aboutsummaryrefslogtreecommitdiff
path: root/hw/virtio/virtio-balloon.c
AgeCommit message (Collapse)Author
2014-10-23virtio-balloon: Tweak recent fix for integer overflowMarkus Armbruster
Commit 1f9296b avoids "other kinds of overflow" by limiting the polling interval to UINT_MAX. The computations to protect are done in 64 bits. This is indeed safe when unsigned is 32 bits, as it commonly is. It isn't when unsigned is 64 bits. Purely theoretical; I'm not aware of such a system. Limit it to UINT32_MAX instead. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-09-26virtio-balloon: fix integer overflow in memory stats featureLuiz Capitulino
When a QMP client changes the polling interval time by setting the guest-stats-polling-interval property, the interval value is stored and manipulated as an int64_t variable. However, the balloon_stats_change_timer() function, which is used to set the actual timer with the interval value, takes an int instead, causing an overflow for big interval values. This commit fix this bug by changing balloon_stats_change_timer() to take an int64_t and also it limits the polling interval value to UINT_MAX to avoid other kinds of overflow. Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com>
2014-06-29virtio-balloon: use virtio wrappers to access page frame numbersRusty Russell
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Reviewed-by: Anthony Liguori <aliguori@us.ibm.com> [ pass VirtIODevice * to memory accessors, Greg Kurz <gkurz@linux.vnet.ibm.com> ] Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Reviewed-by: Alexander Graf <agraf@suse.de> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-06-29virtio-balloon: implement per-device migration callsGreg Kurz
Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Reviewed-by: Alexander Graf <agraf@suse.de> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-06-29virtio: introduce device specific migration callsGreg Kurz
In order to migrate virtio subsections, they should be streamed after the device itself. We need the device specific code to be called from the common migration code to achieve this. This patch introduces load and save methods for this purpose. Suggested-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Reviewed-by: Alexander Graf <agraf@suse.de> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-06-23qapi event: convert BALLOON_CHANGEWenchao Xia
Signed-off-by: Wenchao Xia <wenchaoqemu@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-05-25virtio-balloon: return empty data when no stats are availableJán Tomko
If the guest hasn't updated the stats yet, instead of returning an error, return '-1' for the stats and '0' as 'last-update'. This lets applications ignore this without parsing the error message. Related libvirt patch and discussion: https://www.redhat.com/archives/libvir-list/2014-May/msg00460.html Tested against current upstream libvirt - stat reporting works and it no longer logs errors when the stats are queried on domain startup. (Note: libvirt doesn't use the last-update field for anything yet) Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2014-05-15qapi: Replace uncommon use of the error API by the common oneMarkus Armbruster
We commonly use the error API like this: err = NULL; foo(..., &err); if (err) { goto out; } bar(..., &err); Every error source is checked separately. The second function is only called when the first one succeeds. Both functions are free to pass their argument to error_set(). Because error_set() asserts no error has been set, this effectively means they must not be called with an error set. The qapi-generated code uses the error API differently: // *errp was initialized to NULL somewhere up the call chain frob(..., errp); gnat(..., errp); Errors accumulate in *errp: first error wins, subsequent errors get dropped. To make this work, the second function does nothing when called with an error set. Requires non-null errp, or else the second function can't see the first one fail. This usage has also bled into visitor tests, and two device model object property getters rtc_get_date() and balloon_stats_get_all(). With the "accumulate" technique, you need fewer error checks in callers, and buy that with an error check in every callee. Can be nice. However, mixing the two techniques is confusing. You can't use the "accumulate" technique with functions designed for the "check separately" technique. You can use the "check separately" technique with functions designed for the "accumulate" technique, but then error_set() can't catch you setting an error more than once. Standardize on the "check separately" technique for now, because it's overwhelmingly prevalent. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-05-15hw: Don't call visit_end_struct() after visit_start_struct() failsMarkus Armbruster
When visit_start_struct() fails, visit_end_struct() must not be called. rtc_get_date() and balloon_stats_all() call it anyway. As far as I can tell, they're only used with the string output visitor, which doesn't care. Fix them anyway. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-05-05qom: Clean up fragile use of error_is_set() in set() methodsMarkus Armbruster
Using error_is_set(ERRP) to find out whether a function failed is either wrong, fragile, or unnecessarily opaque. It's wrong when ERRP may be null, because errors go undetected when it is. It's fragile when proving ERRP non-null involves a non-local argument. Else, it's unnecessarily opaque (see commit 84d18f0). I guess the error_is_set(errp) in the ObjectProperty set() methods are merely fragile right now, because I can't find a call chain that passes a null errp argument. Make the code more robust and more obviously correct: receive the error in a local variable, then propagate it through the parameter. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-01-15virtio-balloon: don't hardcode config size valueLuiz Capitulino
Use sizeof(struct virtio_balloon_config) instead. Signed-off-by: Luiz capitulino <lcapitulino@redhat.com> Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2013-12-09virtio: Convert exit to unrealizeAndreas Färber
Signed-off-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-12-09virtio-balloon: Convert to QOM realizeAndreas Färber
Signed-off-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-12-09virtio-balloon: QOM realize preparationsAndreas Färber
Rename qdev -> dev since that's what realize's argument is called by convention. No need to keep more "qdev" around than necessary. Avoid duplicate VIRTIO_DEVICE() cast. Signed-off-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-12-09virtio-balloon: switch exit callback to VirtioDeviceClassPaolo Bonzini
This ensures hot-unplug is handled properly by the proxy, and avoids leaking bus_name which is freed by virtio_device_exit. Cc: qemu-stable@nongnu.org Acked-by: Andreas Faerber <afaerber@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-08-22aio / timers: Switch entire codebase to the new timer APIAlex Bligh
This is an autogenerated patch using scripts/switch-timer-api. Switch the entire code base to using the new timer API. Note this patch may introduce some line length issues. Signed-off-by: Alex Bligh <alex@alex.org.uk> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-07-29devices: Associate devices to their logical categoryMarcel Apfelbaum
The category will be used to sort the devices displayed in the command line help. Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com> Message-id: 1375107465-25767-4-git-send-email-marcel.a@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-07-27misc: Fix new typos in comments and stringsStefan Weil
All these typos were found by codespell. sould -> should emperical -> empirical intialization -> initialization successfuly -> successfully gaurantee -> guarantee Fix also another error (before before) in the same context. Signed-off-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2013-07-04memory: add ref/unref callsPaolo Bonzini
Add ref/unref calls at the following places: - places where memory regions are stashed by a listener and used outside the BQL (including in Xen or KVM). - memory_region_find callsites - creation of aliases and containers (only the aliased/contained region gets a reference to avoid loops) - around calls to del_subregion/add_subregion, where the region could disappear after the first call Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-06-20memory: make section size a 128-bit integerPaolo Bonzini
So far, the size of all regions passed to listeners could fit in 64 bits, because artificial regions (containers and aliases) are eliminated by the memory core, leaving only device regions which have reasonable sizes An IOMMU however cannot be eliminated by the memory core, and may have an artificial size, hence we may need 65 bits to represent its size. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-04-24virtio: cleanup: init and exit function.KONRAD Frederic
This clean the init and the exit functions and rename virtio_common_cleanup to virtio_cleanup. Signed-off-by: KONRAD Frederic <fred.konrad@greensocs.com> Message-id: 1366791683-5350-7-git-send-email-fred.konrad@greensocs.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-04-24virtio: remove the function pointer.KONRAD Frederic
This remove the function pointer in VirtIODevice, and use only VirtioDeviceClass function pointer. Signed-off-by: KONRAD Frederic <fred.konrad@greensocs.com> Message-id: 1366791683-5350-5-git-send-email-fred.konrad@greensocs.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-04-19virtio-balloon: fix integer overflow in BALLOON_CHANGE QMP eventLuiz Capitulino
Because dev->actual is uint32_t, the expression 'dev->actual << VIRTIO_BALLOON_PFN_SHIFT' is truncated to 32 bits. This overflows when dev->actual >= 1048576. To reproduce: 1. Start a VM with a QMP socket and 5G of RAM 2. Connect to the QMP socket, negotiate capabilities and issue: { "execute":"balloon", "arguments": { "value": 1073741824 } } 3. Watch for BALLOON_CHANGE QMP events, the last one will incorretly be: { "timestamp": { "seconds": 1366228965, "microseconds": 245466 }, "event": "BALLOON_CHANGE", "data": { "actual": 5368709120 } } To fix it this commit casts it to ram_addr_t, which is ram_size's type. Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2013-04-08hw: move virtio devices to hw/ subdirectoriesPaolo Bonzini
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>