Alexander Graf [Mon, 27 Jan 2014 14:18:09 +0000 (15:18 +0100)]
KVM: Use return value for error print
Commit 94ccff13 introduced a more verbose failure message and retry
operations on KVM VM creation. However, it ended up using a variable
for its failure message that hasn't been initialized yet.
Fix it to use the value it meant to set.
Cc: qemu-stable@nongnu.org Signed-off-by: Alexander Graf <agraf@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 521f438e36b0265d66862e9cd35e4db82686ca9f)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Christoffer Dall [Wed, 26 Feb 2014 17:19:59 +0000 (17:19 +0000)]
hw/intc/arm_gic: Fix GIC_SET_LEVEL
The GIC_SET_LEVEL macro unfortunately overwrote the entire level
bitmask instead of just or'ing on the necessary bits, causing active
level PPIs on a core to clear PPIs on other cores.
Cc: qemu-stable@nongnu.org Reported-by: Rob Herring <rob.herring@linaro.org> Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Message-id: 1393031030-8692-1-git-send-email-christoffer.dall@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 6453fa998a11e133e673c0a613b88484a8231d1d)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
The ethernet device in the musicpal only has two tx queues,
but we modelled it with four CTDP registers, presumably a
cut and paste from the rx queue registers. Since the tx_queue[]
array is only 2 entries long this allowed a guest to overrun
this buffer. Remove the nonexistent registers.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1392737293-10073-1-git-send-email-peter.maydell@linaro.org Acked-by: Jan Kiszka <jan.kiszka@web.de> Cc: qemu-stable@nongnu.org
(cherry picked from commit cf143ad35018c5fc1da6365b45acda2b34aba90a)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Peter Maydell [Wed, 26 Feb 2014 17:19:58 +0000 (17:19 +0000)]
hw/intc/exynos4210_combiner: Don't overrun output_irq array in init
The Exynos4210 combiner has IIC_NIRQ inputs and IIC_NGRP outputs;
use the correct constant in the loop initializing our output
sysbus IRQs so that we don't overrun the output_irq[] array.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1392659611-8439-1-git-send-email-peter.maydell@linaro.org Reviewed-by: Andreas Färber <afaerber@suse.de> Cc: qemu-stable@nongnu.org
(cherry picked from commit fce0a826083e0416981e2ea9518ce5faa75b81a3)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Peter Maydell [Wed, 26 Feb 2014 17:19:58 +0000 (17:19 +0000)]
hw/timer/arm_timer: Avoid array overrun for bad addresses
The integrator's timer read/write functions log an error for
bad addresses in guest accesses, but were falling through and
using an out of bounds array index rather than returning early.
Fix this.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Andreas Färber <afaerber@suse.de>
Message-id: 1392647854-8067-4-git-send-email-peter.maydell@linaro.org Cc: qemu-stable@nongnu.org
(cherry picked from commit cba933b2257ef0ad241756a0ff86bc0acda685ca)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Peter Maydell [Wed, 26 Feb 2014 17:19:57 +0000 (17:19 +0000)]
hw/misc/arm_sysctl: Fix bad boundary check on mb clock accesses
Fix incorrect use of sizeof() rather than ARRAY_SIZE() to guard
accesses into the mb_clock[] array, which was allowing a malicious
guest to overwrite the end of the array.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Andreas Färber <afaerber@suse.de>
Message-id: 1392647854-8067-2-git-send-email-peter.maydell@linaro.org Cc: qemu-stable@nongnu.org
(cherry picked from commit ec1efab95767312ff4afb816d0d4b548e093b031)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
qmp_guest_file_seek() allocates memory for a GuestFileRead object
instead of the GuestFileSeek object it actually uses. Harmless,
because the GuestFileRead is slightly larger.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
(cherry picked from commit 10b7c5dd0da1a92182e87f5fc1887d779ad1a9e8)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Tomoki Sekiyama [Mon, 13 Jan 2014 17:25:39 +0000 (12:25 -0500)]
qga: vss-win32: Fix interference with snapshot deletion by other VSS request
When a VSS requester such as vshadow.exe or diskshadow.exe requests to
delete snapshots, qemu-ga VSS provider's DeleteSnapshots() is also called
and returns E_NOTIMPL, that makes the deletion fail.
To avoid this issue, return S_OK and set values that represent no snapshots
are deleted by qemu-ga VSS provider.
Signed-off-by: Tomoki Sekiyama <tomoki.sekiyama@hds.com> Reviewed-by: Gal Hammer <ghammer@redhat.com> Reviewed-by: Yan Vugenfirer <yvugenfi@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
(cherry picked from commit d9e1f574cb6eac0a3a2f97b67d2e7a3ad9c1dc95)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Tomoki Sekiyama [Mon, 13 Jan 2014 17:25:29 +0000 (12:25 -0500)]
qga: vss-win32: Fix interference with snapshot creation by other VSS requesters
When a VSS requester such as vshadow.exe or diskshadow.exe requests to
create disk snapshots, Windows may choose qemu-ga VSS provider if it is
only provider registered on the system. However, because it provides only a
function to freeze the filesystem, the snapshotting fails.
This patch adds a check into CQGAVssProvider::IsVolumeSupported() to reject
the request from other VSS requesters, so that the other provider is chosen.
The check of requester is done by confirming event channels between
qemu-ga's requester and provider established. To ensure that the events are
initialized when CQGAVssProvider::IsVolumeSupported() is called, it moves
the initialization earlier.
Signed-off-by: Tomoki Sekiyama <tomoki.sekiyama@hds.com> Reviewed-by: Gal Hammer <ghammer@redhat.com> Reviewed-by: Yan Vugenfirer <yvugenfi@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
(cherry picked from commit ff8adbcfdbbd9c0f2b01ff8a32bc75082fdd9844)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Tomoki Sekiyama [Mon, 13 Jan 2014 17:25:23 +0000 (12:25 -0500)]
qga: vss-win32: Use NULL as an invalid pointer for OpenEvent and CreateEvent
OpenEvent and CreateEvent WinAPI return NULL when failed to open/create
events handles, instead of INVALID_HANDLE_VALUE (although their return
types are HANDLE).
This replaces INVALID_HANDLE_VALUE related to event handles with NULL.
Signed-off-by: Tomoki Sekiyama <tomoki.sekiyama@hds.com> Reviewed-by: Gal Hammer <ghammer@redhat.com> Reviewed-by: Yan Vugenfirer <yvugenfi@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
(cherry picked from commit 4c1b8f1e8357d85c613d779596e4079cc581d74f)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Paolo Bonzini [Mon, 2 Dec 2013 09:16:18 +0000 (10:16 +0100)]
adlib: fix patching of port I/O addresses
Commit 2b21fb5 (adlib: sort offsets in portio registration, 2013-08-14)
fixed the offsets in adlib_portio_list, but forgot the matching indices
in adlib_realizefn.
Reported at http://virtuallyfun.superglobalmegacorp.com/?p=3616 by
"neozeed".
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Hervé Poussineau <hpoussin@reactos.org> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 7f0ba7bb4378f22b017e08947219a352d491bac4)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Paolo Bonzini [Fri, 7 Feb 2014 14:47:46 +0000 (15:47 +0100)]
memory: fix limiting of translation at a page boundary
Commit 360e607 (address_space_translate: do not cross page boundaries,
2014-01-30) broke MMIO accesses in cases where the section is shorter
than the full register width. This can happen for example with the
Bochs DISPI registers, which are 16 bits wide but have only a 1-byte
long MemoryRegion (if you write to the "second byte" of the register
your access is discarded; it doesn't write only to half of the register).
Restrict the action of commit 360e607 to direct RAM accesses. This
is enough for Xen, since MMIO will not go through the mapcache.
Reported-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit a87f39543a9259f671c5413723311180ee2ad2a8)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Stefan Weil [Sat, 1 Feb 2014 08:41:09 +0000 (09:41 +0100)]
linux-user: Fix trampoline code for CRIS
__put_user can write bytes, words (2 bytes) or longwords (4 bytes).
Here obviously words should have been written, but bytes were written,
so values like 0x9c5f were truncated to 0x5f.
Fix this by changing retcode from uint8_t to to uint16_t in
target_signal_frame and also in the unused rt_signal_frame.
This problem was reported by static code analysis (smatch).
Cc: qemu-stable@nongnu.org Signed-off-by: Stefan Weil <sw@weilnetz.de> Acked-by: Riku Voipio <riku.voipio@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
(cherry picked from commit 8cfc114a2f293c40077d1bdb7500b29db359ca22)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Stefan Weil [Fri, 31 Jan 2014 22:05:24 +0000 (23:05 +0100)]
i386: Add missing include file for QEMU_PACKED
Instead of packing BiosLinkerLoaderEntry, an unused global variable called
QEMU_PACKED was created (detected by smatch static code analysis).
Including qemu-common.h gets the right definition and also includes some
standard include files which now can be removed here.
Cc: qemu-stable@nongnu.org Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit c428c5a21ce9a9861839ee544afd10638016e3f5)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
which checks if any signals have been raised while it was attaining locks
and returns EINTR. Retrying the system call greatly improves reliability.
Cc: qemu-stable@nongnu.org Signed-off-by: thomas knych <thomaswk@google.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 94ccff133820552a859c0fb95e33a539e0b90a75)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Eric Farman [Tue, 14 Jan 2014 19:16:26 +0000 (14:16 -0500)]
virtio-scsi: Prevent assertion on missed events
In some cases, an unplug can cause events to be dropped, which
leads to an assertion failure when preparing to notify the guest
kernel.
Signed-off-by: Eric Farman <farman@linux.vnet.ibm.com> Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 49fb65c7f985baa56d2964e0a85c1f098e3e2a9d)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Eric Farman [Tue, 14 Jan 2014 19:16:25 +0000 (14:16 -0500)]
virtio-scsi: Cleanup of I/Os that never started
There is still a small window that occurs when a cancel I/O affects
an asynchronous I/O operation that hasn't started. In other words,
when the residual data length equals the expected data length.
Today, the routine virtio_scsi_command_complete fails because the
VirtIOSCSIReq pointer (from the hba_private field in SCSIRequest)
was cleared earlier when virtio_scsi_complete_req was called by
the virtio_scsi_request_cancelled routine. As a result, the
virtio_scsi_command_complete routine needs to simply return when
it is processing a SCSIRequest block that was marked canceled.
Signed-off-by: Eric Farman <farman@linux.vnet.ibm.com> Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit e9c0f0f58ad0a41c3c4b19e1911cfe095afc09ca)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Paolo Bonzini [Wed, 15 Jan 2014 09:35:36 +0000 (10:35 +0100)]
scsi: Assign cancel_io vector for scsi_disk_emulate_ops
Some emulated disk operations (MODE SELECT, UNMAP, WRITE SAME)
can trigger asynchronous I/Os. Provide the cancel_io callback
to ensure that AIOCBs are properly cleaned up.
Signed-off-by: Eric Farman <farman@linux.vnet.ibm.com> Cc: qemu-stable@nongnu.org
[Tweak commit message. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 33325a53f15ab5370e1917b2a11cadffc77c5a52)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Paolo Bonzini [Thu, 16 Jan 2014 12:06:13 +0000 (13:06 +0100)]
scsi: Support TEST UNIT READY in the dummy LUN0
SeaBIOS waits for LUN0 to respond to the TEST UNIT READY command
in order to decide whether it should part of the boot sequence.
If LUN0 does not respond to the command, boot is delayed by up
to 5 seconds. This currently happens when there is no LUN0 on
a target. Fix that by adding a trivial implementation of the
command.
Peter Maydell [Fri, 24 Jan 2014 13:56:17 +0000 (14:56 +0100)]
block/curl: Implement the libcurl timer callback interface
libcurl versions 7.16.0 and later have a timer callback interface which
must be implemented in order for libcurl to make forward progress (it
will sometimes rely on being called back on the timeout if there are
no file descriptors registered). Implement the callback, and use a
QEMU AIO timer to ensure we prod libcurl again when it asks us to.
Based on Peter's original patch plus my fix to add curl_multi_timeout_do.
Should compile just fine even on older versions of libcurl.
Direct http usage is probably too slow, but with copy-on-read ultimately
the image does boot!
After some time, streaming gets canceled by an EIO, which needs further
investigation.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 031fd1be5618c347f9aeb44ec294f14a541e42b2)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Alex Williamson [Fri, 6 Dec 2013 18:16:40 +0000 (11:16 -0700)]
vfio-pci: Release all MSI-X vectors when disabled
We were relying on msix_unset_vector_notifiers() to release all the
vectors when we disable MSI-X, but this only happens when MSI-X is
still enabled on the device. Perform further cleanup by releasing
any remaining vectors listed as in-use after this call. This caused
a leak of IRQ routes on hotplug depending on how the guest OS prepared
the device for removal.
Then the migrate command will always fail from now on:
(qemu) migrate tcp:0:4444
migrate: There's a migration process in progress
The problem is that qmp_migrate() sets the migration status to
MIG_STATE_SETUP and doesn't reset it on syntax error. This bug
was introduced by commit 29ae8a4133082e16970c9d4be09f4b6a15034617.
Reviewed-by: Michael R. Hines <mrhines@us.ibm.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
(cherry picked from commit c950114286ea358a93ce632db0421945e1008395)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Stefan Weil [Sun, 22 Dec 2013 19:42:05 +0000 (20:42 +0100)]
mainstone: Fix duplicate array values for key 'space'
cgcc reported a duplicate initialisation. Mainstone includes a matrix
keyboard where two different positions map to 'space'.
QEMU uses the reversed mapping and does not map 'space' to two different
matrix positions.
Some other keys are either missing or might be mapped wrongly (cf. Linux
kernel code). Don't fix these until someone can test them with real
hardware, but add TODO comments.
Signed-off-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit 7dbc1158bc63fdbad849d21409eeeb53f5230445)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Cornelia Huck [Tue, 17 Dec 2013 17:27:33 +0000 (18:27 +0100)]
s390x/kvm: Fix diagnose handling.
The instruction intercept handler for diagnose used only the displacement
when trying to calculate the function code. This is only correct for base
0, however; we need to perform a complete base/displacement address
calculation and use bits 48-63 as the function code.
Reviewed-by: Thomas Huth <thuth@linux.vnet.ibm.com> Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com> Signed-off-by: Alexander Graf <agraf@suse.de>
(cherry picked from commit 638129ff475dd3b4c0e57e0be598efe41461e9b3)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
I checked all qemu_opts_parse() invocations (and all drive_def()
invocations too, because it blindly forwards the former's retval). Only
the two above examples look problematic.
Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1385658779-7529-1-git-send-email-lersek@redhat.com Signed-off-by: Anthony Liguori <aliguori@amazon.com>
(cherry picked from commit f46e720a82ccdf1a521cf459448f3f96ed895d43)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Peter Lieven [Sat, 14 Dec 2013 16:31:40 +0000 (17:31 +0100)]
block/iscsi: use a bh to schedule co reentrance
this fixes a potential segfault and performance regression.
If the coroutine is reentered directly in the iscsi_co_generic_cb
iscsi_process_{read,write} are interrupted and reentered any
time later. One the one hand this could happen after an iscsi_close
where the iscsi context is already gone (segfault). On the
other hand this limits the number of processed callbacks
in each aio_dispatch to one (potential performance regression).
Cc: qemu-stable@nongnu.org Signed-off-by: Peter Lieven <pl@kamp.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 8b9dfe9098d91e06a3dd6376624307fe5fa13be8)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
tcg/optimize: fix known-zero bits for right shift ops
32-bit versions of sar and shr ops should not propagate known-zero bits
from the unused 32 high bits. For sar it could even lead to wrong code
being generated.
Cc: qemu-stable@nongnu.org Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Richard Henderson <rth@twiddle.net>
(cherry picked from commit e46b225a3137e62c975c49aaae7bb5f9583cc428)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Brad [Wed, 11 Dec 2013 00:49:08 +0000 (19:49 -0500)]
Fix QEMU build on OpenBSD on x86 archs
This resolves the build issue with building the ROMs on OpenBSD on x86 archs.
As of OpenBSD 5.3 the compiler builds PIE binaries by default and thus the
whole OS/packages and so forth. The ROMs need to have PIE disabled.
Check in configure whether the compiler supports the flags for disabling
PIE, and if it does then use them for building the ROMs. This fixes the
following buildbot failure:
>From the OpenBSD buildbots..
Building optionrom/multiboot.img
ld: multiboot.o: relocation R_X86_64_16 can not be used when making a shared object; recompile with -fPIC
Signed-off by: Brad Smith <brad@comstyle.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 46eef33b89e936ca793e13c4aeea1414e97e8dbb)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Petar Jovanovic [Wed, 30 Oct 2013 13:46:31 +0000 (14:46 +0100)]
linux-user: create target_structs header to place ipc_perm and shmid_ds
Creating target_structs header in linux-user/$arch/ and making
target_ipc_perm and target_shmid_ds its first inhabitants.
The struct defintions may/should be further fine-tuned by arch maintainers.
Signed-off-by: Petar Jovanovic <petar.jovanovic@imgtec.com> Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
(cherry picked from commit 55a2b1631fb343edac4a2d4596c72e58ee1372b3)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Petar Jovanovic [Fri, 29 Nov 2013 16:27:42 +0000 (17:27 +0100)]
target-mips: fix 64-bit FPU config for user-mode emulation
FR bit should be initialized to 1 for MIPS64, under condition that this
bit is writable and that CPU has an FPU unit. It should be initialized to
zero for MIPS32.
This fixes different MIPS32 issues with FPU instructions whose behaviour
defaulted to 64-bit FPU mode.
Signed-off-by: Petar Jovanovic <petar.jovanovic@imgtec.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 4d66261f71f2efa31e1052e4041c5ee505572fe5)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Gerd Hoffmann [Sat, 21 Dec 2013 02:02:50 +0000 (03:02 +0100)]
piix: fix 32bit pci hole
Make the 32bit pci hole start at end of ram, so all possible address
space is covered.
We used to try and make addresses aligned so they are easier to cover
with MTRRs, but since they are cosmetic on KVM, this is probably not
worth worrying about.
Of course the firmware can use less than that. Leaving space unused is
no problem, mapping pci bars outside the hole causes problems though.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit ddaaefb4dd427d6d2e41c1cfbe0cd8d8e8d6aad9)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
pc: map PCI address space as catchall region for not mapped addresses
With a help of negative memory region priority PCI address space
is mapped underneath RAM regions effectively catching every access
to addresses not mapped by any other region.
It simplifies PCI address space mapping into system address space.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Igor Mammedov <imammedo@redhat.com>
(cherry picked from commit 83d08f2673504a299194dcac1657a13754b5932a)
exec: separate sections and nodes per address space
Every address space has its own nodes and sections, but
it uses the same global arrays of nodes/section.
This limits the number of devices that can be attached
to the guest to 20-30 devices. It happens because:
- The sections array is limited to 2^12 entries.
- The main memory has at least 100 sections.
- Each device address space is actually an alias to
main memory, multiplying its number of nodes/sections.
Remove the limitation by using separate arrays of
nodes and sections for each address space.
Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 53cb28cbfea038f8ad50132dc8a684e638c7d48b)
Paolo Bonzini [Thu, 7 Nov 2013 16:14:36 +0000 (17:14 +0100)]
split definitions for exec.c and translate-all.c radix trees
The exec.c and translate-all.c radix trees are quite different, and
the exec.c one in particular is not limited to the CPU---it can be
used also by devices that do DMA, and in that case the address space
is not limited to TARGET_PHYS_ADDR_SPACE_BITS bits.
We want to make exec.c's radix trees 64-bit wide. As a first step,
stop sharing the constants between exec.c and translate-all.c.
exec.c gets P_L2_* constants, translate-all.c gets V_L2_*, for
consistency with the existing V_L1_* symbols. Though actually
in the softmmu case translate-all.c is also indexed by physical
addresses...
This patch has no semantic change.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 03f4995781a64e106e6f73864a1e9c4163dac53b)
qdev-monitor: Avoid device_add crashing on non-device driver name
Watch this:
$ upstream-qemu -nodefaults -S -display none -monitor stdio
QEMU 1.7.50 monitor - type 'help' for more information
(qemu) device_add rng-egd
/work/armbru/qemu/qdev-monitor.c:491:qdev_device_add: Object 0x2089b00 is not an instance of type device
Aborted (core dumped)
Crashes because "rng-egd" exists, but isn't a subtype of TYPE_DEVICE.
Broken in commit 18b6dad.
Cc: qemu-stable@nongnu.org Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
(cherry picked from commit 061e84f7a469ad1f94f3b5f6a5361b346ab990e8)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Alexander Graf [Fri, 6 Dec 2013 12:52:24 +0000 (13:52 +0100)]
x86: only allow real mode to access 32bit without LMA
When we're running in non-64bit mode with qemu-system-x86_64 we can
still end up with virtual addresses that are above the 32bit boundary
if a segment offset is set up.
GNU Hurd does exactly that. It sets the segment offset to 0x80000000 and
puts its EIP value to 0x8xxxxxxx to access low memory.
This doesn't hit us when we enable paging, as there we just mask away the
unused bits. But with real mode, we assume that vaddr == paddr which is
wrong in this case. Real hardware wraps the virtual address around at the
32bit boundary. So let's do the same.
This fixes booting GNU Hurd in qemu-system-x86_64 for me.
Reported-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Alexander Graf <agraf@suse.de> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit 33dfdb56f2f3c8686d218395b871ec12fd5bf30b)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Matthew Garrett [Mon, 25 Nov 2013 19:42:43 +0000 (14:42 -0500)]
migration: Fix rate limit
The migration thread appears to want to allow writeout to occur at full
speed rather than being rate limited during completion of state saving,
but sets the limit to INT_MAX when xfer_limit is INT64_MAX. This causes
problems if there's more than 2GB of state left to save at this point. It
probably ought to just be INT64_MAX instead.
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
(cherry picked from commit 40596834c0d57a223124a956ccbe39dfeadc9f0e)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
The object-cast and class-cast caches cannot be shared because class
caching is conditional on the target type not being an interface and
object caching is unconditional. Leads to a bug when a class cast
to an interface follows an object cast to the same interface type:
Where TYPE_FOO is an interface. The first (object) cast will be
successful and cache the casting result (i.e. TYPE_FOO will be cached).
The second (class) cast will then check the shared cast cache
and register a hit. The issue is, when a class cast hits in the cache
it just returns a pointer cast of the input class (i.e. the concrete
class).
When casting to an interface, the cast itself must return the
interface class, not the concrete class. The implementation of class
cast caching already ensures that the returned cast result is only
a pointer cast before caching. The object cast logic however does
not have this check.
Resolve by just splitting the object and class caches.
Cc: qemu-stable@nongnu.org Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Tested-by: Nathan Rossi <nathan.rossi@xilinx.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@gmail.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
(cherry picked from commit 0ab4c94c844cb3953adedbd27adc378b3cf31d9e)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
memory.c: bugfix - ref counting mismatch in memory_region_find
'address_space_get_flatview' gets a reference to a FlatView.
If the flatview lookup fails, the code returns without
"unreferencing" the view.
Cc: qemu-stable@nongnu.org Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 6307d974f9a28bb6652352f52da97f820427d29d)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Gerd Hoffmann [Fri, 29 Nov 2013 13:25:33 +0000 (14:25 +0100)]
intel-hda: fix position buffer
Fix position buffer updates to use the correct stream offset.
Without this patch both IN (record) and OUT (playback) streams
will update the IN buffer positions. The linux kernel notices
and complains:
hda-intel: Invalid position buffer, using LPIB read method instead.
The bug may also lead to glitches when recording and playing
at the same time:
https://bugzilla.redhat.com/show_bug.cgi?id=947785
Paolo Bonzini [Thu, 28 Nov 2013 10:18:56 +0000 (11:18 +0100)]
scsi-disk: fix VERIFY emulation
VERIFY emulation was completely botched (and remained botched through
all the refactorings). The command must be emulated both in check-medium
mode (BYTCHK=00, which we implement by doing nothing) and in check-bytes
mode (which we do not implement yet). Unlike WRITE AND VERIFY (which we
treat simply as WRITE with FUA bit set), VERIFY cannot be handled like
READ. In fact the device is _receiving_ data for VERIFY, not _sending_
it like READ.
Cc: qemu-stable@nongnu.org Tested-by: Hervé Poussineau <hpoussin@reactos.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit d97e7730816094a71cd1f19a56d7a73f77cdbf96)
Conflicts:
hw/scsi/scsi-disk.c
*fixed up WRITE_SAME_* conflicts due to 84f94a9a not being in 1.7.0
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Paolo Bonzini [Fri, 20 Sep 2013 12:10:26 +0000 (14:10 +0200)]
virtio-pci: add device_unplugged callback
This fixes a crash in hot-unplug of virtio-pci devices behind a PCIe
switch. The crash happens because the ioeventfd is still set whent the
child is destroyed (destruction happens in postorder). Then the proxy
tries to unset to ioeventfd, but the virtqueue structure that holds the
EventNotifier has been trashed in the meanwhile. kvm_set_ioeventfd_pio
does not expect failure and aborts.
The fix is simply to move parts of uninitialization to a new
device_unplugged callback, which is called before the child is destroyed.
Cc: qemu-stable@nongnu.org Acked-by: Andreas Faerber <afaerber@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 06a1307379fcd6c551185ad87679cd7ed896b9ea)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Paolo Bonzini [Fri, 20 Sep 2013 12:06:08 +0000 (14:06 +0200)]
virtio-rng: switch exit callback to VirtioDeviceClass
This ensures hot-unplug is handled properly by the proxy, and avoids
leaking bus_name which is freed by virtio_device_exit.
Cc: qemu-stable@nongnu.org Acked-by: Andreas Faerber <afaerber@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 7bb6edb0e3dd78d74e0ac980cf6c0a07307f61bf)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Paolo Bonzini [Fri, 20 Sep 2013 12:06:08 +0000 (14:06 +0200)]
virtio-balloon: switch exit callback to VirtioDeviceClass
This ensures hot-unplug is handled properly by the proxy, and avoids
leaking bus_name which is freed by virtio_device_exit.
Cc: qemu-stable@nongnu.org Acked-by: Andreas Faerber <afaerber@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit baa61b9870dd7e0bb07e0ae61c6ec805db13f699)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Paolo Bonzini [Fri, 20 Sep 2013 12:06:08 +0000 (14:06 +0200)]
virtio-scsi: switch exit callback to VirtioDeviceClass
This ensures hot-unplug is handled properly by the proxy, and avoids
leaking bus_name which is freed by virtio_device_exit.
Cc: qemu-stable@nongnu.org Acked-by: Andreas Faerber <afaerber@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit e3c9d76acc984218264bbc6435b0c09f959ed9b8)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Paolo Bonzini [Fri, 20 Sep 2013 12:06:08 +0000 (14:06 +0200)]
virtio-net: switch exit callback to VirtioDeviceClass
This ensures hot-unplug is handled properly by the proxy, and avoids
leaking bus_name which is freed by virtio_device_exit.
Cc: qemu-stable@nongnu.org Acked-by: Andreas Faerber <afaerber@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 3786cff5eb384d058395a2729af627fa3253d056)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Paolo Bonzini [Fri, 20 Sep 2013 12:05:56 +0000 (14:05 +0200)]
virtio-serial: switch exit callback to VirtioDeviceClass
This ensures hot-unplug is handled properly by the proxy, and avoids
leaking bus_name which is freed by virtio_device_exit.
Cc: qemu-stable@nongnu.org Acked-by: Andreas Faerber <afaerber@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 0e86c13fe2058adb8c792ebb7c51a6a7ca9d3d55)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Paolo Bonzini [Fri, 20 Sep 2013 12:05:42 +0000 (14:05 +0200)]
virtio-blk: switch exit callback to VirtioDeviceClass
This ensures hot-unplug is handled properly by the proxy, and avoids
leaking bus_name which is freed by virtio_device_exit.
Cc: qemu-stable@nongnu.org Acked-by: Andreas Faerber <afaerber@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 40dfc16f5fe0afb66f9436718781264dfadb6c61)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Paolo Bonzini [Fri, 20 Sep 2013 11:59:08 +0000 (13:59 +0200)]
virtio-bus: cleanup plug/unplug interface
Right now we have these pairs:
- virtio_bus_plug_device/virtio_bus_destroy_device. The first
takes a VirtIODevice, the second takes a VirtioBusState
- device_plugged/device_unplug callbacks in the VirtioBusClass
(here it's just the naming that is inconsistent)
- virtio_bus_destroy_device is not called by anyone (and since
it calls qdev_free, it would be called by the proxies---but
then the callback is useless since the proxies can do whatever
they want before calling virtio_bus_destroy_device)
And there is a k->init but no k->exit, hence virtio_device_exit is
overwritten by subclasses (except virtio-9p). This cleans it up by:
- renaming the device_unplug callback to device_unplugged
- renaming virtio_bus_plug_device to virtio_bus_device_plugged,
matching the callback name
- renaming virtio_bus_destroy_device to virtio_bus_device_unplugged,
removing the qdev_free, making it take a VirtIODevice and calling it
from virtio_device_exit
- adding a k->exit callback
virtio_device_exit is still overwritten, the next patches will fix that.
Cc: qemu-stable@nongnu.org Acked-by: Andreas Faerber <afaerber@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 5e96f5d2f8d2696ef7d2d8d7282c18fa6023470b)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Paolo Bonzini [Fri, 20 Sep 2013 11:36:40 +0000 (13:36 +0200)]
virtio-pci: remove vdev field
The vdev field is complicated to synchronize. Just access the
BusState's list of children.
Cc: qemu-stable@nongnu.org Acked-by: Andreas Faerber <afaerber@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit a3fc66d9fd37acbfcee013692246a8ae42bd93bb)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Paolo Bonzini [Fri, 20 Sep 2013 11:31:39 +0000 (13:31 +0200)]
virtio-bus: remove vdev field
The vdev field is complicated to synchronize. Just access the
BusState's list of children.
Cc: qemu-stable@nongnu.org Acked-by: Andreas Faerber <afaerber@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 06d3dff0723c712a4b109ced4243edf49ef850af)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Paolo Bonzini [Tue, 15 Oct 2013 14:47:16 +0000 (16:47 +0200)]
virtio-ccw: move virtio_ccw_stop_ioeventfd to virtio_ccw_busdev_unplug
Similar to the PCI bug that prompted these patches, virtio-ccw will
segfault after the reworking of hotplug/hot-unplug. Prepare for
this by moving virtio_ccw_stop_ioeventfd to before the freeing
of the proxy device.
A better place for this could be the device_unplugged callback
for the virtio-ccw bus. However, we do not yet have a callback
that works: this patch avoids the problem while leaving the tree
bisectable.
Cc: qemu-stable@nongnu.org Reported-by: Cornelia Huck <cornelia.huck@de.ibm.com> Suggested-by: Cornelia Huck <cornelia.huck@de.ibm.com> Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com> Acked-by: Andreas Faerber <afaerber@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 0b81c1ef5c677c2a07be5f8bf0dfe2c62ef52115)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Max Reitz [Mon, 25 Nov 2013 19:28:56 +0000 (20:28 +0100)]
qemu-iotests: Fix test 041
Performing multiple drive-mirror blockjobs on the same qemu instance
results in the image file used for the block device being replaced by
the newly mirrored file, which is not what we want.
Fix this by performing one dedicated test per sync mode.
Signed-off-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1385407736-13941-3-git-send-email-mreitz@redhat.com Signed-off-by: Anthony Liguori <aliguori@amazon.com>
Max Reitz [Mon, 25 Nov 2013 19:28:55 +0000 (20:28 +0100)]
block/drive-mirror: Reuse backing HD for sync=none
For "none" sync mode in "absolute-paths" mode, the current image should
be used as the backing file for the newly created image.
The current behavior is:
a) If the image to be mirrored has a backing file, use that (which is
wrong, since the operations recorded by "none" are applied to the
image itself, not to its backing file).
b) If the image to be mirrored lacks a backing file, the target doesn't
have one either (which is not really wrong, but not really right,
either; "none" records a set of operations executed on the image
file, therefore having no backing file to apply these operations on
seems rather pointless).
For a, this is clearly a bugfix. For b, it is still a bugfix, although
it might break existing API - but since that case crashed qemu just
three weeks ago (before 1452686495922b81d6cf43edf025c1aef15965c0), we
can safely assume there is no such API relying on that case yet.
Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1385407736-13941-2-git-send-email-mreitz@redhat.com Signed-off-by: Anthony Liguori <aliguori@amazon.com>
Stefan Weil [Mon, 25 Nov 2013 19:54:17 +0000 (20:54 +0100)]
qga: Fix two format strings for MinGW
Both code locations cause a compiler warning. Using "%s" instead of "%lu"
would result in a program crash if the wrong code were executed.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Message-id: 1385409257-2522-1-git-send-email-sw@weilnetz.de Signed-off-by: Anthony Liguori <aliguori@amazon.com>
Alexander Graf [Mon, 25 Nov 2013 21:46:55 +0000 (22:46 +0100)]
PPC: BookE: Make FIT/WDT timers at best millisecond grained
The default granularity for the FIT timer on 440 is on every 0x1000th
transition of TB from 0 to 1. Translated that means 48828 times a second.
Since interrupts are quite expensive for 440 and we don't really care
about the accuracy of the FIT to that significance, let's force FIT and
WDT to at best millisecond granularity.
This basically restores behavior as it was in QEMU 1.6, where timers
could only deal with millisecond granularities at all.
This patch greatly improves performance with the 440 target and restores
roughly the same performance level that QEMU 1.6 had for me.
Signed-off-by: Alexander Graf <agraf@suse.de>
Message-id: 1385416015-22775-3-git-send-email-agraf@suse.de Signed-off-by: Anthony Liguori <aliguori@amazon.com>
Alexander Graf [Mon, 25 Nov 2013 21:46:54 +0000 (22:46 +0100)]
PPC: Make BookE FIT/WDT timers more lazy
Today we fire FIT and WDT timer events every time the respective bit
position in TB flips from 0 -> 1.
However, there is no need to do this if the end result would be that
we're changing a TSR bit that is set to 1 to 1 again. No guest visible
change would have occured.
So whenever we see that the TSR bit to our timer is already set, don't
even bother to update the timer that would potentially fire it off.
However, we do need to make sure that we update our timer that notifies
us of the TB flip when the respective TSR bit gets unset. In that case
we do care about the flip and need to notify the guest again. So add
a callback into our timer handlers when TSR bits get unset.
This improves performance for me when the guest is busy processing things.
Signed-off-by: Alexander Graf <agraf@suse.de>
Message-id: 1385416015-22775-2-git-send-email-agraf@suse.de Signed-off-by: Anthony Liguori <aliguori@amazon.com>
glib < 2.22 does not have g_array_get_element_size,
limit it's use (to check all elements are 1 byte
in size) to newer glib.
This fixes build on RHEL 5.3.
Reported-by: Richard Henderson <rth@redhat.com> Reported-by: Erik Rull <erik.rull@rdsoftware.de> Tested-by: Richard Henderson <rth@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 20131125220039.GA16386@redhat.com Signed-off-by: Anthony Liguori <aliguori@amazon.com>
Anthony Liguori [Mon, 25 Nov 2013 17:49:42 +0000 (09:49 -0800)]
Merge remote-tracking branch 'mst/tags/for_anthony' into staging
pc very last minute fixes for 1.7
This has a fix for a crasher bug with pci bridges,
boot failure fix for s390 on 32 bit hosts,
and fixes build for hosts with old glib.
There's also a fix for --iasl configure flag - it can be used
to work around broken iasl on some systems either
by using a non-standard iasl or by disabling it.
I've also reverted a e1000/rtl mac programming change
that seems slightly wrong and too risky for 1.8.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Mon 25 Nov 2013 03:40:07 AM PST using RSA key ID D28D5469
# gpg: Can't check signature: public key not found
# By Michael S. Tsirkin (5) and Bandan Das (1)
# Via Michael S. Tsirkin
* mst/tags/for_anthony:
configure: make --iasl option actually work
Revert "e1000/rtl8139: update HMP NIC when every bit is written"
acpi-build: fix build on glib < 2.14
acpi-build: fix build on glib < 2.22
pci: unregister vmstate_pcibus on unplug
s390x: fix flat file load on 32 bit systems
Message-id: 1385379990-32093-1-git-send-email-mst@redhat.com Signed-off-by: Anthony Liguori <aliguori@amazon.com>
Anthony Liguori [Mon, 25 Nov 2013 17:41:24 +0000 (09:41 -0800)]
Merge remote-tracking branch 'bonzini/tags/for-anthony' into staging
Here are a bunch of 1.7-tagged patches that I was afraid
were getting forgotten or that did not have a clear maintainer responsible
for making a pull request.
# gpg: Signature made Thu 21 Nov 2013 08:40:59 AM PST using RSA key ID 9B4D86F2
# gpg: Can't check signature: public key not found
# By Peter Maydell (3) and others
# Via Paolo Bonzini
* bonzini/tags/for-anthony:
qga: Fix compiler warnings (missing format attribute, wrong format strings)
mips jazz: do not raise data bus exception when accessing invalid addresses
target-i386: yield to another VCPU on PAUSE
rng-egd: offset the point when repeatedly read from the buffer
rng-egd: remove redundant free
target-i386: Fix build by providing stub kvm_arch_get_supported_cpuid()
vfio-pci: Fix multifunction=on
atomic.h: Fix build with clang
pc: get rid of builtin pvpanic for "-M pc-1.5"
configure: Explicitly set ARFLAGS so we can build with GNU Make 4.0
sun4m: Add FCode ROM for TCX framebuffer
Message-id: 1385052578-32352-1-git-send-email-pbonzini@redhat.com Signed-off-by: Anthony Liguori <aliguori@amazon.com>
Tomoki Sekiyama [Fri, 1 Nov 2013 21:47:25 +0000 (17:47 -0400)]
qemu-ga: vss-win32: Install VSS provider COM+ application service
Currently, qemu-ga for Windows fails to execute guset-fsfreeze-freeze when
no user is logging in to Windows, with an error message:
{"error":{"class":"GenericError",
"desc":"failed to add C:\\ to snapshotset: (error: 8004230f)"}}
To enable guest-fsfreeze-freeze/thaw without logging in users, this installs
a service to execute qemu-ga VSS provider COM+ application that has full
access privileges to the local system. The service will automatically be
removed when the COM+ application is deregistered.
This patch replaces ICOMAdminCatalog interface with ICOMAdminCatalog2
interface that contains CreateServiceForApplication() method in addition.
Signed-off-by: Tomoki Sekiyama <tomoki.sekiyama@hds.com> Reviewed-by: Gal Hammer <ghammer@redhat.com> Reviewed-by: Yan Vugenfirer <yvugenfi@redhat.com> Tested-by: Yan Vugenfirer <yvugenfi@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Vlad Yasevich [Fri, 8 Nov 2013 02:13:09 +0000 (21:13 -0500)]
qdev-properties-system.c: Allow vlan or netdev for -device, not both
It is currently possible to specify things like:
-device e1000,netdev=foo,vlan=1
With this usage, whichever argument was specified last (vlan or netdev)
overwrites what was previousely set and results in a non-working
configuration. Even worse, when used with multiqueue devices,
it causes a segmentation fault on exit in qemu_free_net_client.
That patch treates the above command line options as invalid and
generates an error at start-up.
Signed-off-by: Vlad Yasevich <vyasevic@redhat.com> Acked-by: Jason Wang <jasowang@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Weil [Sun, 17 Nov 2013 18:19:52 +0000 (19:19 +0100)]
qga: Fix compiler warnings (missing format attribute, wrong format strings)
gcc 4.8.2 reports this warning when extra warnings are enabled (-Wextra):
CC qga/commands.o
qga/commands.c: In function ‘slog’:
qga/commands.c:28:5: error:
function might be possible candidate for ‘gnu_printf’ format attribute [-Werror=suggest-attribute=format]
g_logv("syslog", G_LOG_LEVEL_INFO, fmt, ap);
^
gcc 4.8.2 reports this warning when slog is declared with the
gnu_printf format attribute:
qga/commands-posix.c: In function ‘qmp_guest_file_open’:
qga/commands-posix.c:404:5: warning:
format ‘%d’ expects argument of type ‘int’, but argument 2 has type ‘int64_t’ [-Wformat=]
slog("guest-file-open, handle: %d", handle);
^
On 32 bit hosts there are three more warnings which are also fixed here.
Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
mips jazz: do not raise data bus exception when accessing invalid addresses
MIPS Jazz chipset doesn't seem to raise data bus exceptions on invalid accesses.
However, there is no easy way to prevent them. Creating a big memory region
for the whole address space doesn't prevent memory core to directly call
unassigned_mem_read/write which in turn call cpu->do_unassigned_access,
which (for MIPS CPU) raise an data bus exception.
Paolo Bonzini [Wed, 20 Nov 2013 11:54:02 +0000 (12:54 +0100)]
target-i386: yield to another VCPU on PAUSE
After commit b1bbfe7 (aio / timers: On timer modification, qemu_notify
or aio_notify, 2013-08-21) FreeBSD guests report a huge slowdown.
The problem shows up as soon as FreeBSD turns out its periodic (~1 ms)
tick, but the timers are only the trigger for a pre-existing problem.
Before the offending patch, setting a timer did a timer_settime system call.
After, setting the timer exits the event loop (which uses poll) and
reenters it with a new deadline. This does not cause any slowdown; the
difference is between one system call (timer_settime and a signal
delivery (SIGALRM) before the patch, and two system calls afterwards
(write to a pipe or eventfd + calling poll again when re-entering the
event loop).
Unfortunately, the exit/enter causes the main loop to grab the iothread
lock, which in turns kicks the VCPU thread out of execution. This
causes TCG to execute the next VCPU in its round-robin scheduling of
VCPUS. When the second VCPU is mostly unused, FreeBSD runs a "pause"
instruction in its idle loop which only burns cycles without any
progress. As soon as the timer tick expires, the first VCPU runs
the interrupt handler but very soon it sets it again---and QEMU
then goes back doing nothing in the second VCPU.
The fix is to make the pause instruction do "cpu_loop_exit".
Reported-by: Luigi Rizzo <rizzo@iet.unipi.it> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Peter Maydell [Wed, 13 Nov 2013 23:09:07 +0000 (23:09 +0000)]
target-i386: Fix build by providing stub kvm_arch_get_supported_cpuid()
Fix build failures with clang when KVM is not enabled by
providing a stub version of kvm_arch_get_supported_cpuid().
We retain the compile time check that this function isn't
called when CONFIG_KVM is not set by guarding the stub with
ifndef __OPTIMIZE__ (we assume that an optimizing build will
do sufficient constant folding and dead code elimination to
remove the calls before linking).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Alex Williamson [Tue, 12 Nov 2013 18:53:24 +0000 (11:53 -0700)]
vfio-pci: Fix multifunction=on
When an assigned device is initialized it copies the device config
space into the emulated config space. Unfortunately multifunction is
setup prior to the device initfn and gets clobbered. We need to
restore it just like pci-assign does.
Cc: qemu-stable@nongnu.org Signed-off-by: Alex Williamson <alex.williamson@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Peter Maydell [Tue, 22 Oct 2013 09:58:41 +0000 (10:58 +0100)]
atomic.h: Fix build with clang
clang defines __ATOMIC_SEQ_CST but its implementation of the
__atomic_exchange() builtin differs from that of gcc. Move the
__clang__ branch of the ifdef ladder to the top and fix its
implementation (there is no such builtin as __sync_exchange),
so we can compile with clang again.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Mon, 4 Nov 2013 13:30:48 +0000 (14:30 +0100)]
pc: get rid of builtin pvpanic for "-M pc-1.5"
This causes two slight backwards-incompatibilities between "-M pc-1.5"
and 1.5's "-M pc":
(1) a fw_cfg file is removed with this patch. This is only a problem
if migration stops the virtual machine exactly during fw_cfg enumeration.
(2) after migration, a VM created without an explicit "-device pvpanic"
will stop reporting panics to management.
The first problem only occurs if migration is done at a very, very
early point (and I'm not sure it can happen in practice for reasonable-size
VMs, since it will likely take more time to send the RAM to destination,
than it will take for BIOS to scan fw_cfg).
The second problem only occurs if the guest panics _and_ has a guest
driver _and_ management knows to look at the crash event, so it is
mostly theoretical at this point in time.
Thus keep the code simple, and pretend it was never broken.
Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Peter Maydell [Mon, 21 Oct 2013 20:03:06 +0000 (21:03 +0100)]
configure: Explicitly set ARFLAGS so we can build with GNU Make 4.0
Our rules.mak adds '-rR' to MAKEFLAGS to indicate that we will be
explicitly specifying everything and not relying on any default
variables or rules. However we were accidentally relying on the
default ARFLAGS ("rv"). This went unnoticed because of a bug in
GNU Make 3.82 and earlier which meant that adding -rR to MAKEFLAGS
only affected submakes, not the currently running instance.
Explicitly set ARFLAGS in config-host.mak, in the same way we
handle CFLAGS and LDFLAGS; this will allow us to work with
Make 4.0.
Thanks to Paul Smith for analyzing this bug for us.
Cc: qemu-stable@nongnu.org Reported-by: Ken Moffat <zarniwhoop@ntlworld.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Upstream OpenBIOS now implements SBus probing in order to determine the
contents of a physical bus slot, which is required to allow OpenBIOS to
identify the framebuffer without help from the fw_cfg interface.
SBus probing works by detecting the presence of an FCode program
(effectively tokenised Forth) at the base address of each slot, and if
present executes it so that it creates its own device node in the
OpenBIOS device tree.
The FCode ROM is generated as part of the OpenBIOS build and should
generally be updated at the same time.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> CC: Blue Swirl <blauwirbel@gmail.com> CC: Bob Breuer <breuerr@mc.net> CC: Artyom Tarasenko <atar4qemu@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Alex Williamson [Tue, 12 Nov 2013 18:53:24 +0000 (11:53 -0700)]
vfio-pci: Fix multifunction=on
When an assigned device is initialized it copies the device config
space into the emulated config space. Unfortunately multifunction is
setup prior to the device initfn and gets clobbered. We need to
restore it just like pci-assign does.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com> Reviewed-by: Bandan Das <bsd@redhat.com>
Message-id: 20131112185059.7262.33780.stgit@bling.home Cc: qemu-stable@nongnu.org Signed-off-by: Anthony Liguori <aliguori@amazon.com>
In addition, reduce ifdeffery and minimize the number of TCG ops
produced during address computation.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Message-id: 1384219016-5170-1-git-send-email-rth@twiddle.net Signed-off-by: Anthony Liguori <aliguori@amazon.com>
Peter Maydell [Tue, 22 Oct 2013 09:58:41 +0000 (10:58 +0100)]
atomic.h: Fix build with clang
clang defines __ATOMIC_SEQ_CST but its implementation of the
__atomic_exchange() builtin differs from that of gcc. Move the
__clang__ branch of the ifdef ladder to the top and fix its
implementation (there is no such builtin as __sync_exchange),
so we can compile with clang again.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1382435921-18438-1-git-send-email-peter.maydell@linaro.org Signed-off-by: Anthony Liguori <aliguori@amazon.com>
Paolo Bonzini [Tue, 19 Nov 2013 16:49:46 +0000 (17:49 +0100)]
target-i386: do not override nr_cores for -cpu host
Commit 787aaf5 (target-i386: forward CPUID cache leaves when -cpu host is
used, 2013-09-02) brings bits 31..26 of CPUID leaf 04h out of sync with
the APIC IDs that QEMU reserves for each package. This number must come
from "-smp" options rather than from the host CPUID.
It also turns out that this unsyncing makes Windows Server 2012R2 fail
to boot.
Tested-by: Peter Lieven <pl@kamp.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Benoit Canet <benoit@irqsave.net> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Message-id: 1384879786-6721-1-git-send-email-pbonzini@redhat.com Signed-off-by: Anthony Liguori <aliguori@amazon.com>
mips jazz: do not raise data bus exception when accessing invalid addresses
MIPS Jazz chipset doesn't seem to raise data bus exceptions on invalid accesses.
However, there is no easy way to prevent them. Creating a big memory region
for the whole address space doesn't prevent memory core to directly call
unassigned_mem_read/write which in turn call cpu->do_unassigned_access,
which (for MIPS CPU) raise an data bus exception.
Paolo Bonzini [Wed, 20 Nov 2013 11:54:02 +0000 (12:54 +0100)]
target-i386: yield to another VCPU on PAUSE
After commit b1bbfe7 (aio / timers: On timer modification, qemu_notify
or aio_notify, 2013-08-21) FreeBSD guests report a huge slowdown.
The problem shows up as soon as FreeBSD turns out its periodic (~1 ms)
tick, but the timers are only the trigger for a pre-existing problem.
Before the offending patch, setting a timer did a timer_settime system call.
After, setting the timer exits the event loop (which uses poll) and
reenters it with a new deadline. This does not cause any slowdown; the
difference is between one system call (timer_settime and a signal
delivery (SIGALRM) before the patch, and two system calls afterwards
(write to a pipe or eventfd + calling poll again when re-entering the
event loop).
Unfortunately, the exit/enter causes the main loop to grab the iothread
lock, which in turns kicks the VCPU thread out of execution. This
causes TCG to execute the next VCPU in its round-robin scheduling of
VCPUS. When the second VCPU is mostly unused, FreeBSD runs a "pause"
instruction in its idle loop which only burns cycles without any
progress. As soon as the timer tick expires, the first VCPU runs
the interrupt handler but very soon it sets it again---and QEMU
then goes back doing nothing in the second VCPU.
The fix is to make the pause instruction do "cpu_loop_exit".
Cc: Richard Henderson <rth@twiddle.net> Reported-by: Luigi Rizzo <rizzo@iet.unipi.it> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1384948442-24217-1-git-send-email-pbonzini@redhat.com Signed-off-by: Anthony Liguori <aliguori@amazon.com>
Amos Kong [Thu, 21 Nov 2013 08:42:50 +0000 (16:42 +0800)]
rng-egd: remove redundant free
We didn't set default chr_name, the free is redundant.
Signed-off-by: Amos Kong <akong@redhat.com>
Message-id: 1385023371-8198-2-git-send-email-akong@redhat.com Signed-off-by: Anthony Liguori <aliguori@amazon.com>
Amos Kong [Thu, 21 Nov 2013 10:53:23 +0000 (18:53 +0800)]
virtio-rng: add check of period
If period is assigned to 0, limit timer will expire immediately.
It causes a qemu warning:
"main-loop: WARNING: I/O thread spun for 1000 iterations"
This limit is meaningless. This patch forbids to assign 0 to period.
Reviewed-by: Amit Shah <amit.shah@redhat.com> Signed-off-by: Amos Kong <akong@redhat.com>
Message-id: 1385031203-23790-1-git-send-email-akong@redhat.com Signed-off-by: Anthony Liguori <aliguori@amazon.com>
projects / lisovros / qemu_apohw.git / log