aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-04-12qemu-iotests: iotests.VM: remove qtest socket on errorSascha Silbe
On error, VM.launch() cleaned up the monitor unix socket, but left the qtest unix socket behind. This caused the remaining sub-tests to fail with EADDRINUSE: +====================================================================== +ERROR: testQuorum (__main__.TestFifoQuorumEvents) +---------------------------------------------------------------------- +Traceback (most recent call last): + File "148", line 63, in setUp + self.vm.launch() + File "/home6/silbe/qemu/tests/qemu-iotests/iotests.py", line 247, in launch + self._qmp.accept() + File "/home6/silbe/qemu/tests/qemu-iotests/../../scripts/qmp/qmp.py", line 141, in accept + return self.__negotiate_capabilities() + File "/home6/silbe/qemu/tests/qemu-iotests/../../scripts/qmp/qmp.py", line 57, in __negotiate_capabilities + raise QMPConnectError +QMPConnectError + +====================================================================== +ERROR: testQuorum (__main__.TestQuorumEvents) +---------------------------------------------------------------------- +Traceback (most recent call last): + File "148", line 63, in setUp + self.vm.launch() + File "/home6/silbe/qemu/tests/qemu-iotests/iotests.py", line 244, in launch + self._qtest = qtest.QEMUQtestProtocol(self._qtest_path, server=True) + File "/home6/silbe/qemu/tests/qemu-iotests/../../scripts/qtest.py", line 33, in __init__ + self._sock.bind(self._address) + File "/usr/lib64/python2.7/socket.py", line 224, in meth + return getattr(self._sock,name)(*args) +error: [Errno 98] Address already in use Fix this by cleaning up both the monitor socket and the qtest socket iff they exist. Signed-off-by: Sascha Silbe <silbe@linux.vnet.ibm.com> Reviewed-by: Bo Tu <tubo@linux.vnet.ibm.com> Message-id: 1459848109-29756-4-git-send-email-silbe@linux.vnet.ibm.com Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-04-12qemu-iotests: fix 051 on non-PC architecturesSascha Silbe
Commit 61de4c68 [block: Remove BDRV_O_CACHE_WB] updated the reference output for PCs, but neglected to do the same for the generic reference output file. Fix 051 on all non-PC architectures by applying the same change to the generic output file. Fixes: 61de4c68 ("block: Remove BDRV_O_CACHE_WB") Signed-off-by: Sascha Silbe <silbe@linux.vnet.ibm.com> Reviewed-by: Bo Tu <tubo@linux.vnet.ibm.com> Message-id: 1459848109-29756-3-git-send-email-silbe@linux.vnet.ibm.com Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-04-12qemu-iotests: check: don't place files with predictable names in /tmpSascha Silbe
Placing files with predictable or even hard-coded names in /tmp is a security risk and can prevent or disturb operation on a multi-user machine. Place them inside the "scratch" directory instead, as we already do for most other test-related files. Signed-off-by: Sascha Silbe <silbe@linux.vnet.ibm.com> Reviewed-by: Bo Tu <tubo@linux.vnet.ibm.com> Message-id: 1459848109-29756-2-git-send-email-silbe@linux.vnet.ibm.com Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-04-12MAINTAINERS: Block layer core, qcow2 and blkdebugMax Reitz
As agreed with Kevin and already practiced for a while, I am adding myself as co-maintainer of the block layer core, qcow2 and blkdebug. Signed-off-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-04-12qcow2: Prevent backing file names longer than 1023Max Reitz
We reject backing file names with a length of more than 1023 characters when opening a qcow2 file, so we should not produce such files ourselves. Cc: qemu-stable@nongnu.org Signed-off-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-04-12vpc: fix return value check for blk_pwritePaolo Bonzini
bdrv_pwrite_sync used to return zero or negative error, while blk_pwrite returns the number of written bytes when successful. This caused VPC image creation to fail spectacularly: it wrote the first 512 bytes, and then exited immediately because of the non-zero answer from blk_pwrite. But the truly spectacular part is that it returns a positive value (the 512 that blk_pwrite returned) causing everyone to believe that it succeeded. This fixes qemu-iotests with vpc format. Fixes: b8f45cdf7827e39f9a1e6cc446f5972cc6144237 Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-04-12iotests: Make 150 use qemu-img map instead of duMax Reitz
The actual on-disk size of a file does not only depend on factors qemu can control. Thus, we should not depend on this to determine whether a file has indeed been fully allocated. Instead, use qemu-img map and hope that if an area is referenced, it is indeed allocated, too. Also, limit the supported image formats to raw and qcow2 because the actual qemu-img map output may depend on the image format. Signed-off-by: Max Reitz <mreitz@redhat.com> Tested-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-04-12block: initialize qcrypto API at startupDaniel P. Berrange
Any programs which call the qcrypto APIs should ensure that qcrypto_init() has been called before anything else which can use crypto. Essentially this means right at the start of the main method before initializing anything else. This is important because some versions of gnutls/gcrypt require explicit initialization before use. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Reviewed-by: Alex Bligh <alex@alex.org.uk> Tested-by: Alex Bligh <alex@alex.org.uk> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-04-12qemu-img: fix formatting of error messageDaniel P. Berrange
The error_reportf_err() will not automatically append a ': ' before adding its suffix, so we must include that in the message we pass it, otherwise we get a badly formatted message lacking whitespace: qemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=6666,tls-creds=tls0'Failed to connect socket: Connection refused Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-04-12iotests: fix the broken 026.nocache outputPavel Butsykin
This patch fixes longstanding issue with 026 iotest. Unfortunately, this test contains 2 versions of the correct output, one for cached writes and one for non-cached ones. People tends to fix only one version of output of the test and thus noncached version becomes broken. Unfortunately, it is default in tests/check-block.sh The following problematic commits were made: commit 3b5e14c76a6bb142bf250ddf99e24a0ac8c7bc12 Author: Max Reitz <mreitz@redhat.com> Date: Tue Dec 2 18:32:51 2014 +0100 qcow2: Flushing the caches in qcow2_close may fail commit a069e2f1372a0a823ab506fc019852a2a652aa54 Author: John Snow <jsnow@redhat.com> Date: Fri Feb 6 16:26:17 2015 -0500 blkdebug: fix "once" rule commit b106ad9185f35fc4ad669555ad0e79e276083bd7 Author: Kevin Wolf <kwolf@redhat.com> Date: Fri Mar 28 18:06:31 2014 +0100 qcow2: Don't rely on free_cluster_index in alloc_refcount_block() Signed-off-by: Pavel Butsykin <pbutsykin@virtuozzo.com> Signed-off-by: Denis V. Lunev <den@openvz.org> CC: Max Reitz <mreitz@redhat.com> CC: John Snow <jsnow@redhat.com> CC: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-04-12Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into ↵Peter Maydell
staging # gpg: Signature made Tue 12 Apr 2016 09:29:54 BST using RSA key ID 81AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" * remotes/stefanha/tags/block-pull-request: MAINTAINERS: Add Fam Zheng as a co-maintainer of block I/O path mirror: Replace bdrv_drain(bs) with bdrv_co_drain(bs) block: Fix bdrv_drain in coroutine Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-04-11MAINTAINERS: Add Fam Zheng as a co-maintainer of block I/O pathFam Zheng
As agreed with Stefan, I'm listing myself a co-maintainer of block I/O path and assist with the maintainership. Signed-off-by: Fam Zheng <famz@redhat.com> Message-id: 1459849105-7767-1-git-send-email-famz@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-04-11mirror: Replace bdrv_drain(bs) with bdrv_co_drain(bs)Fam Zheng
Suggested-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Fam Zheng <famz@redhat.com> Message-id: 1459855253-5378-3-git-send-email-famz@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-04-11block: Fix bdrv_drain in coroutineFam Zheng
Using the nested aio_poll() in coroutine is a bad idea. This patch replaces the aio_poll loop in bdrv_drain with a BH, if called in coroutine. For example, the bdrv_drain() in mirror.c can hang when a guest issued request is pending on it in qemu_co_mutex_lock(). Mirror coroutine in this case has just finished a request, and the block job is about to complete. It calls bdrv_drain() which waits for the other coroutine to complete. The other coroutine is a scsi-disk request. The deadlock happens when the latter is in turn pending on the former to yield/terminate, in qemu_co_mutex_lock(). The state flow is as below (assuming a qcow2 image): mirror coroutine scsi-disk coroutine ------------------------------------------------------------- do last write qcow2:qemu_co_mutex_lock() ... scsi disk read tracked request begin qcow2:qemu_co_mutex_lock.enter qcow2:qemu_co_mutex_unlock() bdrv_drain while (has tracked request) aio_poll() In the scsi-disk coroutine, the qemu_co_mutex_lock() will never return because the mirror coroutine is blocked in the aio_poll(blocking=true). With this patch, the added qemu_coroutine_yield() allows the scsi-disk coroutine to make progress as expected: mirror coroutine scsi-disk coroutine ------------------------------------------------------------- do last write qcow2:qemu_co_mutex_lock() ... scsi disk read tracked request begin qcow2:qemu_co_mutex_lock.enter qcow2:qemu_co_mutex_unlock() bdrv_drain.enter > schedule BH > qemu_coroutine_yield() > qcow2:qemu_co_mutex_lock.return > ... tracked request end ... (resumed from BH callback) bdrv_drain.return ... Reported-by: Laurent Vivier <lvivier@redhat.com> Signed-off-by: Fam Zheng <famz@redhat.com> Message-id: 1459855253-5378-2-git-send-email-famz@redhat.com Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Fam Zheng <famz@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-04-11Merge remote-tracking branch 'remotes/mcayland/tags/qemu-sparc-signed' into ↵Peter Maydell
staging qemu-sparc update # gpg: Signature made Mon 11 Apr 2016 16:30:02 BST using RSA key ID AE0F321F # gpg: Good signature from "Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>" * remotes/mcayland/tags/qemu-sparc-signed: target-sparc: fix ldstub sign-extension bug Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-04-11target-sparc: fix ldstub sign-extension bugMark Cave-Ayland
ldstub [addr], reg incorrectly reads a signed byte from memory which causes problems in the 32-bit Solaris mutex code. Here the byte value being read is 0xff which is incorrectly sign-extended to 0xffffffff before being written back to the target register causing lock detection to behave incorrectly. This fixes the intermittent hangs and MUTEX_HELD warnings issued to the console when running 32-bit Solaris images under qemu-system-sparc. With thanks to Joseph Dery for providing a condensed test image to consistently reproduce the problem on demand, and Martin Husemann for allowing me access to real hardware for comparison. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-By: Artyom Tarasenko <atar4qemu@gmail.com> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2016-04-11Merge remote-tracking branch ↵Peter Maydell
'remotes/pmaydell/tags/pull-target-arm-20160411' into staging target-arm queue: * stellaris_enet: don't overrun buffer if fed oversize packet # gpg: Signature made Mon 11 Apr 2016 14:36:27 BST using RSA key ID 14360CDE # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" # gpg: aka "Peter Maydell <pmaydell@gmail.com>" # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" * remotes/pmaydell/tags/pull-target-arm-20160411: net: stellaris_enet: check packet length against receive buffer Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-04-11net: stellaris_enet: check packet length against receive bufferPrasad J Pandit
When receiving packets over Stellaris ethernet controller, it uses receive buffer of size 2048 bytes. In case the controller accepts large(MTU) packets, it could lead to memory corruption. Add check to avoid it. Reported-by: Oleksandr Bazhaniuk <oleksandr.bazhaniuk@intel.com> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Message-id: 1460095428-22698-1-git-send-email-ppandit@redhat.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-04-11Merge remote-tracking branch 'remotes/kraxel/tags/pull-vga-20160411-1' into ↵Peter Maydell
staging virtio-gpu: pixman surface fix, block live migration # gpg: Signature made Mon 11 Apr 2016 11:45:18 BST using RSA key ID D3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" * remotes/kraxel/tags/pull-vga-20160411-1: virtio-gpu: block live migration ui/virtio-gpu: add and use qemu_create_displaysurface_pixman Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-04-11virtio-gpu: block live migrationGerd Hoffmann
Feeling a bit nervous putting the full live migration support patch (https://patchwork.ozlabs.org/patch/606902/) in that late in the 2.6 devel cycle as it carries some non-trivial changes. So disable migration in case virtio-gpu is present for now. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-04-11ui/virtio-gpu: add and use qemu_create_displaysurface_pixmanGerd Hoffmann
Add a the new qemu_create_displaysurface_pixman function, to create a DisplaySurface backed by an existing pixman image. In that case there is no need to create a new pixman image pointing to the same backing storage. We can just use the existing image directly. This does not only simplify things a bit, but most importantly it gets the reference counting right, so the backing storage for the pixman image wouldn't be released underneath us. Use new function in virtio-gpu, where using it actually fixes use-after-free crashes. Cc: qemu-stable@nongnu.org Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 1459499240-742-1-git-send-email-kraxel@redhat.com
2016-04-08Merge remote-tracking branch 'remotes/lalrae/tags/mips-20160408' into stagingPeter Maydell
MIPS patches 2016-04-08 Changes: * fix off-by-one error in ITU # gpg: Signature made Fri 08 Apr 2016 10:43:16 BST using RSA key ID 0B29DA6B # gpg: Good signature from "Leon Alrae <leon.alrae@imgtec.com>" * remotes/lalrae/tags/mips-20160408: hw/mips_itu: fix off-by-one reported by Coverity Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-04-08Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into stagingPeter Maydell
pci, virtio, acpi: fixes for 2.6 Fixes all over the place. Most notably, fixes migration for systems with pci express bridges, and random crashes observed with virtio blk and scsi dataplane. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> # gpg: Signature made Fri 08 Apr 2016 08:53:46 BST using RSA key ID D28D5469 # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" * remotes/mst/tags/for_upstream: hw/pci-bridge: Add missing unref in case register-bus fails virtio: merge virtio_queue_aio_set_host_notifier_handler with virtio_queue_set_aio virtio-scsi: use aio handler for data plane virtio-blk: use aio handler for data plane virtio: add aio handler virtio-scsi: fix disabled mode virtio-blk: fix disabled mode virtio: make virtio_queue_notify_vq static tests/bios-tables-test: fix assert virtio-balloon: reset the statistic timer to load device Migration: Add i82801b11 migration data Sort the fw_cfg file list xen: piix reuse pci generic class init function pci-testdev: fast mmio support acpi: Add missing GCC_FMT_ATTR Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-04-08Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.6-20160408' ↵Peter Maydell
into staging ppc patch queue for 2016-04-08 Just a single bugfix for spapr in this batch, but I want to make sure it gets in for 2.6. # gpg: Signature made Fri 08 Apr 2016 06:02:45 BST using RSA key ID 20D9B392 # gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>" # gpg: aka "David Gibson (Red Hat) <dgibson@redhat.com>" # gpg: aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>" # gpg: WARNING: This key is not certified with sufficiently trusted signatures! # gpg: It is not certain that the signature belongs to the owner. # Primary key fingerprint: 75F4 6586 AE61 A66C C44E 87DC 6C38 CACA 20D9 B392 * remotes/dgibson/tags/ppc-for-2.6-20160408: spapr: Fix ibm,lrdr-capacity Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-04-08Merge remote-tracking branch 'remotes/xtensa/tags/20160408-xtensa' into stagingPeter Maydell
Xtensa-related fixes: - fix networking on xtfpga platform in linux v4.5 by indicating autonegotiation completion in opencores_eth MII BMSR. # gpg: Signature made Thu 07 Apr 2016 23:33:59 BST using RSA key ID F83FA044 # gpg: Good signature from "Max Filippov <max.filippov@cogentembedded.com>" # gpg: aka "Max Filippov <jcmvbkbc@gmail.com>" * remotes/xtensa/tags/20160408-xtensa: opencores_eth: indicate autonegotiation completion Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-04-08Merge remote-tracking branch 'remotes/weil/tags/pull-tci-20160407' into stagingPeter Maydell
tci patch queue # gpg: Signature made Thu 07 Apr 2016 18:01:55 BST using RSA key ID 677450AD # gpg: Good signature from "Stefan Weil <sw@weilnetz.de>" # gpg: aka "Stefan Weil <stefan.weil@weilnetz.de>" # gpg: aka "Stefan Weil <stefan.weil@bib.uni-mannheim.de>" # gpg: WARNING: This key is not certified with sufficiently trusted signatures! # gpg: It is not certain that the signature belongs to the owner. # Primary key fingerprint: 4923 6FEA 75C9 5D69 8EC2 B78A E08C 21D5 6774 50AD * remotes/weil/tags/pull-tci-20160407: tci: Fix build regression Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-04-08Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell
* NBD fixes from Alex and Eric * Debug code bitrot from Emilio * HPET fix from Bill * ps2kbd fix from Hervé * PKU fix from myself * Coverity fixes from Gonglei * More memory.txt update from Jiangang * .gitignore maintenance from Changlong # gpg: Signature made Thu 07 Apr 2016 23:08:12 BST using RSA key ID 78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" * remotes/bonzini/tags/for-upstream: target-i386: check for PKU even for non-writable pages tests: ignore test-logging translate-all: add missing fold of tb_ctx into tcg_ctx hostmem-file: fix memory leak spapr: fix possible Negative array index read nbd: do not hang nbd_wr_syncv if outside a coroutine and no available data nbd: Don't kill server when client requests unknown option nbd: Fix NBD unsupported options qemu-nbd: Document -x option nbd: Improve debug traces on little-endian nbd: Avoid bitrot in TRACE() usage nbd: Return correct error for write to read-only export docs: fix typo in memory.txt hw/timer: Revert "hpet: inverse polarity when pin above ISA_NUM_IRQS" ps2kbd: default to scancode_set 2, as with KBD_CMD_RESET Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-04-08hw/mips_itu: fix off-by-one reported by CoverityLeon Alrae
Fix off-by-one error in ITC Tag read. Remove the switch as we just want to check if index is in valid range rather than test against list of values. Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2016-04-08spapr: Fix ibm,lrdr-capacityBharata B Rao
ibm,lrdr-capacity has a field to describe the maximum address in bytes and therefore, the most memory that can be allocated to this guest. We are using maxmem for this field, but instead should use the actual RAM address corresponding to the end of hotplug region. Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-04-08target-i386: check for PKU even for non-writable pagesPaolo Bonzini
Xiao Guangrong ran kvm-unit-tests on an actual machine with PKU and found that it fails: test pte.p pte.user pde.p pde.user pde.a pde.pse pkru.wd pkey=1 user write efer.nx cr4.pke: FAIL: error code 27 expected 7 Dump mapping: address: 0x123400000000 ------L4: 2ebe007 ------L3: 2ebf007 ------L2: 8000000020000a5 (All failures are combinations of "pde.user pde.p pkru.wd pkey=1", plus either "pde.pse" or "pte.p pte.user", plus one of "user cr0.wp", "cr0.wp" or "user", plus unimportant bits such as accessed/dirty or efer.nx). So PFEC.PKEY is set even if the ordinary check failed (which it did because pde.w is zero). Adjust QEMU to match behavior of silicon. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-04-08tests: ignore test-loggingChanglong Xie
Commit 3514552e added a new test, but did not mark it for exclusion in .gitignore. Signed-off-by: Changlong Xie <xiecl.fnst@cn.fujitsu.com> Reviewed-by: Eric Blake <eblake@redhat.com> Message-Id: <1459903756-30672-1-git-send-email-xiecl.fnst@cn.fujitsu.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-04-08translate-all: add missing fold of tb_ctx into tcg_ctxEmilio G. Cota
Since 5e5f07e08 "TCG: Move translation block variables to new context inside tcg_ctx: tb_ctx" on Feb 1 2013, compilation of usermode + TB_DEBUG_CHECK has been broken. Fix it. Signed-off-by: Emilio G. Cota <cota@braap.org> Message-Id: <1459834253-8291-2-git-send-email-cota@braap.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-04-08hostmem-file: fix memory leakGonglei
Signed-off-by: Gonglei <arei.gonglei@huawei.com> Message-Id: <1456998223-12356-5-git-send-email-arei.gonglei@huawei.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-04-08spapr: fix possible Negative array index readGonglei
fix CID 1351391. Signed-off-by: Gonglei <arei.gonglei@huawei.com> Message-Id: <1456998223-12356-6-git-send-email-arei.gonglei@huawei.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-04-08nbd: do not hang nbd_wr_syncv if outside a coroutine and no available dataPaolo Bonzini
Until commit 1c778ef7 ("nbd: convert to using I/O channels for actual socket I/O", 2016-02-16), nbd_wr_sync returned -EAGAIN this scenario. nbd_reply_ready required these semantics because it has two conflicting requirements: 1) if a reply can be received on the socket, nbd_reply_ready needs to read the header outside coroutine context to identify _which_ coroutine to enter to process the rest of the reply 2) on the other hand, nbd_reply_ready can find a false positive if another thread (e.g. a VCPU thread running aio_poll) sneaks in and calls nbd_reply_ready too. In this case nbd_reply_ready does nothing and expects nbd_wr_syncv to return -EAGAIN. Currently, the solution to the first requirement is to wait in the very rare case of a read() that doesn't retrieve the reply header in its entirety; this is what nbd_wr_syncv does by calling qio_channel_wait(). However, the unconditional call to qio_channel_wait() breaks the second requirement. To fix this, the patch makes nbd_wr_syncv return -EAGAIN if done is zero, similar to the code before commit 1c778ef7. This is okay because NBD client-side negotiation is the only other case that calls nbd_wr_syncv outside a coroutine, and it places the socket in blocking mode. On the other hand, it is a bit unpleasant to put this in nbd_wr_syncv(), because the function is used by both client and server. The full fix would be to add a counter to NbdClientSession for how many bytes have been filled in s->reply. Then a reply can be filled by multiple separate invocations of nbd_reply_ready and the qio_channel_wait() call can be removed completely. Something to consider for 2.7... Reported-by: Changlong Xie <xiecl.fnst@cn.fujitsu.com> Reviewed-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-04-08nbd: Don't kill server when client requests unknown optionEric Blake
nbd-server.c currently fails to handle unsupported options properly. If during option haggling the client sends an unknown request, the server kills the connection instead of letting the client try to fall back to something older. This is precisely what advertising NBD_FLAG_FIXED_NEWSTYLE was supposed to fix. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1459982918-32229-1-git-send-email-eblake@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-04-08nbd: Fix NBD unsupported optionsAlex Bligh
nbd-client.c currently fails to handle unsupported options properly. If during option haggling the server finds an option that is unsupported, it returns an NBD_REP_ERR_UNSUP reply. According to nbd's proto.md, the format for such a reply should be: S: 64 bits, 0x3e889045565a9 (magic number for replies) S: 32 bits, the option as sent by the client to which this is a reply S: 32 bits, reply type (e.g., NBD_REP_ACK for successful completion, or NBD_REP_ERR_UNSUP to mark use of an option not known by this server S: 32 bits, length of the reply. This may be zero for some replies, in which case the next field is not sent S: any data as required by the reply (e.g., an export name in the case of NBD_REP_SERVER, or optional UTF-8 message for NBD_REP_ERR_*) However, in nbd-client.c, the reply type was being read, and if it contained an error, it was bailing out and issuing the next option request without first reading the length. This meant that the next option / handshake read had an extra 4 or more bytes of data in it. In practice, this makes Qemu incompatible with servers that do not support NBD_OPT_LIST. To verify this isn't an error in the specification or my reading of it, replies are sent by the reference implementation here: https://github.com/yoe/nbd/blob/66dfb35/nbd-server.c#L1232 and as is evident it always sends a 'datasize' (aka length) 32 bit word. Unsupported elements are replied to here: https://github.com/yoe/nbd/blob/66dfb35/nbd-server.c#L1371 Signed-off-by: Alex Bligh <alex@alex.org.uk> Message-Id: <1459882500-24316-1-git-send-email-alex@alex.org.uk> [rework to ALWAYS consume an optional UTF-8 message from the server] Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1459961962-18771-1-git-send-email-eblake@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-04-08qemu-nbd: Document -x optionEric Blake
Commit 3d4b2f9c added -x to force qemu-nbd to use new-style negotiation, but while it documented it in the man page, it omitted docs in the --help output. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1459908128-11925-1-git-send-email-eblake@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-04-08nbd: Improve debug traces on little-endianEric Blake
Print debug tracing messages while data is still in native ordering, rather than after we've potentially swapped it into network order for transmission. Also, it's nice if the server mentions what it is replying, to correlate it to with what the client says it is receiving. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1459913704-19949-4-git-send-email-eblake@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-04-08nbd: Avoid bitrot in TRACE() usageEric Blake
The compiler is smart enough to optimize out 'if (0)', but won't type-check our printfs if they are hidden behind #if. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1459913704-19949-3-git-send-email-eblake@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-04-08nbd: Return correct error for write to read-only exportEric Blake
The NBD Protocol requires that servers should send EPERM for attempts to write (or trim) a read-only export. We were correct for TRIM (blk_co_discard() gave EPERM); but were manually setting EROFS which then got mapped to EINVAL over the wire on writes. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1459913704-19949-2-git-send-email-eblake@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-04-08docs: fix typo in memory.txtWei Jiangang
The space between 7000 and 8000 is too wide by 1 character. Also correct the range of vga-window example 0xa0000-0xbffff. Signed-off-by: Wei Jiangang <weijg.fnst@cn.fujitsu.com> Message-Id: <1458639954-9980-1-git-send-email-weijg.fnst@cn.fujitsu.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-04-08hw/timer: Revert "hpet: inverse polarity when pin above ISA_NUM_IRQS"Bill Paul
This reverts commit 0d63b2dd31464cfccc80bbeedc24e3863fe4c895. This change was originally intended to correct the HPET behavior in conjunction with Linux, however the behavior that it actually creates is not compatible with the ioapic.c implementation; it used to be compatible with KVM's own IOAPIC but it is not anymore. Signed-off-by: Bill Paul <wpaul@windriver.com> CC: Paolo Bonzini <pbonzini@redhat.com> CC: Richard Henderson <rth@twiddle.net> CC: Eduardo Habkost <ehabkost@redhat.com> Message-Id: <201604051558.20070.wpaul@windriver.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-04-08ps2kbd: default to scancode_set 2, as with KBD_CMD_RESETHervé Poussineau
This line has been added in commit ef74679a810fe6858f625b9d52b68cc3fc61eb3d with other initializations. However, scancode set 0 doesn't exist (only 1, 2, 3). This works well as long as operating system is resetting keyboard, or overwriting the current scancode set with the one it wants. This fixes IBM 40p firmware, which doesn't bother sending KBD_CMD_RESET or KBD_CMD_SCANCODE. Signed-off-by: Hervé Poussineau <hpoussin@reactos.org> Message-Id: <1458714100-28885-1-git-send-email-hpoussin@reactos.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-04-07Merge remote-tracking branch 'remotes/mdroth/tags/qga-pull-2016-04-07-tag' ↵Peter Maydell
into staging qemu-ga patch queue for 2.6 * fix w32 bug where output from guest-exec is not properly captured * fix w32 bug where FDs are leaked after guest-exec is invoked # gpg: Signature made Thu 07 Apr 2016 17:46:21 BST using RSA key ID F108B584 # gpg: Good signature from "Michael Roth <flukshun@gmail.com>" # gpg: aka "Michael Roth <mdroth@utexas.edu>" # gpg: aka "Michael Roth <mdroth@linux.vnet.ibm.com>" * remotes/mdroth/tags/qga-pull-2016-04-07-tag: qga: Workaround for console redirection from non-interactive qemu-ga service qga: fix fd leak with guest-exec i/o channels Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-04-07tci: Fix build regressionStefan Weil
Commit d38ea87ac54af64ef611de434d07c12dc0399216 cleaned the include statements which resulted in a wrong order of assert.h and the definition of NDEBUG in tci.c. Normally NDEBUG modifies the definition of the assert macro, but here this definition comes too late which results in a failing build. To fix this, a new macro tci_assert which depends on CONFIG_DEBUG_TCG is introduced. Only builds with CONFIG_DEBUG_TCG will use assertions. Even in this case, it is still possible to disable assertions by defining NDEBUG via compiler settings. Tested-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Stefan Weil <sw@weilnetz.de>
2016-04-07hw/pci-bridge: Add missing unref in case register-bus failsWei Jiangang
The error paths after a successful qdev_create/pci_bus_new should contain a object_unref/object_unparent. pxb_dev_init_common() did not yet, so add it. Signed-off-by: Wei Jiangang <weijg.fnst@cn.fujitsu.com> Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Marcel Apfelbaum <marcel@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com>
2016-04-07virtio: merge virtio_queue_aio_set_host_notifier_handler with ↵Paolo Bonzini
virtio_queue_set_aio Eliminating the reentrancy is actually a nice thing that we can do with the API that Michael proposed, so let's make it first class. This also hides the complex assign/set_handler conventions from callers of virtio_queue_aio_set_host_notifier_handler, which in fact was always called with assign=true. Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-04-07virtio-scsi: use aio handler for data planePaolo Bonzini
In addition to handling IO in vcpu thread and in io thread, dataplane introduces yet another mode: handling it by AioContext. This reuses the same handler as previous modes, which triggers races as these were not designed to be reentrant. Use a separate handler just for aio, and disable regular handlers when dataplane is active. Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-04-07virtio-blk: use aio handler for data planeMichael S. Tsirkin
In addition to handling IO in vcpu thread and in io thread, dataplane introduces yet another mode: handling it by AioContext. This reuses the same handler as previous modes, which triggers races as these were not designed to be reentrant. Use a separate handler just for aio, and disable regular handlers when dataplane is active. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>