aboutsummaryrefslogtreecommitdiff
path: root/include
AgeCommit message (Collapse)Author
2016-03-22hmp: fix sendkey out of bounds write (CVE-2015-8619)Wolfgang Bumiller
When processing 'sendkey' command, hmp_sendkey routine null terminates the 'keyname_buf' array. This results in an OOB write issue, if 'keyname_len' was to fall outside of 'keyname_buf' array. Since the keyname's length is known the keyname_buf can be removed altogether by adding a length parameter to index_from_key() and using it for the error output as well. Reported-by: Ling Liu <liuling-it@360.cn> Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> Message-Id: <20160113080958.GA18934@olga> [Comparison with "<" dumbed down, test for junk after strtoul() tweaked] Signed-off-by: Markus Armbruster <armbru@redhat.com> (cherry picked from commit 64ffbe04eaafebf4045a3ace52a360c14959d196) Conflicts: hmp.c *removed dependency on 7fb1cf16 Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2016-03-22migration: allow machine to enforce configuration section migrationGreg Kurz
Migration of pseries-2.3 doesn't have configuration section. Unfortunately, QEMU 2.4/2.4.1/2.5 are buggy and always stream and expect the configuration section, and break migration both ways. This patch introduces a property which allows to enforce a configuration section for machines who don't have one. It can be set at startup: -machine enforce-config-section=on or later from the QEMU monitor: qom-set /machine enforce-config-section on It is up to the tooling to set or unset this property according to the version of the QEMU at the other end of the pipe. Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Reviewed-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> (cherry picked from commit 902c053d834e3b802ec736f170edf226d4a841ff) Conflicts: qemu-options.hx * removed context dependency on 87252e1b * added to provide 2.5<->2.5.1 migration compat option for pseries-2.3 machines Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2016-03-17vhost-user: don't merge regions with different fdsMichael S. Tsirkin
vhost currently merges regions with contiguious virtual and physical addresses. This breaks for vhost-user since that also needs fds to match. Add a vhost_ops entry to compare the fds for vhost-user only. Cc: qemu-stable@nongnu.org Cc: Victor Kaplansky <victork@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> (cherry picked from commit ffe42cc14c770549abc7995a90cf53bca3659b7f) Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2016-03-17fw_cfg: unbreak migration compatibility for 2.4 and earlier machinesLaszlo Ersek
When I reviewed Marc's fw_cfg DMA patches, I completely missed that the way we set dma_enabled would break migration. Gerd explained the right way (see reference below): dma_enabled should be set to true by default, and only true->false transitions should be possible: - when the user requests that with -global fw_cfg_mem.dma_enabled=off or -global fw_cfg_io.dma_enabled=off as appropriate for the platform, - when HW_COMPAT_2_4 dictates it, - when board code initializes fw_cfg without requesting DMA support. Cc: Marc Marí <markmb@redhat.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Alexandre DERUMIER <aderumier@odiso.com> Cc: qemu-stable@nongnu.org Ref: http://thread.gmane.org/gmane.comp.emulators.qemu/390272/focus=391042 Ref: https://bugs.launchpad.net/qemu/+bug/1536487 Suggested-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Laszlo Ersek <lersek@redhat.com> Message-id: 1455823860-22268-1-git-send-email-lersek@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> (cherry picked from commit e6915b5f3a874a467a9a65f7ec1d6ef8d251a51a) Conflicts: include/hw/compat.h * remove cosmetic dep on c9c0afbb Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2016-03-17block: set device_list.tqe_prev to NULL on BDS removalJeff Cody
This fixes a regression introduced with commit 3f09bfbc7. Multiple bugs arise in conjunction with live snapshots and mirroring operations (which include active layer commit). After a live snapshot occurs, the active layer and the base layer both have a non-NULL tqe_prev field in the device_list, although the base node's tqe_prev field points to a NULL entry. This non-NULL tqe_prev field occurs after the bdrv_append() in the external snapshot calls change_parent_backing_link(). In change_parent_backing_link(), when the previous active layer is removed from device_list, the device_list.tqe_prev pointer is not set to NULL. The operating scheme in the block layer is to indicate that a BDS belongs in the bdrv_states device_list iff the device_list.tqe_prev pointer is non-NULL. This patch does two things: 1.) Introduces a new block layer helper bdrv_device_remove() to remove a BDS from the device_list, and 2.) uses that new API, which also fixes the regression once used in change_parent_backing_link(). Signed-off-by: Jeff Cody <jcody@redhat.com> Message-id: 0cd51e11c0666c04ddb7c05293fe94afeb551e89.1454376655.git.jcody@redhat.com Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com> (cherry picked from commit f8aa905a4fec89863c82de4186352447d851871e) Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2016-03-17block: Add blk_dev_has_tray()Max Reitz
Pull out the check whether a block device has a tray from blk_dev_is_tray_open() into its own function so both attributes (whether there is a tray vs. whether that tray is open) can be queried independently. Cc: qemu-stable <qemu-stable@nongnu.org> Signed-off-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Alberto Garcia <berto@igalia.com> Message-id: 1454096953-31773-2-git-send-email-mreitz@redhat.com (cherry picked from commit 8f3a73bc57ea83e5b3930d14fc596ea51859987a) Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2015-12-07sdhci: Sanitize "sdhci-pci" properties for future qomificationMarkus Armbruster
We currently fuse controller and card into a single device model, but we intend qomify things properly and separate the two. The properties that really belong to the card would then have to somehow pass-through to the card's properties. To avoid that complication, either mark them experimental or drop them. Properties "capareg", "maxcurr" and the usual PCI device properties belong to the controller. Property "drive" belongs to the card; rename it to "x-drive". Properties "logical_block_size", "physical_block_size", "min_io_size", "opt_io_size", "discard_granularity" belong to the card, but have no effect; drop them. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1449503710-3707-2-git-send-email-armbru@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-12-07virtio-blk: Drop x-data-plane optionFam Zheng
The official way of enabling dataplane is through the "iothread" property that references an iothread object created by "-object iothread". Since the old "x-data-plane=on" way now even crashes, it's probably easier to just drop it: $ qemu-system-x86_64 -drive file=null-co://,id=d0,if=none \ -device virtio-blk-pci,drive=d0,x-data-plane=on ERROR:/home/fam/work/qemu/qom/object.c:1515: object_get_canonical_path_component: assertion failed: (obj->parent != NULL) Aborted Signed-off-by: Fam Zheng <famz@redhat.com> Message-id: 1449485967-19240-1-git-send-email-famz@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-12-04Merge remote-tracking branch 'remotes/afaerber/tags/qom-devices-for-peter' ↵Peter Maydell
into staging QOM infrastructure fixes and device conversions * Documentation update * qom-test and related fixes # gpg: Signature made Fri 04 Dec 2015 17:54:55 GMT using RSA key ID 3E7E013F # gpg: Good signature from "Andreas Färber <afaerber@suse.de>" # gpg: aka "Andreas Färber <afaerber@suse.com>" * remotes/afaerber/tags/qom-devices-for-peter: qom-test: Fix qmp() leaks tests: Use proper functions types instead of void (*fn) qom: Update documentation comment of struct Object tests: Fix check-report-qtest-% target Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-12-04bt: check struct sizesPaolo Bonzini
See http://permalink.gmane.org/gmane.linux.bluez.kernel/36505. For historical reasons these do not use sizeof, and Coverity caught a mistake in EVT_ENCRYPT_CHANGE_SIZE. In addition: - remove status from create_conn_cancel_cp; the "status" field is only in rp structs. Note that this means that the OCF_CREATE_CONN_CANCEL could never have worked (it would have failed the LENGTH_CHECK), but I am keeping it anyway. - OCF_READ_LINK_QUALITY similarly could never have worked, but I am fixing read_link_quality_cp anyway. - fix inquiry_info which is shorter by one: the kernel has a struct that is 14 byte long, but not counting the initial num_responses byte which the kernel parses separately; - remove extended_inquiry_info altogether, since it's not used and unlike the other inquiry structs does not have the initial num_responses byte. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-12-04typedefs: Put them back into alphabetical orderMarkus Armbruster
"Please keep this list in alphabetical order" has been more honoured in the breach than in the observance. Clean up. While there, drop a redundant struct declaration. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-12-04scsi: remove scsi_req_free prototypeHervé Poussineau
Function has been deleted in ad2d30f79d3b0812f02c741be2189796b788d6d7. Signed-off-by: Hervé Poussineau <hpoussin@reactos.org> Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-12-03qom: Update documentation comment of struct ObjectCao jin
It doesn't have "GSList *interfaces" anymore, drop the paragraph. Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
2015-12-03Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into ↵Peter Maydell
staging # gpg: Signature made Thu 03 Dec 2015 04:59:48 GMT using RSA key ID 81AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" * remotes/stefanha/tags/block-pull-request: iotests: Add regresion test case for write notifier assertion failure iotests: Add "add_drive_raw" method block: Don't wait serialising for non-COR read requests iothread: include id in thread name Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-12-03block: Don't wait serialising for non-COR read requestsFam Zheng
The assertion problem was noticed in 06c3916b35a, but it wasn't completely fixed, because even though the req is not marked as serialising, it still gets serialised by wait_serialising_requests against other serialising requests, which could lead to the same assertion failure. Fix it by even more explicitly skipping the serialising for this specific case. Signed-off-by: Fam Zheng <famz@redhat.com> Message-id: 1448962590-2842-2-git-send-email-famz@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-12-02Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into stagingPeter Maydell
virtio,vhost,mmap fixes for 2.5 vhost test patches to fix the travis build virtio ccw patch to fix virtio 1 virtio pci patch to fix pci express vhost user bridge patch to fix fd leaks mmap-alloc patch to fix hugetlbfs on ppc64 remove dead code for vhost (trivial) Signed-off-by: Michael S. Tsirkin <mst@redhat.com> # gpg: Signature made Wed 02 Dec 2015 20:38:41 GMT using RSA key ID D28D5469 # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" * remotes/mst/tags/for_upstream: util/mmap-alloc: fix hugetlb support on ppc64 virtio-pci: Set the QEMU_PCI_CAP_EXPRESS capability early in its DeviceClass realize method virtio: handle non-virtio-1-capable backend for ccw tests/vhost-user-bridge.c: fix fd leakage vhost: drop dead code vhost-user: verify that number of queues is non-zero vhost-user-test: fix crash with glib < 2.36 vhost-user-test: use unix port for migration vhost-user-test: fix chardriver race Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-12-02util/mmap-alloc: fix hugetlb support on ppc64Michael S. Tsirkin
Since commit 8561c9244ddf1122d "exec: allocate PROT_NONE pages on top of RAM", it is no longer possible to back guest RAM with hugepages on ppc64 hosts: mmap(NULL, 285212672, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x3fff57000000 mmap(0x3fff57000000, 268435456, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 19, 0) = -1 EBUSY (Device or resource busy) This is because on ppc64, Linux fixes a page size for a virtual address at mmap time, so we can't switch a range of memory from anonymous small pages to hugetlbs with MAP_FIXED. See commit d0f13e3c20b6fb73ccb467bdca97fa7cf5a574cd ("[POWERPC] Introduce address space "slices"") in Linux history for the details. Detect this and create the PROT_NONE mapping using the same fd. Naturally, this makes the guard page bigger with hugetlbfs. Based on patch by Greg Kurz. Acked-by: Rik van Riel <riel@redhat.com> Reviewed-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Tested-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-12-02virtio: handle non-virtio-1-capable backend for ccwCornelia Huck
If you run a qemu advertising VERSION_1 with an old kernel where vhost did not yet support VERSION_1, you'll end up with a device that is {modern pci|ccw revision 1} but does not advertise VERSION_1. This is not a sensible configuration and is rejected by the Linux guest drivers. To fix this, add a ->post_plugged() callback invoked after features have been queried that can handle the VERSION_1 bit being withdrawn and change ccw to fall back to revision 0 if VERSION_1 is gone. Note that pci is _not_ fixed; we'll need to rethink the approach for the next release but at least for pci it's not a regression. Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-12-02vhost: drop dead codeMichael S. Tsirkin
commit 1e7398a1 ("vhost: enable vhost without without MSI-X"_ dropped the implementation of vhost_dev_query, drop it from the header file as well. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>
2015-12-02translate-all: ensure host page mask is always extended with 1'sPaolo Bonzini
Anthony reported that >4GB guests on Xen with 32bit QEMU broke after commit 4ed023c ("Round up RAMBlock sizes to host page sizes", 2015-11-05). In that patch sizes are masked against qemu_host_page_size/mask which are uintptr_t, and thus 32bit on a 32bit QEMU, even though the ram space might be bigger than 4GB on Xen. Since ram_addr_t is not available on user-mode emulation targets, ensure that we get a sign extension when masking away the low bits of the address. Remove the ~10 year old scary comment that the type of these variables is probably wrong, with another equally scary comment. The new comment however does not have "???" in it, which is arguably an improvement. For completeness use the alignment macros in linux-user and bsd-user instead of manually doing an &. linux-user and bsd-user are not affected by the Xen issue, however. Reviewed-by: Juan Quintela <quintela@redhat.com> Reported-by: Anthony PERARD <anthony.perard@citrix.com> Fixes: 4ed023ce2a39ab5812d33cf4d819def168965a7f Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-11-30oslib-win32: Change return type of function getpagesizeStefan Weil
getpagesize on Linux returns an int. Fix QEMU's implementation for Windows to return an int (instead of size_t), too. This fixes a compiler warning which was introduced recently (commit 093e3c42). Signed-off-by: Stefan Weil <sw@weilnetz.de>
2015-11-26Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into stagingPeter Maydell
vhost, pc: fixes for 2.5 Minor vhost fixes. HW version tweak for PC. Documentation and test updates. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> # gpg: Signature made Thu 26 Nov 2015 16:40:25 GMT using RSA key ID D28D5469 # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" * remotes/mst/tags/for_upstream: vhost-user-test: fix migration overlap test Fix memory leak on error Revert "vhost: send SET_VRING_ENABLE at start/stop" tests/vhost-user-bridge: read command line arguments tests/vhost-user-bridge: propose GUEST_ANNOUNCE feature vhost-user: clarify start and enable vhost-user: set link down when the char device is closed pc: Don't set hw_version on pc-*-2.5 osdep: Change default value of qemu_hw_version() to "2.5+" Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-11-26qjson: surprise, allocating 6 QObjects per token is expensivePaolo Bonzini
Replace the contents of the tokens GQueue with a simple struct. This cuts the amount of memory allocated by tests/check-qjson from ~500MB to ~20MB, and the execution time from 600ms to 80ms on my laptop. Still a lot (some could be saved by using an intrusive list, such as QSIMPLEQ, instead of the GQueue), but the savings are already massive and the right thing to do would probably be to get rid of json-streamer completely. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <1448300659-23559-5-git-send-email-pbonzini@redhat.com> [Straightforwardly rebased on my patches] Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2015-11-26qjson: store tokens in a GQueuePaolo Bonzini
Even though we still have the "streamer" concept, the tokens can now be deleted as they are read. While doing so convert from QList to GQueue, since the next step will make tokens not a QObject and we will have to do the conversion anyway. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <1448300659-23559-4-git-send-email-pbonzini@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2015-11-26qjson: replace QString in JSONLexer with GStringPaolo Bonzini
JSONLexer only needs a simple resizable buffer. json-streamer.c can allocate memory for each token instead of relying on reference counting of QStrings. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <1448300659-23559-2-git-send-email-pbonzini@redhat.com> [Straightforwardly rebased on my patches, checkpatch made happy] Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2015-11-26qjson: Give each of the six structural chars its own token typeMarkus Armbruster
Simplifies things, because we always check for a specific one. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <1448486613-17634-6-git-send-email-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2015-11-26qjson: Spell out some silent assumptionsMarkus Armbruster
Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <1448486613-17634-5-git-send-email-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2015-11-25Merge remote-tracking branch 'remotes/sstabellini/tags/xen-20151125' into ↵Peter Maydell
staging Xen 2015/11/25 # gpg: Signature made Wed 25 Nov 2015 11:19:26 GMT using RSA key ID 70E1AE90 # gpg: Good signature from "Stefano Stabellini <stefano.stabellini@eu.citrix.com>" * remotes/sstabellini/tags/xen-20151125: xen_disk: Remove ioreq.postsync xen: fix usage of xc_domain_create in domain builder Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-11-25osdep: Change default value of qemu_hw_version() to "2.5+"Eduardo Habkost
There are two issues with qemu_hw_version() today: 1) If a machine has hw_version set, the value returned by it is not very useful, because it is not the actual QEMU version. 2) If a machine does't set hw_version, the return value of qemu_hw_version() is broken, because it will change when upgrading QEMU. For those reasons, using qemu_hw_version() is strongly discouraged, and should be used only in code that used QEMU_VERSION in the past and needs to keep compatibility. To fix (2), instead of making every machine broken by default unless they set hw_version, make qemu_hw_version() simply return "2.5+" if qemu_set_hw_version() is not called. Suggested-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-11-19Merge remote-tracking branch 'remotes/afaerber/tags/qom-devices-for-peter' ↵Peter Maydell
into staging QOM infrastructure fixes and device conversions * Fix for properties on objects > 4 GiB * Performance improvements for QOM property handling * Assertion cleanups * MAINTAINERS additions # gpg: Signature made Thu 19 Nov 2015 14:32:16 GMT using RSA key ID 3E7E013F # gpg: Good signature from "Andreas Färber <afaerber@suse.de>" # gpg: aka "Andreas Färber <afaerber@suse.com>" * remotes/afaerber/tags/qom-devices-for-peter: MAINTAINERS: Add check-qom-{interface,proplist} to QOM qom: Clean up assertions to display values on failure qom: Replace object property list with GHashTable qom: Add a test case for complex property finalization net: Convert net filter code to use object property iterators ppc: Convert spapr code to use object property iterators vl: Convert machine help code to use object property iterators qmp: Convert QMP code to use object property iterators qom: Introduce ObjectPropertyIterator struct for iteration qdev: Change Property::offset field to ptrdiff_t type Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-11-19Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into stagingPeter Maydell
vhost, pc: fixes for 2.5 Fixes all over the place. This also re-enables a test we disabled in 2.5 cycle now that there's a way not to get a warning from it. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> # gpg: Signature made Thu 19 Nov 2015 13:27:43 GMT using RSA key ID D28D5469 # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" * remotes/mst/tags/for_upstream: exec: silence hugetlbfs warning under qtest tests: re-enable vhost-user-test acpi: fix buffer overrun on migration vhost-user: fix log size vhost-user: ignore qemu-only features specs/vhost-user: fix spec to match reality tests/vhost-user-bridge: implement logging of dirty pages i440fx: print an error message if user tries to enable iommu q35: Check propery to determine if iommu is set vhost-user: start/stop all rings vhost-user: print original request on error vhost-user-test: support VHOST_USER_SET_VRING_ENABLE vhost-user: update spec description vhost: don't send RESET_OWNER at stop vhost: let SET_VRING_ENABLE message depends on protocol feature Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-11-19qom: Replace object property list with GHashTablePavel Fedin
ARM GICv3 systems with large number of CPUs create lots of IRQ pins. Since every pin is represented as a property, number of these properties becomes very large. Every property add first makes sure there's no duplicates. Traversing the list becomes very slow, therefore QEMU initialization takes significant time (several seconds for e. g. 16 CPUs). This patch replaces list with GHashTable, making lookup very fast. The only drawback is that object_child_foreach() and object_child_foreach_recursive() cannot add or remove properties during traversal, since GHashTableIter does not have modify-safe version. However, the code seems not to modify objects via these functions. Signed-off-by: Pavel Fedin <p.fedin@samsung.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Tested-by: Pavel Fedin <p.fedin@samsung.com> [AF: Fixed object_property_del_{all,child}() issues; g_hash_table_contains() -> g_hash_table_lookup(), suggested by Daniel] Reviewed-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
2015-11-19migration: implement bdrv_all_find_vmstate_bs helperDenis V. Lunev
The patch also ensures proper locking for the operation. Signed-off-by: Denis V. Lunev <den@openvz.org> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Fam Zheng <famz@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> CC: Kevin Wolf <kwolf@redhat.com> Tested-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
2015-11-19snapshot: create bdrv_all_create_snapshot helperDenis V. Lunev
to create snapshot for all loaded block drivers. The patch also ensures proper locking. Signed-off-by: Denis V. Lunev <den@openvz.org> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Fam Zheng <famz@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> CC: Kevin Wolf <kwolf@redhat.com> Tested-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
2015-11-19snapshot: create bdrv_all_find_snapshot helperDenis V. Lunev
to check that snapshot is available for all loaded block drivers. The check bs != bs1 in hmp_info_snapshots is an optimization. The check for availability of this snapshot will return always true as the list of snapshots was collected from that image. The patch also ensures proper locking. Signed-off-by: Denis V. Lunev <den@openvz.org> Reviewed-by: Fam Zheng <famz@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> CC: Stefan Hajnoczi <stefanha@redhat.com> CC: Kevin Wolf <kwolf@redhat.com> Tested-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
2015-11-19snapshot: create bdrv_all_goto_snapshot helperDenis V. Lunev
to switch to snapshot on all loaded block drivers. The patch also ensures proper locking. Signed-off-by: Denis V. Lunev <den@openvz.org> Reviewed-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Fam Zheng <famz@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> CC: Kevin Wolf <kwolf@redhat.com> Tested-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
2015-11-19snapshot: create bdrv_all_delete_snapshot helperDenis V. Lunev
to delete snapshots from all loaded block drivers. The patch also ensures proper locking. Signed-off-by: Denis V. Lunev <den@openvz.org> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Fam Zheng <famz@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> CC: Kevin Wolf <kwolf@redhat.com> Tested-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
2015-11-19snapshot: return error code from bdrv_snapshot_delete_by_id_or_nameDenis V. Lunev
this will make code better in the next patch Signed-off-by: Denis V. Lunev <den@openvz.org> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Fam Zheng <famz@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> CC: Kevin Wolf <kwolf@redhat.com> Tested-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
2015-11-19snapshot: create helper to test that block drivers supports snapshotsDenis V. Lunev
The patch enforces proper locking for this operation. Signed-off-by: Denis V. Lunev <den@openvz.org> Reviewed-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Fam Zheng <famz@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> CC: Kevin Wolf <kwolf@redhat.com> Tested-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
2015-11-18qom: Introduce ObjectPropertyIterator struct for iterationDaniel P. Berrange
Some users of QOM need to be able to iterate over properties defined against an object instance. Currently they are just directly using the QTAIL macros against the object properties data structure. This is bad because it exposes them to changes in the data structure used to store properties, as well as changes in functionality such as ability to register properties against the class. This provides an ObjectPropertyIterator struct which will insulate the callers from the particular data structure used to store properties. It can be used thus ObjectProperty *prop; ObjectPropertyIterator *iter; iter = object_property_iter_init(obj); while ((prop = object_property_iter_next(iter))) { ... do something with prop ... } object_property_iter_free(iter); Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Tested-by: Pavel Fedin <p.fedin@samsung.com> [AF: Fixed examples, style cleanups] Signed-off-by: Andreas Färber <afaerber@suse.de>
2015-11-18qdev: Change Property::offset field to ptrdiff_t typeIldar Isaev
Property::offset field is calculated as a diff between two pointers: arrayprop->prop.offset = eltptr - (void *)dev; If offset is declared as int, this subtraction can cause type overflow, thus leading to failure of the subsequent assertion: assert(qdev_get_prop_ptr(dev, &arrayprop->prop) == eltptr); So ptrdiff_t should be used instead. Signed-off-by: Ildar Isaev <ild@inbox.ru> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Andreas Färber <afaerber@suse.de>
2015-11-18Merge remote-tracking branch 'remotes/jnsnow/tags/ide-pull-request' into stagingPeter Maydell
# gpg: Signature made Tue 17 Nov 2015 20:06:58 GMT using RSA key ID AAFC390E # gpg: Good signature from "John Snow (John Huston) <jsnow@redhat.com>" * remotes/jnsnow/tags/ide-pull-request: ide: enable buffered requests for PIO read requests ide: enable buffered requests for ATAPI devices ide: orphan all buffered requests on DMA cancel ide: add support for IDEBufferedRequest block: add blk_abort_aio_request ide/atapi: make PIO read requests async Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-11-17Merge remote-tracking branch 'remotes/ehabkost/tags/x86-pull-request' into ↵Peter Maydell
staging X86 fixes, 2015-11-17 Two X86 fixes, hopefully in time for -rc1. # gpg: Signature made Tue 17 Nov 2015 19:06:53 GMT using RSA key ID 984DC5A6 # gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>" * remotes/ehabkost/tags/x86-pull-request: target-i386: Disable rdtscp on Opteron_G* CPU models target-i386: Fix mulx for identical target regs Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-11-17block: add blk_abort_aio_requestPeter Lieven
Signed-off-by: Peter Lieven <pl@kamp.de> Reviewed-by: Fam Zheng <famz@redhat.com> Message-id: 1447345846-15624-3-git-send-email-pl@kamp.de Signed-off-by: John Snow <jsnow@redhat.com>
2015-11-17target-i386: Disable rdtscp on Opteron_G* CPU modelsEduardo Habkost
KVM can't virtualize rdtscp on AMD CPUs yet, so there's no point in enabling it by default on AMD CPU models, as all we are getting are confused users because of the "host doesn't support requested feature" warnings. Disable rdtscp on Opteron_G* models, but keep compatibility on pc-*-2.4 and older (just in case there are people are doing funny stuff using AMD CPU models on Intel hosts). Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2015-11-17q35: Check propery to determine if iommu is setBandan Das
The helper function machine_iommu() isn't necesary. We can directly check for the property. Signed-off-by: Bandan Das <bsd@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Bandan Das <bsd@redhat.com>
2015-11-17Merge remote-tracking branch 'remotes/kraxel/tags/pull-vnc-20151116-1' into ↵Peter Maydell
staging vnc: buffer code improvements, bugfixes. # gpg: Signature made Mon 16 Nov 2015 17:20:02 GMT using RSA key ID D3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" * remotes/kraxel/tags/pull-vnc-20151116-1: vnc: fix mismerge buffer: allow a buffer to shrink gracefully buffer: factor out buffer_adj_size buffer: factor out buffer_req_size vnc: recycle empty vs->output buffer vnc: fix local state init vnc: only alloc server surface with clients connected vnc: use vnc_{width,height} in vnc_set_area_dirty vnc: factor out vnc_update_server_surface vnc: add vnc_width+vnc_height helpers vnc: zap dead code vnc-jobs: move buffer reset, use new buffer move vnc: kill jobs queue buffer vnc: attach names to buffers buffer: add tracing buffer: add buffer_shrink buffer: add buffer_move buffer: add buffer_move_empty buffer: add buffer_init buffer: make the Buffer capacity increase in powers of two Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-11-13xen: fix usage of xc_domain_create in domain builderRoger Pau Monne
Due to the addition of HVMlite and the requirement to always provide a valid xc_domain_configuration_t, xc_domain_create now always takes an arch domain config, which can be NULL in order to mimic previous behaviour. Add a small stub called xen_domain_create that encapsulates the correct call to xc_domain_create depending on the libxc version detected. Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2015-11-12hw/misc: Add support for ADC controller in Xilinx Zynq 7000Guenter Roeck
Add support for the Xilinx XADC core used in Zynq 7000. References: - Zynq-7000 All Programmable SoC Technical Reference Manual - 7 Series FPGAs and Zynq-7000 All Programmable SoC XADC Dual 12-Bit 1 MSPS Analog-to-Digital Converter Tested with Linux using QEMU machine xilinx-zynq-a9 with devicetree files zynq-zc702.dtb and zynq-zc706.dtb, and kernel configuration multi_v7_defconfig. Reviewed-by: Alistair Francis <alistair.francis@xilinx.com> Signed-off-by: Guenter Roeck <linux@roeck-us.net> [ PC changes: * Changed macro names to match TRM where possible * Made programmers model macro scheme consistent * Dropped XADC_ZYNQ_ prefix on local macros * Fix ALM field width * Update threshold-comparison interrupts in _update_ints() * factored out DFIFO pushes into helper. Renamed to "push/pop" * Changed xadc_reg to 10 bits and added OOB check. * Reduced scope of MCTL reset to just stop channel coms. * Added dummy read data to write commands * Changed _ to - seperators in string names and filenames * Dropped ------------ in header comment * Catchall'ed _update_ints() in _write handler. * Minor whitespace changes. * Use ZYNQ_XADC_FIFO_DEPTH instead of ARRAY_SIZE() ] Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com> Tested-by: Guenter Roeck <linux@roeck-us.net> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-11-12Merge remote-tracking branch 'remotes/juanquintela/tags/migration/20151112' ↵Peter Maydell
into staging migration/next for 20151112 # gpg: Signature made Thu 12 Nov 2015 16:56:44 GMT using RSA key ID 5872D723 # gpg: Good signature from "Juan Quintela <quintela@redhat.com>" # gpg: aka "Juan Quintela <quintela@trasno.org>" * remotes/juanquintela/tags/migration/20151112: migration_init: Fix lock initialisation/make it explicit migrate-start-postcopy: Improve text Postcopy: Fix TP!=HP zero case Finish non-postcopiable iterative devices before package migration: Make 32bit linux compile with RDMA migration: print ram_addr_t as RAM_ADDR_FMT not %zx Signed-off-by: Peter Maydell <peter.maydell@linaro.org>