Commit Graph

24732 Commits

Author SHA1 Message Date
Evgeny Voevodin
5e5f07e08f TCG: Move translation block variables to new context inside tcg_ctx: tb_ctx
It's worth to clean-up translation blocks variables and move them
into one context as was suggested by Swirl.
Also if we use this context directly inside tcg_ctx, then it
speeds up code generation a bit.

Signed-off-by: Evgeny Voevodin <evgenyvoevodin@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2013-02-16 10:41:16 +00:00
Evgeny Voevodin
0b0d3320db TCG: Final globals clean-up
Signed-off-by: Evgeny Voevodin <evgenyvoevodin@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2013-02-16 10:40:56 +00:00
Anthony Liguori
2742f56d13 Open up 1.5 development tree
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-15 17:40:56 -06:00
Anthony Liguori
03e94e39ce Update VERSION for release
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-15 16:15:40 -06:00
Anthony Liguori
571f65ec20 Update VERSION of release
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-14 08:58:49 -06:00
Alexander Graf
71652365c5 Revert "Update OpenBIOS images"
This reverts commit 10442558ab.

With the updated OpenBIOS image, -M g3beige fails to boot quik.

Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-id: 1360796292-27078-1-git-send-email-agraf@suse.de
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-14 08:58:30 -06:00
Peter Crosthwaite
9893c80d81 cadance_uart: Accept input after rx FIFO pop
The device returns false from the can receive function when the FIFO is
full. This means the device should check for buffered input whenever a byte is
popped from the FIFO.

Reported-by: Jason Wu <huanyu@xilinx.com>
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 1360632571-25638-1-git-send-email-peter.crosthwaite@xilinx.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-13 11:57:58 -06:00
Stefan Hajnoczi
8a8f584008 block/curl: only restrict protocols with libcurl>=7.19.4
The curl_easy_setopt(state->curl, CURLOPT_PROTOCOLS, ...) interface was
introduced in libcurl 7.19.4.  Therefore we cannot protect against
CVE-2013-0249 when linking against an older libcurl.

This fixes the build failure introduced by
fb6d1bbd24.

Reported-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Tested-by: Andreas Färber <andreas.faeber@web.de>
Message-id: 1360743934-8337-1-git-send-email-stefanha@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-13 11:57:35 -06:00
Markus Armbruster
d36b2b904e qapi: Flatten away ChardevPort
Simplifies the schema and the code.

QMP command

    { "execute" : "chardev-add",
      "arguments" : { "id" : "ser0",
                      "backend" : { "type" : "port",
                                    "data" : { "type": "serial",
                                               "device":"/dev/ttyS0"} } } }

becomes

    { "execute" : "chardev-add",
      "arguments" : { "id" : "ser0",
                      "backend" : { "type" : "serial",
                                    "data" : { "device":"/dev/ttyS0"} } } }

Bonus: nicer error messages.  "unknown chardev port (1)" becomes
"character device backend type 'parallel' not supported".

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Message-id: 1360767256-610-3-git-send-email-armbru@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-13 11:57:32 -06:00
Markus Armbruster
d037d6bbbc chardev: Fix manual page and qemu-doc for -chardev tty
Broken in commit d59044ef.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Message-id: 1360767256-610-2-git-send-email-armbru@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-13 11:57:32 -06:00
Andreas Färber
cc2a90432d net: Avoid NULL function pointer dereference on cleanup
The pSeries machine and some other devices don't supply a cleanup
callback. Revert part of 1ceef9f273 that
started calling it unconditionally.

Cc: Jason Wang <jasowang@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Message-id: 1360707366-9271-1-git-send-email-afaerber@suse.de
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-13 11:57:25 -06:00
Cornelia Huck
91b0a8f334 s390: Fix handling of iscs.
There are two ways to express an interruption subclass:
- As a bitmask, as used in cr6.
- As a number, as used in the I/O interruption word.

Unfortunately, we have treated to I/O interruption word as if it
contained the bitmask as well, which went unnoticed so far as
- (queued-for-next) kvm made the same mistake, and
- Linux guest kernels don't check the isc value in the I/O interruption
  word for subchannel interrupts.

Make sure that we treat the I/O interruption word correctly.

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2013-02-13 11:56:02 -06:00
Cornelia Huck
bd9a8d852c s390: Keep I/O interrupts enabled for all iscs.
do_io_interrupt() would stop scanning further iscs if it found
an I/O interrupt it could inject. This might cause the pending
interrupt indication for I/O interrupts to be reset although there
might be queued I/O interrupts for subsequent iscs.

Fix this by reordering the logic: Inject the I/O interrupt immediately
and continue searching all iscs for queued interrupts.

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2013-02-13 11:56:02 -06:00
Christian Borntraeger
760794f784 s390/sclpconsole: prevent char layer callback during initialization
Starting a qemu with an sclp console and pressing a key very early
can result in
"qemu-system-s390x: hw/s390x/sclpconsole.c:60: receive_from_chr_layer:
Assertion `scon->iov' failed."

Lets make sure that the init process is finished, since the iov is
allocated after CHR_EVENT_OPENED by also checking for scon->iov.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2013-02-13 11:56:02 -06:00
Peter Crosthwaite
7ce4106c21 xilinx.h: s/xilinx_axiethernetdma()/xilinx_axidma()
This function has nothing to do with ethernet. Its reusable for all DMA clients.
Dropped the "ethernet" in the name accordingly.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2013-02-13 13:01:24 +01:00
Peter Crosthwaite
dada5c7e92 xilinx.h: Dont qdev_create from ethernet_create()
Pulled the qdev_create functionality out of xilinx_axiethernet_create() and
pushed it up to the petalogix_ml605_mmu machine model. This makes the ethernet
create+init process consistent with the AXI DMA. Renamed function to
xilinx_axiethernet_init accordingly.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2013-02-13 13:01:24 +01:00
Anthony Liguori
0231ed4f22 Merge remote-tracking branch 'stefanha/block' into staging
* stefanha/block:
  Revert "block/vpc: Fix size calculation"
  block/raw-posix: detect readonly Linux block devices using BLKROGET
2013-02-12 16:26:52 -06:00
Stefan Hajnoczi
6aaa9dae80 block-migration: fix pending() and iterate() return values
The return value of .save_live_pending() is the number of bytes
remaining.  This is just an estimate because we do not know how many
blocks will be dirtied by the running guest.

Currently our return value for .save_live_pending() is wrong because it
includes dirty blocks but not in-flight bdrv_aio_readv() requests or
unsent blocks.  Crucially, it also doesn't include the bulk phase where
the entire device is transferred - therefore we risk completing block
migration before all blocks have been transferred!

The return value of .save_live_iterate() is the number of bytes
transferred this iteration.  Currently we return whether there are bytes
remaining, which is incorrect.

Move the bytes remaining calculation into .save_live_pending() and
really return the number of bytes transferred this iteration in
.save_live_iterate().

Also fix the %ld format specifier which was used for a uint64_t
argument.  PRIu64 must be use to avoid warnings on 32-bit hosts.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Message-id: 1360661835-28663-3-git-send-email-stefanha@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-12 16:26:44 -06:00
Stefan Hajnoczi
ad55ab42d4 migration: make qemu_ftell() public and support writable files
Migration .save_live_iterate() functions return the number of bytes
transferred.  The easiest way of doing this is by calling qemu_ftell(f)
at the beginning and end of the function to calculate the difference.

Make qemu_ftell() public so that block-migration will be able to use it.
Also adjust the ftell calculation for writable files where buf_offset
does not include buf_size.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Message-id: 1360661835-28663-2-git-send-email-stefanha@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-12 16:26:44 -06:00
Stefan Hajnoczi
4a0e6714b0 trace: deal with deprecated glib thread functions
g_thread_create() was deprecated in favor of g_thread_new() and
g_cond_new() was deprecated in favor of GCond initialization.  If the
host has glib 2.31 or newer, avoid using the deprecated functions.

This patch solves compiler warnings that are generated when glib's
deprecated functions are used.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1360676045-9204-3-git-send-email-stefanha@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-12 16:26:44 -06:00
Stefan Hajnoczi
30d940875d trace: use glib atomic int types
Juan reported that RHEL 6.4 hosts give compiler warnings because we use
unsigned int while glib prototypes use volatile gint in trace/simple.c.

  trace/simple.c:223: error: pointer targets in passing argument 1 of 'g_atomic_int_compare_and_exchange' differ in signedness

These variables are only accessed with glib atomic int functions so
let's play it by the book and use volatile gint.

Reported-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1360676045-9204-2-git-send-email-stefanha@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-12 16:26:43 -06:00
Stefan Hajnoczi
33ccf6675f Revert "block/vpc: Fix size calculation"
This reverts commit f880defbb0.

Jeff Cody's testing revealed that the interpretation of size differs
even between VirtualPC and HyperV.  Revert this so there is time to
consider the impact of any backwards incompatible behavior this change
creates.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-02-12 12:25:15 +01:00
Stefan Hajnoczi
da888d37b0 block/raw-posix: detect readonly Linux block devices using BLKROGET
Linux block devices can be set read-only with "blockdev --setro
<device>".  The same thing can be done for LVM volumes using "lvchange
--permission r <volume>".  This read-only setting is independent of
device node permissions.  Therefore the device can still be opened
O_RDWR but actual writes will fail.

This results in odd behavior for QEMU.  bdrv_open() is supposed to fail
if a read-only image is being opened with BDRV_O_RDWR.  By not failing
for Linux block devices, the guest boots up but every write produces an
I/O error.

This patch checks whether the block device is read-only so that Linux
block devices behave like regular files.

Reported-by: Sibiao Luo <sluo@redhat.com>
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2013-02-12 12:22:49 +01:00
Kuo-Jung Su
03ec2f8308 hw/m25p80.c: add WRSR(0x01) support
Atmel, SST and Intel/Numonyx serial flash tend to power up
with the software protection bits set.
And thus the new m25p80.c in linux kernel would always tries
to use WREN(0x06) + WRSR(0x01) to turn-off the protection.

The WEL(0x02) of status register is supposed to be cleared after
WRSR(0x01). There are also some drivers (i.e mine for RTOSes)
would check the WEL(0x02) in status register to make sure the
protection is correctly turned off.

Signed-off-by: Kuo-Jung Su <dantesu@faraday-tech.com>
Cc: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2013-02-12 10:03:27 +01:00
Markus Armbruster
58fa432522 qapi: Improve chardev-add documentation
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1360602348-4727-1-git-send-email-armbru@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-11 13:22:52 -06:00
Stefan Hajnoczi
d7cd369402 migration: restrict scope of incoming fd read handler
The incoming migration is processed in a coroutine and uses an fd read
handler to enter the yielded coroutine when data becomes available.

The read handler was set too broadly, so that spurious coroutine entries
were be triggered if other coroutine users yielded (like the block
layer's bdrv_write() function).

Install the fd read only only when yielding for more data to become
available.  This prevents spurious coroutine entries which break code
that assumes only a specific set of places can re-enter the coroutine.

This patch fixes crashes in block/raw-posix.c that are triggered with
"migrate -b" when qiov becomes a dangling pointer due to a spurious
coroutine entry that frees qiov early.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1360598505-5512-1-git-send-email-stefanha@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-11 13:22:52 -06:00
Andreas Färber
d0bce760e0 libi2c-omap: Fix endianness dependency
The libqos driver for omap_i2c currently does not work on Big Endian.
Introduce helpers for reading from and writing to 16-bit armel registers.

This fixes tmp105-test failures on ppc.

To prepare for a QTest-level endianness solution, poison mem{read,write}
and always use the helpers. Adopt the expected signatures.
To avoid an unused variable warning, assert the STAT Single Byte Data
bit but, due to it not getting cleared, only it being set when len == 1.

Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Message-id: 1360600914-5448-3-git-send-email-afaerber@suse.de
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-11 13:22:48 -06:00
Andreas Färber
5dd6be069b qtest: Use strtoull() for uint64_t
On 32-bit hosts, unsigned long may be uint32_t and uint64_t may be
unsigned long long. Account for this by always using strtoull().
We were already using strtoll() for int64_t.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Message-id: 1360600914-5448-2-git-send-email-afaerber@suse.de
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-11 13:22:39 -06:00
Andreas Färber
84eac31707 libqtest: Fix documentation copy&paste errors
The [qtest_]in[bwl]() functions/macros don't have a value argument.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Message-id: 1360604139-16797-1-git-send-email-afaerber@suse.de
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-11 13:22:33 -06:00
Stefan Weil
f880defbb0 block/vpc: Fix size calculation
The size calculated from the CHS values is not the real image (disk) size,
but usually a smaller value. This is caused by rounding effects.

Only older operating systems use CHS. Such guests won't be able to use
the whole disk. All modern operating systems use the real size.

This patch fixes https://bugs.launchpad.net/qemu/+bug/1105670/.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Message-id: 1360265212-22037-1-git-send-email-sw@weilnetz.de
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-11 08:14:41 -06:00
Stefan Hajnoczi
2c5a7f2011 block-migration: fix block_save_iterate() return value
The .save_live_iterate() function returns 0 to continue iterating or 1
to stop iterating.

Since 16310a3cca it only ever returns 0,
leading to an infinite loop.

Return 1 if we have finished sending dirty blocks.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1360534366-26723-4-git-send-email-stefanha@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-11 08:14:05 -06:00
Stefan Hajnoczi
9ee0cb201e block-migration: fix blk_mig_save_dirty_block() return value checking
Commit 43be3a25c9 changed the
blk_mig_save_dirty_block() return code handling.  The function's doc
comment says:

  /* return value:
   * 0: too much data for max_downtime
   * 1: few enough data for max_downtime
   */

Because of the 1 return value, callers must check for ret < 0 instead of
just:

  if (ret) { ... }

We do not want to bail when 1 is returned, only on error.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1360534366-26723-3-git-send-email-stefanha@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-11 08:14:04 -06:00
Stefan Hajnoczi
d5f1f286ef block-migration: improve "Unknown flags" error message
Show the actual flags value and include "block migration" in the error
message so it's clear where the error is coming from.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1360534366-26723-2-git-send-email-stefanha@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-11 08:14:04 -06:00
Markus Armbruster
49295ebc56 vl: Exit unsuccessfully on option argument syntax error
We exit successfully after reporting syntax error for argument of
--sandbox and --add-fd.

We continue undaunted after reporting it for argument of -boot,
--option-rom and --object.

Change all five to exit unsuccessfully, like the other options.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1360354939-10994-7-git-send-email-armbru@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-11 08:13:19 -06:00
Markus Armbruster
cfdd162866 vl: Drop redundant "parse error" reports
qemu_opts_parse() reports the error already, and in a much more useful
way.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1360354939-10994-6-git-send-email-armbru@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-11 08:13:19 -06:00
Markus Armbruster
7216ae3d1a qemu-option: Disable two helpful messages that got broken recently
commit 8be7e7e4 and commit ec7b2ccb messed up the ordering of error
message and the helpful explanation that should follow it, like this:

    $ qemu-system-x86_64 --nodefaults -S --vnc :0 --chardev null,id=,
    Identifiers consist of letters, digits, '-', '.', '_', starting with a letter.
    qemu-system-x86_64: -chardev null,id=,: Parameter 'id' expects an identifier

    $ qemu-system-x86_64 --nodefaults -S --vnc :0 --machine kvm_shadow_mem=dunno
    You may use k, M, G or T suffixes for kilobytes, megabytes, gigabytes and terabytes.
    qemu-system-x86_64: -machine kvm_shadow_mem=dunno: Parameter 'kvm_shadow_mem' expects a size

Pity.  Disable them for now.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1360354939-10994-5-git-send-email-armbru@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-11 08:13:19 -06:00
Markus Armbruster
312fd5f290 error: Strip trailing '\n' from error string arguments (again)
Commit 6daf194d and be62a2eb got rid of a bunch, but they keep coming
back.  Tracked down with this Coccinelle semantic patch:

    @r@
	expression err, eno, cls, fmt;
	position p;
    @@
    (
	error_report(fmt, ...)@p
    |
	error_set(err, cls, fmt, ...)@p
    |
	error_set_errno(err, eno, cls, fmt, ...)@p
    |
	error_setg(err, fmt, ...)@p
    |
	error_setg_errno(err, eno, fmt, ...)@p
    )
    @script:python@
	fmt << r.fmt;
	p << r.p;
    @@
    if "\\n" in str(fmt):
	print "%s:%s:%s:%s" % (p[0].file, p[0].line, p[0].column, fmt)

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1360354939-10994-4-git-send-email-armbru@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-11 08:13:19 -06:00
Markus Armbruster
1a9522cc6e error: Clean up abuse of error_report() for help
Use error_printf() instead, so the help gets presented more nicely.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1360354939-10994-3-git-send-email-armbru@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-11 08:13:18 -06:00
Markus Armbruster
474c21349f error: Clean up error strings with embedded newlines
The arguments of error_report() should yield a short error string
without newlines.

A few places try to print additional help after the error message by
embedding newlines in the error string.  That's nice, but let's do it
the right way.

Since I'm touching these lines anyway, drop a stray preposition and
some tabs.  We don't use tabs for similar messages elsewhere.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1360354939-10994-2-git-send-email-armbru@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-11 08:13:18 -06:00
Anthony Liguori
2da2e52dce Merge remote-tracking branch 'luiz/queue/qmp' into staging
# By Peter Maydell
# Via Luiz Capitulino
* luiz/queue/qmp:
  tests/test-string-input-visitor: Handle errors provoked by fuzz test
2013-02-11 08:10:39 -06:00
Blue Swirl
10442558ab Update OpenBIOS images
Update OpenBIOS images to SVN r1097 built from submodule.

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2013-02-09 13:39:45 +00:00
Liming Wang
70ef6a5b71 xilinx_zynq: Fix wrong IRQ number of the second EHCI controller
The IRQ number of the second EHCI controller should be 76, not 75.

Signed-off-by: Liming Wang <walimisdev@gmail.com>
Tested-by: Peter Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-08 11:14:20 -06:00
Stefan Hajnoczi
fb6d1bbd24 block/curl: disable extra protocols to prevent CVE-2013-0249
There is a buffer overflow in libcurl POP3/SMTP/IMAP.  The workaround is
simple: disable extra protocols so that they cannot be exploited.  Full
details here:

  http://curl.haxx.se/docs/adv_20130206.html

QEMU only cares about HTTP, HTTPS, FTP, FTPS, and TFTP.  I have tested
that this fix prevents the exploit on my host with
libcurl-7.27.0-5.fc18.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-08 11:14:20 -06:00
Paolo Bonzini
0eb256a217 qemu-nbd: document --cache and --aio options
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-08 11:14:19 -06:00
Jesse Larrew
32ab06bcf1 hw/virtio-net: disable multiqueue by default
The new multiqueue feature adds fields to the virtio device config, which
breaks Windows guests. Disable the feature by default until the Windows
drivers are fixed.

Signed-off-by: Jesse Larrew <jlarrew@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-08 11:14:19 -06:00
Jesse Larrew
14f9b664b3 hw/virtio-net.c: set config size using host features
Currently, the config size for virtio devices is hard coded. When a new
feature is added that changes the config size, drivers that assume a static
config size will break. For purposes of backward compatibility, there needs
to be a way to inform drivers of the config size needed to accommodate the
set of features enabled.

aliguori: merged in
 - hw/virtio-net: use existing macros to implement endof
 - hw/virtio-net: fix config_size data type

Signed-off-by: Jesse Larrew <jlarrew@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-08 11:13:44 -06:00
Anthony Liguori
1e89ad5b00 virtio-net: pass host features to virtio_net_init
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-08 07:37:24 -06:00
Michael Roth
b890492110 net: fix infinite loop on exit
1ceef9f273 added handling for cleaning
up multiple queues in qemu_del_nic() for cases where multiqueue is in
use. To determine the number of queues it looks at nic->conf->queues,
then iterates through all the queues to cleanup the associated
NetClientStates. If no queues are found, no NetClientStates are deleted.

However, nic->conf->queues is only set when a peer is created via
-netdev or netdev_add, and is otherwise 0. This causes us to spin in
net_cleanup() if we attempt to shut down qemu before adding a host
device.

Since qemu_new_nic() unconditionally creates at least 1
queue/NetClientState at queue idx 0, make qemu_del_nic() always attempt
to clean it up.

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-07 13:13:39 -06:00
Peter Maydell
0184543814 tests/test-string-input-visitor: Handle errors provoked by fuzz test
It's OK and expected for visitors to return errors when presented with
the fuzz test's random data. Since the fuzzer doesn't care about
errors, we pass in NULL rather than an Error**. This fixes a bug in
the fuzzer where it was passing the same Error** into each visitor,
with the effect that once one visitor returned an error, each later
visitor would notice that it had been passed in an Error** representing
an already set error, and do nothing.

For the case of visit_type_str() we also need to handle the case where
an error means that the visitor doesn't set our char*. We initialize
the pointer to NULL so we can safely g_free() it regardless of whether
the visitor allocated a string for us or not.

This fixes a problem where this test failed the MacOSX malloc()
consistency checks and might segfault on other platforms [due
to calling free() on an uninitialized pointer variable when
visit_type_str() failed.].

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2013-02-07 13:22:50 -02:00
Anthony Liguori
ecd8d4715e Update version for release
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-06 18:33:47 -06:00