Commit Graph

21589 Commits

Author SHA1 Message Date
Matthew Ogilvie
5c73b757e3 target-i386/translate.c: mov to/from crN/drN: ignore mod bits
> This instruction is always treated as a register-to-register (MOD = 11)
> instruction, regardless of the encoding of the MOD field in the MODR/M
> byte.

Also, Microport UNIX System V/386 v 2.1 (ca 1987) runs fine on
real Intel 386 and 486 CPU's (at least), but does not run in qemu without
this patch.

Signed-off-by: Matthew Ogilvie <mmogilvi_qemu@miniinfo.net>
Signed-off-by: malc <av1474@comtv.ru>
2012-08-24 07:44:37 +04:00
Matthew Ogilvie
145c7c880f fix some debug printf format strings
These are normally ifdefed out and don't matter.  But if you enable
them, they ought to be correct.

Signed-off-by: Matthew Ogilvie <mmogilvi_qemu@miniinfo.net>
Signed-off-by: malc <av1474@comtv.ru>
2012-08-24 07:44:37 +04:00
Paolo Bonzini
98609cd8fc ivshmem: fix memory_region_del_eventfd assertion failure
We do not register ioeventfds unless the IVSHMEM_IOEVENTFD feature
is set.  The same feature must be checked before releasing the eventfds.
Regression introduced by commit 563027c (ivshmem: use EventNotifier and
memory API, 2012-07-05).

Reported-by: Cam Macdonnell <cam@cs.ualberta.ca>
Tested-by: Cam Macdonnell <cam@cs.ualberta.ca>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-23 20:19:59 -05:00
Paolo Bonzini
da5a44e8b0 qom: object_delete should unparent the object first
object_deinit is only called when the reference count goes to zero,
and yet tries to do an object_unparent.  Now, object_unparent
either does nothing or it will decrease the reference count.
Because we know the reference count is zero, the object_unparent
call in object_deinit is useless.

Instead, we need to disconnect the object from its parent just
before we remove the last reference apart from the parent's.  This
happens in object_delete.  Once we do this, all calls to
object_unparent peppered through QEMU can go away.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-23 20:19:59 -05:00
Anthony Liguori
26efaca377 monitor: don't try to initialize json parser when monitor is HMP
Reported-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-23 20:19:59 -05:00
Stefan Weil
6fc97fafce target-mips: Fix some helper functions (VR54xx multiplication)
Commits b5dc7732e1 and
be24bb4f30 optimized the code
and removed the correct setting of t0. Fix this.

gcc-4.7 detected this bug because parameter arg1 was unused
but set in set_HIT0_LO and set_HI_LOT0.

Cc: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2012-08-24 01:03:26 +02:00
Meador Inge
94159135cb target-mips: Enable access to required RDHWR hardware registers
While running in the usermode emulator all of the required*
MIPS32r2 RDHWR hardware registers should be accessible (the
Linux kernel enables access to these same registers).  Note
that these registers are still enabled when the MIPS ISA is
not release 2.  This is OK since the Linux kernel emulates
access to them when they are not available in hardware.

* There is also the ULR register which is only recommended
  for full release 2 compliance.  Incidentally, accessing
  this register in the current implementation works fine
  without flipping its access bit.

Signed-off-by: Meador Inge <meadori@codesourcery.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2012-08-23 17:21:05 +02:00
Anthony Liguori
58617a795c monitor: move json init from OPEN event to init
At some point in the past, the OPEN event was changed to be issued from a
bottom half.  This creates a small window whereas a data callback registered in
init may be invoked before the OPEN event has been issued.

This is reproducible with:

 echo "{'execute': 'qmp_capabilities'}" | qemu-system-x86_64 -M none -qmp stdio

We can fix this for the monitor by moving the parser initialization to init.

The remaining state that is set in OPEN appears harmless.

Reported-by: Daniel Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-23 08:03:21 -05:00
Anthony Liguori
b4a738bf93 boards: add a 'none' machine type to all platforms
This allows any QEMU binary to be executed with:

  $QEMU_BINARY -M none -qmp stdio

Without errors from missing options that are required by various boards.  This
also provides a mode that we can use in the future to construct machines
entirely through QMP commands.

Cc: Daniel Berrange <berrange@redhat.com>
Cc: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-22 16:29:41 -05:00
Anthony Liguori
af506c7036 Update version for 1.2.0-rc1 release
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-22 15:45:05 -05:00
Anthony Liguori
86759aa89d Merge remote-tracking branch 'qmp/queue/qmp' into staging
* qmp/queue/qmp:
  migration: move total_time from ram stats to migration info
  monitor: avoid declaring unused variables
  qapi: Fix memory leak
2012-08-22 13:33:15 -05:00
Anthony Liguori
b100fcfe49 Merge remote-tracking branch 'sstabellini/xen-fixes-20120822' into staging
* sstabellini/xen-fixes-20120822:
  xen-all.c: fix multiply issue for int and uint types
  Fix invalidate if memory requested was not bucket aligned
2012-08-22 13:31:39 -05:00
Anthony Liguori
a9b670b139 Merge remote-tracking branch 'bonzini/scsi-next' into staging
* bonzini/scsi-next:
  virtio-scsi: add backwards-compatibility properties for 1.1 and earlier machines
  iscsi: fix races between task completion and abort
  iscsi: simplify iscsi_schedule_bh
  iscsi: move iscsi_schedule_bh and iscsi_readv_writev_bh_cb
  Revert "iscsi: Fix NULL dereferences / races between task completion and abort"
2012-08-22 13:31:17 -05:00
Anthony Liguori
7b2f89c435 Merge remote-tracking branch 'kwolf/for-anthony' into staging
* kwolf/for-anthony:
  virtio-blk: hide VIRTIO_BLK_F_CONFIG_WCE from old machine types
  Documentation: Warn against qemu-img on active image
  vmdk: Read footer for streamOptimized images
  vmdk: Fix header structure

Conflicts:
	hw/virtio-blk.c
2012-08-22 13:01:05 -05:00
Anthony Liguori
b6825cd79c Merge remote-tracking branch 'kraxel/usb.59' into staging
* kraxel/usb.59:
  ehci: Fix setting of halt bit from usbcmd register updates
  ehci: fix Interrupt Threshold Control implementation
  usb: update uas product id
  usb: async control xfer fixup
2012-08-22 12:53:18 -05:00
Daniel P. Berrange
99afc91d6c qapi: add 'query-target' command to return target arch
Add a 'query-target' QAPI command to allow management applications
to determine what target architecture a QEMU binary is emulating
without having to parse the binary name or -help output

  $ qmp-shell -p /tmp/qemu
  (QEMU) query-target
  {   u'return': {   u'arch': u'x86_64' }}

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-22 10:47:17 -05:00
Andreas Färber
67c332fd12 pci: Tidy up PCI host bridges
Adopt the QOM parent field name and enforce QOM-style access via casts.
Don't just typedef PCIHostState, either use it directly or embed it.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-22 10:47:17 -05:00
Andreas Färber
8558d942b6 pci: Derive PCI host bridges from TYPE_PCI_HOST_BRIDGE
Use PCIHostState and PCI_HOST_BRIDGE() where appropriate.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-22 10:47:17 -05:00
Andreas Färber
b44ff9d430 pci_host: Turn into SysBus-derived QOM type
The preceding commits fixed misuses of FROM_SYSBUS() that led people to
add a bogus busdev field. For qdev the field order was less relevant but
for QOM the PCIHostState field (including the SysBusDevice actually
initialized with a value) must be placed first within the state struct.

To facilitate accessing the PCIHostState fields, derive all PCI host
bridges from TYPE_PCI_HOST_BRIDGE rather than TYPE_SYS_BUS_DEVICE.

We can now access PCIHostState QOM-style, with PCI_HOST_BRIDGE() macro.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Wanpeng Li <liwanp@linux.vnet.ibm.com>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-22 10:47:17 -05:00
Andreas Färber
57fd7b7fce unin_pci: QOM'ify UniNorth PCI host bridges
Introduce type constants and cast macros.
Avoid accessing parent fields directly.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-22 10:47:17 -05:00
Andreas Färber
8c9f64df3d spapr_pci: QOM'ify sPAPR PCI host bridge
Introduce type constant. Introduce cast macro to drop bogus busdev field
that would've broken SYS_BUS_DEVICE(). Avoid accessing parent fields
directly.

Free the identifier phb as acronym for PCI_HOST_BRIDGE.

Updated against conflicting merge from branch 'agraf/ppc-for-upstream'
(0d16fdd732), which removed busdev field
differently, moved some code around and added new occurrences of 'phb'.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-22 10:47:17 -05:00
Andreas Färber
03a6b66770 prep_pci: QOM'ify Raven PCI host bridge
Introduce type constant and cast macro. Avoid accessing parent fields
directly.

Also add missing space and braces.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-22 10:47:17 -05:00
Andreas Färber
9c1a61f0e5 ppce500_pci: QOM'ify e500 PCI host bridge
Introduce type constant and cast macro. Avoid accessing parent fields
directly.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-22 10:47:16 -05:00
Andreas Färber
42c281a283 ppc4xx_pci: QOM'ify ppc4xx PCI host bridge
Introduce type constant and cast macro. Avoid accessing its parent field
directly.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-22 10:47:16 -05:00
Andreas Färber
8d43d7e591 gt64xxx: QOM'ify GT64120 PCI host bridge
Introduce type constant. Introduce cast macro to drop dummy busdev field
used with FROM_SYSBUS() macro that would've broken SYS_BUS_DEVICE().
Avoid accessing DeviceState indirectly through PCIHostState.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-22 10:47:16 -05:00
Andreas Färber
0e655047c5 grackle_pci: QOM'ify Grackle PCI host bridge
Introduce type constant. Introduce cast macro to drop dummy busdev field
used with FROM_SYSBUS() that would've broken SYS_BUS_DEVICE().
Avoid accessing parent fields directly.

Drop no-op reset function.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-22 10:47:16 -05:00
Andreas Färber
ab61536737 dec_pci: QOM'ify DEC 21154 PCI-PCI bridge
Introduce type constant. Introduce cast macro and drop dummy busdev
field used with FROM_SYSBUS() that would've broken SYS_BUS_DEVICE().
Avoid accessing parent fields directly.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-22 10:47:15 -05:00
Andreas Färber
c5589ee974 bonito: QOM'ify Bonito PCI host bridge
Introduce type constant. Avoid accessing DeviceState or SysBusDevice
indirectly through PCIHostState field.

Drop global state by passing BonitoState as opaque and adding the IRQs
and a pointer to PCIBonitoState to its state.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-22 10:47:15 -05:00
Andreas Färber
94dd91d651 alpha_typhoon: QOM'ify Typhoon PCI host bridge
Introduce type constant and cast macro. Don't access DeviceState
or PCIHostState indirectly through parent fields.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-22 10:47:15 -05:00
Andreas Färber
4240abff5a pci: Make host bridge TypeInfos const
During the QOM migration they were amended with further info but this is
no longer the case. All static TypeInfos can be const these days.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-22 10:47:15 -05:00
Stefan Hajnoczi
ea776abca6 virtio-blk: hide VIRTIO_BLK_F_CONFIG_WCE from old machine types
QEMU has a policy of keeping a stable guest device ABI.  When new guest device
features are introduced they must not change hardware info seen by existing
guests.  This is important because operating systems or applications may
"fingerprint" the hardware and refuse to run when the hardware changes.  To
always get the latest guest device ABI, run with x86 machine type "pc".

This patch hides the new VIRTIO_BLK_F_CONFIG_WCE virtio feature bit from
existing machine types.  Only pc-1.2 and later will expose this feature
by default.

For more info on the VIRTIO_BLK_F_CONFIG_WCE feature bit, see:

  commit 13e3dce068
  Author: Paolo Bonzini <pbonzini@redhat.com>
  Date:   Thu Aug 9 16:07:19 2012 +0200

      virtio-blk: support VIRTIO_BLK_F_CONFIG_WCE

      Also rename VIRTIO_BLK_F_WCACHE to VIRTIO_BLK_F_WCE for consistency with
      the spec.

      Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
      Signed-off-by: Kevin Wolf <kwolf@redhat.com>

Anthony Liguori <aliguori@us.ibm.com> reported:

  This broke qemu-test because it changed the pc-1.0 machine type:

  Setting guest RANDOM seed to 47167
  *** Running tests ***
  Running test /tests/finger-print.sh...		OK
  --- fingerprints/pc-1.0.x86_64	2011-12-18 13:08:40.000000000 -0600
  +++ fingerprint.txt	2012-08-12 13:30:48.000000000 -0500
  @@ -55,7 +55,7 @@
   /sys/bus/pci/devices/0000:00:06.0/subsystem_device=0x0002
   /sys/bus/pci/devices/0000:00:06.0/class=0x010000
   /sys/bus/pci/devices/0000:00:06.0/revision=0x00
  -/sys/bus/pci/devices/0000:00:06.0/virtio/host-features=0x710006d4
  +/sys/bus/pci/devices/0000:00:06.0/virtio/host-features=0x71000ed4
   /sys/class/dmi/id/bios_vendor=Bochs
   /sys/class/dmi/id/bios_date=01/01/2007
   /sys/class/dmi/id/bios_version=Bochs
  Guest fingerprint changed for pc-1.0!

Reported-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-22 10:47:14 -05:00
Jim Meyering
15d9e3bc6a softmmu-semi: fix lock_user* functions not to deref NULL upon OOM
Return NULL upon malloc failure.

Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-22 10:47:14 -05:00
Jim Meyering
396bef4b38 arm-semi: don't leak 1KB user string lock buffer upon TARGET_SYS_OPEN
Always call unlock_user before returning.

Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-22 10:47:14 -05:00
Jim Meyering
a7e47d4bfc sheepdog: don't leak socket file descriptor upon connection failure
Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-22 10:47:14 -05:00
Jim Meyering
0d07fe47d4 linux-user: do_msgrcv: don't leak host_mb upon TARGET_EFAULT failure
Also, use g_malloc to avoid NULL-deref upon OOM.

Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-22 10:47:14 -05:00
Jim Meyering
4144f122b4 qemu-ga: don't leak a file descriptor upon failed lockf
Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-22 10:47:14 -05:00
Dongxiao Xu
14d4018372 xen-all.c: fix multiply issue for int and uint types
If the two multiply operands are int and uint types separately,
the int type will be transformed to uint firstly, which is not the
intent in our code piece. The fix is to add (int64_t) transform
for the uint type before the multiply.

Signed-off-by: Dongxiao Xu <dongxiao.xu@intel.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2012-08-22 10:17:43 +00:00
Frediano Ziglio
27b7652ef5 Fix invalidate if memory requested was not bucket aligned
When memory is mapped in qemu_map_cache with lock != 0 a reverse mapping
is created pointing to the virtual address of location requested.
The cached mapped entry is saved in last_address_vaddr with the memory
location of the base virtual address (without bucket offset).
However when this entry is invalidated the virtual address saved in the
reverse mapping is used. This cause that the mapping is freed but the
last_address_vaddr is not reset.

Signed-off-by: Frediano Ziglio <frediano.ziglio@citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2012-08-22 10:17:04 +00:00
Jan Kiszka
0ec64507a5 i82378: Remove bogus MMIO coalescing
This MMIO area is an entry gate to legacy PC ISA devices, addressed via
PIO over there. Quite a few of the PIO ports have side effects on access
like starting/stopping timers that must be executed properly ordered
/wrt the CPU. So we have to remove the coalescing mark.

Acked-by: Hervé Poussineau <hpoussin@reactos.org>
Acked-by: Andreas Färber <andreas.faerber@web.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-21 15:18:24 -05:00
Alexey Kardashevskiy
55ce75faf2 eventfd: making it thread safe
QEMU uses IO handlers to run select() in the main loop.
The handlers list is managed by qemu_set_fd_handler() helper
which works fine when called from the main thread as it is
called when select() is not waiting.

However IO handlers list can be changed in the thread other than
the main one doing os_host_main_loop_wait(), for example, as a result
of a hypercall which changes PCI config space (VFIO on POWER is the case)
and enables/disabled MSI/MSIX which closes/creates eventfd handles.
As the main loop should be waiting on the newly created eventfds,
it has to be restarted.

The patch adds the qemu_notify_event() call to interrupt select()
to make main_loop() restart select() with the updated IO handlers
list.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-21 15:16:29 -05:00
Juan Quintela
7aa939af39 migration: move total_time from ram stats to migration info
Signed-off-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2012-08-21 15:06:24 -03:00
Blue Swirl
b2dc64c391 monitor: avoid declaring unused variables
Some variables are only used on !win32, declare
them only when used.

This avoids a warning in mingw32 build:
  CC    i386-softmmu/monitor.o
/src/qemu/monitor.c: In function 'monitor_fdset_get_fd':
/src/qemu/monitor.c:2575: warning: unused variable 'mon_fd_flags'
/src/qemu/monitor.c:2574: warning: unused variable 'mon_fdset_fd'
/src/qemu/monitor.c:2573: warning: unused variable 'mon_fdset'

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2012-08-20 14:42:49 -03:00
Stefan Weil
e36c87667a qapi: Fix memory leak
valgrind report:

==24534== 232 bytes in 2 blocks are definitely lost in loss record 1,245 of 1,601
==24534==    at 0x4824F20: malloc (vg_replace_malloc.c:236)
==24534==    by 0x293C88: malloc_and_trace (vl.c:2281)
==24534==    by 0x489AD99: ??? (in /lib/libglib-2.0.so.0.2400.1)
==24534==    by 0x489B23B: g_malloc0 (in /lib/libglib-2.0.so.0.2400.1)
==24534==    by 0x2B4EFC: opts_visitor_new (opts-visitor.c:376)
==24534==    by 0x29DEA5: net_client_init (net.c:708)
==24534==    by 0x29E6C7: net_init_client (net.c:966)
==24534==    by 0x2C2179: qemu_opts_foreach (qemu-option.c:1114)
==24534==    by 0x29E85B: net_init_clients (net.c:1008)
==24534==    by 0x296F40: main (vl.c:3463)

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2012-08-20 11:05:08 -03:00
Paolo Bonzini
07a5298c30 virtio-scsi: add backwards-compatibility properties for 1.1 and earlier machines
Hotplug and parameter change are new in 1.2, disable them via compat
properties for pc-1.1 and earlier.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-08-20 15:58:47 +02:00
Paolo Bonzini
1bd075f29e iscsi: fix races between task completion and abort
This patch fixes two main issues with block/iscsi.c:

1) iscsi_task_mgmt_abort_task_async calls iscsi_scsi_task_cancel which
was also directly called in iscsi_aio_cancel

2) a race between task completion and task abortion could happen cause
the scsi_free_scsi_task were done before iscsi_schedule_bh has finished.
To fix this, all the freeing of IscsiTasks and releasing of the AIOCBs
is centralized in iscsi_bh_cb, independent of whether the SCSI command
has completed or was cancelled.

3) iscsi_aio_cancel was not synchronously waiting for the end of the
command.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-08-20 15:58:47 +02:00
Paolo Bonzini
cfb3f5064a iscsi: simplify iscsi_schedule_bh
It is always used with the same callback, remove the argument.  And
its return value is never used, assume allocation succeeds.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-08-20 15:58:47 +02:00
Paolo Bonzini
27cbd828c6 iscsi: move iscsi_schedule_bh and iscsi_readv_writev_bh_cb
Put these functions at the beginning, to avoid forward references
in the next patches.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-08-20 15:58:47 +02:00
Paolo Bonzini
b209091957 Revert "iscsi: Fix NULL dereferences / races between task completion and abort"
This reverts commit 64e69e8092.  The commit
returned immediately from iscsi_aio_cancel, risking corruption in case the
following happens:

    guest                  qemu                 target
  =========================================================================
    send write 1 -------->
                           send write 1 -------->
    cancel write 1 ------>
                           cancel write 1 ------>
       <------------------ cancellation processed
    send write 2 -------->
                           send write 2 -------->
                               <---------------- completed write 2
       <------------------ completed write 2
                               <---------------- completed write 1
                               <---------------- cancellation not done

Here, the guest would see write 2 superseding write 1, when in fact the
outcome could have been the opposite.  The right behavior is to return
only after the target says whether the cancellation was done or not, and
it will be implemented by the next three patches.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-08-20 15:50:45 +02:00
Blue Swirl
682527c004 Update OpenBIOS images
Update OpenBIOS images to SVN r1062. Build with GCC 4.6.0
in order to avoid boot problems introduced by GCC 4.7.[01].

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-08-19 13:39:31 +00:00
Markus Armbruster
e89001f72e pc: Fix RTC CMOS info on RAM for ram_size < 1MiB
pc_cmos_init() always claims 640KiB base memory, and ram_size - 1MiB
extended memory.  The latter can underflow to "lots of extended
memory".  Fix both, and clean up some.

Note: SeaBIOS currently requires 1MiB of RAM, and doesn't check
whether it got enough.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-08-18 16:54:23 +00:00