Recently introduced FUA support also gave us a use-after-free
of the BlockAcctCookie within a SCSIDiskReq, due to unbalanced
reference counting.
The patch fixes this by making scsi_do_read look like a combination
of scsi_*_complete + scsi_*_data. It does both a ref (like
scsi_read_data) and an unref (like scsi_flush_complete).
Reported-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Update the configure test for libiscsi support to detect version 1.3
or later. Version 1.3 of libiscsi provides both READCAPACITY16 as well
as UNMAP commands.
Update the iscsi block layer to use READCAPACITY16 to detect the size of
the LUN instead of READCAPACITY10. This allows support for LUNs larger
than 2TB.
Update to implement bdrv_aio_discard() using the UNMAP command.
This allows us to use thin-provisioned LUNs from TGTD and other iSCSI
targets that support thin-provisioning.
Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
[squashed in subsequent patch from Ronnie to fix off-by-one in LBA count]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Improve the emulation of /proc/self/maps by reading the underlying
host maps file and passing lines through with addresses adjusted
to be guest addresses. This is necessary to avoid false triggers
of the glibc check that a format string containing '%n' is not in
writable memory. (For an example see the bug reported in
https://bugs.launchpad.net/qemu-linaro/+bug/947888 where gpg aborts.)
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
After all target CPUs have been QOM'ified, we no longer need an #ifdef
to switch between object_delete() and g_free() in NPTL thread exit.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Add mouse_mode, either server or mouse, to qmp and hmp commands, based
on spice_server_is_server_mouse added in spice-server 0.10.3.
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Requiring spice-server >= 0.8.2 is not enough since spice-server.pc
doesn't require spice-protocol (any version). Until that is fixed
upstream an explicit requirement in qemu fixes compilation broken since
commit 2e1a98c9c1
Author: Alon Levy <alevy@redhat.com>
Date: Fri Feb 24 23:19:30 2012 +0200
qxl: introduce QXLCookie
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
timeSetEvent only accepts delays in the range which is returned by
timeGetDevCaps.
The lower limit is typically 1 (= 1 ms), so the constant value of 1
in the old code usually worked.
The upper limit can be as low as 10000 ms, so the latest changes in
QEMU's timer handling which introduced timeout values above that limit
could result in failures of timeSetEvent when the timer was re-armed.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Valgrind reported this memory leak which occured very often.
Test scenario:
qemu-system-i386 (no arguments), only BIOS started, terminate with
monitor command (quit).
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Valgrind reported this memory leak which occured a few times.
Test scenario:
qemu-system-i386 (no arguments), only BIOS started, terminate with
monitor command (quit).
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Valgrind reported this memory leak which occured very often.
Test scenario:
qemu-system-i386 (no arguments), only BIOS started, terminate with
monitor command (quit).
v2:
Use error_free instead of g_free (hint from Andreas Färber, thanks).
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Acked-by: Andreas Färber <afaerber@suse.de>
SYS_OPEN is already defined in stdio.h of MinGW-w64,
therefore the compiler complains when building for w64.
Adding the prefix TARGET_ avoids that macro redefinition.
xtensa-semi.c also uses the same prefix (but mixed case macros
TARGET_SYS_xxx instead of TARGET_SYS_XXX).
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Acked-by: Peter Maydell <peter.maydell@linaro.org>
* kwolf/for-anthony:
ATA: Allow WIN_SECURITY_FREEZE_LOCK as nop
rbd: add discard support
qcow2: fix the return value -ENOENT -> -EEXIST
qcow2: Don't hold cache references across yield
qcow2: Remove unused parameter in do_alloc_cluster_offset
qemu-iotests: Many parallel allocating I/O requests
docs: fix one issue in qcow2 specs
block/qcow2: Add missing GCC_FMT_ATTR to function report_unsupported()
qemu-iotests: ignore fragmentation information for qed
When using Windows 8 with an AHCI disk drive, it issues a blue screen.
The reason is that WIN_SECURITY_FREEZE_LOCK / CFA_WEAR_LEVEL is not
supported by our ATA implementation, but Windows expects it to be there.
Since without security stuff implemented, the lock would be a nop anyway
and CFA_WEAR_LEVEL already is treated as a nop, let's just allow the cmd
for HD drives as well. That way Windows is happy.
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Change the write flag to an operation type in RBDAIOCB, and make the
buffer optional since discard doesn't use it.
Discard is first included in librbd 0.1.2 (which is in Ceph 0.46).
If librbd is too old, leave out qemu_rbd_aio_discard entirely,
so the old behavior is preserved.
Signed-off-by: Josh Durgin <josh.durgin@dreamhost.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
If cache references are held while the coroutine has yielded, the cache
may get used up and abort() when it can't find a free entry.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This test case manages to let qcow2 abort because its cache is used up
and it can't find free cache entries for new requests any more.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
We added image fragmentation statistics functions to qemu-img several days
ago, those patches will cause "./check -qed" failed. This patch will ignore
fragmentation statistics information of qed format, and then "./check -qed"
will work.
Signed-off-by: Dong Xu Wang <wdongxu@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* agraf/s390-for-upstream:
s390: reset avail and used index on reboot
S390: dont call system_shutdown on disabled wait
S390: remove default cdrom, sd-card and floppy support
S390: support reboot for kvm on s390
S390: reboot: reset device pages on reboot
S390: fix error handling on kernel and initrd failures
S390: fix kernel_commandline handling
* stefanha/trivial-patches:
iohandler: Use bool for boolean struct member and remove holes
async: Use bool for boolean struct members and remove a hole
configure: Fix creation of symbolic links for MinGW toolchain
* agraf/ppc-for-upstream:
linux-user: Fix invalid TARGET_ABI_BITS usage on ppc hosts
target-ppc: Some support for dumping TLB_EMB TLBs
ppce500_spin: Replace assert by hw_error (fixes compiler warning)
pseries: Fix use of global CPU state
pseries: Use the same interrupt swizzling for host bridges as p2p bridges
pseries: Implement automatic PAPR VIO address allocation
PPC: Fix up e500 cache size setting
booke:Use MMU API for creating initial mapping for secondary cpus
* mdroth/qga-pull-4-27-12:
qemu-ga: persist tracking of fsfreeze state via filesystem
qemu-ga: add a whitelist for fsfreeze-safe commands
qemu-ga: improve recovery options for fsfreeze
The smb.conf generated by the userspace networking does not include a state directory
directive. Samba therefore falls back to the default value. Since the user generally
does not have write access to this path, smbd immediately crashes.
The "state directory" option was added in Samba 3.4.0 (commit
http://gitweb.samba.org/?p=samba.git;a=commit;h=7b02e05eb64f3ffd7aa1cf027d10a7343c0da757).
This patch adds the missing option.
Signed-off-by: Nikolaus Rath <Nikolaus@rath.org>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
The "smb ports = 0" option causes recent samba versions to crash. It was
introduced in commit 157777ef3e with log message "Samba 3 support".
However, a value of 0 has never been officially supported by smb and is
also not necessary: if stdin is a socket, smb does not try to listen on
any ports and uses just stdin. This is necessary to support inetd based
operation (otherwise smbd would always fail when called from inetd,
because inetd already listens on the SMB port). Since samba has
supported inetd operation since pre-3.x, it should be safe to rely on
this feature. I have tested it with Samba 3.6.4 -- communication works
fine, and smbd is not listening on any ports.
I suspect the "smb ports = 0" hack may have been introduced when someone
tested the qemu generated samba config from the command line with "smbd
-i" and found it to fail (because then stdin isn't a socket).
Signed-off-by: Nikolaus Rath <Nikolaus@rath.org>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
When trying to evaluate the size of the _host_ type size for olddev_t,
we need to expose the host's pointer size, not the guest pointer size.
This usage got introduced accidently in commit b754e4fc1.
Fix things by not using TARGET_.*, but rather use host sizeof()
information, which gives us the correct size.
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
The default case in function spin_read should never be reached,
therefore the old code used assert(0) to abort QEMU.
This does not work when QEMU is compiled with macro NDEBUG defined.
In this case (and also when the compiler does not know that assert
never returns), there is a compiler warning because of the missing
return value.
Using hw_error allows an improved error message and aborts always.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
[agraf: use __func__]
Signed-off-by: Alexander Graf <agraf@suse.de>
Commit ed120055c7 (Implement PAPR VPA
functions for pSeries shared processor partitions) introduced the
deregister_dtl() function and typo "emv" as name of its argument.
This went unnoticed because the code in that function can access the
global variable "env" so that no build failure resulted.
Fix the argument to read "env". Resolves LP#986241.
Signed-off-by: Peter Portante <peter.portante@redhat.com>
Acked-by: Andreas Färber <afaerber@suse.de>
[agraf: fixed typo in commit message]
Signed-off-by: Alexander Graf <agraf@suse.de>
Currently the pseries PCI code uses a somewhat strange scheme of PCI irq
allocation - one per slot up to a maximum that's greater than the usual 4.
This scheme more or less worked, because we were able to tell the guest the
irq mapping in the device tree, however it's a bit odd and may break
assumptions in the future. Worse, the array used to construct the dev
tree interrupt map was mis-sized, we got away with it only because it
happened that our SPAPR_PCI_NUM_LSI value was greater than 7.
This patch changes the pseries PCI code to use the same interrupt swizzling
scheme as is standardized for PCI to PCI bridges. This makes for better
consistency, deals better with any devices which use multiple interrupt
pins and will make life easier in the future when we add passthrough of
what may be either a host bridge or a PCI to PCI bridge. This won't break
existing guests, because they don't assume a particular mapping scheme for
host bridges, but just follow what we tell them in the device tree (also
updated to match, of course). This patch also fixes the allocation of the
irq map.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
