aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-08-05tests: Rename qtests which have names ending "error"Peter Maydell
We have three qtest tests which have test names ending with "error". This is awkward because the output of verbose test runs looks like /crypto/task/error: OK /crypto/task/thread_error: OK which gives false positives if you are grepping build logs for errors by looking for "error:". Since there are only three tests with this problem, just rename them all to 'failure' instead. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Daniel P. Berrange <berrange@redhat.com> Message-id: 1470307178-22848-1-git-send-email-peter.maydell@linaro.org
2016-08-05wxx: Fix handling of files used for character devicesStefan Weil
On Windows, such files were not truncated like on all other hosts. Now we also test whether truncation is needed when running on Windows. The append case was also incorrect because it needs a different value for the desired access mode. Reported-by: Benjamin David Lunt <fys@fysnet.net> Signed-off-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Message-id: 1470114877-1466-1-git-send-email-sw@weilnetz.de Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-08-05Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into stagingPeter Maydell
Block layer patches for 2.7.0-rc2 # gpg: Signature made Fri 05 Aug 2016 10:30:12 BST # gpg: using RSA key 0x7F09B272C88F2FD6 # gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" # Primary key fingerprint: DC3D EB15 9A9A F95D 3D74 56FE 7F09 B272 C88F 2FD6 * remotes/kevin/tags/for-upstream: nvme: bump PCI revision nvme: fix identify to be NVMe 1.1 compliant block: Accept any target node for transactional blockdev-backup Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-08-05Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into ↵Peter Maydell
staging # gpg: Signature made Fri 05 Aug 2016 10:24:34 BST # gpg: using RSA key 0x9CA4ABB381AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" # Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8 * remotes/stefanha/tags/block-pull-request: virtio-blk: Remove stale comment about draining virtio-blk: Release s->rq queue at system_reset throttle: Test burst limits lower than the normal limits throttle: Don't allow burst limits to be lower than the normal limits block/parallels: check new image size Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-08-05Merge remote-tracking branch 'remotes/famz/tags/docker-pull-request' into ↵Peter Maydell
staging # gpg: Signature made Fri 05 Aug 2016 09:58:50 BST # gpg: using RSA key 0xCA35624C6A9171C6 # gpg: Good signature from "Fam Zheng <famz@redhat.com>" # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 5003 7CB7 9706 0F76 F021 AD56 CA35 624C 6A91 71C6 * remotes/famz/tags/docker-pull-request: docker: Add "--enable-werror" to configure command line docker: Be compatible with older docker Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-08-05Merge remote-tracking branch 'remotes/sstabellini/tags/xen-20160804-tag' ↵Peter Maydell
into staging Xen 2016/08/04 # gpg: Signature made Thu 04 Aug 2016 18:43:14 BST # gpg: using RSA key 0x894F8F4870E1AE90 # gpg: Good signature from "Stefano Stabellini <stefano.stabellini@eu.citrix.com>" # Primary key fingerprint: D04E 33AB A51F 67BA 07D3 0AEA 894F 8F48 70E1 AE90 * remotes/sstabellini/tags/xen-20160804-tag: Xen PCI passthrough: fix passthrough failure when no interrupt pin Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-08-05virtio-blk: Remove stale comment about drainingFam Zheng
This is stale after commit 6e40b3bf (virtio-blk: Use blk_drain() to drain IO requests), remove it. Suggested-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Fam Zheng <famz@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Message-id: 1470278654-13525-3-git-send-email-famz@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-08-05virtio-blk: Release s->rq queue at system_resetFam Zheng
At system_reset, there is no point in retrying the queued request, because the driver that issued the request won't be around any more. Analyzed-by: Laszlo Ersek <lersek@redhat.com> Reported-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Fam Zheng <famz@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Message-id: 1470278654-13525-2-git-send-email-famz@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-08-05throttle: Test burst limits lower than the normal limitsAlberto Garcia
This checks that making FOO_max lower than FOO is not allowed. We could also forbid having FOO_max == FOO, but that doesn't have any odd side effects and it would require us to update several other tests, so let's keep it simple. Signed-off-by: Alberto Garcia <berto@igalia.com> Reviewed-by: Eric Blake <eblake@redhat.com> Message-id: 2f90f9ee58aa14b7bd985f67c5996b06e0ab6c19.1469693110.git.berto@igalia.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-08-05throttle: Don't allow burst limits to be lower than the normal limitsAlberto Garcia
Setting FOO_max to a value that is lower than FOO does not make sense, and it produces odd results depending on the value of FOO_max_length. Although the user should not set that configuration in the first place it's better to reject it explicitly. https://bugzilla.redhat.com/show_bug.cgi?id=1355665 Signed-off-by: Alberto Garcia <berto@igalia.com> Reported-by: Gu Nini <ngu@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Message-id: 663d5aca406060e31f80d8113f77b6feee63b919.1469693110.git.berto@igalia.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-08-05block/parallels: check new image sizeKlim Kireev
Before this patch incorrect image could be created via qemu-img (Example: qemu-img create -f parallels -o size=4096T hack.img), incorrect images cannot be used due to overflow in main image structure. This patch add check of size in image creation. After reading size it compare it with UINT32_MAX * cluster_size. Signed-off-by: Klim Kireev <proffk@virtuozzo.mipt.ru> Signed-off-by: Denis V. Lunev <den@openvz.org> Message-id: 1469639300-12155-1-git-send-email-den@openvz.org CC: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-08-05nvme: bump PCI revisionChristoph Hellwig
The broken Identify implementation in earlier Qemu versions means we need to blacklist it from issueing the NVMe 1.1 Identify Namespace List command. As we want to be able to use it in newer Qemu versions we need a way to identify those. Bump the PCI revision as a guest visible indicator of this bug fix. Signed-off-by: Christoph Hellwig <hch@lst.de> Acked-by: Keith Busch <keith.busch@intel.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-08-05nvme: fix identify to be NVMe 1.1 compliantChristoph Hellwig
NVMe 1.1 requires devices to implement a Namespace List subcommand of the identify command. Qemu not only not implements this features, but also misinterprets it as an Identify Controller request. Due to this any OS trying to use the Namespace List will fail the probe. Signed-off-by: Christoph Hellwig <hch@lst.de> Acked-by: Keith Busch <keith.busch@intel.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-08-05block: Accept any target node for transactional blockdev-backupKevin Wolf
Commit 0d978913 changed blockdev-backup to accept arbitrary node names instead of device names (i.e. root nodes) for the backup target. However, it forgot to make the same change in transactions and to update the documentation. This patch fixes these omissions. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Fam Zheng <famz@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-08-05docker: Add "--enable-werror" to configure command lineFam Zheng
We don't have .git in the docker checkout, add this to enable -Werror explicitly. Signed-off-by: Fam Zheng <famz@redhat.com> Message-id: 1469453510-658-1-git-send-email-famz@redhat.com
2016-08-05docker: Be compatible with older dockerFam Zheng
By not using "--format" with docker images command. The option is not available on RHEL 7 docker command. Use an awk matching command instead. Reported-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Fam Zheng <famz@redhat.com> Message-Id: <1470202928-3392-1-git-send-email-famz@redhat.com>
2016-08-04Xen PCI passthrough: fix passthrough failure when no interrupt pinBruce Rogers
Commit 5a11d0f7 mistakenly converted a log message into an error condition when no pin interrupt is found for the pci device being passed through. Revert that part of the commit. Signed-off-by: Bruce Rogers <brogers@suse.com> Signed-off-by: Stefano Stabellini <sstabellini@kernel.org> Acked-by: Anthony PERARD <anthony.perard@citrix.com>
2016-08-04Merge remote-tracking branch 'remotes/riku/tags/pull-linux-user-20160804' ↵Peter Maydell
into staging linux-user important fixes for 2.7 # gpg: Signature made Thu 04 Aug 2016 15:10:57 BST # gpg: using RSA key 0xB44890DEDE3C9BC0 # gpg: Good signature from "Riku Voipio <riku.voipio@iki.fi>" # gpg: aka "Riku Voipio <riku.voipio@linaro.org>" # Primary key fingerprint: FF82 03C8 C391 98AE 0581 41EF B448 90DE DE3C 9BC0 * remotes/riku/tags/pull-linux-user-20160804: linux-user: Handle brk() attempts with very large sizes linux-user: Fix target_semid_ds structure definition linux-user: Don't write off end of new_utsname buffer linux-user: Fix memchr() argument in open_self_cmdline() linux-user: Use correct alignment for long long on i386 guests Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-08-04linux-user: Handle brk() attempts with very large sizesPeter Maydell
In do_brk(), we were inadvertently truncating the size of a requested brk() from the guest by putting it into an 'int' variable. This meant that we would incorrectly report success back to the guest rather than a failed allocation, typically resulting in the guest then segfaulting. Use abi_ulong instead. This fixes a crash in the '31370.cc' test in the gcc libstdc++ test suite (the test case starts by trying to allocate a very large size and reduces the size until the allocation succeeds). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
2016-08-04linux-user: Fix target_semid_ds structure definitionPeter Maydell
The target_semid_ds structure is not correct for all architectures: the padding fields should only exist for: * 32-bit ABIs * x86 It is also misnamed, since it is following the kernel semid64_ds structure (QEMU doesn't support the legacy semid_ds structure at all). Rename the struct, provide a correct generic definition and allow the oddball x86 architecture to provide its own version. This fixes broken SYSV semaphores for all our 64-bit architectures except x86 and ppc. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
2016-08-04linux-user: Don't write off end of new_utsname bufferPeter Maydell
Use g_strlcpy() rather than strcpy() to copy the uname string into the structure we return to the guest for the uname syscall. This avoids overrunning the buffer if the user passed us an overlong string via the QEMU command line. We fix a comment typo while we're in the neighbourhood. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
2016-08-04linux-user: Fix memchr() argument in open_self_cmdline()Peter Maydell
In open_self_cmdline() we look for a 0 in the buffer we read from /prc/self/cmdline. We were incorrectly passing the length of our buf[] array to memchr() as the length to search, rather than the number of bytes we actually read into it, which could be shorter. This was spotted by Coverity (because it could result in our trying to pass a negative length argument to write()). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
2016-08-04linux-user: Use correct alignment for long long on i386 guestsPeter Maydell
For i386, the ABI specifies that 'long long' (8 byte values) need only be 4 aligned, but we were requiring them to be 8-aligned. This meant we were laying out the target_epoll_event structure wrongly. Add a suitable ifdef to abitypes.h to specify the i386-specific alignment requirement. Reported-by: Icenowy Zheng <icenowy@aosc.xyz> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
2016-08-04Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell
* xsetbv fix (x86 targets TCG) * remove unused functions * qht segfault and memory leak fixes * NBD fixes * Fix for non-power-of-2 discard granularity * Memory hotplug fixes * Migration regressions * IOAPIC fixes and (disabled by default) EOI register support * Various other small fixes # gpg: Signature made Wed 03 Aug 2016 18:01:05 BST # gpg: using RSA key 0xBFFBD25F78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini/tags/for-upstream: (25 commits) util: Fix assertion in iov_copy() upon zero 'bytes' and non-zero 'offset' qdev: Fix use after free in qdev_init_nofail error path Reorganize help output of '-display' option x86: ioapic: add support for explicit EOI x86: ioapic: ignore level irq during processing apic: fix broken migration for kvm-apic fw_cfg: Make base type "fw_cfg" abstract block: Cater to iscsi with non-power-of-2 discard osdep: Document differences in rounding macros nbd: Limit nbdflags to 16 bits nbd: Fix bad flag detection on server i2c: fix migration regression introduced by broadcast support mptsas: really fix migration compatibility qdist: return "(empty)" instead of NULL when printing an empty dist qdist: use g_renew and g_new instead of g_realloc and g_malloc. qdist: fix memory leak during binning target-i386: fix typo in xsetbv implementation qht: do not segfault when gathering stats from an uninitialized qht util: Drop inet_listen() util: drop unix_nonblocking_connect() ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-08-03Merge remote-tracking branch 'remotes/kraxel/tags/pull-vnc-20160803-1' into ↵Peter Maydell
staging vnc: fixes for "-vnc none". # gpg: Signature made Wed 03 Aug 2016 16:33:07 BST # gpg: using RSA key 0x4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/pull-vnc-20160803-1: vnc: ensure connection sharing/limits is always configured vnc: fix crash when vnc_server_info_get has an error vnc: don't crash getting server info if lsock is NULL Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-08-03util: Fix assertion in iov_copy() upon zero 'bytes' and non-zero 'offset'Shmulik Ladkani
In cases where iov_copy() is passed with zero 'bytes' argument and a non-zero 'offset' argument, nothing gets copied - as expected. However no copy iterations are performed, so 'offset' is left unaltered, leading to the final assert(offset == 0) to fail. Instead, change the loop condition to continue as long as 'offset || bytes', similar to other iov_* functions. This ensures 'offset' gets zeroed (even if no actual copy is made), unless it is beyond end of source iov - which is asserted. Signed-off-by: Shmulik Ladkani <shmulik.ladkani@ravellosystems.com> Message-Id: <1470130880-1050-1-git-send-email-shmulik.ladkani@oracle.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-08-03qdev: Fix use after free in qdev_init_nofail error pathFam Zheng
Since 69382d8b (qdev: Fix object reference leak in case device.realize() fails), object_property_set_bool could release the object. The error path wants the type name, so hold an reference before realizing it. Cc: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Fam Zheng <famz@redhat.com> Message-Id: <1470109301-12966-1-git-send-email-famz@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-08-03Reorganize help output of '-display' optionRobert Ho
The '-display' help information is not very correct. This patch sort it a little. Also, in its help information, reveals what implicit display option will be chosen if no definition. Signed-off-by: Robert Ho <robert.hu@intel.com> Message-Id: <1469528231-26206-1-git-send-email-robert.hu@intel.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-08-03x86: ioapic: add support for explicit EOIPeter Xu
Some old Linux kernels (upstream before v4.0), or any released RHEL kernels has problem in sending APIC EOI when IR is enabled. Meanwhile, many of them only support explicit EOI for IOAPIC, which is only introduced in IOAPIC version 0x20. This patch provide a way to boost QEMU IOAPIC to version 0x20, in order for QEMU to correctly receive EOI messages. Without boosting IOAPIC version to 0x20, kernels before commit d32932d ("x86/irq: Convert IOAPIC to use hierarchical irqdomain interfaces") will have trouble enabling both IR and level-triggered interrupt devices (like e1000). To upgrade IOAPIC to version 0x20, we need to specify: -global ioapic.version=0x20 To be compatible with old systems, 0x11 will still be the default IOAPIC version. Here 0x11 and 0x20 are the only versions to be supported. One thing to mention: this patch only applies to emulated IOAPIC. It does not affect kernel IOAPIC behavior. Signed-off-by: Peter Xu <peterx@redhat.com> Message-Id: <1470059959-372-1-git-send-email-peterx@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-08-03x86: ioapic: ignore level irq during processingPeter Xu
For level triggered interrupts, we will get Remote IRR bit cleared after guest kernel finished processing specific request. Before that, we should ignore the same interrupt from triggering again. Signed-off-by: Peter Xu <peterx@redhat.com> Message-Id: <1469974685-4144-1-git-send-email-peterx@redhat.com> [Push new "if" up so that it covers KVM split irqchip as well. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-08-03apic: fix broken migration for kvm-apicIgor Mammedov
commit f6e98444 (apic: Use apic_id as apic's migration instance_id) breaks migration when in kernel irqchip is used for 2.6 and older machine types. It applies compat property only for userspace 'apic' type instead of applying it to all apic types inherited from 'apic-common' type as it was supposed to do. Fix it by setting compat property 'legacy-instance-id' for 'apic-common' type which affects inherited types (i.e. not only 'apic' but also 'kvm-apic' types) Signed-off-by: Igor Mammedov <imammedo@redhat.com> Message-Id: <1469800542-11402-1-git-send-email-imammedo@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-08-03fw_cfg: Make base type "fw_cfg" abstractMarkus Armbruster
Missed when commit 5712db6 split off "fw_cfg_io" and "fw_cfg_mem". Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <1469777353-9383-1-git-send-email-armbru@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-08-03block: Cater to iscsi with non-power-of-2 discardEric Blake
Dell Equallogic iSCSI SANs have a very unusual advertised geometry: $ iscsi-inq -e 1 -c $((0xb0)) iscsi://XXX/0 wsnz:0 maximum compare and write length:1 optimal transfer length granularity:0 maximum transfer length:0 optimal transfer length:0 maximum prefetch xdread xdwrite transfer length:0 maximum unmap lba count:30720 maximum unmap block descriptor count:2 optimal unmap granularity:30720 ugavalid:1 unmap granularity alignment:0 maximum write same length:30720 which says that both the maximum and the optimal discard size is 15M. It is not immediately apparent if the device allows discard requests not aligned to the optimal size, nor if it allows discards at a finer granularity than the optimal size. I tried to find details in the SCSI Commands Reference Manual Rev. A on what valid values of maximum and optimal sizes are permitted, but while that document mentions a "Block Limits VPD Page", I couldn't actually find documentation of that page or what values it would have, or if a SCSI device has an advertisement of its minimal unmap granularity. So it is not obvious to me whether the Dell Equallogic device is compliance with the SCSI specification. Fortunately, it is easy enough to support non-power-of-2 sizing, even if it means we are less efficient than truly possible when targetting that device (for example, it means that we refuse to unmap anything that is not a multiple of 15M and aligned to a 15M boundary, even if the device truly does support a smaller granularity where unmapping actually works). Reported-by: Peter Lieven <pl@kamp.de> Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1469129688-22848-5-git-send-email-eblake@redhat.com> Acked-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-08-03osdep: Document differences in rounding macrosEric Blake
Make it obvious which macros are safe in which situations. Useful since QEMU_ALIGN_UP and ROUND_UP both purport to do the same thing, but differ on whether the alignment must be a power of 2. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1469129688-22848-4-git-send-email-eblake@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-08-03nbd: Limit nbdflags to 16 bitsEric Blake
Rather than asserting that nbdflags is within range, just give it the correct type to begin with :) nbdflags corresponds to the per-export portion of NBD Protocol "transmission flags", which is 16 bits in response to NBD_OPT_EXPORT_NAME and NBD_OPT_GO. Furthermore, upstream NBD has never passed the global flags to the kernel via ioctl(NBD_SET_FLAGS) (the ioctl was first introduced in NBD 2.9.22; then a latent bug in NBD 3.1 actually tried to OR the global flags with the transmission flags, with the disaster that the addition of NBD_FLAG_NO_ZEROES in 3.9 caused all earlier NBD 3.x clients to treat every export as read-only; NBD 3.10 and later intentionally clip things to 16 bits to pass only transmission flags). Qemu should follow suit, since the current two global flags (NBD_FLAG_FIXED_NEWSTYLE and NBD_FLAG_NO_ZEROES) have no impact on the kernel's behavior during transmission. CC: qemu-stable@nongnu.org Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1469129688-22848-3-git-send-email-eblake@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-08-03nbd: Fix bad flag detection on serverEric Blake
Commit ab7c548e added a check for invalid flags, but used an early return on error instead of properly going through the cleanup label. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1469129688-22848-2-git-send-email-eblake@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-08-03i2c: fix migration regression introduced by broadcast supportIgor Mammedov
QEMU fails migration with following error: qemu-system-x86_64: Missing section footer for i2c_bus qemu-system-x86_64: load of migration failed: Invalid argument when migrating from: qemu-system-x86_64-v2.6.0 -m 256M rhel72.img -M pc-i440fx-2.6 to qemu-system-x86_64-v2.7.0-rc0 -m 256M rhel72.img -M pc-i440fx-2.6 Regression is added by commit 2293c27f (i2c: implement broadcast write) Fix it by dropping 'broadcast' VMState introduced by 2293c27f and reuse broadcast 0x00 address as broadcast flag in bus->saved_address. Then if there were ongoing broadcast at migration time, set bus->saved_address to it and at i2c_slave_post_load() time check for it instead of transfering and using 'broadcast' VMState. As result of reusing existing saved_address VMState, no compat glue will be needed to keep forward/backward compatiblity. which makes fix much less intrusive. Signed-off-by: Igor Mammedov <imammedo@redhat.com> Message-Id: <1469623198-177227-1-git-send-email-imammedo@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-08-03mptsas: really fix migration compatibilityPaolo Bonzini
Commit 2e2aa316 removed internal flag msi_in_use, but it existed in vmstate. Restore it for migration to older QEMU versions. Reported-by: Amit Shah <amit.shah@redhat.com> Suggested-by: Amit Shah <amit.shah@redhat.com> Cc: Markus Armbruster <armbru@redhat.com> Cc: Marcel Apfelbaum <marcel@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Amit Shah <amit.shah@redhat.com> Cc: Cao jin <caoj.fnst@cn.fujitsu.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-08-03qdist: return "(empty)" instead of NULL when printing an empty distEmilio G. Cota
Printf'ing a NULL string is undefined behaviour. Avoid it. Reported-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Emilio G. Cota <cota@braap.org> Message-Id: <1469459025-23606-4-git-send-email-cota@braap.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-08-03qdist: use g_renew and g_new instead of g_realloc and g_malloc.Emilio G. Cota
This is safer against overflow. g_renew is available in all version of glib, while g_realloc_n is only available in 2.24. Signed-off-by: Emilio G. Cota <cota@braap.org> Message-Id: <1469459025-23606-3-git-send-email-cota@braap.org> [Rewritten to use g_new/g_renew. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-08-03Merge remote-tracking branch 'remotes/kraxel/tags/pull-usb-20160803-1' into ↵Peter Maydell
staging usb: bugfixes for xen-usb and ehci, mingw build fix. # gpg: Signature made Wed 03 Aug 2016 14:04:26 BST # gpg: using RSA key 0x4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/pull-usb-20160803-1: xen: use a common function for pv and hvm guest backend register calls xen: drain submit queue in xen-usb before removing device xen: when removing a backend don't remove many of them ehci: faster frame index calculation for skipped frames wxx: Fix compilation of host-libusb.c wxx: Fix compiler warning for host-libusb.c Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-08-03vnc: ensure connection sharing/limits is always configuredDaniel P. Berrange
The connection sharing / limits are only set in the vnc_display_open() method and so missed when VNC is running with '-vnc none'. This in turn prevents clients being added to the VNC server with the QMP "add_client" command. This was introduced in commit e5f34cdd2da54f28d90889a3afd15fad2d6105ff Author: Gerd Hoffmann <kraxel@redhat.com> Date: Thu Oct 2 12:09:34 2014 +0200 vnc: track & limit connections Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Message-id: 1470134726-15697-4-git-send-email-berrange@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-08-03vnc: fix crash when vnc_server_info_get has an errorDaniel P. Berrange
The vnc_server_info_get will allocate the VncServerInfo struct and then call vnc_init_basic_info_from_server_addr to populate the basic fields. If this returns an error though, the qapi_free_VncServerInfo call will then crash because the VncServerInfo struct instance was not properly NULL-initialized and thus contains random stack garbage. #0 0x00007f1987c8e6f5 in raise () at /lib64/libc.so.6 #1 0x00007f1987c902fa in abort () at /lib64/libc.so.6 #2 0x00007f1987ccf600 in __libc_message () at /lib64/libc.so.6 #3 0x00007f1987cd7d4a in _int_free () at /lib64/libc.so.6 #4 0x00007f1987cdb2ac in free () at /lib64/libc.so.6 #5 0x00007f198b654f6e in g_free () at /lib64/libglib-2.0.so.0 #6 0x0000559193cdcf54 in visit_type_str (v=v@entry= 0x5591972f14b0, name=name@entry=0x559193de1e29 "host", obj=obj@entry=0x5591961dbfa0, errp=errp@entry=0x7fffd7899d80) at qapi/qapi-visit-core.c:255 #7 0x0000559193cca8f3 in visit_type_VncBasicInfo_members (v=v@entry= 0x5591972f14b0, obj=obj@entry=0x5591961dbfa0, errp=errp@entry=0x7fffd7899dc0) at qapi-visit.c:12307 #8 0x0000559193ccb523 in visit_type_VncServerInfo_members (v=v@entry= 0x5591972f14b0, obj=0x5591961dbfa0, errp=errp@entry=0x7fffd7899e00) at qapi-visit.c:12632 #9 0x0000559193ccb60b in visit_type_VncServerInfo (v=v@entry= 0x5591972f14b0, name=name@entry=0x0, obj=obj@entry=0x7fffd7899e48, errp=errp@entry=0x0) at qapi-visit.c:12658 #10 0x0000559193cb53d8 in qapi_free_VncServerInfo (obj=<optimized out>) at qapi-types.c:3970 #11 0x0000559193c1e6ba in vnc_server_info_get (vd=0x7f1951498010) at ui/vnc.c:233 #12 0x0000559193c24275 in vnc_connect (vs=0x559197b2f200, vs=0x559197b2f200, event=QAPI_EVENT_VNC_CONNECTED) at ui/vnc.c:284 #13 0x0000559193c24275 in vnc_connect (vd=vd@entry=0x7f1951498010, sioc=sioc@entry=0x559196bf9c00, skipauth=skipauth@entry=tru e, websocket=websocket@entry=false) at ui/vnc.c:3039 #14 0x0000559193c25806 in vnc_display_add_client (id=<optimized out>, csock=<optimized out>, skipauth=<optimized out>) at ui/vnc.c:3877 #15 0x0000559193a90c28 in qmp_marshal_add_client (args=<optimized out>, ret=<optimized out>, errp=0x7fffd7899f90) at qmp-marshal.c:105 #16 0x000055919399c2b7 in handle_qmp_command (parser=<optimized out>, tokens=<optimized out>) at /home/berrange/src/virt/qemu/monitor.c:3971 #17 0x0000559193ce3307 in json_message_process_token (lexer=0x559194ab0838, input=0x559194a6d940, type=JSON_RCURLY, x=111, y=1 2) at qobject/json-streamer.c:105 #18 0x0000559193cfa90d in json_lexer_feed_char (lexer=lexer@entry=0x559194ab0838, ch=125 '}', flush=flush@entry=false) at qobject/json-lexer.c:319 #19 0x0000559193cfaa1e in json_lexer_feed (lexer=0x559194ab0838, buffer=<optimized out>, size=<optimized out>) at qobject/json-lexer.c:369 #20 0x0000559193ce33c9 in json_message_parser_feed (parser=<optimized out>, buffer=<optimized out>, size=<optimized out>) at qobject/json-streamer.c:124 #21 0x000055919399a85b in monitor_qmp_read (opaque=<optimized out>, buf=<optimized out>, size=<optimized out>) at /home/berrange/src/virt/qemu/monitor.c:3987 #22 0x0000559193a87d00 in tcp_chr_read (chan=<optimized out>, cond=<optimized out>, opaque=0x559194a7d900) at qemu-char.c:2895 #23 0x00007f198b64f703 in g_main_context_dispatch () at /lib64/libglib-2.0.so.0 #24 0x0000559193c484b3 in main_loop_wait () at main-loop.c:213 #25 0x0000559193c484b3 in main_loop_wait (timeout=<optimized out>) at main-loop.c:258 #26 0x0000559193c484b3 in main_loop_wait (nonblocking=<optimized out>) at main-loop.c:506 #27 0x0000559193964c55 in main () at vl.c:1908 #28 0x0000559193964c55 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4603 This was introduced in commit 98481bfcd661daa3c160cc87a297b0e60a307788 Author: Eric Blake <eblake@redhat.com> Date: Mon Oct 26 16:34:45 2015 -0600 vnc: Hoist allocation of VncBasicInfo to callers which added error reporting for vnc_init_basic_info_from_server_addr but didn't change the g_malloc calls to g_malloc0. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Message-id: 1470134726-15697-3-git-send-email-berrange@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-08-03vnc: don't crash getting server info if lsock is NULLDaniel P. Berrange
When VNC is started with '-vnc none' there will be no listener socket present. When we try to populate the VncServerInfo we'll crash accessing a NULL 'lsock' field. #0 qio_channel_socket_get_local_address (ioc=0x0, errp=errp@entry=0x7ffd5b8aa0f0) at io/channel-socket.c:33 #1 0x00007f4b9a297d6f in vnc_init_basic_info_from_server_addr (errp=0x7ffd5b8aa0f0, info=0x7f4b9d425460, ioc=<optimized out>) at ui/vnc.c:146 #2 vnc_server_info_get (vd=0x7f4b9e858000) at ui/vnc.c:223 #3 0x00007f4b9a29d318 in vnc_qmp_event (vs=0x7f4b9ef82000, vs=0x7f4b9ef82000, event=QAPI_EVENT_VNC_CONNECTED) at ui/vnc.c:279 #4 vnc_connect (vd=vd@entry=0x7f4b9e858000, sioc=sioc@entry=0x7f4b9e8b3a20, skipauth=skipauth@entry=true, websocket=websocket @entry=false) at ui/vnc.c:2994 #5 0x00007f4b9a29e8c8 in vnc_display_add_client (id=<optimized out>, csock=<optimized out>, skipauth=<optimized out>) at ui/v nc.c:3825 #6 0x00007f4b9a18d8a1 in qmp_marshal_add_client (args=<optimized out>, ret=<optimized out>, errp=0x7ffd5b8aa230) at qmp-marsh al.c:123 #7 0x00007f4b9a0b53f5 in handle_qmp_command (parser=<optimized out>, tokens=<optimized out>) at /usr/src/debug/qemu-2.6.0/mon itor.c:3922 #8 0x00007f4b9a348580 in json_message_process_token (lexer=0x7f4b9c78dfe8, input=0x7f4b9c7350e0, type=JSON_RCURLY, x=111, y=5 9) at qobject/json-streamer.c:94 #9 0x00007f4b9a35cfeb in json_lexer_feed_char (lexer=lexer@entry=0x7f4b9c78dfe8, ch=125 '}', flush=flush@entry=false) at qobj ect/json-lexer.c:310 #10 0x00007f4b9a35d0ae in json_lexer_feed (lexer=0x7f4b9c78dfe8, buffer=<optimized out>, size=<optimized out>) at qobject/json -lexer.c:360 #11 0x00007f4b9a348679 in json_message_parser_feed (parser=<optimized out>, buffer=<optimized out>, size=<optimized out>) at q object/json-streamer.c:114 #12 0x00007f4b9a0b3a1b in monitor_qmp_read (opaque=<optimized out>, buf=<optimized out>, size=<optimized out>) at /usr/src/deb ug/qemu-2.6.0/monitor.c:3938 #13 0x00007f4b9a186751 in tcp_chr_read (chan=<optimized out>, cond=<optimized out>, opaque=0x7f4b9c7add40) at qemu-char.c:2895 #14 0x00007f4b92b5c79a in g_main_context_dispatch () from /lib64/libglib-2.0.so.0 #15 0x00007f4b9a2bb0c0 in glib_pollfds_poll () at main-loop.c:213 #16 os_host_main_loop_wait (timeout=<optimized out>) at main-loop.c:258 #17 main_loop_wait (nonblocking=<optimized out>) at main-loop.c:506 #18 0x00007f4b9a0835cf in main_loop () at vl.c:1934 #19 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4667 Do an upfront check for a NULL lsock and report an error to the caller, which matches behaviour from before commit 04d2529da27db512dcbd5e99d0e26d333f16efcc Author: Daniel P. Berrange <berrange@redhat.com> Date: Fri Feb 27 16:20:57 2015 +0000 ui: convert VNC server to use QIOChannelSocket where getsockname() would be given a FD value -1 and thus report an error to the caller. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Message-id: 1470134726-15697-2-git-send-email-berrange@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-08-03xen: use a common function for pv and hvm guest backend register callsJuergen Gross
Instead of calling xen_be_register() for each supported backend type for hvm and pv guests in their machine init functions use a common function in order not to have to add new backends twice. This at once fixes the error that hvm domains couldn't use the qusb backend. Signed-off-by: Juergen Gross <jgross@suse.com> Acked-by: Anthony PERARD <anthony.perard@citrix.com> Message-id: 1470119552-16170-1-git-send-email-jgross@suse.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-08-03Merge remote-tracking branch ↵Peter Maydell
'remotes/berrange/tags/pull-qio-next-2016-08-03-v1' into staging Merge qio-next 2016-08-03 v1 # gpg: Signature made Wed 03 Aug 2016 10:48:08 BST # gpg: using RSA key 0xBE86EBB415104FDF # gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" # gpg: aka "Daniel P. Berrange <berrange@redhat.com>" # Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF * remotes/berrange/tags/pull-qio-next-2016-08-03-v1: io: remove mistaken call to object_ref on QTask Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-08-03Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.7-20160803' ↵Peter Maydell
into staging qemu-2.7: ppc patch queue 2016-08-03 Here's the current set of patches (only 2) for spapr, ppc and related things. These are important bugfixes for the stabilizing 2.7 tree. One is for a regression where confusion between x86 only and generic KVM irq handling resulted in breakage on KVM/Power. The other is fixing (yet another) problem in the vcpu hotplug code: older pseries machine types which don't support vcpu hotplug weren't correctly advertising that, potentially leading to crashes or other problems. # gpg: Signature made Wed 03 Aug 2016 06:23:40 BST # gpg: using RSA key 0x6C38CACA20D9B392 # gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>" # gpg: aka "David Gibson (Red Hat) <dgibson@redhat.com>" # gpg: aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>" # gpg: WARNING: This key is not certified with sufficiently trusted signatures! # gpg: It is not certain that the signature belongs to the owner. # Primary key fingerprint: 75F4 6586 AE61 A66C C44E 87DC 6C38 CACA 20D9 B392 * remotes/dgibson/tags/ppc-for-2.7-20160803: kvm-irqchip: only commit route when irqchip is used spapr: Error out when CPU hotplug is attempted on older pseries machines Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-08-03io: remove mistaken call to object_ref on QTaskDaniel P. Berrange
The QTask struct is just a standalone struct, not a QOM Object, so calling object_ref() on it is not appropriate. This results in mangling the 'destroy' field in the QTask struct, causing the later call to qtask_free() to try to call the function at address 0x1, with predictably segfault happy results. There is in fact no need for ref counting with QTask, as the call to qtask_abort() or qtask_complete() will automatically free associated memory. This fixes the crash shown in https://bugs.launchpad.net/qemu/+bug/1589923 Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-08-03xen: drain submit queue in xen-usb before removing deviceJuergen Gross
When unplugging a device in the Xen pvusb backend drain the submit queue before deallocation of the control structures. Otherwise there will be bogus memory accesses when I/O contracts are finished. Correlated to this issue is the handling of cancel requests: a packet cancelled will still lead to the call of complete, so add a flag to the request indicating it should be just dropped on complete. Signed-off-by: Juergen Gross <jgross@suse.com> Acked-by: Anthony PERARD <anthony.perard@citrix.com> Message-id: 1470140044-16492-3-git-send-email-jgross@suse.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-08-03xen: when removing a backend don't remove many of themJuergen Gross
When a Xenstore watch fires indicating a backend has to be removed don't remove all backends for that domain with the specified device index, but just the one which has the correct type. The easiest way to achieve this is to use the already determined xendev as parameter for xen_be_del_xendev() instead of only the domid and device index. This at once removes the open coded QTAILQ_FOREACH_SAVE() in xen_be_del_xendev() as there is no need to search for the correct xendev any longer. Signed-off-by: Juergen Gross <jgross@suse.com> Reviewed-by: Stefano Stabellini <sstabellini@kernel.org> Message-id: 1470140044-16492-2-git-send-email-jgross@suse.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>