qmp_output_get_qobject() increments the qobject's reference count. Since
we currently pass this straight into qobject_to_json() so we can feed
the data into a QMP input visitor, we never actually free the underlying
qobject when qmp_output_visitor_cleanup() is called. This causes leaks
on all of the QMP serialization tests.
Fix this by holding a pointer to the qobject and decref'ing it before
returning from qmp_deserialize().
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
qmp: fix handling of cmd with equal mark in qmp-shell
qmp-shell splits the argument and value of input command
by equal mark("="). But there are commands whose values
include equal mark themselves, and the json built by
qmp-shell will not correct. For example, when using NBD as
the target of block-backup command, the input
"block-backup target=nbd+unix:///drive0?socket=/tmp/nbd.sock"
will fail, because the json built will be as follows:
{
"execute":"block-backup",
"arguments":{"target":"nbd+unix:///drive0?socket"}
}
Fix it by joining the sections split by equal mark excluding the
first section in __build_cmd function when the length of sections
is larger than two.
Signed-off-by: zhangleiqiang <zhangleiqiang@huawei.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
# By Kevin Wolf
# Via Stefan Hajnoczi
* stefanha/block:
block: Add hint to -EFBIG error message
qcow2: Catch some L1 table index overflows
Message-id: 1368543269-29784-1-git-send-email-stefanha@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The limit of qcow2 files at least depends on the cluster size. If the
image format has a cluster_size option, suggest to increase it.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This catches the situation that is described in the bug report at
https://bugs.launchpad.net/qemu/+bug/865518 and goes like this:
$ qemu-img create -f qcow2 huge.qcow2 $((1024*1024))T
Formatting 'huge.qcow2', fmt=qcow2 size=1152921504606846976 encryption=off cluster_size=65536 lazy_refcounts=off
$ qemu-io /tmp/huge.qcow2 -c "write $((1024*1024*1024*1024*1024*1024 - 1024)) 512"
Segmentation fault
With this patch applied the segfault will be avoided, however the case
will still fail, though gracefully:
$ qemu-img create -f qcow2 /tmp/huge.qcow2 $((1024*1024))T
Formatting 'huge.qcow2', fmt=qcow2 size=1152921504606846976 encryption=off cluster_size=65536 lazy_refcounts=off
qemu-img: The image size is too large for file format 'qcow2'
Note that even long before these overflow checks kick in, you get
insanely high memory usage (up to INT_MAX * sizeof(uint64_t) = 16 GB for
the L1 table), so with somewhat smaller image sizes you'll probably see
qemu aborting for a failed g_malloc().
If you need huge image sizes, you should increase the cluster size to
the maximum of 2 MB in order to get higher limits.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
We switched from qemu_memalign to mmap() but then we don't modify
qemu_vfree() to do a munmap() over free(). Which we cannot do
because qemu_vfree() frees memory allocated by qemu_{mem,block}align.
Introduce a new function that does the munmap(), luckily the size is
available in the RAMBlock.
Reported-by: Amos Kong <akong@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Amos Kong <akong@redhat.com>
Message-id: 1368454796-14989-3-git-send-email-pbonzini@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This is preparatory to the introduction of a separate freeing API.
Reported-by: Amos Kong <akong@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Amos Kong <akong@redhat.com>
Message-id: 1368454796-14989-2-git-send-email-pbonzini@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This fixes the Home/End keys in the monitor using the GTK frontend.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-id: 1368526554-15866-1-git-send-email-kwolf@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This should fix building the GTK+ front-end on BSDs.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1368533121-30796-1-git-send-email-pbonzini@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This patch adds a small typename cache to ObjectClass. This allows
caching positive casts within each ObjectClass. Benchmarking a
PPC workload provided by Aurelien, this patch eliminates every
single g_hash_table_lookup() happening during the benchmark (which
was about 2 million per-second).
With this patch applied, I get exactly the same performance (within
the margin of error) as with --disable-qom-cast-debug.
N.B. it's safe to cache typenames only from the _assert() macros
because they are always called with string literals.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Commit 9697f5d2d3 "gtk: custom cursor support"
introduced unconditional usage of gdk_display_warp_pointer(). This function
is marked as deprecated since GTK-3.0, and triggers warning (error with -Werror)
during compilation.
Conditionally change gdk_display_warp_pointer() method usage to gdk_device_warp
usage, as suggested by compiler.
Signed-off-by: Igor Mitsyanko <i.mitsyanko@gmail.com>
Message-id: 1368197985-44608-1-git-send-email-i.mitsyanko@gmail.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This reverts commit 9953f8822c.
While Markus's analysis is entirely correct, there are 1.6 patches
that fix the bug for real and without requiring machine type hacks.
Let's think of the children who will have to read this code, and
avoid a complicated mess of semantics that differ between <1.5,
1.5, and >1.5.
Conflicts:
hw/i386/pc_piix.c
hw/i386/pc_q35.c
include/hw/i386/pc.h
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Acked-by: Anthony Liguori <aliguori@us.ibm.com>
Message-id: 1368189483-7915-1-git-send-email-pbonzini@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Cast debugging can have a substantial cost (20% or more). Instead of adding
special-cased "fast casts" in the hot paths, we can just disable it in
releases. The tracing facilities we just added make it easier to analyze
those problems that cast debugging would reveal.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1368188203-3407-7-git-send-email-pbonzini@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This provides a way to detect the cast that leads to a (reproducible)
crash even when QOM cast debugging is disabled.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1368188203-3407-6-git-send-email-pbonzini@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
For leaf classes, in many cases the callbacks will simply downcast
the object back to the original class. Add this fast path to
object_class_dynamic_cast, object_dynamic_cast will inherit it.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1368188203-3407-4-git-send-email-pbonzini@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This mimics what we do in object_dynamic_cast_assert.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1368188203-3407-3-git-send-email-pbonzini@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
# By Dong Xu Wang (2) and others
# Via Michael Tokarev
* mjt/trivial-patches-next:
osdep.h: include sys/types.h for ssize_t definition
remove double semicolons
clean unnecessary code: don't check g_strdup arg for NULL
docs: mention AddressSpaces in docs/memory.txt
audio: update documentation after removing --audio-card-list option
m25p80.c: Sync Flash chip list with Linux
bsd-user: OS-agnostic 64-bit SYSCTL types
Message-id: 518F61B9.9050803@msgid.tls.msk.ru
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
# By Hans de Goede
# Via Gerd Hoffmann
* spice/spice.v70:
qxl: Call spice_qxl_driver_unload from qxl_enter_vga_mode
Message-id: 1368093776-8949-1-git-send-email-kraxel@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
sys/types.h is taken out from "ifdef __OpenBSD__" guard. It should be
safe for other systems, according to following survey:
http://hacks.owlfolio.org/header-survey/
This fixes build for CONFIG_IOVEC-less systems (mingw).
Signed-off-by: Igor Mitsyanko <i.mitsyanko@gmail.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reported-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit 98af93fde2 removed the
--audio-card-list option in configure, and commit
8f3b664f6c always compiled in
the adlib, gus and cs4231a audio cards.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Add new devices for various manufacturers, and re-sort Spansion list to
match the order in Linux, which requires chips with a non-zero extended ID
to come first.
With this commit the outstanding differences to Linux rev 55bf75b are:
- Erase size flag differences in s25sl032p, s25sl064p, s25fl016k, s25fl064k
(These devices have only some blocks that support small erase sizes.)
- Linux lacks n25q128
- Devices without a Jedec ID have been excluded
Signed-off-by: Ed Maste <emaste@freebsd.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Use existence of type as #ifdef condition rather than FreeBSD-specific
version check, as suggested by Patrick Welche.
Also handle the signed (CTLTYPE_S64) case identically to the unsigned
(CTLTYPE_U64) case, per later patches in the FreeBSD ports tree
(emulators/qemu-devel/files/patch-z-arm-bsd-user-001).
Signed-off-by: Ed Maste <emaste@freebsd.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Fix EFLAGS corruption by ROR r8/r16 imm instruction located at the end
of the TB, similarly to commit 089305ac for the non-immediate case.
Reported-by: Hervé Poussineau <hpoussin@reactos.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
When setcond2 is rewritten into setcond, the state of the destination
temp should be reset, so that a copy of the previous value is not
used instead of the result.
Reported-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
With a SPICE_DISPLAY_CAP_MONITORS_CONFIG capable client, the client needs to
know what part of the primary to use for each monitor. If the guest driver
does not support this, the server sends messages to the client for a
single monitor spanning the entire primary.
As soon as the guest calls spice_qxl_monitors_config_async once, the server
sets the red_worker driver_has_monitors_config flag and stops doing this.
This is a problem when the driver gets unloaded, for example after a reboot
or when switching to a text vc with usermode mode-setting under Linux.
To reproduce this start a multi-mon capable Linux guest which uses
usermode mode-setting and then once X has started switch to a text vc. Note
how the client window does not only not resize, if you try to resize it
manually you always keep blackborders since the aspect is wrong.
This patch calls a new spice-server method called spice_qxl_driver_unload
which clears the driver_has_monitors_config flag inside the server, thereby
fixing this.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
# By Kevin Wolf (7) and Fam Zheng (3)
# Via Kevin Wolf
* kwolf/for-anthony:
qemu-iotests: fix 017 018 for vmdk
qemu-iotests: exclude vmdk and qcow from 043
qemu-iotests: exclude vmdk for test 042
qtest/ide-test: Test short and long PRDTs
qtest/ide-test: Add simple DMA read/write test case
qtest: Add IDE test case
libqos/pci: Enable bus mastering
ide: Reset BMIDEA bit when the bus master is stopped
de_DE.po: Add missing leading spaces
ahci: Don't allow creating slave drives
Message-id: 1368023344-29731-1-git-send-email-kwolf@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
There are several several issues in the current checking:
- The check was based on the minus of unsigned values which can overflow
- It was done after .{set|get}_config() which can lead crash when config_len
is zero since vdev->config is NULL
Fix this by:
- Validate the address in virtio_pci_config_{read|write}() before
.{set|get}_config
- Use addition instead minus to do the validation
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Petr Matousek <pmatouse@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Petr Matousek <pmatouse@redhat.com>
Message-id: 1367905369-10765-1-git-send-email-jasowang@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
mask notifiers are never called without msix,
so devices with backend masking like vhost don't work.
Call mask notifiers explicitly at
startup/cleanup to make it work.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The implementation for rldcl tried to always fetch its
parameters from the opcode, even though the opcode was
already passed in in decoded and different forms.
Use the parameters instead, fixing rldcl.
Reported-by: Torbjorn Granlund <tg@gmplib.org>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
When running an L=1 cmp instruction on a 64bit PPC CPU with SF off, it
still behaves identical to what it does when SF is on. Remove the implicit
difference in the code.
Also, on most 32bit CPUs we should always treat the compare as 32bit
compare, as the CPU will ignore the L bit. This is not true for e500mc,
but that's up for a different patch.
Reported-by: Torbjorn Granlund <tg@gmplib.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
Corner case for INSV instruction when size=32 has not been correctly
implemented. The mask for size should be one bit wider, and preparing the
filter variable should be aware of this case too.
The test for INSV has been extended to include the case that triggers the
bug.
Signed-off-by: Petar Jovanovic <petar.jovanovic@imgtec.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
The emulator needs to check in hflags if DSP unit has been turned off before
it generates code for MUL_PH, MUL_S_PH, MULQ_S_W, and MULQ_RS_W.
Signed-off-by: Petar Jovanovic <petar.jovanovic@imgtec.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
017 and 018 use /bin/mv to move base img from t.IMGFMG to t.IMGFMT.base
after filling data, this is not enough for vmdk, when t.IMGFMT is only a
description text file who points to t-{flat,s001,f001,...}.IMGFMT as
data extent, so testing such subformats alway fails on them.
This patch use the trick of temprorily changing TEST_IMG to avoid using
/bin/mv.
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
043 tests recursive backing file by changing backing file. VMDK has not
implemented this yet, and qcow1 probably never will.
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Zero sized disk is not supported by qemu vmdk driver, exclude vmdk from
the test script.
As tested on vmware-vdiskmanager and vmware workstation, zero sized disk
is not supported by vmware, either.
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This tests the behaviour of the DMA engine when the given PRDT contains
physical region descriptors for either more or less bytes than the
IDE request is for.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This adds a simple IDE test case and starts by verifying that IDENTIFY
can be successfully used and return the correct serial number, version
and the WCE flag is set for cache=writeback.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The device is supposed to reset the Bus Master IDE Active bit in the
status register when 0 is written to the Start/Stop Bus Master bit in
the command register.
In the common cases this happens automatically because bdrv_drain_all()
flushes the requests, but with a large PRDT it could remain set.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>