Commit Graph

57396 Commits

Author SHA1 Message Date
Peter Maydell
508ba0f7e2 s390x changes: let pci devices start out in a usable state, and make
RISBGN work in tcg.
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJaBHPZAAoJEN7Pa5PG8C+vb4IP/ibDb1/PdlrS2/a/wpt2sRjr
 F1WBRcnk+A1sWbscQ+4D0wY5nAkHoooRbQ+UYpxEGAyVE2d9q+yZ1EbZ/U4BgC+z
 Z/j/kV4HNoYvSkzvs6lohPsAm7vlAImJGbpcx575OTjaN4SHx9uKTxz6gUF0/WFg
 EbT0ir40Xd/vhY0Ubw/vIf6xlBWWMrNew2rWiCB3cIoKNwxYdSpsw9RYmpS+kAbe
 9f0x83fsyE6ZN9bFKF1F0TrR5lKyq+LNU0zNcjo+KulcoEu2s7vOu/eZinfTbN2n
 KFLz0Y4UuWZpZF2rO8PlyZn91jdtfGF/hprcKEAsiTL/v7PNO7wcS8WtV6KmCQLc
 T9cSOegZGEHA7jsz+bicVpGntxDTbvOButbG69k14IFhqwOQbTk7wIfDK4L13yHV
 n0Bke64w3pIGJmOyhU9pirvxoPXNSt9MD41diw7qDdxPKek0nqqA01ykUeE9lSvJ
 NNH6MDfJI2SMiw4OcUEY8FfngPQSpc7FIyzMFGznkl5aO4wSwOwrtrI1CJgrnUv9
 VsIjFh0N1ipiumoQLnZR8YXpeh9QNwHbtER8sqvoy1BsvvhqmwriZ+XSQxrtW1Rh
 44FhsQoq5JuCdfHSk+CMa+7O/Se1nCU84AgtCSplT5cIEzSIbgtB1jUFV4tYOH0x
 9Y+seVZWm0cOLlQfIKFq
 =4fvh
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20171109' into staging

s390x changes: let pci devices start out in a usable state, and make
RISBGN work in tcg.

# gpg: Signature made Thu 09 Nov 2017 15:27:21 GMT
# gpg:                using RSA key 0xDECF6B93C6F02FAF
# gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>"
# gpg:                 aka "Cornelia Huck <huckc@linux.vnet.ibm.com>"
# gpg:                 aka "Cornelia Huck <cornelia.huck@de.ibm.com>"
# gpg:                 aka "Cornelia Huck <cohuck@kernel.org>"
# gpg:                 aka "Cornelia Huck <cohuck@redhat.com>"
# Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0  18CE DECF 6B93 C6F0 2FAF

* remotes/cohuck/tags/s390x-20171109:
  target/s390x: Finish implementing RISBGN
  s390x/pci: let pci devices start in configured mode

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-13 11:41:47 +00:00
Peter Maydell
6b8d0ac031 Capstone fixes for 2.11
-----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJaBAiFAAoJEGTfOOivfiFf3VAH/14ajkifffP3FhylMD9rYhEo
 O3JYLdBDC1bXaXnpHf/6v80XtLonFUK8RBW76k/fCG/iZqJlohP6cfXmgAUNIEHl
 Id7yzZ7sN9OGSMdqEKYDY5nUKKDlBnQ8dFYZJGHvwvuBliPB6eDx92FEczph6wv2
 WEjI+Z3ViavoNMQQv2PfvIgdSXMPOmXbdwIdcAX4/vn8LSzk1t+nSlmjwAtRsIFO
 UgKdj0Ov53V32ed6iSbM+vGR/rE5BXmm0vc7vN+ix40r91aQRUJUqIywzCIlrVE6
 8OWNWbbc/7ortI3auKv73K6TBBiTMvecvu0TyPk2mYUYS/el66UyWCbMvJYnmVE=
 =j6B5
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/rth/tags/pull-cap-20171109' into staging

Capstone fixes for 2.11

# gpg: Signature made Thu 09 Nov 2017 07:49:25 GMT
# gpg:                using RSA key 0x64DF38E8AF7E215F
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>"
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A  05C0 64DF 38E8 AF7E 215F

* remotes/rth/tags/pull-cap-20171109:
  Makefile: Capstone: Add support for cross compile ranlib
  disas: Dump insn bytes along with capstone disassembly

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-13 10:05:18 +00:00
Jens Freimann
bb160b571f net/socket: fix coverity issue
This fixes coverity issue CID1005339.

Make sure that saddr is not used uninitialized if the
mcast parameter is NULL.

Cc: qemu-stable@nongnu.org
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Jens Freimann <jfreimann@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2017-11-13 18:05:12 +08:00
Mike Nawrocki
5e89dc0113 Add new PCI ID for i82559a
Adds a new PCI ID for the i82559a (0x8086 0x1030) interface. The
"x-use-alt-device-id" property controls whether this new ID is to be
used, and is true by default, and set to false in a compat entry.

Signed-off-by: Mike Nawrocki <michael.nawrocki@gtri.gatech.edu>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2017-11-13 15:48:54 +08:00
Mike Nawrocki
1865e288a8 Fix eepro100 simple transmission mode
The simple transmission mode was treating the area immediately after the
transmit command block (TCB) as if it were a transmit buffer descriptor,
when in reality it is simply the packet data. This change simply copies
the data following the TCB into the packet buffer.

Signed-off-by: Mike Nawrocki <michael.nawrocki@gtri.gatech.edu>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2017-11-13 15:46:58 +08:00
Mao Zhongyi
8fa5ad6dfb colo: Consolidate the duplicate code chunk into a routine
Consolidate the code that extract the ip address(src,dst) and
port number(src,dst) of the packet into a separate routine
extract_ip_and_port() since the same chunk of code is called
from two place.

Cc: Zhang Chen <zhangckid@gmail.com>
Cc: Li Zhijian <lizhijian@cn.fujitsu.com>
Cc: Jason Wang <jasowang@redhat.com>
Signed-off-by: Mao Zhongyi <maozy.fnst@cn.fujitsu.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2017-11-13 15:46:37 +08:00
Mao Zhongyi
3463218c6c colo-compare: Fix comments
Cc: Zhang Chen <zhangckid@gmail.com>
Cc: Li Zhijian <lizhijian@cn.fujitsu.com>
Cc: Jason Wang <jasowang@redhat.com>
Signed-off-by: Mao Zhongyi <maozy.fnst@cn.fujitsu.com>
Signed-off-by: Zhang Chen <zhangckid@gmail.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2017-11-13 15:46:37 +08:00
Mao Zhongyi
8ec1440202 colo-compare: compare the packet in a specified Connection
A package from pri_indev or sec_indev only belongs to a particular
Connection, so we only need to compare the package in the specified
Connection's primary_list and secondary_list, rather than for each
the whole Connection list to compare. This is time-consuming and
unnecessary.

Less checkpoint more efficiency.

Cc: Zhang Chen <zhangckid@gmail.com>
Cc: Li Zhijian <lizhijian@cn.fujitsu.com>
Cc: Jason Wang <jasowang@redhat.com>
Signed-off-by: Mao Zhongyi <maozy.fnst@cn.fujitsu.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2017-11-13 15:46:37 +08:00
Mao Zhongyi
8850d4caa7 colo-compare: Insert packet into the suitable position of packet queue directly
Currently, a packet from pri_dev or sec_dev is fristly pushed at the
tail of the primary or secondary packet queue then sorted by the tcp
sequence number.

Now, this patch use g_queue_insert_sorted to insert the packet directly
into the suitable position to avoid ordering all packets each time when
a new packet is comming, thereby increasing efficiency.

In addition, consolidate the code that add a packet to the list of
Connection (primary or secondary) into a separate routine colo_insert_packet()
since the same chunk of code is called from two place.

Cc: Zhang Chen <zhangckid@gmail.com>
Cc: Li Zhijian <lizhijian@cn.fujitsu.com>
Cc: Jason Wang <jasowang@redhat.com>
Signed-off-by: Mao Zhongyi <maozy.fnst@cn.fujitsu.com>
Signed-off-by: Zhang Chen <zhangckid@gmail.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2017-11-13 15:46:37 +08:00
Jens Freimann
ff86d57625 net: fix check for number of parameters to -netdev socket
Since commit 0f8c289ad "net: fix -netdev socket,fd= for UDP sockets"
we allow more than one parameter for -netdev socket. But now
we run into an assert when no parameter at all is specified

> qemu-system-x86_64 -netdev socket
socket.c:729: net_init_socket: Assertion `sock->has_udp' failed.

Fix this by reverting the change of the if condition done in 0f8c289ad.

Cc: Jason Wang <jasowang@redhat.com>
Cc: qemu-stable@nongnu.org
Fixes: 0f8c289ad5
Reported-by: Mao Zhongyi <maozy.fnst@cn.fujitsu.com>
Signed-off-by: Jens Freimann <jfreimann@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2017-11-13 15:46:37 +08:00
Peter Maydell
53fb28d10d Pull request
v2:
  * v1 emails 2/3 and 3/3 weren't sent due to an email failure
  * Included Sergio's updated wording in the commit description
 -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJaA1cBAAoJEJykq7OBq3PIj30IAKezw19VQGkiTlAMIOYRTthR
 wS3LvMy7RZHrgu2lt/UWi8dSV3LP/lHgYVNg2ub8lMYU9Oa6Pvf+kFE7+uX5/lSj
 evfHTeUprEOS3JxDY6V1YFbvJ9ImsIAFKm7B2LIUzIdwhWkWKC3l2/iHoZ+IdYlm
 8m8P64HQEAva7XAgoO8OBq/FMFNuKFUX1LJH89BOMVqefccG2Mj0CRY/TkOSL7LR
 9rYtWS/WalY593bzu0R8G/W6ta8wL9SE6mXGwlvd3GZq2o2c++lheLjpH0x/7702
 f/yZog+T1devVKk+FzDdG1B8acCSW62V2O5ucm3pNFFSXPKkUtxAEOpRKYngl9M=
 =YBHk
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging

Pull request

v2:
 * v1 emails 2/3 and 3/3 weren't sent due to an email failure
 * Included Sergio's updated wording in the commit description

# gpg: Signature made Wed 08 Nov 2017 19:12:01 GMT
# gpg:                using RSA key 0x9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35  775A 9CA4 ABB3 81AB 73C8

* remotes/stefanha/tags/block-pull-request:
  util/async: use atomic_mb_set in qemu_bh_cancel
  tests-aio-multithread: fix /aio/multi/schedule race condition

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-10 17:25:15 +00:00
Peter Maydell
4ffa88c99c Merge qcrypto 2017/11/08 v1
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABCAAGBQJaAuU+AAoJEL6G67QVEE/fsnkP/jdqkt5suVfAgGHIi4nsUNZI
 eaKuOEX26rIy6oaX11XmsEdLtxWMkEN2PaaD9axBbxhhfi1SuXY757Zgfhv3OV86
 sYWfvdCilkOY2sgU/xPLwh9NP/JaomYxFJvEBBTVUqd/QF/r3f0URTPipg+qiwWM
 EFtLi39+Tfmsjd6AsgLif0yXQTSEVWYUpCDC3whYDG+5xk8x3wgKCKNpYmk+cc8n
 SoUUP8njEX6jrqgF9syiSDrz3fLOebhdyA91K6RiCyuMHG/J+dyQ8ZywapTdhjlA
 lwfdyzbFxgcMj6tEUMv1UL40LiA5TRhBXxbfmMP3Ah84yONQI3HeONi6axGpxQF5
 MLaBPc06sNx8bokgK+SOVOx61DPRhiUcVHeYlOYyaaJG9bFaTYvhi/nDqjcPYRsk
 z+x2Gn5t5xikX0kFFZKZKXmdbDKGhTQvNT5Zbfv4+F7JYrqHJIS/LIvF4E6bxMT6
 t93eL+AIq+2lZ1cbmJNGanPinppMZb0nPnPumqTRLmlSEC799Y0ANIJ4SA+xrGec
 FV8EDcijs0Tmto9eYkBfaqFvHnsWKn7KQtGzstKvq4vMWc1Dc3oaNM/zhuE0ifJF
 U9L1gRwCFfM2RoeUVIwBUCDfnCDEx45xOwSctmQW0v9H+1ZiSDNFO4KqIrvNGg+M
 xF15fh/59fUYE/yP7g2w
 =+xi3
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/berrange/tags/pull-qcrypto-2017-11-08-1' into staging

Merge qcrypto 2017/11/08 v1

# gpg: Signature made Wed 08 Nov 2017 11:06:38 GMT
# gpg:                using RSA key 0xBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>"
# gpg:                 aka "Daniel P. Berrange <berrange@redhat.com>"
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E  8E3F BE86 EBB4 1510 4FDF

* remotes/berrange/tags/pull-qcrypto-2017-11-08-1:
  crypto: afalg: fix a NULL pointer dereference
  tests: Run the luks tests in test-crypto-block only if encryption is available

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-10 16:01:35 +00:00
Peter Maydell
6058bfb00a ppc patch queue 2017-11-08
Here's the current set of accumulated ppc patches for qemu-2.11.
 Since we're now in hard freeze these are all bugfixes (although some
 fix a bug by way of a cleanup).
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEdfRlhq5hpmzETofcbDjKyiDZs5IFAloCu/4ACgkQbDjKyiDZ
 s5J6Rg/9EAvtmp6LZPi8B0rr7GPhIXFIKkYL1u1K7QKLwPqH26bboB9Wji6TY296
 TtnJ/NRzv73Lw1ehKSf4i/TWYYX6JCBZtQVP1x35plTLJaPA7Zy5vOFbH2NTGkDs
 YMEu7QHJEJavIM7c7lC6KdSnaL4wB34KFoHAO564pAndbBXHocdXhWo8w+AUtRP1
 v8IrnWr/ageb+Pc5PXgkTFIrtqtXNfvSxiRjd6derBVdx0dtUxM1k/mlQ2rBTfhQ
 h8GmbdUMVKva9TDWbzOxylcuf0v1IQTC+S6P1LPvFvjxjtDnPBunvfiCNb2C3GZ8
 sY3lsnvatqrOSBMIv69GCuM0PWK5NY5/Vz/3eYfBA4vCLu8IRrfLyUPONcPiSyOt
 hDDSOmEUKfC9isOEui5o2J50h0/YXo1Aa6+l2shtgoDeM8wnFkNQJWyHz1eqwkTy
 WE9VFq1pjtFjbZS4hY4ANoXpHg6ylFS+quD1LcYqm4hxAQGcl8XlqkGg7hnulyiS
 aUIr99ICd8SkoyDauAUROz2+8ppbkRZI0fRQb98rMZS2m6fhbnZpOMFRv9asVY/Z
 04HyjC1/hklmnGpBSW/kV6n0Ib/oGqI4E7KGQ5zWsxP7TmAuKNDafTx7646ajVGn
 QpePaIDKBGxbXqt6gXDVmVNkeL+ayIAv/yqnMwd3yo46Sl0784s=
 =ogfh
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.11-20171108' into staging

ppc patch queue 2017-11-08

Here's the current set of accumulated ppc patches for qemu-2.11.
Since we're now in hard freeze these are all bugfixes (although some
fix a bug by way of a cleanup).

# gpg: Signature made Wed 08 Nov 2017 08:10:38 GMT
# gpg:                using RSA key 0x6C38CACA20D9B392
# gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>"
# gpg:                 aka "David Gibson (Red Hat) <dgibson@redhat.com>"
# gpg:                 aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>"
# gpg:                 aka "David Gibson (kernel.org) <dwg@kernel.org>"
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 B392

* remotes/dgibson/tags/ppc-for-2.11-20171108:
  e500: ppce500_init_mpic() return device instead of IRQ array
  hw/display/sm501: Fix comment in sm501_sysbus_class_init()
  ppc: fix setting of compat mode

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-10 15:05:56 +00:00
Philippe Mathieu-Daudé
2e9a856570 ui: use QEMU_IS_ALIGNED macro
Applied using the Coccinelle semantic patch scripts/coccinelle/use_osdep.cocci

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20170718061005.29518-9-f4bug@amsat.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2017-11-10 14:27:29 +01:00
Philippe Mathieu-Daudé
cf7040e284 vmsvga: use ARRAY_SIZE macro
Applied using the Coccinelle semantic patch scripts/coccinelle/use_osdep.cocci

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20170718061005.29518-23-f4bug@amsat.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2017-11-10 14:25:56 +01:00
Gerd Hoffmann
115788d7a7 vga: fix region checks in wraparound case
Cc: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-id: 20171030102830.4469-1-kraxel@redhat.com
2017-11-10 11:26:55 +01:00
Gerd Hoffmann
777c5f1e43 ui: fix dcl unregister
register checks for dcl->ds being NULL, to avoid registering
the same dcl twice.

Therefore dcl->ds must be cleared on unregister, otherwise
un-registering and re-registering doesn't work.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1510809
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20171109105154.29414-1-kraxel@redhat.com
2017-11-10 11:06:43 +01:00
Tao Wu
c53f5b89f1 virtio-gpu: fix bug in host memory calculation.
The old code treats bits as bytes when calculating host memory usage.
Change it to be consistent with allocation logic in pixman library.

Signed-off-by: Tao Wu <lepton@google.com>
Message-Id: <20171109181741.31318-1-lepton@google.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2017-11-10 11:05:19 +01:00
Tao Wu
990132cda9 slirp: don't zero the whole ti_i when m == NULL
98c63057d2 ('slirp: Factorizing
tcpiphdr structure with an union') introduced a memset call to clear
possibly-undefined fields in ti. This however overwrites src/dst/pr which
are used below.

So let us clear only the unused fields.

This should fix some rare cases (some RST cases, keep alive probes)
where packets would be sent to 0.0.0.0.

Signed-off-by: Tao Wu <lepton@google.com>
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
2017-11-09 18:59:22 +01:00
Eric Blake
ef8c887ee0 nbd/server: Fix structured read of length 0
The NBD spec was recently clarified to state that a read of length 0
should not be attempted by a compliant client; but that a server must
still handle it correctly in an unspecified manner (that is, either
a successful no-op or an error reply, but not a crash) [1].  However,
it also implies that NBD_REPLY_TYPE_OFFSET_DATA must have a non-zero
payload length, but our existing code was replying with a chunk
that a picky client could reject as invalid because it was missing
a payload (our own client implementation was recently patched to be
that picky, after first fixing it to not send 0-length requests).

We are already doing successful no-ops for 0-length writes and for
non-structured reads; so for consistency, we want structured reply
reads to also be a no-op.  The easiest way to do this is to return
a NBD_REPLY_TYPE_NONE chunk; this is best done via a new helper
function (especially since future patches for other structured
replies may benefit from using the same helper).

[1] https://github.com/NetworkBlockDevice/nbd/commit/ee926037

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20171108215703.9295-8-eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
2017-11-09 10:25:11 -06:00
Eric Blake
b4176cb314 nbd-client: Stricter enforcing of structured reply spec
Ensure that the server is not sending unexpected chunk lengths
for either the NONE or the OFFSET_DATA chunk, nor unexpected
hole length for OFFSET_HOLE.  This will flag any server as
broken that responds to a zero-length read with an OFFSET_DATA
(what our server currently does, but that's about to be fixed)
or with OFFSET_HOLE, even though we previously fixed our client
to never be able to send such a request over the wire.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20171108215703.9295-7-eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
2017-11-09 10:22:26 -06:00
Eric Blake
9d8f818cde nbd-client: Short-circuit 0-length operations
The NBD spec was recently clarified to state that clients should
not send 0-length requests to the server, as the server behavior
is undefined [1].  We know that qemu-nbd's behavior is a successful
no-op (once it has filtered for read-only exports), but other NBD
implementations might return an error.  To avoid any questionable
server implementations, it is better to just short-circuit such
requests on the client side (we are relying on the block layer to
already filter out requests such as invalid offset, write to a
read-only volume, and so forth); do the short-circuit as late as
possible to still benefit from protections from assertions that
the block layer is not violating our assumptions.

[1] https://github.com/NetworkBlockDevice/nbd/commit/ee926037

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20171108215703.9295-6-eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
2017-11-09 10:18:31 -06:00
Eric Blake
efdc0c103d nbd: Fix struct name for structured reads
A closer read of the NBD spec shows that a structured reply chunk
for a hole is not quite identical to the prefix of a data chunk,
because the hole has to also send a 32-bit size field.  Although
we do not yet send holes, we should fix the misleading information
in our header and make it easier for a future patch to support
sparse reads.  Messed up in commit bae245d1.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20171108215703.9295-5-eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
2017-11-09 10:17:12 -06:00
Eric Blake
079d3266c7 nbd/client: Nicer trace of structured reply
It's useful to know which structured reply chunk is being processed.
Missed in commit d2febedb.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20171108215703.9295-4-eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
2017-11-09 10:16:45 -06:00
Eric Blake
1104d83c72 nbd-client: Refuse read-only client with BDRV_O_RDWR
The NBD spec says that clients should not try to write/trim to
an export advertised as read-only by the server.  But we failed
to check that, and would allow the block layer to use NBD with
BDRV_O_RDWR even when the server is read-only, which meant we
were depending on the server sending a proper EPERM failure for
various commands, and also exposes a leaky abstraction: using
qemu-io in read-write mode would succeed on 'w -z 0 0' because
of local short-circuiting logic, but 'w 0 0' would send a
request over the wire (where it then depends on the server, and
fails at least for qemu-nbd but might pass for other NBD
implementations).

With this patch, a client MUST request read-only mode to access
a server that is doing a read-only export, or else it will get
a message like:

can't open device nbd://localhost:10809/foo: request for write access conflicts with read-only export

It is no longer possible to even attempt writes over the wire
(including the corner case of 0-length writes), because the block
layer enforces the explicit read-only request; this matches the
behavior of qcow2 when backed by a read-only POSIX file.

Fix several iotests to comply with the new behavior (since
qemu-nbd of an internal snapshot, as well as nbd-server-add over QMP,
default to a read-only export, we must tell blockdev-add/qemu-io to
set up a read-only client).

CC: qemu-stable@nongnu.org
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20171108215703.9295-3-eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
2017-11-09 10:10:17 -06:00
Eric Blake
e659fb3b99 nbd-client: Fix error message typos
Provide missing spaces that are required when using string
concatenation to break error messages across source lines.
Introduced in commit f140e300.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20171108215703.9295-2-eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
2017-11-09 10:09:38 -06:00
Richard Henderson
fdaae35143 target/s390x: Finish implementing RISBGN
We added the entry to insn-data.def, but failed to update op_risbg
to match.  No need to special-case the imask inversion, since that
is already ~0 for RISBG (and now RISBGN).

Fixes: 375ee58bed
Fixes: https://bugs.launchpad.net/qemu/+bug/1701798 (s390x part)
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20171107145546.767-1-richard.henderson@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Tested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-11-09 10:36:06 +01:00
Alistair Francis
9f81aeb5da Makefile: Capstone: Add support for cross compile ranlib
When cross compiling QEMU for Windows we need to specify the cross
version of ranlib to avoid build errors when building capstone. This
patch ensures we use the same cross prefix on ranlib as other toolchain
components.

- Fedora23 mingw
- RHEL-7.2 with mingw packages from epel:

   LINK    qemu-img.exe
 build-win64/capstone/capstone.lib: error adding symbols: Archive has no
index; run ranlib to add one
 collect2: error: ld returned 1 exit status

$ x86_64-w64-mingw32-ar --version
GNU ar (GNU Binutils) 2.25

Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <e457d4e906dceea4de6c3431813a06b137c1ab9c.1510103351.git.alistair.francis@xilinx.com>
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2017-11-09 08:47:14 +01:00
Richard Henderson
15fa1a0ae0 disas: Dump insn bytes along with capstone disassembly
This feature is present for some targets in the bfd disassembler(s).
Implement it generically for all capstone users.

Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2017-11-09 08:46:38 +01:00
Vladimir Sementsov-Ogievskiy
46321d6b5f nbd/server: fix nbd_negotiate_handle_info
namelen should be here, length is unrelated, and always 0 at this
point.  Broken in introduction in commit f37708f6, but mostly
harmless (replying with '' as the name does not violate protocol,
and does not confuse qemu as the nbd client since our implementation
does not ask for the name; but might confuse some other client that
does ask for the name especially if the default export is different
than the export name being queried).

Adding an assert makes it obvious that we are not skipping any bytes
in the client's message, as well as making it obvious that we were
using the wrong variable.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
CC: qemu-stable@nongnu.org
Message-Id: <20171101154204.27146-1-vsementsov@virtuozzo.com>
[eblake: improve commit message, squash in assert addition]
Signed-off-by: Eric Blake <eblake@redhat.com>
2017-11-08 16:32:26 -06:00
Sergio Lopez
ef6dada8b4 util/async: use atomic_mb_set in qemu_bh_cancel
Commit b7a745d added a qemu_bh_cancel call to the completion function
as an optimization to prevent it from unnecessarily rescheduling itself.

This completion function is scheduled from worker_thread, after setting
the state of a ThreadPoolElement to THREAD_DONE.

This was considered to be safe, as the completion function restarts the
loop just after the call to qemu_bh_cancel. But, as this loop lacks a HW
memory barrier, the read of req->state may actually happen _before_ the
call, seeing it still as THREAD_QUEUED, and ending the completion
function without having processed a pending TPE linked at pool->head:

         worker thread             |            I/O thread
------------------------------------------------------------------------
                                   | speculatively read req->state
req->state = THREAD_DONE;          |
qemu_bh_schedule(p->completion_bh) |
  bh->scheduled = 1;               |
                                   | qemu_bh_cancel(p->completion_bh)
                                   |   bh->scheduled = 0;
                                   | if (req->state == THREAD_DONE)
                                   |   // sees THREAD_QUEUED

The source of the misunderstanding was that qemu_bh_cancel is now being
used by the _consumer_ rather than the producer, and therefore now needs
to have acquire semantics just like e.g. aio_bh_poll.

In some situations, if there are no other independent requests in the
same aio context that could eventually trigger the scheduling of the
completion function, the omitted TPE and all operations pending on it
will get stuck forever.

[Added Sergio's updated wording about the HW memory barrier.
--Stefan]

Signed-off-by: Sergio Lopez <slp@redhat.com>
Message-id: 20171108063447.2842-1-slp@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-11-08 19:09:15 +00:00
Longpeng
f1710638ed crypto: afalg: fix a NULL pointer dereference
Test-crypto-hash calls qcrypto_hash_bytesv/digest/base64 with
errp=NULL, this will cause a NULL pointer dereference if afalg_driver
doesn't support requested algos:

    ret = qcrypto_hash_afalg_driver.hash_bytesv(alg, iov, niov,
                                                result, resultlen,
                                                errp);
    if (ret == 0) {
        return ret;
    }

    error_free(*errp);  // <--- here

Because the error message is thrown away immediately, we should
just pass NULL to hash_bytesv(). There is also the same problem in
afalg-backend cipher & hmac, let's fix them together.

Reviewed-by: Eric Blake <eblake@redhat.com>
Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Longpeng <longpeng2@huawei.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-11-08 11:05:09 +00:00
Thomas Huth
b417a7624c tests: Run the luks tests in test-crypto-block only if encryption is available
The test-crypto-block currently fails if encryption has not been
compiled into QEMU:

TEST: tests/test-crypto-block... (pid=22231)
  /crypto/block/qcow:                                                  OK
  /crypto/block/luks/default:
  Unexpected error in qcrypto_pbkdf2() at qemu/crypto/pbkdf-stub.c:41:
FAIL
GTester: last random seed: R02Sbbb5b6f299c6727f41bb50ba4aa6ef5c
(pid=22237)
  /crypto/block/luks/aes-256-cbc-plain64:
  Unexpected error in qcrypto_pbkdf2() at qemu/crypto/pbkdf-stub.c:41:
FAIL
GTester: last random seed: R02S3e27992a5ab4cc95e141c4ed3c7f0d2e
(pid=22239)
  /crypto/block/luks/aes-256-cbc-essiv:
  Unexpected error in qcrypto_pbkdf2() at qemu/crypto/pbkdf-stub.c:41:
FAIL
GTester: last random seed: R02S51b52bb02a66c42d8b331fd305384f53
(pid=22241)
FAIL: tests/test-crypto-block

So run the luks test only if the required encryption support is available.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-11-08 11:03:46 +00:00
Christian Borntraeger
2c28c49057 s390x/pci: let pci devices start in configured mode
Currently, to enable a pci device in the guest, the user has to issue
echo 1 > /sys/bus/pci/slots/00000000/power. This is not what people
expect. On an LPAR, the user can put a PCI device in configured or
deconfigured state via IOCDS. The "start in deconfigured state" can be
used for "sharing" a pci function across LPARs. This is not what we are
going to use in KVM, so always start configured.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Acked-by: Yi Min Zhao <zyimin@linux.vnet.ibm.com>
Reviewed-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
Message-Id: <20171107175455.73793-2-borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-11-08 12:00:08 +01:00
Stefan Hajnoczi
fb0c43f34e tests-aio-multithread: fix /aio/multi/schedule race condition
test_multi_co_schedule_entry() set to_schedule[id] in the final loop
iteration before terminating the coroutine.  There is a race condition
where the main thread attempts to enter the terminating or terminated
coroutine when signalling coroutines to stop:

  atomic_mb_set(&now_stopping, true);
  for (i = 0; i < NUM_CONTEXTS; i++) {
      ctx_run(i, finish_cb, NULL);  <--- enters dead coroutine!
      to_schedule[i] = NULL;
  }

Make sure only to set to_schedule[id] if this coroutine really needs to
be scheduled!

Reported-by: "R.Nageswara Sastry" <nasastry@in.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 20171106190233.1175-1-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-11-08 09:22:55 +00:00
Philippe Mathieu-Daudé
6423795efc docker: correctly escape $BACKEND in the help output
In Makefiles the $ must be escaped as $$ in shell uses.

Since 8a2390a4f4:

 $ make docker
     [...]
     NETWORK=1            Enable virtual network interface with default backend.
     NETWORK=ACKEND     Enable virtual network interface with ACKEND.

Once escaped:

 $ make docker
     [...]
     NETWORK=1            Enable virtual network interface with default backend.
     NETWORK=$BACKEND     Enable virtual network interface with $BACKEND.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-Id: <20171108024719.8389-1-f4bug@amsat.org>
Signed-off-by: Fam Zheng <famz@redhat.com>
2017-11-08 10:59:42 +08:00
Fam Zheng
c1958e9d54 docker: Improved image checksum
When a base image locally defined by QEMU, such as in the debian images,
is updated, the dockerfile checksum mechanism in docker.py still skips
updating the derived image, because it only looks at the literal content
of the dockerfile, without considering changes to the base image.

For example we have a recent fix e58c1f9b35 that fixed
debian-win64-cross by updating its base image, debian8-mxe, but due to
above "feature" of docker.py the image in question is automatically NOT
rebuilt unless you add NOCACHE=1. It is noticed on Shippable:

https://app.shippable.com/github/qemu/qemu/runs/541/2/console

because after the fix is merged, the error still occurs, and the log
shows the container image is, as explained above, not updated.

This is because at the time docker.py was written, there wasn't any
dependencies between QEMU's docker images.

Now improve this to preprocess any "FROM qemu:*" directives in the
dockerfiles while doing checksum, and inline the base image's dockerfile
content, recursively. This ensures any changes on the depended _QEMU_
images are taken into account.

This means for external images that we expect to retrieve from docker
registries, we still do it as before. It is not perfect, because
registry images can get updated too. Technically we could substitute the
image name with its hex ID as obtained with $(docker images $IMAGE
--format="{{.Id}}"), but --format is not supported by RHEL 7, so leave
it for now.

Reported-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-Id: <20171103131229.4737-1-famz@redhat.com>
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Fam Zheng <famz@redhat.com>
2017-11-08 10:59:21 +08:00
Michael Davidsaver
c91c187f71 e500: ppce500_init_mpic() return device instead of IRQ array
Actual number of interrupt pins isn't known
in ppce500_init_mpic() so a hardcoded number
was used, which causes a crash with older openpic.

Instead, return the DeviceState* and change ppce500_init()
to call qdev_get_gpio_in() to get only the irq pins
which are needed.

Signed-off-by: Michael Davidsaver <mdavidsaver@gmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-11-08 13:21:37 +11:00
Thomas Huth
79b217dedb hw/display/sm501: Fix comment in sm501_sysbus_class_init()
The "cannot_instantiate_with_device_add_yet" flag has been renamed
to "user_creatable" a while ago.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-11-08 13:21:37 +11:00
Greg Kurz
e4f0c6bb1a ppc: fix setting of compat mode
While trying to make KVM PR usable again, commit 5dfaa532ae introduced a
regression: the current compat_pvr value is passed to KVM instead of the
new one. This means that we always pass 0 instead of the max-cpu-compat
PVR during the initial machine reset. And at CAS time, we either pass
the PVR from the command line or even don't call kvmppc_set_compat() at
all, ie, the PCR will not be set as expected.

For example if we start a big endian fedora26 guest in power7 compat
mode on a POWER8 host, we get this in the guest:

$ cat /proc/cpuinfo
processor       : 0
cpu             : POWER7 (architected), altivec supported
clock           : 4024.000000MHz
revision        : 2.0 (pvr 004d 0200)

timebase        : 512000000
platform        : pSeries
model           : IBM pSeries (emulated by qemu)
machine         : CHRP IBM pSeries (emulated by qemu)
MMU             : Hash

but the guest can still execute POWER8 instructions, and the following
program succeeds:

int main()
{
        asm("vncipher 0,0,0"); // ISA 2.07 instruction
}

Let's pass the new compat_pvr to kvmppc_set_compat() and the program fails
with SIGILL as expected.

Reported-by: Nageswara R Sastry <rnsastry@linux.vnet.ibm.com>
Signed-off-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-11-08 13:21:37 +11:00
Peter Maydell
78bfef72fb linux-user: Handle rt_sigaction correctly for SPARC
SPARC is like Alpha in its handling of the rt_sigaction syscall:
it takes an extra parameter 'restorer' which needs to be copied
into the sa_restorer field of the sigaction struct. The order
of the arguments differs slightly between SPARC and Alpha but
the implementation is otherwise the same. (Compare the
rt_sigaction() functions in arch/sparc/kernel/sys_sparc_64.c
and arch/alpha/kernel/signal.c.)

Note that this change is somewhat moot until SPARC acquires
support for actually delivering RT signals.

Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
2017-11-07 21:59:51 +02:00
Peter Maydell
8d8cb956e0 linux-user/sparc: Put address for data faults where linux-user expects it
In the user-mode-only version of sparc_cpu_handle_mmu_fault(),
we must save the fault address for a data fault into the CPU
state's mmu registers, because the code in linux-user/main.c
expects to find it there in order to populate the si_addr
field of the guest siginfo.

Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
2017-11-07 21:59:18 +02:00
Peter Maydell
15e692a6fc linux-user/ppc: Report correct fault address for data faults
For faults on loads and stores, ppc_cpu_handle_mmu_fault() in
target/ppc/user_only_helper.c stores the offending address
in env->spr[SPR_DAR]. Report this correctly to the guest
in si_addr, rather than incorrectly using the address of the
instruction that caused the fault.

This fixes the test case in
https://bugs.launchpad.net/qemu/+bug/1077116
for ppc, ppc64 and ppc64le.

Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
2017-11-07 21:58:43 +02:00
Peter Maydell
f2d34df3c1 linux-user/s390x: Mask si_addr for SIGSEGV
For s390x, the address passed to a signal handler in the
siginfo_t si_addr field is masked (in the kernel this is done in
do_sigbus() and do_sigsegv() in arch/s390/mm/fault.c). Implement
this architecture-specific oddity in linux-user.

This is one of the issues described in
https://bugs.launchpad.net/qemu/+bug/1705118

Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
2017-11-07 21:58:13 +02:00
James Cowgill
a8b154a637 linux-user: return EINVAL from prctl(PR_*_SECCOMP)
If an application tries to install a seccomp filter using
prctl(PR_SET_SECCOMP), the filter is likely for the target instead of the host
architecture. This will probably cause qemu to be immediately killed when it
executes another syscall.

Prevent this from happening by returning EINVAL from both seccomp prctl
calls. This is the error returned by the kernel when seccomp support is
disabled.

Fixes: https://bugs.launchpad.net/qemu/+bug/1726394
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: James Cowgill <james.cowgill@mips.com>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
2017-11-07 21:58:13 +02:00
Emilio G. Cota
a4dd3d5172 linux-user: fix 'finshed' typo in comment
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
2017-11-07 21:58:13 +02:00
James Clarke
8bf8e9df4a linux-user/syscall.c: Handle SH4's exceptional alignment for p{read, write}64
Fixes: https://bugs.launchpad.net/qemu/+bug/1716767
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-By: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Signed-off-by: James Clarke <jrtc27@jrtc27.com>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
2017-11-07 21:58:13 +02:00
Helge Deller
541e169042 linux-user: Handle TARGET_MAP_STACK and TARGET_MAP_HUGETLB
Add the missing defines and for TARGET_MAP_STACK and TARGET_MAP_HUGETLB
for alpha, mips, ppc, x86, hppa.  Fix the mmap_flags translation table
to translate MAP_HUGETLB between host and target architecture, and to
drop MAP_STACK.

Signed-off-by: Helge Deller <deller@gmx.de>
Message-Id: <20170311183016.GA20514@ls3530.fritz.box>
[rth: Drop MAP_STACK instead of translating it, since it is ignored
in the kernel anyway.  Fix tabs to spaces.]
Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
2017-11-07 21:58:13 +02:00
Helge Deller
3d60c84dea linux-user/hppa: Fix TARGET_F_RDLCK, TARGET_F_WRLCK, TARGET_F_UNLCK
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Message-ID: <20170311175019.GA7195@ls3530.fritz.box>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
2017-11-07 21:58:13 +02:00
Helge Deller
e65be6a7cf linux-user/hppa: Fix TARGET_MAP_TYPE
TARGET_MAP_TYPE needs to be 0x03 instead of 0x0f on the hppa
architecture, otherwise it conflicts with MAP_FIXED which is 0x04.

Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Message-ID: <20170311175019.GA7195@ls3530.fritz.box>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
2017-11-07 21:58:13 +02:00