aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2015-03-16block/vpc: remove disabled code from get_sector_offsetPeter Lieven1-32/+0
The code to check the bitmap for the allocation status of each sector has been "disabled by reason" ever since the vpc driver existed. The reason might be that we might end up reading sector by sector in vpc_read if we really used it. This would be a performance desaster. The current code would furthermore not work if the disabled parts get reactivated since vpc_read and vpc_write only use get_sector_offset to check the allocation status of the first sector of a read/write operation. This might lead to sectors incorrectly treated as zero in vpc_read and to sectors getting allocated twice in vpc_write. Signed-off-by: Peter Lieven <pl@kamp.de> Message-id: 1425379316-19639-6-git-send-email-pl@kamp.de Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com>
2015-03-16block/vpc: rename footer->size -> footer->current_sizePeter Lieven1-4/+5
the field is named current size in the spec. Name it accordingly. Signed-off-by: Peter Lieven <pl@kamp.de> Reviewed-by: Max Reitz <mreitz@redhat.com> Message-id: 1425379316-19639-5-git-send-email-pl@kamp.de Signed-off-by: Max Reitz <mreitz@redhat.com>
2015-03-16block/vpc: make calculate_geometry spec conformPeter Lieven1-19/+22
The VHD spec [1] allows for total_sectors of 65535 x 16 x 255 (~127GB) represented by a CHS geometry. If total_sectors is greater than 65535 x 16 x 255 this geometry is set as a maximum. Qemu, Hyper-V and disk2vhd use this special geometry as an indicator to use the image current size from the footer as disk size. This patch changes vpc_create to effectively calculate a CxHxS geometry for the given image size if possible while rounding up if necessary. If the image size is too big to be represented in CHS we set the maximum and write the exact requested image size into the footer. This partly reverts commit 258d2edb, but leaves support for >127G disks intact. [1] http://download.microsoft.com/download/f/f/e/ffef50a5-07dd-4cf8-aaa3-442c0673a029/Virtual%20Hard%20Disk%20Format%20Spec_10_18_06.doc Signed-off-by: Peter Lieven <pl@kamp.de> Message-id: 1425379316-19639-4-git-send-email-pl@kamp.de Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com>
2015-03-16vpc: Ignore geometry for large imagesKevin Wolf1-6/+4
The CHS calculation as done per the VHD spec imposes a maximum image size of ~127 GB. Real VHD images exist that are larger than that. Apparently there are two separate non-standard ways to achieve this: You could use more heads than the spec does - this is the option that qemu-img create chooses. However, other images exist where the geometry is set to the maximum (65535/16/255), but the actual image size is larger. Until now, such images are truncated at 127 GB when opening them with qemu. This patch changes the vpc driver to ignore geometry in this case and only trust the size field in the header. Signed-off-by: Kevin Wolf <kwolf@redhat.com> [PL: Fixed maximum geometry in the commit msg] Signed-off-by: Peter Lieven <pl@kamp.de> Message-id: 1425379316-19639-3-git-send-email-pl@kamp.de Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com>
2015-03-16block/vpc: optimize vpc_co_get_block_statusPeter Lieven1-10/+8
*pnum can't be greater than s->block_size / BDRV_SECTOR_SIZE for allocated sectors since there is always a bitmap in between. Signed-off-by: Peter Lieven <pl@kamp.de> Reviewed-by: Max Reitz <mreitz@redhat.com> Message-id: 1425379316-19639-2-git-send-email-pl@kamp.de Signed-off-by: Max Reitz <mreitz@redhat.com>
2015-03-16block: Drop bdrv_findFam Zheng2-10/+0
All callers are converted, so drop it. Signed-off-by: Fam Zheng <famz@redhat.com> Message-id: 1425296209-1476-5-git-send-email-famz@redhat.com Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com>
2015-03-16blockdev: Convert bdrv_find to blk_by_nameFam Zheng1-33/+59
Signed-off-by: Fam Zheng <famz@redhat.com> Message-id: 1425296209-1476-4-git-send-email-famz@redhat.com Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com>
2015-03-16migration: Convert bdrv_find to blk_by_nameFam Zheng1-2/+5
Signed-off-by: Fam Zheng <famz@redhat.com> Message-id: 1425296209-1476-3-git-send-email-famz@redhat.com Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com>
2015-03-16monitor: Convert bdrv_find to blk_by_nameFam Zheng1-4/+5
Signed-off-by: Fam Zheng <famz@redhat.com> Message-id: 1425296209-1476-2-git-send-email-famz@redhat.com Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com>
2015-03-16iotests: Test non-self-referential qcow2 refblocksMax Reitz3-0/+104
It is easy to create only self-referential refblocks, but there are cases where that is impossible. This adds a test for two of those cases (combined in a single test case). Suggested-by: Eric Blake <eblake@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com> Message-id: 1417798412-15330-1-git-send-email-mreitz@redhat.com Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com>
2015-03-16iotests: Add tests for refcount table growthMax Reitz3-0/+126
Signed-off-by: Max Reitz <mreitz@redhat.com> Message-id: 1423598552-24301-3-git-send-email-mreitz@redhat.com Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com>
2015-03-16qcow2: Respect new_block in alloc_refcount_block()Max Reitz1-2/+14
When choosing a new place for the refcount table, alloc_refcount_block() tries to infer the number of clusters used so far from its argument cluster_index (which comes from the idea that if any cluster with an index greater than cluster_index was in use, the refcount table would have to be big enough already to describe cluster_index). However, there is a cluster that may be at or after cluster_index, and which is not covered by the refcount structures, and that is the new refcount block new_block. Therefore, it should be taken into account for the blocks_used calculation. Also, because new_block already describes (or is intended to describe) cluster_index, we may not put the new refcount structures there. Signed-off-by: Max Reitz <mreitz@redhat.com> Message-id: 1423598552-24301-2-git-send-email-mreitz@redhat.com Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com>
2015-03-16qemu-img: Avoid qerror_report_err() outside QMP handlers, againMarkus Armbruster1-4/+2
qerror_report_err() is a transitional interface to help with converting existing monitor commands to QMP. It should not be used elsewhere. Replace by error_report_err(). Commit 6936f29 cleaned that up in qemu-img.c, but two calls have crept in since. Take care of them the same way. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-03-16block: Fix block-set-write-threshold not to use funky error classMarkus Armbruster2-5/+1
Error classes are a leftover from the days of "rich" error objects. New code should always use ERROR_CLASS_GENERIC_ERROR. Commit e246211 added a use of ERROR_CLASS_DEVICE_NOT_FOUND. Replace it. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-03-16block: Deprecate QCOW/QCOW2 encryptionMarkus Armbruster4-5/+37
We've steered users away from QCOW/QCOW2 encryption for a while, because it's a flawed design (commit 136cd19 Describe flaws in qcow/qcow2 encryption in the docs). In addition to flawed crypto, we have comically bad usability, and plain old bugs. Let me show you. = Example images = I'm going to use a raw image as backing file, and two QCOW2 images, one encrypted, and one not: $ qemu-img create -f raw backing.img 4m Formatting 'backing.img', fmt=raw size=4194304 $ qemu-img create -f qcow2 -o encryption,backing_file=backing.img,backing_fmt=raw geheim.qcow2 4m Formatting 'geheim.qcow2', fmt=qcow2 size=4194304 backing_file='backing.img' backing_fmt='raw' encryption=on cluster_size=65536 lazy_refcounts=off $ qemu-img create -f qcow2 -o backing_file=backing.img,backing_fmt=raw normal.qcow2 4m Formatting 'normal.qcow2', fmt=qcow2 size=4194304 backing_file='backing.img' backing_fmt='raw' encryption=off cluster_size=65536 lazy_refcounts=off = Usability issues = == Confusing startup == When no image is encrypted, and you don't give -S, QEMU starts the guest immediately: $ qemu-system-x86_64 -nodefaults -display none -monitor stdio normal.qcow2 QEMU 2.2.50 monitor - type 'help' for more information (qemu) info status VM status: running But as soon as there's an encrypted image in play, the guest is *not* started, with no notification whatsoever: $ qemu-system-x86_64 -nodefaults -display none -monitor stdio geheim.qcow2 QEMU 2.2.50 monitor - type 'help' for more information (qemu) info status VM status: paused (prelaunch) If the user figured out that he needs to type "cont" to enter his keys, the confusion enters the next level: "cont" asks for at most *one* key. If more are needed, it then silently does nothing. The user has to type "cont" once per encrypted image: $ qemu-system-x86_64 -nodefaults -display none -monitor stdio -drive if=none,file=geheim.qcow2 -drive if=none,file=geheim.qcow2 QEMU 2.2.50 monitor - type 'help' for more information (qemu) info status VM status: paused (prelaunch) (qemu) c none0 (geheim.qcow2) is encrypted. Password: ****** (qemu) info status VM status: paused (prelaunch) (qemu) c none1 (geheim.qcow2) is encrypted. Password: ****** (qemu) info status VM status: running == Incorrect passwords not caught == All existing encryption schemes give you the GIGO treatment: garbage password in, garbage data out. Guests usually refuse to mount garbage, but other usage is prone to data loss. == Need to stop the guest to add an encrypted image == $ qemu-system-x86_64 -nodefaults -display none -monitor stdio QEMU 2.2.50 monitor - type 'help' for more information (qemu) info status VM status: running (qemu) drive_add "" if=none,file=geheim.qcow2 Guest must be stopped for opening of encrypted image (qemu) stop (qemu) drive_add "" if=none,file=geheim.qcow2 OK Commit c3adb58 added this restriction. Before, we could expose images lacking an encryption key to guests, with potentially catastrophic results. See also "Use without key is not always caught". = Bugs = == Use without key is not always caught == Encrypted images can be in an intermediate state "opened, but no key". The weird startup behavior and the need to stop the guest are there to ensure the guest isn't exposed to that state. But other things still are! * drive_backup $ qemu-system-x86_64 -nodefaults -display none -monitor stdio geheim.qcow2 QEMU 2.2.50 monitor - type 'help' for more information (qemu) drive_backup -f ide0-hd0 out.img raw Formatting 'out.img', fmt=raw size=4194304 I guess this writes encrypted data to raw image out.img. Good luck with figuring out how to decrypt that again. * commit $ qemu-system-x86_64 -nodefaults -display none -monitor stdio geheim.qcow2 QEMU 2.2.50 monitor - type 'help' for more information (qemu) commit ide0-hd0 I guess this writes encrypted data into the unencrypted raw backing image, effectively destroying it. == QMP device_add of usb-storage fails when it shouldn't == When the image is encrypted, device_add creates the device, defers actually attaching it to when the key becomes available, then fails. This is wrong. device_add must either create the device and succeed, or do nothing and fail. $ qemu-system-x86_64 -nodefaults -display none -usb -qmp stdio -drive if=none,id=foo,file=geheim.qcow2 {"QMP": {"version": {"qemu": {"micro": 50, "minor": 2, "major": 2}, "package": ""}, "capabilities": []}} { "execute": "qmp_capabilities" } {"return": {}} { "execute": "device_add", "arguments": { "driver": "usb-storage", "id": "bar", "drive": "foo" } } {"error": {"class": "DeviceEncrypted", "desc": "'foo' (geheim.qcow2) is encrypted"}} {"execute":"device_del","arguments": { "id": "bar" } } {"timestamp": {"seconds": 1426003440, "microseconds": 237181}, "event": "DEVICE_DELETED", "data": {"path": "/machine/peripheral/bar/bar.0/legacy[0]"}} {"timestamp": {"seconds": 1426003440, "microseconds": 238231}, "event": "DEVICE_DELETED", "data": {"device": "bar", "path": "/machine/peripheral/bar"}} {"return": {}} This stuff is worse than useless, it's a trap for users. If people become sufficiently interested in encrypted images to contribute a cryptographically sane implementation for QCOW2 (or whatever other format), then rewriting the necessary support around it from scratch will likely be easier and yield better results than fixing up the existing mess. Let's deprecate the mess now, drop it after a grace period, and move on. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-03-16qemu-img: Fix convert, amend error messages for unknown optionsMarkus Armbruster2-5/+2
Message quality regressed in commit dc523cd. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-03-16iotests: Update 051's reference outputMarkus Armbruster1-3/+1
Commit c4bacaf improved error reporting, but neglected to update 051.out. Commit 2726958 tried to redress, but didn't get it quite right (punctuation difference), and shortly after commit ae071cc..master improved error reporting some more, neglecting 051.out some more. Sorry! Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-03-16target-tricore: Add instructions of SYS opcode formatBastian Koppelmann4-0/+175
This adds only the non trap instructions. Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
2015-03-16tcg/optimize: Handle or r,a,a with constant aRichard Henderson1-1/+4
As seen with ubuntu-5.10-live-powerpc.iso. Reported-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de> Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-03-16target-tricore: Add instructions of RRRW opcode formatBastian Koppelmann1-0/+63
Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
2015-03-16target-tricore: Add instructions of RRRR opcode formatBastian Koppelmann1-0/+56
Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
2015-03-16target-tricore: Add instructions of RRR1 opcode format, which have 0xe3 as ↵Bastian Koppelmann4-2/+415
first opcode Add helpers helper_subadr_h/_ssov which subs one halfword and adds one halfword, rounds / and saturates each half word independently. Add microcode helper functions: * gen_msubad_h/ads_h: multiply two halfwords left justified and sub from the first one word and add the second one word / and saturate each resulting word independetly. * gen_msubadm_h/adms_h: multiply two halfwords in q-format left justified and sub from the first one word and add to the second one word / and saturate each resulting word independetly. * gen_msubadr32_h/32s_h: multiply two halfwords in q-format left justified and sub from the first one word and add to the second one word, round both results / and saturate each resulting word independetly. Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
2015-03-16target-tricore: Add instructions of RRR1 opcode format, which have 0x63 as ↵Bastian Koppelmann4-2/+600
first opcode Add helpers: * msub64_q_ssov: multiply two 32 bit q-format number, sub the result from a 64 bit q-format number and saturate. * msub32_q_sub_ssov: sub two 64 bit q-format numbers and return a 32 bit result. * msubr_q_ssov: multiply two 32 bit q-format numbers, sub the result from a 32 bit q-format number and saturate. * msubr_q: multiply two 32 bit q-format numbers and sub the result from a 32 bit q-format number. Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
2015-03-16target-tricore: Add instructions of RRR1 opcode format, which have 0xa3 as ↵Bastian Koppelmann4-24/+493
first opcode Add helpers: * sub64_ssov: subs two 64 bit values and saturates the result. * subr_h/_ssov: subs two halfwords from two words in q-format with rounding / and saturates each result independetly. Add microcode generator: * gen_sub64_d: adds two 64 bit values. * gen_msub_h/s_h: multiply four halfwords, sub each result left justfied from two word values / and saturate each result. * gen_msubm_h/s_h: multiply four halfwords, sub each result left justfied from two words values in q-format / and saturate each result. * gen_msubr32/64_h/s_h: multiply four halfwords, sub each result left justfied from two halftwords/words values in q-format / and saturate each result. Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
2015-03-16Merge remote-tracking branch 'remotes/juanquintela/tags/migration/20150316' ↵Peter Maydell17-83/+290
into staging migration/next for 20150316 # gpg: Signature made Mon Mar 16 13:36:37 2015 GMT using RSA key ID 5872D723 # gpg: Can't check signature: public key not found * remotes/juanquintela/tags/migration/20150316: pc: Disable vmdesc submission for old machines migration: Allow to suppress vmdesc submission migration: Read JSON VM description on incoming migration rename save_block_hdr to save_page_header save_block_hdr: we can recalculate the cont parameter here save_xbzrle_page: change calling convention ram_save_page: change calling covention ram_find_and_save_block: change calling convention ram: make all save_page functions take a uint64_t parameter Add migrate_incoming Add -incoming defer Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-03-16Merge remote-tracking branch ↵Peter Maydell5-67/+197
'remotes/pmaydell/tags/pull-target-arm-20150316' into staging target-arm queue: * fix handling of execute-never bits in page table walks * tell kernel to initialize KVM GIC in realize function * fix handling of STM (user) with r15 in register list * ignore low bit of PC in M-profile exception return * fix linux-user get/set_tls syscalls on CPUs with TZ # gpg: Signature made Mon Mar 16 12:39:04 2015 GMT using RSA key ID 14360CDE # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" * remotes/pmaydell/tags/pull-target-arm-20150316: linux-user: Access correct register for get/set_tls syscalls on ARM TZ CPUs target-arm: Ignore low bit of PC in M-profile exception return target-arm: Fix handling of STM (user) with r15 in register list hw/intc/arm_gic: Initialize the vgic in the realize function target-arm: get_phys_addr_lpae: more xn control target-arm: fix get_phys_addr_v6/SCTLR_AFE access check target-arm: convert check_ap to ap_to_rw_prot Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-03-16pc: Disable vmdesc submission for old machinesAlexander Graf2-0/+2
Older PC machine types might by accident be backwards live migration compatible, but with the new vmdesc self-describing blob in our live migration stream we would break that compatibility. Also users wouldn't expect massive behaviorial differences when updating to a new version of QEMU while retaining their old machine type, especially not potential breakage in tooling around live migration. So disable vmdesc submission for old PC machine types. Signed-off-by: Alexander Graf <agraf@suse.de> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
2015-03-16migration: Allow to suppress vmdesc submissionAlexander Graf4-4/+34
We now always send a JSON blob describing the migration file format as part of the migration stream. However, some tools built around QEMU have proven to stumble over this. This patch gives the user the chance to disable said self-describing part of the migration stream. To disable vmdesc submission, just add -machine suppress-vmdesc=on to your QEMU command line. Signed-off-by: Alexander Graf <agraf@suse.de> Signed-off-by: Juan Quintela <quintela@redhat.com>
2015-03-16migration: Read JSON VM description on incoming migrationAlexander Graf1-1/+21
One of the really nice things about the VM description format is that it goes over the wire when live migration is happening. Unfortunately QEMU today closes any socket once it sees VM_EOF coming, so we never give the VMDESC the chance to actually land on the wire. This patch makes QEMU read the description as well. This way we ensure that anything wire tapping us in between will get the chance to also interpret the stream. Along the way we also fix virt tests that assume that number_bytes_sent on the sender side is equal to number_bytes_read which was true before the VMDESC patches and is true again with this patch. Signed-off-by: Alexander Graf <agraf@suse.de> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Tested-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
2015-03-16rename save_block_hdr to save_page_headerJuan Quintela1-8/+19
It has always been a page header, not a block header. Once there, the flag argument was only passed to make a bit or with it, just do the or on the caller. Signed-off-by: Juan Quintela <quintela@redhat.com>
2015-03-16save_block_hdr: we can recalculate the cont parameter hereJuan Quintela1-23/+24
No need to pass it through all the callers. Once there, update last_sent_block here. Signed-off-by: Juan Quintela <quintela@redhat.com>
2015-03-16save_xbzrle_page: change calling conventionJuan Quintela1-19/+25
Add a parameter to pass the number of bytes written, and make it return the number of pages written instead. Signed-off-by: Juan Quintela <quintela@redhat.com>
2015-03-16ram_save_page: change calling coventionJuan Quintela1-19/+38
Add a parameter to pass the number of bytes written, and make it return the number of pages written instead. Signed-off-by: Juan Quintela <quintela@redhat.com>
2015-03-16ram_find_and_save_block: change calling conventionJuan Quintela1-22/+23
Add a parameter to pass the number of bytes written, and make it return the number of pages written instead. Signed-off-by: Juan Quintela <quintela@redhat.com>
2015-03-16ram: make all save_page functions take a uint64_t parameterJuan Quintela5-7/+13
It used to be an int, but then we can't pass directly the bytes_transferred parameter, that would happen later in the series. Signed-off-by: Juan Quintela <quintela@redhat.com> Reviewed-by: Amit Shah <amit.shah@redhat.com>
2015-03-16Add migrate_incomingDr. David Alan Gilbert6-1/+95
Add migrate_incoming/migrate-incoming to start an incoming migration. Once a qemu has been started with -incoming defer the migration can be started by issuing: migrate_incoming uri Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
2015-03-16Add -incoming deferDr. David Alan Gilbert1-6/+23
-incoming defer causes qemu to wait for an incoming migration to be specified later. The monitor can be used to set migration capabilities that may affect the incoming connection process. Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
2015-03-16Merge remote-tracking branch 'remotes/kvaneesh/for-upstream' into stagingPeter Maydell4-44/+36
* remotes/kvaneesh/for-upstream: virtio: Fix memory leaks reported by Coverity virtfs-proxy: Fix possible overflow fsdev/virtfs-proxy-helper: Fix improper use of negative value hw/9pfs/virtio-9p-posix-acl: Fix out-of-bounds access 9pfs-proxy: tiny cleanups in proxy_pwritev and proxy_preadv 9pfs-local: simplify/optimize local_mapped_attr_path() Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-03-16linux-user: Access correct register for get/set_tls syscalls on ARM TZ CPUsMikhail Ilyin2-2/+15
When support was added for TrustZone to ARM CPU emulation, we failed to correctly update the support for the linux-user implementation of the get/set_tls syscalls. This meant that accesses to the TPIDRURO register via the syscalls were always using the non-secure copy of the register even if native MRC/MCR accesses were using the secure register. This inconsistency caused most binaries to segfault on startup if the CPU type was explicitly set to one of the TZ-enabled ones like cortex-a15. (The default "any" CPU doesn't have TZ enabled and so is not affected.) Use access_secure_reg() to determine whether we should be using the secure or the nonsecure copy of TPIDRURO when emulating these syscalls. Signed-off-by: Mikhail Ilyin <m.ilin@samsung.com> Message-id: 1426505198-2411-1-git-send-email-m.ilin@samsung.com [PMM: rewrote commit message to more clearly explain the issue and its consequences.] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-03-16target-arm: Ignore low bit of PC in M-profile exception returnPeter Maydell1-0/+10
For the ARM M-profile cores, exception return pops various registers including the PC from the stack. The architecture defines that if the lowest bit in the new PC value is set (ie the PC is not halfword aligned) then behaviour is UNPREDICTABLE. In practice hardware implementations seem to simply ignore the low bit, and some buggy RTOSes incorrectly rely on this. QEMU's behaviour was architecturally permitted, but bringing QEMU into line with the hardware behaviour allows more guest code to run. We log the situation as a guest error. This was reported as LP:1428657. Reported-by: Anders Esbensen <anders@lyes.dk> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-03-16target-arm: Fix handling of STM (user) with r15 in register listPeter Maydell1-6/+12
The A32 encoding of LDM distinguishes LDM (user) from LDM (exception return) based on whether r15 is in the register list. However for STM (user) there is no equivalent distinction. We were incorrectly treating "r15 in list" as indicating exception return for both LDM and STM, with the result that an STM (user) involving r15 went into an infinite loop. Fix this; note that the value stored for r15 in this case is the current PC regardless of our current mode. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1426015125-5521-1-git-send-email-peter.maydell@linaro.org
2015-03-16hw/intc/arm_gic: Initialize the vgic in the realize functionEric Auger1-0/+7
This patch forces vgic initialization in the vgic realize function. It uses a new group/attribute that allows such operation: KVM_DEV_ARM_VGIC_GRP_CTRL/KVM_DEV_ARM_VGIC_CTRL_INIT This earlier initialization allows, for example, to setup VFIO signaling and irqfd after vgic initialization, on a reset notifier. Signed-off-by: Eric Auger <eric.auger@linaro.org> Message-id: 1426094226-8515-1-git-send-email-eric.auger@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-03-16target-arm: get_phys_addr_lpae: more xn controlAndrew Jones1-30/+100
This patch makes the following changes to the determination of whether an address is executable, when translating addresses using LPAE. 1. No longer assumes that PL0 can't execute when it can't read. It can in AArch64, a difference from AArch32. 2. Use va_size == 64 to determine we're in AArch64, rather than arm_feature(env, ARM_FEATURE_V8), which is insufficient. 3. Add additional XN determinants - NS && is_secure && (SCR & SCR_SIF) - WXN && (prot & PAGE_WRITE) - AArch64: (prot_PL0 & PAGE_WRITE) - AArch32: UWXN && (prot_PL0 & PAGE_WRITE) - XN determination should also work in secure mode (untested) - XN may even work in EL2 (currently impossible to test) 4. Cleans up the bloated PAGE_EXEC condition - by removing it. The helper get_S1prot is introduced. It may even work in EL2, when support for that comes, but, as the function name implies, it only works for stage 1 translations. Signed-off-by: Andrew Jones <drjones@redhat.com> Message-id: 1426099139-14463-4-git-send-email-drjones@redhat.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-03-16target-arm: fix get_phys_addr_v6/SCTLR_AFE access checkAndrew Jones1-7/+42
Introduce simple_ap_to_rw_prot(), which has the same behavior as ap_to_rw_prot(), but takes the 2-bit simple AP[2:1] instead of the 3-bit AP[2:0]. Use this in get_phys_addr_v6 when SCTLR_AFE is set, as that bit indicates we should be using the simple AP format. It's unlikely this path is getting used. I don't see CR_AFE getting used by Linux, so possibly not. If it had been, then the check would have been wrong for all but AP[2:1] = 0b11. Anyway, this should fix it up, in case it ever does get used. Signed-off-by: Andrew Jones <drjones@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1426099139-14463-3-git-send-email-drjones@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-03-16target-arm: convert check_ap to ap_to_rw_protAndrew Jones1-30/+19
Instead of mixing access permission checking with access permissions to page protection flags translation, just do the translation, and leave it to the caller to check the protection flags against the access type. Also rename to ap_to_rw_prot to better describe the new behavior. Signed-off-by: Andrew Jones <drjones@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1426099139-14463-2-git-send-email-drjones@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-03-16Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20150316' into stagingPeter Maydell14-60/+311
Final batch of s390x enhancements/fixes for 2.3: - handle TOD clock during migration - CPACF key wrap options - limit amount of pci device code we build - ensure big endian accesses for ccws - various fixes and cleanups # gpg: Signature made Mon Mar 16 10:01:44 2015 GMT using RSA key ID C6F02FAF # gpg: Good signature from "Cornelia Huck <huckc@linux.vnet.ibm.com>" # gpg: aka "Cornelia Huck <cornelia.huck@de.ibm.com>" * remotes/cohuck/tags/s390x-20150316: s390x/config: Do not include full pci.mak s390x/pci: fix length in sei_nt2 event s390x/ipl: remove dead code s390x/virtio-bus: Remove unused function s390_virtio_bus_console() s390x: CPACF: Handle key wrap machine options s390x/kvm: make use of generic vm attribute check kvm: encapsulate HAS_DEVICE for vm attrs virtio-ccw: assure BE accesses s390x/kvm: Guest Migration TOD clock synchronization s390x: Replace unchecked qdev_init() by qdev_init_nofail() Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-03-16Merge remote-tracking branch ↵Peter Maydell8-0/+0
'remotes/kraxel/tags/pull-seabios-1.8.1-20150316-1' into staging seabios: update to 1.8.1 stable release # gpg: Signature made Mon Mar 16 08:09:25 2015 GMT using RSA key ID D3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" * remotes/kraxel/tags/pull-seabios-1.8.1-20150316-1: seabios: update to 1.8.1 stable release Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-03-16Merge remote-tracking branch 'remotes/rth/tags/tcg-pull-20150313' into stagingPeter Maydell35-446/+433
Pool TCG data, and ALWAYS/NEVER fix # gpg: Signature made Fri Mar 13 20:09:09 2015 GMT using RSA key ID 4DD0279B # gpg: Good signature from "Richard Henderson <rth7680@gmail.com>" # gpg: aka "Richard Henderson <rth@redhat.com>" # gpg: aka "Richard Henderson <rth@twiddle.net>" * remotes/rth/tags/tcg-pull-20150313: tcg: Complete handling of ALWAYS and NEVER tcg: Use tcg_malloc to allocate TCGLabel tcg: Change generator-side labels to a pointer tcg: Change translator-side labels to a pointer tcg-ia64: Use tcg_malloc to allocate TCGLabelQemuLdst tcg: Use tcg_malloc to allocate TCGLabelQemuLdst Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-03-16s390x/config: Do not include full pci.makThomas Huth1-1/+2
pci.mak includes a lot of devices - and most of them do not make sense on s390x, like USB controllers or audio cards. These devices also show up when running "qemu-system-s390x -device help" and thus could raise the hope for the users that they could use these kind of devices with qemu-system-s390x. To avoid this confusion, we should not include pci.mak and rather include the bare minimum manually instead. Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com> Acked-by: Frank Blaschka <blaschka@linux.vnet.ibm.com> Message-Id: <1426169954-6062-1-git-send-email-thuth@linux.vnet.ibm.com> Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2015-03-16s390x/pci: fix length in sei_nt2 eventFrank Blaschka1-0/+1
The sei_nt2 event must contain the length of the event. Signed-off-by: Frank Blaschka <blaschka@linux.vnet.ibm.com> Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com> Message-Id: <1426164834-38648-7-git-send-email-jfrei@linux.vnet.ibm.com> Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>