Commit Graph

21299 Commits

Author SHA1 Message Date
Mitsyanko Igor
4e8f1be212 hw/sd.c: make sd_wp_addr() return bool
For the sake of code clarity

Signed-off-by: Igor Mitsyanko <i.mitsyanko@samsung.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-08-13 11:04:07 +01:00
Mitsyanko Igor
879bf4a716 hw/sd.c: make sd_dataready() return bool
For the sake of code clarity

Signed-off-by: Igor Mitsyanko <i.mitsyanko@samsung.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-08-13 11:04:07 +01:00
Mitsyanko Igor
bebd12717c hw/sd.c: convert binary variables to bool
Several members of SDState have type int when they actually are binary variables.
Change type of these variables to bool to improve code readability. Change SD API
to be in consistency with new variables type.

Signed-off-by: Igor Mitsyanko <i.mitsyanko@samsung.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-08-13 11:04:06 +01:00
Mitsyanko Igor
b7202b8870 hw/sd.c: introduce wrapper for conversion address to wp group
Add wrapper function sd_addr_to_wpnum() to replace long address-->wg_group
conversion line.

Signed-off-by: Igor Mitsyanko <i.mitsyanko@samsung.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-08-13 11:04:06 +01:00
Mitsyanko Igor
347cab1a76 hw/sd.c: make sd_wp_addr() accept 64 bit address argument
Currently sd_wp_addr() accepts 32 bit address arguments therefore implicitly
restricting SD card address range. Change address argument type to uint64_t.

Signed-off-by: Igor Mitsyanko <i.mitsyanko@samsung.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-08-13 11:04:06 +01:00
Mitsyanko Igor
a9c0183059 hw/sd.c: convert wp_groups in SDState to bitfield
Representing each group write protection flag with only one bit instead of int
variable significantly reduces memory consumption.

Signed-off-by: Igor Mitsyanko <i.mitsyanko@samsung.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-08-13 11:04:06 +01:00
Peter A. G. Crosthwaite
01fd41ab3f armv7m: Guard against no -kernel argument
A -kernel argument must be specified for this machine. Guard against no -kernel
argument. Previously gave an unhelpful "bad address" error message.

Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Tested-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-08-13 11:04:05 +01:00
Peter Maydell
55e00a19b6 hw/armv7m_nvic: Fix incorrect default for num-irqs property
Fix an incorrect default value for the num-irqs property (we were
attempting to override it from the default set by the parent class
but not succeeding, which meant that the lm3s6965evb model would
assert on startup attempting to wire up nonexistent irq lines).
Instead of trying to override the parent's Property array, we
define an instance_init function which runs after default setup
but before user property setting and can just fix up the default
value in the gic_state struct.

Reported-by: Peter Crosthwaite <peter.crosthwaite@petalogix.com>
Tested-by: Peter Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-08-13 11:04:05 +01:00
Anthony Liguori
33e95c6328 qom: Reimplement Interfaces
The current implementation of Interfaces is poorly designed.  Each interface
that an object implements ends up being an object that's tracked by the
implementing object.  There's all sorts of gymnastics to deal with casting
between these objects.

But an interface shouldn't be associated with an Object.  Interfaces are global
to a class.  This patch moves all Interface knowledge to ObjectClass eliminating
the relationship between Object and Interfaces.

Interfaces are now abstract (as they should be) but this is okay.  Interfaces
essentially act as additional parents for the classes and are treated as such.

With this new implementation, we should fully support derived interfaces
including reimplementing an inherited interface.

PC: Rebased against qom-next merge Jun-2012.

PC: Removed replication of cast logic for interfaces, i.e. there is only
one cast function - object_dynamic_cast() (and object_dynamic_cast_assert())

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2012-08-13 11:20:41 +02:00
Peter A. G. Crosthwaite
669b498301 xilinx_axi*: Re-implemented interconnect
Re-implemented the interconnect between the Xilinx AXI ethernet and DMA
controllers. A QOM interface "stream" is created, for the two stream interfaces.

As per Edgars request, this is designed to be more generic than AXI-stream,
so in the future we may see more clients of this interface beyond AXI stream.

This is based primarily on Paolos original refactoring of the interconnect.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Peter A.G. Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2012-08-13 11:20:41 +02:00
Anthony Liguori
346fe0c4c0 Merge remote-tracking branch 'stefanha/trivial-patches' into staging
* stefanha/trivial-patches:
  target-arm: Fix typos in comments
  arm: translate: comment typo - s/middel/middle/
  vl.c: Exit QEMU early if no machine is found
2012-08-11 19:49:03 -05:00
Anthony Liguori
53810bab3a Merge remote-tracking branch 'kwolf/for-anthony' into staging
* kwolf/for-anthony:
  qemu-iotests: skip 039 with ./check -nocache
  block: add BLOCK_O_CHECK for qemu-img check
  qcow2: mark image clean after repair succeeds
  qed: mark image clean after repair succeeds
  blockdev: flip default cache mode from writethrough to writeback
  virtio-blk: disable write cache if not negotiated
  virtio-blk: support VIRTIO_BLK_F_CONFIG_WCE
  qemu-iotests: Save some sed processes
  ahci: Fix sglist memleak in ahci_dma_rw_buf()
  ahci: Fix ahci cdrom read corruptions for reads > 128k
  virtio-blk: fix use-after-free while handling scsi commands
2012-08-11 19:48:50 -05:00
Anthony Liguori
312942619a Merge remote-tracking branch 'bonzini/scsi-next' into staging
* bonzini/scsi-next:
  scsi-disk: add support for the UNMAP command
  scsi-disk: improve out-of-range LBA detection for WRITE SAME
  scsi-disk: more assertions and resets for aiocb
  virtio-scsi: do not compare 32-bit QEMU tags against 64-bit virtio-scsi tags
  iscsi: Pick default initiator-name based on the name of the VM
  iscsi: reorganize code for parse_initiator_name
  iscsi: do not leak initiator_name
2012-08-11 17:11:23 -05:00
Blue Swirl
c075a72399 configure: fix double check tests with Clang
Configuring with Clang compiler with -Werror would not work after
improved checks:
/tmp/qemu-conf--25992-.c:4:32: error: self-comparison always evaluates
to true [-Werror,-Wtautological-compare]
int main(void) { return preadv == preadv; }
/tmp/qemu-conf--25992-.c:13:26: error: self-comparison always
evaluates to true [-Werror,-Wtautological-compare]
    return epoll_create1 == epoll_create1;
/tmp/qemu-conf--25992-.c:3:13: error: explicitly assigning a variable
of type 'char **' to itself [-Werror,-Wself-assign]
    environ = environ;

Avoid the errors by adjusting the tests.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-08-11 15:07:45 +00:00
Peter Maydell
8dc38a78d0 configure: Check for -Werror causing failures when compiling tests
Add support for checking whether test case code can compile without
warnings, by recompiling each successful test with -Werror. If the
-Werror version doesn't pass, we bail out. This gives us the same
level of visibility of warnings in test code as --enable-werror
provides for the main compile.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-08-11 15:07:41 +00:00
Igor Mitsyanko
5fda043f9c exec.c: fix dirty bitmap reallocation
For each newly created RAM block, dirty bitmap is reallocated with g_realloc, which doesn't
make any promises on initial content of new extra data in returned buffer. In theory,
we initialize this new data with cpu_physical_memory_set_dirty_range() call. The
problem is, cpu_physical_memory_set_dirty_range() has a side effect of incrementing
ram_list.dirty_pages variable, but only for pages which are not already dirty. And
page "cleanliness" is determined using the same not yet uninitialized dirty bitmap
we've just reallocated. This results in inconsistency between real dirty page number
and value in ram_list.dirty_pages variable, which in turn could (and will) result
in errors during VM migration.
Zero initialize new dirty bitmap bytes to fix this problem.

Signed-off-by: Igor Mitsyanko <i.mitsyanko@samsung.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-08-11 12:23:46 +00:00
Stefan Hajnoczi
0521d375a1 Makefile: add qapi.py dependencies
Commit 427a1a2cb1 ("qapi: avoid reserved
keywords") modifies qapi.py, which is used by qapi-types.py and other
Python scripts.  Because Makefile has no dependencies for qapi.py the
qapi code generator will not be rerun and the following build error is
produced:

  net/slirp.c: In function ‘net_init_slirp’:
  net/slirp.c:721:50: error: ‘NetdevUserOptions’ has no member named ‘q_restrict’

Fix this issue by adding the missing qapi.py dependencies.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-08-11 12:21:20 +00:00
Guan Xuetao
ff5928d0f2 unicore32-softmmu: Add a minimal curses screen support
This patch adds a minimal curses screen support for unicore32-softmmu.
We assume 80*30 screen size to minimize the implementation.
Two problems are not solved, but they are innocuous.
1. curses windows will be blank when switching to monitor screen and back
2. backspace is not handled yet

v1->v2: add extra handler for '\r'

Signed-off-by: Zhang Mengchi <zhangmengchi@mprc.pku.edu.cn>
Signed-off-by: Guan Xuetao <gxt@mprc.pku.edu.cn>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-08-11 09:37:05 +00:00
Guan Xuetao
1e5cdaa1ca unicore32: Close dump-option of cpu_dump_state_ucf64 function
Since of tedious output, we close dump-option of cpu_dump_state_ucf64 function.

Signed-off-by: Guan Xuetao <gxt@mprc.pku.edu.cn>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-08-11 09:37:05 +00:00
Guan Xuetao
c5240d8232 unicore32: Disintegrate cpu_dump_state_ucf64 function
This patch disintegrates cpu_dump_state_ucf64 function from cpu_dump_state.

Signed-off-by: Guan Xuetao <gxt@mprc.pku.edu.cn>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-08-11 09:37:04 +00:00
Guan Xuetao
e8ede0a8bb unicore32: Split UniCore-F64 instruction helpers from helper.c
This patch just splits ucf64 instruction simulation helpers from
helper.c.
Also, two checkpatch warnings are solved.

v1->v2: adjust copyright information for new ucf64_helper.c

Signed-off-by: Guan Xuetao <gxt@mprc.pku.edu.cn>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-08-11 09:37:04 +00:00
Guan Xuetao
220c214745 unicore32-softmmu: Add is_default setting for puv3 machine
This patch sets is_default to 1 for puv3 machine, so that
find_default_machine() returns puv3 machine.
Thanks Dunrong for pointing it out.

Cc: Dunrong Huang <riegamaths@gmail.com>
Signed-off-by: Guan Xuetao <gxt@mprc.pku.edu.cn>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-08-11 09:37:03 +00:00
Guan Xuetao
ab9528ca8f unicore32-softmmu: Add maintainer information for UniCore32 machine
Signed-off-by: Guan Xuetao <gxt@mprc.pku.edu.cn>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-08-11 09:37:02 +00:00
Guan Xuetao
79683f6117 unicore32-softmmu: Add ps2 support
This patch adds ps2/keyboard support, and enables CONFIG_PCKBD.

Signed-off-by: Guan Xuetao <gxt@mprc.pku.edu.cn>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-08-11 09:37:02 +00:00
Guan Xuetao
1ea3489963 unicore32-softmmu: Add puv3 dma support
This patch adds puv3 dma (Direct Memory Access) support,
include dma device simulation for kernel booting.

v1->v2: Add initialization to ret in puv3_dma_read.

Signed-off-by: Guan Xuetao <gxt@mprc.pku.edu.cn>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-08-11 09:37:01 +00:00
Guan Xuetao
f716c1973a unicore32-softmmu: Add puv3 pm support
This patch adds puv3 pm (power management) support,
include pm device simulation for kernel booting.
Thank Blue Swirl for pointing out the missing "break".

v1->v2: Add initialization to ret in puv3_pm_read.

Signed-off-by: Guan Xuetao <gxt@mprc.pku.edu.cn>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-08-11 09:37:01 +00:00
Guan Xuetao
a89d01c192 unicore32-softmmu: Add puv3 gpio support
This patch adds puv3 gpio (General Purpose Input/Output) support,
include gpio device simulation and its interrupt support.

v1->v2: Add initialization to ret in puv3_gpio_read.

Signed-off-by: Guan Xuetao <gxt@mprc.pku.edu.cn>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-08-11 09:37:00 +00:00
Guan Xuetao
56d07a9050 unicore32-softmmu: Add puv3 ostimer support
This patch adds puv3 ostimer support, include os timer
device simulation and ptimer support in puv3 machine.

Signed-off-by: Guan Xuetao <gxt@mprc.pku.edu.cn>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-08-11 09:37:00 +00:00
Guan Xuetao
5c8556a6f6 unicore32-softmmu: Add puv3 interrupt support
This patch adds puv3 interrupt support, include interrupt controler
device simulation and interrupt handler in puv3 machine.

Signed-off-by: Guan Xuetao <gxt@mprc.pku.edu.cn>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-08-11 09:36:59 +00:00
Guan Xuetao
fbbdf9838d unicore32-softmmu: Add puv3 soc/board support
This patch only add puv3 soc/board support, which introduces puv3
machine description, and specifies console type.

Signed-off-by: Guan Xuetao <gxt@mprc.pku.edu.cn>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-08-11 09:36:59 +00:00
Guan Xuetao
ef03168a85 unicore32-softmmu: Make sure that kernel can access user space
As a matter of course, we need to access user space in kernel code,
so we need to correct load/store decoders to indicate correct memory
region.

Signed-off-by: Guan Xuetao <gxt@mprc.pku.edu.cn>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-08-11 09:36:58 +00:00
Guan Xuetao
f3ccc32369 unicore32-softmmu: Implement softmmu specific functions
This patch implements softmmu specific functions, include tlb_fill,
switch_mode, do_interrupt and uc32_cpu_handle_mmu_fault.
So the full exception handlers and page table walking could work now.

Signed-off-by: Guan Xuetao <gxt@mprc.pku.edu.cn>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-08-11 09:36:58 +00:00
Andreas Färber
889c134a82 target-unicore32: Drop UC32_CPUID macros
Any code that depends on a particular CPU type can now go through
callbacks on the QOM UniCore32CPUClass.

Signed-off-by: Andreas Färber <afaerber@suse.de
Acked-by: Guan Xuetao <gxt@mprc.pku.edu.cn>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-08-11 09:36:57 +00:00
Guan Xuetao
d48813dd76 unicore32-softmmu: Make UniCore32 cpuid & exceptions correct and runable
This patch initializes the cpuid to exactly correct value because
linux kernel will check it.
In addition, the exception types are specified in proper situations.
Then it could make exceptions generated correctly and timely.

Signed-off-by: Guan Xuetao <gxt@mprc.pku.edu.cn>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-08-11 09:36:56 +00:00
Guan Xuetao
527d9979b4 unicore32-softmmu: Add coprocessor 0(sysctrl) and 1(ocd) instruction support
Coprocessor 0 is system control coprocessor, and we need get/set its contents.
Also, all cache/tlb ops shoule be implemented here, but just ignored with no harm.

Coprocessor 1 is OCD (on-chip-debugger), which is used for faked console,
so we could output chars to this console without graphic card.
TODO: curses display should be added lator for screen output.

Signed-off-by: Guan Xuetao <gxt@mprc.pku.edu.cn>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-08-11 09:36:56 +00:00
Guan Xuetao
4f23a1e645 unicore32-softmmu: Add unicore32-softmmu build support
This patch adds unicore32-softmmu build support, include configure,
makefile, arch_init, and all missing functions needed by softmmu.
Although all missing functions are empty, unicore32-softmmu could
be build successfully.
By 20120804: change QEMU_ARCH_UNICORE32 to 0x4000

Signed-off-by: Guan Xuetao <gxt@mprc.pku.edu.cn>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-08-11 09:36:55 +00:00
Peter Maydell
b90372ad2a target-arm: Fix typos in comments
Fix a variety of typos in comments in target-arm files.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2012-08-10 14:37:28 +01:00
Peter A. G. Crosthwaite
656267413c arm: translate: comment typo - s/middel/middle/
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2012-08-10 14:33:16 +01:00
Dunrong Huang
fb7c269ed6 vl.c: Exit QEMU early if no machine is found
We check whether the variable machine is NULL or not before accessing
it. If machine is NULL, exit QEMU with an error, this can avoids a
segfault error.

Markus Armbruster <armbru@redhat.com> adds that the segfault can be
reproduced as follows:

  $ qemu-system-xtensa -cpu help

Signed-off-by: Dunrong Huang <riegamaths@gmail.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2012-08-10 14:28:11 +01:00
Stefan Hajnoczi
166f3c7b70 qemu-iotests: skip 039 with ./check -nocache
When the qemu-io --nocache option is used the 039 test case cannot abort
QEMU at a point where the image is dirty.  Skip the test case.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-08-10 10:25:12 +02:00
Stefan Hajnoczi
058f8f16db block: add BLOCK_O_CHECK for qemu-img check
Image formats with a dirty bit, like qed and qcow2, repair dirty image
files upon open with BDRV_O_RDWR.  Performing automatic repair when
qemu-img check runs is not ideal because the bdrv_open() call repairs
the image before the actual bdrv_check() call from qemu-img.c.

Fix this "double repair" since it leads to confusing output from
qemu-img check.  Tell the block driver that this image is being opened
just for bdrv_check().  This skips automatic repair and qemu-img.c can
invoke it manually with bdrv_check().

Update the golden output for qemu-iotests 039 to reflect the new
qemu-img check output.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-08-10 10:25:12 +02:00
Stefan Hajnoczi
acbe59829e qcow2: mark image clean after repair succeeds
The dirty bit is cleared after image repair succeeds in qcow2_open().
Move this into qcow2_check() so that all callers benefit from this
behavior when fix mode is enabled.

This is necessary so qemu-img check can call .bdrv_check() and mark the
image clean.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-08-10 10:25:12 +02:00
Stefan Hajnoczi
b10170aca0 qed: mark image clean after repair succeeds
The dirty bit is cleared after image repair succeeds in qed_open().
Move this into qed_check() so that all callers benefit from this
behavior when fix=true.

This is necessary so qemu-img check can call .bdrv_check() and mark the
image clean.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-08-10 10:25:12 +02:00
Paolo Bonzini
1f212b9d3e blockdev: flip default cache mode from writethrough to writeback
Now all major device models (IDE, SCSI, virtio) can choose between
writethrough and writeback at run-time, and virtio will even revert
to writethrough if the guest is not capable of sending flushes.  So
we can change the default to writeback at last.

Tested, for lack of a better idea, with a breakpoint on bdrv_open
and all cache choices one by one.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-08-10 10:25:12 +02:00
Paolo Bonzini
9315cbfd8d virtio-blk: disable write cache if not negotiated
If the guest does not support flushes, we should run in writethrough mode.
The setting is temporary until the next reset, so that for example the
BIOS will run in writethrough mode while Linux will run with a writeback
cache.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-08-10 10:25:12 +02:00
Paolo Bonzini
13e3dce068 virtio-blk: support VIRTIO_BLK_F_CONFIG_WCE
Also rename VIRTIO_BLK_F_WCACHE to VIRTIO_BLK_F_WCE for consistency with
the spec.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-08-10 10:25:12 +02:00
Kevin Wolf
353a41be05 qemu-iotests: Save some sed processes
Instead of building a huge pipeline, just pass all expressions to a
single sed process.

Suggested-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2012-08-10 10:25:12 +02:00
Jason Baron
ea8d82a1ed ahci: Fix sglist memleak in ahci_dma_rw_buf()
I noticed that in hw/ide/ahci:ahci_dma_rw_buf() we do not free the sglist. Thus,
I've added a call to qemu_sglist_destroy() to fix this memory leak.

In addition, I've adeed a call in qemu_sglist_destroy() to 0 all of the sglist
fields, in case there is some other codepath that tries to free the sglist.

Signed-off-by: Jason Baron <jbaron@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-08-10 10:25:12 +02:00
Jason Baron
61f52e06f0 ahci: Fix ahci cdrom read corruptions for reads > 128k
While testing q35, which has its cdrom attached to the ahci controller, I found
that the Fedora 17 install would panic on boot. The panic occurs while
squashfs is trying to read from the cdrom. The errors are:

[    8.622711] SQUASHFS error: xz_dec_run error, data probably corrupt
[    8.625180] SQUASHFS error: squashfs_read_data failed to read block
0x20be48a

I was also able to produce corrupt data reads using an installed piix based
qemu machine, using 'dd'. I found that the corruptions were only occuring when
then read size was greater than 128k. For example, the following command
results in corrupted reads:

dd if=/dev/sr0 of=/tmp/blah bs=256k iflag=direct

The > 128k size reads exercise a different code path than 128k and below. In
ide_atapi_cmd_read_dma_cb() s->io_buffer_size is capped at 128k. Thus,
ide_atapi_cmd_read_dma_cb() is called a second time when the read is > 128k.
However, ahci_dma_rw_buf() restart the read from offset 0, instead of at 128k.
Thus, resulting in a corrupted read.

To fix this, I've introduced 'io_buffer_offset' field in IDEState to keep
track of the offset. I've also modified ahci_populate_sglist() to take a new
3rd offset argument, so that the sglist is property initialized.

I've tested this patch using 'dd' testing, and Fedora 17 now correctly boots
and installs on q35 with the cdrom ahci controller.

Signed-off-by: Jason Baron <jbaron@redhat.com>
Tested-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-08-10 10:25:12 +02:00
Avi Kivity
730a9c53b4 virtio-blk: fix use-after-free while handling scsi commands
The scsi passthrough handler falls through after completing a
request into the failure path, resulting in a use after free.

Reproducible by running a guest with aio=native on a block device.

Reported-by: Stefan Priebe <s.priebe@profihost.ag>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-08-10 10:25:11 +02:00