aboutsummaryrefslogtreecommitdiff
path: root/tests
AgeCommit message (Collapse)Author
2014-06-23test: add test cases for qapi eventWenchao Xia
These cases will verify whether the expected qdict is built. Signed-off-by: Wenchao Xia <wenchaoqemu@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-06-23qapi script: add event supportWenchao Xia
qapi-event.py will parse the schema and generate qapi-event.c, then the API in qapi-event.c can be used to handle events in qemu code. All API have prefix "qapi_event". The script mainly includes two parts: generate API for each event define, generate an enum type for all defined events. Since in some cases the real emit behavior may change, for example, qemu-img would not send a event, a callback layer is used to control the behavior. As a result, the stubs at compile time can be saved, the binding of block layer code and monitor code will become looser. Signed-off-by: Wenchao Xia <wenchaoqemu@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-06-23json-lexer: fix escaped backslash in single-quoted stringPaolo Bonzini
This made the lexer wait for a closing *double* quote. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Amos Kong <akong@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-06-19tests: simplify codeMichael S. Tsirkin
Use error_abort instead of open-coded assert. Cleaner and shorter. Reported-by: Eric Blake <eblake@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2014-06-19qapi: make string output visitor parse int listHu Tao
Signed-off-by: Hu Tao <hutao@cn.fujitsu.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Tested-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> MST: split up patch
2014-06-19qapi: make string input visitor parse int listHu Tao
Signed-off-by: Hu Tao <hutao@cn.fujitsu.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Tested-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> MST: split up patch
2014-06-19tests: fix memory leak in test of string input visitorHu Tao
Signed-off-by: Hu Tao <hutao@cn.fujitsu.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-06-19tests: disable vhost test temporarilyMichael S. Tsirkin
This test needs a bit more work: issues have been found on legacy systems, disable it for now to avoid false positives for people. Will re-enable after issues are addressed. Reported-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-06-19Add qtest for vhost-userNikolay Nikolaev
This test creates a 'server' chardev to listen for vhost-user messages. Once VHOST_USER_SET_MEM_TABLE is received it mmaps each received region, and read 1k bytes from it. The read data is compared to data from readl. The test requires hugetlbfs to be already mounted and writable. The mount point defaults to '/hugetlbfs' and can be specified via the environment variable QTEST_HUGETLBFS_PATH. The rom pc-bios/pxe-virtio.rom is used to instantiate a virtio pcicontroller. Signed-off-by: Antonios Motakis <a.motakis@virtualopensystems.com> Signed-off-by: Nikolay Nikolaev <n.nikolaev@virtualopensystems.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> MST: fix up coding style MST: disable vhost test temporarily This test needs a bit more work: issues have been found on legacy systems, disable it for now to avoid false positives for people. Will re-enable after issues are addressed. Reported-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-06-19acpi-test: update expected tablesMichael S. Tsirkin
Update ACPI tables test to match new ACPI tables after adding the memory hotplug feature. Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-06-16Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into ↵Peter Maydell
staging Block pull request # gpg: Signature made Mon 16 Jun 2014 12:22:22 BST using RSA key ID 81AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" * remotes/stefanha/tags/block-pull-request: (39 commits) QemuOpts: cleanup tmp 'allocated' member from QemuOptsList cleanup QEMUOptionParameter vpc.c: replace QEMUOptionParameter with QemuOpts vmdk.c: replace QEMUOptionParameter with QemuOpts vhdx.c: replace QEMUOptionParameter with QemuOpts vdi.c: replace QEMUOptionParameter with QemuOpts ssh.c: replace QEMUOptionParameter with QemuOpts sheepdog.c: replace QEMUOptionParameter with QemuOpts rbd.c: replace QEMUOptionParameter with QemuOpts raw_bsd.c: replace QEMUOptionParameter with QemuOpts raw-win32.c: replace QEMUOptionParameter with QemuOpts raw-posix.c: replace QEMUOptionParameter with QemuOpts qed.c: replace QEMUOptionParameter with QemuOpts qcow2.c: replace QEMUOptionParameter with QemuOpts QemuOpts: export qemu_opt_find qcow.c: replace QEMUOptionParameter with QemuOpts nfs.c: replace QEMUOptionParameter with QemuOpts iscsi.c: replace QEMUOptionParameter with QemuOpts gluster.c: replace QEMUOptionParameter with QemuOpts cow.c: replace QEMUOptionParameter with QemuOpts ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-06-16change block layer to support both QemuOpts and QEMUOptionParamterChunyan Liu
Change block layer to support both QemuOpts and QEMUOptionParameter. After this patch, it will change backend drivers one by one. At the end, QEMUOptionParameter will be removed and only QemuOpts is kept. Signed-off-by: Dong Xu Wang <wdongxu@linux.vnet.ibm.com> Signed-off-by: Chunyan Liu <cyliu@suse.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-06-16configure: Enable dead code (lzo, snappy, quorum)Stefan Weil
Those options were not enabled by default, even when the build environment would have supported them, so the corresponding code was not compiled in normal test builds like on build bots. [Building quorum by default "broke" qemu-iotests ./check 081. It turns out the 081.out master output was just bitrotted. Fix this by updating the error message. --Stefan] Signed-off-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Qiao Nuohan <qiaonuohan@cn.fujitsu.com> Reviewed-by: Benoit Canet <benoit@irqsave.net> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-06-16vmstate: Refactor opening of filesJuan Quintela
Signed-off-by: Juan Quintela <quintela@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Amit Shah <amit.shah@redhat.com>
2014-06-09Merge remote-tracking branch 'remotes/stefanha/tags/net-pull-request' into ↵Peter Maydell
staging Net patches # gpg: Signature made Mon 09 Jun 2014 14:41:34 BST using RSA key ID 81AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" * remotes/stefanha/tags/net-pull-request: e1000: remove broken support for 82573L tests: e1000: test additional device IDs e1000: allow command-line selection of card model vmxnet3: fix msix vectors unuse net: xilinx_ethlite: Fix Rx-pong interrupt Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-06-09e1000: remove broken support for 82573LGabriel L. Somlo
Currently, e1000 support is based on the manual for the 8254xx model series. 82573x models are documented in a separate manual (see http://www.intel.com/content/dam/www/public/us/en/documents/manuals/pcie-gbe-controllers-open-source-manual.pdf) and the 82573L device ID no longer works correctly on either Linux (3.14.*) or Windows 7. This patch removes stale code claiming to support 82573L, cleaning up the code base for the remaining 8254xx model series. Signed-off-by: Gabriel Somlo <somlo@cmu.edu> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-06-09tests: e1000: test additional device IDsGabriel L. Somlo
Update e1000-test.c to check all currently supported devices. Suggested-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Gabriel Somlo <somlo@cmu.edu> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-06-09Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into ↵Peter Maydell
staging Block pull request # gpg: Signature made Fri 06 Jun 2014 17:08:50 BST using RSA key ID 81AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" * remotes/stefanha/tags/block-pull-request: (42 commits) qapi: Extract qapi/block.json definitions qapi: Extract qapi/block-core.json definitions qapi: create two block related json modules qapi: Extract qapi/common.json definitions sheepdog: reload only header in a case of live snapshot sheepdog: fix vdi object update after live snapshot rbd: Fix leaks in rbd_start_aio() error path qemu-img: Document check exit codes block: fix wrong order in live block migration setup blockdev: acquire AioContext in block_set_io_throttle throttle: add detach/attach test case throttle: add throttle_detach/attach_aio_context() dataplane: Support VIRTIO_BLK_T_SCSI_CMD virtio-blk: Factor out virtio_blk_handle_scsi_req from virtio_blk_handle_scsi virtio-blk: Allow config-wce in dataplane block: Move declaration of bdrv_get_aio_context to block.h raw-posix: drop raw_get_aio_fd() since it is no longer used dataplane: implement async flush dataplane: delete IOQueue since it is no longer used dataplane: use the QEMU block layer for I/O ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-06-05Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into stagingPeter Maydell
pc,pci,virtio,qdev fixes, tests new tests for SMBIOS SMBIOS fixes pc, pci fixes qdev patches stayed on list for a month with no review, as I told people on KVM forum I'm merging stuch patches if they look fine. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> * remotes/mst/tags/for_upstream: qdev: Add test of qdev_prop_check_global qdev: Display warning about unused -global tests: add smbios testing tests: rename acpi-test to bios-tables-test virtio-balloon: return empty data when no stats are available pcie_host: Turn pcie_host_init() into an instance_init SMBIOS: Fix type 17 field sizes SMBIOS: Update Type 0 struct generator for machines >= 2.1 SMBIOS: Fix endian-ness when populating multi-byte fields serial-pci: Set prog interface field of pci config to 16550 compatible Conflicts: include/hw/i386/pc.h [PMM: fixed trivial conflict in pc.h] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-06-05qdev: Add test of qdev_prop_check_globalDon Slutz
This will generate a warning from "make check": ... GTESTER tests/test-qdev-global-props Warning: "-global dynamic-prop-type-bad.prop3=103" not used GTESTER tests/check-qom-interface ... If the warning is not generated, the test will fail. Signed-off-by: Don Slutz <dslutz@verizon.com> Acked-by: Michael S. Tsirkin <mst@redhat.com>
2014-06-04throttle: add detach/attach test caseStefan Hajnoczi
Add a test case that checks the timer is really removed/added by the detach/attach functions. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Benoit Canet <benoit@irqsave.net>
2014-06-04throttle: add throttle_detach/attach_aio_context()Stefan Hajnoczi
Block I/O throttling uses timers and currently always adds them to the main loop. Throttling will break if bdrv_set_aio_context() is used to move a BlockDriverState to a different AioContext. This patch adds throttle_detach/attach_aio_context() interfaces so the throttling timers and uses them to move timers to the new AioContext. Note that bdrv_set_aio_context() already drains all requests so we're sure no throttled requests are pending. The test cases need to be updated since the throttle_init() interface has changed. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Benoit Canet <benoit@irqsave.net>
2014-06-02usb: improve ehci/uhci testGerd Hoffmann
* Attach usb devices to the bus. * Check initial port status register state. * Flip ehci initialization bit. * Check port status register state again to see whenever device handover to ehci worked. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-06-02qtest: fix qpci_config_writelGerd Hoffmann
Found by Paolo. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-05-28tests: Check empty QMP output visitorMarcel Apfelbaum
Checks the output visitor behaviour for NULL values. Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Acked-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-05-28qom-test: Test qom-list on link<> propertiesCole Robinson
But don't test their properties, otherwise we will recurse forever. Their properties are already tested when we encounter them as child<> properties elsewhere in the hierarchy, like /machine/unattached/... This would have caught the crash fixed by 92b3eead. Signed-off-by: Cole Robinson <crobinso@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-05-28Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into ↵Peter Maydell
staging Block pull request # gpg: Signature made Wed 28 May 2014 13:31:15 BST using RSA key ID 81AB73C8 # gpg: Can't check signature: public key not found * remotes/stefanha/tags/block-pull-request: (33 commits) block/sheepdog: Don't use qerror_report() block/sheepdog: Fix silent sd_open(), sd_create() failures block/sheepdog: Propagate errors to open and create methods block/sheepdog: Propagate errors through find_vdi_name() block/sheepdog: Propagate errors through do_sd_create() block/sheepdog: Propagate errors through sd_prealloc() block/sheepdog: Propagate errors through get_sheep_fd() block/sheepdog: Propagate errors through connect_to_sdog() block/vvfat: Propagate errors through init_directories() block/vvfat: Propagate errors through enable_write_target() block/ssh: Propagate errors to open and create methods block/ssh: Propagate errors through connect_to_ssh() block/ssh: Propagate errors through authenticate() block/ssh: Propagate errors through check_host_key() block/ssh: Drop superfluous libssh2_session_last_errno() calls block/rbd: Propagate errors to open and create methods qemu-nbd: Don't use qerror_report() blockdev: Don't use qerror_report() in do_drive_del() blockdev: Don't use qerror_report_err() in drive_init() docs: Define refcount_bits value ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-05-28Merge remote-tracking branch 'remotes/xtensa/tags/20140526-xtensa' into stagingPeter Maydell
Xtensa fixes queue 2014-05-26: - fix cross-page jumps/calls at the end of TB; - add tests for TBs and instructions crossing page boundary. # gpg: Signature made Mon 26 May 2014 09:37:39 BST using RSA key ID F83FA044 # gpg: Can't check signature: public key not found * remotes/xtensa/tags/20140526-xtensa: target-xtensa: add tests for cross-page TB target-xtensa: completely clean TLB between MMU tests target-xtensa: fix cross-page jumps/calls at the end of TB Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-05-28iotests: Use _img_info in test 089Max Reitz
Currently, test 089 uses $QEMU_IMG info manually in order to obtain the according output. However, the iotests should generally use _img_info as this filters out more irrelevant information such as the host image size or format specific information. Therefore, test 089 should use _img_info as well. Signed-off-by: Max Reitz <mreitz@redhat.com> Reported-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-05-28aio: Fix use-after-free in cancellation pathFam Zheng
The current flow of canceling a thread from THREAD_ACTIVE state is: 1) Caller wants to cancel a request, so it calls thread_pool_cancel. 2) thread_pool_cancel waits on the conditional variable elem->check_cancel. 3) The worker thread changes state to THREAD_DONE once the task is done, and notifies elem->check_cancel to allow thread_pool_cancel to continue execution, and signals the notifier (pool->notifier) to allow callback function to be called later. But because of the global mutex, the notifier won't get processed until step 4) and 5) are done. 4) thread_pool_cancel continues, leaving the notifier signaled, it just returns to caller. 5) Caller thinks the request is already canceled successfully, so it releases any related data, such as freeing elem->common.opaque. 6) In the next main loop iteration, the notifier handler, event_notifier_ready, is called. It finds the canceled thread in THREAD_DONE state, so calls elem->common.cb, with an (likely) dangling opaque pointer. This is a use-after-free. Fix it by calling event_notifier_ready before leaving thread_pool_cancel. Test case update: This change will let cancel complete earlier than test-thread-pool.c expects, so update the code to check this case: if it's already done, done_cb sets .aiocb to NULL, skip calling bdrv_aio_cancel on them. Reported-by: Ulrich Obergfell <uobergfe@redhat.com> Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Fam Zheng <famz@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-05-28QemuOpt: add unit testsLeandro Dorileo
Cover basic aspects and API usage for QemuOpt. The current implementation covers the API's planned to be changed by Chunyan Liu in his QEMUOptionParameter replacement/cleanup job. Other APIs should be covered in future improvements. [Squashing in a small fix "QemuOpt: use qemu_find_opts_err() to avoid output on stderr in tests". qemu_find_opts() calls error_report() instead of propagating the Error object. It is undesirable to clutter test case output with error messages from a passing test. Use qemu_find_opts_err() to avoid the output on stderr. --Stefan] Signed-off-by: Leandro Dorileo <l@dorileo.org> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-05-28qemu-iotests: Handle cache mode option in 091Fam Zheng
We should allow testing this on tmpfs. Any cache setting in iotests should try to obey $CACHEMODE. The cache mode is still "none" by default but overridable Signed-off-by: Fam Zheng <famz@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-05-27tests: add smbios testingGabriel L. Somlo
Add tests to find and verify the smbios entry point structure, and to walk and perform checks on the actual smbios tables. Suggested-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Gabriel Somlo <somlo@cmu.edu> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-05-27tests: rename acpi-test to bios-tables-testGabriel L. Somlo
The test harness for acpi (generating a boot disk, starting qemu, waiting for the BIOS to finish booting before examining guest memory, etc.) is perfectly suited for testing other bios tables beside acpi, such as e.g., smbios. This patch renames acpi-test to bios-tables-test to reflect that, and in preparation for adding smbios tests. Signed-off-by: Gabriel Somlo <somlo@cmu.edu> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-05-26target-xtensa: add tests for cross-page TBMax Filippov
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2014-05-26target-xtensa: completely clean TLB between MMU testsMax Filippov
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2014-05-24test: lm32: use semihosting for testingMichael Walle
Instead of the lm32-sys device, use semihosting to print to the host console and exit the test. Signed-off-by: Michael Walle <michael@walle.cc>
2014-05-24test: lm32: make test cases independentMichael Walle
Make test cases independent from from each other. Eg. if a test case needs a specific value in register A, don't rely on the fact that it is already set by the preceding test case. Signed-off-by: Michael Walle <michael@walle.cc>
2014-05-20Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into stagingPeter Maydell
Block patches # gpg: Signature made Mon 19 May 2014 15:21:14 BST using RSA key ID C88F2FD6 # gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" * remotes/kevin/tags/for-upstream: (22 commits) block: optimize zero writes with bdrv_write_zeroes blockdev: add a function to parse enum ids from strings util: add qemu_iovec_is_zero qcow1: Stricter backing file length check qcow1: Validate image size (CVE-2014-0223) qcow1: Validate L2 table size (CVE-2014-0222) qcow1: Check maximum cluster size qcow1: Make padding in the header explicit curl: Add usage documentation curl: Add sslverify option curl: Remove broken parsing of options from url curl: Fix build when curl_multi_socket_action isn't available qemu-iotests: Fix blkdebug in VM drive in 030 qemu-iotests: Fix core dump suppression in test 039 iotests: Add test for the JSON protocol block: Allow JSON filenames check-qdict: Add test for qdict_join() qdict: Add qdict_join() block: add test for vhdx image created by Disk2VHD block: vhdx - account for identical header sections ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-05-19block: optimize zero writes with bdrv_write_zeroesPeter Lieven
this patch tries to optimize zero write requests by automatically using bdrv_write_zeroes if it is supported by the format. This significantly speeds up file system initialization and should speed zero write test used to test backend storage performance. I ran the following 2 tests on my internal SSD with a 50G QCOW2 container and on an attached iSCSI storage. a) mkfs.ext4 -E lazy_itable_init=0,lazy_journal_init=0 /dev/vdX QCOW2 [off] [on] [unmap] ----- runtime: 14secs 1.1secs 1.1secs filesize: 937M 18M 18M iSCSI [off] [on] [unmap] ---- runtime: 9.3s 0.9s 0.9s b) dd if=/dev/zero of=/dev/vdX bs=1M oflag=direct QCOW2 [off] [on] [unmap] ----- runtime: 246secs 18secs 18secs filesize: 51G 192K 192K throughput: 203M/s 2.3G/s 2.3G/s iSCSI* [off] [on] [unmap] ---- runtime: 8mins 45secs 33secs throughput: 106M/s 1.2G/s 1.6G/s allocated: 100% 100% 0% * The storage was connected via an 1Gbit interface. It seems to internally handle writing zeroes via WRITESAME16 very fast. Signed-off-by: Peter Lieven <pl@kamp.de> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-05-19qcow1: Stricter backing file length checkKevin Wolf
Like qcow2 since commit 6d33e8e7, error out on invalid lengths instead of silently truncating them to 1023. Also don't rely on bdrv_pread() catching integer overflows that make len negative, but use unsigned variables in the first place. Cc: qemu-stable@nongnu.org Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Benoit Canet <benoit@irqsave.net>
2014-05-19qcow1: Validate image size (CVE-2014-0223)Kevin Wolf
A huge image size could cause s->l1_size to overflow. Make sure that images never require a L1 table larger than what fits in s->l1_size. This cannot only cause unbounded allocations, but also the allocation of a too small L1 table, resulting in out-of-bounds array accesses (both reads and writes). Cc: qemu-stable@nongnu.org Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-05-19qcow1: Validate L2 table size (CVE-2014-0222)Kevin Wolf
Too large L2 table sizes cause unbounded allocations. Images actually created by qemu-img only have 512 byte or 4k L2 tables. To keep things consistent with cluster sizes, allow ranges between 512 bytes and 64k (in fact, down to 1 entry = 8 bytes is technically working, but L2 table sizes smaller than a cluster don't make a lot of sense). This also means that the number of bytes on the virtual disk that are described by the same L2 table is limited to at most 8k * 64k or 2^29, preventively avoiding any integer overflows. Cc: qemu-stable@nongnu.org Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Benoit Canet <benoit@irqsave.net>
2014-05-19qcow1: Check maximum cluster sizeKevin Wolf
Huge values for header.cluster_bits cause unbounded allocations (e.g. for s->cluster_cache) and crash qemu this way. Less huge values may survive those allocations, but can cause integer overflows later on. The only cluster sizes that qemu can create are 4k (for standalone images) and 512 (for images with backing files), so we can limit it to 64k. Cc: qemu-stable@nongnu.org Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Benoit Canet <benoit@irqsave.net>
2014-05-19qemu-iotests: Fix blkdebug in VM drive in 030Fam Zheng
The test test_stream_pause in this class uses vm.pause_drive, which requires a blkdebug driver on top of image, otherwise it's no-op and the test running is undeterministic. So add it. Signed-off-by: Fam Zheng <famz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-05-19qemu-iotests: Fix core dump suppression in test 039Markus Armbruster
The shell script attempts to suppress core dumps like this: old_ulimit=$(ulimit -c) ulimit -c 0 $QEMU_IO arg... ulimit -c "$old_ulimit" This breaks the test hard unless the limit was zero to begin with! ulimit sets both hard and soft limit by default, and (re-)raising the hard limit requires privileges. Broken since it was added in commit dc68afe. Could be fixed by adding -S to set only the soft limit, but I'm not sure how portable that is in practice. Simply do it in a subshell instead, like this: (ulimit -c 0; exec $QEMU_IO arg...) Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-05-19iotests: Add test for the JSON protocolMax Reitz
Add a test for the JSON protocol driver. Signed-off-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-05-19check-qdict: Add test for qdict_join()Max Reitz
Add some test cases for qdict_join(). Signed-off-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Benoit Canet <benoit@irqsave.net> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-05-19block: add test for vhdx image created by Disk2VHDJeff Cody
This adds a test for VHDX images created by Microsoft's tool, Disk2VHD. VHDX images created by this tool have 2 identical header sections, with identical sequence numbers. This makes sure we detect VHDX images with identical headers, and do not flag them as corrupt. Signed-off-by: Jeff Cody <jcody@redhat.com> Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-05-16qapi: skip redundant includesBenoît Canet
The purpose of this change is to help create a json file containing common definitions; each bit of generated C code must be emitted only one time. A second history global to all QAPISchema instances has been added to detect when a file is included more than one time and skip these includes. It does not act as a stack and the changes made to it by the __init__ function are propagated back to the caller so it's really a global state. Signed-off-by: Benoit Canet <benoit@irqsave.net> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>