Commit Graph

45362 Commits

Author SHA1 Message Date
Pavel Butsykin
9a41826f38 ide: restart atapi dma by re-evaluating command packet
ide_atapi_dma_restart() used to just complete the DMA with an error,
under the assumption that there isn't enough information to restart it.

However, as the contents of the ->io_buffer is preserved, it looks safe to
just re-evaluate it and dispatch the ATAPI command again.

Signed-off-by: Pavel Butsykin <pbutsykin@virtuozzo.com>
Reviewed-by: Roman Kagan <rkagan@virtuozzo.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: 1459924806-306-3-git-send-email-den@openvz.org
Signed-off-by: John Snow <jsnow@redhat.com>
2016-04-12 16:47:52 -04:00
Pavel Butsykin
218fd37c68 ide: don't lose pending dma state
If the migration occurs after the IDE DMA has been set up but before it
has been initiated, the state gets lost upon save/restore. Specifically,
->dma_cb callback gets cleared, so, when the guest eventually starts bus
mastering, the DMA never completes, causing the guest to time out the
operation.

OTOH all the infrastructure is already in place to restart the DMA if
the migration happens while the DMA is in progress.

So reuse that infrastructure, by setting bus->error_status based on
->dma_cmd in pre_save if ->dma_cb callback is already set but DMAING is
clear. This will indicate the need for restart and make sure ->dma_cb
is restored in ide_restart_bh(); howeover since DMAING is clear the state
upon restore will be exactly "ready for DMA" as before the save.

Signed-off-by: Pavel Butsykin <pbutsykin@virtuozzo.com>
Reviewed-by: Roman Kagan <rkagan@virtuozzo.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: 1459924806-306-2-git-send-email-den@openvz.org
Signed-off-by: John Snow <jsnow@redhat.com>
2016-04-12 16:47:52 -04:00
Anthony PERARD
d1fc684f36 xen: Fix IDE unplug
After commit e5e7855 (blockdev: Separate BB name management), starting a
guest with PVHVM support result in this assert:
qemu-system-i386: block/block-backend.c:173: blk_delete: Assertion `!blk->name' failed.

A backtrace show that a caller is pci_piix3_xen_ide_unplug().

This patch fix it.

Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Message-id: 1460382666-29885-1-git-send-email-anthony.perard@citrix.com
Signed-off-by: John Snow <jsnow@redhat.com>
2016-04-12 16:47:52 -04:00
Wei Liu
4df26e88ee xenfb: use the correct condition to avoid excessive looping
In commit ac0487e1 ("xenfb.c: avoid expensive loops when prod <=
out_cons"), ">=" was used. In fact, a full ring is a legit state.
Correct the test to use ">".

Reported-by: "Hao, Xudong" <xudong.hao@intel.com>
Signed-off-by: Wei Liu <wei.liu2@citrix.com>
Tested-by: "Hao, Xudong" <xudong.hao@intel.com>
Acked-by: Anthony Perard <anthony.perard@citrix.com>
Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>
2016-04-12 10:16:08 -07:00
Peter Maydell
d44122ecd0 Block layer patches for 2.6
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJXDR31AAoJEH8JsnLIjy/WhJwP/j6TwEN/atc/qvXAvJtOCM10
 EhmgPLV4xBLHjuMDxF9k+6wGAk8szpR/az/cNG7xRSAL2bVyGDSZm2E1Cy6kGwlb
 dDzPO24GhJqC55ukWn/L7UPQWsFLjjCypdCWMxIS8AzQzzfnt78PPG4SoJJVkldl
 w/uHC77cjaY8HNrB5GMVydXHfZQ/s5cEutlbJ3vbwELXncx3uhb1zwBoEOE/R99+
 20c3IC+mGNIcvhn3jQmialpb+DHNRAfpFdVsOtHmq/xdz8oK1wvd4MnBDwQTJkLQ
 qcNz8DHRXvuiPaDVA9qL0Xct7BsvEQAlDaTNo901ZUdrdToVBg8pqbPCnygwAlNQ
 5cL7a1XBsNvPFjMA+Z+PNqz3ErCP8I764eVsM36IcoFleF5+NSWkfWNAa3vtic5Z
 LauD2QUjGmY8hNS2zC1PHQJlTGuRM2Fz9PUwwSsAV4oueSgdqv4enYKMYvfmYhP7
 4BxJA8R3pVXxKcCEQKNJkzgZC2gB/slF2qMYDUONsxgG2lw8w15YRj07tHM0auZ4
 ih5f5pSTzyrETFYuJx0mySMlE04HP+pUnkP5n1w6xOXpmUi9FGul8hskyya0nHtP
 ojRIkrJSNF9+uByRmeCTKX1XgpWnaWKcypRDSv5MJmx2r1hFpCv5GH/buqRqjZhW
 KvogJBpja9MZrTefbW4E
 =UMTj
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Block layer patches for 2.6

# gpg: Signature made Tue 12 Apr 2016 17:10:29 BST using RSA key ID C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"

* remotes/kevin/tags/for-upstream:
  qemu-iotests: iotests.py: get rid of __all__
  qemu-iotests: 068: don't require KVM
  qemu-iotests: 148: properly skip test if quorum support is missing
  qemu-iotests: iotests.VM: remove qtest socket on error
  qemu-iotests: fix 051 on non-PC architectures
  qemu-iotests: check: don't place files with predictable names in /tmp
  MAINTAINERS: Block layer core, qcow2 and blkdebug
  qcow2: Prevent backing file names longer than 1023
  vpc: fix return value check for blk_pwrite
  iotests: Make 150 use qemu-img map instead of du
  block: initialize qcrypto API at startup
  qemu-img: fix formatting of error message
  iotests: fix the broken 026.nocache output

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-04-12 17:47:15 +01:00
Kevin Wolf
5158ac5830 Block patches for 2.6-rc2.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQEcBAABCAAGBQJXDR10AAoJEDuxQgLoOKyt8AkH/jSZYxLCUEBZRJPEaOl5JyfV
 qxNzWHlfkKHP6zC1PQHt9mCYAsMmAzz7v3+zr/tQbOOlDoUJsROe8RqSvrlDpHPG
 WeuSpWZx0xcSq9FNChp3VvJiM/Hb22Fu0a8GODKH9GnnRvfgRdPuXL0bh7RpdxN8
 kcdfdBSAAhBTJI1+q+smJxexelx+UDYFcg6CPX0AKET7I79bNg/ZLvosYcYUezuh
 Tur6V7OCqY1AFhu0oGc1p3Wtf0jBFPPkXylqx6jWhJIW7kWwDho6nh0zhnQjDufi
 KXp560/bcpK0zdan6kTlp5gyo6Ym8hF1sPYNjIelf5T8+z4P5pS2ysaCOlhrGgM=
 =DmtA
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'mreitz/tags/pull-block-for-kevin-2016-04-12' into queue-block

Block patches for 2.6-rc2.

# gpg: Signature made Tue Apr 12 18:08:20 2016 CEST using RSA key ID E838ACAD
# gpg: Good signature from "Max Reitz <mreitz@redhat.com>"

* mreitz/tags/pull-block-for-kevin-2016-04-12:
  qemu-iotests: iotests.py: get rid of __all__
  qemu-iotests: 068: don't require KVM
  qemu-iotests: 148: properly skip test if quorum support is missing
  qemu-iotests: iotests.VM: remove qtest socket on error
  qemu-iotests: fix 051 on non-PC architectures
  qemu-iotests: check: don't place files with predictable names in /tmp

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-04-12 18:09:16 +02:00
Sascha Silbe
3ef3dcef56 qemu-iotests: iotests.py: get rid of __all__
The __all__ list contained a typo for as long as the iotests module
existed. That typo prevented "from iotests import *" (which is the
only case where iotests.__all__ is used at all) from ever working.

The names used by iotests are highly prone to name collisions, so
importing them all unconditionally is a bad idea anyway. Since __all__
is not adding any value, let's just get rid of it.

Fixes: f345cfd0 ("qemu-iotests: add iotests Python module")
Signed-off-by: Sascha Silbe <silbe@linux.vnet.ibm.com>
Reviewed-by: Bo Tu <tubo@linux.vnet.ibm.com>
Message-id: 1459848109-29756-8-git-send-email-silbe@linux.vnet.ibm.com
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-04-12 18:07:39 +02:00
Sascha Silbe
9bf8027dde qemu-iotests: 068: don't require KVM
None of the other test cases explicitly enable KVM and there's no
obvious reason for 068 to require it. Drop this so all test cases can be
executed in environments where KVM is not available (e.g. because the
user doesn't have sufficient permissions to access /dev/kvm).

Signed-off-by: Sascha Silbe <silbe@linux.vnet.ibm.com>
Reviewed-by: Bo Tu <tubo@linux.vnet.ibm.com>
Message-id: 1459848109-29756-6-git-send-email-silbe@linux.vnet.ibm.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-04-12 18:07:39 +02:00
Sascha Silbe
3f647b510f qemu-iotests: 148: properly skip test if quorum support is missing
qemu-iotests test case 148 already had some code for skipping the test
if quorum support is missing, but it didn't work in all
cases. TestQuorumEvents.setUp() gets run before the actual test class
(which contains the skipping code) and tries to start qemu with a drive
using the quorum driver. For some reason this works fine when using
qcow2, but fails for raw.

As the entire test case requires quorum, just check for availability
before even starting the test suite. Introduce a verify_quorum()
function in iotests.py for this purpose so future test cases can make
use of it.

Signed-off-by: Sascha Silbe <silbe@linux.vnet.ibm.com>
Reviewed-by: Bo Tu <tubo@linux.vnet.ibm.com>
Message-id: 1459848109-29756-5-git-send-email-silbe@linux.vnet.ibm.com
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-04-12 18:07:39 +02:00
Sascha Silbe
c1c71e49bc qemu-iotests: iotests.VM: remove qtest socket on error
On error, VM.launch() cleaned up the monitor unix socket, but left the
qtest unix socket behind. This caused the remaining sub-tests to fail
with EADDRINUSE:

+======================================================================
+ERROR: testQuorum (__main__.TestFifoQuorumEvents)
+----------------------------------------------------------------------
+Traceback (most recent call last):
+  File "148", line 63, in setUp
+    self.vm.launch()
+  File "/home6/silbe/qemu/tests/qemu-iotests/iotests.py", line 247, in launch
+    self._qmp.accept()
+  File "/home6/silbe/qemu/tests/qemu-iotests/../../scripts/qmp/qmp.py", line 141, in accept
+    return self.__negotiate_capabilities()
+  File "/home6/silbe/qemu/tests/qemu-iotests/../../scripts/qmp/qmp.py", line 57, in __negotiate_capabilities
+    raise QMPConnectError
+QMPConnectError
+
+======================================================================
+ERROR: testQuorum (__main__.TestQuorumEvents)
+----------------------------------------------------------------------
+Traceback (most recent call last):
+  File "148", line 63, in setUp
+    self.vm.launch()
+  File "/home6/silbe/qemu/tests/qemu-iotests/iotests.py", line 244, in launch
+    self._qtest = qtest.QEMUQtestProtocol(self._qtest_path, server=True)
+  File "/home6/silbe/qemu/tests/qemu-iotests/../../scripts/qtest.py", line 33, in __init__
+    self._sock.bind(self._address)
+  File "/usr/lib64/python2.7/socket.py", line 224, in meth
+    return getattr(self._sock,name)(*args)
+error: [Errno 98] Address already in use

Fix this by cleaning up both the monitor socket and the qtest socket iff
they exist.

Signed-off-by: Sascha Silbe <silbe@linux.vnet.ibm.com>
Reviewed-by: Bo Tu <tubo@linux.vnet.ibm.com>
Message-id: 1459848109-29756-4-git-send-email-silbe@linux.vnet.ibm.com
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-04-12 18:07:39 +02:00
Sascha Silbe
1759386b7c qemu-iotests: fix 051 on non-PC architectures
Commit 61de4c68 [block: Remove BDRV_O_CACHE_WB] updated the reference
output for PCs, but neglected to do the same for the generic reference
output file. Fix 051 on all non-PC architectures by applying the same
change to the generic output file.

Fixes: 61de4c68 ("block: Remove BDRV_O_CACHE_WB")
Signed-off-by: Sascha Silbe <silbe@linux.vnet.ibm.com>
Reviewed-by: Bo Tu <tubo@linux.vnet.ibm.com>
Message-id: 1459848109-29756-3-git-send-email-silbe@linux.vnet.ibm.com
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-04-12 18:07:39 +02:00
Sascha Silbe
0145b4e130 qemu-iotests: check: don't place files with predictable names in /tmp
Placing files with predictable or even hard-coded names in /tmp is a
security risk and can prevent or disturb operation on a multi-user
machine. Place them inside the "scratch" directory instead, as we
already do for most other test-related files.

Signed-off-by: Sascha Silbe <silbe@linux.vnet.ibm.com>
Reviewed-by: Bo Tu <tubo@linux.vnet.ibm.com>
Message-id: 1459848109-29756-2-git-send-email-silbe@linux.vnet.ibm.com
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-04-12 18:07:39 +02:00
Max Reitz
c4189d85bc MAINTAINERS: Block layer core, qcow2 and blkdebug
As agreed with Kevin and already practiced for a while, I am adding
myself as co-maintainer of the block layer core, qcow2 and blkdebug.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-04-12 18:06:52 +02:00
Max Reitz
4e876bcf2b qcow2: Prevent backing file names longer than 1023
We reject backing file names with a length of more than 1023 characters
when opening a qcow2 file, so we should not produce such files
ourselves.

Cc: qemu-stable@nongnu.org
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-04-12 18:06:51 +02:00
Paolo Bonzini
40a99aace3 vpc: fix return value check for blk_pwrite
bdrv_pwrite_sync used to return zero or negative error, while blk_pwrite returns
the number of written bytes when successful.  This caused VPC image creation
to fail spectacularly: it wrote the first 512 bytes, and then exited immediately
because of the non-zero answer from blk_pwrite.  But the truly spectacular part
is that it returns a positive value (the 512 that blk_pwrite returned) causing
everyone to believe that it succeeded.

This fixes qemu-iotests with vpc format.

Fixes: b8f45cdf78
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-04-12 18:06:51 +02:00
Max Reitz
1fd06db03d iotests: Make 150 use qemu-img map instead of du
The actual on-disk size of a file does not only depend on factors qemu
can control. Thus, we should not depend on this to determine whether a
file has indeed been fully allocated. Instead, use qemu-img map and hope
that if an area is referenced, it is indeed allocated, too.

Also, limit the supported image formats to raw and qcow2 because the
actual qemu-img map output may depend on the image format.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Tested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-04-12 18:06:51 +02:00
Daniel P. Berrange
c229708848 block: initialize qcrypto API at startup
Any programs which call the qcrypto APIs should ensure that
qcrypto_init() has been called before anything else which
can use crypto. Essentially this means right at the start
of the main method before initializing anything else.

This is important because some versions of gnutls/gcrypt
require explicit initialization before use.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Alex Bligh <alex@alex.org.uk>
Tested-by: Alex Bligh <alex@alex.org.uk>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-04-12 18:06:51 +02:00
Daniel P. Berrange
143605a200 qemu-img: fix formatting of error message
The error_reportf_err() will not automatically append a
': ' before adding its suffix, so we must include that
in the message we pass it, otherwise we get a badly
formatted message lacking whitespace:

qemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=6666,tls-creds=tls0'Failed to connect socket: Connection refused

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-04-12 18:06:51 +02:00
Pavel Butsykin
af74e865c4 iotests: fix the broken 026.nocache output
This patch fixes longstanding issue with 026 iotest. Unfortunately,
this test contains 2 versions of the correct output, one for cached
writes and one for non-cached ones. People tends to fix only one
version of output of the test and thus noncached version becomes
broken. Unfortunately, it is default in tests/check-block.sh

The following problematic commits were made:
    commit 3b5e14c76a
    Author: Max Reitz <mreitz@redhat.com>
    Date:   Tue Dec 2 18:32:51 2014 +0100
    qcow2: Flushing the caches in qcow2_close may fail

    commit a069e2f137
    Author: John Snow <jsnow@redhat.com>
    Date:   Fri Feb 6 16:26:17 2015 -0500
    blkdebug: fix "once" rule

    commit b106ad9185
    Author: Kevin Wolf <kwolf@redhat.com>
    Date:   Fri Mar 28 18:06:31 2014 +0100
    qcow2: Don't rely on free_cluster_index in alloc_refcount_block()

Signed-off-by: Pavel Butsykin <pbutsykin@virtuozzo.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Max Reitz <mreitz@redhat.com>
CC: John Snow <jsnow@redhat.com>
CC: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-04-12 18:06:51 +02:00
Peter Maydell
42bb626f7e -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
 
 iQEcBAABAgAGBQJXDLICAAoJEJykq7OBq3PIw+EH/06hfnEuvpI06IE831MDoBtY
 PiBg6R8oVQLYjC2LLLRfOUqcr2oqxrRMgN6SIOVrAX3TPFDIVjY2iEEjHcxHbOQw
 MGAXuXsJCLLkJNDuDlUB44AeiU3V98K0Rh6+hieVZQBuj6yeYA/cuIsz0sWwYUhU
 69hFeAgZO9tmSG2zWYqnhMGpbyjD7YYBLmcid+9pxUD1xB2YOuLgOqAGo7RYTEuE
 2aaUoaUR4zVWwugLxgBqb6P02apN3afK6mA6QP1eEROMdrXNd/tgCQrWQflxlSP6
 Kdnd0RE6iY4Sw8RSX+H3EEehyP+DtpNVgIIRLt1g/GNXJ2ZHfORXv/JSgx43OjU=
 =+1pC
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging

# gpg: Signature made Tue 12 Apr 2016 09:29:54 BST using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"

* remotes/stefanha/tags/block-pull-request:
  MAINTAINERS: Add Fam Zheng as a co-maintainer of block I/O path
  mirror: Replace bdrv_drain(bs) with bdrv_co_drain(bs)
  block: Fix bdrv_drain in coroutine

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-04-12 09:34:52 +01:00
Fam Zheng
9ca3003df3 MAINTAINERS: Add Fam Zheng as a co-maintainer of block I/O path
As agreed with Stefan, I'm listing myself a co-maintainer of block I/O
path and assist with the maintainership.

Signed-off-by: Fam Zheng <famz@redhat.com>
Message-id: 1459849105-7767-1-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-04-11 16:59:10 +01:00
Fam Zheng
39bf92dd70 mirror: Replace bdrv_drain(bs) with bdrv_co_drain(bs)
Suggested-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-id: 1459855253-5378-3-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-04-11 16:59:09 +01:00
Fam Zheng
a77fd4bb29 block: Fix bdrv_drain in coroutine
Using the nested aio_poll() in coroutine is a bad idea. This patch
replaces the aio_poll loop in bdrv_drain with a BH, if called in
coroutine.

For example, the bdrv_drain() in mirror.c can hang when a guest issued
request is pending on it in qemu_co_mutex_lock().

Mirror coroutine in this case has just finished a request, and the block
job is about to complete. It calls bdrv_drain() which waits for the
other coroutine to complete. The other coroutine is a scsi-disk request.
The deadlock happens when the latter is in turn pending on the former to
yield/terminate, in qemu_co_mutex_lock(). The state flow is as below
(assuming a qcow2 image):

  mirror coroutine               scsi-disk coroutine
  -------------------------------------------------------------
  do last write

    qcow2:qemu_co_mutex_lock()
    ...
                                 scsi disk read

                                   tracked request begin

                                   qcow2:qemu_co_mutex_lock.enter

    qcow2:qemu_co_mutex_unlock()

  bdrv_drain
    while (has tracked request)
      aio_poll()

In the scsi-disk coroutine, the qemu_co_mutex_lock() will never return
because the mirror coroutine is blocked in the aio_poll(blocking=true).

With this patch, the added qemu_coroutine_yield() allows the scsi-disk
coroutine to make progress as expected:

  mirror coroutine               scsi-disk coroutine
  -------------------------------------------------------------
  do last write

    qcow2:qemu_co_mutex_lock()
    ...
                                 scsi disk read

                                   tracked request begin

                                   qcow2:qemu_co_mutex_lock.enter

    qcow2:qemu_co_mutex_unlock()

  bdrv_drain.enter
>   schedule BH
>   qemu_coroutine_yield()
>                                  qcow2:qemu_co_mutex_lock.return
>                                  ...
                                   tracked request end
    ...
    (resumed from BH callback)
  bdrv_drain.return
  ...

Reported-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-id: 1459855253-5378-2-git-send-email-famz@redhat.com
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-04-11 16:59:09 +01:00
Peter Maydell
4e71220387 qemu-sparc update
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 
 iQEcBAABAgAGBQJXC8L6AAoJEFvCxW+uDzIfWE0IAIpZP7p1/fvlKHa2T4Y4yYQa
 M61dP+5a5u9FnZ2LHO/T8uTRU3Mg2cxfiE4IhzQOwZjywMJWqdsD6k22CD5W5dLr
 cL+m+ZDtPp5ey8gOavv1Xqh6BdTZMZiYrZUy+riYa62oF3Usg8m7g6Tapbsg8+jL
 MzZ7zKKO+x8bTTZg72Er0L+LpVoBYs+aaadGmOaXzGdHF4ia64a5G5GNXCtan0EK
 Liu0Hiy9Ugd+lMQeYueSIVmkGLtzAr2vVXjGDpZGUatefUCxnqhTj1hZYA0riBeD
 7AhaAUoeFA2v6OMdgm7ls/OSezJqnl1IgijVosOT96lYrw27dXAQ+xWHDFz/eMQ=
 =pWdi
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mcayland/tags/qemu-sparc-signed' into staging

qemu-sparc update

# gpg: Signature made Mon 11 Apr 2016 16:30:02 BST using RSA key ID AE0F321F
# gpg: Good signature from "Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>"

* remotes/mcayland/tags/qemu-sparc-signed:
  target-sparc: fix ldstub sign-extension bug

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-04-11 16:46:37 +01:00
Mark Cave-Ayland
4553e10360 target-sparc: fix ldstub sign-extension bug
ldstub [addr], reg incorrectly reads a signed byte from memory which causes
problems in the 32-bit Solaris mutex code. Here the byte value being read is
0xff which is incorrectly sign-extended to 0xffffffff before being written back
to the target register causing lock detection to behave incorrectly.

This fixes the intermittent hangs and MUTEX_HELD warnings issued to the
console when running 32-bit Solaris images under qemu-system-sparc.

With thanks to Joseph Dery for providing a condensed test image to consistently
reproduce the problem on demand, and Martin Husemann for allowing me access to
real hardware for comparison.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-By: Artyom Tarasenko <atar4qemu@gmail.com>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2016-04-11 16:25:07 +01:00
Peter Maydell
dc1ffa6661 target-arm queue:
* stellaris_enet: don't overrun buffer if fed oversize packet
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCAAGBQJXC6hbAAoJEDwlJe0UNgzelokP/0JJ3gCRvGu7dsIibuHxsPpo
 UCwyb8zVylDnaHC1ntGBTK/vdMkErsbsXM15CcG4BzBLKm2+to9cqqzDWreA8g2a
 lCgSqYiuifvazkHT6T+nx8lxrBlIqscJVOCrX18vBF4C+o5OOgbZXK0uwJdesg46
 jpm0dBvD4RpW8m0UV5xGQnTcrLju8xFnkOjjQthldOlLHftNmeV0xxdySns1+Cch
 YxEjmjhLfY+HhVdHv+fsNKyMHTT5rqJ9Dbbo/B+nGLDbgZObGc/Vo5mbV9Iw1m+Q
 Q42migAH82zK2ySwP6J0+w1KtGo22Np+HVvX774RTf8jcA8HUDXNsdPVpkYg1mYm
 /+BwTO/bIyo9tZMp+togYYN8YI92KJY3Kj+wilwM03I11pXxD3BkmCIo/Pwmkp/+
 cjOI8Nws6xymDrCMYmUL69WlsyN6ED2dxO4FrIgmstksUKM4v9rhJ4f9J5NtbFl+
 Yg79l7FhxZdbKWkKG7HDlsbF77Q/Zpfhll4tmuEaIvjrjLHUopsgprtTEYV7zEH+
 3SeqotwS52wN0KD61PCMgklHTe3LBtN3Rlpwd0epQPkZlbh/7SoHZPzxOvlI3x1T
 x/yu5muCU6Rwm3UhYc5guhcxZwAvFFLKhUCDMi2EpdaTmt+4i5syVIONk9nj7j4i
 XgqYQYZ7cGQfPO+/UCyT
 =Vpkq
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20160411' into staging

target-arm queue:
 * stellaris_enet: don't overrun buffer if fed oversize packet

# gpg: Signature made Mon 11 Apr 2016 14:36:27 BST using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>"
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>"

* remotes/pmaydell/tags/pull-target-arm-20160411:
  net: stellaris_enet: check packet length against receive buffer

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-04-11 14:37:53 +01:00
Prasad J Pandit
3a15cc0e1e net: stellaris_enet: check packet length against receive buffer
When receiving packets over Stellaris ethernet controller, it
uses receive buffer of size 2048 bytes. In case the controller
accepts large(MTU) packets, it could lead to memory corruption.
Add check to avoid it.

Reported-by: Oleksandr Bazhaniuk <oleksandr.bazhaniuk@intel.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-id: 1460095428-22698-1-git-send-email-ppandit@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-04-11 14:22:33 +01:00
Peter Maydell
5144fe3605 virtio-gpu: pixman surface fix, block live migration
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJXC4A+AAoJEEy22O7T6HE46NsP/Rrs1u0e9ALf/JJ1pzZnyNYn
 Z6AUVtSS3fs9FVPHAGdrAu1ZMkFi4160BrJkBZIMm3PdfmsZBaCaXQaEn8e2XN7V
 exvb7L1t9l2zNbLqxTq9Z/Zp4frkPpQplRrMaqFYXosgVLJ/xhg5NgO1LYUA1UtR
 Z7TJIwMb+FmtOz0moj08O7ed5nN6fvApuLA/MZYZ9PSnixrqn+Hk2wOPC+knjKIw
 T+B9eb0+eZZQH3rokxRsxXIiGkwvUsOBzJuBJilhqRhNlc+xbHX+78ckbM8SBGVE
 0VI2POrBtHUpPn3HImPNancS1Ux6Wa7qXniOhbrLDQzf+p/faPYjKoIHQ3MBWh+7
 VBh/If3rutUp7otEtIErgjP35dbx8ObLlWtUoHcm727UESiUCCmstUfDPi6MGakV
 8MikfVDJLGQy+bw6xgFWVVlbjoPQ7O4MYDnC+ck7c4ej0r7nISaG1p2a61TH2J3h
 jGHfS1QZX3H5f6/yJP8N95WLSpBTL7CxjGX/SH5/RH05z0FQlO4U80uirC1Aj/+9
 jhKO6DEf9Gt4jxPzz8N7QPqYkqJ4DITPkMG6QAKixVUD+7h4UwoRfBNqPwSdeUOr
 hjBWYXiLX/5O3iS/Wug3UGEjkvzV+H/HxtF/7ZM4B9bcOkJX9EK8rAmpk/f+psz3
 9ythLAayh/4Sdjqbk8MX
 =4gXu
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/pull-vga-20160411-1' into staging

virtio-gpu: pixman surface fix, block live migration

# gpg: Signature made Mon 11 Apr 2016 11:45:18 BST using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-vga-20160411-1:
  virtio-gpu: block live migration
  ui/virtio-gpu: add and use qemu_create_displaysurface_pixman

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-04-11 13:32:50 +01:00
Gerd Hoffmann
fa49e4656a virtio-gpu: block live migration
Feeling a bit nervous putting the full live migration support
patch (https://patchwork.ozlabs.org/patch/606902/) in that
late in the 2.6 devel cycle as it carries some non-trivial
changes.  So disable migration in case virtio-gpu is present
for now.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-04-11 12:36:34 +02:00
Gerd Hoffmann
ca58b45fbe ui/virtio-gpu: add and use qemu_create_displaysurface_pixman
Add a the new qemu_create_displaysurface_pixman function, to create
a DisplaySurface backed by an existing pixman image.  In that case
there is no need to create a new pixman image pointing to the same
backing storage.  We can just use the existing image directly.

This does not only simplify things a bit, but most importantly it
gets the reference counting right, so the backing storage for the
pixman image wouldn't be released underneath us.

Use new function in virtio-gpu, where using it actually fixes
use-after-free crashes.

Cc: qemu-stable@nongnu.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1459499240-742-1-git-send-email-kraxel@redhat.com
2016-04-11 12:32:01 +02:00
Peter Maydell
9628af036f MIPS patches 2016-04-08
Changes:
 * fix off-by-one error in ITU
 -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJXB300AAoJEFIRjjwLKdprPP4IAJIP7DyeQz9fQhckk+oKWvUo
 4h2W5Rx+6KhWE+kvdi1cNwWuIGdwByjodC8mS5hQjJyPs/NIWE8q+8YoxrfTxFaS
 2OkTr4IKb1l+8myVk36MThsw+PXkI4XA3PP3paTJ5u6rxyZgLcpMlfzx4Mn1cNYh
 SVQ3zjO6q49ZuqJbXyUTEMu+Fpqzp1ejHz+GLKeGvLMAW559XBsMOQurtXIGKN1w
 ZOc214FIdx4K5Ywtl7nLt1xwiRocnORdYOjqW09PhELxMM+sg/3tse5UJMZV5Moi
 WYk4dt8wVUIxoMTu9I1cn7afiVN53u2YO6bvyESTf+z9bBYuwWCOiFnIEegf0FA=
 =ZPQ1
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/lalrae/tags/mips-20160408' into staging

MIPS patches 2016-04-08

Changes:
* fix off-by-one error in ITU

# gpg: Signature made Fri 08 Apr 2016 10:43:16 BST using RSA key ID 0B29DA6B
# gpg: Good signature from "Leon Alrae <leon.alrae@imgtec.com>"

* remotes/lalrae/tags/mips-20160408:
  hw/mips_itu: fix off-by-one reported by Coverity

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-04-08 13:45:52 +01:00
Peter Maydell
8227e2d167 pci, virtio, acpi: fixes for 2.6
Fixes all over the place. Most notably, fixes migration
 for systems with pci express bridges, and random crashes
 observed with virtio blk and scsi dataplane.
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJXB2OKAAoJECgfDbjSjVRpcfkH/jRxiCmaC2hArYS+xK1HXJuf
 FUuI6JpbrvcuxdoNNm3E3BLM+vweYJ2JsVfY47l7zFcQVnBCmdRw4JMUetpqvt5C
 ekEwuokvWcSwdCT6y3mUW3euZ5iBoiFxYAvjwtM4p2Aut6urZUA3oeBSsSikGWJj
 itKsdeaaGN5bzC7BJYROUIs8VuK4VfIPpRBGF20smfMjXZq2liOnW7NK5mQ8BClg
 klXfLnZ39IdR+MQ37J1uo9TgY/HcdOGRK1KYezq+6nsO4jlAfGrDr99+D9bsheLJ
 G1jZLDEa+oTjfoCvqVkCK3+8O2vvHQe2BeR9sCEipYY9401gQPCqq4fmhv8/+O0=
 =U4yU
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

pci, virtio, acpi: fixes for 2.6

Fixes all over the place. Most notably, fixes migration
for systems with pci express bridges, and random crashes
observed with virtio blk and scsi dataplane.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Fri 08 Apr 2016 08:53:46 BST using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"

* remotes/mst/tags/for_upstream:
  hw/pci-bridge: Add missing unref in case register-bus fails
  virtio: merge virtio_queue_aio_set_host_notifier_handler with virtio_queue_set_aio
  virtio-scsi: use aio handler for data plane
  virtio-blk: use aio handler for data plane
  virtio: add aio handler
  virtio-scsi: fix disabled mode
  virtio-blk: fix disabled mode
  virtio: make virtio_queue_notify_vq static
  tests/bios-tables-test: fix assert
  virtio-balloon: reset the statistic timer to load device
  Migration: Add i82801b11 migration data
  Sort the fw_cfg file list
  xen: piix reuse pci generic class init function
  pci-testdev: fast mmio support
  acpi: Add missing GCC_FMT_ATTR

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-04-08 12:45:53 +01:00
Peter Maydell
3be4f4d724 ppc patch queue for 2016-04-08
Just a single bugfix for spapr in this batch, but I want to make sure
 it gets in for 2.6.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJXBzt1AAoJEGw4ysog2bOSyGQQAIL4aADwOhNoVLjtvBN3eoPQ
 cP+Ps3DCK/9Z9l00cMR6/8zk5Q2Nb1FLf2Y3f3c2JVEFER8XCnsYPIyYfOZaMex4
 /8DUfVueTh0RmpxhWwA4vQJtDqrilB0tUkkqgWFPE2luJcTVTUU7mig788d2yrmp
 J35ncNaMcrXGy0Uh/wBlnOpfHD17ds8Sgpw02TT9QusqIjq8MWIkgat0v+h4RmRL
 lzEE5N1Vp8vOvJENTEnuuKFbFTxcvhBS+A2K1y+s10k7c1CuFFJpAZY7g3T4hpqU
 NZAirty5WeMlSYk9A0gQhgHWq2XSgbDWWj6tMGd5sCEQH5D6Kty0TPWnCpzSxjgu
 aqGr7BqAV+NV/Rr/jGy4gvE432f1pZWUIxq271OH9H5aniCWSYFBR7w4UEaM1BPQ
 I5tzkp7P1PMWIm/K5ryFVo083kU08KFXZDSbQR/vu4O+DuohPUKYid5cv4wJj/W+
 GSzBwTwtp8iY2rs/nbMptSYHKYFYtd5PuALf4BoK62sF72NtWq+41X3QV8I4cIQd
 hM03NyuObgnY7aygPmo9OGsvW/Dx8DKKoEO0QX+2gFa22rJ+j7RLSu7pHFW1JEXa
 5VkVlTtN8L5NeeG0PdkgkChcgiqahUA6bRjekpFzdoncfsmmiPkiP5xQqK1DVKhW
 SoJacddcj86QGpT1aioU
 =4ZAr
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.6-20160408' into staging

ppc patch queue for 2016-04-08

Just a single bugfix for spapr in this batch, but I want to make sure
it gets in for 2.6.

# gpg: Signature made Fri 08 Apr 2016 06:02:45 BST using RSA key ID 20D9B392
# gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>"
# gpg:                 aka "David Gibson (Red Hat) <dgibson@redhat.com>"
# gpg:                 aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 B392

* remotes/dgibson/tags/ppc-for-2.6-20160408:
  spapr: Fix ibm,lrdr-capacity

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-04-08 11:54:19 +01:00
Peter Maydell
24790aefe0 Xtensa-related fixes:
- fix networking on xtfpga platform in linux v4.5 by indicating
   autonegotiation completion in opencores_eth MII BMSR.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJXBuBXAAoJEFH5zJH4P6BEwAwP/0+MvaQCwv0IXKA6lPgUgDFl
 oofrkJhC/4eV+n0LF7v6kl2WeZvK+kG4qJHDqp9ARlGel5qzGQ8pORqx+S7U3TrD
 Qxw6xwbYNOf+vstDnN36fnd7rUlRwl5QjaWXA3zemya9uaFKX748mq5AV52T6GU+
 C3jmUiMMlE/2B5EkLiR6D1K/MkAsf41plvfIhTozxcxQqjNkeIzYRwli7TAKiDxI
 KZZGCIC0Jh1ZHevvbX3bdrj+0xf+pDeB5tG26ZnXjf2zbrnft589PqNsNZ2TcZ6m
 RBNYOJBqQx+h0FHCNonMveZKNZ6HvIMC+AHmwM8nfmRxPMeqWyLwyiI0w5x0vhW5
 bnsAcPY67BaVJddDDD+udfMGUAHAb1QttcwNYUOTal3SJGDGbUmKb2OVyeRmXpoH
 4DIOlhno45bd7pagkefENR9MuOqwxrzm4qkkyazYogwyXilLPOrVgYHW2COQRsJ8
 PG180PDsY0FYmmf1i/64LJDKXOIjf1VnFDTC3lWoVbibDiNtvAEvAMgAdnNqmTHT
 Xl1RuDdZke28TmsU4gRKiLsGIwentiTJxNMiKCjpDYsrTIN7f2GwirL8wNnYuz79
 iNKPcWOh/fNxTnLVkheoyzc1fOPUzq36I+RALxA2WkvEmOUdKobXCmABDz0ByQBh
 Z+/B0kXXQ0hAK84qR6eB
 =otcW
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/xtensa/tags/20160408-xtensa' into staging

Xtensa-related fixes:

- fix networking on xtfpga platform in linux v4.5 by indicating
  autonegotiation completion in opencores_eth MII BMSR.

# gpg: Signature made Thu 07 Apr 2016 23:33:59 BST using RSA key ID F83FA044
# gpg: Good signature from "Max Filippov <max.filippov@cogentembedded.com>"
# gpg:                 aka "Max Filippov <jcmvbkbc@gmail.com>"

* remotes/xtensa/tags/20160408-xtensa:
  opencores_eth: indicate autonegotiation completion

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-04-08 11:28:49 +01:00
Peter Maydell
5542417dae tci patch queue
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCAAGBQJXBpKDAAoJEOCMIdVndFCt1UEQAJRZElQb/RwNUaSU+KimzNQE
 HQf1itwH06F7rvpDXq9fNM0pM/sMp1Rpaf2HZRhInxryiZSglWw0jo00FHtfLuOo
 i/abG2mtw9OIFKbs4uJ7nXcTpMkxjYtQ5hMLDYe56sZECn7XXkCDMS26WbNiBB3g
 96giALkeRBtxZO3x4AzdtuL5d7ZFUqwn2CT9SiW3lmg7sP0vJMoyEJhZcod76AfV
 2kF+iUjC/V6qPX8Hb9ZjLgZt9P0lDwh1qUVGzYkrXgVLZVvFlCtVLFbnFNZNeH/b
 PJRRLLbc3UoF7kdloKbPaefKgGhdU7UQuCtfY/t+DCenJZZFzxRcgYbFoWUIYZde
 h4Viu47z2QQMWBX7xrCR1dNJz8z/9vwlFnznZvZoRIGNB/Wo04l5gfqVvF2/UwzC
 jfI2YakmLHKpt3wp5VY7DRz2ZcWGnJ0JjJue41tQNyW0GFKsbsyA0bcQcPHsE3EK
 m9oX/81GT4oKoRJikCJXKiVRLkwxWBOkaiF7EiIumxiIryHNdPYV4S2mNGYoJJGE
 7WUc2o9Zrm7Fi8i7NGn3xsRmLrjykwKuEqK/YG/zZ0+REvGDtJnXvmXfoUL/4JQL
 pCU1B6UUhiTRjzIxddq3cXftO+ZwFXjYZN6D/tI/jFkTVv0XQWhqqo9K9SiODKHr
 0l+PnD1h/wXzBT+M8m9I
 =PUZP
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/weil/tags/pull-tci-20160407' into staging

tci patch queue

# gpg: Signature made Thu 07 Apr 2016 18:01:55 BST using RSA key ID 677450AD
# gpg: Good signature from "Stefan Weil <sw@weilnetz.de>"
# gpg:                 aka "Stefan Weil <stefan.weil@weilnetz.de>"
# gpg:                 aka "Stefan Weil <stefan.weil@bib.uni-mannheim.de>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 4923 6FEA 75C9 5D69 8EC2  B78A E08C 21D5 6774 50AD

* remotes/weil/tags/pull-tci-20160407:
  tci: Fix build regression

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-04-08 10:51:45 +01:00
Peter Maydell
28ee01269e * NBD fixes from Alex and Eric
* Debug code bitrot from Emilio
 * HPET fix from Bill
 * ps2kbd fix from Hervé
 * PKU fix from myself
 * Coverity fixes from Gonglei
 * More memory.txt update from Jiangang
 * .gitignore maintenance from Changlong
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQEcBAABCAAGBQJXBtpMAAoJEL/70l94x66Dz18H/im1nR9+DII3V4Ch2DOA/xaL
 gCDHOr+KOXnzLcKQytfBCRjVsXZKnd2kayxtDrFc6ebCh7+Uar5+Z21P0wzCry5a
 Z/LohJXg7rdHCNaF+9yW7uVbvDjuaepnS1fO9PaMnLviLjqxbIhZixYvuYRPwXD7
 oFp88+cbgONIFTe7riXaVGBjjjsyTV8DyXyyS7zlBsuaTihfSYDuYy8upgrCk3Af
 k9P/VqHxoNpnR1dMPVJdjyN6UQwWYB6i1g4GOEFessRu3H7wz0zCtzUuFL8dGIEs
 3VZ7pQ/1QCPr5zaMn7EXofusxeZhU+gZwDnp/bsgGSI73MnMZkTB4Ws8CPf6AXA=
 =1rhX
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

* NBD fixes from Alex and Eric
* Debug code bitrot from Emilio
* HPET fix from Bill
* ps2kbd fix from Hervé
* PKU fix from myself
* Coverity fixes from Gonglei
* More memory.txt update from Jiangang
* .gitignore maintenance from Changlong

# gpg: Signature made Thu 07 Apr 2016 23:08:12 BST using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"

* remotes/bonzini/tags/for-upstream:
  target-i386: check for PKU even for non-writable pages
  tests: ignore test-logging
  translate-all: add missing fold of tb_ctx into tcg_ctx
  hostmem-file: fix memory leak
  spapr: fix possible Negative array index read
  nbd: do not hang nbd_wr_syncv if outside a coroutine and no available data
  nbd: Don't kill server when client requests unknown option
  nbd: Fix NBD unsupported options
  qemu-nbd: Document -x option
  nbd: Improve debug traces on little-endian
  nbd: Avoid bitrot in TRACE() usage
  nbd: Return correct error for write to read-only export
  docs: fix typo in memory.txt
  hw/timer: Revert "hpet: inverse polarity when pin above ISA_NUM_IRQS"
  ps2kbd: default to scancode_set 2, as with KBD_CMD_RESET

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-04-08 10:25:22 +01:00
Leon Alrae
f2eb665a11 hw/mips_itu: fix off-by-one reported by Coverity
Fix off-by-one error in ITC Tag read.

Remove the switch as we just want to check if index is in valid range
rather than test against list of values.

Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2016-04-08 09:19:26 +01:00
Bharata B Rao
a110655a06 spapr: Fix ibm,lrdr-capacity
ibm,lrdr-capacity has a field to describe the maximum address in bytes
and therefore, the most memory that can be allocated to this guest. We
are using maxmem for this field, but instead should use the actual RAM
address corresponding to the end of hotplug region.

Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-04-08 11:18:10 +10:00
Paolo Bonzini
44d066a2f7 target-i386: check for PKU even for non-writable pages
Xiao Guangrong ran kvm-unit-tests on an actual machine with PKU and
found that it fails:

test pte.p pte.user pde.p pde.user pde.a pde.pse pkru.wd pkey=1 user write efer.nx cr4.pke: FAIL: error code 27 expected 7
Dump mapping: address: 0x123400000000
------L4: 2ebe007
------L3: 2ebf007
------L2: 8000000020000a5

(All failures are combinations of "pde.user pde.p pkru.wd pkey=1",
plus either "pde.pse" or "pte.p pte.user", plus one of "user cr0.wp",
"cr0.wp" or "user", plus unimportant bits such as accessed/dirty or
efer.nx).

So PFEC.PKEY is set even if the ordinary check failed (which it did
because pde.w is zero).  Adjust QEMU to match behavior of silicon.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-04-08 00:07:56 +02:00
Changlong Xie
57a6c059a6 tests: ignore test-logging
Commit 3514552e added a new test, but did not mark it for
exclusion in .gitignore.

Signed-off-by: Changlong Xie <xiecl.fnst@cn.fujitsu.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <1459903756-30672-1-git-send-email-xiecl.fnst@cn.fujitsu.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-04-08 00:07:56 +02:00
Emilio G. Cota
7e6bd36d61 translate-all: add missing fold of tb_ctx into tcg_ctx
Since 5e5f07e08 "TCG: Move translation block variables
to new context inside tcg_ctx: tb_ctx" on Feb 1 2013, compilation
of usermode + TB_DEBUG_CHECK has been broken. Fix it.

Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-Id: <1459834253-8291-2-git-send-email-cota@braap.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-04-08 00:07:56 +02:00
Gonglei
696b55017d hostmem-file: fix memory leak
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Message-Id: <1456998223-12356-5-git-send-email-arei.gonglei@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-04-08 00:07:56 +02:00
Gonglei
1a5512bb7e spapr: fix possible Negative array index read
fix CID 1351391.

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Message-Id: <1456998223-12356-6-git-send-email-arei.gonglei@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-04-08 00:07:56 +02:00
Paolo Bonzini
dacca04c8d nbd: do not hang nbd_wr_syncv if outside a coroutine and no available data
Until commit 1c778ef7 ("nbd: convert to using I/O channels for actual
socket I/O", 2016-02-16), nbd_wr_sync returned -EAGAIN this scenario.
nbd_reply_ready required these semantics because it has two conflicting
requirements:

1) if a reply can be received on the socket, nbd_reply_ready needs
to read the header outside coroutine context to identify _which_
coroutine to enter to process the rest of the reply

2) on the other hand, nbd_reply_ready can find a false positive if
another thread (e.g. a VCPU thread running aio_poll) sneaks in and
calls nbd_reply_ready too.  In this case nbd_reply_ready does nothing
and expects nbd_wr_syncv to return -EAGAIN.

Currently, the solution to the first requirement is to wait in the very
rare case of a read() that doesn't retrieve the reply header in its
entirety; this is what nbd_wr_syncv does by calling qio_channel_wait().
However, the unconditional call to qio_channel_wait() breaks the second
requirement.  To fix this, the patch makes nbd_wr_syncv return -EAGAIN
if done is zero, similar to the code before commit 1c778ef7.

This is okay because NBD client-side negotiation is the only other case
that calls nbd_wr_syncv outside a coroutine, and it places the socket
in blocking mode.  On the other hand, it is a bit unpleasant to put
this in nbd_wr_syncv(), because the function is used by both client
and server.

The full fix would be to add a counter to NbdClientSession for how
many bytes have been filled in s->reply.  Then a reply can be filled
by multiple separate invocations of nbd_reply_ready and the
qio_channel_wait() call can be removed completely.  Something to
consider for 2.7...

Reported-by: Changlong Xie <xiecl.fnst@cn.fujitsu.com>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-04-08 00:07:44 +02:00
Eric Blake
156f6a10c2 nbd: Don't kill server when client requests unknown option
nbd-server.c currently fails to handle unsupported options properly.
If during option haggling the client sends an unknown request, the
server kills the connection instead of letting the client try to
fall back to something older.  This is precisely what advertising
NBD_FLAG_FIXED_NEWSTYLE was supposed to fix.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1459982918-32229-1-git-send-email-eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-04-08 00:07:44 +02:00
Alex Bligh
6ff5816478 nbd: Fix NBD unsupported options
nbd-client.c currently fails to handle unsupported options properly.
If during option haggling the server finds an option that is
unsupported, it returns an NBD_REP_ERR_UNSUP reply.

According to nbd's proto.md, the format for such a reply
should be:

  S: 64 bits, 0x3e889045565a9 (magic number for replies)
  S: 32 bits, the option as sent by the client to which this is a reply
  S: 32 bits, reply type (e.g., NBD_REP_ACK for successful completion,
     or NBD_REP_ERR_UNSUP to mark use of an option not known by this server
  S: 32 bits, length of the reply. This may be zero for some replies,
     in which case the next field is not sent
  S: any data as required by the reply (e.g., an export name in the case
     of NBD_REP_SERVER, or optional UTF-8 message for NBD_REP_ERR_*)

However, in nbd-client.c, the reply type was being read, and if it
contained an error, it was bailing out and issuing the next option
request without first reading the length. This meant that the
next option / handshake read had an extra 4 or more bytes of data in it.
In practice, this makes Qemu incompatible with servers that do not
support NBD_OPT_LIST.

To verify this isn't an error in the specification or my reading of
it, replies are sent by the reference implementation here:
 https://github.com/yoe/nbd/blob/66dfb35/nbd-server.c#L1232
and as is evident it always sends a 'datasize' (aka length) 32 bit
word. Unsupported elements are replied to here:
 https://github.com/yoe/nbd/blob/66dfb35/nbd-server.c#L1371

Signed-off-by: Alex Bligh <alex@alex.org.uk>
Message-Id: <1459882500-24316-1-git-send-email-alex@alex.org.uk>
[rework to ALWAYS consume an optional UTF-8 message from the server]
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1459961962-18771-1-git-send-email-eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-04-08 00:07:44 +02:00
Eric Blake
332a254b66 qemu-nbd: Document -x option
Commit 3d4b2f9c added -x to force qemu-nbd to use new-style
negotiation, but while it documented it in the man page, it
omitted docs in the --help output.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1459908128-11925-1-git-send-email-eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-04-08 00:07:44 +02:00
Eric Blake
7548fe3116 nbd: Improve debug traces on little-endian
Print debug tracing messages while data is still in native
ordering, rather than after we've potentially swapped it into
network order for transmission.  Also, it's nice if the server
mentions what it is replying, to correlate it to with what the
client says it is receiving.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1459913704-19949-4-git-send-email-eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-04-08 00:07:44 +02:00
Eric Blake
8c6597123a nbd: Avoid bitrot in TRACE() usage
The compiler is smart enough to optimize out 'if (0)', but won't
type-check our printfs if they are hidden behind #if.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1459913704-19949-3-git-send-email-eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-04-08 00:07:43 +02:00
Eric Blake
c0301fcc81 nbd: Return correct error for write to read-only export
The NBD Protocol requires that servers should send EPERM for
attempts to write (or trim) a read-only export.  We were
correct for TRIM (blk_co_discard() gave EPERM); but were
manually setting EROFS which then got mapped to EINVAL over
the wire on writes.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1459913704-19949-2-git-send-email-eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-04-08 00:07:43 +02:00