aboutsummaryrefslogtreecommitdiff
path: root/util
AgeCommit message (Collapse)Author
2015-02-10util/uri: URI member path can be null, compare more carfullyMarkus Armbruster
uri_resolve_relative() calls strcmp(bas->path, ref->path). However, either argument could be null! Evidence: the code checks for null after the comparison. Spotted by Coverity. I suspect this was screwed up when we stole the code from libxml2. There the conditional reads xmlStrEqual((xmlChar *)bas->path, (xmlChar *)ref->path) with int xmlStrEqual(const xmlChar *str1, const xmlChar *str2) { if (str1 == str2) return(1); if (str1 == NULL) return(0); if (str2 == NULL) return(0); do { if (*str1++ != *str2) return(0); } while (*str2++); return(1); } Fix by replicating libxml2's logic faithfully. Cc: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-02-10util/uri: realloc2n() can't fail, drop dead error handlingMarkus Armbruster
Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-02-10util/uri: uri_new() can't fail, drop dead error handlingMarkus Armbruster
Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-02-10qemu-option: Pair g_malloc() with g_free(), not free()Markus Armbruster
Spotted by Coverity with preview checker ALLOC_FREE_MISMATCH enabled and my "coverity: Model g_free() isn't necessarily free()" model patch applied. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Gonglei <arei.gonglei@huawei.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-02-10qemu-option: Replace pointless use of g_malloc0() by g_malloc()Markus Armbruster
get_opt_value() takes a write-only buffer, so zeroing it is pointless. We don't do it elsewhere, either. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Gonglei <arei.gonglei@huawei.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-02-10qemu-sockets: Fix buffer overflow in inet_parse()Kevin Wolf
The size of the stack allocated host[] array didn't account for the terminating '\0' byte that sscanf() writes. Fix the array size. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-02-10aes: remove a dead return statementPaolo Bonzini
bits is checked to be 128, 192 or 256 at the beginning of the function. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-02-10qemu-sockets: improve error reporting in unix_listen_optsPaolo Bonzini
Coverity complains about not checking the returned value of mkstemp. While at it, also improve error checking for snprintf, and refine error messages in general. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-02-02rcu: add call_rcuPaolo Bonzini
Asynchronous callbacks provided by call_rcu are particularly important for QEMU, because the BQL makes it hard to use synchronize_rcu. In addition, the current RCU implementation is not particularly friendly to multiple concurrent synchronize_rcu callers, making call_rcu even more important. Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-02-02rcu: add rcu libraryPaolo Bonzini
This includes a (mangled) copy of the liburcu code. The main changes are: 1) removing dependencies on many other header files in liburcu; 2) removing for simplicity the tentative busy waiting in synchronize_rcu, which has limited performance effects; 3) replacing futexes in synchronize_rcu with QemuEvents for Win32 portability. The API is the same as liburcu, so it should be possible in the future to require liburcu on POSIX systems for example and use our copy only on Windows. Among the various versions available I chose urcu-mb, which is the least invasive implementation even though it does not have the fastest rcu_read_{lock,unlock} implementation. The urcu flavor can be changed later, after benchmarking. Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-02-02qemu-thread: fix qemu_event without futexesPaolo Bonzini
This had a possible deadlock that was visible with rcutorture. qemu_event_set qemu_event_wait ---------------------------------------------------------------- cmpxchg reads FREE, writes BUSY futex_wait: pthread_mutex_lock futex_wait: value == BUSY xchg reads BUSY, writes SET futex_wake: pthread_cond_broadcast futex_wait: pthread_cond_wait <deadlock> The fix is simply to avoid condvar tricks and do the obvious locking around pthread_cond_broadcast: qemu_event_set qemu_event_wait ---------------------------------------------------------------- cmpxchg reads FREE, writes BUSY futex_wait: pthread_mutex_lock futex_wait: value == BUSY xchg reads BUSY, writes SET futex_wake: pthread_mutex_lock (blocks) futex_wait: pthread_cond_wait (mutex unlocked) futex_wake: pthread_cond_broadcast futex_wake: pthread_mutex_unlock futex_wait: pthread_mutex_unlock Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-01-13qemu-thread: add per-thread atexit functionsPaolo Bonzini
Destructors are the main additional feature of pthread TLS compared to __thread. If we were using C++ (hint, hint!) we could have used thread-local objects with a destructor. Since we are not, instead, we add a simple Notifier-based API. Note that the notifier must be per-thread as well. We can add a global list as well later, perhaps. The Win32 implementation has some complications because a) detached threads used not to have a QemuThreadData; b) the main thread does not go through win32_start_routine, so we have to use atexit too. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Fam Zheng <famz@redhat.com> Message-id: 1417518350-6167-3-git-send-email-pbonzini@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-12-12block: Don't add trailing space in "Formating..." messageFam Zheng
Change the message printing code to output a separator for each option string before it instead of after, then we don't one more extra ' ' in the end. To update qemu-iotests output files, most of the times one would just copy the *.out.bad to *.out. With this change we will not have the space disliked by checkpatch.pl. Signed-off-by: Fam Zheng <famz@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Message-id: 1418110684-19528-3-git-send-email-famz@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-12-10util: Use g_new() & friends where that makes obvious senseMarkus Armbruster
g_new(T, n) is neater than g_malloc(sizeof(T) * n). It's also safer, for two reasons. One, it catches multiplication overflowing size_t. Two, it returns T * rather than void *, which lets the compiler catch more type errors. This commit only touches allocations with size arguments of the form sizeof(T). Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-12-10util: Fuse g_malloc(); memset() into g_new0()Markus Armbruster
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-12-10util: Drop superfluous conditionals around g_free()Markus Armbruster
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-12-10Drop superfluous conditionals around g_strdup()Markus Armbruster
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Fam Zheng <famz@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-11-23memory: expose alignment used for allocating RAM as MemoryRegion APIIgor Mammedov
introduce memory_region_get_alignment() that returns underlying memory block alignment or 0 if it's not relevant/implemented for backend. Signed-off-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-11-17acl: fix memory leakGonglei
If 'i != index' for all acl->entries, variable entry leaks the storage it points to. Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-02util: Improve os_mem_prealloc error messageMichal Privoznik
Currently, when the preallocating guest memory process fails, a not so helpful error message is printed out: # virsh start migt10 error: Failed to start domain migt10 error: internal error: process exited while connecting to monitor: os_mem_prealloc: failed to preallocate pages From the error message it's not clear at the first glance where the problem lies. However, changing the error message might give users a clue. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-10-09Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell
Four changes here. Polling for reconnection of character devices, the QOMification of accelerators, a fix for -kernel support on x86, and one for a recently-introduced virtio-scsi optimization. # gpg: Signature made Thu 09 Oct 2014 14:36:50 BST using RSA key ID 4E6B09D7 # gpg: Good signature from "Paolo Bonzini <pbonzini@redhat.com>" # gpg: aka "Paolo Bonzini <bonzini@gnu.org>" * remotes/bonzini/tags/for-upstream: (28 commits) qemu-char: Fix reconnect socket error reporting qemu-sockets: Add error to non-blocking connect handler qemu-error: Add error_vreport() virtio-scsi: fix use-after-free of VirtIOSCSIReq linuxboot: compute initrd loading address kvm: Make KVMState be the TYPE_KVM_ACCEL instance struct accel: Create accel object when initializing machine accel: Pass MachineState object to accel init functions accel: Rename 'init' method to 'init_machine' accel: Move accel init/allowed code to separate function accel: Remove tcg_available() function accel: Move qtest accel registration to qtest.c accel: Move Xen registration code to xen-common.c accel: Move KVM accel registration to kvm-all.c accel: Report unknown accelerator as "not found" instead of "does not exist" accel: Make AccelClass.available() optional accel: Use QOM classes for accel types accel: Move accel name lookup to separate function accel: Simplify configure_accelerator() using AccelType *acc variable accel: Create AccelType typedef ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-10-09qemu-sockets: Add error to non-blocking connect handlerCorey Minyard
An error value here would be quite handy and more consistent with the rest of the code. Signed-off-by: Corey Minyard <cminyard@mvista.com> [Make sure SO_ERROR value is passed to error_setg_errno. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-10-09qemu-error: Add error_vreport()Corey Minyard
Needed to nicely print socket error reports. Signed-off-by: Corey Minyard <cminyard@mvista.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-10-03util: Emancipate id_wellformed() from QemuOptsMarkus Armbruster
IDs have long spread beyond QemuOpts: not everything with an ID necessarily goes through QemuOpts. Commit 9aebf3b is about such a case: block layer names are meant to be well-formed IDs, but some of them don't go through QemuOpts, and thus weren't checked. The commit fixed that the straightforward way: rename the internal QemuOpts helper id_wellformed() to qemu_opts_id_wellformed() and give it external linkage. Instead of using it directly in block.c, the commit adds wrapper bdrv_is_valid_name(), probably to hide the connection to QemuOpts. Go one logical step further: emancipate IDs from QemuOpts. Rename the function back to id_wellformed(), and put it in another file. While there, clean up its value to bool. Peel off the bdrv_is_valid_name() wrapper. [Replaced stray return 0 with return false to match bool returns used elsewhere in id_wellformed(). --Stefan] Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-09-29Merge remote-tracking branch 'remotes/qmp-unstable/queue/qmp' into stagingPeter Maydell
* remotes/qmp-unstable/queue/qmp: Add HMP command "info memory-devices" qemu-socket: Eliminate silly QERR_ macros qemu-socket: Polish errors for connect() and listen() failure qemu-iotests: Test missing "driver" key for blockdev-add tests: add QMP input visitor test for unions with no discriminator qapi: dealloc visitor, implement visit_start_union qapi: add visit_start_union and visit_end_union virtio-balloon: fix integer overflow in memory stats feature monitor: Reset HMP mon->rs in CHR_EVENT_OPEN Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-09-26qemu-socket: Eliminate silly QERR_ macrosMarkus Armbruster
The QERR_ macros are leftovers from the days of "rich" error objects. They're used with error_set() and qerror_report(), and expand into the first *two* arguments. This trickiness has become pointless. Clean up. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-09-25block: Validate node-nameKevin Wolf
The device_name of a BlockDriverState is currently checked because it is always used as a QemuOpts ID and qemu_opts_create() checks whether such IDs are wellformed. node-name is supposed to share the same namespace, but it isn't checked currently. This patch adds explicit checks both for device_name and node-name so that the same rules will still apply even if QemuOpts won't be used any more at some point. qemu-img used to use names with spaces in them, which isn't allowed any more. Replace them with underscores. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-09-16util/qemu-sockets.c: Support specifying IPv4 or IPv6 in socket_dgram()Peter Maydell
Currently you can specify whether you want a UDP chardev backend to be IPv4 or IPv6 using the ipv4 or ipv6 options if you use the QemuOpts parsing code in inet_dgram_opts(). However the QMP struct parsing code in socket_dgram() doesn't provide this flexibility (which in turn prevents us from converting the UDP backend handling to the new style QAPI framework). Use the existing inet_addr_to_opts() function to convert the remote->inet address to option strings; this handles ipv4 and ipv6 flags as well as host and port. (It will also convert any 'to' specification, which is harmless as it is ignored in this context.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1409653457-27863-3-git-send-email-peter.maydell@linaro.org
2014-09-09util: Don't link host-utils.o if it's emptyFam Zheng
Reported-by: Peter Maydell <peter.maydell@linaro.org> Tested-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Fam Zheng <famz@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-09-09util: Move general qemu_getauxval to util/getauxval.cFam Zheng
So that we won't have an empty getauxval.o which is disliked by ranlib. Reported-by: Peter Maydell <peter.maydell@linaro.org> Tested-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Fam Zheng <famz@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-08-24util/path: Use the GLib memory allocation routineszhanghailiang
In this file, we don't check the return value of malloc/strdup/realloc which may fail. Instead of using these routines, we use the GLib memory APIs g_malloc/g_strdup/g_realloc. They will exit on allocation failure, so there is no need to test for failure, which would be fine for setup. Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-08-15Merge remote-tracking branch 'remotes/mjt/tags/trivial-patches-2014-08-15' ↵Peter Maydell
into staging trivial patches for 2014-08-15 # gpg: Signature made Fri 15 Aug 2014 16:13:03 BST using RSA key ID A4C3D7DB # gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>" # gpg: aka "Michael Tokarev <mjt@corpit.ru>" # gpg: aka "Michael Tokarev <mjt@debian.org>" # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5 # Subkey fingerprint: 6F67 E18E 7C91 C5B1 5514 66A7 BEE5 9D74 A4C3 D7DB * remotes/mjt/tags/trivial-patches-2014-08-15: ivshmem: check the value returned by fstat() l2cap: fix access to freed memory intc: i8259: Convert Array allocation to g_new0 ppc: convert g_new(qemu_irq usages to g_new0 ssi: xilinx_spi: Initialise CS GPIOs as NULL vl: free err qemu-options.hx: fix typo about l2tpv3 vmxnet3: don't use 'Yoda conditions' vl: don't use 'Yoda conditions' spice: don't use 'Yoda conditions' don't use 'Yoda conditions' isa-bus: don't use 'Yoda conditions' audio: don't use 'Yoda conditions' usb: don't use 'Yoda conditions' CODING_STYLE: Section about conditional statement pci-host: update uncorresponding description pci-host: update obsolete reference about piix_pci.c qemu-options.hx: fix a typo of chardev memory: Update obsolete comment about AddrRange field type apic: Fix reported DFR content Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-08-15don't use 'Yoda conditions'Gonglei
imitate nearby code about using '!value' or 'value == NULL' Signed-off-by: Gonglei <arei.gonglei@huawei.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-08-15block: Introduce qemu_try_blockalign()Kevin Wolf
This function returns NULL instead of aborting when an allocation fails. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Benoit Canet <benoit@irqsave.net>
2014-07-18module: Don't complain when a module is absentAndreas Färber
The current implementation depends on a configure-time generated list of block modules. When any of them is absent, module_load() emits a warning. This is suboptimal because extracting code to modules was mainly done to allow separate packaging of modules with intrusive dependencies. Absence of optional packages then leads to absence of modules and an error message, which users may recognize as new and report as error. Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-07-18module: Simplify module_load()Andreas Färber
The file path is not used for error reporting, so we can free it directly after use. Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-07-14Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into stagingPeter Maydell
Block patches for 2.1.0-rc2 (v2) # gpg: Signature made Mon 14 Jul 2014 11:04:12 BST using RSA key ID C88F2FD6 # gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" * remotes/kevin/tags/for-upstream: (22 commits) ide: Treat read/write beyond end as invalid virtio-blk: Treat read/write beyond end as invalid virtio-blk: Bypass error action and I/O accounting on invalid r/w virtio-blk: Factor common checks out of virtio_blk_handle_read/write() dma-helpers: Fix too long qiov qtest: fix vhost-user-test compilation with old GLib tests: Fix unterminated string output visitor enum human string AioContext: do not rely on aio_poll(ctx, true) result to end a loop virtio-blk: embed VirtQueueElement in VirtIOBlockReq virtio-blk: avoid g_slice_new0() for VirtIOBlockReq and VirtQueueElement dataplane: do not free VirtQueueElement in vring_push() virtio-blk: avoid dataplane VirtIOBlockReq early free block: Assert qiov length matches request length qed: Make qiov match request size until backing file EOF qcow2: Make qiov match request size until backing file EOF block: Make qiov match the request size until EOF AioContext: speed up aio_notify test-aio: fix GSource-based timer test block: drop aio functions that operate on the main AioContext block: prefer aio_poll to qemu_aio_wait ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-07-14dma-helpers: Fix too long qiovKevin Wolf
If the size of the scatter/gather list isn't a multiple of 512, the number of sectors for the block layer request is rounded down, resulting in a qiov that doesn't match the request length. Truncate the qiov to the new length of the request. This fixes the IDE qtest case /x86_64/ide/bmdma/short_prdt. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2014-07-10oslib-posix: Fix new compiler error with -WclobberedStefan Weil
Newer versions of gcc report a warning (or an error with -Werror) when compiler option -Wclobbered (or -Wextra) is active: util/oslib-posix.c:372:12: error: variable ‘hpagesize’ might be clobbered by ‘longjmp’ or ‘vfork’ [-Werror=clobbered] The rewritten code fixes this warning: variable 'hpagesize' is now set and used in a block without any call of sigsetjmp or similar functions. Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-06-26qemu_opts_append: Play nicely with QemuOptsList's headMichal Privoznik
When running a libvirt test suite I've noticed the qemu-img is crashing occasionally. Tracing the problem down led me to the following valgrind output: qemu.git $ valgrind -q ./qemu-img create -f qed -obacking_file=/dev/null,backing_fmt=raw qed ==14881== Invalid write of size 8 ==14881== at 0x1D263F: qemu_opts_create (qemu-option.c:692) ==14881== by 0x130782: bdrv_img_create (block.c:5531) ==14881== by 0x118DE0: img_create (qemu-img.c:462) ==14881== by 0x11E7E4: main (qemu-img.c:2830) ==14881== Address 0x11fedd38 is 24 bytes inside a block of size 232 free'd ==14881== at 0x4C2CA5E: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==14881== by 0x592D35E: g_realloc (in /usr/lib64/libglib-2.0.so.0.3800.2) ==14881== by 0x1D38D8: qemu_opts_append (qemu-option.c:1129) ==14881== by 0x13075E: bdrv_img_create (block.c:5528) ==14881== by 0x118DE0: img_create (qemu-img.c:462) ==14881== by 0x11E7E4: main (qemu-img.c:2830) ==14881== Formatting 'qed', fmt=qed size=0 backing_file='/dev/null' backing_fmt='raw' cluster_size=65536 ==14881== Invalid write of size 8 ==14881== at 0x1D28BE: qemu_opts_del (qemu-option.c:750) ==14881== by 0x130BF3: bdrv_img_create (block.c:5638) ==14881== by 0x118DE0: img_create (qemu-img.c:462) ==14881== by 0x11E7E4: main (qemu-img.c:2830) ==14881== Address 0x11fedd38 is 24 bytes inside a block of size 232 free'd ==14881== at 0x4C2CA5E: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==14881== by 0x592D35E: g_realloc (in /usr/lib64/libglib-2.0.so.0.3800.2) ==14881== by 0x1D38D8: qemu_opts_append (qemu-option.c:1129) ==14881== by 0x13075E: bdrv_img_create (block.c:5528) ==14881== by 0x118DE0: img_create (qemu-img.c:462) ==14881== by 0x11E7E4: main (qemu-img.c:2830) ==14881== The problem is apparently in the qemu_opts_append(). Well, if it gets called twice or more. On the first call, when @dst is NULL some initialization is done during which @dst->head list gets initialized. The list is initialized in a way, so that the list tail points at the list head. However, the next time qemu_opts_append() is called for new options to be added, g_realloc() may move @dst to a new address making the old list tail point at an invalid address. If that's the case, we must update the list pointers. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-06-24Merge remote-tracking branch 'remotes/qmp-unstable/queue/qmp' into stagingPeter Maydell
* remotes/qmp-unstable/queue/qmp: (43 commits) monitor: protect event emission monitor: protect outbuf and mux_out with mutex qemu-char: make writes thread-safe qemu-char: move pty_chr_update_read_handler around qemu-char: do not call chr_write directly qemu-char: introduce qemu_chr_alloc qapi event: clean up qapi event: convert QUORUM events qapi event: convert GUEST_PANICKED qapi event: convert BALLOON_CHANGE qmp: convert ACPI_DEVICE_OST event qapi event: convert SPICE events qapi event: convert VNC events qapi event: convert NIC_RX_FILTER_CHANGED qapi event: convert other BLOCK_JOB events qapi event: convert BLOCK_IMAGE_CORRUPTED qapi event: convert BLOCK_IO_ERROR and BLOCK_JOB_ERROR qapi event: convert DEVICE_TRAY_MOVED qapi event: convert DEVICE_DELETED qapi event: convert WATCHDOG ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-06-23qapi event: convert SPICE eventsWenchao Xia
SPICE_INITIALIZED, SPICE_CONNECTED, SPICE_DISCONNECTED and SPICE_MIGRATE_COMPLETED are converted in one patch, since they use some common functions. inet_strfamily() is removed since no callers exist anymore. Note that there is no existing doc for SPICE_MIGRATE_COMPLETED in docs/qmp/qmp-events.txt before this patch. Signed-off-by: Wenchao Xia <wenchaoqemu@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-06-23qapi: adjust existing definesWenchao Xia
In order to let event defines use existing types later, instead of redefine new ones, some old type defines for spice and vnc are changed, and BlockErrorAction is moved from block.h to qapi schema. Note that BlockErrorAction is not merged with BlockdevOnError. At this point, VncInfo is not made a child of VncBasicInfo, because VncBasicInfo has mandatory fields where VncInfo makes them optional. Signed-off-by: Wenchao Xia <wenchaoqemu@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-06-23tcg-ppc: Merge cache-utils into the backendRichard Henderson
As a "utility", it only supported ppc, and in a way that other tcg backends provided directly in tcg-target.h. Removing this disparity is easier now that the two ppc backends are merged. Tested-by: Tom Musta <tommusta@gmail.com> Signed-off-by: Richard Henderson <rth@twiddle.net>
2014-06-23qemu/osdep: Remove the need for qemu_init_auxvalRichard Henderson
Instead of getting backup auxv data from the env pointer given to main, read it from /proc/self/auxv. We can do this at any time, so we're not tied to any ordering wrt a call to qemu_init_auxval from main. Tested-by: Tom Musta <tommusta@gmail.com> Signed-off-by: Richard Henderson <rth@twiddle.net>
2014-06-21QemuOpts: check NULL opts in qemu_opt_get functionsChunyan Liu
Some places will call bdrv_create_file(filename, NULL, &local_err), where opts is NULL. Check NULL in qemu_opt_get and qemu_opt_get_*_del functions, to avoid extra effort of checking opts before calling them every time. Signed-off-by: Chunyan Liu <cyliu@suse.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-06-20Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into stagingPeter Maydell
pc,pci,virtio,hotplug fixes, enhancements numa work by Hu Tao and others memory hotplug by Igor vhost-user by Nikolay, Antonios and others guest virtio announcements by Jason qtest fixes by Sergey qdev hotplug fixes by Paolo misc other fixes mostly by myself Signed-off-by: Michael S. Tsirkin <mst@redhat.com> * remotes/mst/tags/for_upstream: (109 commits) numa: use RAM_ADDR_FMT with ram_addr_t qapi/string-output-visitor: fix bugs tests: simplify code qapi: fix input visitor bugs acpi: rephrase comment qmp: add ACPI_DEVICE_OST event handling qmp: add query-acpi-ospm-status command acpi: implement ospm_status() method for PIIX4/ICH9_LPC devices acpi: introduce TYPE_ACPI_DEVICE_IF interface qmp: add query-memory-devices command numa: handle mmaped memory allocation failure correctly pc: acpi: do not hardcode preprocessor qmp: clean out whitespace qdev: recursively unrealize devices when unrealizing bus qdev: reorganize error reporting in bus_set_realized qapi: fix build on glib < 2.28 qapi: make string output visitor parse int list qapi: make string input visitor parse int list tests: fix memory leak in test of string input visitor hmp: add info memdev ... Conflicts: include/hw/i386/pc.h [PMM: fixed minor conflict in pc.h] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-06-19memory: move preallocation code out of exec.cPaolo Bonzini
So that backends can use it. Since we need the page size for efficiency, move code to compute it out of translate-all.c and into util/oslib-win32.c. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Hu Tao <hutao@cn.fujitsu.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-06-19Merge remote-tracking branch 'remotes/bonzini/scsi-next' into stagingPeter Maydell
* remotes/bonzini/scsi-next: virtio-scsi: define dummy handle_output for vhost-scsi vqs block/iscsi: drop obsolete pointers from iscsi_co_writev block/iscsi: fix init value for iTask->retries block/iscsi: bump libiscsi requirement to 1.9.0 virtio-scsi: add support for the any_layout feature virtio-scsi: introduce virtio_scsi_complete_cmd_req virtio-scsi: prepare sense data handling for any_layout virtio-scsi: add extra argument and return type to qemu_sgl_concat virtio-scsi: add target swap for VirtIOSCSICtrlTMFReq fields virtio-scsi: start preparing for any_layout util: add return value to qemu_iovec_concat_iov megasas: use PCI DMA API scsi: Print command name in debug scsi-disk: fix bug in scsi_block_new_request() introduced by commit 137745c scsi-disk.c: Fix compilation with -DDEBUG_SCSI block/iscsi: use 16 byte CDBs only when necessary block/iscsi: fix potential segfault on early callback block/iscsi: handle BUSY condition Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-06-19w32: Fix regression caused by new g_poll implementationStefan Weil
Commit 5a007547df76446ab891df93ebc55749716609bf tried to fix a performance degradation caused by bad handling of small timeouts in the original implementation of g_poll. Since that commit, hard disk I/O no longer works. Instead of rewriting the g_poll implementation, this patch simply copies the original code (released under LGPL) from latest glib and only modifies it where needed (see comments in the code). URL of the original code: https://git.gnome.org/browse/glib/tree/glib/gpoll.c Signed-off-by: Stefan Weil <sw@weilnetz.de> Message-id: 1401291744-14314-1-git-send-email-sw@weilnetz.de Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>