aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-02-04net: netmap: use nm_open() to open netmap portsVincenzo Maffione
This patch simplifies the netmap backend code by means of the nm_open() helper function provided by netmap_user.h, which hides the details of open(), iotcl() and mmap() carried out on the netmap device. Moreover, the semantic of nm_open() makes it possible to open special netmap ports (e.g. pipes, monitors) and use special modes (e.g. host rings only, single queue mode, exclusive access). Signed-off-by: Vincenzo Maffione <v.maffione@gmail.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2016-02-04e1000: eliminate infinite loops on out-of-bounds transfer startLaszlo Ersek
The start_xmit() and e1000_receive_iov() functions implement DMA transfers iterating over a set of descriptors that the guest's e1000 driver prepares: - the TDLEN and RDLEN registers store the total size of the descriptor area, - while the TDH and RDH registers store the offset (in whole tx / rx descriptors) into the area where the transfer is supposed to start. Each time a descriptor is processed, the TDH and RDH register is bumped (as appropriate for the transfer direction). QEMU already contains logic to deal with bogus transfers submitted by the guest: - Normally, the transmit case wants to increase TDH from its initial value to TDT. (TDT is allowed to be numerically smaller than the initial TDH value; wrapping at or above TDLEN bytes to zero is normal.) The failsafe that QEMU currently has here is a check against reaching the original TDH value again -- a complete wraparound, which should never happen. - In the receive case RDH is increased from its initial value until "total_size" bytes have been received; preferably in a single step, or in "s->rxbuf_size" byte steps, if the latter is smaller. However, null RX descriptors are skipped without receiving data, while RDH is incremented just the same. QEMU tries to prevent an infinite loop (processing only null RX descriptors) by detecting whether RDH assumes its original value during the loop. (Again, wrapping from RDLEN to 0 is normal.) What both directions miss is that the guest could program TDLEN and RDLEN so low, and the initial TDH and RDH so high, that these registers will immediately be truncated to zero, and then never reassume their initial values in the loop -- a full wraparound will never occur. The condition that expresses this is: xdh_start >= s->mac_reg[XDLEN] / sizeof(desc) i.e., TDH or RDH start out after the last whole rx or tx descriptor that fits into the TDLEN or RDLEN sized area. This condition could be checked before we enter the loops, but pci_dma_read() / pci_dma_write() knows how to fill in buffers safely for bogus DMA addresses, so we just extend the existing failsafes with the above condition. This is CVE-2016-1981. Cc: "Michael S. Tsirkin" <mst@redhat.com> Cc: Petr Matousek <pmatouse@redhat.com> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Cc: Prasad Pandit <ppandit@redhat.com> Cc: Michael Roth <mdroth@linux.vnet.ibm.com> Cc: Jason Wang <jasowang@redhat.com> Cc: qemu-stable@nongnu.org RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1296044 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jason Wang <jasowang@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2016-02-04slirp: Adding family argument to tcp_fconnect()Guillaume Subiron
This patch simply adds a unsigned short family argument to remove the hardcoded "AF_INET" in the call of qemu_socket(). This prepares for IPv6 support. Signed-off-by: Guillaume Subiron <maethor@subiron.org> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2016-02-04slirp: Make udp_attach IPv6 compatibleGuillaume Subiron
A unsigned short is now passed in argument to udp_attach instead of using a hardcoded "AF_INET" to call qemu_socket(). This prepares for IPv6 support. Signed-off-by: Guillaume Subiron <maethor@subiron.org> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2016-02-04slirp: Add sockaddr_equal, make solookup family-agnosticGuillaume Subiron
This patch makes solookup() compatible with varying address families, by using a new sockaddr_equal() function that compares two sockaddr_storage. This prepares for IPv6 support. Signed-off-by: Guillaume Subiron <maethor@subiron.org> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2016-02-04slirp: Factorizing and cleaning solookup()Guillaume Subiron
solookup() was only compatible with TCP. Having the socket list in argument, it is now compatible with UDP too. Some optimization code is factorized inside the function (the function look at the last returned result before browsing the complete socket list). This prepares for IPv6 support. Signed-off-by: Guillaume Subiron <maethor@subiron.org> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2016-02-04slirp: Factorizing address translationGuillaume Subiron
This patch factorizes some duplicate code into a new function, sotranslate_out(). This function perform the address translation when a packet is transmitted to the host network. If the packet is destinated to the host, the loopback address is used, and if the packet is destinated to the virtual DNS, the real DNS address is used. This code is just a copy of the existent, but factorized and ready to manage the IPv6 case. On the same model, the major part of udp_output() code is moved into a new sotranslate_in(). This function is directly used in sorecvfrom(), like sotranslate_out() in sosendto(). udp_output() becoming useless, it is removed and udp_output2() is renamed into udp_output(). This adds consistency with the udp6_output() function introduced by further patches. Lastly, this factorizes some duplicate code into sotranslate_accept(), which performs the address translation when a connection is established on the host for port forwarding: if it comes from localhost, the host virtual address is used instead. This prepares for IPv6 support. Signed-off-by: Guillaume Subiron <maethor@subiron.org> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2016-02-04slirp: Make Socket structure IPv6 compatibleGuillaume Subiron
This patch replaces foreign and local address/port couples in Socket structure by 2 sockaddr_storage which can be casted in sockaddr_in. Direct access to address and port is still possible thanks to some \#define, so retrocompatibility of the existing code is assured. The ss_family field of sockaddr_storage is declared after each socket creation. The whole structure is also saved/restored when a Qemu session is saved/restored. This prepares for IPv6 support. Signed-off-by: Guillaume Subiron <maethor@subiron.org> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2016-02-04slirp: Adding address family switch for produced framesGuillaume Subiron
In if_encap, a switch is added to prepare for the IPv6 case. Some code is factorized. This prepares for IPv6 support. Signed-off-by: Guillaume Subiron <maethor@subiron.org> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: Thomas Huth <thuth@redhat.com>
2016-02-04slirp: Generalizing and neutralizing ARP codeGuillaume Subiron
Basically, this patch replaces "arp" by "resolution" every time "arp" means "mac resolution" and not specifically ARP. This prepares for IPv6 support. Signed-off-by: Guillaume Subiron <maethor@subiron.org> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2016-02-04slirp: goto bad in udp_input if sosendto failsGuillaume Subiron
Before this patch, if sosendto fails, udp_input is executed as if the packet was sent, recording the packet for icmp errors, which does not makes sense since the packet was not actually sent, errors would be related to a previous packet. This patch adds a goto bad to cut the execution of this function. Signed-off-by: Guillaume Subiron <maethor@subiron.org> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2016-02-04cadence_gem: fix buffer overflowMichael S. Tsirkin
gem_transmit copies a packet from guest into an tx_packet[2048] array on stack, with size limited by descriptor length set by guest. If guest is malicious and specifies a descriptor length that is too large, and should packet size exceed array size, this results in a buffer overflow. Reported-by: 刘令 <liuling-it@360.cn> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2016-02-04net: cadence_gem: check packet size in gem_recievePrasad J Pandit
While receiving packets in 'gem_receive' routine, if Frame Check Sequence(FCS) is enabled, it copies the packet into a local buffer without checking its size. Add check to validate packet length against the buffer size to avoid buffer overflow. Reported-by: Ling Liu <liuling-it@360.cn> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Signed-off-by: Jason Wang <jasowang@redhat.com>
2016-02-04qemu-doc: Do not promote deprecated -smb and -redir optionsThomas Huth
Since -smb and -redir are deprecated options, we should not use them as examples in the documentation anymore. Signed-off-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2016-02-04net/slirp: Tell the users when they are using deprecated optionsThomas Huth
We don't want to support the legacy -tftp, -bootp, -smb and -net channel options forever. So let's start telling the users that they are deprecated and what option should be used instead. Signed-off-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2016-02-03Merge remote-tracking branch 'remotes/kraxel/tags/pull-vga-20160203-1' into ↵Peter Maydell
staging virtio-gpu: bugfixes and spice support preparation # gpg: Signature made Wed 03 Feb 2016 09:47:13 GMT using RSA key ID D3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" * remotes/kraxel/tags/pull-vga-20160203-1: virtio-gpu: block any rendering until client (ui) is done virtio-gpu: add support to enable/disable command processing virtio-gpu: maintain command queue virtio-gpu: fix memory leak in error path console: block rendering until client is done zap qemu_egl_has_ext in include/ui/egl-helpers.h Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-02-03Merge remote-tracking branch 'remotes/armbru/tags/pull-monitor-2016-02-03' ↵Peter Maydell
into staging Monitor patches for 2016-02-03 # gpg: Signature made Wed 03 Feb 2016 09:13:48 GMT using RSA key ID EB918653 # gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" # gpg: aka "Markus Armbruster <armbru@pond.sub.org>" * remotes/armbru/tags/pull-monitor-2016-02-03: hmp: fix sendkey out of bounds write (CVE-2015-8619) Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-02-03virtio-gpu: block any rendering until client (ui) is doneGerd Hoffmann
Wire up gl_block callback, so ui code can request to stop virtio-gpu rendering. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-02-03virtio-gpu: add support to enable/disable command processingGerd Hoffmann
So we can stop rendering for a while in case we have to. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2016-02-03virtio-gpu: maintain command queueGerd Hoffmann
We'll go take out the commands we receive out of the virt queue and put them into a linked list, to decouple virtio queue handling from actual command processing. Also move cmd processing to new virtio_gpu_handle_ctrl func, so we can easily kick it from different places. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-02-03virtio-gpu: fix memory leak in error pathGerd Hoffmann
Found by Coverity Scan, buf not freed on error. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2016-02-03console: block rendering until client is doneGerd Hoffmann
Allow gl user interfaces to block display device gl rendering. The ui code might want to do that in case it takes a little longer to bring things to screen, for example because we'll hand over a dma-buf to another process (spice will do that). Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2016-02-03zap qemu_egl_has_ext in include/ui/egl-helpers.hGerd Hoffmann
Drop leftover prototype which sneaked in by mistake Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2016-02-03hmp: fix sendkey out of bounds write (CVE-2015-8619)Wolfgang Bumiller
When processing 'sendkey' command, hmp_sendkey routine null terminates the 'keyname_buf' array. This results in an OOB write issue, if 'keyname_len' was to fall outside of 'keyname_buf' array. Since the keyname's length is known the keyname_buf can be removed altogether by adding a length parameter to index_from_key() and using it for the error output as well. Reported-by: Ling Liu <liuling-it@360.cn> Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> Message-Id: <20160113080958.GA18934@olga> [Comparison with "<" dumbed down, test for junk after strtoul() tweaked] Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-02-02Merge remote-tracking branch ↵Peter Maydell
'remotes/maxreitz/tags/pull-block-for-peter-2016-02-02' into staging Block patches # gpg: Signature made Tue 02 Feb 2016 17:23:44 GMT using RSA key ID E838ACAD # gpg: Good signature from "Max Reitz <mreitz@redhat.com>" * remotes/maxreitz/tags/pull-block-for-peter-2016-02-02: (50 commits) block: qemu-iotests - add test for snapshot, commit, snapshot bug block: set device_list.tqe_prev to NULL on BDS removal iotests: Add "qemu-img map" test for VMDK extents qemu-img: Make MapEntry a QAPI struct qemu-img: In "map", use the returned "file" from bdrv_get_block_status block: Use returned *file in bdrv_co_get_block_status vmdk: Return extent's file in bdrv_get_block_status vmdk: Fix calculation of block status's offset vpc: Assign bs->file->bs to file in vpc_co_get_block_status vdi: Assign bs->file->bs to file in vdi_co_get_block_status sheepdog: Assign bs to file in sd_co_get_block_status qed: Assign bs->file->bs to file in bdrv_qed_co_get_block_status parallels: Assign bs->file->bs to file in parallels_co_get_block_status iscsi: Assign bs to file in iscsi_co_get_block_status raw: Assign bs to file in raw_co_get_block_status qcow2: Assign bs->file->bs to file in qcow2_co_get_block_status qcow: Assign bs->file->bs to file in qcow_co_get_block_status block: Add "file" output parameter to block status query functions block: acquire in bdrv_query_image_info iotests: Add test for block jobs and BDS ejection ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-02-02block: qemu-iotests - add test for snapshot, commit, snapshot bugJeff Cody
Signed-off-by: Jeff Cody <jcody@redhat.com> Message-id: 2dbc05efba2f683cb3aaf71aaa9b776ebf7ec57c.1454376655.git.jcody@redhat.com Reviewed-by: Max Reitz <mreitz@redhat.com> [Moved test number from 143 to 144] Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-02-02block: set device_list.tqe_prev to NULL on BDS removalJeff Cody
This fixes a regression introduced with commit 3f09bfbc7. Multiple bugs arise in conjunction with live snapshots and mirroring operations (which include active layer commit). After a live snapshot occurs, the active layer and the base layer both have a non-NULL tqe_prev field in the device_list, although the base node's tqe_prev field points to a NULL entry. This non-NULL tqe_prev field occurs after the bdrv_append() in the external snapshot calls change_parent_backing_link(). In change_parent_backing_link(), when the previous active layer is removed from device_list, the device_list.tqe_prev pointer is not set to NULL. The operating scheme in the block layer is to indicate that a BDS belongs in the bdrv_states device_list iff the device_list.tqe_prev pointer is non-NULL. This patch does two things: 1.) Introduces a new block layer helper bdrv_device_remove() to remove a BDS from the device_list, and 2.) uses that new API, which also fixes the regression once used in change_parent_backing_link(). Signed-off-by: Jeff Cody <jcody@redhat.com> Message-id: 0cd51e11c0666c04ddb7c05293fe94afeb551e89.1454376655.git.jcody@redhat.com Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-02-02Merge remote-tracking branch 'remotes/kraxel/tags/pull-usb-20160202-1' into ↵Peter Maydell
staging usb: two ehci fixes. # gpg: Signature made Tue 02 Feb 2016 13:12:00 GMT using RSA key ID D3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" * remotes/kraxel/tags/pull-usb-20160202-1: ehci: update irq on reset usb: check page select value while processing iTD Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-02-02iotests: Add "qemu-img map" test for VMDK extentsFam Zheng
Signed-off-by: Fam Zheng <famz@redhat.com> Message-id: 1453780743-16806-17-git-send-email-famz@redhat.com Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-02-02qemu-img: Make MapEntry a QAPI structFam Zheng
The "flags" bit mask is expanded to two booleans, "data" and "zero"; "bs" is replaced with "filename" string. Refactor the merge conditions in img_map() into entry_mergeable(). Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Fam Zheng <famz@redhat.com> Message-id: 1453780743-16806-16-git-send-email-famz@redhat.com Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-02-02qemu-img: In "map", use the returned "file" from bdrv_get_block_statusFam Zheng
Now all drivers should return a correct "file", we can make use of it, even with the recursion into backing chain above. Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Fam Zheng <famz@redhat.com> Message-id: 1453780743-16806-15-git-send-email-famz@redhat.com Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-02-02block: Use returned *file in bdrv_co_get_block_statusFam Zheng
Now that all drivers return the right "file" pointer, we can use it. Signed-off-by: Fam Zheng <famz@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Message-id: 1453780743-16806-14-git-send-email-famz@redhat.com Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-02-02vmdk: Return extent's file in bdrv_get_block_statusFam Zheng
Signed-off-by: Fam Zheng <famz@redhat.com> Message-id: 1453780743-16806-13-git-send-email-famz@redhat.com Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-02-02vmdk: Fix calculation of block status's offsetFam Zheng
"offset" is the offset of cluster and sector_num doesn't necessarily refer to the start of it, it should add index_in_cluster. Signed-off-by: Fam Zheng <famz@redhat.com> Message-id: 1453780743-16806-12-git-send-email-famz@redhat.com Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-02-02vpc: Assign bs->file->bs to file in vpc_co_get_block_statusFam Zheng
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Fam Zheng <famz@redhat.com> Message-id: 1453780743-16806-11-git-send-email-famz@redhat.com Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-02-02vdi: Assign bs->file->bs to file in vdi_co_get_block_statusFam Zheng
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Fam Zheng <famz@redhat.com> Message-id: 1453780743-16806-10-git-send-email-famz@redhat.com Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-02-02sheepdog: Assign bs to file in sd_co_get_block_statusFam Zheng
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Fam Zheng <famz@redhat.com> Message-id: 1453780743-16806-9-git-send-email-famz@redhat.com Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-02-02qed: Assign bs->file->bs to file in bdrv_qed_co_get_block_statusFam Zheng
Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Fam Zheng <famz@redhat.com> Message-id: 1453780743-16806-8-git-send-email-famz@redhat.com Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-02-02parallels: Assign bs->file->bs to file in parallels_co_get_block_statusFam Zheng
Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Fam Zheng <famz@redhat.com> Message-id: 1453780743-16806-7-git-send-email-famz@redhat.com Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-02-02iscsi: Assign bs to file in iscsi_co_get_block_statusFam Zheng
Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Fam Zheng <famz@redhat.com> Message-id: 1453780743-16806-6-git-send-email-famz@redhat.com Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-02-02raw: Assign bs to file in raw_co_get_block_statusFam Zheng
Signed-off-by: Fam Zheng <famz@redhat.com> Message-id: 1453780743-16806-5-git-send-email-famz@redhat.com Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-02-02qcow2: Assign bs->file->bs to file in qcow2_co_get_block_statusFam Zheng
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Fam Zheng <famz@redhat.com> Message-id: 1453780743-16806-4-git-send-email-famz@redhat.com Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-02-02qcow: Assign bs->file->bs to file in qcow_co_get_block_statusFam Zheng
Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Fam Zheng <famz@redhat.com> Message-id: 1453780743-16806-3-git-send-email-famz@redhat.com Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-02-02block: Add "file" output parameter to block status query functionsFam Zheng
The added parameter can be used to return the BDS pointer which the valid offset is referring to. Its value should be ignored unless BDRV_BLOCK_OFFSET_VALID in ret is set. Until block drivers fill in the right value, let's clear it explicitly right before calling .bdrv_get_block_status. The "bs->file" condition in bdrv_co_get_block_status is kept now to keep iotest case 102 passing, and will be fixed once all drivers return the right file pointer. Signed-off-by: Fam Zheng <famz@redhat.com> Message-id: 1453780743-16806-2-git-send-email-famz@redhat.com Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-02-02block: acquire in bdrv_query_image_infoPaolo Bonzini
NFS calls aio_poll inside bdrv_get_allocated_size. This requires acquiring the AioContext. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Message-id: 1450867706-19860-1-git-send-email-pbonzini@redhat.com Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-02-02iotests: Add test for block jobs and BDS ejectionMax Reitz
Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-02-02iotests: Add test for multiple BB on BDS treeMax Reitz
This adds a test for having multiple BlockBackends in one BDS tree. In this case, there is one BB for the protocol BDS and one BB for the format BDS in a simple two-BDS tree (with the protocol BDS and BB added first). When bdrv_close_all() is executed, no cached data from any BDS should be lost; the protocol BDS may not be closed until the format BDS is closed. Otherwise, metadata updates may be lost. Signed-off-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-02-02block: Rewrite bdrv_close_all()Max Reitz
This patch rewrites bdrv_close_all(): Until now, all root BDSs have been force-closed. This is bad because it can lead to cached data not being flushed to disk. Instead, try to make all reference holders relinquish their reference voluntarily: 1. All BlockBackend users are handled by making all BBs simply eject their BDS tree. Since a BDS can never be on top of a BB, this will not cause any of the issues as seen with the force-closing of BDSs. The references will be relinquished and any further access to the BB will fail gracefully. 2. All BDSs which are owned by the monitor itself (because they do not have a BB) are relinquished next. 3. Besides BBs and the monitor, block jobs and other BDSs are the only things left that can hold a reference to BDSs. After every remaining block job has been canceled, there should not be any BDSs left (and the loop added here will always terminate (as long as NDEBUG is not defined), because either all_bdrv_states will be empty or there will not be any block job left to cancel, failing the assertion). Signed-off-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-02-02block: Add blk_remove_all_bs()Max Reitz
When bdrv_close_all() is called, instead of force-closing all root BlockDriverStates, it is better to just drop the reference from all BlockBackends and let them be closed automatically. This prevents BDS from getting closed that are still referenced by other BDS, which may result in loss of cached data. This patch adds a function for doing that, but does not yet incorporate it in bdrv_close_all(). Signed-off-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-02-02blockdev: Keep track of monitor-owned BDSMax Reitz
As a side effect, we can now make x-blockdev-del's check whether a BDS is actually owned by the monitor explicit. Signed-off-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>