This code was originally developed by Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Miguel Di Ciurcio Filho <miguel.filho@gmail.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This patch improves the resilience of the load_vmstate() function, doing
further and better ordered tests.
In load_vmstate(), if there is any error on bdrv_snapshot_goto(), except if the
error is on VM state device, load_vmstate() will return zero and the VM will be
started with major corruption chances.
The current process:
- test if there is any writable device without snapshot support
- if exists return -error
- get the device that saves the VM state, possible return -error but unlikely
because it was tested earlier
- flush I/O
- run bdrv_snapshot_goto() on devices
- if fails, give an warning and goes to the next (not good!)
- if fails on the VM state device, return zero (not good!)
- check if the requested snapshot exists on the device that saves the VM state
and the state is not zero
- if fails return -error
- open the file with the VM state
- if fails return -error
- load the VM state
- if fails return -error
- return zero
New behavior:
- get the device that saves the VM state
- if fails return -error
- check if the requested snapshot exists on the device that saves the VM state
and the state is not zero
- if fails return -error
- test if there is any writable device without snapshot support
- if exists return -error
- test if the devices with snapshot support have the requested snapshot
- if anyone fails, return -error
- flush I/O
- run snapshot_goto() on devices
- if anyone fails, return -error
- open the file with the VM state
- if fails return -error
- load the VM state
- if fails return -error
- return zero
do_loadvm must not call vm_start if any error has occurred in load_vmstate.
Signed-off-by: Miguel Di Ciurcio Filho <miguel.filho@gmail.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
When a 'cont' is issued on a VM that's just waiting for an incoming
migration, the VM reboots and boots into the guest, possibly corrupting
its storage since it could be shared with another VM running elsewhere.
Ensure that a VM started with '-incoming' is only run when an incoming
migration successfully completes.
A new qerror, QERR_MIGRATION_EXPECTED, is added to signal that 'cont'
failed due to no incoming migration has been attempted yet.
Reported-by: Laine Stump <laine@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Ported commands that are marked 'user_only' will not be considered for
QMP monitor sessions. This allows to implement new commands that do not
(yet) provide a sufficiently stable interface for QMP use.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
This is similar to qmp_check_client_args(), but it checks if
the input object follows the specification (QMP/qmp-spec.txt
section 2.3).
As we're limited to three keys, the work here is quite simple:
we iterate over the input object, checking each time if the
current argument complies to the specification.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Previous two commits added qmp_check_client_args(), which
fully replaces this code and is way better.
It's important to note that the new checker doesn't support
the '/' arg type. As we don't have any of those handlers
converted to QMP, this is just dead code.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
This commit introduces the second (and last) part of QMP's new
argument checker.
The job is done by check_client_args_type(), it iterates over
the client's argument qdict and for for each argument it checks
if it exists and if its type is valid.
It's important to observe the following changes from the existing
argument checker:
- If the handler accepts an O-type argument, unknown arguments
are passed down to it. It's up to O-type handlers to validate
their arguments
- Boolean types (eg. 'b' and '-') don't accept integers anymore,
only json-bool
- Argument types '/' and '.' are currently unsupported under QMP,
thus they're not handled
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Current QMP's argument checker is more complex than it should be
and has (at least) one serious bug: it ignores unknown arguments.
To solve both problems we introduce a new argument checker. It's
added on top of the existing one, so that there are no regressions
during the transition.
This commit introduces the first part of the new checker, which
is run by qmp_check_client_args() and does the following:
1. Check if all mandatory arguments were provided
2. Set flags for argument validation
In order to do that, we transform the args_type string (from
qemu-montor.hx) into a qdict and iterate over it.
Next commit adds the new checker's second part: type checking and
invalid argument detection.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Historically, user monitor arguments beginning with '-' (eg. '-f')
were passed as integers down to handlers.
I've maintained this behavior in the new monitor because we didn't
have a boolean type at the very beginning of QMP. Today we have it
and this behavior is causing trouble to QMP's argument checker.
This commit fixes the problem by doing the following changes:
1. User Monitor
Before: the optional arg was represented as a QInt, we'd pass 1
down to handlers if the user specified the argument or
0 otherwise
This commit: the optional arg is represented as a QBool, we pass
true down to handlers if the user specified the
argument, otherwise _nothing_ is passed
2. QMP
Before: the client was required to pass the arg as QBool, but we'd
convert it to QInt internally. If the argument wasn't passed,
we'd pass 0 down
This commit: still require a QBool, but doesn't do any conversion and
doesn't pass any default value
3. Convert existing handlers (do_eject()/do_migrate()) to the new way
Before: Both handlers would expect a QInt value, either 0 or 1
This commit: Change the handlers to accept a QBool, they handle the
following cases:
A) true is passed: the option is enabled
B) false is passed: the option is disabled
C) nothing is passed: option not specified, use
default behavior
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
The current asynchronous command API doesn't return a QMP response
when the async command fails.
This is easy to reproduce with the balloon command (the sole async
command we have so far): run qemu w/o the '-balloon virtio' option
and try to issue the balloon command via QMP: no response will be
sent to the client.
This commit fixes the problem by making qmp_async_cmd_handler()
return the handler's error code and then calling
monitor_protocol_emitter() if the handler has returned an error.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
As we want to add more flags to monitor commands, convert the only so
far existing one accordingly.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
We now have to move forward to the next argument type via next_arg_type.
This patch fixes completion for 'eject' and maybe also other commands.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Given too many arguments or an invalid command, we were leaking the
duplicated argument strings.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
The code comes from
http://lists.gnu.org/archive/html/qemu-devel/2010-05/msg02788.html
Without this patch it is not possible to send at least 10 special
characters (\|'"`~:;[]{}) via the monitor sendkey command.
Signed-off-by: Bernhard M. Wiedemann <qemudevbmw@lsmod.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This command was of minimal use before, now it is useless as the hpet
become a qdev device and is thus easily discoverable. We should
definitely not set query-hpet in QMP's stone, and there is also no good
reason to keep it for the interactive monitor.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Anything that moves hundreds of lines out of vl.c can't be all bad.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Previous commit added QMP documentation to the qemu-monitor.hx
file, it's is a copy of this information.
While it's good to keep it near code, maintaining two copies of
the same information is too hard and has little benefit as we
don't expect client writers to consult the code to find how to
use a QMP command.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This is a new version of the (now reverted) following commit:
0e8d2b5575
The 'quit' Monitor command (implemented by do_quit()) calls
exit() directly, this is problematic under QMP because QEMU
exits before having a chance to send the ok response.
Clients don't know if QEMU exited because of a problem or
because the 'quit' command has been executed.
This commit fixes that by making do_quit() use
qemu_system_shutdown_request(), so that we exit gracefully.
Thanks to Paolo Bonzini <pbonzini@redhat.com> for suggesting
this solution.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Recalculate Sparc64 CPU flags on interrupts, otherwise some earlier
flags could be stored to pstate.
Refactor PSR/CCR/CWP handling: concentrate the actual
functions to op_helper.c.
Thanks to Igor Kovalenko for reporting.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Current code of monitor command: 'change', used to open file for read-write
uncoditionally. Change to open it as read-only for CDROM, and read-write for all others.
Signed-off-by: Naphtali Sprei <nsprei@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
It's emitted when the Virtual Machine resumes execution.
We currently have the STOP event but don't have the matching
RESUME one, this means that clients are notified when the VM
is stopped but don't get anything when it resumes.
Let's fix that as it's already causing some trouble to libvirt.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
If there is already a fd in s->msgfd before recvmsg it is
closed by parts that this patch does not touch. So, only
one descriptor can be "leaked" by attaching it to a command
other than getfd.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
The 'quit' Monitor command (implemented by do_quit()) calls
exit() directly, this is problematic under QMP because QEMU
exits before having a chance to send the ok response.
Clients don't know if QEMU exited because of a problem or
because the 'quit' command has been executed.
This commit fixes that by moving the exit() call to the main
loop, so that do_quit() requests the system to quit, instead
of calling exit() directly.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
The QERR_QMP_BAD_INPUT_OBJECT error is going to be used only
for two problems: the input is not an object or the "execute"
key is missing.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
What is known today as bdrv_open2 becomes the new bdrv_open. All remaining
callers of the old function are converted to the new one. In some places they
even know the right format, so they should have used bdrv_open2 from the
beginning.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Trivial, as it never fails, doesn't have output nor return
any data.
Note that it's also available under QMP, as kvm-autotest
needs this.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
This is a boolean value. Human monitor accepts "on" or "off".
Consistent with option parsing (see parse_option_bool()).
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
To make 'b' available for boolean argument.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Currently when using the change command to switch the file in the cd drive
the command doesn't complain if the file doesn't exit or can't be opened
and the drive keeps the existing image. This patch adds a qerror_report
call to print a message out indicating the failure. This error message
can be used to catch failures.
Current behavior:
QEMU 0.12.50 monitor - type 'help' for more information
(qemu) info block
ide0-hd0: type=hd removable=0 file=/dev/null ro=0 drv=host_device encrypted=0
ide1-cd0: type=cdrom removable=1 locked=0 [not inserted]
floppy0: type=floppy removable=1 locked=0 [not inserted]
sd0: type=floppy removable=1 locked=0 [not inserted]
(qemu) change ide1-cd0 /home/rharper/work/isos/Fedora-9-i386-DVD.iso
(qemu) info block
ide0-hd0: type=hd removable=0 file=/dev/null ro=0 drv=host_device encrypted=0
ide1-cd0: type=cdrom removable=1 locked=0
file=/home/rharper/work/isos/Fedora-9-i386-DVD.iso ro=0 drv=raw encrypted=0
floppy0: type=floppy removable=1 locked=0 [not inserted]
sd0: type=floppy removable=1 locked=0 [not inserted]
(qemu) change ide1-cd0 /tmp/non_existent_file.iso
(qemu) info block
ide0-hd0: type=hd removable=0 file=/dev/null ro=0 drv=host_device encrypted=0
ide1-cd0: type=cdrom removable=1 locked=0 [not inserted]
floppy0: type=floppy removable=1 locked=0 [not inserted]
sd0: type=floppy removable=1 locked=0 [not inserted]
(qemu)
With patch:
QEMU 0.12.50 monitor - type 'help' for more information
(qemu) change ide1-cd0 /tmp/non_existent_file.iso
Could not open '/tmp/non_existent_file.iso'
(qemu)
Signed-off-by: Ryan Harper <ryanh@us.ibm.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
In the human monitor, it declares a single optional argument to be
parsed according to the QemuOptsList given by its name.
In QMP, it declares an optional argument for each member of the
QemuOptsList.
Restriction: only lists with empty desc are supported for now. Good
enough for the job at hand. We'll lift the restriction when we need
that.
While fully converted handlers are not supposed to print anything when
running in a QMP monitor, they are free to print in a human monitor.
For instance, device_add (not yet converted) prints help, and will
continue to do so after conversion.
Moreover, utility functions converted to QError should remain usable
from unconverted handlers.
Two problems:
* handler_audit() complains when a converted handler prints. Limit
that to QMP monitors.
* With QMP, handlers need to pass the error object by way of
monitor_set_error(). However, we do that both for QMP and for the
human monitor. The human monitor prints the error object after the
handler returns. If the handler prints anything else, that output
"overtakes" the error message.
Limit use of monitor_set_error() to QMP monitors. Update
handler_audit() accordingly.
qemu_error_sink can either point to a monitor or a file. In practice,
it always points to the current monitor if we have one, else to
stderr. Simply route errors to the current monitor or else to stderr,
and remove qemu_error_sink along with the functions to control it.
Actually, the old code switches the sink slightly later, in
handle_user_command() and handle_qmp_command(), than it gets switched
now, implicitly, by setting the current monitor in monitor_read() and
monitor_control_read(). Likewise, it switches back slightly earlier
(same places). Doesn't make a difference, because there are no calls
of qemu_error() in between.
Commits 376253ec..731b0364 introduced global variable cur_mon, which
points to the "default monitor" (if any), except during execution of
monitor_read() or monitor_control_read() it points to the monitor from
which we're reading instead (the "current monitor"). Monitor command
handlers run within monitor_read() or monitor_control_read().
Default monitor and current monitor are really separate things, and
squashing them together is confusing and error-prone.
For instance, usb_host_scan() can run both in "info usbhost" and
periodically via usb_host_auto_check(). It prints to cur_mon, which
is what we want in the former case: the monitor executing "info
usbhost". But since that's the default monitor in the latter case, it
periodically spams the default monitor there.
A few places use cur_mon to log stuff to the default monitor. If we
ever log something while cur_mon points to current monitor instead of
default monitor, the log temporarily "jumps" to another monitor.
Whether that can or cannot happen isn't always obvious.
Maybe logging to the default monitor (which may not even exist) is a
bad idea, and we should log to stderr or a logfile instead. But
that's outside the scope of this commit.
Change cur_mon to point to the current monitor. Create new
default_mon to point to the default monitor. Update users of cur_mon
accordingly.
This fixes the periodical spamming of the default monitor by
usb_host_scan(). It also stops "log jumping", should that problem
exist.
It's emitted whenever the watchdog device's timer expires. The action
taken is provided in the 'data' member.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
