Matthew Daley [Thu, 10 Oct 2013 14:10:48 +0000 (14:10 +0000)]
xen_disk: mark ioreq as mapped before unmapping in error case
Commit 4472beae modified the semantics of ioreq_{un,}map so that they are
idempotent if called when they're not needed (ie., twice in a row). However,
it neglected to handle the case where batch mapping is not being used (the
default), and one of the grants fails to map. In this case, ioreq_unmap will
be called to unwind and unmap any mappings already performed, but ioreq_unmap
simply returns due to the aforementioned change (the ioreq has not already
been marked as mapped).
The frontend user can therefore force xen_disk to leak grant mappings, a
per-domain limited resource.
Fix by marking the ioreq as mapped before calling ioreq_unmap in this
situation.
Signed-off-by: Matthew Daley <mattjd@gmail.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
This is the backport of the following commit. The patch is not
sent public since it is a embargoed bug.
r->buf is hardcoded to 2056 which is (256 + 1) * 8, allowing 256 luns at
most. If more than 256 luns are specified by user, we have buffer
overflow in scsi_target_emulate_report_luns.
To fix, we allocate the buffer dynamically.
Signed-off-by: Asias He <asias@redhat.com> Signed-off-by: Asias He <asias@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
*s/&r->buf/r->buf/ due to type change
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Anthony PERARD [Mon, 9 Sep 2013 16:15:53 +0000 (16:15 +0000)]
pc_q35: Initialize Xen.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Acked-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 254c12825f93f405658ca3366cd34f8a8ad23511)
Anthony PERARD [Mon, 9 Sep 2013 16:15:52 +0000 (16:15 +0000)]
pc: Initializing ram_memory under Xen.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> CC: qemu-stable@nongnu.org
(cherry picked from commit 04d7bad8a4fb23e6d9af9d06ce3ddc28a251d94d)
This patch is qemu patch 2 to fix Xen HVM S3 bug, adding qemu
xen logic. When qemu wakeup, qemu xen logic is notified and
hypercall to xen hypervisor to unpause domain.
Signed-off-by: Liu Jinsong <jinsong.liu@intel.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Reviewed-by: Anthony PERARD <anthony.perard@citrix.com>
(cherry picked from commit 11addd0ab9371af2b6ec028c7fe4e4c4992252fc)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Currently Xen hvm s3 has a bug coming from the difference between
qemu-traditioanl and qemu-xen. For qemu-traditional, the way to
resume from hvm s3 is via 'xl trigger' command. However, for
qemu-xen, the way to resume from hvm s3 inherited from standard
qemu, i.e. via QMP, and it doesn't work under Xen.
The root cause is, for qemu-xen, 'xl trigger' command didn't reset
devices, while QMP didn't unpause hvm domain though they did qemu
system reset.
We have two qemu patches and one xl patch to fix Xen hvm s3 bug.
This patch is the qemu patch 1. It adjusts qemu wakeup so that
Xen s3 resume logic (which will be implemented at qemu patch 2)
will be notified after qemu system reset.
Signed-off-by: Liu Jinsong <jinsong.liu@intel.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Anthony PERARD <anthony.perard@citrix.com>
(cherry picked from commit 4bc78a877252d772b983810a7d2c0be00e9be70e)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
In addition, at least all files created with the "guest-file-open" QMP
command, and all files created with shell output redirection (or
otherwise) by utilities invoked by the fsfreeze hook script are affected.
For now mask all file mode bits for "group" and "others" in
become_daemon().
Temporarily, for compatibility reasons, stick with the 0666 file-mode in
case of files newly created by the "guest-file-open" QMP call. Do so
without changing the umask temporarily.
Currently the qemu-nbd program will auto-detect the format of
any disk it is given. This behaviour is known to be insecure.
For example, if qemu-nbd initially exposes a 'raw' file to an
unprivileged app, and that app runs
then the next time the app is started, the qemu-nbd will now
detect it as a 'qcow2' file and expose /etc/shadow to the
unprivileged app.
The only way to avoid this is to explicitly tell qemu-nbd what
disk format to use on the command line, completely disabling
auto-detection. This patch adds a '-f' / '--format' arg for
this purpose, mirroring what is already available via qemu-img
and qemu commands.
qemu-nbd --format raw -p 9000 evil.img
will now always use raw, regardless of what format 'evil.img'
looks like it contains
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
[Use errx, not err. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
The 'gthread' coroutine backend was written before the freelist (aka
pool) existed in qemu-coroutine.c.
This means that every thread is expected to exit when its coroutine
terminates. It is not possible to reuse threads from a pool.
This patch automatically disables the pool when 'gthread' is used. This
allows the 'gthread' backend to work again (for example,
tests/test-coroutine completes successfully instead of hanging).
I considered implementing thread reuse but I don't want quirks like CPU
affinity differences due to coroutine threads being recycled. The
'gthread' backend is a reference backend and it's therefore okay to skip
the pool optimization.
Note this patch also makes it easy to toggle the pool for benchmarking
purposes:
Reported-by: Gabriel Kerneis <gabriel@kerneis.info> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Gabriel Kerneis <gabriel@kerneis.info> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 70c60c089fdc6bf8a79324e492c13e8c08d55942)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
We use the extent size as cluster size for flat extents (where no L1/L2
table is allocated so it's safe) reuse sector calculating code with
sparse extents.
Don't pass in the cluster size for adding flat extent, just set it to
sectors later, then the cluster size checking will not fail.
The cluster_sectors is changed to int64_t to allow big flat extent.
Stefan Hajnoczi [Wed, 25 Sep 2013 14:00:48 +0000 (16:00 +0200)]
rbd: avoid qemu_rbd_snap_list() memory leaks
When there are no snapshots qemu_rbd_snap_list() returns 0 and the
snapshot table pointer is NULL. Don't forget to free the snaps buffer
we allocated for librbd rbd_snap_list().
When the function succeeds don't forget to free the snaps buffer after
calling rbd_snap_list_end().
Cc: qemu-stable@nongnu.org Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 9e6337d0818650362149b734d53edf9489f3acaa)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Brad Smith [Sun, 4 Aug 2013 02:20:41 +0000 (22:20 -0400)]
tap: Use numbered tap/tun devices on all *BSD OS's
The following patch simplifies the *BSD tap/tun code and makes use of numbered
tap/tun interfaces on all *BSD OS's. NetBSD has a patch in their pkgsrc tree
to make use of this feature and DragonFly also supports this as well.
Signed-off-by: Brad Smith <brad@comstyle.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit aa4f082f7526d39dac8e2ca64d192d858014ee10)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Paolo Bonzini [Fri, 20 Sep 2013 15:31:55 +0000 (17:31 +0200)]
virtio-blk: do not relay a previous driver's WCE configuration to the current
The following sequence happens:
- the SeaBIOS virtio-blk driver does not support the WCE feature, which
causes QEMU to disable writeback caching
- the Linux virtio-blk driver resets the device, finds WCE is available
but writeback caching is disabled; tells block layer to not send cache
flush commands
- the Linux virtio-blk driver sets the DRIVER_OK bit, which causes
writeback caching to be re-enabled, but the Linux virtio-blk driver does
not know of this side effect and cache flushes remain disabled
The bug is at the third step. If the guest does know about CONFIG_WCE,
QEMU should ignore the WCE feature's state. The guest will control the
cache mode solely using configuration space. This change makes Linux
do flushes correctly, but Linux will keep SeaBIOS's writethrough mode.
Hence, whenever the guest is reset, the cache mode of the disk should
be reset to whatever was specified in the "-drive" option. With this
change, the Linux virtio-blk driver finds that writeback caching is
enabled, and tells the block layer to send cache flush commands
appropriately.
Reported-by: Rusty Russell <rusty@au1.ibm.com Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit ef5bc96268ceec64769617dc53b0ac3a20ff351c)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Paolo Bonzini [Thu, 19 Sep 2013 16:48:53 +0000 (18:48 +0200)]
blockdev: do not default cache.no-flush to true
That's why all my VMs were so fast lately. :)
This changed in 1.6.0 by mistake in patch 29c4e2b (blockdev: Split up
'cache' option, 2013-07-18).
Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 1df6fa4bc6754a170cf511a78e2e6fef84eb5228)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Stefan Weil [Thu, 12 Sep 2013 18:17:50 +0000 (20:17 +0200)]
tci: Fix qemu-alpha on 32 bit hosts (wrong assertions)
Debian busybox-static for alpha has a load address of 0x0000000120000000
which is mapped to 0x0000000020000000 for 32 bit hosts.
qemu-alpha uses the TCG opcodes qemu_ld32, qemu_ld64, qemu_st32 and
qemu_st64 which all raise the assertion (taddr == host_addr).
Remove all assertions of this type because they are either wrong or
unnecessary (when sizeof(tcg_target_ulong) >= sizeof(target_ulong)).
Cc: qemu-stable <qemu-stable@nongnu.org> Signed-off-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit 07ac4dc5db22a31e47b149abdbc5ea99013cf4de)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Jan Kiszka [Tue, 3 Sep 2013 16:08:52 +0000 (18:08 +0200)]
kvmvapic: Clear also physical ROM address when entering INACTIVE state
To avoid misinterpreting INACTIVE after migration as old qemu-kvm's
STANDBY, also clear rom_state_paddr when going back to this state.
CC: qemu-stable@nongnu.org Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 4357930b8a7d2fcff2d8121ec518117428a781e7)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Jan Kiszka [Tue, 3 Sep 2013 16:08:51 +0000 (18:08 +0200)]
kvmvapic: Enter inactive state on hardware reset
ROM layout may change after reset of devices are hotplugged, so we have
to pick up the physical address again when the ROM is initialized. This
is best achieved by resetting the state to INACTIVE.
CC: qemu-stable@nongnu.org Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit c056bc3f3464cfae1c94b7dd633d3ec13b13b655)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Jan Kiszka [Tue, 3 Sep 2013 16:08:50 +0000 (18:08 +0200)]
kvmvapic: Catch invalid ROM size
If not caught early, a zero-length ROM will cause a NULL-pointer access
later on in patch_hypercalls when allocating a zero-length ROM copy and
trying to read from it.
CC: qemu-stable@nongnu.org Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 18e5eec4db96a00907eb588a2b803401637c7f67)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Gerd Hoffmann [Thu, 22 Aug 2013 09:43:58 +0000 (11:43 +0200)]
chardev: fix pty_chr_timer
pty_chr_timer first calls pty_chr_update_read_handler(), then clears
timer_tag (because it is a one-shot timer). This is the wrong order
though. pty_chr_update_read_handler might re-arm time timer, and the
new timer_tag gets overwitten in that case.
This leads to crashes when unplugging a pty chardev: pty_chr_close
thinks no timer is running -> timer isn't canceled -> pty_chr_timer gets
called with stale CharDevState -> BOOM.
This patch fixes the ordering.
Kill the pointless goto while being at it.
Aurelien Jarno [Wed, 28 Aug 2013 12:17:39 +0000 (14:17 +0200)]
pcnet-pci: mark I/O and MMIO as LITTLE_ENDIAN
Now that the memory subsystem is propagating the endianness correctly,
the pcnet-pci device should have its I/O ports and MMIO memory marked
as LITTLE_ENDIAN, as PCI devices are little endian.
This makes the pcnet-pci NIC to work again on big endian MIPS Malta
(default NIC).
Cc: qemu-stable@nongnu.org Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit a26405b350c0d31d5ef53f3b459aeb6eaaf50db0)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Cole Robinson [Sat, 31 Aug 2013 22:36:17 +0000 (18:36 -0400)]
qapi-types.py: Fix enum struct sizes on i686
Unlike other list types, enum wasn't adding any padding, which caused
a mismatch between the generated struct size and GenericList struct
size. More details in a678e26cbe89f7a27cbce794c2c2784571ee9d21
This crashed qemu if calling qmp query-tpm-types for example, which
upsets libvirt capabilities probing. Reproducer on i686:
Anthony PERARD [Mon, 9 Sep 2013 16:15:53 +0000 (16:15 +0000)]
pc_q35: Initialize Xen.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Acked-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 254c12825f93f405658ca3366cd34f8a8ad23511)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Anthony PERARD [Mon, 9 Sep 2013 16:15:52 +0000 (16:15 +0000)]
pc: Initializing ram_memory under Xen.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> CC: qemu-stable@nongnu.org
(cherry picked from commit 04d7bad8a4fb23e6d9af9d06ce3ddc28a251d94d)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
The local spice renderer assumes the primary surface is located at the
start of the "ram" bar. This used to be a requirement in qxl hardware
revision 1. In revision 2+ this is relaxed. Nevertheless guest drivers
continued to use the traditional location, for historical and backward
compatibility reasons. The qxl kms driver doesn't though as it depends
on qxl revision 4+ anyway.
Result is that local rendering is hosed for recent linux guests, you'll
get pixel garbage with non-spice ui (gtk, sdl, vnc) and when doing
screendumps. Fix that by doing a proper mapping of the guest-specified
memory location.
Now that the memory subsystem is propagating the endianness correctly,
the ne2000 device should have its I/O ports marked as LITTLE_ENDIAN, as
PCI devices are little endian.
This makes the ne2000 NIC to work again on PowerPC.
Cc: qemu-stable@nongnu.org Cc: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 45d883dcf208160e2db308d1b368beb74f37dc7e)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Hu Tao [Thu, 29 Aug 2013 10:21:16 +0000 (18:21 +0800)]
exec: check offset_within_address_space for register subpage
If offset_within_address_space falls in a page, then we register a
subpage. So check offset_within_address_space rather than
offset_within_region.
Cc: qemu-stable@nongnu.org Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Richard Henderson <rth@twiddle.net> Cc: "Andreas Färber" <afaerber@suse.de> Cc: Peter Maydell <peter.maydell@linaro.org> Cc: Blue Swirl <blauwirbel@gmail.com> Signed-off-by: Hu Tao <hutao@cn.fujitsu.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 88266249701032211c1d7449460d063fbc01bf12)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
The commit was wrong: We only return -1 on invalid accesses, not on
valid but unbacked ones. This broke various corner cases.
Cc: qemu-stable@nongnu.org Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 68a7439a150d6b4da99082ab454b9328b151bc25)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Jan Kiszka [Mon, 2 Sep 2013 16:43:30 +0000 (18:43 +0200)]
memory: Provide separate handling of unassigned io ports accesses
Accesses to unassigned io ports shall return -1 on read and be ignored
on write. Ensure these properties via dedicated ops, decoupling us from
the memory core's handling of unassigned accesses.
Cc: qemu-stable@nongnu.org Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 3bb28b7208b349e7a1b326e3c6ef9efac1d462bf)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Those devices use hdev_open which did not use the latest API for options.
This resulted in a fatal runtime error:
Block protocol 'host_device' doesn't support the option 'filename'
Duplicate code from raw_open to fix this.
Cc: qemu-stable@nongnu.org Reported-by: David Brenner <david.brenner3@gmail.com> Signed-off-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 68dc036488dfea170627a55e6ee3dfd7f2c2063e)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Gerd Hoffmann [Tue, 27 Aug 2013 13:25:24 +0000 (15:25 +0200)]
usb: parallelize usb3 streams
usb3 bulk endpoints with streams are implicitly pipelined now,
so the requests will actually be processed in parallel. Also
allow them to complete out-of-order.
Andrea Arcangeli [Thu, 25 Jul 2013 10:11:15 +0000 (12:11 +0200)]
exec: always use MADV_DONTFORK
MADV_DONTFORK prevents fork to fail with -ENOMEM if the default
overcommit heuristics decides there's too much anonymous virtual
memory allocated. If the KVM secondary MMU is synchronized with MMU
notifiers or not, doesn't make a difference in that regard.
Secondly it's always more efficient to avoid copying the guest
physical address space in the fork child (so we avoid to mark all the
guest memory readonly in the parent and so we skip the establishment
and teardown of lots of pagetables in the child).
In the common case we can ignore the error if MADV_DONTFORK is not
available. Leave a second invocation that errors out in the KVM path
if MMU notifiers are missing and KVM is enabled, to abort in such
case.
Signed-off-by: Andrea Arcangeli <aarcange@redhat.com> Tested-By: Benoit Canet <benoit@irqsave.net> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Gleb Natapov <gleb@redhat.com>
(cherry picked from commit 3e469dbfe413c25d48321c3a19ddfae0727dc6e5)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
commit 62c96360ae7f2c7a8b029277fbb7cb082fdef7fd
virtio-pci: fix level interrupts
only helps systems without irqfd: on systems with irqfd support we
passed in flag requesting irqfd even when msix is disabled.
As a result, for level interrupts we didn't install an fd handler so
unmasking an fd had no effect.
Paolo Bonzini [Mon, 29 Jul 2013 12:27:39 +0000 (14:27 +0200)]
exec: fix writing to MMIO area with non-power-of-two length
The problem is introduced by commit 2332616 (exec: Support 64-bit
operations in address_space_rw, 2013-07-08). Before that commit,
memory_access_size would only return 1/2/4.
Since alignment is already handled above, reduce l to the largest
power of two that is smaller than l.
Cc: qemu-stable@nongnu.org Reported-by: Oleksii Shevchuk <alxchk@gmail.com> Tested-by: Oleksii Shevchuk <alxchk@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 098178f2749a63fbbb1a626dcc7d939d5cb2bde7)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Paolo Bonzini [Fri, 30 Aug 2013 09:58:45 +0000 (11:58 +0200)]
target-i386: fix disassembly with PAE=1, PG=0
CR4.PAE=1 will not enable paging if CR0.PG=0, but the "if" chain
in x86_cpu_get_phys_page_debug says otherwise. Check CR0.PG
before everything else.
Fixes "-d in_asm" for a code section at the beginning of OVMF.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Richard Henderson <rth@twiddle.net> Reviewed-by: Max Filippov <jcmvbkbc@gmail.com>
(cherry picked from commit f2f8560c7a5303065a2a3207ec475dfb3a622a0e)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Paolo Bonzini [Wed, 4 Sep 2013 17:00:25 +0000 (19:00 +0200)]
block: expect errors from bdrv_co_is_allocated
Some bdrv_is_allocated callers do not expect errors, but the fallback
in qcow2.c might make other callers trip on assertion failures or
infinite loops.
Fix the callers to always look for errors.
Cc: qemu-stable@nongnu.org Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit d663640c04f2aab810915c556390211d75457704)
Conflicts:
block/cow.c
*modified to avoid dependency on upstream's e641c1e8
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
This isn't in line with the usb specification and adds regressions,
win7 fails to drive the usb hub for example.
Was added because it "solved" the issue of hubs interacting badly
with the xhci host controller. Now with the root cause being fixed
in xhci (commit <FIXME>) we can revert this one.
yinyin [Thu, 22 Aug 2013 06:47:16 +0000 (14:47 +0800)]
virtio: virtqueue_get_avail_bytes: fix desc_pa when loop over the indirect descriptor table
virtqueue_get_avail_bytes: when found a indirect desc, we need loop over it.
/* loop over the indirect descriptor table */
indirect = 1;
max = vring_desc_len(desc_pa, i) / sizeof(VRingDesc);
num_bufs = i = 0;
desc_pa = vring_desc_addr(desc_pa, i);
But, It init i to 0, then use i to update desc_pa. so we will always get:
desc_pa = vring_desc_addr(desc_pa, 0);
the last two line should swap.
Cc: qemu-stable@nongnu.org Signed-off-by: Yin Yin <yin.yin@cs2c.com.cn> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 1ae2757c6c4525c9b42f408c86818f843bad7418)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Anton Blanchard [Tue, 13 Aug 2013 04:10:04 +0000 (14:10 +1000)]
pseries: Fix stalls on hypervisor virtual console
A number of users are reporting stalls when using the pseries
hypervisor virtual console.
A simple test case is to paste 15 or 17 characters at a time
into the console. Pasting 15 characters at a time works fine
but pasting 17 characters hangs for a random amount of time.
Other activity (network, qemu monitor etc) unblocks it.
If qemu-char tries to send more than 16 characters at once,
vty_can_receive returns false. At this point we have to
wait for the guest to consume that output. Everything is good
so far.
The problem occurs when the the guest does consume the output.
We need to signal back to the qemu-char layer that we are
ready for more input. Without this we block until something
else kicks us (eg network activity).
Signed-off-by: Anton Blanchard <anton@samba.org> Signed-off-by: Alexander Graf <agraf@suse.de>
(cherry picked from commit 7770b6f78a2d655e03852a5de238f5926c92be6a)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
commit 398489018183d613306ab022653552247d93919f
pc: limit 64 bit hole to 2G by default
introduced a way for management to control
the window allocated to the 64 bit PCI hole.
This is useful, but existing management tools do not know how to set
this property. As a result, e.g. specifying a large ivshmem device with
size > 4G is broken by default. For example this configuration no
longer works:
Fix this by detecting that hole size was not specified
and defaulting to the backwards-compatible value of 1 << 62.
Cc: qemu-stable@nongnu.org Cc: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 1466cef32dd5e7ef3c6477e96d85d92302ad02e3)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
scsi: Fix scsi_bus_legacy_add_drive() scsi-generic with serial
scsi_bus_legacy_add_drive() creates either a scsi-disk or a
scsi-generic device. It sets property "serial" to argument serial
unless null. Crashes with scsi-generic, because it doesn't have such
the property.
Only usb_msd_initfn_storage() passes non-null serial. Reproducer:
Fix by handling exactly like "removable": set the property only when
it exists.
Cc: qemu-stable@nongnu.org Reviewed-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit c24e7517ee4a98e90eee5f0f07708a1fa12326b3)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Peter Maydell [Tue, 20 Aug 2013 14:50:15 +0000 (15:50 +0100)]
scripts/qapi.py: Avoid syntax not supported by Python 2.4
The Python "except Foo as x" syntax was only introduced in
Python 2.6, but we aim to support Python 2.4 and later.
Use the old-style "except Foo, x" syntax instead, thus
fixing configure/compile on systems with older Python.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
(cherry picked from commit 21e0043bada1a24ae2ba6cd0051e104c0cbf9634)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Michael R. Hines [Mon, 19 Aug 2013 02:27:08 +0000 (22:27 -0400)]
rdma: silly ipv6 bugfix
My bad - but it's very important for us to warn the user that
IPv6 is broken on RoCE in linux right now, until linux releases
a fixed version.
Signed-off-by: Michael R. Hines <mrhines@us.ibm.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit c89aa2f1851b08c3efa8a1070c0a6b9a36e1227f)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Aurelien Jarno [Thu, 15 Aug 2013 11:32:38 +0000 (13:32 +0200)]
target-ppc: fix bit extraction for FPBF and FPL
Bit extraction for the FP BF and L field of the MTFSFI and MTFSF
instructions is wrong and doesn't match the reference manual (which
explain the bit number in big endian format). It has been broken in
commit 7d08d85645def18eac2a9d672c1868a35e0bcf79.
This patch fixes this, which in turn fixes the problem reported by
Khem Raj about the floor() function of libm.
Reported-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> CC: qemu-stable@nongnu.org (1.6) Signed-off-by: Alexander Graf <agraf@suse.de>
(cherry picked from commit 779f659021d1754117bce1aab9370dc22f37ae07)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Commit a0e372f0c49ac01faeaeb73a6e8f50e8ac615f34 reorganized the register
counting for GDB. While it seems correct not to let the total number of
registers skyrocket in an SMP scenario through a static variable, the
distinction between total register count and 'g' packet register count
(last_reg vs. num_g_regs) got lost among the way.
Fix this by introducing CPUState::gdb_num_g_regs and using that in
gdb_handle_packet().
Reported-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> Cc: qemu-stable@nongnu.org (stable-1.6) Tested-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> Tested-by: Max Filippov <jcmvbkbc@gmail.com> Tested-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Andreas Färber <afaerber@suse.de>
(cherry picked from commit 35143f0164e6933a85c7c2b8a89a040d881a9151)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Stefan Hajnoczi [Thu, 27 Jun 2013 13:32:26 +0000 (15:32 +0200)]
block: ensure bdrv_drain_all() works during bdrv_delete()
In bdrv_delete() make sure to call bdrv_make_anon() *after* bdrv_close()
so that the device is still seen by bdrv_drain_all() when iterating
bdrv_states.
Aurelien Jarno [Mon, 12 Aug 2013 19:34:53 +0000 (21:34 +0200)]
mips_malta: do not raise exceptions when accessing invalid memory
Since commit c658b94f6e8c206c59d02aa6fbac285b86b53d2c, MIPS raises
exceptions when accessing invalid memory. This is not the correct
behaviour for MIPS Malta Core LV, as the GT-64120A system controller
just ignore undecoded access. This feature is used by the Linux kernel
to probe for some devices.
Emulate the correct behaviour in QEMU by adding an empty slot covering
the entire memory space decoded by the GT-64120A.
Tested-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
James Hogan [Thu, 8 Aug 2013 11:09:38 +0000 (12:09 +0100)]
qemu-char: fix infinite recursion connecting to monitor pty
Since commit bd5c51e (qemu-char: don't issue CHR_EVENT_OPEN in a BH), an
infinite recursion occurs when putting the monitor on a pty (-monitor
pty) and connecting a terminal to the slave port.
This is because of the qemu_chr_be_event(s, CHR_EVENT_OPENED) added to
qemu_chr_be_generic_open(). This event is captured by monitor_event()
which prints a welcome message to the character device. The flush of
that welcome message retriggers another open event in pty_chr_state()
because it checks s->connected, but only sets it to 1 after calling
qemu_chr_be_generic_open().
I've fixed this by setting s->connected = 1 before the call to
qemu_chr_be_generic_open() instead of after, so that the recursive
pty_chr_state() doesn't call it again.
An example snippet of repeating backtrace:
...
#107486 0x007aec58 in monitor_flush (mon=0xf418b0) at qemu/monitor.c:288
#107487 0x007aee7c in monitor_puts (mon=0xf418b0, str=0x1176d07 "") at qemu/monitor.c:322
#107488 0x007aef20 in monitor_vprintf (mon=0xf418b0, fmt=0x8d4820 "QEMU %s monitor - type 'help' for more information\n",
ap=0x7f432be0) at qemu/monitor.c:339
#107489 0x007aefac in monitor_printf (mon=0xf418b0, fmt=0x8d4820 "QEMU %s monitor - type 'help' for more information\n")
at qemu/monitor.c:347
#107490 0x007ba4bc in monitor_event (opaque=0xf418b0, event=2) at qemu/monitor.c:4699
#107491 0x00684c28 in qemu_chr_be_event (s=0xf37788, event=2) at qemu/qemu-char.c:108
#107492 0x00684c70 in qemu_chr_be_generic_open (s=0xf37788) at qemu/qemu-char.c:113
#107493 0x006880a4 in pty_chr_state (chr=0xf37788, connected=1) at qemu/qemu-char.c:1145
#107494 0x00687fa4 in pty_chr_update_read_handler (chr=0xf37788) at qemu/qemu-char.c:1121
#107495 0x00687c9c in pty_chr_write (chr=0xf37788, buf=0x70b3c008 <Address 0x70b3c008 out of bounds>, len=538720)
at qemu/qemu-char.c:1063
#107496 0x00684cc4 in qemu_chr_fe_write (s=0xf37788, buf=0x70b3c008 <Address 0x70b3c008 out of bounds>, len=538720)
at qemu/qemu-char.c:118
...
Signed-off-by: James Hogan <james.hogan@imgtec.com> Tested-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Message-id: 1375960178-10882-1-git-send-email-james.hogan@imgtec.com Cc: Michael Roth <mdroth@linux.vnet.ibm.com> Cc: Anthony Liguori <aliguori@us.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Anthony Liguori [Tue, 13 Aug 2013 14:02:52 +0000 (09:02 -0500)]
pvpanic: fix bad merge
Context matching caused the 'has_pvpanic = true' to be applied to
the 1.6 machine type instead of the 1.5 machine type.
Reported-by: Markus Armbruster <armbru@redhat.com> Reported-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Marcel Apfelbaum [Sun, 11 Aug 2013 15:10:43 +0000 (18:10 +0300)]
hw/misc: make pvpanic known to user
This patch is based on Hu Tao's:
http://lists.nongnu.org/archive/html/qemu-devel/2013-08/msg00125.html
The pvpanic device may be enabled now with "-device pvpanic"
from command line.
Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com> Reviewed-by: Hu Tao <hutao@cn.fujitsu.com>
Message-id: 1376233843-19410-3-git-send-email-marcel.a@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Marcel Apfelbaum [Sun, 11 Aug 2013 15:10:42 +0000 (18:10 +0300)]
hw/misc: don't create pvpanic device by default
This patch is based on Hu Tao's:
http://lists.nongnu.org/archive/html/qemu-devel/2013-08/msg00124.html
No need to hard-code pvpanic as part of the machine.
It can be added with "-device pvpanic" from command line (The next patch).
Anyway, for backport compatibility it is still part of 1.5
machine.
Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com> Reviewed-by: Hu Tao <hutao@cn.fujitsu.com>
Message-id: 1376233843-19410-2-git-send-email-marcel.a@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Eduardo Habkost [Fri, 9 Aug 2013 14:11:36 +0000 (11:11 -0300)]
pc: Remove PCLMULQDQ from Westmere on pc-*-1.4 and older
Commit 41cb383f42d0cb51d8e3e25e3ecebc954dd4196f made a guest-visible
change by adding the PCLMULQDQ bit to Westmere without adding
compatibility code to keep the ABI for older machine-types.
Fix it by adding the missing compat code.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
Was missing 'setup-time' in some of the QMP documentation...
Signed-off-by: Michael R. Hines <mrhines@us.ibm.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1376078746-24948-7-git-send-email-mrhines@linux.vnet.ibm.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
If the user is listening on '[::]', then we will not have a opened a device
yet and have no way of verifying if the device is RoCE or not.
In this case, the source VM will throw an error for ALL types of
connections (both IPv4 and IPv6) if the destination machine does not have
a regular infiniband network available for use.
The only way to gaurantee that an error is thrown for broken kernels is
for the management software to choose a *specific* interface at bind time
and validate what time of hardware it is.
Unfortunately, this puts the user in a fix:
If the source VM connects with an IPv4 address without knowing that the
destination has bound to '[::]' the migration will unconditionally fail
unless the management software is not explicitly listening on the the IPv4
address while using a RoCE-based device.
If the source VM connects with an IPv6 address, then we're OK because we can
throw an error on the source (and similarly on the destination).
But in mixed environments, this will be broken for a while until it is fixed
inside linux.
We do provide a *tiny* bit of help in mixed environments, though in this patch:
We can list all of the devices in the system and check to see if all the
devices are RoCE or Infiniband.
If we detect that we have a *pure* RoCE environment, then we can safely
thrown an error even if the management sofware has specified '[::]' as the
bind address.
However, if there is are multiple hetergeneous devices, then we cannot make
this assumption and the user just has to be sure they know what they are doing.
Signed-off-by: Michael R. Hines <mrhines@us.ibm.com>
Message-id: 1376078746-24948-6-git-send-email-mrhines@linux.vnet.ibm.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
getaddrinfo() already knows what it's doing,
but it can potentially return multiple addresses.
We need to handle that...
Reviewed-by: Orit Wasserman <owasserm@redhat.com> Signed-off-by: Michael R. Hines <mrhines@us.ibm.com>
Message-id: 1376078746-24948-5-git-send-email-mrhines@linux.vnet.ibm.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Isaku Yamahata [Fri, 9 Aug 2013 20:05:42 +0000 (16:05 -0400)]
rdma: check if RDMAControlHeader::len match transferred byte
RDMAControlHeader::len is provided from remote, so check if the value
match the actual transferred byte_len.
Reviewed-by: Orit Wasserman <owasserm@redhat.com> Reviewed-by: Michael R. Hines <mrhines@us.ibm.com> Signed-off-by: Isaku Yamahata <yamahata@private.email.ne.jp> Signed-off-by: Michael R. Hines <mrhines@us.ibm.com>
Message-id: 1376078746-24948-4-git-send-email-mrhines@linux.vnet.ibm.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Isaku Yamahata [Fri, 9 Aug 2013 20:05:41 +0000 (16:05 -0400)]
rdma: validate RDMAControlHeader::len
RMDAControlHeader::len is provided from remote, so validate it.
Reviewed-by: Orit Wasserman <owasserm@redhat.com> Reviewed-by: Michael R. Hines <mrhines@us.ibm.com> Signed-off-by: Isaku Yamahata <yamahata@private.email.ne.jp> Signed-off-by: Michael R. Hines <mrhines@us.ibm.com>
Message-id: 1376078746-24948-3-git-send-email-mrhines@linux.vnet.ibm.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Isaku Yamahata [Fri, 9 Aug 2013 20:05:40 +0000 (16:05 -0400)]
rdma: use resp.len after validation in qemu_rdma_registration_stop
resp.len is given from remote host. So should be validated before use.
Otherwise memcpy can access beyond the buffer.
Cc: Michael R. Hines <mrhines@us.ibm.com> Reviewed-by: Orit Wasserman <owasserm@redhat.com> Reviewed-by: Michael R. Hines <mrhines@us.ibm.com> Signed-off-by: Isaku Yamahata <yamahata@private.email.ne.jp> Signed-off-by: Michael R. Hines <mrhines@us.ibm.com>
Message-id: 1376078746-24948-2-git-send-email-mrhines@linux.vnet.ibm.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Paolo Bonzini [Fri, 9 Aug 2013 17:35:02 +0000 (12:35 -0500)]
pc_sysfw: do not make it a device anymore
Move the code to hw/i386, the sole remaining property is available
as !pci_enabled.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1376069702-22330-4-git-send-email-aliguori@us.ibm.com
Rebased.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Paolo Bonzini [Fri, 9 Aug 2013 17:35:01 +0000 (12:35 -0500)]
pc_sysfw: remove the rom_only property
With the new semantics of pc_sysfw (no -pflash implies "old-style" ROM setup,
-pflash implies "new-style" ROM setup), there is no need anymore for a compat
property. Old machines simply will never use -pflash, and thus will always
use old-style setup.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1376069702-22330-3-git-send-email-aliguori@us.ibm.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This cleans up after 9e1c2ec (which accidentally left variable
pc_sysfw_flash_vs_rom_bug_compatible behind, value always zero), and
buries dead code from commit dafb82e (which resurrected the pc_sysfw
code for pc_sysfw_flash_vs_rom_bug_compatible by mistake).
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1376069702-22330-2-git-send-email-aliguori@us.ibm.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Stefan Weil [Thu, 8 Aug 2013 18:18:07 +0000 (20:18 +0200)]
w32: Add missing version.o to all executables (fix regression)
QEMU executables for w32, w64 had included meta information built from
version.rc. These rules were changed several times some months ago.
The latest version added version.o to the tools, but not to the system
emulations.
This patch adds the meta information to all system emulations again.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Message-id: 1375985887-3984-1-git-send-email-sw@weilnetz.de Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
qemu-option: Guard against qemu_opts_set_defaults() misuse
Commit 6d4cd40 fixed qemu_opts_set_defaults() for an existing corner
case, but broke it for another one that can't be reached in current
code.
Quote from its commit message:
I believe [opts_parse()] attempts to do the following:
If options don't yet exist, create new options
Else, if defaults, modify the existing options
Else, if list->merge_lists, modify the existing options
Else, fail
The only caller that passes true for defaults is
qemu_opts_set_defaults().
The commit message then claims:
A straightforward call of qemu_opts_create() does exactly that.
Wrong. When !list->merge_lists, and the option string doesn't contain
id=, and options without ID exist, then we don't actually modify the
existing options, we create new ones.
Not reachable, because we never pass lists with !list->merge_lists to
qemu_opts_set_defaults().
Guard against possible (if unlikely) future misuse with assert().
Reported-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1375428840-5275-1-git-send-email-armbru@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Paolo Bonzini [Wed, 31 Jul 2013 06:19:52 +0000 (08:19 +0200)]
LICENSE: clarify
1) The GPL says that "if the Program does not specify a version number
of this License, you may choose any version ever published by the Free
Software Foundation". This is not true, QEMU includes parts that are
v2-only.
2) Provide a default for files with no licensing information.
3) It is not just hardware emulation that is under BSD license.
4) Restrict GPLv2-only contributions to user mode emulation (due to
code from Linux) and PCI passthrough (due to code from Neocleus).
5) The rules were initially set by Fabrice but are being amended by
other people (already in commit ee12e1f, LICENSE: There is no libqemu.a
anymore, 2011-11-15). Do not put words in his mouth.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Acked-by: Andreas Färber <afaerber@suse.de>
Message-id: 1375251592-2537-3-git-send-email-pbonzini@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Paolo Bonzini [Wed, 31 Jul 2013 06:19:51 +0000 (08:19 +0200)]
raw: add license header
Most of the block layer is under the BSD license, thus it is reasonable
to license block/raw.c the same way. CCed people should ACK by replying
with a Signed-off-by line.
Cc: Christoph Hellwig <hch@lst.de> Cc: Kevin Wolf <kwolf@redhat.com> Cc: Anthony Liguori <aliguori@us.ibm.com> Cc: Markus Armbruster <armbru@redhat.com> Cc: Stefan Hajnoczi <stefanha@redhat.com> Cc: Luiz Capitulino <lcapitulino@redhat.com> Cc: Jeff Cody <jcody@redhat.com> Cc: Peter Lieven <pl@kamp.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Peter Lieven <pl@kamp.de> Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Jeff Cody <jcody@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1375251592-2537-2-git-send-email-pbonzini@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Anthony Liguori [Mon, 12 Aug 2013 13:32:55 +0000 (08:32 -0500)]
Merge remote-tracking branch 'mst/tags/for_anthony' into staging
pci,virtio fixes for 1.6
This includes some last-minute bugfixes for 1.6.
All very small patches that also look very safe to me.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Mon 12 Aug 2013 04:28:57 AM CDT using RSA key ID D28D5469
# gpg: Can't check signature: public key not found
# By Michael S. Tsirkin (2) and others
# Via Michael S. Tsirkin
* mst/tags/for_anthony:
vhost: clear signalled_used_valid on vhost stop
virtio: clear signalled_used_valid when switching from dataplane
i82801b11: Fix i82801b11 PCI host bridge config space
pc: disable pci-info for 1.6
Message-id: 1376308831-19978-1-git-send-email-mst@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Anthony Liguori [Mon, 12 Aug 2013 13:32:43 +0000 (08:32 -0500)]
Merge remote-tracking branch 'pmaydell/tags/pull-arm-devs-20130812' into staging
arm-devs queue
# gpg: Signature made Mon 12 Aug 2013 05:58:14 AM CDT using RSA key ID 14360CDE
# gpg: Can't check signature: public key not found
# By Peter Maydell
# Via Peter Maydell
* pmaydell/tags/pull-arm-devs-20130812:
hw/virtio/virtio-mmio: Make QueueNumMax read 0 for unavailable queues
hw/virtio/virtio: Don't allow guests to add/remove queues
Message-id: 1376305261-29561-1-git-send-email-peter.maydell@linaro.org Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Peter Maydell [Fri, 26 Jul 2013 15:41:28 +0000 (16:41 +0100)]
hw/virtio/virtio-mmio: Make QueueNumMax read 0 for unavailable queues
The virtio-mmio spec says that QueueNumMax must read zero for queues
which are unavailable; implement this, rather than always returning
VIRTQUEUE_MAX_SIZE.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1374853288-9912-3-git-send-email-peter.maydell@linaro.org Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
When vhost device stops, its implementation synchronizes kernel state
back to virtio.c so we can continue emulating the device
in userspace.
This patch ensures that virtio.c's signalled_used_valid flag is reset so
that userspace does not suppress guest notifications due to stale
signalled_used values.
Cc: qemu-stable@nongnu.org Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Stefan Hajnoczi [Mon, 12 Aug 2013 09:08:09 +0000 (11:08 +0200)]
virtio: clear signalled_used_valid when switching from dataplane
When the dataplane thread stops, its vring.c implementation synchronizes
vring state back to virtio.c so we can continue emulating the virtio
device.
This patch ensures that virtio.c's signalled_used_valid flag is reset so
that we do not suppress guest notifications due to stale signalled_used
values.
Suggested-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Gerd Hoffmann [Mon, 5 Aug 2013 14:36:40 +0000 (16:36 +0200)]
i82801b11: Fix i82801b11 PCI host bridge config space
pci_bridge_write_config() was not being used.
Cc: qemu-stable@nongnu.org Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The BIOS that we ship in 1.6 does not use pci info
from host (yet). Several issues turned up
(e.g. around winXP boot crashes). So it's safest to disable that
interface for 1.6 machine types for now, leave it on for 1.7
as we have enough time to fix issues if any.
Reviewed-by: Richard Henderson <rth@twiddle.net> Reviewed-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Mike Qiu [Thu, 8 Aug 2013 14:45:16 +0000 (10:45 -0400)]
block: Bugfix 'format' and 'snapshot' used in drive option
When use -drive file='xxx',format=qcow2,snapshot=on the error
message "Can't use snapshot=on with driver-specific options"
can be show, and fail to start the qemu.
This should not be happened, and there is no file.driver option
in qemu command line.
Peter Maydell [Fri, 26 Jul 2013 15:41:27 +0000 (16:41 +0100)]
hw/virtio/virtio: Don't allow guests to add/remove queues
A queue size of 0 is used to indicate a nonexistent queue, so
don't allow the guest to flip a queue between zero-size and
non-zero-size. Don't permit setting of negative queue sizes
either.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1374853288-9912-2-git-send-email-peter.maydell@linaro.org Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
projects / qemu-upstream-4.6-testing.git / log