Include the vector registers XML file that is provided by gdb,
and can be used by the qemu gdbserver interface.
Signed-off-by: Eric Farman <farman@linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Add handling for the Store Additional Status at Address order
that exists for the Signal Processor (SIGP) instruction.
Signed-off-by: Eric Farman <farman@linux.vnet.ibm.com>
Reviewed-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Handle the actual syncing of the vector registers with kernel space,
via the get/put register IOCTLs.
The vector registers that were introduced with the z13 overlay
the existing floating point registers. FP registers 0-15 are
the high-halves of vector registers 0-15. Thus, remove the
freg fields and replace them with the equivalent vector field
to avoid errors in duplication. Moreover, synchronize either the
vector registers via kvm_sync_regs, or floating point registers
via the GET/SET FPU IOCTLs.
Signed-off-by: Eric Farman <farman@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Provide a routine to access the correct floating point register,
to simplify future expansion.
Suggested-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Eric Farman <farman@linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
This continues the IOMMU fix from 2.3, where we should not attempt
to remap the CLB or FIS RX buffers if the AHCI device is currently
running.
The same applies to migration: keep our mitts off these registers
unless the device is supposed to be on.
Does not impact backwards compatibility for the AHCI device.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1431470173-30847-2-git-send-email-jsnow@redhat.com
Similarly switch the macio IDE routines over to use the new function and
tidy-up the remaining code as required.
[Maintainer edit: printf format codes adjusted for 32/64bit. --js]
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Acked-by: John Snow <jsnow@redhat.com>
Message-id: 1425939893-14404-3-git-send-email-mark.cave-ayland@ilande.co.uk
Signed-off-by: John Snow <jsnow@redhat.com>
This considerably helps simplify the complexity of the macio read routines and
by switching macio CDROM accesses to use the new code, fixes the issue with
the CDROM device being detected intermittently by Darwin/OS X.
[Maintainer edit: printf format codes adjusted for 32/64bit. --js]
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ailande.co.uk>
Acked-by: John Snow <jsnow@redhat.com>
Message-id: 1425939893-14404-2-git-send-email-mark.cave-ayland@ilande.co.uk
Signed-off-by: John Snow <jsnow@redhat.com>
Instead of converting each byte one-at-a-time and then sending each byte
over the wire, use sprintf() to pre-compute all of the hex nibs into a
single buffer, then send the entire buffer all at once.
This gives a moderate speed boost to memread() and memwrite() functions.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1431021095-7558-2-git-send-email-jsnow@redhat.com
Where it makes sense, use the new faster primitives.
For generally small reads/writes such as for the PRDT
and FIS packets, stick with the more wasteful but
easier to debug memread/memwrite.
For ahci-test (before migration tests):
With this patch:
real 0m3.675s
user 0m2.582s
sys 0m1.718s
Without any qtest protocol improvements:
real 0m14.171s
user 0m12.072s
sys 0m12.527s
Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1430864578-22072-6-git-send-email-jsnow@redhat.com
Previously, memset was just a frontend to write() and only
stupidly sent the pattern many times across the wire.
Let's not discuss who stupidly wrote it like that in the first place.
(Hint: It was me.)
Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1430864578-22072-4-git-send-email-jsnow@redhat.com
For larger pieces of data that won't need to be debugged and
viewing the hex nibbles is unlikely to be useful, we can encode
data using base64 instead of encoding each byte as %02x, which
leads to some space savings and faster reads/writes.
For now, the default is left as hex nibbles in memwrite() and memread().
For the purposes of making qtest io easier to read and debug, some
callers may want to specify using the old encoding format for small
patches of data where the savings from base64 wouldn't be that profound.
memwrite/memread use a data encoding that takes 2x the size of the original
buffer, but base64 uses "only" (4/3)x, so for larger buffers we can save a
decent amount of time and space.
Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1430864578-22072-3-git-send-email-jsnow@redhat.com
qtest currently has a static buffer of size 1024 that if we
overflow, ignores the additional data silently which leads
to hangs or stream failures.
Use glib's string facilities to allow arbitrarily long data,
but split this off into a new function, qtest_sendf.
Static data can still be sent using qtest_send, which avoids
the malloc/copy overhead.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1430864578-22072-2-git-send-email-jsnow@redhat.com
Test migrating a halted DMA transaction.
Resume, then test data integrity.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Message-id: 1430417242-11859-10-git-send-email-jsnow@redhat.com
If we're going to test the migration of halted DMA jobs,
we should probably check to make sure we can resume them
locally as a first step.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Message-id: 1430417242-11859-9-git-send-email-jsnow@redhat.com
Use blkdebug to inject an error on first flush, then attempt to flush
on the first guest. When the error halts the VM, migrate to the
second VM, and attempt to resume the command.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Message-id: 1430417242-11859-8-git-send-email-jsnow@redhat.com
Write to one guest, migrate, and then read from the other.
adjust ahci_io to clear any buffers it creates, so that we
can use ahci_io safely on both guests knowing we are using
empty buffers and not accidentally re-using data.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Message-id: 1430417242-11859-7-git-send-email-jsnow@redhat.com
Notes:
* The migration is performed on QOSState objects.
* The migration is performed in such a way that it does not assume
consistency between the allocators attached to each. That is to say,
you can use each QOSState object completely independently and then at
an arbitrary point decide to migrate, and the destination object will
now be consistent with the memory within the source guest. The source
object that was migrated from will have a completely blank allocator.
ahci-test.c:
- verify_state is added
- ahci_migrate is added as a frontend to migrate
- test_migrate_sanity test case is added.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Message-id: 1430417242-11859-6-git-send-email-jsnow@redhat.com
Lift the flag preventing the migration of the ICH9/AHCI devices.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Message-id: 1430417242-11859-5-git-send-email-jsnow@redhat.com
libqos.c:
-set_context for addressing which commands go where
-migrate performs the actual migration
malloc.c:
- Structure of the allocator is adjusted slightly with
a second-tier malloc to make swapping around the allocators
easy when we "migrate" the lists from the source to the destination.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Message-id: 1430417242-11859-4-git-send-email-jsnow@redhat.com
|| probably does not mean the same thing as |.
Additionally, allow users to submit a prd_size of 0
to indicate that they'd like to continue using the default.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Message-id: 1430417242-11859-3-git-send-email-jsnow@redhat.com
Sometimes we want a command to halt the VM instead
of complete successfully, so it'd be nice to let the
libqos/ahci functions cope with such scenarios.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Message-id: 1430417242-11859-2-git-send-email-jsnow@redhat.com
Since we're bumping the version to 2.22+,
remove the now-stale compat functions.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1431469140-22208-2-git-send-email-jsnow@redhat.com
This provides g_ptr_array_new_with_free_func, as well as a few
other functions that we've been hacking around in glib-compat.h.
Cleaning up the compatibility headers will come later.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1431469140-22208-2-git-send-email-jsnow@redhat.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAABAgAGBQJVX0lfAAoJEH8JsnLIjy/WFloQAMFIiYVZU7HqXFJn0SpJTFuT
XeMLj1rNCWQMNnD3lrwGqRL81rZG8mH+d15gzPfL6gzxZgSIr2VfQrFjMCJHuiBG
F8CkaYnKNOqyiAHNkcVsP0Brsn7ZVKTWZzWzAdbP8eVWgjnstmwFURz56bhVyIpY
5b4atvH6GAeKrraZVTMhz1ltT6051EsH7OOYDyIFgMC6RL8X/N+34QIOY65whfqj
9vpCiajGX8deGXpGPPNTMf8Nf2J/06X2xzcIqmq/YaD5fCi7XQJAm755eHcGfKdA
HACuKNsFk6VHYeKLsB383FFGuIvYgDT3Vqh1TGCN/jYlVm0kdIKKajW2KCX90l+9
Ep8saQvWYNA6tbIW631qRM3VHWuUI80U8nlVHlNdeBeTglf3Q7QUuur8FsL7S/aR
2ij2JymPaORQ5GZAWfVWpiJd15BOW5uOeP2FpoF5kHAgt2E4KRIEmmSsWNF6L3+E
7cMrl7EknlRQNlz9//SqaSUzFhFSO0w267tpDRQmHKWLVzijo9a1AGgSR9EpqYtj
dBjvYgQQQf3aioOhzBd916qO0vMrOsD9XbmIFQAZCW9bIZ/ly9BrZGu419p2DCUs
WP45PGwG0WlEKpVAhg7jJz8df2fGh1BxXcKyWHe0BpHLnI9rAUg3YbauO3miY8vc
3xoJZqL+pYrswOdDG3HA
=x52M
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
Block layer core and image format patches
# gpg: Signature made Fri May 22 16:21:03 2015 BST using RSA key ID C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"
* remotes/kevin/tags/for-upstream: (22 commits)
MAINTAINERS: Split "Block QAPI, monitor, command line" off core
MAINTAINERS: Add header files to Block Layer Core section
tests: add test case for encrypted qcow2 read/write
qemu-io: prompt for encryption keys when required
util: allow \n to terminate password input
util: move read_password method out of qemu-img into osdep/oslib
qcow2/qcow: protect against uninitialized encryption key
qemu-iotests: Make debugging python tests easier
qemu-iotests: qemu-img info on afl VMDK image with a huge capacity
block: Detect multiplication overflow in bdrv_getlength
qemu-io: Use getopt() correctly
qcow2: style fixes in qcow2-cache.c
qcow2: make qcow2_cache_put() a void function
qcow2: use a hash to look for entries in the L2 cache
qcow2: remove qcow2_cache_find_entry_to_replace()
qcow2: use an LRU algorithm to replace entries from the L2 cache
qcow2: simplify qcow2_cache_put() and qcow2_cache_entry_mark_dirty()
qcow2: use one single memory block for the L2/refcount cache tables
vmdk: Fix overflow if l1_size is 0x20000000
vmdk: Fix next_cluster_sector for compressed write
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCgAGBQJVX0UVAAoJEArSxjlracoUHboP/1Ajq0KCGYuyTeOLcZbfSqgR
frvtEl4Js2VqJ69p3XipZ8j16Co0U+gDm6Hu7/wytGXOSAplXwvlDe+556778MpV
xVdsXoeh5X5xPMtoU3qEy6sK4bLxxmjAJtj4Ij1NojqRbRr1ZuvxxaUgB5ud1eWE
Th/HQEhquAiZTfSilqu+xAMeFfRrpPlqIKFhHHOcctEZw03v0kTEfBMXw0AR5UW2
/ytvoBtiWnME2WYIkP6odWh96RthqigKhrCPbfnTFjD5amYeeeI0R8DeRKiDEWmY
eEyddC5UcODIBfioj+aUbCf2jzu7LClu4MkyiFe0yK/SU2/Yz6v7GdgUhKsCoGAw
noYbKOgilQtMBjs6hKbfxVIMmtkfz9dJ2y62H2PUzjCnFPhluZURE96T3p/e8HUo
z3G+bTPZ69+7r4GxFMq8HpQE8hzC5xTZ8jA3bT+/8gYTyN8c0si4EF2XRBFhUm3H
cjqSg8HTmoCQAPRkF29F1BrDyH/oPji2S5xLvtI4tG/Kk13ZhOcVxKky3wcK8Onf
srCHdEsIThlMUCnAmphfqSCjliPXYmnZoGymeLfLRISPZrB4PmctTSbYdjdQU1kN
ac5xa0NsL1wmFPLl2yk7TNFFpw0v1sH0SfpdxAjjVnj8B4jNRK6hleGFjpfjzpEE
gl1/hij9FtqJPrx1Zgkz
=NjJ8
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/bkoppelmann/tags/pull-tricore-20150522' into staging
TriCore v1.6.1 ISA and missing v1.6 instructions
# gpg: Signature made Fri May 22 16:02:45 2015 BST using RSA key ID 6B69CA14
# gpg: Good signature from "Bastian Koppelmann <kbastian@mail.uni-paderborn.de>"
* remotes/bkoppelmann/tags/pull-tricore-20150522:
target-tricore: add RR_DIV and RR_DIV_U instructions of the v1.6 ISA
target-tricore: add FRET instructions of the v1.6 ISA
target-tricore: add FCALL instructions of the v1.6 ISA
target-tricore: add SYS_RESTORE instruction of the v1.6 ISA
target-tricore: add RR_CRC32 instruction of the v1.6.1 ISA
target-tricore: add SWAPMSK instructions of the v1.6.1 ISA
target-tricore: add CMPSWP instructions of the v1.6.1 ISA
target-tricore: Add SRC_MOV_E instruction of the v1.6 ISA
target-tricore: introduce ISA v1.6.1 feature
target-tricore: Add ISA v1.3.1 cpu and fix tc1796 to using v1.3
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Add a simple test case for qemu-iotests that covers read/write
with encrypted qcow2 files.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The qemu-io tool does not check if the image is encrypted so
historically would silently corrupt the sectors by writing
plain text data into them instead of cipher text. The earlier
commit turns this mistake into a fatal abort, so check for
encryption and prompt for key when required.
This enables us to add unit tests to ensure we don't break
the ability of qemu-img to convert existing encrypted qcow2
files into a non-encrypted format.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The qemu_read_password() method looks for \r to terminate the
reading of the a password. This is what will be seen when
reading the password from a TTY. When scripting though, it is
useful to be able to send the password via a pipe, in which
case we must look for \n to terminate password input.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The qemu-img.c file has a read_password() method impl that is
used to prompt for passwords on the console, with impls for
POSIX and Windows. This will be needed by qemu-io.c too, so
move it into the QEMU osdep/oslib files where it can be shared
without code duplication
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
When a qcow[2] file is opened, if the header reports an
encryption method, this is used to set the 'crypt_method_header'
field on the BDRVQcow[2]State struct, and the 'encrypted' flag
in the BDRVState struct.
When doing I/O operations, the 'crypt_method' field on the
BDRVQcow[2]State struct is checked to determine if encryption
needs to be applied.
The crypt_method_header value is copied into crypt_method when
the bdrv_set_key() method is called.
The QEMU code which opens a block device is expected to always
do a check
if (bdrv_is_encrypted(bs)) {
bdrv_set_key(bs, ....key...);
}
If code forgets to do this, then 'crypt_method' is never set
and so when I/O is performed, QEMU writes plain text data
into a sector which is expected to contain cipher text, or
when reading, will return cipher text instead of plain
text.
Change the qcow[2] code to consult bs->encrypted when deciding
whether encryption is required, and assert(s->crypt_method)
to protect against cases where the caller forgets to set the
encryption key.
Also put an assert in the set_key methods to protect against
the case where the caller sets an encryption key on a block
device that does not have encryption
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Adding "-d" option. The output goes to "tee" so it appears in your
console. Also, raise the verbosity of unnitest runner.
When testing a topic branch, it's possible that a bug introduced by a
code change makes the python test case hang, with debug output, it is
much easier to locate the problem.
This can also be helpful if you want to watch the progress of a python
test, it offers you a way to sense the speed of each test case method
you're writing.
Note: because there is no easy way to get *both* the verbose output and
the output expected by ./check comparison, the case would always fail
with an "output mismatch". The sole purpose of using this option is
giving developers a quick way to debug when things go wrong.
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The image is contributed by Richard W.M. Jones.
Cc: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Bogus image may have a large total_sectors that will overflow the
multiplication. For cleanness, fix the return code so the error message
will be meaningful.
Reported-by: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
POSIX says getopt() returns -1 on completion. While Linux happens
to define EOF as -1, this definition is not required by POSIX, and
there may be platforms where checking for EOF instead of -1 would
lead to an infinite loop.
Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Fix pointer declaration to make it consistent with the rest of the
code.
Signed-off-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This function never receives an invalid table pointer, so we can make
it void and remove all the error checking code.
Signed-off-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The current cache algorithm traverses the array starting always from
the beginning, so the average number of comparisons needed to perform
a lookup is proportional to the size of the array.
By using a hash of the offset as the starting point, lookups are
faster and independent from the array size.
The hash is computed using the cluster number of the table, multiplied
by 4 to make it perform better when there are collisions.
In my tests, using a cache with 2048 entries, this reduces the average
number of comparisons per lookup from 430 to 2.5.
Signed-off-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
A cache miss means that the whole array was traversed and the entry
we were looking for was not found, so there's no need to traverse it
again in order to select an entry to replace.
Signed-off-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The current algorithm to evict entries from the cache gives always
preference to those in the lowest positions. As the size of the cache
increases, the chances of the later elements of being removed decrease
exponentially.
In a scenario with random I/O and lots of cache misses, entries in
positions 8 and higher are rarely (if ever) evicted. This can be seen
even with the default cache size, but with larger caches the problem
becomes more obvious.
Using an LRU algorithm makes the chances of being removed from the
cache independent from the position.
Signed-off-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Since all tables are now stored together, it is possible to obtain
the position of a particular table directly from its address, so the
operation becomes O(1).
Signed-off-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The qcow2 L2/refcount cache contains one separate table for each cache
entry. Doing one allocation per table adds unnecessary overhead and it
also requires us to store the address of each table separately.
Since the size of the cache is constant during its lifetime, it's
better to have an array that contains all the tables using one single
allocation.
In my tests measuring freshly created caches with sizes 128MB (L2) and
32MB (refcount) this uses around 10MB of RAM less.
Signed-off-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Richard Jones caught this bug with afl fuzzer.
In fact, that's the only possible value to overflow (extent->l1_size =
0x20000000) l1_size:
l1_size = extent->l1_size * sizeof(long) => 0x80000000;
g_try_malloc returns NULL because l1_size is interpreted as negative
during type casting from 'int' to 'gsize', which yields a enormous
value. Hence, by coincidence, we get a "not too bad" behavior:
qemu-img: Could not open '/tmp/afl6.img': Could not open
'/tmp/afl6.img': Cannot allocate memory
Values larger than 0x20000000 will be refused by the validation in
vmdk_add_extent.
Values smaller than 0x20000000 will not overflow l1_size.
Cc: qemu-stable@nongnu.org
Reported-by: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Tested-by: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This fixes the bug introduced by commit c6ac36e (vmdk: Optimize cluster
allocation).
Sometimes, write_len could be larger than cluster size, because it
contains both data and marker. We must advance next_cluster_sector in
this case, otherwise the image gets corrupted.
Cc: qemu-stable@nongnu.org
Reported-by: Antoni Villalonga <qemu-list@friki.cat>
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The SCSI emulation in the Linux NVMe driver really wants to know
if a device has a volatile write cache. Given that qemu has moved
away from a model where we report the backing store WCE bit to
one where the WCE bit is supposed to be part of the migratable
guest-visible state we always return 1 here.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Acked-by: Keith Busch <keith.busch@intel.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Before a freed cluster can be reused, pending discards for this cluster
must be processed.
The original assumption was that this was not a problem because discards
are only cached during discard/write zeroes operations, which are
synchronous so that no concurrent write requests can cause cluster
allocations.
However, the discard/write zeroes operation itself can allocate a new L2
table (and it has to in order to put zero flags there), so make sure we
can cope with the situation.
This fixes https://bugs.launchpad.net/bugs/1349972.
Cc: qemu-stable@nongnu.org
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>