aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-08-15image-fuzzer: Reduce number of generator functions in __init__Maria Kustova
Some issues can be found only when a fuzzed image has a partial structure, e.g. has L1/L2 tables but no refcount ones. Generation of an entirely defined image limits these cases. Now the Image constructor creates only a header and a backing file name (if any), other image elements are generated in the 'create_image' API. Signed-off-by: Maria Kustova <maria.k@catit.be> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15image-fuzzer: Add generators of L1/L2 tablesMaria Kustova
Entries in L1/L2 entries are based on a portion of random guest clusters. L2 entries contain offsets to host image clusters filled with random data. Clusters for L1/L2 tables and guest data are selected randomly. Signed-off-by: Maria Kustova <maria.k@catit.be> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15image-fuzzer: Add fuzzing functions for L1/L2 table entriesMaria Kustova
Signed-off-by: Maria Kustova <maria.k@catit.be> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15docs: Expand the list of supported image elements with L1/L2 tablesMaria Kustova
Signed-off-by: Maria Kustova <maria.k@catit.be> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15image-fuzzer: Public API for image-fuzzer/runner/runner.pyMaria Kustova
__init__.py provides the public API required by the test runner Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Maria Kustova <maria.k@catit.be> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15image-fuzzer: Generator of fuzzed qcow2 imagesMaria Kustova
The layout submodule of the qcow2 package creates a random valid image, randomly selects some amount of its fields, fuzzes them and write the fuzzed image to the file. Fuzzing process can be controlled by an external configuration. Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Maria Kustova <maria.k@catit.be> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15image-fuzzer: Fuzzing functions for qcow2 imagesMaria Kustova
The fuzz submodule of the qcow2 image generator contains fuzzing functions for image fields. Each fuzzing function contains a list of constraints and a call of a helper function that randomly selects a fuzzed value satisfied to one of constraints. For now constraints include only known as invalid or potentially dangerous values. But after investigation of code coverage by fuzz tests they will be expanded by heuristic values based on inner checks and flows of a program under test. Now fuzzing of a header, header extensions and a backing file name is supported. Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Maria Kustova <maria.k@catit.be> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15image-fuzzer: Tool for fuzz tests executionMaria Kustova
The purpose of the test runner is to prepare the test environment (e.g. create a work directory, a test image, etc), execute a program under test with parameters, indicate a test failure if the program was killed during the test execution and collect core dumps, logs and other test artifacts. The test runner doesn't depend on an image format, so it can be used with any external image generator. [Fixed path to qcow2 format module "qcow2" instead of "../qcow2" since runner.py is no longer in a sub-directory. --Stefan] Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Maria Kustova <maria.k@catit.be> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15docs: Specification for the image fuzzerMaria Kustova
'Overall fuzzer requirements' chapter contains the current product vision and features done and to be done. This chapter is still in progress. Signed-off-by: Maria Kustova <maria.k@catit.be> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15ide: only constrain read/write requests to drive size, not other typesMichael Tokarev
Commit 58ac321135a introduced a check to ide dma processing which constrains all requests to drive size. However, apparently, some valid requests (like TRIM) does not fit in this constraint, and fails in 2.1. So check the range only for reads and writes. Cc: qemu-stable@nongnu.org Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15virtio-blk: Correct bug in support for flexible descriptor layoutMarc Marí
Without this correction, only a three descriptor layout is accepted, and requests with just two descriptors are not completed and no error message is displayed. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Marc Marí <marc.mari.barcelo@gmail.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15libqos: Change free function called in mallocMarc Marí
Reviewed-by: John Snow <jsnow@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Marc Marí <marc.mari.barcelo@gmail.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15libqos: Correct mask to align size to PAGE_SIZE in malloc-pcMarc Marí
Reviewed-by: John Snow <jsnow@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Marc Marí <marc.mari.barcelo@gmail.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15libqtest: add QTEST_LOG for debugging qtest testcasesMarc Marí
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Marc Marí <marc.mari.barcelo@gmail.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15ide: Fix segfault when flushing a device that doesn't existKevin Wolf
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15qemu-options: add missing -drive discard option to cmdline helpPeter Lieven
Signed-off-by: Peter Lieven <pl@kamp.de> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15parallels: 2TB+ parallels images supportDenis V. Lunev
Parallels has released in the recent updates of Parallels Server 5/6 new addition to his image format. Images with signature WithouFreSpacExt have offsets in the catalog coded not as offsets in sectors (multiple of 512 bytes) but offsets coded in blocks (i.e. header->tracks * 512) In this case all 64 bits of header->nb_sectors are used for image size. This patch implements support of this for qemu-img and also adds specific check for an incorrect image. Images with block size greater than INT_MAX/513 are not supported. The biggest available Parallels image cluster size in the field is 1 Mb. Thus this limit will not hurt anyone. Signed-off-by: Denis V. Lunev <den@openvz.org> CC: Jeff Cody <jcody@redhat.com> CC: Kevin Wolf <kwolf@redhat.com> CC: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Jeff Cody <jcody@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15parallels: split check for parallels format in parallels_openDenis V. Lunev
and rework error path a bit. There is no difference at the moment, but the code will be definitely shorter when additional processing will be required for WithouFreSpacExt Signed-off-by: Denis V. Lunev <den@openvz.org> CC: Jeff Cody <jcody@redhat.com> CC: Kevin Wolf <kwolf@redhat.com> CC: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Jeff Cody <jcody@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15parallels: replace tabs with spaces in block/parallels.cDenis V. Lunev
Signed-off-by: Denis V. Lunev <den@openvz.org> Reviewed-by: Jeff Cody <jcody@redhat.com> CC: Kevin Wolf <kwolf@redhat.com> CC: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15parallels: extend parallels format header with actual data valuesDenis V. Lunev
Parallels image format has several additional fields inside: - nb_sectors is actually 64 bit wide. Upper 32bits are not used for images with signature "WithoutFreeSpace" and must be explicitly zeroed according to Parallels. They will be used for images with signature "WithouFreSpacExt" - inuse is magic which means that the image is currently opened for read/write or was not closed correctly, the magic is 0x746f6e59 - data_off is the location of the first data block. It can be zero and in this case data starts just beyond the header aligned to 512 bytes. Though this field does not matter for read-only driver This patch adds these values to struct parallels_header and adds proper handling of nb_sectors for currently supported WithoutFreeSpace images. WithouFreSpacExt will be covered in next patches. Signed-off-by: Denis V. Lunev <den@openvz.org> CC: Kevin Wolf <kwolf@redhat.com> CC: Stefan Hajnoczi <stefanha@redhat.com> CC: Jeff Cody <jcody@redhat.com> Reviewed-by: Jeff Cody <jcody@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15dataplane: stop trying on notifier errorCornelia Huck
If we fail to set up guest or host notifiers, there's no use trying again every time the guest kicks, so disable dataplane in that case. Acked-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15dataplane: fail notifier setting gracefullyCornelia Huck
The dataplane code is currently doing a hard exit if it fails to set up either guest or host notifiers. In practice, this may mean that a guest suddenly dies after a dataplane device failed to come up (e.g., when a file descriptor limit is hit for tne nth device). Let's just try to unwind the setup instead and return. Acked-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15dataplane: print why starting failedCornelia Huck
Setting up guest or host notifiers may fail, but the user will have no idea why: Let's print the error returned by the callback. Acked-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15channel-posix: using qemu_set_nonblock() instead of fcntl(O_NONBLOCK)Gonglei
Technically, fcntl(soc, F_SETFL, O_NONBLOCK) is incorrect since it clobbers all other file flags. We can use F_GETFL to get the current flags, set or clear the O_NONBLOCK flag, then use F_SETFL to set the flags. Using the qemu_set_nonblock() wrapper. Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Wangxin <wangxinxin.wang@huawei.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15qemu-char: using qemu_set_nonblock() instead of fcntl(O_NONBLOCK)Gonglei
Technically, fcntl(soc, F_SETFL, O_NONBLOCK) is incorrect since it clobbers all other file flags. We can use F_GETFL to get the current flags, set or clear the O_NONBLOCK flag, then use F_SETFL to set the flags. Using the qemu_set_nonblock() wrapper. Signed-off-by: Wangxin <wangxinxin.wang@huawei.com> Signed-off-by: Gonglei <arei.gonglei@huawei.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15cmd646: synchronise UDMA interrupt status with DMA interrupt statusMark Cave-Ayland
Make sure that both registers are synchronised when being accessed through PCI configuration space. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15cmd646: allow MRDMODE interrupt status bits clearing from PCI config spaceMark Cave-Ayland
Make sure that we also update the normal DMA interrupt status bits at the same time, and alter the IRQ if being cleared accordingly. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15cmd646: switch cmd646_update_irq() to accept PCIDevice instead of PCIIDEStateMark Cave-Ayland
This is in preparation for adding configuration space accessors which accept PCIDevice as a parameter. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15cmd646: synchronise DMA interrupt status with UDMA interrupt statusMark Cave-Ayland
Make sure that the standard DMA interrupt status bits reflect any changes made to the UDMA interrupt status bits. The CMD646U2 datasheet claims that these bits are equivalent, and they must be synchronised for guests that manipulate both registers. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15cmd646: add constants for CNTRL register accessMark Cave-Ayland
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15qtest/ide: Fix small memory leakJohn Snow
For libqos debugging purposes, it's nice to be able to assert that tests and associated libraries have no memory leaks. To that end, free up the trivial cmdline leak. The remaining leaks caused by pc_alloc_init are fixed instead by my first-fit pc_alloc implementation already on the qemu-devel mailing list. Signed-off-by: John Snow <jsnow@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15libqos: allow qpci_iomap to return BAR mapping sizeJohn Snow
This patch allows qpci_iomap to return the size of the BAR mapping that it created, to allow driver applications (e.g, ahci-test) to make determinations about the suitability or the mapping size, or in the specific case of AHCI, how many ports are supported by the HBA. Signed-off-by: John Snow <jsnow@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15libqos: Fixes a small memory leak.John Snow
Allow users the chance to clean up the QPCIBusPC structure by adding a small cleanup routine. Helps clear up small memory leaks during setup/teardown, to allow for cleaner debug output messages. Signed-off-by: John Snow <jsnow@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15libqtest: Correct small memory leak.John Snow
Fixes a small memory leak inside of libqtest. After we produce a test path and glib copies the string for itself, we should clean up our temporary copy. Signed-off-by: John Snow <jsnow@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15libqos: Correct memory leakJohn Snow
Fix a small memory leak inside of libqos, in the pc_alloc_init routine. Signed-off-by: John Snow <jsnow@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15qtest: Adding qtest_memset and qmemset.John Snow
Currently, libqtest allows for memread and memwrite, but does not offer a simple way to zero out regions of memory. This patch adds a simple function to do so. Signed-off-by: John Snow <jsnow@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15q35: Enable the ioapic device to be seen by qtest.John Snow
Currently, the ioapic device can not be found in a qtest environment when requesting "irq_interrupt_in ioapic" via the qtest socket. By mirroring how the ioapic is added in i44ofx (hw/i440/pc_piix.c), as a child of "q35," the device is able to be seen by qtest. Signed-off-by: John Snow <jsnow@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15ahci: construct PIO Setup FIS for PIO commandsPaolo Bonzini
PIO commands should put a PIO Setup FIS in the receive area when data transfer ends. Currently QEMU does not do this and only places the D2H FIS at the end of the operation. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: John Snow <jsnow@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15ide: make all commands go through cmd_donePaolo Bonzini
AHCI has code to fill in the D2H FIS trigger the IRQ all over the place. Centralize this in a single cmd_done callback by generalizing the existing async_cmd_done callback. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: John Snow <jsnow@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15ide: stop PIO transfer on errorsPaolo Bonzini
This will provide a hook for sending the result of the command via the FIS receive area. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: John Snow <jsnow@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15ahci: remove duplicate PORT_IRQ_* constantsPaolo Bonzini
These are defined twice, just use one set consistently. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: John Snow <jsnow@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15ide: move retry constants out of BM_STATUS_* namespacePaolo Bonzini
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: John Snow <jsnow@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15ide: move BM_STATUS bits to pci.[ch]Paolo Bonzini
They are not used by AHCI, and should not be even available there. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: John Snow <jsnow@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15ide: fold add_status callback into set_inactivePaolo Bonzini
It is now called only after the set_inactive callback. Put the two together. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: John Snow <jsnow@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15ide: remove wrong setting of BM_STATUS_INTPaolo Bonzini
Similar to the case removed in commit 69c38b8 (ide/core: Remove explicit setting of BM_STATUS_INT, 2011-05-19), the only remaining use of add_status(..., BM_STATUS_INT) is for short PRDs. The flag should not be raised in this case. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: John Snow <jsnow@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15ide: wrap start_dma callbackPaolo Bonzini
Make it optional and prepare for the next patches. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: John Snow <jsnow@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15ide: simplify start_transfer callbacksPaolo Bonzini
Drop the unused return value and make the callback optional. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: John Snow <jsnow@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15ide: simplify async_cmd_done callbacksPaolo Bonzini
Drop the unused return value. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: John Snow <jsnow@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15ide: simplify set_inactive callbacksPaolo Bonzini
Drop the unused return value and make the callback optional. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: John Snow <jsnow@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-08-15ide: simplify reset callbacksPaolo Bonzini
Drop the unused return value and make the callback optional. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: John Snow <jsnow@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>