@suse.de>
[ehabkost: added compat code to disable MOVBE on pc-*-1.4 and older]
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
8 years agotarget-i386: Introduce generic CPUID feature compat function
Eduardo Habkost [Thu, 25 Apr 2013 18:43:00 +0000 (15:43 -0300)] 
target-i386: Introduce generic CPUID feature compat function

Introduce x86_cpu_compat_set_features(), that can be used to set/unset
feature bits on specific CPU models for machine-type compatibility.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
8 years agoMerge branch 's390-for-upstream' of git://github.com/agraf/qemu
Aurelien Jarno [Mon, 6 May 2013 17:56:27 +0000 (19:56 +0200)] 
Merge branch 's390-for-upstream' of git://github.com/agraf/qemu

* 's390-for-upstream' of git://github.com/agraf/qemu:
  s390: update s390-ccw.img
  S390: BIOS boot from given device
  S390: Add virtio-blk boot
  S390: Merging s390_ipl_cpu and s390_ipl_reset
  S390: BIOS create link to src folder for .img file
  S390: BIOS check for file

8 years agotarget-i386: Change CPUID model of 486 to 8
Andreas Färber [Wed, 1 May 2013 15:30:51 +0000 (17:30 +0200)] 
target-i386: Change CPUID model of 486 to 8

This changes the model number of 486 to 8 (DX4) which matches the
feature set presented, and actually has the CPUID instruction.

This adds a compatibility property, to keep model=0 on pc-*-1.4 and older.

Signed-off-by: H. Peter Anvin <hpa@zytor.com>
[AF: Add compat_props entry]
Tested-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
8 years agotarget-i386: Emulate X86CPU subclasses for global properties
Andreas Färber [Wed, 1 May 2013 15:05:47 +0000 (17:05 +0200)] 
target-i386: Emulate X86CPU subclasses for global properties

After initializing the object from its x86_def_t and before setting any
additional -cpu arguments, set any global properties for the designated
subclass <name>-{i386,x86_64}-cpu.

Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
8 years agoqdev: Introduce qdev_prop_set_globals_for_type()
Andreas Färber [Wed, 1 May 2013 14:03:19 +0000 (16:03 +0200)] 
qdev: Introduce qdev_prop_set_globals_for_type()

Reuse it in qdev_prop_set_globals().

Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
[AF: Renamed from qdev_prop_set_custom_globals()]
Signed-off-by: Andreas Färber <afaerber@suse.de>
8 years agoqdev: Let qdev_prop_parse() pass through Error
Andreas Färber [Wed, 1 May 2013 14:10:24 +0000 (16:10 +0200)] 
qdev: Let qdev_prop_parse() pass through Error

Move error reporting to callers.

Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
8 years agotarget-i386: Add "filtered-features" property to X86CPU
Eduardo Habkost [Mon, 6 May 2013 16:20:09 +0000 (13:20 -0300)] 
target-i386: Add "filtered-features" property to X86CPU

This property will contain all the features that were removed from the
CPU because they are not supported by the host.

This way, libvirt or other management tools can emulate the
check/enforce behavior by checking if filtered-properties is all zeroes,
before starting the guest.

Example output where some features were missing:

  $ qemu-system-x86_64 -enable-kvm -cpu Haswell,check -S \
    -qmp unix:/tmp/m,server,nowait
  warning: host doesn't support requested feature: CPUID.01H:ECX.fma [bit 12]
  warning: host doesn't support requested feature: CPUID.01H:ECX.movbe [bit 22]
  warning: host doesn't support requested feature: CPUID.01H:ECX.tsc-deadline [bit 24]
  warning: host doesn't support requested feature: CPUID.01H:ECX.xsave [bit 26]
  warning: host doesn't support requested feature: CPUID.01H:ECX.avx [bit 28]
  warning: host doesn't support requested feature: CPUID.07H:EBX.fsgsbase [bit 0]
  warning: host doesn't support requested feature: CPUID.07H:EBX.bmi1 [bit 3]
  warning: host doesn't support requested feature: CPUID.07H:EBX.hle [bit 4]
  warning: host doesn't support requested feature: CPUID.07H:EBX.avx2 [bit 5]
  warning: host doesn't support requested feature: CPUID.07H:EBX.smep [bit 7]
  warning: host doesn't support requested feature: CPUID.07H:EBX.bmi2 [bit 8]
  warning: host doesn't support requested feature: CPUID.07H:EBX.erms [bit 9]
  warning: host doesn't support requested feature: CPUID.07H:EBX.invpcid [bit 10]
  warning: host doesn't support requested feature: CPUID.07H:EBX.rtm [bit 11]
  [...]
  $ ./QMP/qmp --path=/tmp/m \
    qom-get --path=/machine/icc-bridge/icc/child[0] \
            --property=filtered-features
  item[0].cpuid-register: EDX
  item[0].cpuid-input-eax: 2147483658
  item[0].features: 0
  item[1].cpuid-register: EAX
  item[1].cpuid-input-eax: 1073741825
  item[1].features: 0
  item[2].cpuid-register: EDX
  item[2].cpuid-input-eax: 3221225473
  item[2].features: 0
  item[3].cpuid-register: ECX
  item[3].cpuid-input-eax: 2147483649
  item[3].features: 0
  item[4].cpuid-register: EDX
  item[4].cpuid-input-eax: 2147483649
  item[4].features: 0
  item[5].cpuid-register: EBX
  item[5].cpuid-input-eax: 7
  item[5].features: 4025
  item[5].cpuid-input-ecx: 0
  item[6].cpuid-register: ECX
  item[6].cpuid-input-eax: 1
  item[6].features: 356519936
  item[7].cpuid-register: EDX
  item[7].cpuid-input-eax: 1
  item[7].features: 0

Example output when no feature is missing:

  $ qemu-system-x86_64 -enable-kvm -cpu Nehalem,enforce -S \
    -qmp unix:/tmp/m,server,nowait
  [...]
  $ ./QMP/qmp --path=/tmp/m \
    qom-get --path=/machine/icc-bridge/icc/child[0] \
            --property=filtered-features
  item[0].cpuid-register: EDX
  item[0].cpuid-input-eax: 2147483658
  item[0].features: 0
  item[1].cpuid-register: EAX
  item[1].cpuid-input-eax: 1073741825
  item[1].features: 0
  item[2].cpuid-register: EDX
  item[2].cpuid-input-eax: 3221225473
  item[2].features: 0
  item[3].cpuid-register: ECX
  item[3].cpuid-input-eax: 2147483649
  item[3].features: 0
  item[4].cpuid-register: EDX
  item[4].cpuid-input-eax: 2147483649
  item[4].features: 0
  item[5].cpuid-register: EBX
  item[5].cpuid-input-eax: 7
  item[5].features: 0
  item[5].cpuid-input-ecx: 0
  item[6].cpuid-register: ECX
  item[6].cpuid-input-eax: 1
  item[6].features: 0
  item[7].cpuid-register: EDX
  item[7].cpuid-input-eax: 1
  item[7].features: 0

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
8 years agotarget-i386: Introduce X86CPU::filtered_features field
Eduardo Habkost [Mon, 6 May 2013 16:20:08 +0000 (13:20 -0300)] 
target-i386: Introduce X86CPU::filtered_features field

This field will contain the feature bits that were filtered out because
of missing host support.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
8 years agotarget-i386: Add "feature-words" property to X86CPU
Eduardo Habkost [Mon, 6 May 2013 16:20:07 +0000 (13:20 -0300)] 
target-i386: Add "feature-words" property to X86CPU

This property will be useful for libvirt, as libvirt already has logic
based on low-level feature bits (not feature names), so it will be
really easy to convert the current libvirt logic to something using the
"feature-words" property.

The property will have two main use cases:
 - Checking host capabilities, by checking the features of the "host"
   CPU model
 - Checking which features are enabled on each CPU model

Example output:

  $ ./QMP/qmp --path=/tmp/m \
    qom-get --path=/machine/icc-bridge/icc/child[0] \
            --property=feature-words
  item[0].cpuid-register: EDX
  item[0].cpuid-input-eax: 2147483658
  item[0].features: 0
  item[1].cpuid-register: EAX
  item[1].cpuid-input-eax: 1073741825
  item[1].features: 0
  item[2].cpuid-register: EDX
  item[2].cpuid-input-eax: 3221225473
  item[2].features: 0
  item[3].cpuid-register: ECX
  item[3].cpuid-input-eax: 2147483649
  item[3].features: 101
  item[4].cpuid-register: EDX
  item[4].cpuid-input-eax: 2147483649
  item[4].features: 563346425
  item[5].cpuid-register: EBX
  item[5].cpuid-input-eax: 7
  item[5].features: 0
  item[5].cpuid-input-ecx: 0
  item[6].cpuid-register: ECX
  item[6].cpuid-input-eax: 1
  item[6].features: 2155880449
  item[7].cpuid-register: EDX
  item[7].cpuid-input-eax: 1
  item[7].features: 126614521

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
8 years agotarget-i386: Use FeatureWord loop on filter_features_for_kvm()
Eduardo Habkost [Mon, 22 Apr 2013 19:00:18 +0000 (16:00 -0300)] 
target-i386: Use FeatureWord loop on filter_features_for_kvm()

Instead of open-coding the filtering code for each feature word, change
the existing code to use the feature_word_info array, that has exactly
the same CPUID eax/ecx/register values for each feature word.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
8 years agotarget-i386: Add ECX information to FeatureWordInfo
Eduardo Habkost [Mon, 22 Apr 2013 19:00:16 +0000 (16:00 -0300)] 
target-i386: Add ECX information to FeatureWordInfo

FEAT_7_0_EBX uses ECX as input, so we have to take that into account
when reporting feature word values.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
8 years agos390: update s390-ccw.img
Alexander Graf [Wed, 1 May 2013 02:50:05 +0000 (04:50 +0200)] 
s390: update s390-ccw.img

Now that we have boot device selection support, update the firmware
blob accordingly.

Signed-off-by: Alexander Graf <agraf@suse.de>
8 years agoS390: BIOS boot from given device
Dominik Dingel [Tue, 30 Apr 2013 07:15:58 +0000 (07:15 +0000)] 
S390: BIOS boot from given device

Use the passed device, if there is no device, use the first applicable device.

Signed-off-by: Dominik Dingel <dingel@linux.vnet.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
8 years agoS390: Add virtio-blk boot
Dominik Dingel [Tue, 30 Apr 2013 07:15:57 +0000 (07:15 +0000)] 
S390: Add virtio-blk boot

If no kernel IPL entry is specified, boot the bios and pass if available
device information for the first boot device (as given by the boot index).

The provided information will be used in the next commit from the BIOS.

Signed-off-by: Dominik Dingel <dingel@linux.vnet.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
8 years agoS390: Merging s390_ipl_cpu and s390_ipl_reset
Dominik Dingel [Tue, 30 Apr 2013 07:15:56 +0000 (07:15 +0000)] 
S390: Merging s390_ipl_cpu and s390_ipl_reset

There is no use in have this splitted in two functions.

Signed-off-by: Dominik Dingel <dingel@linux.vnet.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
8 years agoS390: BIOS create link to src folder for .img file
Dominik Dingel [Mon, 29 Apr 2013 04:52:06 +0000 (04:52 +0000)] 
S390: BIOS create link to src folder for .img file

For *.img files, there will be a link created directly to the src folder,
like for all other blobs.

Signed-off-by: Dominik Dingel <dingel@linux.vnet.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
8 years agoS390: BIOS check for file
Dominik Dingel [Mon, 29 Apr 2013 04:52:05 +0000 (04:52 +0000)] 
S390: BIOS check for file

Add a check if the BIOS blob exists before trying to load.

Signed-off-by: Dominik Dingel <dingel@linux.vnet.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
8 years agospapr_llan: fix device reenabling
Alexey Kardashevskiy [Thu, 2 May 2013 20:22:03 +0000 (20:22 +0000)] 
spapr_llan: fix device reenabling

Normally, the "tap" device is polled by QEMU if a guest NIC can
receive packets. If a guest NIC is stopped during transfer (rmmod or
ifdown), it may still have packets in a queue which have to be send
to the guest before QEMU enables polling of a "tap" interface via
tap_update_fd_handler().

However the spapr_llan device was missing the qemu_flush_queued_packets()
call so the tap_send_completed() callback was never called and therefore
"tap" interface polling was not enabled ever.

The patch fixes this problem.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
8 years agoPPC: e500: correct params->ram_size with ram_size
Tiejun Chen [Wed, 1 May 2013 15:22:59 +0000 (15:22 +0000)] 
PPC: e500: correct params->ram_size with ram_size

We should sync params->ram_size after we fixup memory size on
a alignment boundary. Otherwise Guest would exceed the actual
memory region.

Signed-off-by: Tiejun Chen <tiejun.chen@windriver.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
8 years agotarget-ppc: Add read and write of PPR SPR
Anton Blanchard [Wed, 1 May 2013 00:44:51 +0000 (00:44 +0000)] 
target-ppc: Add read and write of PPR SPR

Recent Linux kernels save and restore the PPR across exceptions
so we need to handle it.

Signed-off-by: Anton Blanchard <anton@au1.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
8 years agotarget-ppc: Fix invalid SPR read/write warnings
Anton Blanchard [Wed, 1 May 2013 00:43:59 +0000 (00:43 +0000)] 
target-ppc: Fix invalid SPR read/write warnings

Invalid and privileged SPR warnings currently print the wrong
address. While fixing that, also make it clear that we are
printing both the decimal and hexadecimal SPR number.

Before:

  Trying to read invalid spr 896 380 at 0000000000000714

After:

  Trying to read invalid spr 896 (0x380) at 0000000000000710

Signed-off-by: Anton Blanchard <anton@au1.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
8 years agoPPC: Add MMU type for 2.06 with AMR but no TB pages
Alexander Graf [Wed, 1 May 2013 22:27:51 +0000 (00:27 +0200)] 
PPC: Add MMU type for 2.06 with AMR but no TB pages

When running -cpu on a POWER7 system with PR KVM, we mask out the 1TB
MMU capability from the MMU type mask, but not the AMR bit.

This leads to us having a new MMU type that we don't check for in our
MMU management functions.

Add the new type, so that we don't have to worry about breakage there.
We're not going to use the TCG MMU management in that case anyway.

The long term fix for this will be to move all these MMU management
functions to class callbacks.

Signed-off-by: Alexander Graf <agraf@suse.de>
8 years agopseries: Update SLOF firmware image
Alexey Kardashevskiy [Tue, 30 Apr 2013 03:42:23 +0000 (03:42 +0000)] 
pseries: Update SLOF firmware image

Minor SLOF fixes which are required for libvirtd to function properly:
* vio-vscsi: vscsi-report-luns can return 0
* vio-vscsi: added a proper lun parser
* SLOF: vio-vscsi: fixed bug with reported luns

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
8 years agoPPC: e500: initialize GPRs as per epapr
Bharat Bhushan [Mon, 29 Apr 2013 04:40:56 +0000 (04:40 +0000)] 
PPC: e500: initialize GPRs as per epapr

ePAPR defines the initial values of cpu registers.
This patch initialize the GPRs as per ePAPR specification.

This resolves the issue of guest reboot/reset (guest hang on reboot).

Signed-off-by: Bharat Bhushan <bharat.bhushan@freescale.com>
[agraf: add whitespace line]
Signed-off-by: Alexander Graf <agraf@suse.de>
8 years agopseries: Fix debug message for out-of-bounds address in H_PUT_TCE
David Gibson [Mon, 29 Apr 2013 18:33:52 +0000 (18:33 +0000)] 
pseries: Fix debug message for out-of-bounds address in H_PUT_TCE

Due to a brain outage, this message says "out-of-boards" instead of
"out-of-bounds".

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
8 years agopseries: Factor out check for out-of-bounds LIOBN
David Gibson [Mon, 29 Apr 2013 18:33:51 +0000 (18:33 +0000)] 
pseries: Factor out check for out-of-bounds LIOBN

PAPR defines LIOBNs (Logical IO Bus Numbers) to be 32-bit, and we check for
values that aren't in the code for H_PUT_TCE.  This patch factors the check
into spapr_tce_find_by_liobn(), which already checks if a 32-bit LIOBN
actually exists.  This will become more important as future patches add
other hypercalls which need to look up a LIOBN.

At the same time we fix the typo in the message.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
8 years agokvmvapic: add ioport read accessor
Marcelo Tosatti [Sun, 5 May 2013 20:51:49 +0000 (17:51 -0300)] 
kvmvapic: add ioport read accessor

Necessary since memory region accessor assumes read and write
methods are registered. Otherwise reading I/O port 0x7e segfaults.

https://bugzilla.redhat.com/show_bug.cgi?id=954306

Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Reviewed-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
8 years agoconfigure: Check that "libtool" is not the MacOSX one
Peter Maydell [Sat, 4 May 2013 20:57:51 +0000 (21:57 +0100)] 
configure: Check that "libtool" is not the MacOSX one

The "libtool" binary on MacOSX is not GNU libtool, and doesn't support
anything like the same set of command line options. Test whether we
have accidentally picked this up (by looking for whether it handles
the GNU --version switch), and discard it if so. The fallback machinery
for the "we don't have a libtool" case will work fine. This fixes a
failure in "make install" on MacOSX.

Reported-by: Peter Cheung <mcheung63@hotmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1367701071-6630-1-git-send-email-peter.maydell@linaro.org
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
8 years agoMerge remote-tracking branch 'afaerber-or/prep-up' into staging
Anthony Liguori [Mon, 6 May 2013 11:49:51 +0000 (06:49 -0500)] 
Merge remote-tracking branch 'afaerber-or/prep-up' into staging

# By Andreas Färber (1) and others
# Via Andreas Färber
* afaerber-or/prep-up:
  prep: Make System I/O port 0092 read/write
  prep: Add ELF support for -bios
  prep: Fix NIP reset value

8 years agoMerge remote-tracking branch 'pmaydell/arm-devs.next' into staging
Anthony Liguori [Mon, 6 May 2013 11:47:28 +0000 (06:47 -0500)] 
Merge remote-tracking branch 'pmaydell/arm-devs.next' into staging

# By Jean-Christophe DUBOIS
# Via Peter Maydell
* pmaydell/arm-devs.next:
  i.MX: implement a more correct version of EPIT timer.

Message-id: 1367603215-5120-1-git-send-email-peter.maydell@linaro.org
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
8 years agoprep: Make System I/O port 0092 read/write
Julio Guerra [Sun, 5 May 2013 21:29:48 +0000 (23:29 +0200)] 
prep: Make System I/O port 0092 read/write

Port 0x0092 is documented as read/write, so for now return the
endianness state instead of hardcoded 0x00.

Signed-off-by: Julio Guerra <guerr@julio.in>
[AF: Extracted from larger port 0092 patch]
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
8 years agoprep: Add ELF support for -bios
Andreas Färber [Sat, 27 Apr 2013 19:23:23 +0000 (21:23 +0200)] 
prep: Add ELF support for -bios

This prepares for switching from OpenHack'Ware to OpenBIOS.

While touching the error handling code, switch from aborting hw_error()
to fprintf()+exit() and suppress failing without -bios for qtest.

Acked-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
8 years agoprep: Fix NIP reset value
Fabien Chouteau [Tue, 30 Apr 2013 15:07:04 +0000 (17:07 +0200)] 
prep: Fix NIP reset value

The value was changed by commit 09d9828ace37ead29d510a7e24e63c2f15cd4b1c
"PPC: fix hreset_vector for 60x, ...".

Change it back for prep machine to unbreak OpenHack'Ware.

Signed-off-by: Fabien Chouteau <chouteau@adacore.com>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
8 years agoUpdate OpenBIOS images
Blue Swirl [Sun, 5 May 2013 09:53:22 +0000 (09:53 +0000)] 
Update OpenBIOS images

Update OpenBIOS images to OpenBIOS 1.1 release (SVN r1136) built from
submodule.

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
8 years agoMerge branch 'target-arm.next' of git://git.linaro.org/people/pmaydell/qemu-arm
Blue Swirl [Sun, 5 May 2013 09:05:34 +0000 (09:05 +0000)] 
Merge branch 'target-arm.next' of git://git.linaro.org/people/pmaydell/qemu-arm

* 'target-arm.next' of git://git.linaro.org/people/pmaydell/qemu-arm:
  target-arm: Fix incorrect check of kvm_vcpu_ioctl return value

8 years agotarget-arm: Fix incorrect check of kvm_vcpu_ioctl return value
Peter Maydell [Fri, 3 May 2013 17:47:22 +0000 (18:47 +0100)] 
target-arm: Fix incorrect check of kvm_vcpu_ioctl return value

kvm_vcpu_ioctl() returns -ETHING on error, not ETHING -- correct
an incorrect check in kvm_arch_init_vcpu(). This would not have
had any significant ill-effects -- we would just have propagated
the less useful ENOENT up to the caller rather than the more
accurate EINVAL in the unlikely case that the kernel didn't
have VFP-D32 support.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoi.MX: implement a more correct version of EPIT timer.
Jean-Christophe DUBOIS [Fri, 3 May 2013 17:21:02 +0000 (18:21 +0100)] 
i.MX: implement a more correct version of EPIT timer.

This patch is providing a complete version of the EPIT timer.

Note, however that the GPT timer in the same file is still not
complete.

Signed-off-by: Jean-Christophe DUBOIS <jcd@tribudubois.net>
Message-id: 1365624982-15647-1-git-send-email-jcd@tribudubois.net
Reviewed-by: Peter Chubb <peter.chubb@nicta.com.au>
[PMM: wrapped an overly long line]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoqdev: skip bus check for bus-less devices in qdev_unplug()
Igor Mammedov [Fri, 3 May 2013 13:25:36 +0000 (15:25 +0200)] 
qdev: skip bus check for bus-less devices in qdev_unplug()

Since commit 2f7bd829db "qdev: Fix device_add bus assumptions"
it's possible to device_add bus-less device, but if such device is
unplugged it will dereference NULL parent_bus in qdev_unplug().

Fix it by taking in account that parent_bus might be NULL and
skipping bus check.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-id: 1367587536-14964-1-git-send-email-imammedo@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
8 years agovirtio-scsi: fix the command line compatibility.
KONRAD Frederic [Tue, 30 Apr 2013 14:08:51 +0000 (16:08 +0200)] 
virtio-scsi: fix the command line compatibility.

The bus name is wrong since the refactoring.

This keeps the behaviour of the command line.

Signed-off-by: KONRAD Frederic <fred.konrad@greensocs.com>
Tested-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Message-id: 1367330931-12994-6-git-send-email-fred.konrad@greensocs.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
8 years agovirtio-serial: fix command line compatibility.
KONRAD Frederic [Tue, 30 Apr 2013 14:08:50 +0000 (16:08 +0200)] 
virtio-serial: fix command line compatibility.

The bus name is wrong since the refactoring.

This keeps the behaviour of the command line.

Signed-off-by: KONRAD Frederic <fred.konrad@greensocs.com>
Tested-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Message-id: 1367330931-12994-5-git-send-email-fred.konrad@greensocs.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
8 years agoscsi: add bus_name parameter to scsi_bus_new.
KONRAD Frederic [Tue, 30 Apr 2013 14:08:49 +0000 (16:08 +0200)] 
scsi: add bus_name parameter to scsi_bus_new.

This adds the possibility to create a scsi-bus with a specified name.

Signed-off-by: KONRAD Frederic <fred.konrad@greensocs.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Tested-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Message-id: 1367330931-12994-4-git-send-email-fred.konrad@greensocs.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
8 years agovirtio: add virtio_device_set_child_bus_name.
KONRAD Frederic [Tue, 30 Apr 2013 14:08:48 +0000 (16:08 +0200)] 
virtio: add virtio_device_set_child_bus_name.

Add virtio_device_set_child_bus_name function.

It will be used with virtio-serial-x and virtio-scsi-x to set the
child bus name before calling virtio-x-device's init.

Signed-off-by: KONRAD Frederic <fred.konrad@greensocs.com>
Tested-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Message-id: 1367330931-12994-3-git-send-email-fred.konrad@greensocs.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
8 years agovirtio-x-bus: force bus name to virtio-bus.
KONRAD Frederic [Tue, 30 Apr 2013 14:08:47 +0000 (16:08 +0200)] 
virtio-x-bus: force bus name to virtio-bus.

When the proxy id is set, this bus takes the name "id.0" which is expected
to be the virtio-device's first bus.

So force this name to "virtio-bus" as it is an internal bus.

Signed-off-by: KONRAD Frederic <fred.konrad@greensocs.com>
Tested-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Message-id: 1367330931-12994-2-git-send-email-fred.konrad@greensocs.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
8 years agoTLS support for VNC Websockets
Tim Hardeck [Tue, 23 Apr 2013 14:33:01 +0000 (16:33 +0200)] 
TLS support for VNC Websockets

Added TLS support to the VNC QEMU Websockets implementation.
VNC-TLS needs to be enabled for this feature to be used.

The required certificates are specified as in case of VNC-TLS
with the VNC parameter "x509=<path>".

If the server certificate isn't signed by a rooth authority it needs to
be manually imported in the browser because at least in case of Firefox
and Chrome there is no user dialog, the connection just gets canceled.

As a side note VEncrypt over Websocket doesn't work atm because TLS can't
be stacked in the current implementation. (It also didn't work before)
Nevertheless to my knowledge there is no HTML 5 VNC client which supports
it and the Websocket connection can be encrypted with regular TLS now so
it should be fine for most use cases.

Signed-off-by: Tim Hardeck <thardeck@suse.de>
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Message-id: 1366727581-5772-1-git-send-email-thardeck@suse.de
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
8 years agoaudio: Enable all cards
Jan Kiszka [Wed, 1 May 2013 14:14:34 +0000 (16:14 +0200)] 
audio: Enable all cards

...or they will bitrot to death.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Message-id: 5181234A.6060504@web.de
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
8 years agowin32: fix compilation again
Paolo Bonzini [Wed, 1 May 2013 16:30:15 +0000 (18:30 +0200)] 
win32: fix compilation again

While commit c02817e5bfbb27955cac970019e6670dc427bc41 fixed compilation
without an installed libtool, moving the dependencies to rules.mak does
not work because the version-*-y variables are not defined yet.  Building
in a clean tree thus fails.

Revert the commit and remove the dummy /bin/false assignment to LIBTOOL.
This makes the build work, at the price of slightly worse errors when
there are Makefile bugs.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1367425815-15083-1-git-send-email-pbonzini@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
8 years agolibqos: Relocate I2C files
Andreas Färber [Thu, 2 May 2013 13:56:26 +0000 (15:56 +0200)] 
libqos: Relocate I2C files

Commit c4efe1cada311b9dc0df5beb71c4227ff3414aa1 (qtest: add libqos
including PCI support) created a libqos/ subdirectory but left the
existing I2C libqos files libi2c*.[hc] in tests/. Clean this up.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Message-id: 1367502986-15104-1-git-send-email-afaerber@suse.de
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
8 years agoMerge remote-tracking branch 'stefanha/tracing' into staging
Anthony Liguori [Fri, 3 May 2013 16:20:15 +0000 (11:20 -0500)] 
Merge remote-tracking branch 'stefanha/tracing' into staging

# By Eiichi Tsukata (2) and Kazuya Saito (2)
# Via Stefan Hajnoczi
* stefanha/tracing:
  trace: document ftrace backend
  trace: Add ftrace tracing backend
  kvm-all: add kvm_run_exit tracepoint
  kvm-all: add kvm_ioctl, kvm_vm_ioctl, kvm_vcpu_ioctl tracepoints

Message-id: 1367582485-15579-1-git-send-email-stefanha@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
8 years agoMerge remote-tracking branch 'stefanha/net' into staging
Anthony Liguori [Fri, 3 May 2013 16:20:07 +0000 (11:20 -0500)] 
Merge remote-tracking branch 'stefanha/net' into staging

# By Amos Kong (1) and Jason Wang (1)
# Via Stefan Hajnoczi
* stefanha/net:
  tap: properly initialize vhostfds
  net: make network client name unique

Message-id: 1367582254-15060-1-git-send-email-stefanha@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
8 years agoMerge remote-tracking branch 'stefanha/block' into staging
Anthony Liguori [Fri, 3 May 2013 16:20:02 +0000 (11:20 -0500)] 
Merge remote-tracking branch 'stefanha/block' into staging

# By Fam Zheng (8) and others
# Via Stefan Hajnoczi
* stefanha/block:
  qemu-iotests: Filter out 'adapter_type'
  nbd: support large NBD requests
  nbd: use g_slice_new() instead of a freelist
  qemu-iotests: Filter out vmdk creation options
  vmdk: add bdrv_co_write_zeroes
  vmdk: store fields of VmdkMetaData in cpu endian
  vmdk: change magic number to macro
  vmdk: Add option to create zeroed-grain image
  vmdk: add support for “zeroed‐grain” GTE
  vmdk: named return code.
  blockdev: Replace "undefined error" in qmp_block_resize
  block: add read-only support to VHDX image format.
  block: initial VHDX driver support framework - supports open and probe
  block: vhdx header for the QEMU support of VHDX images
  qemu: add castagnoli crc32c checksum algorithm

8 years agotrace: document ftrace backend
Eiichi Tsukata [Thu, 11 Apr 2013 11:25:16 +0000 (20:25 +0900)] 
trace: document ftrace backend

Add documentation of ftrace backend.

Signed-off-by: Eiichi Tsukata <eiichi.tsukata.xh@hitachi.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
8 years agotrace: Add ftrace tracing backend
Eiichi Tsukata [Thu, 11 Apr 2013 11:25:15 +0000 (20:25 +0900)] 
trace: Add ftrace tracing backend

This patch adds a ftrace tracing backend which sends trace event to
ftrace marker file. You can effectively compare qemu trace data and
kernel(especially, kvm.ko when using KVM) trace data.
The ftrace backend is restricted to Linux only.

To try out the ftrace backend:

 $ ./configure --trace-backend=ftrace
 $ make

if you use KVM, enable kvm events in ftrace:

 # sudo echo 1 > /sys/kernel/debug/tracing/events/kvm/enable

After running qemu by root user, you can get the trace:

 # cat /sys/kernel/debug/tracing/trace

Signed-off-by: Eiichi Tsukata <eiichi.tsukata.xh@hitachi.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
8 years agokvm-all: add kvm_run_exit tracepoint
Kazuya Saito [Fri, 29 Mar 2013 04:27:52 +0000 (13:27 +0900)] 
kvm-all: add kvm_run_exit tracepoint

This patch enable us to know exit reason of KVM_RUN. It will help us
know where the trouble is caused.

Signed-off-by: Kazuya Saito <saito.kazuya@jp.fujitsu.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
8 years agokvm-all: add kvm_ioctl, kvm_vm_ioctl, kvm_vcpu_ioctl tracepoints
Kazuya Saito [Fri, 29 Mar 2013 04:27:05 +0000 (13:27 +0900)] 
kvm-all: add kvm_ioctl, kvm_vm_ioctl, kvm_vcpu_ioctl tracepoints

This patch adds tracepoints at ioctl to kvm. Tracing these ioctl is
useful for clarification whether the cause of troubles is qemu or kvm.

Signed-off-by: Kazuya Saito <saito.kazuya@jp.fujitsu.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
8 years agotap: properly initialize vhostfds
Jason Wang [Fri, 19 Apr 2013 07:11:15 +0000 (15:11 +0800)] 
tap: properly initialize vhostfds

Only tap->vhostfd were checked net_init_tap_one(), but tap->vhostfds were
forgot, this will lead qemu to ignore all fds passed by management through
vhostfds, and tries to create vhost_net device itself. Fix by adding this check
also.

Reportyed-by: Michal Privoznik <mprivozn@redhat.com>
Cc: Michal Privoznik <mprivozn@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
8 years agonet: make network client name unique
Amos Kong [Mon, 15 Apr 2013 10:55:19 +0000 (18:55 +0800)] 
net: make network client name unique

assign_name() creates a name MODEL.NUM, where MODEL is the client's model,
and NUM is the number of MODELs that already exist.

Markus added NIC naming for non-VLAN clients in commit 53e51d85.
commit d33d93b2 incorrectly added a judgement of net-hub. It caused
net clients created with -netdev get same names.

eg:
 # qemu-upstream -device virtio-net-pci,netdev=h1 -netdev tap,id=h1 \
                    -device virtio-net-pci,netdev=h2 -netdev tap,id=h2 ..
 (qemu) info network
 virtio-net-pci.0: index=0,type=nic,model=virtio-net-pci,macaddr=52:54:00:12:34:56
  \ h1: index=0,type=tap,ifname=tap0,script=/etc/qemu-ifup,downscript=/etc/qemu-ifdown
 virtio-net-pci.0: index=0,type=nic,model=virtio-net-pci,macaddr=52:54:00:12:34:57
  \ h2: index=0,type=tap,ifname=tap1,script=/etc/qemu-ifup,downscript=/etc/qemu-ifdown

This patch removed the check of nic-hub, and created unique names for
all net clients that have same model.

v2: update commitlog & comments

Signed-off-by: Amos Kong <akong@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
8 years agoqemu-iotests: Filter out 'adapter_type'
Fam Zheng [Fri, 3 May 2013 07:31:16 +0000 (15:31 +0800)] 
qemu-iotests: Filter out 'adapter_type'

Filter out vmdk creation option 'adapter_type' for vmdk. So that tests
with an explicit './check -o adapter_type=XXX' will not fail.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
8 years agonbd: support large NBD requests
Stefan Hajnoczi [Thu, 2 May 2013 12:23:08 +0000 (14:23 +0200)] 
nbd: support large NBD requests

The Linux nbd driver recently increased the maximum supported request
size up to 32 MB:

  commit 078be02b80359a541928c899c2631f39628f56df
  Author: Michal Belczyk <belczyk@bsd.krakow.pl>
  Date:   Tue Apr 30 15:28:28 2013 -0700

      nbd: increase default and max request sizes

      Raise the default max request size for nbd to 128KB (from 127KB) to get it
      4KB aligned.  This patch also allows the max request size to be increased
      (via /sys/block/nbd<x>/queue/max_sectors_kb) to 32MB.

QEMU's 1 MB buffers are too small to handle these requests.

This patch allocates data buffers dynamically and allows up to 32 MB per
request.

Reported-by: Nick Thomas <nick@bytemark.co.uk>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
8 years agonbd: use g_slice_new() instead of a freelist
Stefan Hajnoczi [Thu, 2 May 2013 12:23:07 +0000 (14:23 +0200)] 
nbd: use g_slice_new() instead of a freelist

Use GLib's efficient slice allocator instead of open-coding the request
freelist.  This patch simplifies the NBDRequest code.

Now we qemu_blockalign() the req->data buffer each time but the next
patch switches from a fixed size buffer to a dynamic size anyway.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
8 years agotcg-arm: Use movi32 in exit_tb
Richard Henderson [Mon, 29 Apr 2013 15:08:23 +0000 (08:08 -0700)] 
tcg-arm: Use movi32 in exit_tb

Avoid the mini constant pool for armv7, and avoid replicating
the test for pre-v7.

Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
8 years agotcg-arm: Fix 64-bit tlb load for pre-v6
Richard Henderson [Mon, 29 Apr 2013 15:08:22 +0000 (08:08 -0700)] 
tcg-arm: Fix 64-bit tlb load for pre-v6

Found by inspection, since the effect of the bug was simply to
send all memory ops through the slow path.

Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
8 years agotarget-mips: fix calculation of overflow for SHLL.PH and SHLL.QB
Petar Jovanovic [Sun, 28 Apr 2013 01:18:36 +0000 (03:18 +0200)] 
target-mips: fix calculation of overflow for SHLL.PH and SHLL.QB

This change corrects and simplifies how discard is calculated for shift
left logical vector instructions. It is used to detect overflow and set bit
22 in the DSPControl register.

The existing tests (shll_ph.c, shll_qb.c) are extended with the corner cases
that expose incorrectness in the previous implementation.

Signed-off-by: Petar Jovanovic <petar.jovanovic@imgtec.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
8 years agoqemu-iotests: Filter out vmdk creation options
Fam Zheng [Fri, 3 May 2013 01:31:40 +0000 (09:31 +0800)] 
qemu-iotests: Filter out vmdk creation options

Cover new image creation options for vmdk, so we can use '-o
zeroed_grain=XXX' and '-o subformat=XXX' to run the tests successfully.

Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
8 years agovmdk: add bdrv_co_write_zeroes
Fam Zheng [Thu, 2 May 2013 02:25:27 +0000 (10:25 +0800)] 
vmdk: add bdrv_co_write_zeroes

Use special offset to write zeroes efficiently, when zeroed-grain GTE is
available. If zero-write an allocated cluster, cluster is leaked because
its offset pointer is overwritten by "0x1".

Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
8 years agovmdk: store fields of VmdkMetaData in cpu endian
Fam Zheng [Thu, 2 May 2013 02:25:26 +0000 (10:25 +0800)] 
vmdk: store fields of VmdkMetaData in cpu endian

Previously VmdkMetaData.offset is stored little endian while other
fields are cpu endian. This changes offset to cpu endian and convert
before writing to image.
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
8 years agovmdk: change magic number to macro
Fam Zheng [Thu, 2 May 2013 02:25:25 +0000 (10:25 +0800)] 
vmdk: change magic number to macro

Two hard coded flag bits are changed to macros.
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
8 years agovmdk: Add option to create zeroed-grain image
Fam Zheng [Thu, 2 May 2013 02:25:24 +0000 (10:25 +0800)] 
vmdk: Add option to create zeroed-grain image

Add image create option "zeroed-grain" to enable zeroed-grain GTE
feature of vmdk sparse extents. When this option is on, header version
of newly created extent will be 2 and VMDK4_FLAG_ZERO_GRAIN flag bit
will be set.

Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
8 years agovmdk: add support for “zeroed‐grain” GTE
Fam Zheng [Thu, 2 May 2013 02:25:23 +0000 (10:25 +0800)] 
vmdk: add support for “zeroed‐grain” GTE

Introduced support for zeroed-grain GTE, as specified in Virtual Disk
Format 5.0[1].

    Recent VMware hosted platform products support a new “zeroed‐grain”
    grain table entry (GTE). The zeroed‐grain GTE returns all zeros on
    read.  In other words, the zeroed‐grain GTE indicates that a grain
    in the child disk is zero‐filled but does not actually occupy space
    in storage.  A sparse extent with zeroed‐grain GTE has the following
    in its header:

     * SparseExtentHeader.version = 2
     * SparseExtentHeader.flags has bit 2 set

    Other than the new flag and the possibly zeroed‐grain GTE, version 2
    sparse extents are identical to version 1.  Also, a zeroed‐grain GTE
    has value 0x1 in the GT table.

[1] Virtual Disk Format 5.0, http://www.vmware.com/support/developer/vddk/vmdk_50_technote.pdf?src=vmdk
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
8 years agovmdk: named return code.
Fam Zheng [Thu, 2 May 2013 02:25:22 +0000 (10:25 +0800)] 
vmdk: named return code.

Internal routines in vmdk.c previously return -1 on error and 0 on
success. More return values are useful for future changes such as
zeroed-grain GTE. Change all the magic `return 0` and `return -1` to
macro names:

 * VMDK_OK      0
 * VMDK_ERROR   (-1)
 * VMDK_UNALLOC (-2)
 * VMDK_ZEROED  (-3)

Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
8 years agoblockdev: Replace "undefined error" in qmp_block_resize
Kevin Wolf [Thu, 2 May 2013 13:32:55 +0000 (15:32 +0200)] 
blockdev: Replace "undefined error" in qmp_block_resize

We have an errno value that can be displayed, so we should just do that.
An easy way to reproduce this case is to resize a raw image to a size
that is too large for the host file system.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
8 years agoblock: add read-only support to VHDX image format.
Jeff Cody [Mon, 29 Apr 2013 18:48:19 +0000 (14:48 -0400)] 
block: add read-only support to VHDX image format.

This adds in read-only support to the VHDX image format.  This supports
reads for fixed-size, and dynamic sized VHDX images.

Differencing files are still unsupported.

The image must be opened without BDRV_O_RDWR set, because we do not
yet update the headers.  I.e., pass 'readonly=on' in the drive image
options from the QEMU commandline.

Signed-off-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
8 years agoblock: initial VHDX driver support framework - supports open and probe
Jeff Cody [Mon, 29 Apr 2013 18:48:18 +0000 (14:48 -0400)] 
block: initial VHDX driver support framework - supports open and probe

This is the initial block driver framework for VHDX image support
(i.e. Hyper-V image file formats), that supports opening VHDX files, and
parsing the headers.

This commit does not yet enable:
    - reading
    - writing
    - updating the header
    - differencing files (images with parents)
    - log replay / dirty logs (only clean images)

This is based on Microsoft's VHDX specification:
    "VHDX Format Specification v0.95", published 4/12/2012
    https://www.microsoft.com/en-us/download/details.aspx?id=29681

Signed-off-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
8 years agoblock: vhdx header for the QEMU support of VHDX images
Jeff Cody [Mon, 29 Apr 2013 18:48:17 +0000 (14:48 -0400)] 
block: vhdx header for the QEMU support of VHDX images

This is based on Microsoft's VHDX specification:
    "VHDX Format Specification v0.95", published 4/12/2012
    https://www.microsoft.com/en-us/download/details.aspx?id=29681

These structures define the various header, metadata, and other
block structures defined in the VHDX specification.

Signed-off-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
8 years agoqemu: add castagnoli crc32c checksum algorithm
Jeff Cody [Mon, 29 Apr 2013 18:48:16 +0000 (14:48 -0400)] 
qemu: add castagnoli crc32c checksum algorithm

This adds the Castagnoli CRC32C algorithm, using the 0x11EDC6F41
polynomial.

This is extracted from the linux kernel cryptographic crc32.c module.

The algorithm is based on:

Castagnoli93: Guy Castagnoli and Stefan Braeuer and Martin Herrman
             "Optimization of Cyclic Redundancy-Check Codes with 24
              and 32 Parity Bits", IEEE Transactions on Communication,
              Volume 41, Number 6, June 1993

Signed-off-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
8 years agoMerge remote-tracking branch 'afaerber/qom-cpu' into staging
Anthony Liguori [Thu, 2 May 2013 15:57:01 +0000 (10:57 -0500)] 
Merge remote-tracking branch 'afaerber/qom-cpu' into staging

# By Igor Mammedov (21) and others
# Via Andreas Färber
* afaerber/qom-cpu: (29 commits)
  Drop redundant resume_all_vcpus() from main()
  cpus: Fix pausing TCG CPUs while in vCPU thread
  target-i386: Replace cpuid_*features fields with a feature word array
  target-i386: Break CPUID feature definition lines
  target-i386/kvm.c: Code formatting changes
  target-i386: Group together level, xlevel, xlevel2 fields
  pc: Implement QEMUMachine::hot_add_cpu hook
  QMP: Add cpu-add command
  Add hot_add_cpu hook to QEMUMachine
  target-i386: Move APIC to ICC bus
  target-i386: Attach ICC bus to CPU on its creation
  target-i386: Introduce ICC bus/device/bridge
  cpu: Move cpu_write_elfXX_note() functions to CPUState
  kvmvapic: Make dependency on sysbus.h explicit
  target-i386: Replace MSI_SPACE_SIZE with APIC_SPACE_SIZE
  target-i386: Do not allow to set apic-id once CPU is realized
  target-i386: Introduce apic-id CPU property
  target-i386: Introduce feat2prop() for CPU properties
  acpi_piix4: Add infrastructure to send CPU hot-plug GPE to guest
  cpu: Add helper cpu_exists(), to check if CPU with specified id exists
  ...

8 years agoMerge remote-tracking branch 'mjt/trivial-patches' into staging
Anthony Liguori [Thu, 2 May 2013 15:56:07 +0000 (10:56 -0500)] 
Merge remote-tracking branch 'mjt/trivial-patches' into staging

# By Andreas Färber (1) and others
# Via Michael Tokarev
* mjt/trivial-patches:
  pvscsi: fix compilation on 32 bit hosts
  Trivial grammar and spelling fixes
  configure: Pick up libseccomp include path

8 years agoDrop redundant resume_all_vcpus() from main()
Jan Kiszka [Mon, 20 Aug 2012 18:11:36 +0000 (20:11 +0200)] 
Drop redundant resume_all_vcpus() from main()

VCPUs are either resumed directly via vm_start(), after the incoming
migration is done, or when a continue command is issued. We don't need
the explicit resume before entering main_loop().

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
8 years agocpus: Fix pausing TCG CPUs while in vCPU thread
Andreas Färber [Thu, 2 May 2013 09:22:05 +0000 (11:22 +0200)] 
cpus: Fix pausing TCG CPUs while in vCPU thread

Due to a preceding while loop, no CPU would've been put into stopped
state. Reinitialize the variable.
This fixes commit d798e97456658ea7605303b7c69b04ec7df95c10 (Allow to use
pause_all_vcpus from VCPU context) for non-KVM case.

While at it, change a 0 to false, amending commit
4fdeee7cd4c8f90ef765537b9346a195d9483ab5 (cpu: Move stop field to
CPUState).

Reviewed-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
8 years agotarget-i386: Replace cpuid_*features fields with a feature word array
Eduardo Habkost [Mon, 22 Apr 2013 19:00:15 +0000 (16:00 -0300)] 
target-i386: Replace cpuid_*features fields with a feature word array

This replaces the feature-bit fields on both X86CPU and x86_def_t
structs with an array.

With this, we will be able to simplify code that simply does the same
operation on all feature words (e.g. kvm_check_features_against_host(),
filter_features_for_kvm(), add_flagname_to_bitmaps(), CPU feature-bit
property lookup/registration, and the proposed "feature-words" property)

The following field replacements were made on X86CPU and x86_def_t:

  (cpuid_)features         -> features[FEAT_1_EDX]
  (cpuid_)ext_features     -> features[FEAT_1_ECX]
  (cpuid_)ext2_features    -> features[FEAT_8000_0001_EDX]
  (cpuid_)ext3_features    -> features[FEAT_8000_0001_ECX]
  (cpuid_)ext4_features    -> features[FEAT_C000_0001_EDX]
  (cpuid_)kvm_features     -> features[FEAT_KVM]
  (cpuid_)svm_features     -> features[FEAT_SVM]
  (cpuid_)7_0_ebx_features -> features[FEAT_7_0_EBX]

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
8 years agotarget-i386: Break CPUID feature definition lines
Eduardo Habkost [Mon, 22 Apr 2013 19:00:14 +0000 (16:00 -0300)] 
target-i386: Break CPUID feature definition lines

Break lines on kvm_check_features_against_host(), kvm_cpu_fill_host(),
and builtin_x86_defs, so they don't get too long once the *_features
fields are replaced by an array.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
8 years agotarget-i386/kvm.c: Code formatting changes
Eduardo Habkost [Mon, 22 Apr 2013 19:00:13 +0000 (16:00 -0300)] 
target-i386/kvm.c: Code formatting changes

Add appropriate spaces around operators, and break line where it needs
to be broken to allow feature-words array to be introduced without
having too-long lines.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
8 years agotarget-i386: Group together level, xlevel, xlevel2 fields
Eduardo Habkost [Mon, 22 Apr 2013 19:00:12 +0000 (16:00 -0300)] 
target-i386: Group together level, xlevel, xlevel2 fields

Consolidate level, xlevel, xlevel2 fields in x86_def_t and CPUX86State.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
8 years agopvscsi: fix compilation on 32 bit hosts
Hervé Poussineau [Wed, 1 May 2013 05:41:26 +0000 (07:41 +0200)] 
pvscsi: fix compilation on 32 bit hosts

This fixes the following error:
In file included from qemu/include/trace.h:4:0,
                 from trace/generated-events.c:3:
./trace/generated-tracers.h: In function ‘trace_pvscsi_get_sg_list’:
./trace/generated-tracers.h:4271:9: error: format ‘%lu’ expects argument of
type ‘long unsigned int’, but argument 4 has type ‘size_t’ [-Werror=format]

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
8 years agoTrivial grammar and spelling fixes
Stefan Weil [Sun, 28 Apr 2013 09:49:57 +0000 (11:49 +0200)] 
Trivial grammar and spelling fixes

similiar -> similar
recieve -> receive
transfered -> transferred
preperation -> preparation

Most changes are in comments, one modifies a parameter name in a function
prototype.

The spelling fixes were made using codespell.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Acked-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
8 years agoconfigure: Pick up libseccomp include path
Andreas Färber [Sun, 28 Apr 2013 14:27:26 +0000 (16:27 +0200)] 
configure: Pick up libseccomp include path

openSUSE 12.3 has seccomp.h in /usr/include/libseccomp-1.0.1,
so add `pkg-config --cflags libseccomp` output to QEMU_CFLAGS.

Cc: qemu-stable@nongnu.org
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
8 years agopc: Implement QEMUMachine::hot_add_cpu hook
Igor Mammedov [Tue, 30 Apr 2013 16:00:53 +0000 (18:00 +0200)] 
pc: Implement QEMUMachine::hot_add_cpu hook

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
8 years agoQMP: Add cpu-add command
Igor Mammedov [Tue, 30 Apr 2013 13:41:25 +0000 (15:41 +0200)] 
QMP: Add cpu-add command

Adds "cpu-add id=xxx" QMP command.

cpu-add's "id" argument is a CPU number in a range [0..max-cpus)

Example QMP command:
 -> { "execute": "cpu-add", "arguments": { "id": 2 } }
 <- { "return": {} }

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Acked-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
8 years agoAdd hot_add_cpu hook to QEMUMachine
Igor Mammedov [Tue, 30 Apr 2013 13:41:24 +0000 (15:41 +0200)] 
Add hot_add_cpu hook to QEMUMachine

Hook should be set by machines that implement CPU hot-add
via cpu-add QMP command.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
8 years agotarget-i386: Move APIC to ICC bus
Igor Mammedov [Mon, 29 Apr 2013 17:03:01 +0000 (19:03 +0200)] 
target-i386: Move APIC to ICC bus

It allows APIC to be hotplugged.

 * map APIC's mmio at board level if it is present
 * do not register mmio region for each APIC, since
   only one is used/mapped

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
8 years agotarget-i386: Attach ICC bus to CPU on its creation
Igor Mammedov [Mon, 29 Apr 2013 16:54:13 +0000 (18:54 +0200)] 
target-i386: Attach ICC bus to CPU on its creation

X86CPU should have parent bus so it could provide bus for child APIC.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
8 years agotarget-i386: Introduce ICC bus/device/bridge
Igor Mammedov [Mon, 29 Apr 2013 15:02:50 +0000 (17:02 +0200)] 
target-i386: Introduce ICC bus/device/bridge

Provides a hotpluggable bus for APIC and CPU.

* icc-bridge will serve as a parent for icc-bus and provide
  mmio mapping services to child icc-devices.
* icc-device will replace SysBusDevice as a parent of APIC
  and IOAPIC devices.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
8 years agocpu: Move cpu_write_elfXX_note() functions to CPUState
Jens Freimann [Fri, 19 Apr 2013 14:45:06 +0000 (16:45 +0200)] 
cpu: Move cpu_write_elfXX_note() functions to CPUState

Convert cpu_write_elfXX_note() functions to CPUClass methods and pass
CPUState as argument. Update target-i386 accordingly.

Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
[AF: Retain stubs as CPUClass' default method implementation; style changes]
Signed-off-by: Andreas Färber <afaerber@suse.de>
8 years agokvmvapic: Make dependency on sysbus.h explicit
Igor Mammedov [Thu, 25 Apr 2013 14:05:30 +0000 (16:05 +0200)] 
kvmvapic: Make dependency on sysbus.h explicit

Allows kvmvapic to compile if sysbus.h is removed from apic_internal.h,
from which it is indirectly included.
sysbus.h will be removed from apic_internal.h after converting
APICs to ICCDevice.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
8 years agotarget-i386: Replace MSI_SPACE_SIZE with APIC_SPACE_SIZE
Igor Mammedov [Thu, 25 Apr 2013 14:05:29 +0000 (16:05 +0200)] 
target-i386: Replace MSI_SPACE_SIZE with APIC_SPACE_SIZE

Put APIC_SPACE_SIZE in a public header so that it can be
reused elsewhere later.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
8 years agotarget-i386: Do not allow to set apic-id once CPU is realized
Igor Mammedov [Fri, 26 Apr 2013 17:51:52 +0000 (19:51 +0200)] 
target-i386: Do not allow to set apic-id once CPU is realized

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>