aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-07-14qcow2: Make qiov match request size until backing file EOFKevin Wolf
If a qcow2 image has a shorter backing file and a read request to unallocated clusters goes across EOF of the backing file, the backing file sees a shortened request and the rest is filled with zeros. However, the original too long qiov was used with the shortened request. This patch makes the qiov size match the request size, avoiding a potential buffer overflow in raw-posix. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com>
2014-07-14block: Make qiov match the request size until EOFKevin Wolf
If a read request goes across EOF, the block driver sees a shortened request that stops at EOF (the rest is memsetted in block.c), however the original qiov was used for this request. This patch makes the qiov size match the request size, avoiding a potential buffer overflow in raw-posix. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com>
2014-07-09AioContext: speed up aio_notifyPaolo Bonzini
In many cases, the call to event_notifier_set in aio_notify is unnecessary. In particular, if we are executing aio_dispatch, or if aio_poll is not blocking, we know that we will soon get to the next loop iteration (if necessary); the thread that hosts the AioContext's event loop does not need any nudging. The patch includes a Promela formal model that shows that this really works and does not need any further complication such as generation counts. It needs a memory barrier though. The generation counts are not needed because any change to ctx->dispatching after the memory barrier is okay for aio_notify. If it changes from zero to one, it is the right thing to skip event_notifier_set. If it changes from one to zero, the event_notifier_set is unnecessary but harmless. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-07-09test-aio: fix GSource-based timer testPaolo Bonzini
The current test depends too much on the implementation of the AioContext GSource. Just iterate on the main loop until the callback has been invoked the right number of times. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-07-09block: drop aio functions that operate on the main AioContextPaolo Bonzini
The main AioContext should be accessed explicitly via qemu_get_aio_context(). Most of the time, using it is not the right thing to do. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-07-09block: prefer aio_poll to qemu_aio_waitPaolo Bonzini
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-07-09block: Fix bdrv_is_allocated() return valueKevin Wolf
bdrv_is_allocated() should return either 0 or 1 in successful cases. We're lucky that currently, the callers that rely on this (e.g. because they check for ret == 1) don't seem to break badly. They just might skip some optimisation or in the case of qemu-io 'map' print separate lines where a single line would suffice. In theory, a wrong allocation status could lead to image corruption with certain operations, so let's fix this quickly. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2014-07-09block/backup: Fix hang for unaligned image sizeKevin Wolf
When doing a block backup of an image with an unaligned size (with respect to the BACKUP_CLUSTER_SIZE), qemu would check the allocation status of sectors after the end of the image. bdrv_is_allocated() returns a result that is valid for 0 sectors in this case, so the backup job ran into an endless loop. Stop looping when seeing a result valid for 0 sectors, we're at EOF then. The test case looks somewhat unrelated at first sight because I originally tried to reproduce a different suspected bug that turned out to not exist. Still a good test case and it accidentally found this one. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2014-07-08Update version for v2.1.0-rc1 releasev2.1.0-rc1Peter Maydell
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-07-08hw/ppc/spapr_hcall.c: Add ULL suffix to 64 bit constantPeter Maydell
Add ULL suffix to 64 bit constant to prevent compiler warnings on some 32 bit platforms. Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-07-08Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20140708' into stagingPeter Maydell
Bugfixes for s390x: set subsystem id in the lowcore when booting from the s390-ccw bios, and set the channel-program address after I/O completion, when applicable. # gpg: Signature made Tue 08 Jul 2014 14:18:20 BST using RSA key ID C6F02FAF # gpg: Can't check signature: public key not found * remotes/cohuck/tags/s390x-20140708: s390x/css: reflect cpa in scsw pc-bios/s390-ccw: update binary pc-bios/s390-ccw: store proper subsystem information word Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-07-08s390x/css: reflect cpa in scswCornelia Huck
We neglected to update the the channel-program-address field of the scsw after completion of the start or the halt function: Fortunately, Linux didn't miss it so far. Let's update it for the cases where the cpa is expected to be valid; in some cases, the cpa is 'unpredictable', so we leave it untouched. Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com> Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2014-07-08pc-bios/s390-ccw: update binaryCornelia Huck
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2014-07-08pc-bios/s390-ccw: store proper subsystem information wordChristian Borntraeger
POP chapter 17 requires to store a subsystem information word at 184 during IPL. Furthermore bytes 188-191 should be zero. The bootmap might contain data blocks that are written to the first page. We have to write these values after we processed the bootmap and before the final IPL. Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2014-07-08Merge remote-tracking branch ↵Peter Maydell
'remotes/pmaydell/tags/pull-target-arm-20140708' into staging target-arm queue: * fix handling of KVM reset for 32-bit ARM CPUs * implement NOR flash alias for vexpress-a9 * make sure libvixl gets its own utils.h rather than somebody else's # gpg: Signature made Tue 08 Jul 2014 13:12:05 BST using RSA key ID 14360CDE # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" * remotes/pmaydell/tags/pull-target-arm-20140708: target-arm: Implement vCPU reset via KVM_ARM_VCPU_INIT for 32-bit CPUs hw/arm/vexpress: Alias NOR flash at 0 for vexpress-a9 disas/libvixl: prepend the include path of libvixl header files Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-07-08target-arm: Implement vCPU reset via KVM_ARM_VCPU_INIT for 32-bit CPUsPeter Maydell
Implement kvm_arm_vcpu_init() as a simple call to arm_arm_vcpu_init() (which uses the KVM_ARM_VCPU_INIT vcpu ioctl to tell the kernel to re-initialize the vCPU), rather than via the complicated code which saves a copy of the register state on first init and then writes it back to the kernel. This is much simpler and brings the 32-bit KVM code into line with the 64-bit code. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1403802973-20841-1-git-send-email-peter.maydell@linaro.org
2014-07-08hw/arm/vexpress: Alias NOR flash at 0 for vexpress-a9Peter Maydell
Make the vexpress-a9 board alias the first NOR flash region at address zero, like vexpress-a15. This makes "-bios" actually usable on this board. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1404310070-3561-1-git-send-email-peter.maydell@linaro.org Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
2014-07-08disas/libvixl: prepend the include path of libvixl header filesStefano Stabellini
Currently the Makefile of disas/libvixl appends -I$(SRC_PATH)/disas/libvixl to QEMU_CFLAGS. As a consequence C++ files that #include "utils.h", such as disas/libvixl/a64/instructions-a64.cc, are going to look for utils.h on all the other include paths first. When building QEMU as part of the Xen make system, another unrelated utils.h file is going to be chosen for inclusion, causing a build failure: In file included from disas/libvixl/a64/instructions-a64.cc:27:0: /qemu/disas/libvixl/a64/instructions-a64.h:88:64: error: 'rawbits_to_float' was not declared in this scope const float kFP32PositiveInfinity = rawbits_to_float(0x7f800000); Fix the problem by prepending (rather than appending) the libvixl include path to QEMU_CFLAGS. Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-07-08Merge remote-tracking branch 'remotes/agraf/tags/signed-ppc-for-upstream' ↵Peter Maydell
into staging Patch queue for ppc - 2014-07-08 A few bug fixes for 2.1: - Fix e500* TLB emulation with qemu-system-ppc - Update SLOF to current upstream (good number of bugfixes) - Make POWER7 / POWER8 PVR match more agnostic (needed in 2.1 for cmdline compat) - Fix u-boot.e500 install (how did that happen?) - Fix H_CAS on LE hosts - ppc64le-linux-user fixes # gpg: Signature made Tue 08 Jul 2014 11:18:58 BST using RSA key ID 03FEDC60 # gpg: Can't check signature: public key not found * remotes/agraf/tags/signed-ppc-for-upstream: PPC: e500: Actually install u-boot.e500 target-ppc: Remove POWER7+ and POWER8E families target-ppc: Add pvr_match() callback pseries: Update SLOF firmware image to qemu-slof-20140630 PPC: Fix booke206 TLB with phys addrs > 32bit target-ppc: Fix gdbstub for ppc64le-linux-user target-ppc: Change default cpu for ppc64le-linux-user target-ppc: KVMPPC_H_CAS fix cpu-version endianess Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-07-08PPC: e500: Actually install u-boot.e500Cole Robinson
Signed-off-by: Cole Robinson <crobinso@redhat.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2014-07-08target-ppc: Remove POWER7+ and POWER8E familiesAlexey Kardashevskiy
POWER8E is architecturally equal to POWER8 and POWER7+ is equal to POWER7. Also no user space tool makes any difference for CPU node name in the device tree (such as PowerPC,POWER7@0 vs. PowerPC,POWER7+@0). So there is no point in emulating POWER7+ and POWER8E apart from POWER7 and POWER8. Also, the previos patch implemented multiple PVR mask support per CPU class so POWER7 class now covers both POWER7 and POWER7+ CPUs, same is valid for POWER8/8E. This removes POWER7+ and POWER8E classes. This replaces references to POWER7P/POWER8E families with POWER7/POWER8 families. Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Signed-off-by: Alexander Graf <agraf@suse.de>
2014-07-08target-ppc: Add pvr_match() callbackAlexey Kardashevskiy
So far it was enough to have a base PVR value and mask per CPU family such as POWER7 or POWER8. However there CPUs which are completely architecturally compatible but have different PVRs such as POWER7/POWER7+ and POWER8/POWER8E. For these CPUs, top 16 bits are CPU family and low 16 bits are the version. The families have PVR base values different enough so defining a mask which would cover both (or potentially more) CPUs within the family is not possible. This adds a pvr_match() callback to PowerPCCPUClass. The default handler simply compares PVR defined in the class. This implements ppc_pvr_match_power7/ppc_pvr_match_power8 callbacks for POWER7/8 families. These check for POWER7/POWER7+ and POWER8/POWER8E. This changes ppc_cpu_compare_class_pvr_mask() not to check masks but use the pvr_match() callback. Since all server CPUs use the same mask, this defines one mask value - CPU_POWERPC_POWER_SERVER_MASK - which is used everywhere now. This removes other mask definitions. This removes pvr_mask from PowerPCCPUClass as it is not used anymore. This removes pvr initialization for POWER7/8 families as it is not used to find the class, the pvr_match() callback is used instead. Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Signed-off-by: Alexander Graf <agraf@suse.de>
2014-07-08pseries: Update SLOF firmware image to qemu-slof-20140630Alexey Kardashevskiy
The changelog is: > Quieten the grub warning > Add boot menu support > boot from disk having chrp-boot file > fat16: fix read and remove debug messages > dhcparch define missing in compilation > pci-scan: reserve memory for pci-bridge without devices > pci-bridge: Fix ranges when no device beyond the bridge > Set dhcp arch in board-qemu config file > xhci: fix controller stop > dhcp: support client architecture code 93 > virtio-blk: support variable block size > usb: use common pci dma alloc/mapping routines > Remove unused SLOF code > pci-bridge: generic bridge needs to support pci dma functions > pci: extract dma functions as separate file > e1000: fix usage of multiple nics Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Signed-off-by: Alexander Graf <agraf@suse.de>
2014-07-08PPC: Fix booke206 TLB with phys addrs > 32bitAlexander Graf
We were truncating physical addresses to 32bit when using qemu-system-ppc with a booke206 TLB implementation. This patch fixes that and makes the full address space available. Signed-off-by: Alexander Graf <agraf@suse.de>
2014-07-08target-ppc: Fix gdbstub for ppc64le-linux-userRichard Henderson
The bswap that's needed for system mode isn't required for user mode, and in fact breaks debugging. Signed-off-by: Richard Henderson <rth@twiddle.net> [agraf: fix apple gdbstub implementation] Signed-off-by: Alexander Graf <agraf@suse.de>
2014-07-08target-ppc: Change default cpu for ppc64le-linux-userRichard Henderson
The default, 970fx, doesn't support MSR_LE. So even though we set LE in ppc_cpu_reset, it gets cleared again in hreg_store_msr. Error out if a user-selected cpu model doesn't support LE. Signed-off-by: Richard Henderson <rth@twiddle.net> [agraf: switch to POWER7 as default for BE and LE] Signed-off-by: Alexander Graf <agraf@suse.de>
2014-07-08target-ppc: KVMPPC_H_CAS fix cpu-version endianessLaurent Dufour
During KVMPPC_H_CAS processing, the cpu-version updated value is stored without taking care of the current endianess. As a consequence, the guest may not switch to the right CPU model, leading to unexpected results. If needed, the value is now converted. Fixes: 6d9412ea8132 ("target-ppc: Implement "compat" CPU option") Signed-off-by: Laurent Dufour <ldufour@linux.vnet.ibm.com> Reviewed-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2014-07-07Merge remote-tracking branch 'remotes/afaerber/tags/prep-for-2.1' into stagingPeter Maydell
PowerPC Reference Platform (PReP) * Update OpenHack'Ware firmware to replace QEMU-side workarounds # gpg: Signature made Mon 07 Jul 2014 15:49:42 BST using RSA key ID 3E7E013F # gpg: Good signature from "Andreas Färber <afaerber@suse.de>" # gpg: aka "Andreas Färber <afaerber@suse.com>" * remotes/afaerber/tags/prep-for-2.1: prep: Update ppc_rom.bin prep: Remove CPU reset entry point hack related to OpenHack'Ware prep: Remove PCI memory hack related to OpenHack'Ware Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-07-07Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into stagingPeter Maydell
pc,vhost,virtio fixes, test Bugfixes all over the place. There's a non bugfix here: re-enabling the vhost-user test, though the patch just brings back functionality that I disabled earlier to fix mingw build failures. This is now sorted, and keeping the unit test enabled seems important since the feature relies on an external server to work, so isn't easy to test. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> # gpg: Signature made Sun 06 Jul 2014 11:01:35 BST using RSA key ID D28D5469 # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" * remotes/mst/tags/for_upstream: qemu-char: add chr_add_watch support in mux chardev virtio-pci: fix MSI memory region use after free qdev: Fix crash when using non-device class name on -global qdev: Don't abort() in case globals can't be set hw/virtio: enable common virtio feature for mmio device acpi: fix typo in memory hotplug MMIO region name pci: assign devfn to pci_dev before calling pci_device_iommu_address_space() Handle G_IO_HUP in tcp_chr_read for tcp chardev virtio: move common virtio properties to bus class device pc-dimm: error out if memory hotplug is not enabled numa: check for busy memory backend qtest: enable vhost-user-test Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-07-07prep: Update ppc_rom.binAndreas Färber
This replaces QEMU-side workarounds for PCI BARs and CPU reset. Signed-off-by: Andreas Färber <andreas.faerber@web.de>
2014-07-07prep: Remove CPU reset entry point hack related to OpenHack'WareHervé Poussineau
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org> Signed-off-by: Andreas Färber <andreas.faerber@web.de>
2014-07-07prep: Remove PCI memory hack related to OpenHack'WareHervé Poussineau
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org> Signed-off-by: Andreas Färber <andreas.faerber@web.de>
2014-07-07Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into ↵Peter Maydell
staging Block pull request # gpg: Signature made Mon 07 Jul 2014 13:27:20 BST using RSA key ID 81AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" * remotes/stefanha/tags/block-pull-request: qmp: show QOM properties in device-list-properties dataplane: submit I/O as a batch linux-aio: implement io plug, unplug and flush io queue block: block: introduce APIs for submitting IO as a batch ahci: map memory via device's address space instead of address_space_memory raw-posix: Fix raw_getlength() to always return -errno on error qemu-iotests: Disable Quorum testing in 041 when Quorum is not builtin ahci.c: mask unused flags when reading size PRDT DBC MAINTAINERS: add Stefan Hajnoczi to IDE maintainers mirror: Fix qiov size for short requests Fix nocow typos in manpage Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-07-07Merge remote-tracking branch 'remotes/sstabellini/xen_arm_20140707' into stagingPeter Maydell
* remotes/sstabellini/xen_arm_20140707: xen: build on ARM xen_backend: introduce xenstore_read_uint64 and xenstore_read_fe_uint64 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-07-07xen: build on ARMStefano Stabellini
Collection of fixes to build QEMU with Xen support on ARM: - use xenstore_read_fe_uint64 to retrieve the page-ref (xenfb); - use xen_pfn_t instead of unsigned long in xenfb; - unsigned long/xenpfn_t in xen_remove_from_physmap; - in xen-mapcache.c use HOST_LONG_BITS to check for QEMU's address space size. Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
2014-07-07xen_backend: introduce xenstore_read_uint64 and xenstore_read_fe_uint64Stefano Stabellini
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
2014-07-07qmp: show QOM properties in device-list-propertiesStefan Hajnoczi
Devices can use a mix of qdev and QOM properties. Currently only the qdev properties are displayed by device-list-properties. This patch extends the property enumeration algorithm to also display QOM properties (excluding the implicit "type", "realized", "hotpluggable", and "parent_bus" properties). When a qdev property exists, use the qdev type name to preserve backwards compatibility. QOM type names can be different for bool (qdev on/off) and str (used by qdev pointers). Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-07-07dataplane: submit I/O as a batchMing Lei
Before commit 580b6b2aa2(dataplane: use the QEMU block layer for I/O), dataplane for virtio-blk submits block I/O as a batch. This commit 580b6b2aa2 replaces the custom linux AIO implementation(including submit I/O as a batch) with QEMU block layer, but this commit causes ~40% throughput regression on virtio-blk performance, and removing submitting I/O as a batch is one of the causes. This patch applies the newly introduced bdrv_io_plug() and bdrv_io_unplug() interfaces to support submitting I/O at batch for Qemu block layer, and in my test, the change can improve throughput by ~30% with 'aio=native'. Following my fio test script: [global] direct=1 size=4G bsrange=4k-4k timeout=40 numjobs=4 ioengine=libaio iodepth=64 filename=/dev/vdc group_reporting=1 [f] rw=randread Result on one of my small machine(host: x86_64, 2cores, 4thread, guest: 4cores): - qemu master: 65K IOPS - qemu master with these patches: 92K IOPS - 2.0.0 release(dataplane using custom linux aio): 104K IOPS Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Ming Lei <ming.lei@canonical.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-07-07linux-aio: implement io plug, unplug and flush io queueMing Lei
This patch implements .bdrv_io_plug, .bdrv_io_unplug and .bdrv_flush_io_queue callbacks for linux-aio Block Drivers, so that submitting I/O as a batch can be supported on linux-aio. [Unprocessed requests are completed with -EIO instead of a bogus ret value. --Stefan] Signed-off-by: Ming Lei <ming.lei@canonical.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-07-07block: block: introduce APIs for submitting IO as a batchMing Lei
This patch introduces three APIs so that following patches can support queuing I/O requests and submitting them as a batch for improving I/O performance. Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Ming Lei <ming.lei@canonical.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-07-07ahci: map memory via device's address space instead of address_space_memoryLe Tan
In map_page() in hw/ide/ahci.c, replace cpu_physical_memory_map() and cpu_physical_memory_unmap() with dma_memory_map() and dma_memory_unmap(), because ahci devices should not access memory directly but via their address space. Add an AddressSpace parameter to map_page(). In order to call map_page(), we should pass the AHCIState.as as the AddressSpace argument. Signed-off-by: Le Tan <tamlokveer@gmail.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-07-07raw-posix: Fix raw_getlength() to always return -errno on errorMarkus Armbruster
We got a merry mix of -1 and -errno here. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Benoit Canet <benoit@irqsave.net> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-07-07qemu-iotests: Disable Quorum testing in 041 when Quorum is not builtinBenoît Canet
This avoid breaking tests on RHEL6 where gnutls is too old for quorum to be built by default. Signed-off-by: Benoit Canet <benoit@irqsave.net> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-07-07ahci.c: mask unused flags when reading size PRDT DBCReza Jelveh
The data byte count(DBC) read from the description information is defined for bits 21:00. Bits 30:22 are reserved and bit 31 is the Interrupt on Completion (I) flag. Completion interrupts are triggered after every transaction instead of on I-flag in QEMU. tbl_entry_size is a signed integer and improperly reading the DBC leads to a negative offset that causes sglist allocation to fail. Signed-off-by: Reza Jelveh <reza.jelveh@tuhh.de> Reviewed-by: Alexander Graf <agraf@suse.de> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-07-07MAINTAINERS: add Stefan Hajnoczi to IDE maintainersStefan Hajnoczi
Make Stefan officially co-maintain hw/ide/ with Kevin. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Acked-by: Kevin Wolf <kwolf@redhat.com>
2014-07-07mirror: Fix qiov size for short requestsKevin Wolf
When mirroring an image of a size that is not a multiple of the mirror job granularity, the last request would have the right nb_sectors argument, but a qiov that is rounded up to the next multiple of the granularity. Don't do this. This fixes a segfault that is caused by raw-posix being confused by this and allocating a buffer with request length, but operating on it with qiov length. [s/Driver/Drive/ in qemu-iotests 041 as suggested by Eric --Stefan] Reported-by: Eric Blake <eblake@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com> Tested-by: Eric Blake <eblake@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-07-07Fix nocow typos in manpageChunyan Liu
Signed-off-by: Chunyan Liu <cyliu@suse.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-07-06qemu-char: add chr_add_watch support in mux chardevKirill Batuzov
Forward chr_add_watch call from mux chardev to underlying implementation. This should fix bug #1335444 Signed-off-by: Kirill Batuzov <batuzovk@ispras.ru> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-07-06virtio-pci: fix MSI memory region use after freePaolo Bonzini
After memory region QOMification QEMU is stricter in detecting wrong usage of the memory region API. Here it detected a memory_region_destroy done before the corresponding memory_region_del_subregion; the memory_region_destroy is done by msix_uninit_exclusive_bar, the memory_region_del_subregion is done by the PCI core's pci_unregister_io_regions before pc->exit is called. The problem was introduced by commit 06a1307379fcd6c551185ad87679cd7ed896b9ea virtio-pci: add device_unplugged callback As noted in that commit log, virtio device kick callbacks need to be stopped before generic virtio is cleaned up. This is because these are notifications from pci proxy to the generic virtio device so they need to be stopped in the unplug call before the virtio device is unrealized. However interrupts are notifications from the virtio device to the pci proxy so they need to stay around while the device is realized. The memory API misuse caused an assertion when hot-unplugging virtio devices. Using the API correctly fixes the assertion. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-07-06qdev: Fix crash when using non-device class name on -globalEduardo Habkost
This fixes the following crash: $ qemu-system-x86_64 -global container.xxx=y hw/core/qdev-properties-system.c:399:qdev_add_one_global: Object 0x7f7eff234100 is not an instance of type device Aborted (core dumped) New behavior will be to just warn, just like when non-existing clas names are used: $ qemu-system-x86_64 -global container.xxx=y qemu-system-x86_64: Warning: "-global container.xxx=y" not used Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Tested-by: Don Slutz <dslutz@verizon.com>