aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-12-17blkdebug: Avoid '.' in enum valuesEric Blake
Our qapi conventions document that '.' should only be used in the prefix of downstream names. BlkdebugEvent was a lone exception to this. Changing this is not backwards compatible to the 'blockdev-add' QMP command; however, that command is not yet fully stable. It can also be argued that the testsuite is the biggest user of blkdebug, and that any other user can be taught to deal with the change by paying attention to introspection results. Done with: $ for str in \ l1_grow.{alloc,write,activate}_table \ l2_alloc.{cow_read,write} \ refblock_alloc.{hookup,write,write_blocks,write_table,switch_table} \ pwritev_rmw.{head,after_head,tail,after_tail}; do str1=$(echo "$str" | sed 's/\./\\./') str2=$(echo "$str" | sed 's/\./_/') git grep -l "$str1" | xargs -r sed -i "s/$str1/$str2/g" done followed by a manual touchup to test 77 to keep the test working. Reported-by: Markus Armbruster <armbru@redhat.com> CC: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1447836791-369-21-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-12-17blkdebug: Merge hand-rolled and qapi BlkdebugEvent enumEric Blake
No need to keep two separate enums, where editing one is likely to forget the other. Now that we can specify a qapi enum prefix, we don't even have to change the bulk of the uses. get_event_by_name() could perhaps be replaced by qapi_enum_parse(), but I left that for another day. CC: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1447836791-369-20-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-12-17qapi: Remove dead visitor codeEric Blake
Commit cbc95538 removed unused start_handle() and end_handle(), but forgot to remove their declarations. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1447836791-369-19-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-12-17qapi: Fix c_name() mungingEric Blake
The method c_name() is supposed to do two different actions: munge '-' into '_', and add a 'q_' prefix to ticklish names. But it did these steps out of order, making it possible to submit input that is not ticklish until after munging, where the output then lacked the desired prefix. The failure is exposed easily if you have a compiler that recognizes C11 keywords, and try to name a member '_Thread-local', as it would result in trying to compile the declaration 'uint64_t _Thread_local;' which is not valid. However, this name violates our conventions (ultimately, want to enforce that no qapi names start with single underscore), so the test is slightly weaker by instead testing 'wchar-t'; the declaration 'uint64_t wchar_t;' is valid in C (where wchar_t is only a typedef) but would fail with a C++ compiler (where it is a keyword). Fix things by reversing the order of actions within c_name(). Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1447836791-369-18-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-12-17qapi: Detect collisions in C member namesEric Blake
Detect attempts to declare two object members that would result in the same C member name, by keying the 'seen' dictionary off of the C name rather than the qapi name. It also requires passing info through the check_clash() methods. This addresses a TODO and fixes the previously-broken args-name-clash test. The resulting error message demonstrates the utility of the .describe() method added previously. No change to generated code. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1447836791-369-17-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-12-17qapi: Track owner of each object memberEric Blake
Future commits will migrate semantic checking away from parsing and over to the various QAPISchema*.check() methods. But to report an error message about an incorrect semantic use of a member of an object type, it helps to know which type, command, or event owns the member. In particular, when a member is inherited from a base type, it is desirable to associate the member name with the base type (and not the type calling member.check()). Rather than packing additional information into the seen array passed to each member.check() (as in seen[m.name] = {'member':m, 'owner':type}), it is easier to have each member track the name of the owner type in the first place (keeping things simpler with the existing seen[m.name] = m). The new member.owner field is set via a new set_owner() method, called when registering the members and variants arrays with an object or variant type. Track only a name, and not the actual type object, to avoid creating a circular python reference chain. Note that Variants.set_owner() method does not set the owner for the tag_member field; this field is set earlier either as part of an object's non-variant members, or explicitly by alternates. The source information is intended for human consumption in error messages, and a new describe() method is added to access the resulting information. For example, given the qapi: { 'command': 'foo', 'data': { 'string': 'str' } } an implementation of visit_command() that calls arg_type.members[0].describe() will see "'string' (parameter of foo)". To make the human-readable name of implicit types work without duplicating efforts, the describe() method has to reverse the name of implicit types, via the helper _pretty_owner(). No change to generated code. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1447836791-369-16-git-send-email-eblake@redhat.com> [Incorrect & unused -wrapper case in _pretty_owner() dropped] Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-12-17qapi: Remove outdated tests related to QMP/branch collisionsEric Blake
Now that branches are in a separate C namespace, we can remove the restrictions in the parser that claim a branch name would collide with QMP, and delete the negative tests that are no longer problematic. A separate patch can then add positive tests to qapi-schema-test to test that any corner cases will compile correctly. This reverts the scripts/qapi.py portion of commit 7b2a5c2, now that the assertions that it plugged are no longer possible. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1447836791-369-15-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-12-17qapi: Hoist tag collision check to Variants.check()Eric Blake
Checking that a given QAPISchemaObjectTypeVariant.name is a member of the corresponding QAPISchemaEnumType of the owning QAPISchemaObjectTypeVariants.tag_member ensures that there are no collisions in the generated C union for those tag values (since the enum itself should have no collisions). However, ever since its introduction in f51d8c3d, this was the only additional action of of Variant.check(), beyond calling the superclass Member.check(). This forces a difference in .check() signatures, just to pass the enum type down. Simplify things by instead doing the tag name check as part of Variants.check(), at which point we can rely on inheritance instead of overriding Variant.check(). Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1447836791-369-14-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-12-17qapi: Factor out QAPISchemaObjectType.check_clash()Eric Blake
Consolidate two common sequences of clash detection into a new QAPISchemaObjectType.check_clash() helper method. No change to generated code. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1447836791-369-13-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-12-17qapi: Check for QAPI collisions involving variant membersEric Blake
Right now, our ad hoc parser ensures that we cannot have a flat union that introduces any members that would clash with non-variant members inherited from the union's base type (see flat-union-clash-member.json). We want QAPISchemaObjectType.check() to make the same check, so we can later reduce some of the ad hoc checks. We already have a map 'seen' of all non-variant members. We still need to check for collisions between each variant type's members and the non-variant ones. To know the variant type's members, we need to call variant.type.check(). This also detects when a type contains itself in a variant, exactly like the existing base.check() detects when a type contains itself as a base. (Except that we currently forbid anything but a struct as the type of a variant, so we can't actually trigger this type of loop yet.) Slight complication: an alternate's variant can have arbitrary type, but only an object type's check() may be called outside QAPISchema.check(). We could either skip the call for variants of alternates, or skip it for non-object types. For now, do the latter, because it's easier. Then we call each variant member's check_clash() with the appropriate 'seen' map. Since members of different variants can't clash, we have to clone a fresh seen for each variant. Wrap this in a new helper method QAPISchemaObjectTypeVariants.check_clash(). Note that cloning 'seen' inside .check_clash() resembles the one we just removed from .check() in 'qapi: Drop obsolete tag value collision assertions'; the difference here is that we are now checking for clashes among the qapi members of the variant type, rather than for a single clash with the variant tag name itself. Note that, by construction, collisions can't actually happen for simple unions: each variant's type is a wrapper with a single member 'data', which will never collide with the only non-variant member 'type'. For alternates, there's nothing for a variant object type's members to clash with, and therefore no need to call the new variants.check_clash(). No change to generated code. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1447836791-369-12-git-send-email-eblake@redhat.com> [Commit message tweaked] Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-12-17qapi: Simplify QAPISchemaObjectTypeVariants.check()Markus Armbruster
Reduce the ugly flat union / simple union conditional by doing just the essential work here, namely setting self.tag_member. Move the rest to callers. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <1446559499-26984-7-git-send-email-armbru@redhat.com> [rebase to earlier changes that moved tag_member.check() of alternate types, and tweak commit title and wording] Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1447836791-369-11-git-send-email-eblake@redhat.com>
2015-12-17qapi: Factor out QAPISchemaObjectTypeMember.check_clash()Markus Armbruster
While there, stick in a TODO change key of seen from QAPI name to C name. Can't do it right away, because it would fail the assertion for tests/qapi-schema/args-has-clash.json. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <1446559499-26984-6-git-send-email-armbru@redhat.com> Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1447836791-369-10-git-send-email-eblake@redhat.com>
2015-12-17qapi: Eliminate QAPISchemaObjectType.check() variable membersMarkus Armbruster
We can use seen.values() instead if we make it an OrderedDict. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <1446559499-26984-5-git-send-email-armbru@redhat.com> Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1447836791-369-9-git-send-email-eblake@redhat.com>
2015-12-17qapi: Fix up commit 7618b91's clash sanity checking changeMarkus Armbruster
This hunk @@ -964,6 +965,7 @@ class QAPISchemaObjectType(QAPISchemaType): members = [] seen = {} for m in members: + assert c_name(m.name) not in seen seen[m.name] = m for m in self.local_members: m.check(schema, members, seen) is plainly broken. Asserting the members inherited from base don't clash is somewhat redundant, because self.base.check() just checked that. But it doesn't hurt. The idea to use c_name(m.name) instead of m.name for collision checking is sound, because we need to catch clashes between the m.name and between the c_name(m.name), and when two m.name clash, then their c_name() also clash. However, using c_name(m.name) instead of m.name in one of several places doesn't work. See the very next line. Keep the assertion, but drop the c_name() for now. A future commit will bring it back. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <1446559499-26984-4-git-send-email-armbru@redhat.com> [change TABs in commit message to space] Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1447836791-369-8-git-send-email-eblake@redhat.com>
2015-12-17qapi: Clean up after previous commitMarkus Armbruster
QAPISchemaObjectTypeVariants.check() parameter members and QAPISchemaObjectTypeVariant.check() parameter seen are no longer used, drop them. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <1446559499-26984-3-git-send-email-armbru@redhat.com> [rebase to earlier changes that moved tag_member.check() of alternate types] Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1447836791-369-7-git-send-email-eblake@redhat.com>
2015-12-17qapi: Simplify QAPISchemaObjectTypeMember.check()Markus Armbruster
QAPISchemaObjectTypeMember.check() currently does four things: 1. Compute self.type 2. Accumulate members in all_members Only one caller cares: QAPISchemaObjectType.check() uses it to compute self.members. The other callers pass a throw-away accumulator. 3. Accumulate a map from names to members in seen Only one caller cares: QAPISchemaObjectType.check() uses it to compute its local variable seen, for self.variants.check(), which uses it to compute self.variants.tag_member from self.variants.tag_name. The other callers pass a throw-away accumulator. 4. Check for collisions This piggybacks on 3: before adding a new entry, we assert it's new. Only one caller cares: QAPISchemaObjectType.check() uses it to assert non-variant members don't clash. Simplify QAPISchemaObjectType.check(): move 2.-4. to QAPISchemaObjectType.check(), and drop parameters all_members and seen. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <1446559499-26984-2-git-send-email-armbru@redhat.com> [rebase to earlier changes that moved tag_member.check() of alternate types, commit message typo fix] Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1447836791-369-6-git-send-email-eblake@redhat.com>
2015-12-17qapi: Drop obsolete tag value collision assertionsMarkus Armbruster
Union tag values can't clash with member names in generated C anymore since commit e4ba22b, but QAPISchemaObjectTypeVariants.check() still asserts they don't. Drop it. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <1446559499-26984-1-git-send-email-armbru@redhat.com> Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1447836791-369-5-git-send-email-eblake@redhat.com>
2015-12-17qapi-types: Simplify gen_struct_field[s]Eric Blake
Simplify gen_struct_fields() back to a single iteration over a list of fields (like it was prior to commit f87ab7f9), by moving the generated comments to gen_object(). Then, inline gen_struct_field() into its only caller. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1447836791-369-4-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-12-17qapi-types: Consolidate gen_struct() and gen_union()Eric Blake
These two methods are now close enough that we can finally merge them, relying on the fact that simple unions now provide a reasonable local_members. Change gen_struct() to gen_object() that handles all forms of QAPISchemaObjectType, and rename and shrink gen_union() to gen_variants() to handle the portion of gen_object() needed when variants are present. gen_struct_fields() now has a single caller, so it no longer needs an optional parameter; however, I did not choose to inline it into the caller. No difference to generated code. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1447836791-369-3-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-12-17qapi: Track simple union tag in object.local_membersEric Blake
We were previously creating all unions with an empty list for local_members. However, it will make it easier to unify struct and union generation if we include the generated tag member in local_members. That way, we can have a common code pattern: visit the base (if any), visit the local members (if any), visit the variants (if any). The local_members of a flat union remains empty (because the discriminator is already visited as part of the base). Then, by visiting tag_member.check() during AlternateType.check(), we no longer need to call it during Variants.check(). The various front end entities now exist as follows: struct: optional base, optional local_members, no variants simple union: no base, one-element local_members, variants with tag_member from local_members flat union: base, no local_members, variants with tag_member from base alternate: no base, no local_members, variants With the new local members, we require a bit of finesse to avoid assertions in the clients. No change to generated code. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1447836791-369-2-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-12-16Update version for v2.5.0 releasev2.5.0Peter Maydell
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-12-11Update version for v2.5.0-rc4 releasev2.5.0-rc4Peter Maydell
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-12-11blockdev: Mark {insert, remove}-medium experimentalMax Reitz
While in the long term we want throttling to be its own block filter BDS, in the short term we want it to be part of the BB instead of a BDS; even in the long term we may want legacy throttling to be automatically tied to the BB. blockdev-insert-medium and blockdev-remove-medium do not retain throttling information in the BB (deliberately so). Therefore, using them means tying this information to a BDS, which would break the model described above. (The same applies to other flags such as detect_zeroes.) We probably want to move this information to the BB or its own filter BDS before blockdev-{insert,remove}-medium can be considered completely stable. Therefore, mark these functions experimental for the time being. Suggested-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com> Acked-by: Markus Armbruster <armbru@redhat.com> Acked-by: Kevin Wolf <kwolf@redhat.com> Message-id: 1449847385-13986-2-git-send-email-mreitz@redhat.com Reviewed-by: Eric Blake <eblake@redhat.com> [PMM: fixed format nit (underlining) in qmp-commands.hx] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-12-11Fix xbzrle vs last_sent_block updateDr. David Alan Gilbert
My fix (84e7b80a) replaced the last_sent_block update that I'd removed earlier; however it was too aggressive in the xbzrle case. save_xbzrle_page might return '0' to mean that the page didn't need sending since it was the same as the last sent version; in this case we can't update 'last_sent_block' since we didn't actually send it. Symptom: 'Illegal RAM offset 1018000' as we try and send a page to the wrong RAMBlock; potentially that could be a data corruption if you were really unlucky. Fixes: 84e7b80a05c0c44b90533c6cd2f1db5c932ccf77 Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Message-id: 1449765106-6528-1-git-send-email-dgilbert@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-12-10Update language files for QEMU 2.5.0Peter Maydell
Update translation files (change created via 'make -C po update'). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Stefan Weil <sw@weilnetz.de> Message-id: 1449754467-3496-1-git-send-email-peter.maydell@linaro.org
2015-12-10sparc: allow CASA with ASI 0xa from user spaceAlex Zuepke
LEON3 allows the CASA instruction to be used from user space if the ASI is set to 0xa (user data). Signed-off-by: Alex Zuepke <azu@sysgo.de> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-12-10MAINTAINERS: add maintainer to virtio-9pGreg Kurz
As suggested by Paolo, I add myself as maintainer for virtio-9p. Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Acked-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> Message-id: 20151130154016.20108.79073.stgit@bahia.huguette.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-12-10virtio-9p-device: add minimal unrealize handlerGreg Kurz
Since commit 4652f1640e029e1f2433fa77ba6af285 "virtio-9p: add savevm handlers", if the user hot-unplugs a quiescent 9p device and live migrates, the source QEMU crashes before migration completetion... This happens because virtio-9p devices have a realize handler which calls virtio_init() and register_savevm(). Both calls store pointers to the device internals, that get dereferenced during migration even if the device got unplugged. This patch simply adds an unrealize handler to perform minimal cleanup and avoid the crash. Hot unplug of non-quiescent 9p devices is still not supported in QEMU, and not supported by linux guests either. Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Message-id: 20151208155457.27775.69441.stgit@bahia.huguette.org [PMM: rewrapped long lines in commit message] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-12-07Update version for v2.5.0-rc3 releasev2.5.0-rc3Peter Maydell
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-12-07sd: Mark brittle abuse of blk_attach_dev() FIXMEMarkus Armbruster
blk_attach_dev() fails here only when we're working for device "sdhci-pci" (which already attached the backend), and then we don't want to attach a second time. If we ever create another failure mode, we're setting up ourselves to using the same backend from multiple frontends, which is likely to end in tears. Can't clean this up this close to the release, so mark it FIXME. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1449503710-3707-3-git-send-email-armbru@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-12-07sdhci: Sanitize "sdhci-pci" properties for future qomificationMarkus Armbruster
We currently fuse controller and card into a single device model, but we intend qomify things properly and separate the two. The properties that really belong to the card would then have to somehow pass-through to the card's properties. To avoid that complication, either mark them experimental or drop them. Properties "capareg", "maxcurr" and the usual PCI device properties belong to the controller. Property "drive" belongs to the card; rename it to "x-drive". Properties "logical_block_size", "physical_block_size", "min_io_size", "opt_io_size", "discard_granularity" belong to the card, but have no effect; drop them. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1449503710-3707-2-git-send-email-armbru@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-12-07virtio-blk: Drop x-data-plane optionFam Zheng
The official way of enabling dataplane is through the "iothread" property that references an iothread object created by "-object iothread". Since the old "x-data-plane=on" way now even crashes, it's probably easier to just drop it: $ qemu-system-x86_64 -drive file=null-co://,id=d0,if=none \ -device virtio-blk-pci,drive=d0,x-data-plane=on ERROR:/home/fam/work/qemu/qom/object.c:1515: object_get_canonical_path_component: assertion failed: (obj->parent != NULL) Aborted Signed-off-by: Fam Zheng <famz@redhat.com> Message-id: 1449485967-19240-1-git-send-email-famz@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-12-07Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into ↵Peter Maydell
staging # gpg: Signature made Mon 07 Dec 2015 14:06:07 GMT using RSA key ID 398D6211 # gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>" # gpg: WARNING: This key is not certified with sufficiently trusted signatures! # gpg: It is not certain that the signature belongs to the owner. # Primary key fingerprint: 215D 46F4 8246 689E C77F 3562 EF04 965B 398D 6211 * remotes/jasowang/tags/net-pull-request: lan9118: log and ignore access to invalid registers, rather than aborting lan9118: fix emulation of MAC address loaded bit in E2P_CMD register vmxnet3: silence warning pcnet: fix rx buffer overflow(CVE-2015-7512) net: pcnet: add check to validate receive data size(CVE-2015-7504) e1000: fix hang of win2k12 shutdown with flood ping Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-12-07lan9118: log and ignore access to invalid registers, rather than abortingAndrew Baumann
With this change, access to invalid/unimplemented device registers are logged as a "guest error" rather than aborting qemu with hw_error. This enables drivers for similar devices (e.g. SMSC 9221), by simply ignoring the unimplemented writes. It's also closer to what real hardware does. Signed-off-by: Andrew Baumann <Andrew.Baumann@microsoft.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2015-12-07lan9118: fix emulation of MAC address loaded bit in E2P_CMD registerAndrew Baumann
There appears to have been a longstanding typo in the implementation of the "MAC address loaded" bit in the E2P_CMD (EEPROM command) register. The code was using 0x10, but the controller spec says it should be bit 8 (0x100). Signed-off-by: Andrew Baumann <Andrew.Baumann@microsoft.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2015-12-07vmxnet3: silence warningMichael S. Tsirkin
vmxnet3 always produces a warning under qtest. This is not a user error, don't warn. Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2015-12-07pcnet: fix rx buffer overflow(CVE-2015-7512)Jason Wang
Backends could provide a packet whose length is greater than buffer size. Check for this and truncate the packet to avoid rx buffer overflow in this case. Cc: Prasad J Pandit <pjp@fedoraproject.org> Cc: qemu-stable@nongnu.org Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2015-12-07net: pcnet: add check to validate receive data size(CVE-2015-7504)Prasad J Pandit
In loopback mode, pcnet_receive routine appends CRC code to the receive buffer. If the data size given is same as the buffer size, the appended CRC code overwrites 4 bytes after s->buffer. Added a check to avoid that. Reported by: Qinghao Tang <luodalongde@gmail.com> Cc: qemu-stable@nongnu.org Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Signed-off-by: Jason Wang <jasowang@redhat.com>
2015-12-07e1000: fix hang of win2k12 shutdown with flood pingDenis V. Lunev
e1000 driver in Win2k12 is really well rotten. It 100% hangs on shutdown of UP VM under flood ping. The guest checks card state and reinjects itself interrupt in a loop. This is fatal for UP machine. There is no good way to fix this misbehavior but to kludge it. The emulation has interrupt throttling register aka ITR which limits interrupt rate and allows the guest to proceed this phase. There is no problem with this kludge for Linux guests - it adjust the value of it itself. On the other hand according to the initial research in commit e9845f0985f088dd01790f4821026df0afba5795 Author: Vincenzo Maffione <v.maffione@gmail.com> Date: Fri Aug 2 18:30:52 2013 +0200 e1000: add interrupt mitigation support ... Interrupt mitigation boosts performance when the guest suffers from an high interrupt rate (i.e. receiving short UDP packets at high packet rate). For some numerical results see the following link http://info.iet.unipi.it/~luigi/papers/20130520-rizzo-vm.pdf this should also boost performance a bit. See https://bugzilla.redhat.com/show_bug.cgi?id=874406 for additional details. Signed-off-by: Denis V. Lunev <den@openvz.org> CC: Vincenzo Maffione <v.maffione@gmail.com> CC: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2015-12-04Merge remote-tracking branch 'remotes/afaerber/tags/qom-devices-for-peter' ↵Peter Maydell
into staging QOM infrastructure fixes and device conversions * Documentation update * qom-test and related fixes # gpg: Signature made Fri 04 Dec 2015 17:54:55 GMT using RSA key ID 3E7E013F # gpg: Good signature from "Andreas Färber <afaerber@suse.de>" # gpg: aka "Andreas Färber <afaerber@suse.com>" * remotes/afaerber/tags/qom-devices-for-peter: qom-test: Fix qmp() leaks tests: Use proper functions types instead of void (*fn) qom: Update documentation comment of struct Object tests: Fix check-report-qtest-% target Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-12-04qom-test: Fix qmp() leaksMarc-André Lureau
Before this patch ASAN reported: SUMMARY: AddressSanitizer: 677165875 byte(s) leaked in 1272437 allocation(s) After this patch: SUMMARY: AddressSanitizer: 465 byte(s) leaked in 32 allocation(s) Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <1448551895-871-1-git-send-email-marcandre.lureau@redhat.com> [Straightforwardly rebased onto the previous patch] Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
2015-12-04tests: Use proper functions types instead of void (*fn)Markus Armbruster
We have several function parameters declared as void (*fn). This is just a stupid way to write void *, and the only purpose writing it like that could serve is obscuring the sin of bypassing the type system without need. The original sin is commit 49ee359: its qtest_add_func() is a wrapper for g_test_add_func(). Fix the parameter type to match g_test_add_func()'s. This uncovers type errors in ide-test.c; fix them. Commit 7949c0e faithfully repeated the sin for qtest_add_data_func(). Fix it the same way, along with a harmless type error uncovered in vhost-user-test.c. Commit 063c23d repeated it for qtest_add_abrt_handler(). The screwy parameter gets assigned to GHook member func, so change its type to match. Requires wrapping kill_qemu() to keep the type checker happy. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> [AF/armbru: Inline GTestFunc/GTestDataFunc typedef for old GLib] Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
2015-12-04Merge remote-tracking branch ↵Peter Maydell
'remotes/mjt/tags/pull-trivial-patches-2015-12-04' into staging trivial patches for 2015-12-04 # gpg: Signature made Fri 04 Dec 2015 06:40:23 GMT using RSA key ID A4C3D7DB # gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>" # gpg: aka "Michael Tokarev <mjt@corpit.ru>" # gpg: aka "Michael Tokarev <mjt@debian.org>" * remotes/mjt/tags/pull-trivial-patches-2015-12-04: bt: check struct sizes typedefs: Put them back into alphabetical order scsi: remove scsi_req_free prototype gt64xxx: fix decoding of ISD register configure: use appropriate code fragment for -fstack-protector checks crypto: avoid two coverity false positive error reports configure: Diagnose broken linkers directly bt: avoid unintended sign extension util/id: fully allocate names table Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-12-04Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.5-20151204' ↵Peter Maydell
into staging ppc patch queue for 2.5 2015-12-04 This contains some last minute QOM behaviour fixes from Markus Armbruster. # gpg: Signature made Fri 04 Dec 2015 06:43:54 GMT using RSA key ID 20D9B392 # gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>" # gpg: aka "David Gibson (Red Hat) <dgibson@redhat.com>" # gpg: aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>" # gpg: WARNING: This key is not certified with sufficiently trusted signatures! # gpg: It is not certain that the signature belongs to the owner. # Primary key fingerprint: 75F4 6586 AE61 A66C C44E 87DC 6C38 CACA 20D9 B392 * remotes/dgibson/tags/ppc-for-2.5-20151204: spapr_drc: Change value of property "fdt" from null back to {} spapr_drc: Make device "spapr-dr-connector" unavailable with -device spapr_drc: Handle visitor errors properly Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-12-04bt: check struct sizesPaolo Bonzini
See http://permalink.gmane.org/gmane.linux.bluez.kernel/36505. For historical reasons these do not use sizeof, and Coverity caught a mistake in EVT_ENCRYPT_CHANGE_SIZE. In addition: - remove status from create_conn_cancel_cp; the "status" field is only in rp structs. Note that this means that the OCF_CREATE_CONN_CANCEL could never have worked (it would have failed the LENGTH_CHECK), but I am keeping it anyway. - OCF_READ_LINK_QUALITY similarly could never have worked, but I am fixing read_link_quality_cp anyway. - fix inquiry_info which is shorter by one: the kernel has a struct that is 14 byte long, but not counting the initial num_responses byte which the kernel parses separately; - remove extended_inquiry_info altogether, since it's not used and unlike the other inquiry structs does not have the initial num_responses byte. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-12-04typedefs: Put them back into alphabetical orderMarkus Armbruster
"Please keep this list in alphabetical order" has been more honoured in the breach than in the observance. Clean up. While there, drop a redundant struct declaration. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-12-04scsi: remove scsi_req_free prototypeHervé Poussineau
Function has been deleted in ad2d30f79d3b0812f02c741be2189796b788d6d7. Signed-off-by: Hervé Poussineau <hpoussin@reactos.org> Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-12-04gt64xxx: fix decoding of ISD registerPaolo Bonzini
The GT64xxx's internal registers can be placed above the first 4 GiB in the address space, but not above the first 64 GiB. Correctly cast the register to a 64-bit integer, and mask away bits above bit 35. Datasheet at http://pdf.datasheetarchive.com/datasheetsmain/Datasheets-33/DSA-655889.pdf (bug reported by Coverity). Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-12-04configure: use appropriate code fragment for -fstack-protector checksRodrigo Rebello
The check for stack-protector support consisted in compiling and linking the test program below (output by function write_c_skeleton()) with the compiler flag -fstack-protector-strong first and then with -fstack-protector-all if the first one failed to work: int main(void) { return 0; } This caused false positives when using certain toolchains in which the compiler accepted -fstack-protector-strong but no support was provided by the C library, since for this stack-protector variant the compiler emits canary code only for functions that meet specific conditions (local arrays, memory references to local variables, etc.) and the code fragment under test included none of them (hence no stack protection code generated, no link failure). This fix changes the test program used for -fstack-protector checks to include a function that meets conditions which cause the compiler to generate canary code in all variants. Signed-off-by: Rodrigo Rebello <rprebello@gmail.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-12-04crypto: avoid two coverity false positive error reportsDaniel P. Berrange
In qcrypto_tls_creds_get_path() coverity complains that we are checking '*creds' for NULL, despite having dereferenced it previously. This is harmless bug due to fact that the trace call was too early. Moving it after the cleanup gets the desired semantics. In qcrypto_tls_creds_check_cert_key_purpose() coverity complains that we're passing a pointer to a previously free'd buffer into gnutls_x509_crt_get_key_purpose_oid() This is harmless because we're passing a size == 0, so gnutls won't access the buffer, but rather just report what size it needs to be. We can avoid it though by explicitly setting the buffer to NULL after free'ing it. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>