aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2013-10-11qcow2: Assert against snapshot name/ID overflowMax Reitz
qcow2_write_snapshots relies on the length of every snapshot ID and name fitting into an unsigned 16 bit integer. This is currently ensured by QEMU through generally only allowing 128 byte IDs and 256 byte names. However, if this should change in the future, the length written to the image file should not be silently truncated (though the name itself would be written completely). Since this is currently not an issue but might require attention due to internal QEMU changes in the future, an assert ensuring sanity is enough for now. Signed-off-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2013-10-11qcow2: Free allocated snapshot table on errorMax Reitz
If an error occurs during qcow2_write_snapshots, the newly allocated snapshot table clusters are leaked and should thus be freed. Signed-off-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2013-10-11qcow2: Always use error path on writing snapshotsMax Reitz
qcow2_write_snapshots does contain a fail label and there is no reason not to use it on some errors; therefore, we should always jump there on error. Signed-off-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2013-10-11qcow2: Free preallocated zero clustersMax Reitz
In qcow2_free_any_clusters, preallocated zero clusters should be freed just as normal clusters are. Signed-off-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2013-10-11qcow2: Use pread for inactive L1 in overlap checkMax Reitz
Currently, qcow2_check_metadata_overlap uses bdrv_read to read inactive L1 tables from disk. The number of sectors to read is calculated through a truncating integer division, therefore, if the L1 table size is not a multiple of the sector size, the final entries will not be read and their entries in memory remain undefined (from the g_malloc). Using bdrv_pread fixes this. Signed-off-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2013-10-11qcow2: Alignment of snapshot table entriesMax Reitz
The qcow2 specification does not explicitly state so far that every snapshot table entry is aligned to 8 bytes. QEMU, in contrast, does this alignment, thus it should be properly documented (which this patch does). Signed-off-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2013-10-11qemu-iotests: Additional info from qemu-img infoMax Reitz
Add a test for the additional information now provided by qemu-img info when used on qcow2 images. It also tests the qemu QMP output from the query-block command when running qemu with different runtime options than specified in the image (ImageInfoSpecific should always refer to the image). Signed-off-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2013-10-11qemu-iotests: Discard specific info in _img_infoMax Reitz
In _img_info, filter out additional information specific to the image format provided by qemu-img info, since tests designed for multiple image formats would produce different outputs for every image format otherwise. In a human-readable dump, that new information will always be last for each "image information block" (multiple blocks are emitted when inspecting the backing file chain). Every block is separated by an empty line. Therefore, in this case, everything starting with the line "Format specific information:" up to that empty line (or EOF, if it is the last block) has to be stripped. The JSON dump will always emit pretty JSON data. Therefore, the opening and closing braces of every object will be on lines which are indented by exactly the same amount, and all lines in between will have more indentation. Thus, in this case, everything starting with a line matching the regular expression /^ *"format-specific": {/ until /^ *},?/ has to be stripped, where the number of spaces at the beginning of the respective lines is equal. Signed-off-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2013-10-11qcow2: Add support for ImageInfoSpecificMax Reitz
Add a new ImageInfoSpecificQCow2 type as a subtype of ImageInfoSpecific. This contains the compatibility level as a string and an optional lazy_refcounts boolean (optional means mandatory for compat >= 1.1 and not available for compat == 0.10). Also, add qcow2_get_specific_info, which returns this information. Signed-off-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2013-10-11block/qapi: Human-readable ImageInfoSpecific dumpMax Reitz
Add a function for generically dumping the ImageInfoSpecific information in a human-readable format to block/qapi.c. Use this function in bdrv_image_info_dump and qemu-io-cmds.c:info_f to allow qemu-img info resp. qemu-io -c info to print that format specific information. Signed-off-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2013-10-11block: Add bdrv_get_specific_infoMax Reitz
Add a function for retrieving an ImageInfoSpecific object from a block driver. Signed-off-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2013-10-11qapi: Add ImageInfoSpecific typeMax Reitz
Add a new type ImageInfoSpecific as a union for image format specific information in ImageInfo. Signed-off-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2013-10-11qapi: make use of new BlockJobTypeFam Zheng
Switch the string to enum type BlockJobType in BlockJobDriver. Signed-off-by: Fam Zheng <famz@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2013-10-11qapi: Introduce enum BlockJobTypeFam Zheng
This will replace the open coded block job type string for mirror, commit and backup. Signed-off-by: Fam Zheng <famz@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2013-10-11blockjob: rename BlockJobType to BlockJobDriverFam Zheng
We will use BlockJobType as the enum type name of block jobs in QAPI, rename current BlockJobType to BlockJobDriver, which will eventually become a set of operations, similar to block drivers. Signed-off-by: Fam Zheng <famz@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2013-10-10Merge remote-tracking branch 'afaerber/tags/qom-cpu-for-anthony' into stagingAnthony Liguori
QOM CPUState refactorings / X86CPU * Fix for X86CPU model field of qemu32/qemu64 CPU models * Bug fix for longjmp on FreeBSD * Removal of unused function * Confinement of clone syscall infrastructure to linux-user # gpg: Signature made Wed 09 Oct 2013 03:40:51 AM PDT using RSA key ID 3E7E013F # gpg: Can't check signature: public key not found # By Andreas Färber (2) and others # Via Andreas Färber * afaerber/tags/qom-cpu-for-anthony: cpu: Drop cpu_model_str from CPU_COMMON cpu: Move cpu_copy() into linux-user cputlb: Remove dead function tlb_update_dirty() cpu-exec: Also reload CPUClass *cc after longjmp return in cpu_exec() target-i386: Set model=6 on qemu64 & qemu32 CPU models
2013-10-10Merge remote-tracking branch 'amit/char-remove-watch-on-unplug' into stagingAnthony Liguori
# By Amit Shah # Via Amit Shah * amit/char-remove-watch-on-unplug: char: remove watch callback on chardev detach from frontend char: use common function to disable callbacks on chardev close char: move backends' io watch tag to CharDriverState Message-id: 20131004154802.GA25646@grmbl.mre Signed-off-by: Anthony Liguori <aliguori@amazon.com>
2013-10-10Merge remote-tracking branch 'otubo/seccomp' into stagingAnthony Liguori
# By Eduardo Otubo # Via Eduardo Otubo * otubo/seccomp: seccomp: fine tuning whitelist by adding times() Message-id: 1380047458-21673-1-git-send-email-otubo@linux.vnet.ibm.com Signed-off-by: Anthony Liguori <aliguori@amazon.com>
2013-10-10Merge remote-tracking branch 'mcayland/qemu-openbios' into stagingAnthony Liguori
* mcayland/qemu-openbios: Update OpenBIOS images Signed-off-by: Anthony Liguori <aliguori@amazon.com>
2013-10-10Merge remote-tracking branch 'sstabellini/xen-2013-10-10' into stagingAnthony Liguori
# By Matthew Daley (1) and Roger Pau Monné (1) # Via Stefano Stabellini * sstabellini/xen-2013-10-10: qemu/xen: make use of xenstore relative paths xen_disk: mark ioreq as mapped before unmapping in error case
2013-10-10Merge remote-tracking branch 'bonzini/scsi-next' into stagingAnthony Liguori
# By Asias He (1) and Peter Lieven (1) # Via Paolo Bonzini * bonzini/scsi-next: scsi: Allocate SCSITargetReq r->buf dynamically [CVE-2013-4344] block/iscsi: reenable iscsi_co_get_block_status Message-id: 1381332391-8781-1-git-send-email-pbonzini@redhat.com Signed-off-by: Anthony Liguori <aliguori@amazon.com>
2013-10-10Update email addressAnthony Liguori
Amazon is now funding my work as QEMU maintainer so update addresses accordingly. Signed-off-by: Anthony Liguori <aliguori@amazon.com>
2013-10-10qemu/xen: make use of xenstore relative pathsRoger Pau Monné
Qemu has several hardcoded xenstore paths that are only valid on Dom0. Attempts to launch a Qemu instance (to act as a userspace backend for PV disks) will fail because Qemu is not able to access those paths when running on a domain different than Dom0. Instead make the xenstore paths relative to the domain where Qemu is actually running. Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Reviewed-by: Anthony PERARD <anthony.perard@citrix.com> Cc: xen-devel@lists.xenproject.org Cc: Anthony PERARD <anthony.perard@citrix.com>
2013-10-10xen_disk: mark ioreq as mapped before unmapping in error caseMatthew Daley
Commit 4472beae modified the semantics of ioreq_{un,}map so that they are idempotent if called when they're not needed (ie., twice in a row). However, it neglected to handle the case where batch mapping is not being used (the default), and one of the grants fails to map. In this case, ioreq_unmap will be called to unwind and unmap any mappings already performed, but ioreq_unmap simply returns due to the aforementioned change (the ioreq has not already been marked as mapped). The frontend user can therefore force xen_disk to leak grant mappings, a per-domain limited resource. Fix by marking the ioreq as mapped before calling ioreq_unmap in this situation. Signed-off-by: Matthew Daley <mattjd@gmail.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2013-10-09scsi: Allocate SCSITargetReq r->buf dynamically [CVE-2013-4344]Asias He
r->buf is hardcoded to 2056 which is (256 + 1) * 8, allowing 256 luns at most. If more than 256 luns are specified by user, we have buffer overflow in scsi_target_emulate_report_luns. To fix, we allocate the buffer dynamically. Signed-off-by: Asias He <asias@redhat.com> Tested-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-10-09Merge remote-tracking branch 'stefanha/block' into stagingAnthony Liguori
# By Max Reitz (5) and others # Via Stefan Hajnoczi * stefanha/block: block: use correct filename qemu-iotests: Correct 026 output qcow2: Free allocated L2 cluster on error qcow2: Switch L1 table in a single sequence block: vhdx - add migration blocker block: use correct filename for error report qcow2: CHECK_OFLAG_COPIED is obsolete qcow2: Correct endianness in overlap check Message-id: 1381145289-6591-1-git-send-email-stefanha@redhat.com Signed-off-by: Anthony Liguori <anthony@codemonkey.ws>
2013-10-09Merge remote-tracking branch 'mjt/trivial-patches' into stagingAnthony Liguori
# By Stefan Weil (5) and others # Via Michael Tokarev * mjt/trivial-patches: migration: Fix compiler warning ('caps' may be used uninitialized) util/path: Fix type which is longer than 8 bit for MinGW hw/9pfs: Fix errno value for xattr functions vl: Clean up unnecessary boot_order complications qemu-char: Fix potential out of bounds access to local arrays pci-ohci: Add missing 'break' in ohci_service_td sh4: Fix serial line access for Linux kernels later than 3.2 hw/alpha: Fix compiler warning (integer constant is too large) target-i386: Fix compiler warning (integer constant is too large) block: Remove unused assignment (fixes warning from clang) exec: cleanup DEBUG_SUBPAGE tests: Fix schema parser test for in-tree build tests: Update .gitignore for test-int128 and test-bitops .gitignore: ignore tests/qemu-iotests/socket_scm_helper Message-id: 1381051979-25742-1-git-send-email-mjt@msgid.tls.msk.ru Signed-off-by: Anthony Liguori <anthony@codemonkey.ws>
2013-10-09Merge remote-tracking branch 'rth/tcg-arm-pull' into stagingAnthony Liguori
# By Richard Henderson # Via Richard Henderson * rth/tcg-arm-pull: tcg-arm: Move the tlb addend load earlier tcg-arm: Remove restriction on qemu_ld output register tcg-arm: Return register containing tlb addend tcg-arm: Move load of tlb addend into tcg_out_tlb_read tcg-arm: Use QEMU_BUILD_BUG_ON to verify constraints on tlb tcg-arm: Use strd for tcg_out_arg_reg64 tcg-arm: Rearrange slow-path qemu_ld/st tcg-arm: Use ldrd/strd for appropriate qemu_ld/st64 Message-id: 1380663109-14434-1-git-send-email-rth@twiddle.net Signed-off-by: Anthony Liguori <anthony@codemonkey.ws>
2013-10-09Merge remote-tracking branch 'sweil/mingw' into stagingAnthony Liguori
# By Sebastian Ottlik # Via Stefan Weil * sweil/mingw: util: call socket_set_fast_reuse instead of setting SO_REUSEADDR slirp: call socket_set_fast_reuse instead of setting SO_REUSEADDR net: call socket_set_fast_reuse instead of setting SO_REUSEADDR gdbstub: call socket_set_fast_reuse instead of setting SO_REUSEADDR util: add socket_set_fast_reuse function which will replace setting SO_REUSEADDR Message-id: 1380735690-24009-1-git-send-email-sw@weilnetz.de Signed-off-by: Anthony Liguori <anthony@codemonkey.ws>
2013-10-09Merge remote-tracking branch 'kraxel/chardev.8' into stagingAnthony Liguori
# By Gerd Hoffmann # Via Gerd Hoffmann * kraxel/chardev.8: chardev: handle qmp_chardev_add(KIND_MUX) failure Message-id: 1380708925-6721-1-git-send-email-kraxel@redhat.com Signed-off-by: Anthony Liguori <anthony@codemonkey.ws>
2013-10-09Merge remote-tracking branch 'sweil/tci' into stagingAnthony Liguori
# By Stefan Weil # Via Stefan Weil * sweil/tci: misc: Use new rotate functions bitops: Add rotate functions (rol8, ror8, ...) tci: Add implementation of rotl_i64, rotr_i64 Message-id: 1380137693-3729-1-git-send-email-sw@weilnetz.de Signed-off-by: Anthony Liguori <anthony@codemonkey.ws>
2013-10-09block/iscsi: reenable iscsi_co_get_block_statusPeter Lieven
Commit f35c934a accidently disabled iscsi_co_get_block_status for all libiscsi versions. Its not possible to check for enumeration constants in the C preprocessor. This patch changes the check to the preprocessor constant LIBISCSI_FEATURE_IOVECTOR which was introduced shortly after get_lba_status support was added to libiscsi. Signed-off-by: Peter Lieven <pl@kamp.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-10-07block: use correct filenameDunrong Huang
The content filename point to may be erased by qemu_opts_absorb_qdict() in raw_open_common() in drv->bdrv_file_open() So it's better to use bs->filename. Signed-off-by: Dunrong Huang <riegamaths@gmail.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-10-07qemu-iotests: Correct 026 outputMax Reitz
Because l2_allocate now frees the unused L2 cluster on error, the according test cases in 026 don't result in one leaked cluster anymore. Signed-off-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-10-07qcow2: Free allocated L2 cluster on errorMax Reitz
If an error occurs in l2_allocate, the allocated (but unused) L2 cluster should be freed. Signed-off-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Benoit Canet <benoit@irqsave.net> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-10-07cpu: Drop cpu_model_str from CPU_COMMONAndreas Färber
Since this is only read in cpu_copy() and linux-user has a global cpu_model, drop the field from generic code. Signed-off-by: Andreas Färber <afaerber@suse.de>
2013-10-07cpu: Move cpu_copy() into linux-userAndreas Färber
It is only used there and is deemed very fragile if not incorrect in its current memcpy() form. Moving it into linux-user will allow to move parts into target_cpu.h headers and only copy what the ABI mandates. Signed-off-by: Andreas Färber <afaerber@suse.de>
2013-10-07cputlb: Remove dead function tlb_update_dirty()liguang
Signed-off-by: liguang <lig.fnst@cn.fujitsu.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
2013-10-07cpu-exec: Also reload CPUClass *cc after longjmp return in cpu_exec()Juergen Lock
Local variable CPUClass *cc needs to be reloaded after return from longjmp, too. (This fixes a mips-softmmu crash observed on FreeBSD when QEMU is built with clang.) Reported-by: Dimitry Andric <dim@FreeBSD.org> Signed-off-by: Juergen Lock <nox@jelal.kn-bremen.de> Signed-off-by: Andreas Färber <afaerber@suse.de>
2013-10-05migration: Fix compiler warning ('caps' may be used uninitialized)Michael Tokarev
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Stefan Weil <sw@weilnetz.de>
2013-10-05util/path: Fix type which is longer than 8 bit for MinGWStefan Weil
While dirent->d_type is 8 bit for most systems, it is 32 bit for MinGW. Reducing it to 8 bit results in a compiler warning because the macro is_dir_maybe compares that 8 bit value with 32 bit constants. Using 'unsigned' instead of 'unsigned char' matches the declaration for MinGW and does not harm the other systems. MinGW-w64 is not affected: it does not declare d_type. Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2013-10-05hw/9pfs: Fix errno value for xattr functionsDaniel P. Berrange
If there is no operation driver for the xattr type the functions return '-1' and set errno to '-EOPNOTSUPP'. When the calling code sets 'ret = -errno' this turns into a large positive number. In Linux 3.11, the kernel has switched to using 9p version 9p2000.L, instead of 9p2000.u, which enables support for xattr operations. This on its own is harmless, but for another change which makes it request the xattr with a name 'security.capability'. The result is that the guest sees a succesful return of 95 bytes of data, instead of a failure with errno set to 95. Since the kernel expects a maximum of 20 bytes for an xattr return this gets translated to the unexpected errno ERANGE. This all means that when running a binary off a 9p fs in 3.11 kernels you get a fun result of: # ./date sh: ./date: Numerical result out of range The only workaround is to pass 'version=9p2000.u' when mounting the 9p fs in the guest, to disable all use of xattrs. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Reviewed-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2013-10-05vl: Clean up unnecessary boot_order complicationsMarkus Armbruster
Messed up in commit 8281abd. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2013-10-05qemu-char: Fix potential out of bounds access to local arraysStefan Weil
Latest gcc-4.8 supports a new option -fsanitize=address which activates an AddressSanitizer. This AddressSanitizer stops the QEMU system emulation very early because two character arrays of size 8 are potentially written with 9 bytes. Commit 6ea314d91439741e95772dfbab98b4135e04bebb added the code. There is no obvious reason why width or height could need 8 characters, so reduce it to 7 characters which together with the terminating '\0' fit into the arrays. Cc: qemu-stable <qemu-stable@nongnu.org> Signed-off-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Alex Bennée <alex@bennee.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2013-10-03Update OpenBIOS imagesMark Cave-Ayland
Update OpenBIOS images to SVN r1229 built from submodule. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2013-10-02pci-ohci: Add missing 'break' in ohci_service_tdJán Veselý
Device communication errors need to be reported to driver. Add a debug message while at it. Signed-off-by: Jan Vesely <jano.vesely@gmail.com> Acked-by: Gerd Hoffmann <kraxel@gmail.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2013-10-02sh4: Fix serial line access for Linux kernels later than 3.2Guenter Roeck
With Linux kernel version 3.3 or later, qemu fails with the following message: sh_serial: unsupported read from 0x18 Aborted Reported-and-analyzed-by: Rob Landley <rob@landley.net> Signed-off-by: Guenter Roeck <linux@roeck-us.net> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2013-10-02hw/alpha: Fix compiler warning (integer constant is too large)Stefan Weil
From buildbot default_i386_rhel61: CC alpha-softmmu/hw/alpha/typhoon.o hw/alpha/typhoon.c: In function 'typhoon_translate_iommu': hw/alpha/typhoon.c:703: warning: integer constant is too large for 'long' type hw/alpha/typhoon.c:703: warning: integer constant is too large for 'long' type Signed-off-by: Stefan Weil <sw@weilnetz.de> Acked-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2013-10-02target-i386: Fix compiler warning (integer constant is too large)Stefan Weil
From buildbot default_i386_rhel61: CC i386-softmmu/target-i386/arch_memory_mapping.o target-i386/arch_memory_mapping.c: In function 'walk_pde': target-i386/arch_memory_mapping.c:110: warning: integer constant is too large for 'long' type Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2013-10-02block: Remove unused assignment (fixes warning from clang)Stefan Weil
blockdev.c:1929:13: warning: Value stored to 'ret' is never read ret = 0; ^ ~ Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>