aboutsummaryrefslogtreecommitdiff
path: root/hw/block
AgeCommit message (Collapse)AuthorFilesLines
2015-09-18Fix bad error handling after memory_region_init_ram()Markus Armbruster1-1/+1
Symptom: $ qemu-system-x86_64 -m 10000000 Unexpected error in ram_block_add() at /work/armbru/qemu/exec.c:1456: upstream-qemu: cannot set up guest memory 'pc.ram': Cannot allocate memory Aborted (core dumped) Root cause: commit ef701d7 screwed up handling of out-of-memory conditions. Before the commit, we report the error and exit(1), in one place, ram_block_add(). The commit lifts the error handling up the call chain some, to three places. Fine. Except it uses &error_abort in these places, changing the behavior from exit(1) to abort(), and thus undoing the work of commit 3922825 "exec: Don't abort when we can't allocate guest memory". The three places are: * memory_region_init_ram() Commit 4994653 (right after commit ef701d7) lifted the error handling further, through memory_region_init_ram(), multiplying the incorrect use of &error_abort. Later on, imitation of existing (bad) code may have created more. * memory_region_init_ram_ptr() The &error_abort is still there. * memory_region_init_rom_device() Doesn't need fixing, because commit 33e0eb5 (soon after commit ef701d7) lifted the error handling further, and in the process changed it from &error_abort to passing it up the call chain. Correct, because the callers are realize() methods. Fix the error handling after memory_region_init_ram() with a Coccinelle semantic patch: @r@ expression mr, owner, name, size, err; position p; @@ memory_region_init_ram(mr, owner, name, size, ( - &error_abort + &error_fatal | err@p ) ); @script:python@ p << r.p; @@ print "%s:%s:%s" % (p[0].file, p[0].line, p[0].column) When the last argument is &error_abort, it gets replaced by &error_fatal. This is the fix. If the last argument is anything else, its position is reported. This lets us check the fix is complete. Four positions get reported: * ram_backend_memory_alloc() Error is passed up the call chain, ultimately through user_creatable_complete(). As far as I can tell, it's callers all handle the error sanely. * fsl_imx25_realize(), fsl_imx31_realize(), dp8393x_realize() DeviceClass.realize() methods, errors handled sanely further up the call chain. We're good. Test case again behaves: $ qemu-system-x86_64 -m 10000000 qemu-system-x86_64: cannot set up guest memory 'pc.ram': Cannot allocate memory [Exit 1 ] The next commits will repair the rest of commit ef701d7's damage. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <1441983105-26376-3-git-send-email-armbru@redhat.com> Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
2015-09-14Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell1-1/+1
* Support for jemalloc * qemu_mutex_lock_iothread "No such process" fix * cutils: qemu_strto* wrappers * iohandler.c simplification * Many other fixes and misc patches. And some MTTCG work (with Emilio's fixes squashed): * Signal-free TCG kick * Removing spinlock in favor of QemuMutex * User-mode emulation multi-threading fixes/docs # gpg: Signature made Thu 10 Sep 2015 09:03:07 BST using RSA key ID 78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" * remotes/bonzini/tags/for-upstream: (44 commits) cutils: work around platform differences in strto{l,ul,ll,ull} cpu-exec: fix lock hierarchy for user-mode emulation exec: make mmap_lock/mmap_unlock globally available tcg: comment on which functions have to be called with mmap_lock held tcg: add memory barriers in page_find_alloc accesses remove unused spinlock. replace spinlock by QemuMutex. cpus: remove tcg_halt_cond and tcg_cpu_thread globals cpus: protect work list with work_mutex scripts/dump-guest-memory.py: fix after RAMBlock change configure: Add support for jemalloc add macro file for coccinelle configure: factor out adding disas configure vhost-scsi: fix wrong vhost-scsi firmware path checkpatch: remove tests that are not relevant outside the kernel checkpatch: adapt some tests to QEMU CODING_STYLE: update mixed declaration rules qmp: Add example usage of strto*l() qemu wrapper cutils: Add qemu_strtoull() wrapper cutils: Add qemu_strtoll() wrapper ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-09-11maint: remove unused include for signal.hDaniel P. Berrange1-1/+0
A number of files were including signal.h but not using any of the functions it provides Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-09-10virtio: avoid leading underscores for helpersCornelia Huck1-3/+4
Commit ef546f1275f6563e8934dd5e338d29d9f9909ca6 ("virtio: add feature checking helpers") introduced a helper __virtio_has_feature. We don't want to use reserved identifiers, though, so let's rename __virtio_has_feature to virtio_has_feature and virtio_has_feature to virtio_vdev_has_feature. Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-09-09i8257: rewrite DMA_schedule to avoid hooking into the CPU loopPaolo Bonzini1-1/+1
The i8257 DMA controller uses an idle bottom half, which by default does not cause the main loop to exit. Therefore, the DMA_schedule function is there to ensure that the CPU relinquishes the iothread mutex to the iothread. However, this is not enough since the iothread will call aio_compute_timeout() and go to sleep again. In the iothread world, forcing execution of the idle bottom half is much simpler, and only requires a call to qemu_notify_event(). Do it, removing the need for the "cpu_request_exit" pseudo-irq. The next patch will remove it. Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-09-07hw/block/nvme.c: Use pow2ceil() rather than hand-calculationPeter Maydell1-1/+1
Use pow2ceil() to round up to the next power of 2, rather than an inline calculation. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Message-id: 1437741192-20955-4-git-send-email-peter.maydell@linaro.org
2015-07-29virtio-blk-dataplane: delete bottom half before the AioContext is freedPaolo Bonzini1-1/+1
Other uses of aio_bh_new are safe as long as all scheduled bottom halves are run before an iothread is destroyed, which bdrv_drain will ensure: - archipelago_finish_aiocb: BH deletes itself - inject_error: BH deletes itself - blkverify_aio_bh: BH deletes itself - abort_aio_request: BH deletes itself - curl_aio_readv: BH deletes itself - gluster_finish_aiocb: BH deletes itself - bdrv_aio_rw_vector: BH deletes itself - bdrv_co_maybe_schedule_bh: BH deletes itself - iscsi_schedule_bh, iscsi_co_generic_cb: BH deletes itself - laio_attach_aio_context: deleted in laio_detach_aio_context, called through bdrv_detach_aio_context before deleting the iothread - nfs_co_generic_cb: BH deletes itself - null_aio_common: BH deletes itself - qed_aio_complete: BH deletes itself - rbd_finish_aiocb: BH deletes itself - dma_blk_cb: BH deletes itself - virtio_blk_dma_restart_cb: BH deletes itself - qemu_bh_new: main loop AioContext is never destroyed - test-aio.c: bh_delete_cb deletes itself, otherwise deleted in the same function that calls aio_bh_new Reported-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Message-id: 1438101249-25166-2-git-send-email-pbonzini@redhat.com Message-Id: <1438086628-13000-1-git-send-email-pbonzini@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-07-27virtio: minor cleanupMichael S. Tsirkin1-1/+0
There's no need for blk to set ANY_LAYOUT, it's done by virtio core as necessary. Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-07-27virtio-blk: only clear VIRTIO_F_ANY_LAYOUT for legacy deviceJason Wang1-1/+1
Chapter 6.3 of spec said " Transitional devices MUST offer, and if offered by the device transitional drivers MUST accept the following: VIRTIO_F_ANY_LAYOUT (27) " So this patch only clear VIRTIO_F_LAYOUT for legacy device. Cc: Stefan Hajnoczi <stefanha@redhat.com> Cc: Kevin Wolf <kwolf@redhat.com> Cc: qemu-block@nongnu.org Signed-off-by: Jason Wang <jasowang@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Acked-by: Paolo Bonzini <pbonzini@redhat.com>
2015-07-27virtio-blk: fail get_features when both scsi and 1.0 were setJason Wang1-1/+9
SCSI passthrough was no longer supported in virtio 1.0, so this patch fail the get_features() when both 1.0 and scsi is set. And also only advertise VIRTIO_BLK_F_SCSI for legacy virtio-blk device. Signed-off-by: Jason Wang <jasowang@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Acked-by: Paolo Bonzini <pbonzini@redhat.com>
2015-07-27virtio: get_features() can failJason Wang1-1/+2
Signed-off-by: Jason Wang <jasowang@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Acked-by: Paolo Bonzini <pbonzini@redhat.com>
2015-07-27virtio: set any_layout in virtio coreMichael S. Tsirkin1-0/+1
Exceptions: - virtio-blk - compat machine types Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-07-14nvme: properly report volatile write cachesChristoph Hellwig1-5/+14
Implement support in Identify and Get/Set Features to properly report and allow to change the Volatile Write Cache status reported by the virtual NVMe device. Signed-off-by: Christoph Hellwig <hch@lst.de> Acked-by: Keith Busch <keith.busch@intel.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-07-14nvme: implement the Flush commandChristoph Hellwig2-3/+17
Implement a real flush instead of faking it. This is especially important as Qemu assume Write back cashing by default and thus requires a working cache flush operation for data integrity. Signed-off-by: Christoph Hellwig <hch@lst.de> Acked-by: Keith Busch <keith.busch@intel.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-06-24virito-blk: drop duplicate checkGonglei1-2/+1
in_num = req->elem.in_num, and req->elem.in_num is checked in line 489, so the check about in_num variable is superflous, let's drop it. Signed-off-by: Gonglei <arei.gonglei@huawei.com> Reviewed-by: Fam Zheng <famz@redhat.com> Message-id: 1435138164-11728-1-git-send-email-arei.gonglei@huawei.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-06-23nvme: Fix memleak in nvme_dma_read_prpLu Lina1-0/+1
Signed-off-by: Lu Lina <lina.lulina@huawei.com> Acked-by: Keith Busch <keith.busch@intel.com> Message-id: 1434695254-69808-1-git-send-email-kathy.wangting@huawei.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-06-23virtio-blk: Use blk_drain() to drain IO requestsAlexander Yarygin1-5/+10
Each call of the virtio_blk_reset() function calls blk_drain_all(), which works for all existing BlockDriverStates, while draining only one is needed. This patch replaces blk_drain_all() by blk_drain() in virtio_blk_reset(). virtio_blk_data_plane_stop() should be called after draining because it restores vblk->complete_request. Cc: "Michael S. Tsirkin" <mst@redhat.com> Cc: Christian Borntraeger <borntraeger@de.ibm.com> Cc: Cornelia Huck <cornelia.huck@de.ibm.com> Cc: Kevin Wolf <kwolf@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Alexander Yarygin <yarygin@linux.vnet.ibm.com> Message-id: 1434537440-28236-3-git-send-email-yarygin@linux.vnet.ibm.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-06-12migration: Use normal VMStateDescriptions for SubsectionsJuan Quintela1-26/+16
We create optional sections with this patch. But we already have optional subsections. Instead of having two mechanism that do the same, we can just generalize it. For subsections we just change: - Add a needed function to VMStateDescription - Remove VMStateSubsection (after removal of the needed function it is just a VMStateDescription) - Adjust the whole tree, moving the needed function to the corresponding VMStateDescription Signed-off-by: Juan Quintela <quintela@redhat.com>
2015-06-08Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell1-127/+77
* KVM error improvement from Laurent * CONFIG_PARALLEL fix from Mirek * Atomic/optimized dirty bitmap access from myself and Stefan * BUILD_DIR convenience/bugfix from Peter C * Memory leak fix from Shannon * SMM improvements (though still TCG only) from myself and Gerd, acked by mst # gpg: Signature made Fri Jun 5 18:45:20 2015 BST using RSA key ID 78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" # gpg: WARNING: This key is not certified with sufficiently trusted signatures! # gpg: It is not certain that the signature belongs to the owner. # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini/tags/for-upstream: (62 commits) update Linux headers from kvm/next atomics: add explicit compiler fence in __atomic memory barriers ich9: implement SMI_LOCK q35: implement TSEG q35: add test for SMRAM.D_LCK q35: implement SMRAM.D_LCK q35: add config space wmask for SMRAM and ESMRAMC q35: fix ESMRAMC default q35: implement high SMRAM hw/i386: remove smram_update target-i386: use memory API to implement SMRAM hw/i386: add a separate region that tracks the SMRAME bit target-i386: create a separate AddressSpace for each CPU vl: run "late" notifiers immediately qom: add object_property_add_const_link vl: allow full-blown QemuOpts syntax for -global pflash_cfi01: add secure property pflash_cfi01: change to new-style MMIO accessors pflash_cfi01: change big-endian property to BIT type target-i386: wake up processors that receive an SMI ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-06-05pflash_cfi01: add secure propertyPaolo Bonzini1-44/+67
When this property is set, MMIO accesses are only allowed with the MEMTXATTRS_SECURE attribute. This is used for secure access to UEFI variables stored in flash. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-06-05pflash_cfi01: change to new-style MMIO accessorsPaolo Bonzini1-86/+10
This is a required step to implement read_with_attrs and write_with_attrs. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-06-05pflash_cfi01: change big-endian property to BIT typePaolo Bonzini1-4/+7
Make this consistent with the secure property, added in the next patch. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-06-02fdc: Fix MSR.RQM flagKevin Wolf1-1/+12
The RQM bit in MSR should be set whenever the guest is supposed to access the FIFO, and it should be cleared in all other cases. This is important so the guest can't continue writing/reading the FIFO beyond the length that it's suppossed to access (see CVE-2015-3456). Commit e9077462 fixed the CVE by adding code that avoids the buffer overflow; however it doesn't correct the wrong behaviour of the floppy controller which should already have cleared RQM. Currently, RQM stays set all the time and during all phases while a command is being processed. This is error-prone because the command has to explicitly clear the flag if it doesn't need data (and indeed, the two buggy commands that are the culprits for the CVE just forgot to do that). This patch clears RQM immediately as soon as all bytes that are expected have been received. If the the FIFO is used in the next phase, the flag has to be set explicitly there. It also clear RQM after receiving all bytes even if the phase transition immediately sets it again. While it's technically not necessary at the moment because the state between clearing and setting RQM is not observable by the guest, this is more explicit and matches how real hardware works. It will actually become necessary in qemu once asynchronous code paths are introduced. This alone should have been enough to fix the CVE, but now we have two lines of defense - even better. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com> Message-id: 1432214378-31891-8-git-send-email-kwolf@redhat.com Signed-off-by: John Snow <jsnow@redhat.com>
2015-06-02fdc: Disentangle phases in fdctrl_read_data()Kevin Wolf1-10/+23
This commit makes similar improvements as have already been made to the write function: Instead of relying on a flag in the MSR to distinguish controller phases, use the explicit phase that we store now. Assertions of the right MSR flags are added. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com> Message-id: 1432214378-31891-7-git-send-email-kwolf@redhat.com Signed-off-by: John Snow <jsnow@redhat.com>
2015-06-02fdc: Code cleanup in fdctrl_write_data()Kevin Wolf1-24/+39
Factor out a few common lines of code, reformat, improve comments. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com> Message-id: 1432214378-31891-6-git-send-email-kwolf@redhat.com Signed-off-by: John Snow <jsnow@redhat.com>
2015-06-02fdc: Use phase in fdctrl_write_data()Kevin Wolf1-28/+41
Instead of relying on a flag in the MSR to distinguish controller phases, use the explicit phase that we store now. Assertions of the right MSR flags are added. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com> Message-id: 1432214378-31891-5-git-send-email-kwolf@redhat.com Signed-off-by: John Snow <jsnow@redhat.com>
2015-06-02fdc: Introduce fdctrl->phaseKevin Wolf1-0/+89
The floppy controller spec describes three different controller phases, which are currently not explicitly modelled in our emulation. Instead, each phase is represented by a combination of flags in registers. This patch makes explicit in which phase the controller currently is. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Acked-by: John Snow <jsnow@redhat.com> Message-id: 1432214378-31891-4-git-send-email-kwolf@redhat.com Signed-off-by: John Snow <jsnow@redhat.com>
2015-06-02fdc: Rename fdctrl_set_fifo() to fdctrl_to_result_phase()Kevin Wolf1-15/+16
What callers really do with this function is to switch from execution phase (including data transfers) to result phase where the guest can read out one or more status bytes from the FIFO (the number depends on the command). Rename the function accordingly. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com> Message-id: 1432214378-31891-3-git-send-email-kwolf@redhat.com Signed-off-by: John Snow <jsnow@redhat.com>
2015-06-02fdc: Rename fdctrl_reset_fifo() to fdctrl_to_command_phase()Kevin Wolf1-15/+15
What all callers of fdctrl_reset_fifo() really want to do is to start the command phase, where writes to the data port initiate a new command. The function doesn't only clear the FIFO, but also sets up the state so that a new command can be received. Rename it to reflect this. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com> Message-id: 1432214378-31891-2-git-send-email-kwolf@redhat.com Signed-off-by: John Snow <jsnow@redhat.com>
2015-06-01virtio: make features 64bit wideGerd Hoffmann1-1/+1
Make features 64bit wide everywhere. On migration a full 64bit guest_features field is sent if one of the high bits is set, in addition to the lower 32bit guest_features field which must stay for compatibility reasons. That way we send the lower 32 feature bits twice, but the code is simpler because we don't have to split and compose the 64bit features into two 32bit fields. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-05-22nvme: support NVME_VOLATILE_WRITE_CACHE featureChristoph Hellwig1-0/+3
The SCSI emulation in the Linux NVMe driver really wants to know if a device has a volatile write cache. Given that qemu has moved away from a model where we report the backing store WCE bit to one where the WCE bit is supposed to be part of the migratable guest-visible state we always return 1 here. Signed-off-by: Christoph Hellwig <hch@lst.de> Acked-by: Keith Busch <keith.busch@intel.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-05-12fdc: force the fifo access to be in bounds of the allocated bufferPetr Matousek1-6/+11
During processing of certain commands such as FD_CMD_READ_ID and FD_CMD_DRIVE_SPECIFICATION_COMMAND the fifo memory access could get out of bounds leading to memory corruption with values coming from the guest. Fix this by making sure that the index is always bounded by the allocated memory. This is CVE-2015-3456. Signed-off-by: Petr Matousek <pmatouse@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com> Signed-off-by: John Snow <jsnow@redhat.com>
2015-04-30Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into stagingPeter Maydell1-0/+7
Block patches # gpg: Signature made Thu Apr 30 19:51:16 2015 BST using RSA key ID C88F2FD6 # gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" * remotes/kevin/tags/for-upstream: Enable NVMe start controller for Windows guest. MAINTAINERS: Add qemu-block list where missing MAINTAINERS: make block layer core Kevin Wolf's responsibility MAINTAINERS: make image fuzzer Stefan Hajnoczi's responsibility MAINTAINERS: make block I/O path Stefan Hajnoczi's responsibility MAINTAINERS: split out image formats MAINTAINERS: make virtio-blk Stefan Hajnoczi's responsibility Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-04-30Enable NVMe start controller for Windows guest.Daniel Stekloff1-0/+7
Windows seems to send two separate calls to NVMe controller configuration. The first sends configuration info and the second the enable bit. I couldn't enable the Windows 8.1 in-box NVMe driver with base Qemu. I made the following change to store the configuration data and then handle enable and NVMe driver works on Windows 8.1. I am not a Windows expert and I'm not entirely sure this is the correct approach. I'm offering it for anyone who wishes to use NVMe on Windows 8.1 using Qemu. I have tested this change with Linux and Windows guests with NVMe devices. Signed-off-by: Daniel Stekloff <dan@wendan.org> Acked-by: Keith Busch <keith.busch@intel.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-04-30misc: Fix new collection of typosStefan Weil1-1/+1
All of them were reported by codespell. Most typos are in comments, one is in an error message. Signed-off-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-04-28fdc: remove sparc sun4m mutationsHervé Poussineau1-17/+0
They were introduced in 6f7e9aec5eb5bdfa57a9e458e391b785c283a007 and 82407d1a4035e5bfefb53ffdcb270872f813b34c and lots of bug fixes were done after that. This fixes (at least) the detection of the floppy controller on Debian 4.0r9/SPARC, and SS-5's OBP initialization routine still works. Signed-off-by: Hervé Poussineau <hpoussin@reactos.org> Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Message-id: 1426351846-6497-1-git-send-email-hpoussin@reactos.org Signed-off-by: John Snow <jsnow@redhat.com>
2015-04-28m25p80: fix s->blk usage before assignmentStefan Hajnoczi1-1/+3
Delay the call to blk_blockalign() until s->blk has been assigned. This never caused a crash because blk_blockalign(NULL, size) defaults to 4096 alignment but it's technically incorrect. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Message-id: 1429091024-25098-1-git-send-email-stefanha@redhat.com Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-04-28m25p80: add missing blk_attach_dev_nofailPaolo Bonzini1-0/+1
Of the block devices that poked into -drive options via drive_get_next, m25p80 was the only one who also did not attach itself to the BlockBackend. Since sd does it, and all other devices go through a "drive" property, with this change all block backends attached to the guest will have a non-NULL result for blk_get_attached_dev(). Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Message-id: 1429025387-11077-1-git-send-email-pbonzini@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-04-08virtio-blk: correctly dirty guest memoryPaolo Bonzini2-3/+13
After qemu_iovec_destroy, the QEMUIOVector's size is zeroed and the zero size ultimately is used to compute virtqueue_push's len argument. Therefore, reads from virtio-blk devices did not migrate their results correctly. (Writes were okay). Save the size in virtio_blk_handle_request, and use it when the request is completed. Based on a patch by Wen Congyang. Signed-off-by: Wen Congyang <wency@cn.fujitsu.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Tested-by: Li Zhijian <lizhijian@cn.fujitsu.com> Message-id: 1427997044-392-1-git-send-email-pbonzini@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-04-02hw: Mark devices picking up block backends actively FIXMEMarkus Armbruster1-0/+1
Drives defined with if!=none are for board initialization to wire up. Board code calls drive_get() or similar to find them, and creates devices with their qdev drive properties set accordingly. Except a few devices go on a fishing expedition for a suitable backend instead of exposing a drive property for board code to set: they call driver_get() or drive_get_next() in their realize() or init() method to implicitly connect to the "next" backend with a certain interface type. Picking up backends that way works when the devices are created by board code. But it's inappropriate for -device or device_add. Not only is this inconsistent with how the other block device models work (they connect to a backend explicitly identified by a "drive" property), it breaks when the "next" backend has been picked up by the board already. Example: $ qemu-system-arm -S -M connex -pflash flash.img -device ssi-sd Aborted (core dumped) Mark them with suitable FIXME comments. Cc: Andrzej Zaborowski <balrogg@gmail.com> Cc: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Cc: "Andreas Färber" <andreas.faerber@web.de> Cc: Michael Walle <michael@walle.cc> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-03-27nvme: Fix unintentional integer overflow (OVERFLOW_BEFORE_WIDEN)Stefan Weil1-1/+1
The shift operation on nlb gives a 32 bit result if no type cast is applied. This bug was reported by Coverity. Signed-off-by: Stefan Weil <sw@weilnetz.de> Message-id: 1426348844-8793-1-git-send-email-sw@weilnetz.de Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-03-10Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell2-4/+4
- scsi: improvements to error reporting and conversion to realize, Coverity/sparse fix for iscsi driver - RCU fallout: fix -daemonize and s390x system emulation - KVM: kvm_stat improvements and new man page - x86: SYSRET fix for VxWorks # gpg: Signature made Tue Mar 10 10:18:45 2015 GMT using RSA key ID 78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini/tags/for-upstream: x86: fix SS selector in SYSRET scsi: Convert remaining PCI HBAs to realize() scsi: Improve error reporting for invalid drive property hw: Propagate errors through qdev_prop_set_drive() scsi: Clean up duplicated error in legacy if=scsi code cpus: initialize cpu->memory_dispatch rcu: handle forks safely qemu-thread: do not use PTHREAD_MUTEX_ERRORCHECK kvm_stat: add kvm_stat.1 man page kvm_stat: add column headers to text UI iscsi: Fix check for username Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-03-10Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into stagingPeter Maydell4-9/+43
Block patches for 2.3 # gpg: Signature made Tue Mar 10 13:03:17 2015 GMT using RSA key ID C88F2FD6 # gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" * remotes/kevin/tags/for-upstream: (73 commits) MAINTAINERS: Add jcody as blockjobs, block devices maintainer iotests: add O_DIRECT alignment probing test block/raw-posix: fix launching with failed disks MAINTAINERS: Add jsnow as IDE maintainer sheepdog: Fix misleading error messages in sd_snapshot_create() Add testcase for scsi-hd devices without drive property scsi-hd: fix property unset case block/vdi: Add locking for parallel requests iotests: Drop vpc from 004's and 104's format list iotests: Remove 006 iotests: Fix 051's reference output virtio-blk: Remove the stale FIXME comment tests: Check QVIRTIO_F_ANY_LAYOUT flag in virtio-blk test libqos: Solve bug in interrupt checking when using MSIX in virtio-pci.c sheepdog: fix confused return values qtest/ahci: add fragmented dma test qtest/ahci: Add PIO and LBA48 tests qtest/ahci: Add DMA test variants libqos/ahci: add ahci command helpers qtest/ahci: Add a macro bootup routine ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-03-10virtio-blk: Remove the stale FIXME commentFam Zheng1-6/+0
By default, we have ioeventfd enabled, so the IO request processing is in IO thread; in the vcpu thread, guest mode is returned to as quickly as possible, and completion is delivered via irqfd. Therefore this comment from the initial implementation is barely relevant. Signed-off-by: Fam Zheng <famz@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-03-10BlockConf: Call backend functions to detect geometry and blocksizesEkaterina Tumanova4-1/+35
geometry: hd_geometry_guess function autodetects the drive geometry. This patch adds a block backend call, that probes the backing device geometry. If the inner driver method is implemented and succeeds (currently only for DASDs), the blkconf_geometry will pass-through the backing device geometry. Otherwise will fallback to old logic. blocksize: This patch initializes blocksize properties to 0. In order to set the property a blkconf_blocksizes was introduced. If user didn't set physical or logical blocksize, it will retrieve its value from a driver (only succeeds for DASD), otherwise it will set default 512 value. The blkconf_blocksizes call was added to all users of BlkConf. Signed-off-by: Ekaterina Tumanova <tumanova@linux.vnet.ibm.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Message-id: 1424087278-49393-6-git-send-email-tumanova@linux.vnet.ibm.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-03-10virtio-blk: Check return value of blk_aio_ioctlFam Zheng1-2/+8
Since commit 1dc936aa84 (virtio-blk: Use blk_aio_ioctl) we silently lose the request if blk_aio_ioctl returns NULL (not implemented). Fix it by directly returning VIRTIO_BLK_S_UNSUPP as we used to do. Signed-off-by: Fam Zheng <famz@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> [ kwolf: Fixed build error on win32 ] Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-03-10hw: Propagate errors through qdev_prop_set_drive()Markus Armbruster2-4/+4
Three kinds of callers: 1. On failure, report the error and abort Passing &error_abort does the job. No functional change. 2. On failure, report the error and exit() This is qdev_prop_set_drive_nofail(). Error reporting moves from qdev_prop_set_drive() to its caller. Because hiding away the error in the monitor right before exit() isn't helpful, replace qerror_report_err() by error_report_err(). Shouldn't make a difference, because qdev_prop_set_drive_nofail() should never be used in QMP context. 3. On failure, report the error and recover This is usb_msd_init() and scsi_bus_legacy_add_drive(). Error reporting and freeing the error object moves from qdev_prop_set_drive() to its callers. Because usb_msd_init() can't run in QMP context, replace qerror_report_err() by error_report_err() there. No functional change. scsi_bus_legacy_add_drive() calling qerror_report_err() is of course inappropriate, but this commit merely makes it more obvious. The next one will clean it up. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Message-Id: <1425925048-15482-3-git-send-email-armbru@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-03-10block: remove superfluous '\n' around error_report/error_setgGonglei1-1/+1
Signed-off-by: Gonglei <arei.gonglei@huawei.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-02-26virtio: add feature checking helpersCornelia Huck1-5/+2
Add a helper function for checking whether a bit is set in the guest features for a vdev as well as one that works on a feature bit set. Convert code that open-coded this: It cleans up the code and makes it easier to extend the guest feature bits. Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-02-26virtio: feature bit manipulation helpersCornelia Huck1-8/+8
Add virtio_{add,clear}_feature helper functions for manipulating a feature bits variable. This has some benefits over open coding: - add check that the bit is in a sane range - make it obvious at a glance what is going on - have a central point to change when we want to extend feature bits Convert existing code manipulating features to use the new helpers. Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>