aboutsummaryrefslogtreecommitdiff
path: root/hw/virtio
AgeCommit message (Collapse)Author
2014-06-19Add vhost-user as a vhost backend.Nikolay Nikolaev
The initialization takes a chardev backed by a unix domain socket. It should implement qemu_fe_set_msgfds in order to be able to pass file descriptors to the remote process. Each ioctl request of vhost-kernel has a vhost-user message equivalent, which is sent over the control socket. The general approach is to copy the data from the supplied argument pointer to a designated field in the message. If a file descriptor is to be passed it will be placed in the fds array for inclusion in the sendmsg control header. VHOST_SET_MEM_TABLE ignores the supplied vhost_memory structure and scans the global ram_list for ram blocks with a valid fd field set. This would be set when the '-object memory-file' option with share=on property is used. Signed-off-by: Antonios Motakis <a.motakis@virtualopensystems.com> Signed-off-by: Nikolay Nikolaev <n.nikolaev@virtualopensystems.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-06-19Add vhost-backend and VhostBackendTypeNikolay Nikolaev
Use vhost_set_backend_type to initialise a proper vhost_ops structure. In vhost_net_init and vhost_net_start_one call conditionally TAP related initialisation depending on the vhost backend type. Signed-off-by: Antonios Motakis <a.motakis@virtualopensystems.com> Signed-off-by: Nikolay Nikolaev <n.nikolaev@virtualopensystems.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-06-19Add vhost_ops to vhost_dev struct and replace all relevant ioctlsNikolay Nikolaev
Decouple vhost from the Linux kernel by introducing vhost_ops. The intention is to provide different backends - a 'kernel' backend based on the ioctl interface, and an 'user' backend based on a UNIX domain socket and shared memory interface. Signed-off-by: Antonios Motakis <a.motakis@virtualopensystems.com> Signed-off-by: Nikolay Nikolaev <n.nikolaev@virtualopensystems.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-06-19vhost_net_init will use VhostNetOptions to get all its argumentsNikolay Nikolaev
vhost_dev_init will replace devfd and devpath with a single opaque argument. This is initialised with a file descriptor. When TAP is used (through vhost_net), open /dev/vhost-net and pass the fd as an opaque parameter in VhostNetOptions. The same applies to vhost-scsi - open /dev/vhost-scsi and pass the fd. Signed-off-by: Antonios Motakis <a.motakis@virtualopensystems.com> Signed-off-by: Nikolay Nikolaev <n.nikolaev@virtualopensystems.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-06-19vhost: add vhost_get_features and vhost_ack_featuresNikolay Nikolaev
Generalize the features get/ack to be used for both vhost-net and vhost-scsi. In vhost-net add vhost_net_get_feature_bits to select the feature bit set depending on the NetClient kind. Signed-off-by: Nikolay Nikolaev <n.nikolaev@virtualopensystems.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-06-19virtio: Drop superfluous conditionals around g_strdup()Markus Armbruster
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2014-06-19virtio: Drop superfluous conditionals around g_free()Markus Armbruster
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2014-06-11vhost: replace ffsl with ctzlNatanael Copa
Avoid using the GNU extesion ffsl which is not implemented in musl libc. The atomic_xchg() means we know that vhost_log_chunk_t will never be larger than the 'long' type, so ctzl() is always sufficient. See also commit fbeadf50 (bitops: unify bitops_ffsl with the one in host-utils.h, call it bitops_ctzl) on why ctzl should be used instead of ffsl. Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-06-10virtio.c: fix error messageMichael Tokarev
Suggested-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-05-25virtio-balloon: return empty data when no stats are availableJán Tomko
If the guest hasn't updated the stats yet, instead of returning an error, return '-1' for the stats and '0' as 'last-update'. This lets applications ignore this without parsing the error message. Related libvirt patch and discussion: https://www.redhat.com/archives/libvir-list/2014-May/msg00460.html Tested against current upstream libvirt - stat reporting works and it no longer logs errors when the stats are queried on domain startup. (Note: libvirt doesn't use the last-update field for anything yet) Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2014-05-15qapi: Replace uncommon use of the error API by the common oneMarkus Armbruster
We commonly use the error API like this: err = NULL; foo(..., &err); if (err) { goto out; } bar(..., &err); Every error source is checked separately. The second function is only called when the first one succeeds. Both functions are free to pass their argument to error_set(). Because error_set() asserts no error has been set, this effectively means they must not be called with an error set. The qapi-generated code uses the error API differently: // *errp was initialized to NULL somewhere up the call chain frob(..., errp); gnat(..., errp); Errors accumulate in *errp: first error wins, subsequent errors get dropped. To make this work, the second function does nothing when called with an error set. Requires non-null errp, or else the second function can't see the first one fail. This usage has also bled into visitor tests, and two device model object property getters rtc_get_date() and balloon_stats_get_all(). With the "accumulate" technique, you need fewer error checks in callers, and buy that with an error check in every callee. Can be nice. However, mixing the two techniques is confusing. You can't use the "accumulate" technique with functions designed for the "check separately" technique. You can use the "check separately" technique with functions designed for the "accumulate" technique, but then error_set() can't catch you setting an error more than once. Standardize on the "check separately" technique for now, because it's overwhelmingly prevalent. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-05-15hw: Don't call visit_end_struct() after visit_start_struct() failsMarkus Armbruster
When visit_start_struct() fails, visit_end_struct() must not be called. rtc_get_date() and balloon_stats_all() call it anyway. As far as I can tell, they're only used with the string output visitor, which doesn't care. Fix them anyway. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-05-12virtio: allow mapping up to max queue sizeMichael S. Tsirkin
It's a loop from i < num_sg and the array is VIRTQUEUE_MAX_SIZE - so it's OK if the value read is VIRTQUEUE_MAX_SIZE. Not a big problem in practice as people don't use such big queues, but it's inelegant. Reported-by: "Dr. David Alan Gilbert" <dgilbert@redhat.com> Cc: qemu-stable@nongnu.org Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-05-07Merge remote-tracking branch 'remotes/juanquintela/tags/migration/20140505' ↵Peter Maydell
into staging migration/next for 20140505 # gpg: Signature made Mon 05 May 2014 21:27:24 BST using RSA key ID 5872D723 # gpg: Can't check signature: public key not found * remotes/juanquintela/tags/migration/20140505: (36 commits) migration: expose xbzrle cache miss rate migration: expose the bitmap_sync_count to the end migration: Add counts of updating the dirty bitmap XBZRLE: Fix one XBZRLE corruption issues migration: remove duplicate code Coverity: Fix failure path for qemu_accept in migration Init the XBZRLE.lock in ram_mig_init Provide init function for ram migration Count used RAMBlock pages for migration_dirty_pages Make qemu_peek_buffer loop until it gets it's data Disallow outward migration while awaiting incoming migration virtio: validate config_len on load virtio-net: out-of-bounds buffer write on load openpic: avoid buffer overrun on incoming migration ssi-sd: fix buffer overrun on invalid state load savevm: Ignore minimum_version_id_old if there is no load_state_old usb: sanity check setup_index+setup_len in post_load vmstate: s/VMSTATE_INT32_LE/VMSTATE_INT32_POSITIVE_LE/ virtio-scsi: fix buffer overrun on invalid state load zaurus: fix buffer overrun on invalid state load ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-05-05virtio: validate config_len on loadMichael S. Tsirkin
Malformed input can have config_len in migration stream exceed the array size allocated on destination, the result will be heap overflow. To fix, that config_len matches on both sides. CVE-2014-0182 Reported-by: "Dr. David Alan Gilbert" <dgilbert@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com> -- v2: use %ix and %zx to print config_len values Signed-off-by: Juan Quintela <quintela@redhat.com>
2014-05-05virtio: validate num_sg when mappingMichael S. Tsirkin
CVE-2013-4535 CVE-2013-4536 Both virtio-block and virtio-serial read, VirtQueueElements are read in as buffers, and passed to virtqueue_map_sg(), where num_sg is taken from the wire and can force writes to indicies beyond VIRTQUEUE_MAX_SIZE. To fix, validate num_sg. Reported-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Cc: Amit Shah <amit.shah@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
2014-05-05virtio: avoid buffer overrun on incoming migrationMichael Roth
CVE-2013-6399 vdev->queue_sel is read from the wire, and later used in the emulation code as an index into vdev->vq[]. If the value of vdev->queue_sel exceeds the length of vdev->vq[], currently allocated to be VIRTIO_PCI_QUEUE_MAX elements, subsequent PIO operations such as VIRTIO_PCI_QUEUE_PFN can be used to overrun the buffer with arbitrary data originating from the source. Fix this by failing migration if the value from the wire exceeds VIRTIO_PCI_QUEUE_MAX. Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Juan Quintela <quintela@redhat.com>
2014-05-05virtio: out-of-bounds buffer write on invalid state loadMichael S. Tsirkin
CVE-2013-4151 QEMU 1.0 out-of-bounds buffer write in virtio_load@hw/virtio/virtio.c So we have this code since way back when: num = qemu_get_be32(f); for (i = 0; i < num; i++) { vdev->vq[i].vring.num = qemu_get_be32(f); array of vqs has size VIRTIO_PCI_QUEUE_MAX, so on invalid input this will write beyond end of buffer. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
2014-05-05qom: Clean up fragile use of error_is_set() in set() methodsMarkus Armbruster
Using error_is_set(ERRP) to find out whether a function failed is either wrong, fragile, or unnecessarily opaque. It's wrong when ERRP may be null, because errors go undetected when it is. It's fragile when proving ERRP non-null involves a non-local argument. Else, it's unnecessarily opaque (see commit 84d18f0). I guess the error_is_set(errp) in the ObjectProperty set() methods are merely fragile right now, because I can't find a call chain that passes a null errp argument. Make the code more robust and more obviously correct: receive the error in a local variable, then propagate it through the parameter. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-19virtio-rng: Avoid default_backend refcount leakStefan Hajnoczi
QOM child properties take a reference to the object and release it when the property is deleted. Therefore we should unref the default_backend after we have added it as a child property. Cc: KONRAD Frederic <fred.konrad@greensocs.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-19qom: Add check() argument to object_property_add_link()Stefan Hajnoczi
There are currently three types of object_property_add_link() callers: 1. The link property may be set at any time. 2. The link property of a DeviceState instance may only be set before realize. 3. The link property may never be set, it is read-only. Something similar can already be achieved with object_property_add_str()'s set() argument. Follow its example and add a check() argument to object_property_add_link(). Also provide default check() functions for case #1 and #2. Case #3 is covered by passing a NULL function pointer. Cc: Peter Crosthwaite <peter.crosthwaite@petalogix.com> Cc: Alexander Graf <agraf@suse.de> Cc: Anthony Liguori <aliguori@amazon.com> Cc: "Michael S. Tsirkin" <mst@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> [AF: Tweaked documentation comment] Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-19qom: Make QOM link property unref optionalStefan Hajnoczi
Some object_property_add_link() callers expect property deletion to unref the link property object. Other callers expect to manage the refcount themselves. The former are currently broken and therefore leak the link property object. This patch adds a flags argument to object_property_add_link() so the caller can specify which refcount behavior they require. The new OBJ_PROP_LINK_UNREF_ON_RELEASE flag causes the link pointer to be unreferenced when the property is deleted. This fixes refcount leaks in qdev.c, xilinx_axidma.c, xilinx_axienet.c, s390-virtio-bus.c, virtio-pci.c, virtio-rng.c, and ui/console.c. Rationale for refcount behavior: * hw/core/qdev.c - bus children are explicitly unreferenced, don't interfere - parent_bus is essentially a read-only property that doesn't hold a refcount, don't unref - hotplug_handler is leaked, do unref * hw/dma/xilinx_axidma.c - rx stream "dma" links are set using set_link, therefore they need unref - tx streams are set using set_link, therefore they need unref * hw/net/xilinx_axienet.c - same reasoning as hw/dma/xilinx_axidma.c * hw/pcmcia/pxa2xx.c - pxa2xx bypasses set_link and therefore does not use refcounts * hw/s390x/s390-virtio-bus.c * hw/virtio/virtio-pci.c * hw/virtio/virtio-rng.c * ui/console.c - set_link is used and there is no explicit unref, do unref Cc: Peter Crosthwaite <peter.crosthwaite@petalogix.com> Cc: Alexander Graf <agraf@suse.de> Cc: Anthony Liguori <aliguori@amazon.com> Cc: "Michael S. Tsirkin" <mst@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-02-14qdev: Remove hex8/32/64 property typesPaolo Bonzini
Replace them with uint8/32/64. Reviewed-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-02-11exec: Make stw_*_phys input an AddressSpaceEdgar E. Iglesias
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
2014-02-11exec: Make stl_*_phys input an AddressSpaceEdgar E. Iglesias
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
2014-02-11exec: Make lduw_*_phys input an AddressSpaceEdgar E. Iglesias
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
2014-02-11exec: Make ldq/ldub_*_phys input an AddressSpaceEdgar E. Iglesias
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
2014-02-11exec: Make ldl_*_phys input an AddressSpaceEdgar E. Iglesias
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
2014-02-01Merge remote-tracking branch 'qmp-unstable/queue/qmp' into stagingPeter Maydell
* qmp-unstable/queue/qmp: monitor: Cleanup mon->outbuf on write error virtio_rng: replace custom backend API with UserCreatable.complete() callback add optional 2nd stage initialization to -object/object-add commands vl.c: -object: don't ignore duplicate 'id' object_add: consolidate error handling Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-01-30Merge remote-tracking branch 'mjt/tags/trivial-patches-2014-01-16' into stagingPeter Maydell
trivial-patches for 2014-01-16 # gpg: Signature made Thu 16 Jan 2014 17:29:05 GMT using RSA key ID 74F0C838 # gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>" # gpg: aka "Michael Tokarev <mjt@corpit.ru>" # gpg: aka "Michael Tokarev <mjt@debian.org>" # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5 # Subkey fingerprint: E190 8639 3B10 B51B AC2C 8B73 5253 C5AD 74F0 C838 Message-id: 1389893719-16336-1-git-send-email-mjt@msgid.tls.msk.ru Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-01-28virtio_rng: replace custom backend API with UserCreatable.complete() callbackIgor Mammedov
in addition fix default backend leak by releasing it if its initialization failed. Signed-off-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-01-22dataplane: fix shadowed return valueStefan Hajnoczi
Propagate the error return value from get_indirect(). This bug was introduced in commit 4d684832 ("vring: create a common function to parse descriptors"). Reviewed-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-01-15virtio-balloon: don't hardcode config size valueLuiz Capitulino
Use sizeof(struct virtio_balloon_config) instead. Signed-off-by: Luiz capitulino <lcapitulino@redhat.com> Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-01-10Merge remote-tracking branch 'stefanha/block' into stagingAnthony Liguori
* stefanha/block: commit: Remove unused check qemu-iotests: Update test cases for commit active commit: Support commit active layer block: Add commit_active_start() mirror: Move base to MirrorBlockJob mirror: Don't close target qemu-iotests: drop duplicate virtio-blk initialization failure vmdk: Allow vmdk_create to work with protocol vmdk: Check VMFS extent line field number docs: updated qemu-img man page and qemu-doc to reflect VHDX support. block: vhdx - improve error message, and .bdrv_check implementation block/iscsi: Fix compilation for libiscsi 1.4.0 (API change) qapi-schema: fix QEMU 1.8 references dataplane: replace hostmem with memory_region_find dataplane: change vring API to use VirtQueueElement vring: factor common code for error exits vring: create a common function to parse descriptors sheepdog: fix dynamic grow for running qcow2 format Message-id: 1387554416-5837-1-git-send-email-stefanha@redhat.com Signed-off-by: Anthony Liguori <aliguori@amazon.com>
2013-12-23virtio: add back call to virtio_bus_device_unpluggedPaolo Bonzini
This got lost in a rebase. Reported-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2013-12-20dataplane: replace hostmem with memory_region_findPaolo Bonzini
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-12-20dataplane: change vring API to use VirtQueueElementPaolo Bonzini
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-12-20vring: factor common code for error exitsPaolo Bonzini
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-12-20vring: create a common function to parse descriptorsPaolo Bonzini
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-12-09virtio: Convert exit to unrealizeAndreas Färber
Signed-off-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-12-09virtio: Complete converting VirtioDevice to QOM realizeAndreas Färber
Drop VirtioDeviceClass::init. Signed-off-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-12-09virtio-rng: Convert to QOM realizeAndreas Färber
Signed-off-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-12-09virtio-balloon: Convert to QOM realizeAndreas Färber
Signed-off-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-12-09virtio: Start converting VirtioDevice to QOM realizeAndreas Färber
Temporarily allow either VirtioDeviceClass::init or VirtioDeviceClass::realize. Introduce VirtioDeviceClass::unrealize for symmetry. Signed-off-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-12-09virtio-rng: QOM realize preparationsAndreas Färber
Rename qdev -> dev because that's what realize's argument is called by convention. No need to keep more "qdev" around than necessary. Signed-off-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-12-09virtio-balloon: QOM realize preparationsAndreas Färber
Rename qdev -> dev since that's what realize's argument is called by convention. No need to keep more "qdev" around than necessary. Avoid duplicate VIRTIO_DEVICE() cast. Signed-off-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-12-09virtio-pci: add device_unplugged callbackPaolo Bonzini
This fixes a crash in hot-unplug of virtio-pci devices behind a PCIe switch. The crash happens because the ioeventfd is still set whent the child is destroyed (destruction happens in postorder). Then the proxy tries to unset to ioeventfd, but the virtqueue structure that holds the EventNotifier has been trashed in the meanwhile. kvm_set_ioeventfd_pio does not expect failure and aborts. The fix is simply to move parts of uninitialization to a new device_unplugged callback, which is called before the child is destroyed. Cc: qemu-stable@nongnu.org Acked-by: Andreas Faerber <afaerber@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-12-09virtio-rng: switch exit callback to VirtioDeviceClassPaolo Bonzini
This ensures hot-unplug is handled properly by the proxy, and avoids leaking bus_name which is freed by virtio_device_exit. Cc: qemu-stable@nongnu.org Acked-by: Andreas Faerber <afaerber@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-12-09virtio-balloon: switch exit callback to VirtioDeviceClassPaolo Bonzini
This ensures hot-unplug is handled properly by the proxy, and avoids leaking bus_name which is freed by virtio_device_exit. Cc: qemu-stable@nongnu.org Acked-by: Andreas Faerber <afaerber@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-12-09virtio-bus: cleanup plug/unplug interfacePaolo Bonzini
Right now we have these pairs: - virtio_bus_plug_device/virtio_bus_destroy_device. The first takes a VirtIODevice, the second takes a VirtioBusState - device_plugged/device_unplug callbacks in the VirtioBusClass (here it's just the naming that is inconsistent) - virtio_bus_destroy_device is not called by anyone (and since it calls qdev_free, it would be called by the proxies---but then the callback is useless since the proxies can do whatever they want before calling virtio_bus_destroy_device) And there is a k->init but no k->exit, hence virtio_device_exit is overwritten by subclasses (except virtio-9p). This cleans it up by: - renaming the device_unplug callback to device_unplugged - renaming virtio_bus_plug_device to virtio_bus_device_plugged, matching the callback name - renaming virtio_bus_destroy_device to virtio_bus_device_unplugged, removing the qdev_free, making it take a VirtIODevice and calling it from virtio_device_exit - adding a k->exit callback virtio_device_exit is still overwritten, the next patches will fix that. Cc: qemu-stable@nongnu.org Acked-by: Andreas Faerber <afaerber@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>