Commit Graph

48033 Commits

Author SHA1 Message Date
Max Reitz
03504d05f0 block/nbd: Store runtime option values
Store the runtime option values in the BDRVNBDState so they can later be
used in nbd_refresh_filename() without having to directly access the
options QDict which may contain values of non-string types.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-08-15 15:52:29 +02:00
Max Reitz
036990d72b block/blkdebug: Store config filename
Store the configuration file's filename so it can later be used in
bdrv_refresh_filename() without having to directly access the options
QDict which may contain a value of a non-string type.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-08-15 15:52:28 +02:00
Max Reitz
7ccc44fd7d block/nbd: Use QemuOpts for runtime options
Using QemuOpts will prevent qemu from crashing if the input options have
not been validated (which is the case when they are specified on the
command line or in a json: filename) and some have the wrong type.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-08-15 15:52:28 +02:00
Max Reitz
8a6a80896d block/ssh: Use QemuOpts for runtime options
Using QemuOpts will prevent qemu from crashing if the input options have
not been validated (which is the case when they are specified on the
command line or in a json: filename) and some have the wrong type.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-08-15 15:52:28 +02:00
Greg Kurz
e703d2f71c ppc: parse cpu features once
Considering that features are converted to global properties and
global properties are automatically applied to every new instance
of created CPU (at object_new() time), there is no point in
parsing cpu_model string every time a CPU created. So move
parsing outside CPU creation loop and do it only once.

Parsing also should be done before any CPU is created so that
features would affect the first CPU a well.

This patch does that for all PowerPC machine types.

It is based on previous work from Bharata:

https://lists.nongnu.org/archive/html/qemu-devel/2016-06/msg07564.html

Signed-off-by: Greg Kurz <groug@kaod.org>
[clg: only kept the fix for the spapr platform. support for other
      platform will be added in 2.8 ]
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Tested-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-08-13 17:32:58 +10:00
Paul Durrant
b7665c6027 xen: handle inbound migration of VMs without ioreq server pages
VMs created on older versions on Xen will not have been provisioned with
pages to support creation of non-default ioreq servers. In this case
the ioreq server API is not supported and QEMU's only option is to fall
back to using the default ioreq server pages as it did prior to
commit 3996e85c ("Xen: Use the ioreq-server API when available").

This patch therefore changes the code in xen_common.h to stop considering
a failure of xc_hvm_create_ioreq_server() as a hard failure but simply
as an indication that the guest is too old to support the ioreq server
API. Instead a boolean is set to cause reversion to old behaviour such
that the default ioreq server is then used.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>
Acked-by: Anthony PERARD <anthony.perard@citrix.com>
Acked-by: Stefano Stabellini <sstabellini@kernel.org>
2016-08-12 16:38:30 -07:00
Cao jin
c4f68f0b52 Xen: fix converity warning of xen_pt_config_init()
emu_regs is a pointer, ARRAY_SIZE doesn't return what we expect.
Since the remaining message is enough for debugging, so just remove it.
Also tweaked the message a little.

Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>
Acked-by: Stefano Stabellini <sstabellini@kernel.org>
2016-08-12 16:38:18 -07:00
Pranith Kumar
6bbbb0ac13 target-arm: Fix warn about implicit conversion
Clang warns about an implicit conversion as follows:

/mnt/devops/code/qemu/target-arm/neon_helper.c:1075:1: warning: implicit conversion from 'int' to 'int8_t' (aka 'signed char') changes value from 128 to -128 [-Wconstant-conversion]
NEON_VOP_ENV(qrshl_s8, neon_s8, 4)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/mnt/devops/code/qemu/target-arm/neon_helper.c:116:83: note: expanded from macro 'NEON_VOP_ENV'
uint32_t HELPER(glue(neon_,name))(CPUARMState *env, uint32_t arg1, uint32_t arg2) \
                                                                                  ^
/mnt/devops/code/qemu/target-arm/neon_helper.c:106:5: note: expanded from macro '\
NEON_VOP_BODY'
    NEON_DO##n; \
    ^~~~~~~~~~
<scratch space>:21:1: note: expanded from here
NEON_DO4
^~~~~~~~
/mnt/devops/code/qemu/target-arm/neon_helper.c:93:5: note: expanded from macro 'NEON_DO4'
    NEON_FN(vdest.v1, vsrc1.v1, vsrc2.v1); \
    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/mnt/devops/code/qemu/target-arm/neon_helper.c:1054:23: note: expanded from macro 'NEON_FN'
            dest = (1 << (sizeof(src1) * 8 - 1)); \
                 ~  ~~^~~~~~~~~~~~~~~~~~~~~~~~~

Fix it by casting to appropriate type.

Signed-off-by: Pranith Kumar <bobby.prani@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-08-12 11:12:24 +01:00
Laurent Vivier
e723b87103 trace-events: fix first line comment in trace-events
Documentation is docs/tracing.txt instead of docs/trace-events.txt.

find . -name trace-events -exec \
     sed -i "s?See docs/trace-events.txt for syntax documentation.?See docs/tracing.txt for syntax documentation.?" \
     {} \;

Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Message-id: 1470669081-17860-1-git-send-email-lvivier@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-08-12 10:36:01 +01:00
Peter Maydell
28b874429b Migration:
- couple of bug fixes
  - couple of typo fixes
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABCAAGBQJXrGMgAAoJEOsLTfxlfvZwcHsP/R8WMwaAHZKaZVRrKTp0vAj4
 LxSlbmDDVwK8q+gc8ARbUfmFXIWWYhGACXNu+BOuWsq0FwtbskJiCBV/hBF0OmoE
 YjMN5zpiARSbK8E+1oJ1jAA69QqttpNkq/IhpqYlrj7ehDwf384knwg9tJXmg5L0
 VYgxnBoJW8IveuEPZV4fkiohlSIFJ3G1XAYDcHbhlBtyc+TakLalRd28J6bYTZJP
 x+H55JviXXK00cEDPmi1SUQV6s2wTIruOrkds/y9eTPxKHlDw76GeDERwNczpx+7
 AgnZBwdVm4VB05PgaQNF2kBBNCjapVnh23f0wQkWe7575f6oMjQ9CWb0D/dxQDMK
 VqF7j41VWKHV8Y+UI++Zt0ojb/E2OUXi30PxVa0zHjI0ZWAaJPHXavpdQHpqaHlW
 hB4ZsZsdPsFgodyjN5Xtb3Lxcvffg6IL4DvQLvYPbYXniwS/cOo/Vtmb7N4EyxFV
 YKijA0naNweIGK1vyygJllrqWCCxen2cyDuMyunUi7aOHn3nTyvBuGMsxj1+tNuy
 +h78FMI447n7p32h5FsO0yIZ0gECIioGSDSyZ7Q3vlFrLiyrsyZVyyzveqkPQvo7
 310Ubt3J179FrUCVyt/YxpdE/t4XcbzHS9r7W1+t0uk7UC9C8gld9eQnzfkIUdYW
 92gH9xho3CYyrckV9HvH
 =eS0k
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/amit-migration/tags/migration-for-2.7-7' into staging

Migration:
 - couple of bug fixes
 - couple of typo fixes

# gpg: Signature made Thu 11 Aug 2016 12:36:00 BST
# gpg:                using RSA key 0xEB0B4DFC657EF670
# gpg: Good signature from "Amit Shah <amit@amitshah.net>"
# gpg:                 aka "Amit Shah <amit@kernel.org>"
# gpg:                 aka "Amit Shah <amitshah@gmx.net>"
# Primary key fingerprint: 48CA 3722 5FE7 F4A8 B337  2735 1E9A 3B5F 8540 83B6
#      Subkey fingerprint: CC63 D332 AB8F 4617 4529  6534 EB0B 4DFC 657E F670

* remotes/amit-migration/tags/migration-for-2.7-7:
  migration/socket: fix typo in file header
  migration: fix live migration failure with compression
  migration: mmap error check fix
  migration/ram: fix typo

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-08-11 17:53:35 +01:00
Peter Maydell
d915b7bb4c Update ancient copyright string in -version output
Currently the -version command line argument prints a string ending
with "Copyright (c) 2003-2008 Fabrice Bellard".  This is now some
eight years out of date; abstract it out of the several places that
print the string and update it to:

Copyright (c) 2003-2016 Fabrice Bellard and the QEMU Project developers

to reflect the work by all the QEMU Project contributors over the
last decade.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1470309276-5012-1-git-send-email-peter.maydell@linaro.org
2016-08-11 16:24:53 +01:00
Peter Maydell
bea048dcb9 virtio-console: fix receiving data from guest
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABCAAGBQJXrF7jAAoJEOsLTfxlfvZwGiUP/2g0/I89SuzyWHlys8KMSCtf
 v/07FcYzSCfEScBadNcAoDgByzPXwV3mWwdluxYETa+HeA88CrRnwhPc4vMh7n2e
 99+vOfYLGEgpxuOrFuzNeI2H9y5i/OZ6GkPVlGL5aKasLL/F4wl9lOu/i3//SyX0
 yGzArg3ldbdcEAGQKPELg1MK/GLwaGpgoHApAZtkgD3F7qyToWiLBCmuEc7/P0VT
 WfHaVQYizXlptPyfKk2Syl02wNaOih96aCEjItKgyZmTa3GT6K+biMI9gz8CznX9
 aVdKKvtvVIBnwsdljCcptu1rjYfDVKElFHdkQyUO3ZPE7MZWsnp3POYz8FAsTBD5
 EWc7TRAA0mM3rzbGVqwcV0qGn/uC9wNoeLKepRl9gQqeC0h2TuFu3G+pJ1eCIYfi
 P+MFY8OodCd+o0P1CHKR/Rg/g1StK2kxXfz436I/F6H5H1RgNbJnzbReM2YHfCQO
 QVSv0VartNmonOsq0RSIkffn+RMDnx+Hd5jDZiTM2saWt5Kr3ySpIoTOQ4wa1kBB
 YwUqWGLBkIiX+7Sqsz9E5rsMd4pG8OJsaMcDOrPeTwLpdZ+k61Vfrv/Uyr7hSEKD
 2Fbf+HAM8GiRH7SvblOdVoCDKSccGj50kNCuXk+EVsi9O+DbNBRPJ8BqbJf7Xlfa
 wweVRq3CPIF9AsHrA4R+
 =7jsV
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/amit/tags/vser-for-2.7-1' into staging

virtio-console: fix receiving data from guest

# gpg: Signature made Thu 11 Aug 2016 12:17:55 BST
# gpg:                using RSA key 0xEB0B4DFC657EF670
# gpg: Good signature from "Amit Shah <amit@amitshah.net>"
# gpg:                 aka "Amit Shah <amit@kernel.org>"
# gpg:                 aka "Amit Shah <amitshah@gmx.net>"
# Primary key fingerprint: 48CA 3722 5FE7 F4A8 B337  2735 1E9A 3B5F 8540 83B6
#      Subkey fingerprint: CC63 D332 AB8F 4617 4529  6534 EB0B 4DFC 657E F670

* remotes/amit/tags/vser-for-2.7-1:
  virtio-console: set frontend open permanently for console devs

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-08-11 13:26:35 +01:00
Cao jin
474c624ddf migration/socket: fix typo in file header
Code of inet socket & unix socket is merged together.
Also add some newlines, make code block well separated.

Cc: Daniel P. Berrange <berrange@redhat.com>
Cc: Juan Quintela <quintela@redhat.com>
Cc: Amit Shah <amit.shah@redhat.com>

Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
Message-Id: <1469696074-12744-4-git-send-email-caoj.fnst@cn.fujitsu.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
2016-08-11 17:03:51 +05:30
Liang Li
787d134fb1 migration: fix live migration failure with compression
Because of commit 11808bb0c4, which remove some condition checks
of 'f->ops->writev_buffer', 'qemu_put_qemu_file' should be enhanced
to clear the 'f_src->iovcnt', or 'f_src->iovcnt' may exceed the
MAX_IOV_SIZE which will break live migration. This should be fixed.

Signed-off-by: Liang Li <liang.z.li@intel.com>
Reported-by: Jinshi Zhang <jinshi.c.zhang@intel.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <1470702146-24399-1-git-send-email-liang.z.li@intel.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
2016-08-11 16:59:53 +05:30
Evgeny Yakovlev
0e8b3cdfbc migration: mmap error check fix
mmap man page:
"On success, mmap() returns a pointer to the mapped area. On error, the
value MAP_FAILED (that is, (void *) -1) is returned, and errno  is  set
to indicate the cause of the error."

The check in postcopy_get_tmp_page is definitely wrong and should be
fixed.

Signed-off-by: Evgeny Yakovlev <eyakovlev@virtuozzo.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
CC: Juan Quintela <quintela@redhat.com>
CC: Amit Shah <amit.shah@redhat.com>
Message-Id: <1469785705-16670-1-git-send-email-den@openvz.org>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
2016-08-11 16:59:38 +05:30
Cao jin
e110aa919a migration/ram: fix typo
Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
Message-Id: <1469776231-23820-1-git-send-email-caoj.fnst@cn.fujitsu.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
2016-08-11 16:59:33 +05:30
Daniel P. Berrange
bce6261eb2 virtio-console: set frontend open permanently for console devs
The virtio-console.c file handles both serial consoles
and interactive consoles, since they're backed by the
same device model.

Since serial devices are expected to be reliable and
need to notify the guest when the backend is opened
or closed, the virtio-console.c file wires up support
for chardev events. This affects both serial consoles
and interactive consoles, using a network connection
based chardev backend such as 'socket', but not when
using a PTY based backend or plain 'file' backends.

When the host side is not connected the handle_output()
method in virtio-serial-bus.c will drop any data sent
by the guest, before it even reaches the virtio-console.c
code. This means that if the chardev has a logfile
configured, the data will never get logged.

Consider for example, configuring a x86_64 guest with a
plain UART serial port

  -chardev socket,id=charserial1,host=127.0.0.1,port=9001,server,nowait,logfile=console1.log,logappend=on
  -device isa-serial,chardev=charserial1,id=serial1

vs a s390 guest which has to use the virtio-console port

  -chardev socket,id=charconsole1,host=127.0.0.1,port=9000,server,nowait,logfile=console2.log,logappend=on
  -device virtconsole,chardev=charconsole1,id=console1

The isa-serial one gets data written to the log regardless
of whether a client is connected, while the virtioconsole
one only gets data written to the log when a client is
connected.

There is no need for virtio-serial-bus.c to aggressively
drop the data for console devices, as the chardev code is
prefectly capable of discarding the data itself.

So this patch changes virtconsole devices so that they
are always marked as having the host side open. This
ensures that the guest OS will always send any data it
has (Linux virtio-console hvc driver actually ignores
the host open state and sends data regardless, but we
should not rely on that), and also prevents the
virtio-serial-bus code prematurely discarding data.

The behaviour of virtserialport devices is *not* changed,
only virtconsole, because for the former, it is important
that the guest OSknow exactly when the host side is opened
/ closed so it can do any protocol re-negotiation that may
be required.

Fixes bug: https://bugs.launchpad.net/qemu/+bug/1599214

Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <1470241360-3574-2-git-send-email-berrange@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
2016-08-11 16:38:58 +05:30
Peter Maydell
144a6db0b0 -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
 
 iQEcBAABAgAGBQJXrFT1AAoJEJykq7OBq3PIC+oH/Aq9nf1Z1knL898c0IKDfvl+
 bMkbZFB/SPKfKGjpAoPx4XkeCCVAgead1rw43K7ImXe2gTERFnxxaKmU1XgVQ7/W
 UEM+zcbyaz2bEdJl3R7GUPwqgj4vO1yp3QcvgzwuNHVvF4xqw8uPOvOOiUPAHJJg
 g7M+XNLd3ABugQtr1soq4AAOSU9yCwjCVWkpSDL3EKNO/O3B3eclVM3cJuJmjK8m
 o0Xp+Jh0Pt7+Mx2wDlB8vXxK9pKQOVWQfdsGBba0QhF8QLLFDJBhBrjbF29xkhAm
 ydOXTt/aq06PU6heaV4x/EDR++/9kapvpFC4J/Q85CDrpq7wYF/Fd7KtZSbeRic=
 =Gey8
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging

# gpg: Signature made Thu 11 Aug 2016 11:35:33 BST
# gpg:                using RSA key 0x9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35  775A 9CA4 ABB3 81AB 73C8

* remotes/stefanha/tags/block-pull-request:
  linux-aio: Handle io_submit() failure gracefully

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-08-11 11:48:46 +01:00
Kevin Wolf
44713c9e85 linux-aio: Handle io_submit() failure gracefully
It is generally not expected that io_submit() fails other than with
-EAGAIN, but corner cases like SELinux refusing I/O when permissions are
revoked are still possible. In this case, we shouldn't abort, but just
return an I/O error for the request.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-id: 1470741619-23231-1-git-send-email-kwolf@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-08-11 09:42:35 +01:00
Peter Maydell
d08306dc42 virtio/vhost: fixes
some bugfixes for virtio/vhost
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJXq0VGAAoJECgfDbjSjVRpC1sIAIJcgNiC4dj742doGGNKlIqF
 q81YTQSfdEgXIiONXAtVXaJmymsLTZqwOxb16Yxx/GwnH3butPZE85NGdAUR6WlU
 YJ5+PnTfI9Podxtulx/cy8etWoWgiD6e3AdZ7aNzB6PuTlWvECwQNZOzfwsz7fiP
 CZrpA1zGFL/CSLH64r4Uyjm+3LjP4LsQerd/oFOmr7ZlxrGIEE676D0ihyu0xcKO
 Feb8chXjA0Js/czyCXnW18pQG6E5nbJLuNTyCdc0HU22ybniI3B44jTovwqv2uGT
 tXZBIblcOf9DDNNToXGpMF1XKwJwUuIA3je1SgEm8Fnn0Wt02ZY9CULD1ZaQ/7w=
 =Qo6W
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

virtio/vhost: fixes

some bugfixes for virtio/vhost

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Wed 10 Aug 2016 16:16:22 BST
# gpg:                using RSA key 0x281F0DB8D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17  0970 C350 3912 AFBE 8E67
#      Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA  8A0D 281F 0DB8 D28D 5469

* remotes/mst/tags/for_upstream:
  vhost-user: Attempt to fix a race with set_mem_table.
  vhost-user: Introduce a new protocol feature REPLY_ACK.
  vhost: check for vhost_ops before using.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-08-10 17:14:35 +01:00
Peter Maydell
4b3e5c06a1 * pc-bios/optionrom/Makefile fixes
* warning fixes for __atomic_load and -1 << x in clang
 * missed interrupt fix from Gonglei
 * checkpatch fix from Radim and myself
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQEcBAABAgAGBQJXqzIXAAoJEL/70l94x66DKjUH/jLaufcZE3jLekhChGilN5Mp
 TVNZtsBnpYup+sgDa9u95gU6xylk9DOtledzPUnNdKZlnwamc3GluIklChpqItz0
 kMkk8YO9Fe5oIrL0llcoWuSyStZ8mU6icwrROXwfYHJMsK4D/5ZvrfJcUmMU6bxO
 iymBCoL4T6MnOwMiztWL/swCnZtnilwDbo00z1PCycGA2UE0wSLryPkgFgNrUQk6
 DiLrcPsrWxHgDHrknv5jaGKmjsN5fOaMAPJbXTXFh/QU6agUI/nqGTp54T6TuZ09
 sWijYPcpsj+6g4tqAEyM8CkIlOYywmsT7eIER3Yg6Byhu8Ce0oRzEB0sNLiUiao=
 =Z6ET
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

* pc-bios/optionrom/Makefile fixes
* warning fixes for __atomic_load and -1 << x in clang
* missed interrupt fix from Gonglei
* checkpatch fix from Radim and myself

# gpg: Signature made Wed 10 Aug 2016 14:54:31 BST
# gpg:                using RSA key 0xBFFBD25F78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream:
  checkpatch: default to success if only warnings
  checkpatch: bump most warnings to errors
  CODING_STYLE, checkpatch: update line length rules
  checkpatch: check for CVS keywords on all sources
  checkpatch: tweak the files in which TABs are checked
  timer: set vm_clock disabled default
  checkpatch: ignore automatically imported Linux headers
  clang: Fix warning reg. expansion to 'defined'
  Disable warn about left shifts of negative values
  atomic: strip "const" from variables declared with typeof
  optionrom: fix compilation with mingw docker target
  optionrom: add -fno-stack-protector
  build-sys: fix building with make CFLAGS=.. argument
  linuxboot_dma: avoid guest ABI breakage on gcc vs. clang compilation

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-08-10 15:59:08 +01:00
Prerna Saxena
28ed5ef163 vhost-user: Attempt to fix a race with set_mem_table.
The set_mem_table command currently does not seek a reply. Hence, there is
no easy way for a remote application to notify to QEMU when it finished
setting up memory, or if there were errors doing so.

As an example:
(1) Qemu sends a SET_MEM_TABLE to the backend (eg, a vhost-user net
application). SET_MEM_TABLE does not require a reply according to the spec.
(2) Qemu commits the memory to the guest.
(3) Guest issues an I/O operation over a new memory region which was configured on (1).
(4) The application has not yet remapped the memory, but it sees the I/O request.
(5) The application cannot satisfy the request because it does not know about those GPAs.

While a guaranteed fix would require a protocol extension (committed separately),
a best-effort workaround for existing applications is to send a GET_FEATURES
message before completing the vhost_user_set_mem_table() call.
Since GET_FEATURES requires a reply, an application that processes vhost-user
messages synchronously would probably have completed the SET_MEM_TABLE before replying.

Signed-off-by: Prerna Saxena <prerna.saxena@nutanix.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-08-10 17:47:29 +03:00
Prerna Saxena
ca525ce561 vhost-user: Introduce a new protocol feature REPLY_ACK.
This introduces the VHOST_USER_PROTOCOL_F_REPLY_ACK.

If negotiated, client applications should send a u64 payload in
response to any message that contains the "need_reply" bit set
on the message flags. Setting the payload to "zero" indicates the
command finished successfully. Likewise, setting it to "non-zero"
indicates an error.

Currently implemented only for SET_MEM_TABLE.

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Prerna Saxena <prerna.saxena@nutanix.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-08-10 17:47:29 +03:00
Ilya Maximets
ca10203cde vhost: check for vhost_ops before using.
'vhost_set_vring_enable()' tries to call function using pointer to
'vhost_ops' which can be already zeroized in 'vhost_dev_cleanup()'
while vhost disconnection.

Fix that by checking 'vhost_ops' before using. This fixes QEMU crash
on calling 'ethtool -L eth0 combined 2' if vhost disconnected.

Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-08-10 17:47:29 +03:00
Peter Maydell
d578cca333 ppc patch queue for 2016-08-10
Here are some more last minute PAPR and ppc related fixes for
 qemu-2.7.  One patch makes compressed memory dumps work with guest
 kernels using page sizes up to 64KiB.  This is important since most
 current pseries guests use a 64KiB default page size.  The remainder
 fix a regression with handling of CPU aliases which causes serious
 problem for libvirt.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJXqr87AAoJEGw4ysog2bOSseYQAJrJgerj3DT24UWJtZ+F2hZT
 dt5EMk36CcE4QWqRTzee58Qxl+qbJOSrodMcSPoB0XyIqZO/jl1J59xAjcjAPpZI
 GkOlNhnUvJOuZTf9IwwIZdf68tAequPS5UXmwJ/ra6gV4/+U4lgafEPSvLYSZ0Hq
 c1YjYl3Mjg5CkmO2Kypm+hAD/hSSnkz2Mp5hD2kBIWsr3nBY6dbjvUwGJihbKDbO
 3kNBeMKfLfEJskoDdUgtqnO6cPvxHqugPKKa+KOZS7urHKVsJRVvhi1NJP7MvIxG
 u9p9tTxVyTC2aFaWNcCxUGspU+nhHgPDYsGB1AMmkIfW/YqjTj9HDXkqllB0rwUQ
 KJc5PVliaA3jAFxM8VsAMoF+HmfOCvca0xUdIwut8QVdbCoBLyaIskjj/e7IlNO/
 bKHCliFVIxln39kduUkfZ+AQC4b9EoJY4Z519gwTva78RkhlotyLuMwhK1A37IT2
 v7bDib88Ji4g7rsxDQkCmVi3JTyLYHtFXwDwdCp3F/51KPeVu7k3qNsF1i/qFP/b
 CQSqNpi2D3rN4Mx2rJBYtDcYIFZxbtSMiwd4GALy3P4hRbLzqR31msLQAq5G6q59
 Yg5CYj0AcmVmZA4yg5X8N8Jdx2sH1BFqszmtoLTlsUVvMvw1j7wgsznsvQ3Mm8zF
 uqaJDayYXsc3d4zxKyOw
 =v3op
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.7-20160810' into staging

ppc patch queue for 2016-08-10

Here are some more last minute PAPR and ppc related fixes for
qemu-2.7.  One patch makes compressed memory dumps work with guest
kernels using page sizes up to 64KiB.  This is important since most
current pseries guests use a 64KiB default page size.  The remainder
fix a regression with handling of CPU aliases which causes serious
problem for libvirt.

# gpg: Signature made Wed 10 Aug 2016 06:44:27 BST
# gpg:                using RSA key 0x6C38CACA20D9B392
# gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>"
# gpg:                 aka "David Gibson (Red Hat) <dgibson@redhat.com>"
# gpg:                 aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 B392

* remotes/dgibson/tags/ppc-for-2.7-20160810:
  ppc/kvm: Register also a generic spapr CPU core family type
  ppc/kvm: Do not mess up the generic CPU family registration
  hw/ppc/spapr: Look up CPU alias names instead of hard-coding the aliases
  ppc: Introduce a function to look up CPU alias strings
  spapr: remove extra type variable
  ppc64: fix compressed dump with pseries kernel

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-08-10 15:13:30 +01:00
Paolo Bonzini
141de88654 checkpatch: default to success if only warnings
CHK-level checks have been removed from checkpatch or bumped to
errors, so there is no effect anymore for --strict/--subjective.
Furthermore, even most WARNs have been bumped to errors, with
WARN only reserved to things that patchew probably ought not
to complain about (and that maintainers probably will notice
anyway during review if they are extreme).

Default to exiting with success even if there are WARN-level
failures, and cause --strict to fail for warnings.  Maintainers
that want to have a strict 80-character limit for their subsystem
can add it to a commit hook for example.

The --subjective synonym is removed.

Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-08-10 12:44:51 +02:00
Paolo Bonzini
c2df878325 checkpatch: bump most warnings to errors
This only leaves a warning-level message for the extra-long lines
soft limit.  Everything else is bumped up.

In the future warnings can be added for checks that can have false
positives.

Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-08-10 12:44:48 +02:00
Paolo Bonzini
8fbe3d1fcf CODING_STYLE, checkpatch: update line length rules
Line lengths above 80 characters do exist.  They are rare, but
they happen from time to time.  An ignored rule is worse than an
exception to the rule, so do the latter.

Some on the list expressed their preference for a soft limit that
is slightly lower than 80 characters, to account for extra characters
in unified diffs (including three-way diffs) and for email quoting.
However, there was no consensus on this so keep the 80-character
soft limit and add a hard limit at 90.

Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-08-10 12:22:33 +02:00
Paolo Bonzini
93eb8e31f3 checkpatch: check for CVS keywords on all sources
These should apply to all files, not just C/C++.  Tweak the regular
expression to check for whole words, to avoid false positives on Perl
variables starting with "Id".

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-08-10 11:10:03 +02:00
Paolo Bonzini
906fb135e4 checkpatch: tweak the files in which TABs are checked
Include Python and shell scripts, and make an exception for Perl
scripts we imported from Linux or elsewhere.

Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-08-10 11:09:54 +02:00
Thomas Huth
d11b268e17 ppc/kvm: Register also a generic spapr CPU core family type
There is a regression with the "-cpu" parameter introduced by
the spapr CPU hotplug code: We used to allow to specify a
"CPU family" name with the "-cpu" parameter when running on KVM so
that the user does not need to know the gory details of the exact
CPU version of the host CPU. For example, it was possible to
use "-cpu POWER8" on a POWER8E host CPU. This behavior does not
work anymore with the new hot-pluggable spapr-cpu-core types.
Since libvirt already heavily depends on the old behavior, this
is quite a severe regression in the QEMU parameter interface.
Let's fix it by supporting a CPU family type for the spapr-cpu-core
on KVM, too.

Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1363812
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-08-10 13:12:20 +10:00
Thomas Huth
9c83fc2e8e ppc/kvm: Do not mess up the generic CPU family registration
The code for registering the sPAPR CPU host core type has been
added inbetween the generic CPU host core type and the generic
CPU family type. That way the instance_init and the class_init
information got lost when registering the generic CPU family
type. Fix it by moving the generic family registration before
the spapr cpu core registration code.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-08-10 13:12:20 +10:00
Thomas Huth
4babfaf05d hw/ppc/spapr: Look up CPU alias names instead of hard-coding the aliases
Hard-coding the CPU alias names in the spapr_cores[] array has
two big disadvantages:

1) We register a real type with the CPU alias name in
   spapr_cpu_core_register_types() - this prevents us from registering
   a CPU family name in kvm_ppc_register_host_cpu_type() with the same
   name (as we do it for the non-hotpluggable CPU types).

2) It's quite cumbersome to maintain the aliases here in sync with the
   ppc_cpu_aliases list from target-ppc/cpu-models.c.

So let's simply add proper alias lookup to the spapr cpu core code,
too (by checking whether the given model can be used directly, and
if not by trying to look up the given model as an alias name instead).

Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-08-10 13:12:20 +10:00
Thomas Huth
caf6316de9 ppc: Introduce a function to look up CPU alias strings
We will need this function to look up the aliases in the
spapr-cpu-core code, too.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-08-10 13:12:20 +10:00
Cédric Le Goater
caebf37859 spapr: remove extra type variable
The sPAPR CPU core typename is already available in the upper
block. Let's use it and move the check upward also.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-08-10 13:12:20 +10:00
Laurent Vivier
760d88d1d0 ppc64: fix compressed dump with pseries kernel
If we don't provide the page size in target-ppc:cpu_get_dump_info(),
the default one (TARGET_PAGE_SIZE, 4KB) is used to create
the compressed dump. It works fine with Macintosh, but not with
pseries as the kernel default page size is 64KB.

Without this patch, if we generate a compressed dump in the QEMU monitor:

    (qemu) dump-guest-memory -z qemu.dump

This dump cannot be read by crash:

    # crash vmlinux qemu.dump
    ...
    WARNING: cannot translate vmemmap kernel virtual addresses:
             commands requiring page structure contents will fail
    ...

Page_size is used to determine the dumpfile's block size. The
block size needs to be at least the page size, but a multiple of page
size works fine too. For PPC64, linux supports either 4KB or 64KB software
page size. So we define the page_size to 64KB.

Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-08-10 13:05:05 +10:00
Gonglei
3fdd0ee393 timer: set vm_clock disabled default
(commit 80dcfb8532)
Upon migration, the code use a timer based on vm_clock for 1ns
in the future from post_load to do the event send in case host_connected
differs between migration source and target.

However, it's not guaranteed that the apic is ready to inject irqs into
the guest, and the irq line remained high, resulting in any future interrupts
going unnoticed by the guest as well.

That's because 1) the migration coroutine is not blocked when it get EAGAIN
while reading QEMUFile. 2) The vm_clock is enabled default currently, it doesn't
rely on the calling of vm_start(), that means vm_clock timers can run before
VCPUs are running.

So, let's set the vm_clock disabled default, keep the initial intention of
design for vm_clock timers.

Meanwhile, change the test-aio usecase, using QEMU_CLOCK_REALTIME instead of
QEMU_CLOCK_VIRTUAL as the block code does.

CC: Paolo Bonzini <pbonzini@redhat.com>
CC: Dr. David Alan Gilbert <dgilbert@redhat.com>
CC: qemu-stable@nongnu.org
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Message-Id: <1470728955-90600-1-git-send-email-arei.gonglei@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-08-09 22:57:36 +02:00
Radim Krčmář
93bf13c6df checkpatch: ignore automatically imported Linux headers
Linux uses tabs for indentation and checkpatch always complained about
automatically imported headers.  update-linux-headers.sh could be modified to
expand tabs, but there is no real reason to complain about any ugly code in
Linux headers, so skip all hunk-related checks.

Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-08-09 22:57:36 +02:00
Pranith Kumar
2368635d39 clang: Fix warning reg. expansion to 'defined'
Clang produces the following warning. The warning is detailed here:
https://reviews.llvm.org/D15866. Fix the warning.

/home/pranith/devops/code/qemu/hw/display/qxl.c:507:5: warning: macro expansion producing 'defined' has undefined behavior [-Wexpansion-to-defined]
    ^
/home/pranith/devops/code/qemu/include/ui/qemu-spice.h:46:5: note: expanded from macro 'SPICE_NEEDS_SET_MM_TIME'
  (!defined(SPICE_SERVER_VERSION) || (SPICE_SERVER_VERSION < 0xc06))
    ^
/home/pranith/devops/code/qemu/hw/display/qxl.c:1074:5: warning: macro expansion producing 'defined' has undefined behavior [-Wexpansion-to-defined]
    ^
/home/pranith/devops/code/qemu/include/ui/qemu-spice.h:46:5: note: expanded from macro 'SPICE_NEEDS_SET_MM_TIME'
  (!defined(SPICE_SERVER_VERSION) || (SPICE_SERVER_VERSION < 0xc06))

Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Pranith Kumar <bobby.prani@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-08-09 22:57:36 +02:00
Pranith Kumar
435405ac59 Disable warn about left shifts of negative values
It seems like there's no good reason for the compiler to exploit the
undefinedness of left shifts.  GCC explicitly documents that they do not
use at all this possibility and, while they also say this is subject
to change, they have been saying this for 10 years (since the wording
appeared in the GCC 4.0 manual).

Disable these warnings by passing in -Wno-shift-negative-value.

Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: Markus Armbruster <armbru@redhat.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
[pranith: forward-port part of patch to 2.7]
Signed-off-by: Pranith Kumar <bobby.prani@gmail.com>
2016-08-09 22:57:36 +02:00
Paolo Bonzini
5927ed846a atomic: strip "const" from variables declared with typeof
With the latest clang, we have the following warning:

    /home/pranith/devops/code/qemu/include/qemu/seqlock.h:62:21: warning: passing 'typeof (*&sl->sequence) *' (aka 'const unsigned int *') to parameter of type 'unsigned int *' discards qualifiers [-Wincompatible-pointer-types-discards-qualifiers]
        return unlikely(atomic_read(&sl->sequence) != start);
                        ^~~~~~~~~~~~~~~~~~~~~~~~~~
    /home/pranith/devops/code/qemu/include/qemu/atomic.h:58:25: note: expanded from macro 'atomic_read'
        __atomic_load(ptr, &_val, __ATOMIC_RELAXED);     \
                           ^~~~~

Stripping const is a bit tricky due to promotions, but it is doable
with either C11 _Generic or GCC extensions.  Use the latter.

Reported-by: Pranith Kumar <bobby.prani@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
[pranith: Add conversion for bool type]
Signed-off-by: Pranith Kumar <bobby.prani@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-08-09 22:57:36 +02:00
Paolo Bonzini
9d4cd7b4ed optionrom: fix compilation with mingw docker target
Two fixes are needed.  First, mingw does not have -D_FORTIFY_SOURCE,
hence --enable-debug disables optimization.  This is not acceptable
for ROMs, which should override CFLAGS to force inclusion of -O2.

Second, PE stores global constructors and destructors using the
following linker script snippet:

     ___CTOR_LIST__ = .; __CTOR_LIST__ = . ;
			LONG (-1);*(.ctors); *(.ctor); *(SORT(.ctors.*));  LONG (0);
     ___DTOR_LIST__ = .; __DTOR_LIST__ = . ;
			LONG (-1); *(.dtors); *(.dtor); *(SORT(.dtors.*));  LONG (0);

The LONG directives cause the .img files to be 16 bytes too large;
the recently added check to signrom.py catches this.  To fix this,
replace -T and -e options with a linker script.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-08-09 22:57:36 +02:00
Paolo Bonzini
b0e8f5cadc optionrom: add -fno-stack-protector
This is required by OpenBSD.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-08-09 22:57:36 +02:00
Marc-André Lureau
a9c87304b7 build-sys: fix building with make CFLAGS=.. argument
When calling make with a CFLAGS=.. argument, the -g/-O filter is not
applied, which may result with build failure with ASAN for example. It
could be solved with an 'override' directive on CFLAGS, but that would
actually prevent setting different CFLAGS manually.

Instead, filter the CFLAGS argument from the top-level Makefile (so
you could still call make with a different CFLAGS argument on a
rom/Makefile manually)

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20160805082421.21994-2-marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-08-09 22:57:36 +02:00
Paolo Bonzini
7f2569246c linuxboot_dma: avoid guest ABI breakage on gcc vs. clang compilation
Recent GCC compiles linuxboot_dma.c to 921 bytes, while CentOS 6 needs
1029 and clang needs 1527.  Because the size of the ROM, rounded to the
next 512 bytes, must match, this causes the API to break between a <1K
ROM and one that is bigger.

We want to make the ROM 1.5 KB in size, but it's better to make clang
produce leaner ROMs, because currently it is worryingly close to the limit.
To fix this prevent clang's happy inlining (which -Os cannot prevent).
This only requires adding a noinline attribute.

Second, the patch makes sure that the ROM has enough padding to prevent
ABI breakage on different compilers.  The size is now hardcoded in the file
that is passed to signrom.py, as was the case before commit 6f71b77
("scripts/signrom.py: Allow option ROM checksum script to write the size
header.", 2016-05-23); signrom.py however will still pad the input to
the requested size.  This ensures that the padding goes beyond the
next multiple of 512 if necessary, and also avoids the need for
-fno-toplevel-reorder which clang doesn't support.  signrom.py can then
error out if the requested size is too small for the actual size of the
compiled ROM.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-08-09 22:57:36 +02:00
Peter Maydell
2bb15bddf2 -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
 
 iQIcBAABAgAGBQJXqfsUAAoJEH3vgQaq/DkOxfMQAMLgajM9QEJpxb0ARrY9z/20
 XWvBIp6fgBgmOU3adPcelJE1gI1J9Ngzlyef2Cb1WQbg5+e8NCqO0UM/1zij87yZ
 GySnxadkxXSkaR6Lb/7XeB5S/J1njEVU75aklZotXi0APtJKAgjYIrYi6VQgAmvX
 eUfwxv5iV5xsSd0MFSxzWTqhI/Z69F8lKX0clENTf2FY8ngAH+qznEgBKAdHF6WA
 iYUTdICp+XltiYlh61LLJ2DyLYDV/3FlVgz5c/fpZNlKRLQ9oaZNiwdH+WbQxAlB
 bMQGmEEzofz7rIPZ+2Xw1NYUx9HswVFrglti5Y3F1ojBkwXFVrj2bERe5+G2+z5K
 jltn/zqks5uultOB3LTMc4ActVIPhB3Zjeuctt7KCMfxuXYSeZCyIQ/055co3mG+
 q8KeaVMJtCHowdYDavY9aQpi1dmVTwaEVcw6DlHhQ4BeF1fgFPlR3KiaOC0Dz5Zt
 lZW6VnRA6vAkfC1f7vHwtdJiboSPRhVAtiDPz+Yv2qdCJpgDlc+r/8K4YLgxDWIx
 LExm1rp0oaH1x9ul5Qmxn0WFv3tSBtEc0gywKnT4gVAO/VS8xmNbq7zLd9aGKUXY
 TZ9yFEuPHVpp/qBkHJRoTlhn73Eg/TIohSIhuqL3kYIRO3tSZKcNcY3PRra2RyvH
 8GNvdceIya6adOlKN8e+
 =8UoB
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/jnsnow/tags/ide-pull-request' into staging

# gpg: Signature made Tue 09 Aug 2016 16:47:32 BST
# gpg:                using RSA key 0x7DEF8106AAFC390E
# gpg: Good signature from "John Snow (John Huston) <jsnow@redhat.com>"
# Primary key fingerprint: FAEB 9711 A12C F475 812F  18F2 88A9 064D 1835 61EB
#      Subkey fingerprint: F9B7 ABDB BCAC DF95 BE76  CBD0 7DEF 8106 AAFC 390E

* remotes/jnsnow/tags/ide-pull-request:
  atapi: fix halted DMA reset

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-08-09 16:53:32 +01:00
John Snow
7f951b2d77 atapi: fix halted DMA reset
Followup to 87ac25fd, this time for ATAPI DMA.

Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1470164128-28158-1-git-send-email-jsnow@redhat.com
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
2016-08-09 11:47:23 -04:00
Peter Maydell
ab861f3915 -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
 
 iQEcBAABAgAGBQJXqYYnAAoJEO8Ells5jWIR5CkH/23ogg/jKrwliPpqI36w95rO
 eySHqM8Woc7X3wZVC6K/T5iF0MXzUj4tmtvCPueXwqb2ll2hAZ+1Jt88MLr3AN39
 85+gYqzU4MswLOztYNEBk5wLTX47Z9jE7GVynOqJGDJzqfc2WTlGHK1hKFM22XFB
 LKdDsu0/bbdDmDIqIC/5RBEzwEbwpumKXFvLr2fn7JxIIbJs7Sw9iFpGzwsRHFnx
 qfli40X+Gs6litSIdKjxgtdjpcY8grefTu6y72x6ZVhS50aXxTj6dSAhLR1ddTXn
 MC5V/J5TFqSFOzvtZ57J3/9iLeOyRpxLBkK/sExNnjlqnmDcp/igpSed4quFeSs=
 =j9Ls
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging

# gpg: Signature made Tue 09 Aug 2016 08:28:39 BST
# gpg:                using RSA key 0xEF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F  3562 EF04 965B 398D 6211

* remotes/jasowang/tags/net-pull-request:
  hw/net: Fix a heap overflow in xlnx.xps-ethernetlite
  net: vmxnet3: check for device_active before write
  net: check fragment length during fragmentation

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-08-09 10:44:27 +01:00
chaojianhu
a0d1cbdacf hw/net: Fix a heap overflow in xlnx.xps-ethernetlite
The .receive callback of xlnx.xps-ethernetlite doesn't check the length
of data before calling memcpy. As a result, the NetClientState object in
heap will be overflowed. All versions of qemu with xlnx.xps-ethernetlite
will be affected.

Reported-by: chaojianhu <chaojianhu@hotmail.com>
Signed-off-by: chaojianhu <chaojianhu@hotmail.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2016-08-09 15:27:18 +08:00
Li Qiang
6c352ca9b4 net: vmxnet3: check for device_active before write
Vmxnet3 device emulator does not check if the device is active,
before using it for write. It leads to a use after free issue,
if the vmxnet3_io_bar0_write routine is called after the device is
deactivated. Add check to avoid it.

Reported-by: Li Qiang <liqiang6-s@360.cn>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Acked-by: Dmitry Fleytman <dmitry@daynix.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2016-08-09 15:24:56 +08:00