aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2014-07-15Update version for v2.1.0-rc2 releasev2.1.0-rc2Peter Maydell1-1/+1
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-07-15tests/Makefile: Only run vhost-user-test on LinuxPeter Maydell1-1/+1
vhost-user-test uses the linux/vhost.h header, so it must only be enabled if CONFIG_LINUX is defined. (Previously it was enabled for CONFIG_POSIX, which broke 'make check' on MacOSX.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-07-15Merge remote-tracking branch 'remotes/riku/linux-user-for-upstream' into stagingPeter Maydell4-7/+44
* remotes/riku/linux-user-for-upstream: linux-user: use TARGET_SA_ONSTACK in get_sigframe alloca one extra byte sockets linux-user: handle AF_PACKET sockaddrs in target_to_host_sockaddr qemu-user: Impl. setsockopt(SO_BINDTODEVICE) SIOCGIFINDEX: fix typo Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-07-15Merge remote-tracking branch 'remotes/agraf/tags/signed-ppc-for-upstream' ↵Peter Maydell14-66/+51
into staging Patch queue for ppc - 2014-07-15 Some more bug fixes during the RC phase: - Fix huge page mapping regressions - Fix Book3S thread number enumeration - Fix Book3S VFIO permission issue # gpg: Signature made Tue 15 Jul 2014 15:13:54 BST using RSA key ID 03FEDC60 # gpg: Can't check signature: public key not found * remotes/agraf/tags/signed-ppc-for-upstream: sPAPR/IOMMU: Fix TCE entry permission spapr: Enable use of huge pages spapr: Move RMA memory region registration code ppc: memory: Replace memory_region_init_ram with memory_region_allocate_system_memory target-ppc: Fix number of threads per core limit Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-07-15sPAPR/IOMMU: Fix TCE entry permissionGavin Shan2-3/+3
The permission of TCE entry should exclude physical base address. Otherwise, unmapping TCE entry can be interpreted to mapping TCE entry wrongly for VFIO devices. Signed-off-by: Gavin Shan <gwshan@linux.vnet.ibm.com> Acked-by: Alex Williamson <alex.williamson@redhat.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2014-07-15spapr: Enable use of huge pagesAlexey Kardashevskiy1-8/+3
0b183fc87 "memory: move mem_path handling to memory_region_allocate_system_memory" disabled -mempath use for all machines that do not use memory_region_allocate_system_memory() to register RAM. Since SPAPR uses memory_region_init_ram(), the huge pages support was disabled for it. This replaces memory_region_init_ram()+vmstate_register_ram_global() with memory_region_allocate_system_memory() to get huge pages back. This changes RAM size from (ram_limit - rma_alloc_size) to ram_limit as the previous patch moved RMA memory region allocation after RAM allocation and therefore this change does not have immediate effect but simplifies the code. Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Signed-off-by: Alexander Graf <agraf@suse.de>
2014-07-15spapr: Move RMA memory region registration codeAlexey Kardashevskiy3-13/+16
PPC970 does not support VRMA (virtual RMA) so real memory required for SLOF to execute must be allocated by the KVM_ALLOCATE_RMA ioctl. Later this memory is used as a part of the guest RAM area. The RMA allocating code also registers a memory region for this piece of RAM. We are going to simplify memory regions layout: RMA memory region will be a subregion in the RAM memory region, both starting from zero. This way we will not have to take care of start address alignment for the piece of RAM next to the RMA. This moves memory region business closer to the RAM memory region creation/allocation code. As this is a mechanical patch, no change in behaviour is expected. Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> [agraf: fix compilation on non-kvm systems] Signed-off-by: Alexander Graf <agraf@suse.de>
2014-07-15ppc: memory: Replace memory_region_init_ram with ↵Shreyas B. Prabhu8-30/+25
memory_region_allocate_system_memory Commit 0b183fc871:"memory: move mem_path handling to memory_region_allocate_system_memory" split memory_region_init_ram and memory_region_init_ram_from_file. Also it moved mem-path handling a step up from memory_region_init_ram to memory_region_allocate_system_memory. Therefore for any board that uses memory_region_init_ram directly, -mem-path is not supported. Fix this by replacing memory_region_init_ram with memory_region_allocate_system_memory. Signed-off-by: Shreyas B. Prabhu <shreyas@linux.vnet.ibm.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2014-07-15target-ppc: Fix number of threads per core limitAlexey Kardashevskiy1-13/+5
The number of threads per core is different for POWER6/7/8 CPUs. Guest systems do not expect to see more threads per core than a specific CPU supports so we need to limit this number. This limit is implemented by ppc_get_compat_smt_threads(). However it has a problem as it checks for PCR (Processor Compatibility Register) mask, 2.05 means 2 threads per core, 2.06 - 4 threads. For POWER8 one would expect PCR_COMPAT_2_07 bit set and ppc_get_compat_smt_threads() checking for it to return 8 threads per core. But the latest PowerISA spec now is 2.07 and there is no 2.07 compatibility mode defined, QEMU does not define it either (will be in PowerISA 2.08). Instead of relying on a PCR mask, this uses kvmppc_smt_threads() which returns the maximum supported threads number for KVM or 1 for TCG. Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Signed-off-by: Alexander Graf <agraf@suse.de>
2014-07-15linux-user: use TARGET_SA_ONSTACK in get_sigframeRiku Voipio1-3/+4
As reported by Laurent, which should use TARGET_SA_ONSTACK on arm, microblaze and openrisc targets like we do on all others. Practical matter is minimal as for almost all archs SA_ONSTACK is 0x08000000: http://lxr.free-electrons.com/ident?i=SA_ONSTACK Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com> Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
2014-07-15Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into ↵Peter Maydell2-4/+28
staging Block pull request # gpg: Signature made Tue 15 Jul 2014 14:49:01 BST using RSA key ID 81AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" * remotes/stefanha/tags/block-pull-request: virtio-blk: dataplane: notify guest as a batch virtio-blk: data-plane: fix save/set .complete_request in start linux-aio: Fix laio resource leak Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-07-15virtio-blk: dataplane: notify guest as a batchMing Lei1-1/+19
Now requests are submitted as a batch, so it is natural to notify guest as a batch too. This may suppress interrupt notification to VM a lot: - in my test, decreased by ~13K/sec Signed-off-by: Ming Lei <ming.lei@canonical.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-07-15virtio-blk: data-plane: fix save/set .complete_request in startMing Lei1-3/+4
The callback has to be saved and reset in virtio_blk_data_plane_start(), otherwise dataplane's requests will be completed in qemu aio context. Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Ming Lei <ming.lei@canonical.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-07-15linux-aio: Fix laio resource leakGonglei1-0/+5
when hotplug virtio-scsi disks using laio, the aio_nr will increase in laio_init() by io_setup(), we can see the number by # cat /proc/sys/fs/aio-nr 128 if the aio_nr attach the maxnum, which found from # cat /proc/sys/fs/aio-max-nr 65536 the hotplug process will fail because of aio context leak. Fix it by io_destroy in laio_cleanup(). Reported-by: daifulai <daifulai@huawei.com> Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-07-15alloca one extra byte socketsJoakim Tjernlund1-3/+3
target_to_host_sockaddr() may increase the lenth with 1 byte for AF_UNIX sockets so allocate 1 extra byte. Signed-off-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
2014-07-15linux-user: handle AF_PACKET sockaddrs in target_to_host_sockaddrJoakim Tjernlund2-0/+17
Implement conversion of the AF_PACKET sockaddr subtype in target_to_host_sockaddr. Signed-off-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
2014-07-15qemu-user: Impl. setsockopt(SO_BINDTODEVICE)Joakim Tjernlund1-0/+19
Signed-off-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
2014-07-15SIOCGIFINDEX: fix typoJoakim Tjernlund1-1/+1
Wrong type was used in ioctl definition. Signed-off-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
2014-07-15libqos: Fix PC PCI endianness glitchesAndreas Färber1-6/+6
The libqos implementation of io_read{b,w,l} and io_write{b,w,l} hooks was relying on qtest_mem{read,write}() respectively. With d81d410 (usb: improve ehci/uhci test) this resulted in assertion failures on ppc hosts: ERROR:tests/usb-hcd-ehci-test.c:78:ehci_port_test: assertion failed: ((value & mask) == (expect & mask)) ERROR:tests/usb-hcd-ehci-test.c:128:pci_uhci_port_2: assertion failed: (pcibus != NULL) ERROR:tests/usb-hcd-ehci-test.c:150:pci_ehci_port_2: assertion failed: (pcibus != NULL) qtest_read{b,w,l,q}() and qtest_write{b,w,l,q}() had been introduced as endian-safe replacement for qtest_mem{read,write}() in I2C in 872536b (qtest: Add MMIO support). Use them for PCI as well. Cc: Anthony Liguori <aliguori@amazon.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Fixes: c4efe1c qtest: add libqos including PCI support Fixes: d81d410 usb: improve ehci/uhci test Signed-off-by: Andreas Färber <afaerber@suse.de> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-07-14Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell5-29/+59
Misc 2.1 fixes regarding character/serial devices and SCSI. # gpg: Signature made Mon 14 Jul 2014 16:26:08 BST using RSA key ID 9B4D86F2 # gpg: Can't check signature: public key not found * remotes/bonzini/tags/for-upstream: serial-pci: remove memory regions from BAR before destroying them virtio-scsi: fix with -M pc-i440fx-2.0 serial: change retry logic to avoid concurrency qemu-char: fix deadlock with "-monitor pty" scsi: Report error when lun number is in use Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-07-14serial-pci: remove memory regions from BAR before destroying themPaolo Bonzini1-0/+1
Otherwise, hot-unplug of pci-serial-2x trips the assertion in memory_region_destroy: (qemu) device_del gg (qemu) qemu-system-x86_64: /work/armbru/tmp/qemu/memory.c:1021: memory_region_destroy: Assertion `((&mr->subregions)->tqh_first == ((void *)0))' failed. Aborted (core dumped) Reported-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-07-14virtio-scsi: fix with -M pc-i440fx-2.0Paolo Bonzini1-0/+2
Right now starting a machine with virtio-scsi and a <= 2.0 machine type fails with: qemu-system-x86_64: -device virtio-scsi-pci: Property .any_layout not found This is because the any_layout bit was actually never set after virtio-scsi was changed to support arbitrary layout for virtio buffers. (This was just a cleanup and a preparation for virtio 1.0; no guest actually checks the bit, but the new request parsing algorithms are tested even with old guest). Reported-by: David Gilbert <dgilbert@redhat.com> Reviewed-by: David Gilbert <dgilbert@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-07-14serial: change retry logic to avoid concurrencyKirill Batuzov1-26/+33
Whenever serial_xmit fails to transmit a byte it adds a watch that would call it again when the "line" becomes ready. This results in a retry chain: serial_xmit -> add_watch -> serial_xmit Each chain is able to transmit one character, and for every character passed to serial by the guest driver a new chain is spawned. The problem lays with the fact that a new chain is spawned even when there is one already waiting on the watch. So there can be several retry chains waiting concurrently on one "line". Every chain tries to transmit current character, so character order is not messed up. But also every chain increases retry counter (tsr_retry). If there are enough concurrent chains this counter will hit MAX_XMIT_RETRY value and the character will be dropped. To reproduce this bug you need to feed serial output to some program consuming it slowly enough. A python script from bug #1335444 description is an example of such program. This commit changes retry logic in the following way to avoid concurrency: instead of spawning a new chain for each character being transmitted spawn only one and make it transmit characters until FIFO is empty. The change consists of two parts: - add a do {} while () loop in serial_xmit (diff is a bit erratic for this part, diff -w will show actual change), - do not call serial_xmit from serial_ioport_write if there is one waiting on the watch already. This should fix another issue causing bug #1335444. Signed-off-by: Kirill Batuzov <batuzovk@ispras.ru> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-07-14qemu-char: fix deadlock with "-monitor pty"Paolo Bonzini1-2/+21
qemu_chr_be_generic_open cannot be called with the write lock taken, because it calls client code that may call qemu_chr_fe_write. This actually happens for the monitor: 0x00007ffff27dbf79 in __GI_raise (sig=sig@entry=6) 0x00007ffff27df388 in __GI_abort () 0x00005555555ef489 in error_exit (err=<optimized out>, msg=msg@entry=0x5555559796d0 <__func__.5959> "qemu_mutex_lock") 0x00005555558f9080 in qemu_mutex_lock (mutex=mutex@entry=0x555556248a30) 0x0000555555713936 in qemu_chr_fe_write (s=0x555556248a30, buf=buf@entry=0x5555563d8870 "QEMU 2.0.90 monitor - type 'help' for more information\r\n", len=56) 0x00005555556217fd in monitor_flush_locked (mon=mon@entry=0x555556251fd0) 0x0000555555621a12 in monitor_flush_locked (mon=0x555556251fd0) monitor_puts (mon=mon@entry=0x555556251fd0, str=0x55555634bfa7 "", str@entry=0x55555634bf70 "QEMU 2.0.90 monitor - type 'help' for more information\n") 0x0000555555624359 in monitor_vprintf (mon=0x555556251fd0, fmt=<optimized out>, ap=<optimized out>) 0x0000555555624414 in monitor_printf (mon=<optimized out>, fmt=fmt@entry=0x5555559105a0 "QEMU %s monitor - type 'help' for more information\n") 0x0000555555629806 in monitor_event (opaque=0x555556251fd0, event=<optimized out>) 0x000055555571343c in qemu_chr_be_generic_open (s=0x555556248a30) To avoid this, defer the call to an idle callback, which will be called as soon as the main loop is re-entered. In order to simplify the cleanup and do it in one place only, change pty_chr_close to call pty_chr_state. To reproduce, run with "-monitor pty", then try to read from the slave /dev/pts/FOO that it creates. Fixes: 9005b2a7589540a3733b3abdcfbccfe7746cd1a1 Reported-by: Li Liang <liangx.z.li@intel.com> Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-07-14Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into stagingPeter Maydell30-167/+699
Block patches for 2.1.0-rc2 (v2) # gpg: Signature made Mon 14 Jul 2014 11:04:12 BST using RSA key ID C88F2FD6 # gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" * remotes/kevin/tags/for-upstream: (22 commits) ide: Treat read/write beyond end as invalid virtio-blk: Treat read/write beyond end as invalid virtio-blk: Bypass error action and I/O accounting on invalid r/w virtio-blk: Factor common checks out of virtio_blk_handle_read/write() dma-helpers: Fix too long qiov qtest: fix vhost-user-test compilation with old GLib tests: Fix unterminated string output visitor enum human string AioContext: do not rely on aio_poll(ctx, true) result to end a loop virtio-blk: embed VirtQueueElement in VirtIOBlockReq virtio-blk: avoid g_slice_new0() for VirtIOBlockReq and VirtQueueElement dataplane: do not free VirtQueueElement in vring_push() virtio-blk: avoid dataplane VirtIOBlockReq early free block: Assert qiov length matches request length qed: Make qiov match request size until backing file EOF qcow2: Make qiov match request size until backing file EOF block: Make qiov match the request size until EOF AioContext: speed up aio_notify test-aio: fix GSource-based timer test block: drop aio functions that operate on the main AioContext block: prefer aio_poll to qemu_aio_wait ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-07-14Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20140714' into stagingPeter Maydell1-0/+23
A s390x/kvm bugfix for missing floating point register synchronization. # gpg: Signature made Mon 14 Jul 2014 08:21:54 BST using RSA key ID C6F02FAF # gpg: Can't check signature: public key not found * remotes/cohuck/tags/s390x-20140714: s390x/kvm: synchronize guest floating point registers Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-07-14ide: Treat read/write beyond end as invalidMarkus Armbruster1-0/+28
The block layer fails such reads and writes just fine. However, they then get treated like valid operations that fail: the error action gets executed. Unwanted; reporting the error to the guest is the only sensible action. Reject them before passing them to the block layer. This bypasses the error action and I/O accounting. Not quite correct for DMA, because DMA can fail after some success, and when that happens, the part that succeeded isn't counted. Tolerable, because I/O accounting is an inconsistent mess anyway. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-07-14virtio-blk: Treat read/write beyond end as invalidMarkus Armbruster1-0/+7
The block layer fails such reads and writes just fine. However, they then get treated like valid operations that fail: the error action gets executed. Unwanted; reporting the error to the guest is the only sensible action. Reject them before passing them to the block layer. This bypasses the error action and I/O accounting. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-07-14virtio-blk: Bypass error action and I/O accounting on invalid r/wMarkus Armbruster1-6/+8
When a device model's I/O operation fails, we execute the error action. This lets layers above QEMU implement thin provisioning, or attempt to correct errors before they reach the guest. But when the I/O operation fails because it's invalid, reporting the error to the guest is the only sensible action. If the guest's read or write asks for an invalid sector range, fail the request right away, without considering the error action. No change with error action BDRV_ACTION_REPORT. Furthermore, bypass I/O accounting, because we want to track only I/O that actually reaches the block layer. The next commit will extend "invalid sector range" to cover attempts to read/write beyond the end of the medium. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-07-14virtio-blk: Factor common checks out of virtio_blk_handle_read/write()Markus Armbruster1-10/+14
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-07-14dma-helpers: Fix too long qiovKevin Wolf3-0/+18
If the size of the scatter/gather list isn't a multiple of 512, the number of sectors for the block layer request is rounded down, resulting in a qiov that doesn't match the request length. Truncate the qiov to the new length of the request. This fixes the IDE qtest case /x86_64/ide/bmdma/short_prdt. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2014-07-14qtest: fix vhost-user-test compilation with old GLibNikolay Nikolaev1-0/+4
Mising G_TIME_SPAN_SECOND definition breaks the RHEL6 compilation as GLib version before 2.26 does not have it. In such case just define it. Reported-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Nikolay Nikolaev <n.nikolaev@virtualopensystems.com> Tested-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-07-14tests: Fix unterminated string output visitor enum human stringAndreas Färber1-6/+1
The buffer was being allocated of size string length plus two. Around the string two quotes were being added, but no terminating NUL. It was then compared using g_assert_cmpstr(), resulting in fairly random assertion failures: ERROR:tests/test-string-output-visitor.c:213:test_visitor_out_enum: assertion failed (str == str_human): ("\"value1\"" == "\"value1\"\001EEEEEEEEEEEEEE\0171") There is no g_assert_cmpnstr() counterpart, so use g_strdup_printf() for safely assembling the string in the first place. Cc: Hu Tao <hutao@cn.fujitsu.com> Cc: Michael S. Tsirkin <mst@redhat.com> Suggested-by: Eric Blake <eblake@redhat.com> Fixes: b4900c0 tests: add human format test for string output visitor Signed-off-by: Andreas Färber <afaerber@suse.de> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-07-14AioContext: do not rely on aio_poll(ctx, true) result to end a loopPaolo Bonzini3-16/+20
Currently, whenever aio_poll(ctx, true) has completed all pending work it returns true *and* the next call to aio_poll(ctx, true) will not block. This invariant has its roots in qemu_aio_flush()'s implementation as "while (qemu_aio_wait()) {}". However, qemu_aio_flush() does not exist anymore and bdrv_drain_all() is implemented differently; and this invariant is complicated to maintain and subtly different from the return value of GMainLoop's g_main_context_iteration. All calls to aio_poll(ctx, true) except one are guarded by a while() loop checking for a request to be incomplete, or a BlockDriverState to be idle. The one remaining call (in iothread.c) uses this to delay the aio_context_release/acquire pair until the AioContext is quiescent, however: - we can do the same just by using non-blocking aio_poll, similar to how vl.c invokes main_loop_wait - it is buggy, because it does not ensure that the AioContext is released between an aio_notify and the next time the iothread goes to sleep. This leads to hangs when stopping the dataplane thread. In the end, these semantics are a bad match for the current users of AioContext. So modify that one exception in iothread.c, which also fixes the hangs, as well as the testcase so that it use the same idiom as the actual QEMU code. Reported-by: Christian Borntraeger <borntraeger@de.ibm.com> Tested-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-07-14virtio-blk: embed VirtQueueElement in VirtIOBlockReqStefan Hajnoczi5-52/+48
The memory allocation between hw/block/virtio-blk.c, hw/block/dataplane/virtio-blk.c, and hw/virtio/dataplane/vring.c is messy. Structs are allocated in different files than they are freed in. This is risky and makes memory leaks easier. Embed VirtQueueElement in VirtIOBlockReq to reduce the amount of memory allocation we need to juggle. This also makes vring.c and virtio.c slightly more similar. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-07-14virtio-blk: avoid g_slice_new0() for VirtIOBlockReq and VirtQueueElementStefan Hajnoczi1-2/+4
In commit de6c8042ec55da18702fa51f09072fcaa315edc3 ("virtio-blk: Avoid zeroing every request structure") we avoided the 40 KB memset when allocating VirtIOBlockReq. The memset was reintroduced in commit 671ec3f056559f22a2531a91dce3a258b9b5eb8a ("virtio-blk: Convert VirtIOBlockReq.elem to pointer"). It must be fixed again to avoid a performance regression. Cc: Fam Zheng <famz@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-07-14dataplane: do not free VirtQueueElement in vring_push()Stefan Hajnoczi2-6/+4
VirtQueueElement is allocated in vring_pop() so it seems to make sense that vring_push() should free it. Alas, virtio-blk frees VirtQueueElement itself in virtio_blk_free_request(). This patch solves a double-free assertion in glib's g_slice_free(). Rename vring_free_element() to vring_unmap_element() since it no longer frees the VirtQueueElement. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Tested-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-07-14virtio-blk: avoid dataplane VirtIOBlockReq early freeStefan Hajnoczi1-1/+0
VirtIOBlockReq is freed later by virtio_blk_free_request() in hw/block/virtio-blk.c. Remove this extraneous g_slice_free(). This patch fixes the following segfault: 0x00005555556373af in virtio_blk_rw_complete (opaque=0x5555565ff5e0, ret=0) at hw/block/virtio-blk.c:99 99 bdrv_acct_done(req->dev->bs, &req->acct); (gdb) print req $1 = (VirtIOBlockReq *) 0x5555565ff5e0 (gdb) print req->dev $2 = (VirtIOBlock *) 0x0 (gdb) bt #0 0x00005555556373af in virtio_blk_rw_complete (opaque=0x5555565ff5e0, ret=0) at hw/block/virtio-blk.c:99 #1 0x0000555555840ebe in bdrv_co_em_bh (opaque=0x5555566152d0) at block.c:4675 #2 0x000055555583de77 in aio_bh_poll (ctx=ctx@entry=0x5555563a8150) at async.c:81 #3 0x000055555584b7a7 in aio_poll (ctx=0x5555563a8150, blocking=blocking@entry=true) at aio-posix.c:188 #4 0x00005555556e520e in iothread_run (opaque=0x5555563a7fd8) at iothread.c:41 #5 0x00007ffff42ba124 in start_thread () from /usr/lib/libpthread.so.0 #6 0x00007ffff16d14bd in clone () from /usr/lib/libc.so.6 Reported-by: Max Reitz <mreitz@redhat.com> Cc: Fam Zheng <famz@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Tested-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-07-14block: Assert qiov length matches request lengthKevin Wolf2-4/+13
At least raw-posix relies on this because it can allocate bounce buffers based on the request length, but access it using all of the qiov entries later. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com>
2014-07-14qed: Make qiov match request size until backing file EOFKevin Wolf2-8/+31
If a QED image has a shorter backing file and a read request to unallocated clusters goes across EOF of the backing file, the backing file sees a shortened request and the rest is filled with zeros. However, the original too long qiov was used with the shortened request. This patch makes the qiov size match the request size, avoiding a potential buffer overflow in raw-posix. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2014-07-14qcow2: Make qiov match request size until backing file EOFKevin Wolf1-1/+10
If a qcow2 image has a shorter backing file and a read request to unallocated clusters goes across EOF of the backing file, the backing file sees a shortened request and the rest is filled with zeros. However, the original too long qiov was used with the shortened request. This patch makes the qiov size match the request size, avoiding a potential buffer overflow in raw-posix. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com>
2014-07-14block: Make qiov match the request size until EOFKevin Wolf1-2/+14
If a read request goes across EOF, the block driver sees a shortened request that stops at EOF (the rest is memsetted in block.c), however the original qiov was used for this request. This patch makes the qiov size match the request size, avoiding a potential buffer overflow in raw-posix. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com>
2014-07-14scsi: Report error when lun number is in useFam Zheng1-1/+2
In the case that the lun number is taken by another scsi device, don't release the existing device siliently, but report an error to user. Signed-off-by: Fam Zheng <famz@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-07-14s390x/kvm: synchronize guest floating point registersJason J. Herne1-0/+23
Add code to kvm_arch_get_registers and kvm_arch_put_registers to save/restore floating point registers. This missing sync was unnoticed until migration of userspace that uses fprs. Signed-off-by: Jason J. Herne <jjherne@us.ibm.com> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> [Update patch to latest upstream] Cc: qemu-stable@nongnu.org Reviewed-by: Alexander Graf <agraf@suse.de> Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2014-07-11Merge remote-tracking branch 'remotes/kraxel/tags/pull-vga-20140711-1' into ↵Peter Maydell2-6/+21
staging vga: some cirrus fixes. # gpg: Signature made Fri 11 Jul 2014 10:38:32 BST using RSA key ID D3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" * remotes/kraxel/tags/pull-vga-20140711-1: cirrus: Fix host CPU blits cirrus: Fix build of debug code cirrus_vga: adding sanity check for vram size Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-07-11Merge remote-tracking branch 'remotes/kraxel/tags/pull-usb-20140711-1' into ↵Peter Maydell1-0/+4
staging mtp: linux guest detection fix # gpg: Signature made Fri 11 Jul 2014 11:32:20 BST using RSA key ID D3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" * remotes/kraxel/tags/pull-usb-20140711-1: mtp: linux guest detection fix. Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-07-11Merge remote-tracking branch 'remotes/spice/tags/pull-spice-20140711-1' into ↵Peter Maydell1-0/+5
staging spice: auth fixes # gpg: Signature made Fri 11 Jul 2014 10:17:15 BST using RSA key ID D3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" * remotes/spice/tags/pull-spice-20140711-1: spice: auth fixes Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-07-11Merge remote-tracking branch 'remotes/kraxel/tags/pull-gtk-20140711-1' into ↵Peter Maydell1-3/+6
staging ui/gtk: Restore keyboard focus after Page change # gpg: Signature made Fri 11 Jul 2014 09:46:21 BST using RSA key ID D3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" * remotes/kraxel/tags/pull-gtk-20140711-1: ui/gtk: Restore keyboard focus after Page change Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-07-11mtp: linux guest detection fix.Gerd Hoffmann1-0/+4
Attach a name to the MTP interface (android phones have this too). With this patch recent linux guests such as fedora 20 happily detect and use the device. It shows up in nautilus file manager automatically, and simple-mtpfs can mount it. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-07-11ui/gtk: Restore keyboard focus after Page changeJohn Snow1-3/+6
(Resending for correct email addresses via MAINTAINERS ...) In the GTK UI, after changing focus to the qemu monitor Notebook Page, when restoring focus to the virtual machine page, the keyboard focus is lost to a hidden GTK widget. Focus can only be restored to the virtual machine by pressing "tab" or any of the four directional arrow keys. Clicking in the window or grabbing/ungrabbing input does not restore keyboard focus to the child widget. This patch adjusts the Notebook page switching callback to automatically steal keyboard focus on the Page switch event, so that keyboard input does not appear to break or disappear after tabbing to the QEMU monitor. Signed-off-by: John Snow <jsnow@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>