aboutsummaryrefslogtreecommitdiff
path: root/include
AgeCommit message (Collapse)Author
2018-07-28qstring: Fix qstring_from_substr() not to provoke int overflowliujunjie
qstring_from_substr() parameters @start and @end are of type int. blkdebug_parse_filename(), blkverify_parse_filename(), nbd_parse_uri(), and qstring_from_str() pass @end values of type size_t or ptrdiff_t. Values exceeding INT_MAX get truncated, with possibly disastrous results. Such huge substrings seem unlikely, but we found one in a core dump, where "info tlb" executed via QMP's human-monitor-command apparently produced 35 GiB of output. Fix by changing the parameters size_t. Signed-off-by: liujunjie <liujunjie23@huawei.com> Message-Id: <20180724134339.17832-1-liujunjie23@huawei.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2018-07-24tests: call qcrypto_init instead of gnutls_global_initDaniel P. Berrangé
Calling qcrypto_init ensures that all relevant initialization is done. In particular this honours the debugging settings and thread settings. Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-07-23monitor: Fix unsafe sharing of @cur_mon among threadsPeter Xu
@cur_mon is null unless the main thread is running monitor code, either HMP code within monitor_read(), or QMP code within monitor_qmp_dispatch(). Use of @cur_mon outside the main thread is therefore unsafe. Most of its uses are in monitor command handlers. These run in the main thread. However, there are also uses hiding elsewhere, such as in error_vprintf(), and thus error_report(), making these functions unsafe outside the main thread. No such unsafe uses are known at this time. Regardless, this is an unnecessary trap. It's an ancient trap, though. More recently, commit cf869d53172 "qmp: support out-of-band (oob) execution" spiced things up: the monitor I/O thread assigns to @cur_mon when executing commands out-of-band. Having two threads save, set and restore @cur_mon without synchronization is definitely unsafe. We can end up with @cur_mon null while the main thread runs monitor code, or non-null while it runs non-monitor code. We could fix this by making the I/O thread not mess with @cur_mon, but that would leave the trap armed and ready. Instead, make @cur_mon thread-local. It's now reliably null unless the thread is running monitor code. Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> [peterx: update subject and commit message written by Markus] Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Peter Xu <peterx@redhat.com> Message-Id: <20180720033451.32710-1-peterx@redhat.com>
2018-07-17Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell
Bug fixes. # gpg: Signature made Tue 17 Jul 2018 16:06:07 BST # gpg: using RSA key BFFBD25F78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini/tags/for-upstream: Document command line options with single dash opts: remove redundant check for NULL parameter i386: only parse the initrd_filename once for multiboot modules i386: fix regression parsing multiboot initrd modules virtio-scsi: fix hotplug ->reset() vs event race qdev: add HotplugHandler->post_plug() callback hw/char/serial: retry write if EAGAIN PC Chipset: Improve serial divisor calculation vhost-user-test: added proper TestServer *dest initialization in test_migrate() hyperv: ensure VP index equal to QEMU cpu_index hyperv: rename vcpu_id to vp_index accel: Fix typo and grammar in comment dump: add kernel_gs_base to QEMU CPU state Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-17hw/display/xlnx_dp: Move problematic code from instance_init to realizePaolo Bonzini
aux_create_slave() calls qdev_init_nofail() which in turn "realizes" the corresponding object. This is unlike qdev_create(), and it is wrong because qdev_init_nofail() must not be called from an instance_init function. Move qdev_init_nofail() and the subsequent aux_map_slave into the caller's realize function. There are two more bugs that needs to be fixed here, too, where the objects are created but not added as children. Therefore when you call object_unparent on them, nothing happens. In particular dpcd and edid give you an infinite loop in bus_unparent, because device_unparent is not called and does not remove them from the list of devices on the bus. Reported-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Thomas Huth <thuth@redhat.com> Message-id: 1531745974-17187-17-git-send-email-thuth@redhat.com [thuth: Added Paolo's fixup for the dpcd and edid unparenting] Signed-off-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-17hw/core/sysbus: Add a function for creating and attaching an objectThomas Huth
A lot of functions are initializing an object and attach it immediately afterwards to the system bus. Provide a common function for this, which also uses object_initialize_child() to make sure that the reference counter is correctly initialized to 1 afterwards. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 1531745974-17187-3-git-send-email-thuth@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-17qom/object: Add a new function object_initialize_child()Thomas Huth
A lot of code is using the object_initialize() function followed by a call to object_property_add_child() to add the newly initialized object as a child of the current object. Both functions increase the reference counter of the new object, but many spots that call these two functions then forget to drop one of the superfluous references. So the newly created object is often not cleaned up correctly when the parent is destroyed. In the worst case, this can cause crashes, e.g. because device objects are not correctly removed from their parent_bus. Since this is a common pattern between many code spots, let's introduce a new function that takes care of calling all three required initialization functions, first object_initialize(), then object_property_add_child() and finally object_unref(). And since the function does a similar job like object_new_with_props(), also allow to set additional properties via varargs, and use user_creatable_complete() to make sure that the functions can be used similarly. And while we're at object.h, also fix some copy-n-paste errors in the comments there ("to store the area" --> "to store the error"). Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Message-id: 1531745974-17187-2-git-send-email-thuth@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-16aspeed: Implement write-1-{set, clear} for AST2500 strappingAndrew Jeffery
The AST2500 SoC family changes the runtime behaviour of the hardware strapping register (SCU70) to write-1-set/write-1-clear, with write-1-clear implemented on the "read-only" SoC revision register (SCU7C). For the the AST2400, the hardware strapping is runtime-configured with read-modify-write semantics. Signed-off-by: Andrew Jeffery <andrew@aj.id.au> Reviewed-by: Joel Stanley <joel@jms.id.au> Message-id: 20180709143524.17480-1-andrew@aj.id.au Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-16qdev: add HotplugHandler->post_plug() callbackStefan Hajnoczi
The ->pre_plug() callback is invoked before the device is realized. The ->plug() callback is invoked when the device is being realized but before it is reset. This patch adds a ->post_plug() callback which is invoked after the device has been reset. This callback is needed by HotplugHandlers that need to wait until after ->reset(). Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20180716083732.3347-2-stefanha@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-07-10block: Use uint64_t for BdrvTrackedRequest byte fieldsFam Zheng
This matches the types used for bytes in the rest parts of block layer. In the case of bdrv_co_truncate, new_bytes can be the image size which probably doesn't fit in a 32 bit int. Signed-off-by: Fam Zheng <famz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-10block: Use BdrvChild to discardFam Zheng
Other I/O functions are already using a BdrvChild pointer in the API, so make discard do the same. It makes it possible to initiate the same permission checks before doing I/O, and much easier to share the helper functions for this, which will be added and used by write, truncate and copy range paths. Signed-off-by: Fam Zheng <famz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-10Revert "block: Remove deprecated -drive geometry options"Cornelia Huck
This reverts commit a7aff6dd10b16b67e8b142d0c94c5d92c3fe88f6. Hold off removing this for one more QEMU release (current libvirt release still uses it.) Signed-off-by: Cornelia Huck <cohuck@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-10Revert "block: Remove deprecated -drive option addr"Cornelia Huck
This reverts commit eae3bd1eb7c6b105d30ec06008b3bc3dfc5f45bb. Reverted to avoid conflicts for geometry options revert. Signed-off-by: Cornelia Huck <cohuck@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-10Revert "block: Remove deprecated -drive option serial"Cornelia Huck
This reverts commit b0083267444a5e0f28391f6c2831a539f878d424. Hold off removing this for one more QEMU release (current libvirt release still uses it.) Signed-off-by: Cornelia Huck <cohuck@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-10block: add BDRV_REQ_SERIALISING flagVladimir Sementsov-Ogievskiy
Serialized writes should be used in copy-on-write of backup(sync=none) for image fleecing scheme. We need to change an assert in bdrv_aligned_pwritev, added in 28de2dcd88de. The assert may fail now, because call to wait_serialising_requests here may become first call to it for this request with serializing flag set. It occurs if the request is aligned (otherwise, we should already set serializing flag before calling bdrv_aligned_pwritev and correspondingly waited for all intersecting requests). However, for aligned requests, we should not care about outdating of previously read data, as there no such data. Therefore, let's just update an assert to not care about aligned requests. Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-10block: split flags in copy_rangeVladimir Sementsov-Ogievskiy
Pass read flags and write flags separately. This is needed to handle coming BDRV_REQ_NO_SERIALISING clearly in following patches. Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-10block/io: fix copy_rangeVladimir Sementsov-Ogievskiy
Here two things are fixed: 1. Architecture On each recursion step, we go to the child of src or dst, only for one of them. So, it's wrong to create tracked requests for both on each step. It leads to tracked requests duplication. 2. Wait for serializing requests on write path independently of BDRV_REQ_NO_SERIALISING Before commit 9ded4a01149 "backup: Use copy offloading", BDRV_REQ_NO_SERIALISING was used for only one case: read in copy-on-write operation during backup. Also, the flag was handled only on read path (in bdrv_co_preadv and bdrv_aligned_preadv). After 9ded4a01149, flag is used for not waiting serializing operations on backup target (in same case of copy-on-write operation). This behavior change is unsubstantiated and potentially dangerous, let's drop it and add additional asserts and documentation. Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-10block: Poll after drain on attaching a nodeKevin Wolf
Commit dcf94a23b1 ('block: Don't poll in parent drain callbacks') removed polling in bdrv_child_cb_drained_begin() on the grounds that the original bdrv_drain() already will poll and BdrvChildRole.drained_begin calls must not cause graph changes (and therefore must not call aio_poll() or the recursion through the graph will break. This reasoning is correct for calls through bdrv_do_drained_begin(). However, BdrvChildRole.drained_begin is also called when a node that is already in a drained section (i.e. bdrv_do_drained_begin() has already returned and therefore can't poll any more) is attached to a new parent. In this case, we must explicitly poll to have all requests completed before the drained new child can be attached to the parent. In bdrv_replace_child_noperm(), we know that we're not inside the recursion of bdrv_do_drained_begin() because graph changes are not allowed there, and bdrv_replace_child_noperm() is a graph change. The call of BdrvChildRole.drained_begin() must therefore be followed by a BDRV_POLL_WHILE() that waits for the completion of requests. Reported-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-09Merge remote-tracking branch 'remotes/ehabkost/tags/x86-next-pull-request' ↵Peter Maydell
into staging x86 fix for -rc0 * Fix EPYC-IBPB compat code # gpg: Signature made Mon 09 Jul 2018 18:21:27 BST # gpg: using RSA key 2807936F984DC5A6 # gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>" # Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF D1AA 2807 936F 984D C5A6 * remotes/ehabkost/tags/x86-next-pull-request: pc: Fix typo on PC_COMPAT_2_12 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-09pc: Fix typo on PC_COMPAT_2_12Eduardo Habkost
I forgot a hyphen when amending the compat code on commit e0051647 ("i386: Enable TOPOEXT feature on AMD EPYC CPU"). Fixes: e00516475c270dcb6705753da96063f95699abf2 Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Message-Id: <20180703011026.18650-1-ehabkost@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2018-07-09boards.h: Remove doc comment reference to nonexistent functionPeter Maydell
commit b08199c6fbea1 accidentally added a reference to a doc comment to a nonexistent memory_region_allocate_aux_memory(). This was a leftover from a previous version of the patchset which defined memory_region_allocate_aux_memory() for "allocate RAM MemoryRegion and register it for migration" and left "memory_region_init_ram()" with its original semantics of "allocate RAM MR but do not register for migration". In the end we decided on the approach of "memory_region_init_ram() registers the MR for migration, and memory_region_init_ram_nomigrate() is a new function which does not", but this comment change got left in by mistake. Revert that part of the commit. Reported-by: Thomas Huth <huth@tuxfamily.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20180702130605.13611-1-peter.maydell@linaro.org
2018-07-09ptimer: Add TRIGGER_ONLY_ON_DECREMENT policy optionPeter Maydell
The CMSDK timer behaviour is that an interrupt is triggered when the counter counts down from 1 to 0; however one is not triggered if the counter is manually set to 0 by a guest write to the counter register. Currently ptimer can't handle this; add a policy option to allow a ptimer user to request this behaviour. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Guenter Roeck <linux@roeck-us.net> Message-id: 20180703171044.9503-2-peter.maydell@linaro.org
2018-07-09hw/arm/smmu-common: Fix devfn computation in smmu_iommu_mrEric Auger
smmu_iommu_mr() aims at returning the IOMMUMemoryRegion corresponding to a given sid. The function extracts both the PCIe bus number and the devfn to return this data. Current computation of devfn is wrong as it only returns the PCIe function instead of slot | function. Fixes 32cfd7f39e08 ("hw/arm/smmuv3: Cache/invalidate config data") Signed-off-by: Eric Auger <eric.auger@redhat.com> Message-id: 1530775623-32399-1-git-send-email-eric.auger@redhat.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-05hw/riscv/sifive_u: Connect the Cadence GEM Ethernet deviceAlistair Francis
Connect the Cadence GEM ethernet device. This also requires us to expose the plic interrupt lines. Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Michael Clark <mjc@sifive.com>
2018-07-05hw/riscv/sifive_plic: Use gpios instead of irqsAlistair Francis
Instead of creating the interrupt in lines with qemu_allocate_irq() use qdev_init_gpio_in() as this gives us the ability to use the qdev*gpio*() helpers later on. Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Suggested-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Michael Clark <mjc@sifive.com>
2018-07-05hw/riscv/sifive_e: Create a SiFive E SoC objectAlistair Francis
Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Michael Clark <mjc@sifive.com>
2018-07-05hw/riscv/sifive_u: Create a SiFive U SoC objectAlistair Francis
Create a SiFive Unleashed U54 SoC and use that in the sifive_u machine. We leave the SoC, RAM, device tree and reset/fdt loading as part of the machine. All the other device creation has been moved to the SoC. Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Michael Clark <mjc@sifive.com>
2018-07-05Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into stagingPeter Maydell
Block layer patches: - qcow2: Use worker threads for compression to improve performance of 'qemu-img convert -W' and compressed backup jobs - blklogwrites: New filter driver to log write requests to an image in the dm-log-writes format - file-posix: Fix image locking during image creation - crypto: Fix memory leak in error path - Error out instead of silently truncating node names # gpg: Signature made Thu 05 Jul 2018 11:24:33 BST # gpg: using RSA key 7F09B272C88F2FD6 # gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" # Primary key fingerprint: DC3D EB15 9A9A F95D 3D74 56FE 7F09 B272 C88F 2FD6 * remotes/kevin/tags/for-upstream: file-posix: Unlock FD after creation file-posix: Fix creation locking block/blklogwrites: Add an option for the update interval of the log superblock block/blklogwrites: Add an option for appending to an old log block/blklogwrites: Change log_sector_size from int64_t to uint64_t block/crypto: Fix memory leak in create error path block: Don't silently truncate node names block: Add blklogwrites block: Move two block permission constants to the relevant enum qcow2: add compress threads qcow2: refactor data compression qemu-img: allow compressed not-in-order writes Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-05Merge remote-tracking branch 'remotes/jnsnow/tags/bitmaps-pull-request' into ↵Peter Maydell
staging Pull request # gpg: Signature made Wed 04 Jul 2018 07:33:42 BST # gpg: using RSA key 7DEF8106AAFC390E # gpg: Good signature from "John Snow (John Huston) <jsnow@redhat.com>" # Primary key fingerprint: FAEB 9711 A12C F475 812F 18F2 88A9 064D 1835 61EB # Subkey fingerprint: F9B7 ABDB BCAC DF95 BE76 CBD0 7DEF 8106 AAFC 390E * remotes/jnsnow/tags/bitmaps-pull-request: dirty-bitmap: fix double lock on bitmap enabling block/dirty-bitmap: add bdrv_enable_dirty_bitmap_locked Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-05Merge remote-tracking branch ↵Peter Maydell
'remotes/armbru/tags/pull-monitor-2018-07-03-v2' into staging Monitor patches for 2018-07-03 # gpg: Signature made Tue 03 Jul 2018 22:20:13 BST # gpg: using RSA key 3870B400EB918653 # gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" # gpg: aka "Markus Armbruster <armbru@pond.sub.org>" # Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653 * remotes/armbru/tags/pull-monitor-2018-07-03-v2: (32 commits) qapi: Polish command flags documentation in qapi-code-gen.txt monitor: Improve some comments qmp: Clean up capability negotiation after commit 02130314d8c qobject: Let qobject_from_jsonf() fail instead of abort qmp: Switch timestamp_put() to qdict_from_jsonf_nofail() qmp: Add some comments around null responses qmp: Simplify monitor_qmp_respond() qmp: Replace get_qmp_greeting() by qmp_greeting() qmp: Replace monitor_json_emitter{,raw}() by qmp_{queue,send}_response() qmp: Use QDict * instead of QObject * for response objects qmp: De-duplicate error response building qobject: New qdict_from_jsonf_nofail() monitor: Peel off @mon_global wrapper monitor: Rename use_io_thr to use_io_thread qmp: Don't let JSON errors jump the queue qmp: Don't let malformed in-band commands jump the queue tests/qmp-test: Demonstrate QMP errors jumping the queue qmp: Simplify code around monitor_qmp_dispatch_one() qmp: Always free QMPRequest with qmp_request_free() qmp: Revert change to handle_qmp_command tracepoint ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-05block: Move two block permission constants to the relevant enumAri Sundholm
This allows using the two constants outside of block.c, which will happen in a subsequent patch. Signed-off-by: Ari Sundholm <ari@tuxera.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-04block/dirty-bitmap: add bdrv_enable_dirty_bitmap_lockedVladimir Sementsov-Ogievskiy
Add _locked version of bdrv_enable_dirty_bitmap, to fix dirty bitmap migration in the following patch. Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Message-id: 20180625165745.25259-2-vsementsov@virtuozzo.com Signed-off-by: John Snow <jsnow@redhat.com>
2018-07-03Merge remote-tracking branch ↵Peter Maydell
'remotes/berrange/tags/qcrypto-next-pull-request' into staging Add support for PSK credentials with TLS # gpg: Signature made Tue 03 Jul 2018 13:04:51 BST # gpg: using RSA key BE86EBB415104FDF # gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" # gpg: aka "Daniel P. Berrange <berrange@redhat.com>" # Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF * remotes/berrange/tags/qcrypto-next-pull-request: crypto: Implement TLS Pre-Shared Keys (PSK). Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-03qmp: Use QDict * instead of QObject * for response objectsMarkus Armbruster
By using the more specific type, we get fewer downcasts. The downcasts are safe, but not obviously so, at least not locally. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Message-Id: <20180703085358.13941-24-armbru@redhat.com>
2018-07-03qmp: De-duplicate error response buildingMarkus Armbruster
All callers of qmp_build_error_object() duplicate the code to wrap it in a response object. Replace it by qmp_error_response() that captures the duplicated code, including error_free(). Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Message-Id: <20180703085358.13941-23-armbru@redhat.com>
2018-07-03qobject: New qdict_from_jsonf_nofail()Markus Armbruster
Many uses of qobject_from_jsonf() convert JSON objects. Create new convenience function qdict_from_jsonf_nofail() that includes the conversion to QDict. The next few commits will put it to use. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Message-Id: <20180703085358.13941-22-armbru@redhat.com>
2018-07-03qmp: Don't let malformed in-band commands jump the queueMarkus Armbruster
handle_qmp_command() reports certain errors right away. This is wrong when OOB is enabled, because the errors can "jump the queue" then, as the previous commit demonstrates. To fix, we need to delay errors until dispatch. Do that for semantic errors, mostly by reverting ill-advised parts of commit cf869d53172 "qmp: support out-of-band (oob) execution". Bonus: doesn't run qmp_dispatch_check_obj() twice, once in handle_qmp_command(), and again in do_qmp_dispatch(). That's also due to commit cf869d53172. The next commit will fix queue jumping for syntax errors. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Message-Id: <20180703085358.13941-18-armbru@redhat.com>
2018-07-03qmp qemu-ga: Fix qemu-ga not to accept "control"Markus Armbruster
Commit cf869d53172 "qmp: support out-of-band (oob) execution" accidentally made qemu-ga accept and ignore "control". Fix that. Out-of-band execution in a monitor that doesn't support it now fails with {"error": {"class": "GenericError", "desc": "QMP input member 'control' is unexpected"}} instead of {"error": {"class": "GenericError", "desc": "Please enable out-of-band first for the session during capabilities negotiation"}} The old description is suboptimal when out-of-band cannot not be enabled, or the command doesn't support out-of-band execution. The new description is a bit unspecific, but it'll do. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Message-Id: <20180703085358.13941-12-armbru@redhat.com>
2018-07-03Merge remote-tracking branch 'remotes/kraxel/tags/vga-20180703-pull-request' ↵Peter Maydell
into staging vga: disable global_vmstate, virtio-gpu scanout tracking fixes. # gpg: Signature made Tue 03 Jul 2018 10:44:56 BST # gpg: using RSA key 4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/vga-20180703-pull-request: vga: disable global_vmstate for 3.0+ machine types virtio-gpu: disable scanout when backing resource is destroyed virtio-gpu: update old resource too. virtio-gpu: tweak scanout disable. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> # Conflicts: # hw/display/qxl.c # hw/display/vga-isa-mm.c
2018-07-03Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-3.0-20180703' ↵Peter Maydell
into staging ppc patch queue 2018-07-03 Here's a last minue pull request before today's soft freeze. Ideally I would have sent this earlier, but I was waiting for a couple of extra fixes I knew were close. And the freeze crept up on me, like always. Most of the changes here are bugfixes in any case. There are some cleanups as well, which have been in my staging tree for a little while. There are a couple of truly new features (some extensions to the sam460ex platform), but these are low risk, since they only affect a new and not really stabilized machine type anyway. Higlights are: * Mac platform improvements from Mark Cave-Ayland * Sam460ex improvements from BALATON Zoltan et al. * XICS interrupt handler cleanups from Cédric Le Goater * TCG improvements for atomic loads and stores from Richard Henderson * Assorted other bugfixes # gpg: Signature made Tue 03 Jul 2018 06:55:22 BST # gpg: using RSA key 6C38CACA20D9B392 # gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>" # gpg: aka "David Gibson (Red Hat) <dgibson@redhat.com>" # gpg: aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>" # gpg: aka "David Gibson (kernel.org) <dwg@kernel.org>" # Primary key fingerprint: 75F4 6586 AE61 A66C C44E 87DC 6C38 CACA 20D9 B392 * remotes/dgibson/tags/ppc-for-3.0-20180703: (35 commits) ppc: Include vga cirrus card into the compiling process target/ppc: Relax reserved bitmask of indexed store instructions target/ppc: set is_jmp on ppc_tr_breakpoint_check spapr: compute default value of "hpt-max-page-size" later target/ppc/kvm: don't pass cpu to kvm_get_smmu_info() target/ppc/kvm: get rid of kvm_get_fallback_smmu_info() ppc440_uc: Basic emulation of PPC440 DMA controller sam460ex: Add RTC device hw/timer: Add basic M41T80 emulation ppc4xx_i2c: Rewrite to model hardware more closely hw/ppc: Give sam46ex its own config option fpu_helper.c: fix setting FPSCR[FI] bit target/ppc: Implement the rest of gen_st_atomic target/ppc: Implement the rest of gen_ld_atomic target/ppc: Use atomic min/max helpers target/ppc: Use MO_ALIGN for EXIWX and ECOWX target/ppc: Split out gen_st_atomic target/ppc: Split out gen_ld_atomic target/ppc: Split out gen_load_locked target/ppc: Tidy gen_conditional_store ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org> # Conflicts: # hw/ppc/spapr.c
2018-07-03crypto: Implement TLS Pre-Shared Keys (PSK).Richard W.M. Jones
Pre-Shared Keys (PSK) is a simpler mechanism for enabling TLS connections than using certificates. It requires only a simple secret key: $ mkdir -m 0700 /tmp/keys $ psktool -u rjones -p /tmp/keys/keys.psk $ cat /tmp/keys/keys.psk rjones:d543770c15ad93d76443fb56f501a31969235f47e999720ae8d2336f6a13fcbc The key can be secretly shared between clients and servers. Clients must specify the directory containing the "keys.psk" file and a username (defaults to "qemu"). Servers must specify only the directory. Example NBD client: $ qemu-img info \ --object tls-creds-psk,id=tls0,dir=/tmp/keys,username=rjones,endpoint=client \ --image-opts \ file.driver=nbd,file.host=localhost,file.port=10809,file.tls-creds=tls0,file.export=/ Example NBD server using qemu-nbd: $ qemu-nbd -t -x / \ --object tls-creds-psk,id=tls0,endpoint=server,dir=/tmp/keys \ --tls-creds tls0 \ image.qcow2 Example NBD server using nbdkit: $ nbdkit -n -e / -fv \ --tls=on --tls-psk=/tmp/keys/keys.psk \ file file=disk.img Signed-off-by: Richard W.M. Jones <rjones@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-07-03Merge remote-tracking branch 'remotes/cody/tags/block-pull-request' into stagingPeter Maydell
# gpg: Signature made Tue 03 Jul 2018 04:42:11 BST # gpg: using RSA key BDBE7B27C0DE3057 # gpg: Good signature from "Jeffrey Cody <jcody@redhat.com>" # gpg: aka "Jeffrey Cody <jeff@codyprime.org>" # gpg: aka "Jeffrey Cody <codyprime@gmail.com>" # Primary key fingerprint: 9957 4B4D 3474 90E7 9D98 D624 BDBE 7B27 C0DE 3057 * remotes/cody/tags/block-pull-request: backup: Use copy offloading block: Honour BDRV_REQ_NO_SERIALISING in copy range block: Fix parameter checking in bdrv_co_copy_range_internal Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-03Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2018-07-02' into ↵Peter Maydell
staging nbd patches for 2018-07-02 Bug fixes and iotest exposure of fleecing via NBD (serving a read-only point-in-time view via blockdev-backup sync:none, as well as serving dirty bitmaps over NBD), including a new x-dirty-bitmap parameter when opening NBD clients as the counterpart to x-nbd-server-add-bitmap. Also a random fix for iscsi block_status spotted by Coverity that missed other miscellaneous trees. - Eric Blake: nbd/server: Fix dirty bitmap logic regression - Eric Blake: iscsi: Avoid potential for get_status overflow - John Snow/Vladimir Sementsov-Ogievskiy: 0/2 block: formalize and test fleecing - Eric Blake: 0/2 test NBD bitmap export # gpg: Signature made Tue 03 Jul 2018 02:33:03 BST # gpg: using RSA key A7A16B4A2527436A # gpg: Good signature from "Eric Blake <eblake@redhat.com>" # gpg: aka "Eric Blake (Free Software Programmer) <ebb9@byu.net>" # gpg: aka "[jpeg image of size 6874]" # Primary key fingerprint: 71C2 CC22 B1C4 6029 27D2 F3AA A7A1 6B4A 2527 436A * remotes/ericb/tags/pull-nbd-2018-07-02: iotests: New test 223 for exporting dirty bitmap over NBD nbd/client: Add x-dirty-bitmap to query bitmap from server iotests: add 222 to test basic fleecing blockdev: enable non-root nodes for backup source iscsi: Avoid potential for get_status overflow nbd/server: Fix dirty bitmap logic regression Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-03vga: disable global_vmstate for 3.0+ machine typesGerd Hoffmann
Move global_vmstate from vga_common_init() parameter to VGACommonState field. Set global_vmstate to true for isa vga devices, so nothing changes here. virtio-vga and secondary-vga already set global_vmstate to false so no change here either. All other pci vga devices get a new global-vmstate property, defaulting to false. A compat property flips it to true for older machine types. With this in place you don't get a vmstate section naming conflict any more when adding multiple pci vga devices to your vm. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-Id: <20180702163345.17892-1-kraxel@redhat.com>
2018-07-02block: Honour BDRV_REQ_NO_SERIALISING in copy rangeFam Zheng
This semantics is needed by drive-backup so implement it before using this API there. Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Fam Zheng <famz@redhat.com> Message-id: 20180703023758.14422-3-famz@redhat.com Signed-off-by: Jeff Cody <jcody@redhat.com>
2018-07-03ppc4xx_i2c: Rewrite to model hardware more closelyBALATON Zoltan
Rewrite to make it closer to how real device works so that guest OS drivers can access I2C devices. Previously this was only a hack to allow U-Boot to get past accessing SPD EEPROMs but to support other I2C devices and allow guests to access them we need to model real device more properly. Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Reviewed-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-07-03ppx/xics: introduce a parent_reset in ICSStateClassCédric Le Goater
Just like for the realize handlers, this makes possible to move the common ICSState code of the reset handlers in the ics-base class. Signed-off-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-07-03ppc/xics: introduce a parent_realize in ICSStateClassCédric Le Goater
This makes possible to move the common ICSState code of the realize handlers in the ics-base class. Signed-off-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-07-03ppc/xics: introduce ICP DeviceRealize and DeviceReset handlersCédric Le Goater
This changes the ICP realize and reset handlers in DeviceRealize and DeviceReset handlers. parent handlers are now called from the inheriting classes which is a cleaner object pattern. Signed-off-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-07-02nbd/client: Add x-dirty-bitmap to query bitmap from serverEric Blake
In order to test that the NBD server is properly advertising dirty bitmaps, we need a bare minimum client that can request and read the context. Since feature freeze for 3.0 is imminent, this is the smallest workable patch, which replaces the qemu block status report with the results of the NBD server's dirty bitmap (making it very easy to use 'qemu-img map --output=json' to learn where the dirty portions are). Note that the NBD protocol defines a dirty section with the same bit but opposite sense that normal "base:allocation" uses to report an allocated section; so in qemu-img map output, "data":true corresponds to clean, "data":false corresponds to dirty. A more complete solution that allows dirty bitmaps to be queried at the same time as normal block status will be required before this addition can lose the x- prefix. Until then, the fact that this replaces normal status with dirty status means actions like 'qemu-img convert' will likely misbehave due to treating dirty regions of the file as if they are unallocated. The next patch adds an iotest to exercise this new code. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <20180702191458.28741-2-eblake@redhat.com>