hw/9pfs: use O_NOFOLLOW for mapped readlink operation
With mapped security models like mapped-xattr and mapped-file, we save the
symlink target as file contents. Now if we ever expose a normal directory
with mapped security model and find real symlinks in export path, never
follow them and return proper error.
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
When guest tries to chmod a block or char device file over 9pfs,
the qemu process segfaults. With 9p2000.u protocol we use wstat to
change mode bits and client don't send extension information for
chmod. We need to check for size field to check whether extension
info is present or not.
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reported-by: Michael Tokarev <mjt@tls.msk.ru> Acked-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Josh Durgin [Wed, 15 May 2013 18:31:01 +0000 (11:31 -0700)]
rbd: add an asynchronous flush
The existing bdrv_co_flush_to_disk implementation uses rbd_flush(),
which is sychronous and causes the main qemu thread to block until it
is complete. This results in unresponsiveness and extra latency for
the guest.
Fix this by using an asynchronous version of flush. This was added to
librbd with a special #define to indicate its presence, since it will
be backported to stable versions. Thus, there is no need to check the
version of librbd.
Implement this as bdrv_aio_flush, since it matches other aio functions
in the rbd block driver, and leave out bdrv_co_flush_to_disk when the
asynchronous version is available.
Reported-by: Oliver Francke <oliver@filoo.de> Signed-off-by: Josh Durgin <josh.durgin@inktank.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit dc7588c1eb3008bda53dde1d6b890cd299758155) Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Paolo Bonzini [Wed, 13 Mar 2013 14:58:13 +0000 (15:58 +0100)]
qemu-iotests: add tests for rebasing zero clusters
If zero clusters are erroneously treated as unallocated, "qemu-img rebase"
will copy the backing file's contents onto the cluster.
The bug existed also in image streaming, but since the root cause was in
qcow2's is_allocated implementation it is enough to test it with qemu-img.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit acbf30ec601b1f817febc4500025b7c4181312c4)
Conflicts:
tests/qemu-iotests/group
* fixed up to account for tests 48/49 being missing from 1.4
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
virtio-balloon: fix integer overflow in BALLOON_CHANGE QMP event
Because dev->actual is uint32_t, the expression 'dev->actual <<
VIRTIO_BALLOON_PFN_SHIFT' is truncated to 32 bits. This overflows when
dev->actual >= 1048576.
To reproduce:
1. Start a VM with a QMP socket and 5G of RAM
2. Connect to the QMP socket, negotiate capabilities and issue:
Paolo Bonzini [Wed, 20 Feb 2013 13:43:31 +0000 (14:43 +0100)]
qemu-timer: move timeBeginPeriod/timeEndPeriod to os-win32
These are needed for any of the Win32 alarm timer implementations.
They are not tied to mmtimer exclusively.
Jacob tested this patch with both mmtimer and Win32 timers.
Cc: qemu-stable@nongnu.org Tested-by: Jacob Kroon <jacob.kroon@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Stefan Weil <sw@weilnetz.de>
(cherry picked from commit 0727b867542eea7fedfd2c53568e9782627fd3bd)
Conflicts:
os-win32.c
* updated to retain cpu affinity settings for 1.4
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
configure: Don't fall back to gthread coroutine backend
The gthread coroutine backend is broken and does not produce a working
QEMU; it is only useful for some very limited debugging situations.
Clean up the backend selection logic in configure so that it now runs
"if on windows use windows; else prefer ucontext; else sigaltstack".
To do this we refactor the configure code to separate out "test
whether we have a working ucontext", "pick a default if user didn't
specify" and "validate that user didn't specify something invalid",
rather than having all three of these run together. We also simplify
the Makefile logic so it just links in the backend the configure
script selects.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1365419487-19867-3-git-send-email-peter.maydell@linaro.org Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> Signed-off-by: Brad Smith <brad@comstyle.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Hans de Goede [Fri, 15 Mar 2013 10:52:37 +0000 (11:52 +0100)]
usb-redir: Fix crash on migration with no client connected
If no client is connected on the src side, then we won't receive a
parser during migrate, in this case usbredir_post_load() should be a nop,
rather then to try to derefefence the NULL dev->parser pointer.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 3713e1485e6eace7d48b9c790602cfd92c616e5f)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Cole Robinson [Wed, 15 May 2013 21:56:22 +0000 (17:56 -0400)]
docs: Fix generating qemu-doc.html with texinfo 5
LC_ALL=C makeinfo --no-headers --no-split --number-sections --html qemu-doc.texi -o qemu-doc.html
./qemu-options.texi:1521: unknown command `list'
./qemu-options.texi:1521: table requires an argument: the formatter for @item
./qemu-options.texi:1521: warning: @table has text but no @item
This is for 1.4 stable only; master isn't affected, as it was fixed by
another commit (which isn't appropriate for stable):
Laszlo Ersek [Wed, 8 May 2013 15:31:35 +0000 (17:31 +0200)]
qga: distinguish binary modes in "guest_file_open_modes" map
In Windows guests this may make a difference.
Since the original patch (commit c689b4f1) sought to be pedantic and to
consider theoretical corner cases of portability, we should fix it up
where it failed to come through in that pursuit.
Suggested-by: Eric Blake <eblake@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
(cherry picked from commit 8fe6bbca7176c9dfb35083a71bda95c1856e2ed5)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Peter Maydell [Thu, 9 May 2013 15:30:31 +0000 (19:30 +0400)]
translate-all.c: Remove cpu_unlink_tb()
The (unsafe) function cpu_unlink_tb() is now unused, so we can simply
remove it and any code that was only used by it.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit 3a808cc407744c30daa7470b5f191cde1fbc1aae)
Conflicts:
translate-all.c
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Peter Maydell [Thu, 9 May 2013 15:30:30 +0000 (19:30 +0400)]
Handle CPU interrupts by inline checking of a flag
Fix some of the nasty TCG race conditions and crashes by implementing
cpu_exit() as setting a flag which is checked at the start of each TB.
This avoids crashes if a thread or signal handler calls cpu_exit()
while the execution thread is itself modifying the TB graph (which
may happen in system emulation mode as well as in linux-user mode
with a multithreaded guest binary).
This fixes the crashes seen in LP:668799; however there are another
class of crashes described in LP:1098729 which stem from the fact
that in linux-user with a multithreaded guest all threads will
use and modify the same global TCG date structures (including the
generated code buffer) without any kind of locking. This means that
multithreaded guest binaries are still in the "unsupported"
category.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit 378df4b23753a11be650af7664ca76bc75cb9f01)
Peter Maydell [Thu, 9 May 2013 15:30:29 +0000 (19:30 +0400)]
cpu-exec: wrap tcg_qemu_tb_exec() in a fn to restore the PC
If tcg_qemu_tb_exec() returns a value whose low bits don't indicate a
link to an indexed next TB, this means that the TB execution never
started (eg because the instruction counter hit zero). In this case the
guest PC has to be reset to the address of the start of the TB.
Refactor the cpu-exec code to make all tcg_qemu_tb_exec() calls pass
through a wrapper function which does this restoration if necessary.
Note that the apparent change in cpu_exec_nocache() from calling
cpu_pc_from_tb() with the old TB to calling it with the TB returned by
do_tcg_qemu_tb_exec() is safe, because in the nocache case we can
guarantee that the TB we try to execute is not linked to any others,
so the only possible returned TB is the one we started at. That is,
we should arguably previously have included in cpu_exec_nocache() an
assert(next_tb & ~TB_EXIT_MASK) == tb), since the API requires restore
from next_tb but we were using tb.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit 77211379d73ea0c89c0b5bb6eee74b17cb06f9a8)
Conflicts:
cpu-exec.c
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Peter Maydell [Thu, 9 May 2013 15:30:28 +0000 (19:30 +0400)]
tcg: Document tcg_qemu_tb_exec() and provide constants for low bit uses
Document tcg_qemu_tb_exec(). In particular, its return value is a
combination of a pointer to the next translation block and some
extra information in the low two bits. Provide some #defines for
the values passed in these bits to improve code clarity.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit 0980011b4f66482d2733ab2dd0f2f61747772c6b)
Conflicts:
tcg/tcg.h
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
In addition, at least all files created with the "guest-file-open" QMP
command, and all files created with shell output redirection (or
otherwise) by utilities invoked by the fsfreeze hook script are affected.
For now mask all file mode bits for "group" and "others" in
become_daemon().
Temporarily, for compatibility reasons, stick with the 0666 file-mode in
case of files newly created by the "guest-file-open" QMP call. Do so
without changing the umask temporarily.
Signed-off-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit c689b4f1bac352dcfd6ecb9a1d45337de0f1de67)
Conflicts:
qga/commands-posix.c
*update includes to match stable
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Aurelien Jarno [Wed, 8 May 2013 20:36:39 +0000 (22:36 +0200)]
tcg/optimize: fix setcond2 optimization
When setcond2 is rewritten into setcond, the state of the destination
temp should be reset, so that a copy of the previous value is not
used instead of the result.
Reported-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 66e61b55f158ef5628e4c056dd2f233c9351a3f5)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Andreas Färber [Sun, 28 Apr 2013 14:27:26 +0000 (16:27 +0200)]
configure: Pick up libseccomp include path
openSUSE 12.3 has seccomp.h in /usr/include/libseccomp-1.0.1,
so add `pkg-config --cflags libseccomp` output to QEMU_CFLAGS.
Cc: qemu-stable@nongnu.org Signed-off-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit 372e47e9b5e31c493823d7f512716644fb02d0fd)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
If a guest neglected to register (secondary) indicators but still runs
with notifications enabled, we might end up writing to guest zero;
avoid this by checking for valid indicators and only writing to the
guest and generating an interrupt if indicators have been setup.
Jason Wang [Fri, 19 Apr 2013 07:11:15 +0000 (15:11 +0800)]
tap: properly initialize vhostfds
Only tap->vhostfd were checked net_init_tap_one(), but tap->vhostfds were
forgot, this will lead qemu to ignore all fds passed by management through
vhostfds, and tries to create vhost_net device itself. Fix by adding this check
also.
Reportyed-by: Michal Privoznik <mprivozn@redhat.com> Cc: Michal Privoznik <mprivozn@redhat.com> Cc: qemu-stable@nongnu.org Signed-off-by: Jason Wang <jasowang@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 7873df408dd44eb92840b108211d5aa5db7db526)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
This happens when starting a guest with '-device virtio-rng-pci',
issuing a 'cat /dev/hwrng' in the guest, while also doing 'cat
/dev/random' on the host.
Andreas Färber [Mon, 15 Apr 2013 16:34:10 +0000 (18:34 +0200)]
qdev: Fix QOM unrealize behavior
Since commit 249d41720b7dfbb5951b430b9eefdbee7464f515 (qdev: Prepare
"realized" property) setting realized = true would register the device's
VMStateDescription, but realized = false would not unregister it. Fix that.
Moving the code from unparenting also revealed that we were calling
DeviceClass::init through DeviceClass::realize as interim solution but
DeviceClass::exit still at unparenting time with a realized check.
Make this symmetrical by implementing DeviceClass::unrealize to call it,
while we're setting realized = false in the unparenting path.
The only other unrealize user is mac_nvram, which can safely override it.
Thus, mark DeviceClass::exit as obsolete, new devices should implement
DeviceClass::unrealize instead.
Cc: qemu-stable@nongnu.org Signed-off-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Andreas Färber <afaerber@suse.de>
Message-id: 1366043650-9719-1-git-send-email-afaerber@suse.de Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit fe6c211781f80ef4fc246269cecbbc21981089f0)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Stefan Hajnoczi [Mon, 15 Apr 2013 14:14:46 +0000 (16:14 +0200)]
nbd: unlock mutex in nbd_co_send_request() error path
Cc: qemu-stable@nongnu.org Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 6760c47aa42ce30efdd12c132f73c8749c575995)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Currently the qemu-nbd program will auto-detect the format of
any disk it is given. This behaviour is known to be insecure.
For example, if qemu-nbd initially exposes a 'raw' file to an
unprivileged app, and that app runs
then the next time the app is started, the qemu-nbd will now
detect it as a 'qcow2' file and expose /etc/shadow to the
unprivileged app.
The only way to avoid this is to explicitly tell qemu-nbd what
disk format to use on the command line, completely disabling
auto-detection. This patch adds a '-f' / '--format' arg for
this purpose, mirroring what is already available via qemu-img
and qemu commands.
qemu-nbd --format raw -p 9000 evil.img
will now always use raw, regardless of what format 'evil.img'
looks like it contains
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
[Use errx, not err. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
*fixed conflict due to bdrv_open() not supporting "options" param
in v1.4.1
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
target-mips: Fix accumulator selection for MIPS16 and microMIPS
Add accumulator arguments to gen_HILO and gen_muldiv, rather than
extracting the accumulator directly from ctx->opcode. The extraction
was only right for the standard encoding: MIPS16 doesn't have access
to the DSP registers, while microMIPS encodes the accumulator register
in a different field (bits 14 and 15).
Passing the accumulator register is probably an over-generalisation
for division and 64-bit multiplication, which never access anything
other than HI and LO, and which always pass 0 as the new argument.
Separating them felt a bit fussy though.
Signed-off-by: Richard Sandiford <rdsandiford@googlemail.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 26135ead80fa1fd13e95c162dacfd06f2ba82981)
Conflicts:
target-mips/translate.c
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Brad Smith [Fri, 5 Apr 2013 00:37:53 +0000 (20:37 -0400)]
Allow clock_gettime() monotonic clock to be utilized on more OS's
Allow the clock_gettime() code using monotonic clock to be utilized on
more POSIX compliannt OS's. This started as a fix for OpenBSD which was
listed in one function as part of the previous hard coded list of OS's
for the functions to support but not in the other.
Signed-off-by: Brad Smith <brad@comstyle.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 20130405003748.GH884@rox.home.comstyle.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit d05ef160453e98546a4197496dc8a3cb2defac53)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
target-i386: Check for host features before filter_features_for_kvm()
commit 5ec01c2e96910e1588d1a0de8609b9dda7618c7f broke "-cpu ..,enforce",
as it has moved kvm_check_features_against_host() after the
filter_features_for_kvm() call. filter_features_for_kvm() removes all
features not supported by the host, so this effectively made
kvm_check_features_against_host() impossible to fail.
This patch changes the call so we check for host feature support before
filtering the feature bits.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Message-id: 1364935692-24004-1-git-send-email-ehabkost@redhat.com Cc: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit a509d632c877f7b5fa07368879b8ae5919a6d345)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Jason Wang [Fri, 22 Feb 2013 14:57:52 +0000 (22:57 +0800)]
help: add docs for missing 'queues' option of tap
Cc: Markus Armbruster <armbru@redhat.com> Cc: qemu-stable@nongnu.org Signed-off-by: Jason Wang <jasowang@redhat.com>
Message-id: 1361545072-30426-1-git-send-email-jasowang@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit ec3960148f95dd90e94511a6a64838bc3f474bcc)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Paolo Bonzini [Wed, 27 Mar 2013 13:34:32 +0000 (14:34 +0100)]
compiler: fix warning with GCC 4.8.0
GCC 4.8.0 introduces a new warning:
block/qcow2-snapshot.c: In function 'qcow2_write_snapshots’:
block/qcow2-snapshot.c:252:18: error: typedef 'qemu_build_bug_on__253'
locally defined but not used [-Werror=unused-local-typedefs]
QEMU_BUILD_BUG_ON(offsetof(QCowHeader, snapshots_offset) !=
^
cc1: all warnings being treated as errors
(Caret diagnostics aren't perfect yet with macros... :)) Work around it
with __attribute__((unused)).
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1364391272-1128-1-git-send-email-pbonzini@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 99835e00849369bab726a4dc4ceed1f6f9ed967c)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Peter Lieven [Mon, 11 Mar 2013 10:04:24 +0000 (11:04 +0100)]
block: complete all IOs before resizing a device
this patch ensures that all pending IOs are completed
before a device is resized. this is especially important
if a device is shrinked as it the bdrv_check_request()
result is invalidated.
Peter Lieven [Mon, 11 Mar 2013 10:03:28 +0000 (11:03 +0100)]
Revert "block: complete all IOs before .bdrv_truncate"
brdv_truncate() is also called from readv/writev commands on self-
growing file based storage. this will result in requests waiting
for theirselves to complete.
End tables before headings, start new ones afterwards. Fixes
incorrect indentation of headings "File system options" and "Virtual
File system pass-through options" in manual page and qemu-doc.
Normalize markup some to increase chances it survives future edits.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1360781383-28635-5-git-send-email-armbru@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit c70a01e449536c616c85ab820c6fbad7d7e9cf39)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Bruce Rogers [Tue, 2 Apr 2013 18:41:40 +0000 (12:41 -0600)]
acpi: initialize s4_val used in s4 shutdown
While investigating why a 32 bit Windows 2003 guest wasn't able to
successfully perform a shutdown /h, it was discovered that commit afafe4bbe0cf7d3318e1ac7b40925561f86a6bd4 inadvertently dropped the
initialization of the s4_val used to handle s4 shutdown.
Initialize the value as before.
Signed-off-by: Bruce Rogers <brogers@suse.com>
Message-id: 1364928100-487-1-git-send-email-brogers@suse.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 560e63965232e37d1916a447125cf91c18a96930)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Petar Jovanovic [Fri, 15 Mar 2013 17:56:19 +0000 (18:56 +0100)]
target-mips: fix rndrashift_short_acc and code for EXTR_ instructions
Fix for rndrashift_short_acc to set correct value to higher 64 bits.
This change also corrects conditions when bit 23 of the DSPControl register
is set.
The existing test files have been extended with several examples that
trigger the issues. One bug/example in the test file for EXTR_RS_W has been
found and reported by Klaus Peichl.
Signed-off-by: Petar Jovanovic <petar.jovanovic@imgtec.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 8b758d0568a986d58c254b3c209691c82e0f82a1)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Petar Jovanovic [Mon, 25 Feb 2013 15:45:40 +0000 (16:45 +0100)]
target-mips: fix DSP overflow macro and affected routines
The previous implementation incorrectly used same macro to detect overflow
for addition and subtraction. This patch makes distinction between these
two, and creates separate macros. The affected routines are changed
accordingly.
This change also includes additions to the existing tests for SUBQ_S_PH and
SUBQ_S_W that would trigger the fixed issue, and it removes dead code from
the test file. The last test case in subq_s_w.c is a bug found/reported/
isolated by Klaus Peichl from Dolby.
Signed-off-by: Petar Jovanovic <petar.jovanovic@imgtec.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 20c334a797bf46a4ee59a6e42be6d5e7c3cda585)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Petar Jovanovic [Thu, 7 Feb 2013 18:36:09 +0000 (19:36 +0100)]
target-mips: fix for sign-issue in MULQ_W helper
Correct sign-propagation before multiplication in MULQ_W helper.
The change also fixes previously incorrect expected values in the
tests for MULQ_RS.W and MULQ_S.W.
Signed-off-by: Petar Jovanovic <petarj@mips.com>
Richard Henderson <rth@twiddle.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit a345481baa2b2fb3d54f8c9ddb58dfcaf75786df)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Hans de Goede [Tue, 2 Apr 2013 17:15:05 +0000 (19:15 +0200)]
usb-tablet: Don't claim wakeup capability for USB-2 version
Our ehci code does not implement wakeup support, so claiming support for
it with usb-tablet in USB-2 mode causes all tablet events to get lost.
http://bugzilla.redhat.com/show_bug.cgi?id=929068
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit aa1c9e971e80d25b92908dce3dec7c38b49480ea)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Stefan Hajnoczi [Thu, 4 Apr 2013 14:18:31 +0000 (16:18 +0200)]
chardev: clear O_NONBLOCK on SCM_RIGHTS file descriptors
When we receive a file descriptor over a UNIX domain socket the
O_NONBLOCK flag is preserved. Clear the O_NONBLOCK flag and rely on
QEMU file descriptor users like migration, SPICE, VNC, block layer, and
others to set non-blocking only when necessary.
This change ensures we don't accidentally expose O_NONBLOCK in the QMP
API. QMP clients should not need to get the non-blocking state
"correct".
A recent real-world example was when libvirt passed a non-blocking TCP
socket for migration where we expected a blocking socket. The source
QEMU produced a corrupted migration stream since its code did not cope
with non-blocking sockets.
Stefan Hajnoczi [Thu, 4 Apr 2013 14:18:30 +0000 (16:18 +0200)]
qemu-socket: set passed fd non-blocking in socket_connect()
socket_connect() sets non-blocking on TCP or UNIX domain sockets if a
callback function is passed. Do the same for file descriptor passing,
otherwise we could unexpectedly be using a blocking file descriptor.
There are several code paths in net_init_socket() depending on how the
socket is created: file descriptor passing, UDP multicast, TCP, or UDP.
Some of these support both listen and connect.
Not all code paths set the socket to non-blocking. This patch addresses
the file descriptor passing and UDP cases which were missing
socket_set_nonblock(fd) calls.
I considered moving socket_set_nonblock(fd) to a central location but it
turns out the code paths are different enough to require non-blocking at
different places.
Gerd Hoffmann [Thu, 28 Feb 2013 08:18:56 +0000 (09:18 +0100)]
update seabios to 1.7.2.1
Alex Williamson (3):
seabios q35: Enable all PIRQn IRQs at startup
seabios q35: Add new PCI slot to irq routing function
seabios: Add a dummy PCI slot to irq mapping function
Avik Sil (1):
USB-EHCI: Fix null pointer assignment
Kevin O'Connor (4):
Update tools/acpi_extract.py to handle iasl 20130117 release.
Fix Makefile - don't reference "out/" directly, instead use "$(OUT)".
build: Don't require $(OUT) to be a sub-directory of the main
directory.
Verify CC is valid during build tests.
Peter Maydell [Fri, 8 Feb 2013 04:34:54 +0000 (04:34 +0000)]
linux-user/syscall.c: Don't warn about unimplemented get_robust_list
The nature of the kernel ABI for the get_robust_list and set_robust_list
syscalls means we cannot implement them in QEMU. Make get_robust_list
silently return ENOSYS rather than using the default "print message and
then fail ENOSYS" code path, in the same way we already do for
set_robust_list, and add a comment documenting why we do this.
This silences warnings which were being produced for emulating
even trivial programs like 'ls' in x86-64-on-x86-64.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
(cherry picked from commit e9a970a8316f9f86a6c800a9a90175bd593f862c)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Peter Maydell [Fri, 8 Feb 2013 07:58:41 +0000 (07:58 +0000)]
linux-user: make bogus negative iovec lengths fail EINVAL
If the guest passes us a bogus negative length for an iovec, fail
EINVAL rather than proceeding blindly forward. This fixes some of
the error cases tests for readv and writev in the LTP.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
(cherry picked from commit dfae8e00f8ddeedcda24bd28f71d4fd2a9f988b8)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Stefan Hajnoczi [Mon, 4 Mar 2013 14:02:31 +0000 (15:02 +0100)]
qcow2: flush refcount cache correctly in qcow2_write_snapshots()
Since qcow2 metadata is cached we need to flush the caches, not just the
underlying file. Use bdrv_flush(bs) instead of bdrv_flush(bs->file).
Also add the error return path when bdrv_flush() fails and move the
flush after checking for qcow2_alloc_clusters() failure so that the
qcow2_alloc_clusters() error return value takes precedence.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit f6977f15561973d4a67b6aa46da88aa678c505dd)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Stefan Hajnoczi [Mon, 4 Mar 2013 14:02:30 +0000 (15:02 +0100)]
qcow2: flush refcount cache correctly in alloc_refcount_block()
update_refcount() affects the refcount cache, it does not write to disk.
Therefore bdrv_flush(bs->file) does nothing. We need to flush the
refcount cache in order to write out the refcount updates!
While we're here also add error returns when qcow2_cache_flush() fails.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 9991923b262dc35f6dd8393ab4853edd7fc3724f)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Peter Lieven [Mon, 25 Feb 2013 17:12:03 +0000 (19:12 +0200)]
page_cache: fix memory leak
XBZRLE encoded migration introduced a MRU page cache
meachnism. Unfortunately, cached items where never freed in
case of a collision in the page cache on cache_insert().
This lead to out of memory conditions during XBZRLE migration
if the page cache was small and there where a lot of collisions
in the cache.
Signed-off-by: Peter Lieven <pl@kamp.de> Signed-off-by: Orit Wasserman <owasserm@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Juan Quintela <quintela@redhat.com>
(cherry picked from commit 32a1c08b60a8ac0e63b54a5793a26b5e32b36618)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
virtio-blk registers a vmstate change handler. Unfortunately this
handler is not unregistered on unplug, leading to some random
crashes if the system is restarted, e.g. via virsh reboot.
Lets unregister the vmstate change handler if the device is removed.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 69b302b2044a9a0f6d157d25b39a91ff7124c61f)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Mark Cave-Ayland [Sun, 24 Feb 2013 20:46:11 +0000 (20:46 +0000)]
ide/macio: Fix macio DMA initialisation.
Commit 07a7484e5d713f1eb7c1c37b18a8ab0d56d88875 accidentally introduced a bug
in the initialisation of the second macio DMA device which could cause some
DMA operations to segfault QEMU.
CC: Andreas Färber <afaerber@suse.de> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Acked-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 02d583c7232d65920634f7553700eb348f84e472)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Andreas Färber [Mon, 11 Feb 2013 10:53:11 +0000 (10:53 +0000)]
target-ppc: Fix CPU_POWERPC_MPC8547E
It was defined to ..._MPC8545E_v21 rather than ..._MPC8547E_v21.
Due to both resolving to CPU_POWERPC_e500v2_v21 this did not show.
Fixing this nontheless helps with QOM'ifying CPU aliases.
Signed-off-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Alexander Graf <agraf@suse.de>
(cherry picked from commit 0136d715ad985fccb8fed4bb5081d5bd20bfe88c)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
David Gibson [Sun, 10 Feb 2013 18:59:02 +0000 (18:59 +0000)]
pseries: Add cleanup hook for PAPR virtual LAN device
Currently the spapr-vlan device does not supply a cleanup call for its
NetClientInfo structure. With current qemu versions, that leads to a SEGV
on exit, when net_cleanup() attempts to call the cleanup handlers on all
net clients.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
(cherry picked from commit 156dfaded87d718a9ea798083e1c3e5ea7526713)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
As of 5a49d3e9 we assume SPICE_PORT_EVENT_BREAK to be defined.
However, it is defined not in 0.12.2 what we require now, but in
0.12.3. Therefore in order to prevent build failure we must
adjust our minimal requirements.
Paolo Bonzini [Fri, 22 Mar 2013 16:57:48 +0000 (17:57 +0100)]
qemu-bridge-helper: force usage of a very high MAC address for the bridge
Linux uses the lowest enslaved MAC address as the MAC address of
the bridge. Set MAC address to a high value so that it does not
affect the MAC address of the bridge.
Changing the MAC address of the bridge could cause a few seconds
of network downtime.
Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1363971468-21154-1-git-send-email-pbonzini@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 226ecabfbd410c7b2041385ea4b6f083a09ce8a2)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Yeongkyoon Lee [Fri, 22 Mar 2013 12:50:17 +0000 (21:50 +0900)]
tcg: Fix occasional TCG broken problem when ldst optimization enabled
is_tcg_gen_code() checks the upper limit of TCG generated code range wrong, so
that TCG could get broken occasionally only when CONFIG_QEMU_LDST_OPTIMIZATION
enabled. The reason is code_gen_buffer_max_size does not cover the upper range
up to (TCG_MAX_OP_SIZE * OPC_BUF_SIZE), thus code_gen_buffer_max_size should be
modified to code_gen_buffer_size.
CC: qemu-stable@nongnu.org Signed-off-by: Yeongkyoon Lee <yeongkyoon.lee@samsung.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 52ae646d4a3ebdcdcc973492c6a56f2c49b6578f)
Conflicts:
translate-all.c
*modified to use non-tcg-ctx version of code_gen_* variables
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 1363323879-682-1-git-send-email-peter.crosthwaite@xilinx.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 4f306496183d81aed4b43762cf3bfd6e054de767)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Michael Roth [Fri, 1 Mar 2013 17:40:27 +0000 (11:40 -0600)]
qemu-ga: use key-value store to avoid recycling fd handles after restart
Hosts hold on to handles provided by guest-file-open for periods that can
span beyond the life of the qemu-ga process that issued them. Since these
are issued starting from 0 on every restart, we run the risk of issuing
duplicate handles after restarts/reboots.
As a result, users with a stale copy of these handles may end up
reading/writing corrupted data due to their existing handles effectively
being re-assigned to an unexpected file or offset.
We unfortunately do not issue handles as strings, but as integers, so a
solution such as using UUIDs can't be implemented without introducing a
new interface.
As a workaround, we fix this by implementing a persistent key-value store
that will be used to track the value of the last handle that was issued
across restarts/reboots to avoid issuing duplicates.
The store is automatically written to the same directory we currently
set via --statedir to track fsfreeze state, and so should be applicable
for stable releases where this flag is supported.
A follow-up can use this same store for handling fsfreeze state, but
that change is cosmetic and left out for now.
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com> Cc: qemu-stable@nongnu.org
* fixed guest_file_handle_add() return value from uint64_t to int64_t
(cherry picked from commit 39097daf15c42243742667607d2cad2c9dc4f764)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Paolo Bonzini [Wed, 6 Mar 2013 17:02:01 +0000 (18:02 +0100)]
qcow2: make is_allocated return true for zero clusters
Otherwise, live migration of the top layer will miss zero clusters and
let the backing file show through. This also matches what is done in qed.
QCOW2_CLUSTER_ZERO clusters are invalid in v2 image files. Check this
directly in qcow2_get_cluster_offset instead of replicating the test
everywhere.
Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 381b487d54ba18c73df9db8452028a330058c505)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
David Gibson [Mon, 25 Feb 2013 19:27:12 +0000 (19:27 +0000)]
pseries: Add compatible property to root of device tree
Currently, for the pseries machine the device tree supplied by qemu to SLOF
and from there to the guest does not include a 'compatible property' at the
root level. Usually that works fine, since in this case the compatible
property doesn't really give any information not already found in the
'device_type' or 'model' properties.
However, the lack of 'compatible' confuses the bootloader install in the
SLES11 SP2 and SLES11 SP3 installers. This patch therefore adds a token
'compatible' property to work around that.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Cc: qemu-stable@nongnu.org Signed-off-by: Alexander Graf <agraf@suse.de>
(cherry picked from commit d63919c93e6fb0587632adafba82c21e55ea4396)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Allow virtio-net features for legacy s390 virtio bus
Enable all virtio-net features for the legacy s390 virtio bus. This also fixes
kernel BUG at /usr/src/packages/BUILD/kernel-default-3.0.58/linux-3.0/drivers/s390/kvm/kvm_virtio.c:121!
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Cc: qemu-stable@nongnu.org Signed-off-by: Alexander Graf <agraf@suse.de>
(cherry picked from commit 35569cea79fd3f5ccb5b23ca024c7d3aa4d24e75)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Paolo Bonzini [Mon, 25 Feb 2013 11:14:34 +0000 (12:14 +0100)]
scsi-disk: do not complete canceled UNMAP requests
Canceled requests should never be completed, and doing that could cause
accesses to a NULL hba_private field.
Cc: qemu-stable@nongnu.org Reported-by: Stefan Priebe <s.priebe@profihost.ag> Tested-by: Stefan Priebe <s.priebe@profihost.ag> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit d0242eadc5bba4f3abe34bc5d536bbfb81aa9891)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Paolo Bonzini [Fri, 22 Feb 2013 17:14:28 +0000 (18:14 +0100)]
iscsi: look for pkg-config file too
Due to library conflicts, Fedora will have to put libiscsi in
/usr/lib/iscsi. Simplify configuration by using a pkg-config
file. The Fedora package will distribute one, and the patch
to add it has been sent to upstream libiscsi as well.
Paolo Bonzini [Mon, 25 Feb 2013 11:16:05 +0000 (12:16 +0100)]
scsi-disk: handle io_canceled uniformly and correctly
Always check it immediately after calling bdrv_acct_done, and
always do a "goto done" in case the "done" label has to free
some memory---as is the case for scsi_unmap_complete in the
previous patch.
This patch could fix problems that happen when a request is
split into multiple parts, and one of them is canceled. Then
the next part is fired, but the HBA's cancellation callbacks have
fired already. Whether this happens or not, depends on how the
block/ driver implements AIO cancellation. It it does a simple
bdrv_drain_all() or similar, then it will not have a problem.
If it only cancels the given AIOCB, this scenario could happen.
Michael Roth [Fri, 1 Mar 2013 17:49:38 +0000 (11:49 -0600)]
qemu-ga: make guest-sync-delimited available during fsfreeze
We currently maintain a whitelist of commands that are safe during
fsfreeze. During fsfreeze, we disable all commands that aren't part of
that whitelist.
guest-sync-delimited meets the criteria for being whitelisted, and is
also required for qemu-ga clients that rely on guest-sync-delimited for
re-syncing the channel after a timeout.
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com> Cc: qemu-stable@nongnu.org Reviewed-by: Eric Blake <eblake@redhat.com>
(cherry picked from commit c5dcb6ae23a3ed7a01bae1cd75ce02abea31db5e)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Gerd Hoffmann [Wed, 20 Feb 2013 08:37:12 +0000 (09:37 +0100)]
vga: fix byteswapping.
In case host and guest endianness differ the vga code first creates
a shared surface (using qemu_create_displaysurface_from), then goes
patch the surface format to indicate that the bytes must be swapped.
The switch to pixman broke that hack as the format patching isn't
propagated into the pixman image, so ui code using the pixman image
directly (such as vnc) uses the wrong format.
Fix that by adding a byteswap parameter to
qemu_create_displaysurface_from, so we'll use the correct format
when creating the surface (and the pixman image) and don't have
to patch the format afterwards.
Jason Wang [Wed, 20 Feb 2013 10:04:01 +0000 (18:04 +0800)]
help: add docs for multiqueue tap options
Cc: Markus Armbruster <armbru@redhat.com> Cc: Jason Wang <jasowang@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Message-id: 1361354641-51969-1-git-send-email-jasowang@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 2ca81baa0b3363d57de94f8b80c02a003b361161)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Jason Wang [Fri, 22 Feb 2013 15:15:06 +0000 (23:15 +0800)]
net: reduce the unnecessary memory allocation of multiqueue
Edivaldo reports a problem that the array of NetClientState in NICState is too
large - MAX_QUEUE_NUM(1024) which will wastes memory even if multiqueue is not
used.
Instead of static arrays, solving this issue by allocating the queues on demand
for both the NetClientState array in NICState and VirtIONetQueue array in
VirtIONet.
Tested by myself, with single virtio-net-pci device. The memory allocation is
almost the same as when multiqueue is not merged.
Cc: Edivaldo de Araujo Pereira <edivaldoapereira@yahoo.com.br> Cc: qemu-stable@nongnu.org Signed-off-by: Jason Wang <jasowang@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit f6b26cf257232e5854c0e5c98a8685c625bf986e)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Igor Mitsyanko [Sun, 10 Mar 2013 13:58:05 +0000 (17:58 +0400)]
qemu-char.c: fix waiting for telnet connection message
Current colon position in "waiting for telnet connection" message template
produces messages like:
QEMU waiting for connection on: telnet::127.0.0.16666,server
After moving a colon to the right, we will get a correct messages like:
QEMU waiting for connection on: telnet:127.0.0.1:6666,server
Signed-off-by: Igor Mitsyanko <i.mitsyanko@gmail.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit e5545854dd1e2e3507b210ac0c1cbfca69ff0fcb)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Jason Wang [Thu, 21 Feb 2013 03:05:56 +0000 (11:05 +0800)]
tap: forbid creating multiqueue tap when hub is used
Obviously, hub does not support multiqueue tap. So this patch forbids creating
multiple queue tap when hub is used to prevent the crash when command line such
as "-net tap,queues=2" is used.
Cc: qemu-stable@nongnu.org Signed-off-by: Jason Wang <jasowang@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit ce675a7579fea498397c5d2da3c5367671e9f02a)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Peter Lieven [Mon, 18 Feb 2013 12:48:31 +0000 (13:48 +0100)]
block: complete all IOs before .bdrv_truncate
bdrv_truncate() invalidates the bdrv_check_request() result for
in-flight requests, so there should better be none.
Cc: qemu-stable@nongnu.org Signed-off-by: Peter Lieven <pl@kamp.de> Reported-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 9a665b2b8640e464f0a778216fc2dca8d02acf33)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Paolo Bonzini [Tue, 19 Feb 2013 10:59:10 +0000 (11:59 +0100)]
coroutine: trim down nesting level in perf_nesting test
20000 nested coroutines require 20 GB of virtual address space.
Only nest 1000 of them so that the test (only enabled with
"-m perf" on the command line) runs on 32-bit machines too.
Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 027003152f4cf21952f9282b4487daf3fdd372ba)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Andreas Färber [Sun, 17 Feb 2013 23:16:00 +0000 (23:16 +0000)]
target-ppc: Fix "G2leGP3" PVR
Unlike derived PVR constants mapped to CPU_POWERPC_G2LEgp3, the
"G2leGP3" model definition itself used the CPU_POWERPC_G2LEgp1 PVR.
Fixing this will allow to alias CPU_POWERPC_G2LEgp3-using types to
"G2leGP3".
Signed-off-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Alexander Graf <agraf@suse.de>
(cherry picked from commit bfe6d5b0daf9fdafeb0dbb7c26774dbb1bbb4507)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
With the updated OpenBIOS image, -M g3beige fails to boot quik.
Signed-off-by: Alexander Graf <agraf@suse.de> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-id: 1360796292-27078-1-git-send-email-agraf@suse.de Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The device returns false from the can receive function when the FIFO is
full. This means the device should check for buffered input whenever a byte is
popped from the FIFO.
Reported-by: Jason Wu <huanyu@xilinx.com> Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 1360632571-25638-1-git-send-email-peter.crosthwaite@xilinx.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Stefan Hajnoczi [Wed, 13 Feb 2013 08:25:34 +0000 (09:25 +0100)]
block/curl: only restrict protocols with libcurl>=7.19.4
The curl_easy_setopt(state->curl, CURLOPT_PROTOCOLS, ...) interface was
introduced in libcurl 7.19.4. Therefore we cannot protect against
CVE-2013-0249 when linking against an older libcurl.
Reported-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Tested-by: Andreas Färber <andreas.faeber@web.de>
Message-id: 1360743934-8337-1-git-send-email-stefanha@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Andreas Färber [Tue, 12 Feb 2013 22:16:06 +0000 (23:16 +0100)]
net: Avoid NULL function pointer dereference on cleanup
The pSeries machine and some other devices don't supply a cleanup
callback. Revert part of 1ceef9f27359cbe92ef124bf74de6f792e71f6fb that
started calling it unconditionally.
Cc: Jason Wang <jasowang@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
Message-id: 1360707366-9271-1-git-send-email-afaerber@suse.de Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Cornelia Huck [Thu, 7 Feb 2013 02:20:51 +0000 (02:20 +0000)]
s390: Fix handling of iscs.
There are two ways to express an interruption subclass:
- As a bitmask, as used in cr6.
- As a number, as used in the I/O interruption word.
Unfortunately, we have treated to I/O interruption word as if it
contained the bitmask as well, which went unnoticed so far as
- (queued-for-next) kvm made the same mistake, and
- Linux guest kernels don't check the isc value in the I/O interruption
word for subchannel interrupts.
Make sure that we treat the I/O interruption word correctly.
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Alexander Graf <agraf@suse.de>
Cornelia Huck [Thu, 7 Feb 2013 02:20:50 +0000 (02:20 +0000)]
s390: Keep I/O interrupts enabled for all iscs.
do_io_interrupt() would stop scanning further iscs if it found
an I/O interrupt it could inject. This might cause the pending
interrupt indication for I/O interrupts to be reset although there
might be queued I/O interrupts for subsequent iscs.
Fix this by reordering the logic: Inject the I/O interrupt immediately
and continue searching all iscs for queued interrupts.
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Alexander Graf <agraf@suse.de>
s390/sclpconsole: prevent char layer callback during initialization
Starting a qemu with an sclp console and pressing a key very early
can result in
"qemu-system-s390x: hw/s390x/sclpconsole.c:60: receive_from_chr_layer:
Assertion `scon->iov' failed."
Lets make sure that the init process is finished, since the iov is
allocated after CHR_EVENT_OPENED by also checking for scon->iov.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Alexander Graf <agraf@suse.de>
Pulled the qdev_create functionality out of xilinx_axiethernet_create() and
pushed it up to the petalogix_ml605_mmu machine model. This makes the ethernet
create+init process consistent with the AXI DMA. Renamed function to
xilinx_axiethernet_init accordingly.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Stefan Hajnoczi [Tue, 12 Feb 2013 09:37:15 +0000 (10:37 +0100)]
block-migration: fix pending() and iterate() return values
The return value of .save_live_pending() is the number of bytes
remaining. This is just an estimate because we do not know how many
blocks will be dirtied by the running guest.
Currently our return value for .save_live_pending() is wrong because it
includes dirty blocks but not in-flight bdrv_aio_readv() requests or
unsent blocks. Crucially, it also doesn't include the bulk phase where
the entire device is transferred - therefore we risk completing block
migration before all blocks have been transferred!
The return value of .save_live_iterate() is the number of bytes
transferred this iteration. Currently we return whether there are bytes
remaining, which is incorrect.
Move the bytes remaining calculation into .save_live_pending() and
really return the number of bytes transferred this iteration in
.save_live_iterate().
Also fix the %ld format specifier which was used for a uint64_t
argument. PRIu64 must be use to avoid warnings on 32-bit hosts.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com>
Message-id: 1360661835-28663-3-git-send-email-stefanha@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Stefan Hajnoczi [Tue, 12 Feb 2013 09:37:14 +0000 (10:37 +0100)]
migration: make qemu_ftell() public and support writable files
Migration .save_live_iterate() functions return the number of bytes
transferred. The easiest way of doing this is by calling qemu_ftell(f)
at the beginning and end of the function to calculate the difference.
Make qemu_ftell() public so that block-migration will be able to use it.
Also adjust the ftell calculation for writable files where buf_offset
does not include buf_size.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com>
Message-id: 1360661835-28663-2-git-send-email-stefanha@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
projects / lisovros / qemu_apohw.git / log