aboutsummaryrefslogtreecommitdiff
path: root/qapi
AgeCommit message (Collapse)Author
2016-02-19qapi: Don't box branches of flat unionsEric Blake
There's no reason to do two malloc's for a flat union; let's just inline the branch struct directly into the C union branch of the flat union. Surprisingly, fewer clients were actually using explicit references to the branch types in comparison to the number of flat unions thus modified. This lets us reduce the hack in qapi-types:gen_variants() added in the previous patch; we no longer need to distinguish between alternates and flat unions. The change to unboxed structs means that u.data (added in commit cee2dedb) is now coincident with random fields of each branch of the flat union, whereas beforehand it was only coincident with pointers (since all branches of a flat union have to be objects). Note that this was already the case for simple unions - but there we got lucky. Remember, visit_start_union() blindly returns true for all visitors except for the dealloc visitor, where it returns the value !!obj->u.data, and that this result then controls whether to proceed with the visit to the variant. Pre-patch, this meant that flat unions were testing whether the boxed pointer was still NULL, and thereby skipping visit_end_implicit_struct() and avoiding a NULL dereference if the pointer had not been allocated. The same was true for simple unions where the current branch had pointer type, except there we bypassed visit_type_FOO(). But for simple unions where the current branch had scalar type, the contents of that scalar meant that the decision to call visit_type_FOO() was data-dependent - the reason we got lucky there is that visit_type_FOO() for all scalar types in the dealloc visitor is a no-op (only the pointer variants had anything to free), so it did not matter whether the dealloc visit was skipped. But with this patch, we would risk leaking memory if we could skip a call to visit_type_FOO_fields() based solely on a data-dependent decision. But notice: in the dealloc visitor, visit_type_FOO() already handles a NULL obj - it was only the visit_type_implicit_FOO() that was failing to check for NULL. And now that we have refactored things to have the branch be part of the parent struct, we no longer have a separate pointer that can be NULL in the first place. So we can just delete the call to visit_start_union() altogether, and blindly visit the branch type; there is no change in behavior except to the dealloc visitor, where we now unconditionally visit the branch, but where that visit is now always safe (for a flat union, we can no longer dereference NULL, and for a simple union, visit_type_FOO() was already safely handling NULL on pointer types). Unfortunately, simple unions are not as easy to switch to unboxed layout; because we are special-casing the hidden implicit type with a single 'data' member, we really DO need to keep calling another layer of visit_start_struct(), with a second malloc; although there are some cleanups planned for simple unions in later patches. visit_start_union() and gen_visit_implicit_struct() are now unused. Drop them. Note that after this patch, the only remaining use of visit_start_implicit_struct() is for alternate types; the next patch will do further cleanup based on that fact. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1455778109-6278-14-git-send-email-eblake@redhat.com> [Dead code deletion squashed in, commit message updated accordingly] Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-02-19qapi: Adjust layout of FooList typesEric Blake
By sticking the next pointer first, we don't need a union with 64-bit padding for smaller types. On 32-bit platforms, this can reduce the size of uint8List from 16 bytes (or 12, depending on whether 64-bit ints can tolerate 4-byte alignment) down to 8. It has no effect on 64-bit platforms (where alignment still dictates a 16-byte struct); but fewer anonymous unions is still a win in my book. It requires visit_next_list() to gain a size parameter, to know what size element to allocate; comparable to the size parameter of visit_start_struct(). I debated about going one step further, to allow for fewer casts, by doing: typedef GenericList GenericList; struct GenericList { GenericList *next; }; struct FooList { GenericList base; Foo *value; }; so that you convert to 'GenericList *' by '&foolist->base', and back by 'container_of(generic, GenericList, base)' (as opposed to the existing '(GenericList *)foolist' and '(FooList *)generic'). But doing that would require hoisting the declaration of GenericList prior to inclusion of qapi-types.h, rather than its current spot in visitor.h; it also makes iteration a bit more verbose through 'foolist->base.next' instead of 'foolist->next'. Note that for lists of objects, the 'value' payload is still hidden behind a boxed pointer. Someday, it would be nice to do: struct FooList { FooList *next; Foo value; }; for one less level of malloc for each list element. This patch is a step in that direction (now that 'next' is no longer at a fixed non-zero offset within the struct, we can store more than just a pointer's-worth of data as the value payload), but the actual conversion would be a task for another series, as it will touch a lot of code. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1455778109-6278-10-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-02-19qapi: Simplify excess input reporting in input visitorsEric Blake
When reporting that an unvisited member remains at the end of an input visit for a struct, we were using g_hash_table_find() coupled with a callback function that always returns true, to locate an arbitrary member of the hash table. But if all we need is an arbitrary entry, we can get that from a single-use iterator, without needing a tautological callback function. Technically, our cast of &(GQueue *) to (void **) is not strict C (while void * must be able to hold all other pointers, nothing says a void ** has to be the same width or representation as a GQueue **). The kosher way to write it would be the verbose: void *tmp; GQueue *any; if (g_hash_table_iter_next(&iter, NULL, &tmp)) { any = tmp; But our code base (not to mention glib itself) already has other cases of assuming that ALL pointers have the same width and representation, where a compiler would have to go out of its way to mis-compile our borderline behavior. Suggested-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Eric Blake <eblake@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <1455778109-6278-2-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-02-16nbd: enable use of TLS with nbd-server-start commandDaniel P. Berrange
This modifies the nbd-server-start QMP command so that it is possible to request use of TLS. This is done by adding a new optional parameter "tls-creds" which provides the ID of a previously created QCryptoTLSCreds object instance. TLS is only supported when using an IPv4/IPv6 socket listener. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Message-Id: <1455129674-17255-17-git-send-email-berrange@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-02-08qmp: Don't abuse stack to track qmp-output rootEric Blake
The previous commit documented an inconsistency in how we are using the stack of qmp-output-visitor. Normally, pushing a single top-level object puts the object on the stack twice: once as the root, and once as the current container being appended to; but popping that struct only pops once. However, qmp_ouput_add() was trying to either set up the added object as the new root (works if you parse two top-level scalars in a row: the second replaces the first as the root) or as a member of the current container (works as long as you have an open container on the stack; but if you have popped the first top-level container, it then resolves to the root and still tries to add into that existing container). Fix the stupidity by not tracking two separate things in the stack. Drop the now-useless qmp_output_first() and qmp_output_last() while at it. Saved for a later patch: we still are rather sloppy in that qmp_output_get_object() can be called in the middle of a parse, rather than requiring that a visit is complete. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1454075341-13658-26-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-02-08qmp: Fix reference-counting of qnull on empty output visitEric Blake
Commit 6c2f9a15 ensured that we would not return NULL when the caller used an output visitor but had nothing to visit. But in doing so, it added a FIXME about a reference count leak that could abort qemu in the (unlikely) case of SIZE_MAX such visits (more plausible on 32-bit). (Although that commit suggested we might fix it in time for 2.5, we ran out of time; fortunately, it is unlikely enough to bite that it was not worth worrying about during the 2.5 release.) This fixes things by documenting the internal contracts, and explaining why the internal function can return NULL and only the public facing interface needs to worry about qnull(), thus avoiding over-referencing the qnull_ global object. It does not, however, fix the stupidity of the stack mixing up two separate pieces of information; add a FIXME to explain that issue, which will be fixed shortly in a future patch. Signed-off-by: Eric Blake <eblake@redhat.com> Cc: qemu-stable@nongnu.org Message-Id: <1454075341-13658-25-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-02-08qapi: Drop unused error argument for list and implicit structEric Blake
No backend was setting an error when ending the visit of a list or implicit struct, or when moving to the next list node. Make the callers a bit easier to follow by making this a part of the contract, and removing the errp argument - callers can then unconditionally end an object as part of cleanup without having to think about whether a second error is dominated by a first, because there is no second error. A later patch will then tackle the larger task of splitting visit_end_struct(), which can indeed set an error. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1454075341-13658-24-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-02-08qapi: Tighten qmp_input_end_list()Eric Blake
The only way that qmp_input_pop() will set errp is if a dictionary was the most recent thing pushed. Since we don't have any push(struct)/pop(list) or push(list)/pop(struct) mismatches (such a mismatch is a programming bug), we therefore cannot set errp inside qmp_input_end_list(). Make this obvious by using &error_abort. A later patch will then remove the errp parameter of qmp_input_pop(), but that will first require the larger task of splitting visit_end_struct(). Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1454075341-13658-23-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-02-08qapi: Drop unused 'kind' for struct/enum visitEric Blake
visit_start_struct() and visit_type_enum() had a 'kind' argument that was usually set to either the stringized version of the corresponding qapi type name, or to NULL (although some clients didn't even get that right). But nothing ever used the argument. It's even hard to argue that it would be useful in a debugger, as a stack backtrace also tells which type is being visited. Therefore, drop the 'kind' argument as dead. Signed-off-by: Eric Blake <eblake@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <1454075341-13658-22-git-send-email-eblake@redhat.com> [Harmless rebase mistake cleaned up] Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-02-08qapi: Swap 'name' in visit_* callbacks to match public APIEric Blake
As explained in the previous patches, matching argument order of 'name, &value' to JSON's "name":value makes sense. However, while the last two patches were easy with Coccinelle, I ended up doing this one all by hand. Now all the visitor callbacks match the main interface. The compiler is able to enforce that all clients match the changed interface in visitor-impl.h, even where two pointers are being swapped, because only one of the two pointers is const (if that were not the case, then C's looseness on treating 'char *' like 'void *' would have made review a bit harder). Signed-off-by: Eric Blake <eblake@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <1454075341-13658-21-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-02-08qapi: Swap visit_* arguments for consistent 'name' placementEric Blake
JSON uses "name":value, but many of our visitor interfaces were called with visit_type_FOO(v, &value, name, errp). This can be a bit confusing to have to mentally swap the parameter order to match JSON order. It's particularly bad for visit_start_struct(), where the 'name' parameter is smack in the middle of the otherwise-related group of 'obj, kind, size' parameters! It's time to do a global swap of the parameter ordering, so that the 'name' parameter is always immediately after the Visitor argument. Additional reason in favor of the swap: the existing include/qjson.h prefers listing 'name' first in json_prop_*(), and I have plans to unify that file with the qapi visitors; listing 'name' first in qapi will minimize churn to the (admittedly few) qjson.h clients. Later patches will then fix docs, object.h, visitor-impl.h, and those clients to match. Done by first patching scripts/qapi*.py by hand to make generated files do what I want, then by running the following Coccinelle script to affect the rest of the code base: $ spatch --sp-file script `git grep -l '\bvisit_' -- '**/*.[ch]'` I then had to apply some touchups (Coccinelle insisted on TAB indentation in visitor.h, and botched the signature of visit_type_enum() by rewriting 'const char *const strings[]' to the syntactically invalid 'const char*const[] strings'). The movement of parameters is sufficient to provoke compiler errors if any callers were missed. // Part 1: Swap declaration order @@ type TV, TErr, TObj, T1, T2; identifier OBJ, ARG1, ARG2; @@ void visit_start_struct -(TV v, TObj OBJ, T1 ARG1, const char *name, T2 ARG2, TErr errp) +(TV v, const char *name, TObj OBJ, T1 ARG1, T2 ARG2, TErr errp) { ... } @@ type bool, TV, T1; identifier ARG1; @@ bool visit_optional -(TV v, T1 ARG1, const char *name) +(TV v, const char *name, T1 ARG1) { ... } @@ type TV, TErr, TObj, T1; identifier OBJ, ARG1; @@ void visit_get_next_type -(TV v, TObj OBJ, T1 ARG1, const char *name, TErr errp) +(TV v, const char *name, TObj OBJ, T1 ARG1, TErr errp) { ... } @@ type TV, TErr, TObj, T1, T2; identifier OBJ, ARG1, ARG2; @@ void visit_type_enum -(TV v, TObj OBJ, T1 ARG1, T2 ARG2, const char *name, TErr errp) +(TV v, const char *name, TObj OBJ, T1 ARG1, T2 ARG2, TErr errp) { ... } @@ type TV, TErr, TObj; identifier OBJ; identifier VISIT_TYPE =~ "^visit_type_"; @@ void VISIT_TYPE -(TV v, TObj OBJ, const char *name, TErr errp) +(TV v, const char *name, TObj OBJ, TErr errp) { ... } // Part 2: swap caller order @@ expression V, NAME, OBJ, ARG1, ARG2, ERR; identifier VISIT_TYPE =~ "^visit_type_"; @@ ( -visit_start_struct(V, OBJ, ARG1, NAME, ARG2, ERR) +visit_start_struct(V, NAME, OBJ, ARG1, ARG2, ERR) | -visit_optional(V, ARG1, NAME) +visit_optional(V, NAME, ARG1) | -visit_get_next_type(V, OBJ, ARG1, NAME, ERR) +visit_get_next_type(V, NAME, OBJ, ARG1, ERR) | -visit_type_enum(V, OBJ, ARG1, ARG2, NAME, ERR) +visit_type_enum(V, NAME, OBJ, ARG1, ARG2, ERR) | -VISIT_TYPE(V, OBJ, NAME, ERR) +VISIT_TYPE(V, NAME, OBJ, ERR) ) Signed-off-by: Eric Blake <eblake@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <1454075341-13658-19-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-02-08qapi: Consolidate visitor small integer callbacksEric Blake
Commit 4e27e819 introduced optional visitor callbacks for all sorts of int types, but no visitor has supplied any of the callbacks for sizes less than 64 bits. In other words, the generic implementation based on using type_[u]int64() followed by bounds-checking works just fine. In the interest of simplicity, it's easier to make the visitor callback interface not have to worry about the other sizes. Adding some helper functions minimizes the boilerplate required to correct FIXMEs added earlier with regards to questionable reuse of errp, particularly now that we can guarantee from a single file audit that value is unchanged if an error is set. Signed-off-by: Eric Blake <eblake@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <1454075341-13658-16-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-02-08qapi: Make all visitors supply uint64 callbacksEric Blake
Our qapi visitor contract supports multiple integer visitors, but left the type_uint64 visitor as optional (falling back on type_int64); which in turn can lead to awkward behavior with numbers larger than INT64_MAX (the user has to be aware of twos complement, and deal with negatives). This patch does not address the disparity in handling large values as negatives. It merely moves the fallback from uint64 to int64 from the visitor core to the visitors, where the issue can actually be fixed, by implementing the missing type_uint64() callbacks on top of the respective type_int64() callbacks, and with a FIXME comment explaining why that's wrong. With that done, we now have a type_uint64() callback in every driver, so we can make it mandatory from the core. And although the type_int64() callback can cover the entire valid range of type_uint{8,16,32} on valid user input, using type_uint64() to avoid mixed signedness makes more sense. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1454075341-13658-15-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-02-08qapi: Prefer type_int64 over type_int in visitorsEric Blake
The qapi builtin type 'int' is basically shorthand for the type 'int64'. In fact, since no visitor was providing the optional type_int64() callback, visit_type_int64() was just always falling back to type_int(), cementing the equivalence between the types. However, some visitors are providing a type_uint64() callback. For purposes of code consistency, it is nicer if all visitors use the paired type_int64/type_uint64 names rather than the mismatched type_int/type_uint64. So this patch just renames the signed int callbacks in place, dropping the type_int() callback as redundant, and a later patch will focus on the unsigned int callbacks. Add some FIXMEs to questionable reuse of errp in code touched by the rename, while at it (the reuse works as long as the callbacks don't modify value when setting an error, but it's not a good example to set) - a later patch will then fix those. No change in functionality here, although further cleanups are in the pipeline. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1454075341-13658-14-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-02-08qapi-visit: Kill unused visit_end_union()Eric Blake
The generated code can call visit_end_union() without having called visit_start_union(). Example: if (!*obj) { goto out_obj; } visit_type_CpuInfoBase_fields(v, (CpuInfoBase **)obj, &err); if (err) { goto out_obj; // if we go from here... } if (!visit_start_union(v, !!(*obj)->u.data, &err) || err) { goto out_obj; } switch ((*obj)->arch) { [...] } out_obj: // ... then *obj is true, and ... error_propagate(errp, err); err = NULL; if (*obj) { // we end up here visit_end_union(v, !!(*obj)->u.data, &err); } error_propagate(errp, err); Harmless only because no visitor implements end_union(). Clean it up anyway, by deleting the function as useless. Messed up since we have visit_end_union (commit cee2ded). Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <1453902888-20457-3-git-send-email-armbru@redhat.com> [expand scope of patch to delete rather than repair] Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1454075341-13658-13-git-send-email-eblake@redhat.com>
2016-02-08qapi: Dealloc visitor does not need a type_size()Eric Blake
The intent of having the visitor type_size() callback differ from type_uint64() is to allow special handling for sizes; the visitor core gracefully falls back to type_uint64() if there is no need for the distinction. Since the dealloc visitor does nothing for any of the int visits, drop the pointless size handler. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1454075341-13658-5-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-02-08qapi: Drop dead dealloc visitor variableEric Blake
Commit 0b9d8542 added StackEntry.is_list_head, but forgot to delete the now-unused QapiDeallocVisitor.is_list_head. Signed-off-by: Eric Blake <eblake@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <1454075341-13658-4-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-02-08qapi: Avoid use of misnamed DO_UPCAST()Eric Blake
The macro DO_UPCAST() is incorrectly named: it converts from a parent class to a derived class (which is a downcast). Better, and more consistent with some of the other qapi visitors, is to use the container_of() macro through a to_FOO() helper. Names like 'to_ov()' may be a bit short, but for a static helper it doesn't hurt too much, and matches existing practice in files like qmp-input-visitor.c. Our current definition of container_of() is weaker than DO_UPCAST(), in that it does not require the derived class to have Visitor as its first member, but this does not hurt our usage patterns in qapi visitors. Signed-off-by: Eric Blake <eblake@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <1454075341-13658-3-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-02-04qapi: Clean up includesPeter Maydell
Clean up includes so that osdep.h is included first and headers which it implies are not included manually. This commit was created with scripts/clean-includes. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Eric Blake <eblake@redhat.com> Message-id: 1454089805-5470-8-git-send-email-peter.maydell@linaro.org
2016-02-02qemu-img: Make MapEntry a QAPI structFam Zheng
The "flags" bit mask is expanded to two booleans, "data" and "zero"; "bs" is replaced with "filename" string. Refactor the merge conditions in img_map() into entry_mergeable(). Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Fam Zheng <famz@redhat.com> Message-id: 1453780743-16806-16-git-send-email-famz@redhat.com Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-02-02block/qapi: Emit tray_open only if there is a trayMax Reitz
Signed-off-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Alberto Garcia <berto@igalia.com> Message-id: 1454096953-31773-5-git-send-email-mreitz@redhat.com
2016-02-02blockdev: Fix 'change' for slot devicesMax Reitz
'change' and related operations did not work when used on guest devices featuring removable media but no actual tray, because blk_dev_is_tray_open() always returned false for them and the blockdev-{insert,remove}-medium commands required it to return true. Fix this by making blockdev-{insert,remove}-medium work on tray-less devices. Also, blockdev-{open,close}-tray are now explicitly no-ops when invoked on such devices, and blk_dev_change_media_cb() is instead called by blockdev-{insert,remove}-medium (for tray-less devices only). Reported-by: Peter Maydell <peter.maydell@linaro.org> Cc: qemu-stable <qemu-stable@nongnu.org> Signed-off-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Alberto Garcia <berto@igalia.com> Message-id: 1454096953-31773-3-git-send-email-mreitz@redhat.com Reviewed-by: Eric Blake <eblake@redhat.com>
2016-01-25fdc: add drive type qapi enumJohn Snow
Change the floppy drive type to a QAPI enum type, to allow us to specify the floppy drive type from the CLI in a forthcoming patch. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: John Snow <jsnow@redhat.com> Message-id: 1453495865-9649-4-git-send-email-jsnow@redhat.com
2016-01-13Migration: Emit event at start of passDr. David Alan Gilbert
Emit an event each time we sync the dirty bitmap on the source; this helps libvirt use postcopy by giving it a kick when it might be a good idea to start the postcopy. Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Amit Shah <amit.shah@redhat.com> Message-Id: <1450266458-3178-5-git-send-email-dgilbert@redhat.com> Signed-off-by: Amit Shah <amit.shah@redhat.com>
2016-01-07qmp: Add blockdev-mirror commandFam Zheng
This will start a mirror job from a named device to another named device, its relation with drive-mirror is similar with blockdev-backup to drive-backup. In blockdev-mirror, the target node should be prepared by blockdev-add, which will be responsible for assigning a name to the new node, so we don't have 'node-name' parameter. Signed-off-by: Fam Zheng <famz@redhat.com> Acked-by: Markus Armbruster <armbru@redhat.com> Message-id: 1450932306-13717-5-git-send-email-famz@redhat.com Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com>
2015-12-23crypto: move QCryptoCipherAlgorithm/Mode enum definitions into QAPIDaniel P. Berrange
The QCryptoCipherAlgorithm and QCryptoCipherMode enums are defined in the crypto/cipher.h header. In the future some QAPI types will want to reference the hash enums, so move the enum definition into QAPI too. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-12-23crypto: move QCryptoHashAlgorithm enum definition into QAPIDaniel P. Berrange
The QCryptoHashAlgorithm enum is defined in the crypto/hash.h header. In the future some QAPI types will want to reference the hash enums, so move the enum definition into QAPI too. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-12-18crypto: add QCryptoSecret object class for password/key handlingDaniel P. Berrange
Introduce a new QCryptoSecret object class which will be used for providing passwords and keys to other objects which need sensitive credentials. The new object can provide secret values directly as properties, or indirectly via a file. The latter includes support for file descriptor passing syntax on UNIX platforms. Ordinarily passing secret values directly as properties is insecure, since they are visible in process listings, or in log files showing the CLI args / QMP commands. It is possible to use AES-256-CBC to encrypt the secret values though, in which case all that is visible is the ciphertext. For ad hoc developer testing though, it is fine to provide the secrets directly without encryption so this is not explicitly forbidden. The anticipated scenario is that libvirtd will create a random master key per QEMU instance (eg /var/run/libvirt/qemu/$VMNAME.key) and will use that key to encrypt all passwords it provides to QEMU via '-object secret,....'. This avoids the need for libvirt (or other mgmt apps) to worry about file descriptor passing. It also makes life easier for people who are scripting the management of QEMU, for whom FD passing is significantly more complex. Providing data inline (insecure, only for ad hoc dev testing) $QEMU -object secret,id=sec0,data=letmein Providing data indirectly in raw format printf "letmein" > mypasswd.txt $QEMU -object secret,id=sec0,file=mypasswd.txt Providing data indirectly in base64 format $QEMU -object secret,id=sec0,file=mykey.b64,format=base64 Providing data with encryption $QEMU -object secret,id=master0,file=mykey.b64,format=base64 \ -object secret,id=sec0,data=[base64 ciphertext],\ keyid=master0,iv=[base64 IV],format=base64 Note that 'format' here refers to the format of the ciphertext data. The decrypted data must always be in raw byte format. More examples are shown in the updated docs. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-12-17kvm: add support for -machine kernel_irqchip=splitMatt Gingell
This patch adds the initial plumbing for split IRQ chip mode via KVM_CAP_SPLIT_IRQCHIP. In addition to option processing, a number of kvm_*_in_kernel macros are defined to help clarify which component is where. Signed-off-by: Matt Gingell <gingell@google.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-12-17qapi: Shorter visits of optional fieldsEric Blake
For less code, reflect the determined boolean value of an optional visit back to the caller instead of making the caller read the boolean after the fact. The resulting generated code has the following diff: |- visit_optional(v, &has_fdset_id, "fdset-id"); |- if (has_fdset_id) { |+ if (visit_optional(v, &has_fdset_id, "fdset-id")) { | visit_type_int(v, &fdset_id, "fdset-id", &err); | if (err) { | goto out; | } | } Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1449033659-25497-10-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-12-17qapi: Simplify visits of optional fieldsEric Blake
None of the visitor callbacks would set an error when testing if an optional field was present; make this part of the interface contract by eliminating the errp argument. The resulting generated code has a nice diff: |- visit_optional(v, &has_fdset_id, "fdset-id", &err); |- if (err) { |- goto out; |- } |+ visit_optional(v, &has_fdset_id, "fdset-id"); | if (has_fdset_id) { | visit_type_int(v, &fdset_id, "fdset-id", &err); | if (err) { | goto out; | } | } Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1449033659-25497-9-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-12-17qapi: Fix alternates that accept 'number' but not 'int'Eric Blake
The QMP input visitor allows integral values to be assigned by promotion to a QTYPE_QFLOAT. However, when parsing an alternate, we did not take this into account, such that an alternate that accepts 'number' and some other type, but not 'int', would reject integral values. With this patch, we now have the following desirable table: alternate has case selected for 'int' 'number' QTYPE_QINT QTYPE_QFLOAT no no error error no yes 'number' 'number' yes no 'int' error yes yes 'int' 'number' While it is unlikely that we will ever use 'number' in an alternate other than in the testsuite, it never hurts to be more precise in what we allow. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1449033659-25497-8-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-12-17qapi: Simplify visiting of alternate typesEric Blake
Previously, working with alternates required two lookup arrays and some indirection: for type Foo, we created Foo_qtypes[] which maps each qtype to a value of the generated FooKind enum, then look up that value in FooKind_lookup[] like we do for other union types. This has a couple of subtle bugs. First, the generator was creating a call with a parameter '(int *) &(*obj)->type' where type is an enum type; this is unsafe if the compiler chooses to store the enum type in a different size than int, where assigning through the wrong size pointer can corrupt data or cause a SIGBUS. Related bug, not not fixed in this patch: qapi-visit.py's gen_visit_enum() generates a cast of its enum * argument to int *. Marked FIXME. Second, since the values of the FooKind enum start at zero, all entries of the Foo_qtypes[] array that were not explicitly initialized will map to the same branch of the union as the first member of the alternate, rather than triggering a desired failure in visit_get_next_type(). Fortunately, the bug seldom bites; the very next thing the input visitor does is try to parse the incoming JSON with the wrong parser, which normally fails; the output visitor is not used with a C struct in that state, and the dealloc visitor has nothing to clean up (so there is no leak). However, the second bug IS observable in one case: parsing an integer causes unusual behavior in an alternate that contains at least a 'number' member but no 'int' member, because the 'number' parser accepts QTYPE_QINT in addition to the expected QTYPE_QFLOAT (that is, since 'int' is not a member, the type QTYPE_QINT accidentally maps to FooKind 0; if this enum value is the 'number' branch the integer parses successfully, but if the 'number' branch is not first, some other branch tries to parse the integer and rejects it). A later patch will worry about fixing alternates to always parse all inputs that a non-alternate 'number' would accept, for now this is still marked FIXME in the updated test-qmp-input-visitor.c, to merely point out that new undesired behavior of 'ans' matches the existing undesired behavior of 'asn'. This patch fixes the default-initialization bug by deleting the indirection, and modifying get_next_type() to directly assign a QTypeCode parameter. This in turn fixes the type-casting bug, as we are no longer casting a pointer to enum to a questionable size. There is no longer a need to generate an implicit FooKind enum associated with the alternate type (since the QMP wire format never uses the stringized counterparts of the C union member names). Since the updated visit_get_next_type() does not know which qtypes are expected, the generated visitor is modified to generate an error statement if an unexpected type is encountered. Callers now have to know the QTYPE_* mapping when looking at the discriminator; but so far, only the testsuite was even using the C struct of an alternate types. I considered the possibility of keeping the internal enum FooKind, but initialized differently than most generated arrays, as in: typedef enum FooKind { FOO_KIND_A = QTYPE_QDICT, FOO_KIND_B = QTYPE_QINT, } FooKind; to create nicer aliases for knowing when to use foo->a or foo->b when inspecting foo->type; but it turned out to add too much complexity, especially without a client. There is a user-visible side effect to this change, but I consider it to be an improvement. Previously, the invalid QMP command: {"execute":"blockdev-add", "arguments":{"options": {"driver":"raw", "id":"a", "file":true}}} failed with: {"error": {"class": "GenericError", "desc": "Invalid parameter type for 'file', expected: QDict"}} (visit_get_next_type() succeeded, and the error comes from the visit_type_BlockdevOptions() expecting {}; there is no mention of the fact that a string would also work). Now it fails with: {"error": {"class": "GenericError", "desc": "Invalid parameter type for 'file', expected: BlockdevRef"}} (the error when the next type doesn't match any expected types for the overall alternate). Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1449033659-25497-5-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-12-17qapi: Add alias for ErrorClassEric Blake
The qapi enum ErrorClass is unusual that it uses 'CamelCase' names, contrary to our documented convention of preferring 'lower-case'. However, this enum is entrenched in the API; we cannot change what strings QMP outputs. Meanwhile, we want to simplify how c_enum_const() is used to generate enum constants, by moving away from the heuristics of camel_to_upper() to a more straightforward c_name(N).upper() - but doing so will rename all of the ErrorClass constants and cause churn to all client files, where the new names are aesthetically less pleasing (ERROR_CLASS_DEVICENOTFOUND looks like we can't make up our minds on whether to break between words). So as always in computer science, solve the problem by some more indirection: rename the qapi type to QapiErrorClass, and add a new enum ErrorClass in error.h whose members are aliases of the qapi type, but with the spelling expected elsewhere in the tree. Then, when c_enum_const() changes the munging, we only have to adjust the one alias spot. Suggested by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1447836791-369-26-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-12-17blkdebug: Avoid '.' in enum valuesEric Blake
Our qapi conventions document that '.' should only be used in the prefix of downstream names. BlkdebugEvent was a lone exception to this. Changing this is not backwards compatible to the 'blockdev-add' QMP command; however, that command is not yet fully stable. It can also be argued that the testsuite is the biggest user of blkdebug, and that any other user can be taught to deal with the change by paying attention to introspection results. Done with: $ for str in \ l1_grow.{alloc,write,activate}_table \ l2_alloc.{cow_read,write} \ refblock_alloc.{hookup,write,write_blocks,write_table,switch_table} \ pwritev_rmw.{head,after_head,tail,after_tail}; do str1=$(echo "$str" | sed 's/\./\\./') str2=$(echo "$str" | sed 's/\./_/') git grep -l "$str1" | xargs -r sed -i "s/$str1/$str2/g" done followed by a manual touchup to test 77 to keep the test working. Reported-by: Markus Armbruster <armbru@redhat.com> CC: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1447836791-369-21-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-12-17blkdebug: Merge hand-rolled and qapi BlkdebugEvent enumEric Blake
No need to keep two separate enums, where editing one is likely to forget the other. Now that we can specify a qapi enum prefix, we don't even have to change the bulk of the uses. get_event_by_name() could perhaps be replaced by qapi_enum_parse(), but I left that for another day. CC: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1447836791-369-20-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-12-11blockdev: Mark {insert, remove}-medium experimentalMax Reitz
While in the long term we want throttling to be its own block filter BDS, in the short term we want it to be part of the BB instead of a BDS; even in the long term we may want legacy throttling to be automatically tied to the BB. blockdev-insert-medium and blockdev-remove-medium do not retain throttling information in the BB (deliberately so). Therefore, using them means tying this information to a BDS, which would break the model described above. (The same applies to other flags such as detect_zeroes.) We probably want to move this information to the BB or its own filter BDS before blockdev-{insert,remove}-medium can be considered completely stable. Therefore, mark these functions experimental for the time being. Suggested-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com> Acked-by: Markus Armbruster <armbru@redhat.com> Acked-by: Kevin Wolf <kwolf@redhat.com> Message-id: 1449847385-13986-2-git-send-email-mreitz@redhat.com Reviewed-by: Eric Blake <eblake@redhat.com> [PMM: fixed format nit (underlining) in qmp-commands.hx] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-11-17Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into ↵Peter Maydell
staging # gpg: Signature made Tue 17 Nov 2015 11:13:05 GMT using RSA key ID 81AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" * remotes/stefanha/tags/block-pull-request: virtio-blk: Fix double completion for werror=stop block: make 'stats-interval' an array of ints instead of a string aio-epoll: Fix use-after-free of node disas/arm: avoid clang shifting negative signed warning tpm: avoid clang shifting negative signed warning tests: Ignore recent test binaries docs: update bitmaps.md Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-11-17block: make 'stats-interval' an array of ints instead of a stringAlberto Garcia
This is the natural JSON representation and prevents us from having to decode the list manually. Signed-off-by: Alberto Garcia <berto@igalia.com> Message-id: 0e3da8fa206f4ab534ae3ce6086e75fe84f1557e.1447665472.git.berto@igalia.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-11-17qapi: Document introspection stability considerationsEric Blake
We are not ready (and might never be ready) to declare introspection stable between releases. Clients written to control multiple versions of qemu, and desiring to know whether a particular member is supported for a given command, must be prepared to locate that member in spite of qapi changes that may affect the member's location or type within the overall object, even though such changes did not break QMP wire back-compatibility. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1447264202-19554-1-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-11-12block: New option to define the intervals for collecting I/O statisticsAlberto Garcia
The BlockAcctStats structure contains a list of BlockAcctTimedStats. Each one of these collects statistics about the minimum, maximum and average latencies of all I/O operations in a certain interval of time. This patch adds a new "stats-intervals" option that allows defining these intervals. Signed-off-by: Alberto Garcia <berto@igalia.com> Message-id: 41cbcd334a61c6157f0f495cdfd21eff6c156f2a.1446044837.git.berto@igalia.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-11-12block: Add average I/O queue depth to BlockDeviceTimedStatsAlberto Garcia
This patch adds two new fields to BlockDeviceTimedStats that track the average number of pending read and write requests for a block device. The values are calculated for the period of time defined for that interval. Signed-off-by: Alberto Garcia <berto@igalia.com> Message-id: fd31fef53e2714f2f30d59ed58ca2f67ec9ab926.1446044837.git.berto@igalia.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-11-12block: Compute minimum, maximum and average I/O latenciesAlberto Garcia
This patch keeps track of the minimum, maximum and average latencies of I/O operations during a certain interval of time. The values are exposed in the BlockDeviceTimedStats structure. An option to define the intervals to collect these statistics will be added in a separate patch. Signed-off-by: Alberto Garcia <berto@igalia.com> Message-id: c7382dc89622c64f918d09f32815827772628f8e.1446044837.git.berto@igalia.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-11-12block: Allow configuring whether to account failed and invalid opsAlberto Garcia
This patch adds two options, "stats-account-invalid" and "stats-account-failed", that can be used to decide whether invalid and failed I/O operations must be used when collecting statistics for latency and last access time. Signed-off-by: Alberto Garcia <berto@igalia.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Message-id: ebc7e5966511a342cad428a392c5f5ad56b15213.1446044837.git.berto@igalia.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-11-12block: Add statistics for failed and invalid I/O operationsAlberto Garcia
This patch adds the block_acct_failed() and block_acct_invalid() functions to allow keeping track of failed and invalid I/O operations. The number of failed and invalid operations is exposed in BlockDeviceStats. We don't keep track of the time spent on invalid operations because they are cancelled immediately when they are started. Signed-off-by: Alberto Garcia <berto@igalia.com> Message-id: a7256ccb883a86356b1c6c46b5a29ed5448546a5.1446044837.git.berto@igalia.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-11-12block: Add idle_time_ns to BlockDeviceStatsAlberto Garcia
This patch adds the new field 'idle_time_ns' to the BlockDeviceStats structure, indicating the time that has passed since the previous I/O operation. It also adds the block_acct_idle_time_ns() call, to ensure that all references to the clock type used for accounting are in the same place. This will later allow us to use a different clock for iotests. Signed-off-by: Alberto Garcia <berto@igalia.com> Message-id: 7d8cfcf931453e1a2443e6626e8c1edc347c7c8a.1446044837.git.berto@igalia.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-11-11block: Add 'x-blockdev-del' QMP commandAlberto Garcia
This command is still experimental, hence the name. This is the companion to 'blockdev-add'. It allows deleting a BlockBackend with its associated BlockDriverState tree, or a BlockDriverState that is not attached to any backend. In either case, the command fails if the reference count is greater than 1 or the BlockDriverState has any parents. Signed-off-by: Alberto Garcia <berto@igalia.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Message-id: 6cfc148c77aca1da942b094d811bfa3fcf7ac7bb.1446475331.git.berto@igalia.com Signed-off-by: Max Reitz <mreitz@redhat.com>
2015-11-11block: add a 'blockdev-snapshot' QMP commandAlberto Garcia
One of the limitations of the 'blockdev-snapshot-sync' command is that it does not allow passing BlockdevOptions to the newly created snapshots, so they are always opened using the default values. Extending the command to allow passing options is not a practical solution because there is overlap between those options and some of the existing parameters of the command. This patch introduces a new 'blockdev-snapshot' command with a simpler interface: it just takes two references to existing block devices that will be used as the source and target for the snapshot. Since the main difference between the two commands is that one of them creates and opens the target image, while the other uses an already opened one, the bulk of the implementation is shared. Signed-off-by: Alberto Garcia <berto@igalia.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-11-11block: rename BlockdevSnapshot to BlockdevSnapshotSyncAlberto Garcia
We will introduce the 'blockdev-snapshot' command that will require its own struct for the parameters, so we need to rename this one in order to avoid name clashes. Signed-off-by: Alberto Garcia <berto@igalia.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Jeff Cody <jcody@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-11-11blockdev: read-only-mode for blockdev-change-mediumMax Reitz
Add an option to qmp_blockdev_change_medium() which allows changing the read-only status of the block device whose medium is changed. Some drives do not have a inherently fixed read-only status; for instance, floppy disks can be set read-only or writable independently of the drive. Some users may find it useful to be able to therefore change the read-only status of a block device when changing the medium. Signed-off-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>