This abort() condition is easily triggerable by a guest if it configures
pci bar with unaligned address that overlaps main memory.
Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
If we've unregistered a memory area, we should avoid calling
qemu_get_ram_ptr() on the left over phys_offset cruft in the
slot array. Now that we support removing ramblocks, the
phys_offset ram_addr_t can go away and cause a lookup fault
and abort.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
The reason for not actually canceling the I/O is because with
virtualization and lots of VM running, a guest fs may mistake a
overload of the host, as an IDE timeout. So rather than canceling the
I/O, it's safer to wait I/O completion and simulate that the I/O has
completed just before the io cancellation was requested by the
guest. This way if ntfs or an app writes data without checking for
-EIO retval, and it thinks the write has succeeded, it's less likely
to run into troubles. Similar issues for reads.
Furthermore because the DMA operation is splitted into many synchronous
aio_read/write if there's more than one entry in the SG table, without this
patch the DMA would be cancelled in the middle, something we've no idea if it
happens on real hardware too or not. Overall this seems a great risk for zero
gain.
This approach is sure safer than previous code given we can't pretend all guest
fs code out there to check for errors and reply the DMA if it was completed
partially, given a timeout would never materialize on a real harddisk unless
there are defective blocks (and defective blocks are practically only an issue
for reads never for writes in any recent hardware as writing to blocks is the
way to fix them) or the harddisk breaks as a whole.
Signed-off-by: Izik Eidus <ieidus@redhat.com>
Signed-off-by: Andrea Arcangeli <aarcange@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
bdrv_eject() gets called when a device model opens or closes the tray.
If the block driver implements method bdrv_eject(), that method gets
called. Drivers host_cdrom implements it, and it opens and closes the
physical tray, and nothing else. When a device model opens, then
closes the tray, media changes only if the user actively changes the
physical media while the tray is open. This is matches how physical
hardware behaves.
If the block driver doesn't implement method bdrv_eject(), we do
something quite different: opening the tray severs the connection to
the image by calling bdrv_close(), and closing the tray does nothing.
When the device model opens, then closes the tray, media is gone,
unless the user actively inserts another one while the tray is open,
with a suitable change command in the monitor. This isn't how
physical hardware behaves. Rather inconvenient when programs
"helpfully" eject media to give you a chance to change it. The way
bdrv_eject() behaves here turns that chance into a must, which is not
what these programs or their users expect.
Change the default action not to call bdrv_close(). Instead, note the
tray status in new BlockDriverState member tray_open. Use it in
bdrv_is_inserted().
Arguably, the device models should keep track of tray status
themselves. But this is less invasive.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Assuming that any image on a block device is not properly zero-initialized is
actually wrong: Only raw images have this problem. Any other image format
shouldn't care about it, they initialize everything properly themselves.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This patch improves the resilience of the load_vmstate() function, doing
further and better ordered tests.
In load_vmstate(), if there is any error on bdrv_snapshot_goto(), except if the
error is on VM state device, load_vmstate() will return zero and the VM will be
started with major corruption chances.
The current process:
- test if there is any writable device without snapshot support
- if exists return -error
- get the device that saves the VM state, possible return -error but unlikely
because it was tested earlier
- flush I/O
- run bdrv_snapshot_goto() on devices
- if fails, give an warning and goes to the next (not good!)
- if fails on the VM state device, return zero (not good!)
- check if the requested snapshot exists on the device that saves the VM state
and the state is not zero
- if fails return -error
- open the file with the VM state
- if fails return -error
- load the VM state
- if fails return -error
- return zero
New behavior:
- get the device that saves the VM state
- if fails return -error
- check if the requested snapshot exists on the device that saves the VM state
and the state is not zero
- if fails return -error
- test if there is any writable device without snapshot support
- if exists return -error
- test if the devices with snapshot support have the requested snapshot
- if anyone fails, return -error
- flush I/O
- run snapshot_goto() on devices
- if anyone fails, return -error
- open the file with the VM state
- if fails return -error
- load the VM state
- if fails return -error
- return zero
do_loadvm must not call vm_start if any error has occurred in load_vmstate.
Signed-off-by: Miguel Di Ciurcio Filho <miguel.filho@gmail.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
bdrv_commit copies the image to its backing file sector by sector, which
is (surprise!) relatively slow. Let's take a larger buffer and handle more
sectors at once if possible.
With a 1G qcow2 file, this brought the time bdrv_commit takes down from
5:06 min to 1:14 min for me.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The timer #0 is the system timer, so the timer #num_cpu is the
timer of the last CPU, and it must be initialized in slavio_timer_reset.
Don't mark non-existing timers as running.
Signed-off-by: Artyom Tarasenko <atar4qemu@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Commit d167f9bc06 missed this one:
/src/qemu/ui/vnc-enc-tight.c:1483: warning: 'ret' may be used uninitialized in this function
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Commit 7bccf57383 missed this one:
/src/qemu/ui/vnc-enc-tight.c: In function 'send_sub_rect':
/src/qemu/ui/vnc-enc-tight.c:1527: warning: comparison is always true due to limited range of data type
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Add a missing #include statement to avoid a warning:
/src/qemu/net/tap-solaris.c: In function 'tap_open':
/src/qemu/net/tap-solaris.c:189: warning: implicit declaration of function 'error_report'
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This header is not present on my system and causes a build
failure, but is also not used in these files, so remove it.
Signed-off-by: Mike McCormack <mikem@ring3k.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
When a 'cont' is issued on a VM that's just waiting for an incoming
migration, the VM reboots and boots into the guest, possibly corrupting
its storage since it could be shared with another VM running elsewhere.
Ensure that a VM started with '-incoming' is only run when an incoming
migration successfully completes.
A new qerror, QERR_MIGRATION_EXPECTED, is added to signal that 'cont'
failed due to no incoming migration has been attempted yet.
Reported-by: Laine Stump <laine@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
We already set sockets to nonzero in the code above.
So this if statement always evaluates true. Remove it.
Signed-off-by: Joel Schopp <jschopp@austin.ibm.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
The variable len can get a negative return value from cvtnum,
which we check for, but which is impossible with the current
unsigned variable type. Currently the if(len < 0) check is
pointless. This patch fixes that.
Signed-off-by: Joel Schopp <jschopp@austin.ibm.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Removing dead code. Above we already continued when
rom->addr + valuegreaterthan0 < addr so this condition is always false.
Signed-off-by: Joel Schopp <jschopp@austin.ibm.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Forgot to check for and free these.
Found-by: Zachary Amsden <zamsden@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Currently virtio-serial supports a maximum of 31 ports. Specifying the
'max_ports' parameter to be > 31 on the cmd line causes badness.
Ensure we initialise virtio-serial only if max_ports is within the
supported range.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
* 'for-anthony' of git://repo.or.cz/qemu/kevin:
Fix -snapshot deleting images on disk change
block: Use error codes from lower levels for error message
block: default to 0 minimal / optiomal I/O size
move 'unsafe' to end of caching modes in help
virtio-blk: Create exit function to unregister savevm
block migration: propagate return value when bdrv_write() returns < 0
ide/atapi: add support for GET EVENT STATUS NOTIFICATION
Commit 68a1c81686 broke qemu on hosts not
using guest base. It uses reserved_va unconditionally in mmap.c. To
avoid to many #ifdef #endif blocks, define RESERVED_VA as either
reserved_va or 0ul, and use it instead of reserved_va, similarly to what
has been done with guest_base/GUEST_BASE.
This requires moving the PT_INTERP extraction and GUEST_BASE
handling into load_elf_image. Key this off a non-null pointer
argument to receive the interpreter name.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Moving toward a single copy of the elf binary loading code.
Fill in the details of the loaded image into a struct image_info.
Adjust create_elf_tables to read from such structures instead
of from a collection of passed arguments. Don't return error
values from load_elf_interp; always exit(-1) with a message to
stderr. Collect elf_interpreter handling in load_elf_binary
to a common spot.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
At the bottom of the a.out support was the unimplemented load_aout_interp
function. There were other portions of the support that didn't look
right; when I went to look in the Linux kernel for clarification, I found
that the support for such interpreters has been removed from binfmt_elf.
There doesn't seem to be any reason to keep this broken support in qemu.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
There are no supported stack-grows-up targets. We were putting
the guard page at the highest address, i.e. the bottom of the stack.
Use the maximum of host and guest page size for the guard size.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Validate more fields of the elf header. Extract those checks
into two common functions to be used in both load_elf_interp
and load_elf_binary.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
First, adjust load_symbols to accept a load_bias parameter. At the same
time, read the entire section header table in one go, use pread instead
f lseek+read for the symbol and string tables, and properly free
allocated structures on error exit paths.
Second, adjust load_elf_interp to compute load_bias. This requires
finding out the built-in load addresses. Which allows us to honor a
pre-linked interpreter image when possible, and eliminate the hard-coded
INTERP_MAP_SIZE value.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Remove ifdefs from code by defining empty inline functions
when byte swapping isn't needed. Push loops over swapping
arrays of structures into the swapping functions.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
The only consideration on this value is the target endianness.
The existing defines were incorrect for alpha and sh4eb.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Define BPRM_BUF_SIZE to 1k and read that amount initially. If the
data we want from the binary is in this buffer, use it instead of
reading from the file again.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Moving some PPC AT_* constants from elfload.c at the same time.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
I caught padzero not properly initializing the .bss segment
on a statically linked Alpha program. Rather than a minimal
patch, replace the gross code with a single mmap+memset.
Share more code between load_elf_interp and load_elf_binary.
Legally, an ELF program need not have just a single .bss;
and PT_LOAD segment can have memsz > filesz.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Fix mingw32 build errors like
/src/qemu/ui/vnc-enc-tight.c: In function 'tight_detect_smooth_image24':
/src/qemu/ui/vnc-enc-tight.c:119: error: 'uint' undeclared (first use in this function)
Replace 'uint' with proper 'unsigned int'.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Fix a warning with some GCCs:
/src/qemu/ui/vnc-enc-tight.c: In function `send_sub_rect_nojpeg':
/src/qemu/ui/vnc-enc-tight.c:1458: warning: `ret' might be used uninitialized in this function
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Fix the following warnings:
/src/qemu/hw/ide/core.c: In function `ide_drive_pio_post_load':
/src/qemu/hw/ide/core.c:2767: warning: comparison is always false due to limited range of data type
/src/qemu/ui/vnc-enc-tight.c: In function `tight_detect_smooth_image':
/src/qemu/ui/vnc-enc-tight.c:284: warning: comparison is always true due to limited range of data type
/src/qemu/ui/vnc-enc-tight.c:297: warning: comparison is always true due to limited range of data type
/src/qemu/ui/vnc-enc-tight.c: In function `tight_encode_indexed_rect16':
/src/qemu/ui/vnc-enc-tight.c:456: warning: comparison is always false due to limited range of data type
/src/qemu/ui/vnc-enc-tight.c: In function `tight_encode_indexed_rect32':
/src/qemu/ui/vnc-enc-tight.c:457: warning: comparison is always false due to limited range of data type
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>