Commit Graph

43424 Commits

Author SHA1 Message Date
Paolo Bonzini
abed886ec6 qdev: Free QemuOpts when the QOM path goes away
Otherwise there is a race where the DEVICE_DELETED event has been sent but
attempts to reuse the ID will fail.

Note that similar races exist for other QemuOpts, which this patch
does not attempt to fix.

For example, if the device is a block device, then unplugging it also
deletes its backend.  However, this backend's get deleted in
drive_info_del(), which is only called when properties are
destroyed.  Just like device_finalize(), drive_info_del() is called
some time after DEVICE_DELETED is sent.  A separate patch series has
been sent to plug this other bug.  Character devices also have yet to
be fixed.

Reported-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2016-01-18 17:47:58 +01:00
Daniel P. Berrange
7746abd8e9 qom: Change object property iterator API contract
Currently the ObjectProperty iterator API works as follows:

  ObjectPropertyIterator *iter;

  iter = object_property_iter_init(obj);
  while ((prop = object_property_iter_next(iter))) {
     ...
  }
  object_property_iter_free(iter);

This has the benefit that the ObjectPropertyIterator struct
can be opaque, but has the downside that callers need to
explicitly call a free function. It is also not in keeping
with iterator style used elsewhere in QEMU/GLib2.

This patch changes the API to use stack allocation instead:

  ObjectPropertyIterator iter;

  object_property_iter_init(&iter, obj);
  while ((prop = object_property_iter_next(&iter))) {
     ...
  }

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
[AF: Fused ObjectPropertyIterator struct with typedef]
Signed-off-by: Andreas Färber <afaerber@suse.de>
2016-01-18 17:47:58 +01:00
Daniel P. Berrange
16bf7f522a qom: Allow properties to be registered against classes
When there are many instances of a given class, registering
properties against the instance is wasteful of resources. The
majority of objects have a statically defined list of possible
properties, so most of the properties are easily registerable
against the class. Only those properties which are conditionally
registered at runtime need be recorded against the klass.

Registering properties against classes also makes it possible
to provide static introspection of QOM - currently introspection
is only possible after creating an instance of a class, which
severely limits its usefulness.

This impl only supports simple scalar properties. It does not
attempt to allow child object / link object properties against
the class. There are ways to support those too, but it would
make this patch more complicated, so it is left as an exercise
for the future.

There is no equivalent to object_property_del() provided, since
classes must be immutable once they are defined.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2016-01-18 17:47:58 +01:00
Peter Maydell
12b167226f hw/arm: Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1449505425-32022-4-git-send-email-peter.maydell@linaro.org
2016-01-18 16:33:32 +00:00
Peter Maydell
74c21bd074 target-arm: Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 1449505425-32022-3-git-send-email-peter.maydell@linaro.org
2016-01-18 16:33:32 +00:00
Peter Maydell
85071702eb scripts: Add new clean-includes script to fix C include directives
Add a new scripts/clean-includes, which can be used to automatically
ensure that a C source file includes qemu/osdep.h first and doesn't
then include any headers which osdep.h provides already.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 1449505425-32022-2-git-send-email-peter.maydell@linaro.org
2016-01-18 16:33:32 +00:00
Peter Maydell
46188349ad ui: misc small gtk/spice/vnc patches.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJWnQotAAoJEEy22O7T6HE48LUP/iPPO1Hw8RRDCEwZ9fA6adgd
 /D9D0/EvHcW1t+x1VZBLVKnMHugVQur6E6BJ9y94Rb/T08tT2b3Zprqj1zKM/IQ9
 VRvUIy8Kr3mJksdNKlY/9bV/PLVxv0UaxXjz9gvCyP+OZM97mxsQcjEHKncGkoc4
 fGg/ubHTRLQ7DKbC2P9TCSGBoBQJULu/Gke2FmFtmu9YrUT6gNSV3H/8oR0+LgAm
 EAx0DHeu34EOEkNNKvJsLKpRaPo6svjpLSPteh2yiwSyHOilJ6APaNcsSvEbRizG
 HX5UbMiw3DeUS0C+6V7HBRfa3m8ubffsOMFYMRtv9a5uXw1ZpkZYV8OmEfMSD5wG
 R26NpM3MKfa1CgTgwlt5JWIBtBjJ948qQqg6aapZnB131dCVUUOxiW11/FFYzum9
 grUzFecsaC5mN3YFpezOiEtdpuRKR36uVW5a98Y77AFCvXPkPxxDmbUzrb3Xc6It
 RddP6mkDs7CO9RHBxDjqs3x27OdywFGJdlFY2eFWOJHqAH5pNQDNezG/5L7FHoEO
 H/FnSM8b1ioYjo8oQYEK1urSy3O4FgbTZzDRhsxVR/FQhN9caQmvFyIV4fGreXci
 nTugnpTkavaNvfJILKmikpX2Prt39GlWjQhtuklg8jm80NqWg2UsTGtkYjl9golR
 SUzyl3TY7aouj7IZGxgE
 =g3CX
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/pull-ui-20160118-1' into staging

ui: misc small gtk/spice/vnc patches.

# gpg: Signature made Mon 18 Jan 2016 15:52:13 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-ui-20160118-1:
  vnc: fix tls-creds error message
  Fix corner-case when using VNC+SASL+SPICE
  vnc: clear vs->tlscreds after unparenting it
  gtk: implement set_echo

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-01-18 16:00:47 +00:00
Wolfgang Bumiller
c62e90af8c vnc: fix tls-creds error message
The parameter is called 'tls-creds', 'credid' is just the
variable name in the code.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 1452681360-29239-1-git-send-email-w.bumiller@proxmox.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-01-18 16:36:21 +01:00
Christophe Fergeau
06bb88145c Fix corner-case when using VNC+SASL+SPICE
Similarly to the commit 764eb39d1b fixing VNC+SASL+QXL, when starting
QEMU with SPICE but no SASL, and at the same time VNC with SASL, then
spice_server_init() will get called without a previous call to
spice_server_set_sasl_appname(), which will cause cyrus-sasl to
try to use /etc/sasl2/spice.conf (spice-server uses "spice" as its
default appname) rather than the expected /etc/sasl2/qemu.conf.

This commit unconditionally calls spice_server_set_sasl_appname()
before calling spice_server_init() in order to use the correct appname
even if SPICE without SASL was requested on qemu command line.

Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
Message-id: 1452607738-1521-1-git-send-email-cfergeau@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-01-18 16:36:21 +01:00
Wolfgang Bumiller
67c4c2bd95 vnc: clear vs->tlscreds after unparenting it
This pointer should be cleared in vnc_display_close()
otherwise a use-after-free can happen when when using the
old style 'x509' and 'tls' options rather than a persistent
tls-creds -object, by issuing monitor commands to change
the vnc server like so:

Start with: -vnc unix:test.socket,x509,tls
Then use the following monitor command:
  change vnc unix:test.socket

After this the pointer is still set but invalid and a crash
can be triggered for instance by issuing the same command a
second time which will try to object_unparent() the same
pointer again.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-01-18 16:36:21 +01:00
Paolo Bonzini
fba958c692 gtk: implement set_echo
Even without line editing, this makes -qmp vc more pleasant with the
GTK+ backend.  The only issue is that set_echo is invoked very early,
long before a vc is actually associated with a VirtualConsole.  To work
around this, create a temporary VirtualConsole until then.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1450356422-31710-1-git-send-email-pbonzini@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-01-18 16:36:21 +01:00
Peter Maydell
4aaddc2976 qemu-sparc update
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 
 iQEcBAABAgAGBQJWmjhGAAoJEFvCxW+uDzIfqKQH/2EufdrY9s1mxc1cUwrViBex
 ZmCPqQLRU6rwMYsLwG9IKZO1dMujSMJRRqxb2l7I1eL/qNBoNfxD7sm8GzjqW1Rk
 T8V4ItMtSdxAQVLZUS02NgdioXWI2KCkK5iw6Bev4OX9IKOyncnaVd+0J3ICQaDx
 oADkvRCBi7qU+CEbPz+qVfmkZHoPLlkBWLX8LthKrlOdPMhXR4Sm9TpQhLGfoOOD
 ro4DS2EtfFy/cSUJ/vd3jzBdRZ1s7Wb81lF37hZVlJf0zXemit0eMYS3LnldysnX
 8OUCgDl8ezqD58JNHnpbR1gNx+p/E41ereJhHpBlwfB6ujDI0ladzMDR4dk/iX4=
 =NQ/Z
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mcayland/tags/qemu-sparc-signed' into staging

qemu-sparc update

# gpg: Signature made Sat 16 Jan 2016 12:32:06 GMT using RSA key ID AE0F321F
# gpg: Good signature from "Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>"

* remotes/mcayland/tags/qemu-sparc-signed:
  target-sparc: Migrate CWP and PIL for SPARC64
  target-sparc: Use VMState arrays for SPARC64 TLB/MMU state
  target-sparc: Convert to VMStateDescription
  target-sparc: Don't flush TLB in cpu_load function
  target-sparc: Split cpu_put_psr into side-effect and no-side-effect parts
  vmstate: define vmstate_info_uinttl
  vmstate: Introduce VMSTATE_VARRAY_MULTPLY
  vmstate: introduce CPU_DoubleU arrays

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-01-18 09:33:36 +00:00
Peter Maydell
6d5322442a target-sparc: Migrate CWP and PIL for SPARC64
In SPARC32 the env->cwp and env->psrpil state is part of the PSR
register, and gets migrated as part of that register.
In SPARC64 this state is in separate CWP and PIL registers, but we
were not doing anything to migrate those.

Add the missing fields to the migration vmstate (which is a
migration break, but without these fields migration is completely
broken anyway).

This change means that trying a save/load of a SPARC64 target at
the boot rom prompt now produces a system which at least responds
to keyboard input after the restore.

Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2016-01-16 12:01:23 +00:00
Peter Maydell
0e88d45a33 target-sparc: Use VMState arrays for SPARC64 TLB/MMU state
Use VMState arrays for SPARC64 TLB/MMU state. This is
a migration-break for SPARC64 (but not for SPARC32),
which is acceptable because currently migration does not
work for any SPARC64 machines due to the lack of any migration
of interrupt controller state.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2016-01-16 12:01:23 +00:00
Juan Quintela
df32c8d436 target-sparc: Convert to VMStateDescription
Convert the SPARC CPU from cpu_load/save functions to VMStateDescription.
We preserve migration compatibility with the previous version
(required for SPARC32 but not necessarily for SPARC64).

Signed-off-by: Juan Quintela <quintela@redhat.com>
[PMM:
 * Rebase and update to apply to master
 * VMSTATE_STRUCT_POINTER now takes type, not pointer-to-type
 * QEMUTimer* are migrated via VMSTATE_TIMER_PTR
 * Put CPUTimer vmstate struct inside TARGET_SPARC64 ifdef
 * Convert handling of PSR to use a vmstate_psr, like Alpha and ARM
]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2016-01-16 12:01:23 +00:00
Peter Maydell
232afac113 target-sparc: Don't flush TLB in cpu_load function
There's no need to flush the TLB in the SPARC cpu_load function: we're
guaranteed to be loading state into a fresh clean configuration.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2016-01-16 12:01:23 +00:00
Peter Maydell
4552a09dd4 target-sparc: Split cpu_put_psr into side-effect and no-side-effect parts
For inbound migration we really want to be able to set the PSR without
having any side effects, but cpu_put_psr() calls cpu_check_irqs() which
might try to deliver CPU interrupts. Split cpu_put_psr() into the
no-side-effect and side-effect parts.

This includes reordering the cpu_check_irqs() to the end of cpu_put_psr(),
because that function may actually end up calling cpu_interrupt(), which
does not seem like a good thing to happen in the middle of updating the PSR.

Suggested-by: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2016-01-16 12:01:23 +00:00
Juan Quintela
365162f7c0 vmstate: define vmstate_info_uinttl
We are going to define arrays of this type, so we need the integer type.

Signed-off-by: Juan Quintela <quintela@redhat.com>
[PMM: updated to apply on current QEMU; renamed to 'uinttl'
 rather than 'uinttls' to match other vmstate naming]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2016-01-16 12:01:23 +00:00
Juan Quintela
b47d3af755 vmstate: Introduce VMSTATE_VARRAY_MULTPLY
This allows to send a partial array where the size is another
structure field multiplied by a constant.

Signed-off-by: Juan Quintela <quintela@redhat.com>
[PMM: updated to current master]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2016-01-16 12:01:23 +00:00
Juan Quintela
551747491d vmstate: introduce CPU_DoubleU arrays
Add vmstate support for migrating arrays of CPU_DoubleU via
VMSTATE_CPUDOUBLE_ARRAY.

Signed-off-by: Juan Quintela <quintela@redhat.com>
[PMM: rebased, since files have all moved since 2012;
 added VMSTATE_CPUDOUBLE_ARRAY_V for consistency with FLOAT64]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2016-01-16 12:01:23 +00:00
Peter Maydell
19b6d84316 * qemu-char logfile facility
* NBD coroutine based negotiation
 * bugfixes
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQEcBAABAgAGBQJWmTNEAAoJEL/70l94x66DaMsH/1krTYeEBZ0+f5X1OUR25dJX
 vbcfYehXeb7rmizwBQVLPiBtDfZgvh7YxbZUH2oxsoHj+doujowcyCmMDLFEMWHN
 nXRruYnQRfB29blP/qWSLgDK+I/5z92t15kQorsktNr8+fGgV/XkWHXAna+g40ZK
 9yh2xkV2hH4iD4gsZMkSBqlaBcHQiUUhhpdeZaHfv7A9/Ja3J0wErNkVzAGCawg+
 pncQcFsaKPIP/NafAe56QK+KCiuBrohOctyvtZpV8dtGuS6sQOPlbdWR72CeLz63
 GEt/qCjPmWwAv8i6UZOoNkl+lJ2iZcp6AQe7XWHnx7X1aYx2r44JM1HVUva7bOQ=
 =1meS
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

* qemu-char logfile facility
* NBD coroutine based negotiation
* bugfixes

# gpg: Signature made Fri 15 Jan 2016 17:58:28 GMT using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"

* remotes/bonzini/tags/for-upstream:
  qemu-char: do not leak QemuMutex when freeing a character device
  qemu-char: add logfile facility to all chardev backends
  nbd-server: do not exit on failed memory allocation
  nbd-server: do not check request length except for reads and writes
  nbd-server: Coroutine based negotiation
  nbd: Split nbd.c
  nbd: Always call "close_fn" in nbd_client_new
  SCSI device: fix to incomplete QOMify
  iscsi: send readcapacity10 when readcapacity16 failed
  qemu-char: delete send_all/recv_all helper methods
  vmw_pvscsi: x-disable-pcie, x-old-pci-configuration back-compat props are 2.5 specific
  scsi: initialise info object with appropriate size
  i386: avoid null pointer dereference
  target-i386: do not duplicate page protection checks
  scsi: revert change to scsi_req_cancel_async and add assertions

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-01-15 18:01:43 +00:00
Paolo Bonzini
fefd749ce2 qemu-char: do not leak QemuMutex when freeing a character device
The leak is only apparent on Win32.  On POSIX platforms destroying a
mutex is not necessary.

Reported-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-01-15 18:58:02 +01:00
Daniel P. Berrange
d0d7708ba2 qemu-char: add logfile facility to all chardev backends
Typically a UNIX guest OS will log boot messages to a serial
port in addition to any graphical console. An admin user
may also wish to use the serial port for an interactive
console. A virtualization management system may wish to
collect system boot messages by logging the serial port,
but also wish to allow admins interactive access.

Currently providing such a feature forces the mgmt app
to either provide 2 separate serial ports, one for
logging boot messages and one for interactive console
login, or to proxy all output via a separate service
that can multiplex the two needs onto one serial port.
While both are valid approaches, they each have their
own downsides. The former causes confusion and extra
setup work for VM admins creating disk images. The latter
places an extra burden to re-implement much of the QEMU
chardev backends logic in libvirt or even higher level
mgmt apps and adds extra hops in the data transfer path.

A simpler approach that is satisfactory for many use
cases is to allow the QEMU chardev backends to have a
"logfile" property associated with them.

 $QEMU -chardev socket,host=localhost,port=9000,\
                server=on,nowait,id-charserial0,\
		logfile=/var/log/libvirt/qemu/test-serial0.log
       -device isa-serial,chardev=charserial0,id=serial0

This patch introduces a 'ChardevCommon' struct which
is setup as a base for all the ChardevBackend types.
Ideally this would be registered directly as a base
against ChardevBackend, rather than each type, but
the QAPI generator doesn't allow that since the
ChardevBackend is a non-discriminated union. The
ChardevCommon struct provides the optional 'logfile'
parameter, as well as 'logappend' which controls
whether QEMU truncates or appends (default truncate).

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <1452516281-27519-1-git-send-email-berrange@redhat.com>
[Call qemu_chr_parse_common if cd->parse is NULL. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-01-15 18:58:02 +01:00
Paolo Bonzini
f1c17521e7 nbd-server: do not exit on failed memory allocation
The amount of memory allocated in nbd_co_receive_request is driven by the
NBD client (possibly a virtual machine).  Parallel I/O can cause the
server to allocate a large amount of memory; check for failures and
return ENOMEM in that case.

Cc: qemu-block@nongnu.org
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-01-15 18:58:02 +01:00
Paolo Bonzini
eb38c3b670 nbd-server: do not check request length except for reads and writes
Only reads and writes need to allocate memory correspondent to the
request length.  Other requests can be sent to the storage without
allocating any memory, and thus any request length is acceptable.

Reported-by: Sitsofe Wheeler <sitsofe@yahoo.com>
Cc: qemu-block@nongnu.org
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-01-15 18:58:02 +01:00
Fam Zheng
1a6245a5b0 nbd-server: Coroutine based negotiation
Create a coroutine in nbd_client_new, so that nbd_send_negotiate doesn't
need qemu_set_block().

Handlers need to be set temporarily for csock fd in case the coroutine
yields during I/O.

With this, if the other end disappears in the middle of the negotiation,
we don't block the whole event loop.

To make the code clearer, unify all function names that belong to
negotiate, so they are less likely to be misused. This is important
because we rely on negotiation staying in main loop, as commented in
nbd_negotiate_read/write().

Signed-off-by: Fam Zheng <famz@redhat.com>
Message-Id: <1452760863-25350-4-git-send-email-famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-01-15 18:58:02 +01:00
Fam Zheng
798bfe0006 nbd: Split nbd.c
We have NBD server code and client code, all mixed in a file. Now split
them into separate files under nbd/, and update MAINTAINERS.

filter_nbd for iotest 083 is updated to keep the log filtered out.

Signed-off-by: Fam Zheng <famz@redhat.com>
Message-Id: <1452760863-25350-3-git-send-email-famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-01-15 18:58:02 +01:00
Fam Zheng
ee7d7aabda nbd: Always call "close_fn" in nbd_client_new
Rename the parameter "close" to "close_fn" to disambiguous with
close(2).

This unifies error handling paths of NBDClient allocation:
nbd_client_new will shutdown the socket and call the "close_fn" callback
if negotiation failed, so the caller don't need a different path than
the normal close.

The returned pointer is never used, make it void in preparation for the
next patch.

Signed-off-by: Fam Zheng <famz@redhat.com>
Message-Id: <1452760863-25350-2-git-send-email-famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-01-15 18:58:01 +01:00
Cao jin
e1dc68155c SCSI device: fix to incomplete QOMify
Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Message-Id: <1452073066-28319-1-git-send-email-caoj.fnst@cn.fujitsu.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-01-15 18:58:01 +01:00
Zhu Lingshan
1cb6d137ff iscsi: send readcapacity10 when readcapacity16 failed
When play with Dell MD3000 target, for sure it
is a TYPE_DISK, but readcapacity16 would fail.
Then we find that readcapacity10 succeeded. It
looks like the target just support readcapacity10
even through it is a TYPE_DISK or have some
TYPE_ROM characteristics.

This patch can give a chance to send
readcapacity16 when readcapacity10 failed.
This patch is not harmful to original pathes

Signed-off-by: Zhu Lingshan <lszhu@suse.com>
Message-Id: <1451359934-9236-1-git-send-email-lszhu@suse.com>
[Don't fall through on UNIT ATTENTION. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-01-15 18:58:01 +01:00
Daniel P. Berrange
46f296cd3a qemu-char: delete send_all/recv_all helper methods
The qemu-char.c contains two helper methods send_all
and recv_all. These are in fact declared in sockets.h
so ought to have been in util/qemu-sockets.c. For added
fun the impl of recv_all is completely missing on Win32.

Fortunately there is only a single caller of these
methods, the TPM passthrough code, which is only
ever compiled on Linux. With only a single caller
these helpers are not compelling enough to keep so
inline them in the TPM code, avoiding the need to
fix the missing recv_all on Win32.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <1450879144-17111-1-git-send-email-berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-01-15 18:58:01 +01:00
Shmulik Ladkani
fca1031839 vmw_pvscsi: x-disable-pcie, x-old-pci-configuration back-compat props are 2.5 specific
pvscsi's x-disable-pcie and x-old-pci-configuration backward compat
properties were introduced in 952970b and d5da3ef:

  vmw_pvscsi: Introduce 'x-old-pci-configuration' backword compatability property
  vmw_pvscsi: Introduce 'x-disable-pcie' backword compatability property

and were placed into HW_COMPAT_2_4.

However since these commits were pulled post v2.5, move them to
HW_COMPAT_2_5.

Signed-off-by: Shmulik Ladkani <shmulik.ladkani@ravellosystems.com>
Message-Id: <1450900558-20113-1-git-send-email-shmulik.ladkani@ravellosystems.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-01-15 18:58:01 +01:00
P J P
36fef36b91 scsi: initialise info object with appropriate size
While processing controller 'CTRL_GET_INFO' command, the routine
'megasas_ctrl_get_info' overflows the '&info' object size. Use its
appropriate size to null initialise it.

Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <alpine.LFD.2.20.1512211501420.22471@wniryva>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: P J P <ppandit@redhat.com>
2016-01-15 18:58:01 +01:00
P J P
4c1396cb57 i386: avoid null pointer dereference
Hello,

A null pointer dereference issue was reported by Mr Ling Liu, CC'd here. It
occurs while doing I/O port write operations via hmp interface. In that,
'current_cpu' remains null as it is not called from cpu_exec loop, which
results in the said issue.

Below is a proposed (tested)patch to fix this issue; Does it look okay?

===
From ae88a4947fab9a148cd794f8ad2d812e7f5a1d0f Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Fri, 18 Dec 2015 11:16:07 +0530
Subject: [PATCH] i386: avoid null pointer dereference

When I/O port write operation is called from hmp interface,
'current_cpu' remains null, as it is not called from cpu_exec()
loop. This leads to a null pointer dereference in vapic_write
routine. Add check to avoid it.

Reported-by: Ling Liu <liuling-it@360.cn>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <alpine.LFD.2.20.1512181129320.9805@wniryva>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: P J P <ppandit@redhat.com>
2016-01-15 18:58:01 +01:00
Paolo Bonzini
76c64d3360 target-i386: do not duplicate page protection checks
x86_cpu_handle_mmu_fault is currently checking twice for writability
and executability of pages; the first time to decide whether to
trigger a page fault, the second time to compute the "prot" argument
to tlb_set_page_with_attrs.

Reorganize code so that first "prot" is computed, then it is used
to check whether to raise a page fault, then finally PROT_WRITE is
removed if the D bit will have to be set.

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-01-15 18:57:50 +01:00
Paolo Bonzini
3daa41078a scsi: revert change to scsi_req_cancel_async and add assertions
Fam Zheng noticed that the change in commit 36896bf ("scsi: always call
notifier on async cancellation", 2015-12-16) could cause a leak of
the request; scsi_req_cancel_async now calls scsi_req_ref
multiple times for multiple cancellations, but there is only
one call to scsi_req_cancel_complete.

So revert the patch and instead assert that the problematic case (a call
to scsi_req_cancel_async after the aiocb has been completed) cannot
happen.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-01-15 18:57:32 +01:00
Peter Maydell
5a57acb66f target-arm queue:
* use the right MMU index when handling unaligned accesses
  * xlnx-zynqmp: Add support for high DDR memory regions
  * target-arm: support QMP dump-guest-memory
  * ARM: virt: Don't generate RTC ACPI device when using UEFI
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCAAGBQJWmQ1DAAoJEDwlJe0UNgzetR0P/jMwsT03RXLCqC5RpTlvLPEP
 7IXElghhpoRl1AQ7BTV+tit83hjRcEGpXN9kY6k9nVu6Gj1YWfwepl0u1HSEK/Pk
 OziANfbr6Yp/kz1SaBycX9ek3MHKQ49+MjO5GiGWyN9RfAAzCl60mVDbmM+uir3B
 kd7oiFoXjtfTiHUV5DaLUHGUUj2KyIf25kBn93uKbZwZwx19WX9KP/KduGFFHWv+
 GOHg3GVsGcqNdVNWoOOVTAGq+bYg+dRmS+2le1gY52cWO/WrECbA8MIMeHAkyKbn
 g/dejhkdYAl3/MKBllfMpMuma4DfiDW3rpxhOURUYOwqJN0theVhYnR9z985VZVp
 XdmMa2/f0VbRhT9Nyrvl3OUUyiD/o+uJUu1qMGqN9sVZukIJDSbxFA06ZAQZHG62
 79/lXv2BdARuITmVa5piFk6QIX8Vna/4so7OiZmuHPNfUGSreHObCWUnheXFe01Z
 p88tmrpNCHmNWgLa/bvnOx1OaqR3VxNYTp+g4ZrdRljL98NS0kfHqp9aCI2gCP1t
 8GaWHZLEfKEosfxcCiMH0J7Civ1UCPlv784hijcSqKa8GyUJGaeA/mFD+a46o9Pc
 +AG1v167VYtgczUjakXKqw4z/XMvhpUZ5+mAqQ67DhAu9bm+sDM5HFFd04GJzgUJ
 pXqTo6MeS19ZNhqJ+P40
 =CIw9
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20160115' into staging

target-arm queue:
 * use the right MMU index when handling unaligned accesses
 * xlnx-zynqmp: Add support for high DDR memory regions
 * target-arm: support QMP dump-guest-memory
 * ARM: virt: Don't generate RTC ACPI device when using UEFI

# gpg: Signature made Fri 15 Jan 2016 15:16:19 GMT using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>"
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>"

* remotes/pmaydell/tags/pull-target-arm-20160115:
  ARM: virt: Don't generate RTC ACPI device when using UEFI
  target-arm: dump-guest-memory: add vfp notes for arm
  elf: add arm note types
  target-arm: dump-guest-memory: add prfpreg notes for aarch64
  target-arm: support QMP dump-guest-memory
  dump: allow target to set the physical base
  dump: allow target to set the page size
  dump: qemunotes aren't commonly needed
  qapi-schema: dump-guest-memory: Improve text
  xlnx-zynqmp: Add support for high DDR memory regions
  target-arm: Use the right MMU index in arm_regime_using_lpae_format

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-01-15 15:49:43 +00:00
Shannon Zhao
67736a25f8 ARM: virt: Don't generate RTC ACPI device when using UEFI
When booting the VM with UEFI, UEFI takes ownership of the RTC hardware.
While UEFI can use libfdt to disable the RTC device node in the DTB that
it passes to the OS, it cannot modify AML. Therefore, we won't generate
the RTC ACPI device at all when using UEFI.

Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Message-id: 1452867091-4023-1-git-send-email-shannon.zhao@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-01-15 14:55:16 +00:00
Andrew Jones
ade0d0c0d3 target-arm: dump-guest-memory: add vfp notes for arm
gdb won't actually dump these with 'info all-registers' since
it first tries to confirm that it should by checking the VFP
hwcap in the .auxv note. Well, we don't generate an .auxv note.

Signed-off-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1452542185-10914-9-git-send-email-drjones@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-01-15 14:55:16 +00:00
Andrew Jones
7d68e47f12 elf: add arm note types
Signed-off-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1452542185-10914-8-git-send-email-drjones@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-01-15 14:55:16 +00:00
Andrew Jones
bada8e4470 target-arm: dump-guest-memory: add prfpreg notes for aarch64
Signed-off-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1452542185-10914-7-git-send-email-drjones@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-01-15 14:55:16 +00:00
Andrew Jones
da2b91409f target-arm: support QMP dump-guest-memory
Add the support needed for creating prstatus elf notes. This
allows us to use QMP dump-guest-memory.

Signed-off-by: Andrew Jones <drjones@redhat.com>
Message-id: 1452542185-10914-6-git-send-email-drjones@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: moved setting of cpu::write_elf64_note inside !CONFIG_USER_ONLY
 ifdef to avoid compile failure for linux-user build]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-01-15 14:40:25 +00:00
Andrew Jones
b6e05aa473 dump: allow target to set the physical base
crash assumes the physical base in the kdump subheader of
makedumpfile formatted dumps is correct. Zero is not correct
for all architectures, so allow it to be changed.

(No functional change.)

Signed-off-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1452542185-10914-5-git-send-email-drjones@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-01-15 14:40:25 +00:00
Andrew Jones
8161befdd1 dump: allow target to set the page size
This is necessary for targets that don't have TARGET_PAGE_SIZE ==
real-target-page-size. The target should set the page size to the
correct one, if known, or, if not known, to the maximum page size
it supports.

(No functional change.)

Signed-off-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1452542185-10914-4-git-send-email-drjones@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-01-15 14:40:25 +00:00
Andrew Jones
b09afd58e4 dump: qemunotes aren't commonly needed
Only one of three architectures implementing qmp-dump-guest-memory write
qemu notes. And, another architecture (arm/aarch64) is coming, which
won't use them either. Make the common implementation truly common.

(No functional change.)

Signed-off-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1452542185-10914-3-git-send-email-drjones@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-01-15 14:40:24 +00:00
Andrew Jones
f1cd483004 qapi-schema: dump-guest-memory: Improve text
dump-guest-memory is supported by more than just x86, however
the paging option is not.

(No functional change.)

Signed-off-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1452542185-10914-2-git-send-email-drjones@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-01-15 14:39:01 +00:00
Alistair Francis
dc3b89ef87 xlnx-zynqmp: Add support for high DDR memory regions
The Xilinx ZynqMP SoC and EP108 board supports three memory regions:
 - A 2GB region starting at 0
 - A 32GB region starting at 32GB
 - A 256GB region starting at 768GB

This patch adds support for the first two memory regions, which is
automatically created based on the size specified by the QEMU memory
command line argument.

On hardware the physical memory region is one continuous region, it is then
mapped into the three different regions by the DDRC. As we don't model the
DDRC this is done at startup by QEMU. The board creates the memory region and
then passes that memory region to the SoC. The SoC then maps the memory
regions.

Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-id: a1e47db941d65733724a300fcd98b74fbeeaaf22.1452637205.git.alistair.francis@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-01-15 14:34:54 +00:00
Alvise Rigo
deb2db996c target-arm: Use the right MMU index in arm_regime_using_lpae_format
arm_regime_using_lpae_format checks whether the LPAE extension is used
for stage 1 translation regimes. MMU indexes not exclusively of a stage 1
regime won't work with this method.

In case of ARMMMUIdx_S12NSE0 or ARMMMUIdx_S12NSE1, offset these values
by ARMMMUIdx_S1NSE0 to get the right index indicating a stage 1
translation regime.

Rename also the function to arm_s1_regime_using_lpae_format and update
the comments to reflect the change.

Signed-off-by: Alvise Rigo <a.rigo@virtualopensystems.com>
Message-id: 1452854262-19550-1-git-send-email-a.rigo@virtualopensystems.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-01-15 14:10:02 +00:00
Peter Maydell
f02ccf5369 disas/libvixl: Really suppress gcc 4.6.3 sign-compare warnings
Commit 8acc216b95 attempted to silence some sign-compare
warnings in libvixl by adding -Wno-sign-compare to the CFLAGS
for the relevant objects. Unfortunately it was ineffective
because it was placed before $(QEMU_CFLAGS), so the -Wall in
the general flags overrode -Wno-sign-compare rather than
vice-versa. Reorder the flags so the warning suppression works.

Thanks to Franz-Josef Haider <Franz-Josef.Haider@student.uibk.ac.at>
for pointing out what was wrong with the original patch.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1452783202-576-1-git-send-email-peter.maydell@linaro.org
2016-01-14 17:57:51 +00:00
Markus Armbruster
37aa7a0e2f xen-hvm: Clean up xen_ram_alloc() error handling
xen_ram_alloc() dies with hw_error() on error, even though its caller
ram_block_add() handles errors just fine.  Add an Error **errp
parameter and use it.

Leave case RUN_STATE_INMIGRATE alone, because that looks like some
kind of warning.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2016-01-14 16:49:50 +00:00