Commit Graph

1096 Commits

Author SHA1 Message Date
Gabriel L. Somlo
7efea76377 e1000: remove broken support for 82573L
Currently, e1000 support is based on the manual for the 8254xx
model series. 82573x models are documented in a separate manual
(see http://www.intel.com/content/dam/www/public/us/en/documents/manuals/pcie-gbe-controllers-open-source-manual.pdf)
and the 82573L device ID no longer works correctly on either Linux
(3.14.*) or Windows 7.

This patch removes stale code claiming to support 82573L, cleaning
up the code base for the remaining 8254xx model series.

Signed-off-by: Gabriel Somlo <somlo@cmu.edu>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-06-09 15:38:58 +02:00
Gabriel L. Somlo
b167383ffb tests: e1000: test additional device IDs
Update e1000-test.c to check all currently supported devices.

Suggested-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Gabriel Somlo <somlo@cmu.edu>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-06-09 15:38:58 +02:00
Peter Maydell
5dfc05cb1d Block pull request
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJTkeeSAAoJEJykq7OBq3PIi9sIAIKVSHE/c6Tc4rGcIgPoAXTS
 li9FCQ/vXFUehIe6MFMmf6OX08zKxBw18DLS6mLyqAn5lJGUWQBXiP+nXqgzhy5T
 EoCtwE/n5fpbQuCVxXm+CsaGZc4IySyZ4FiwqAe4MysYKXkJbDGEF/TEzL+0vFw4
 wEHZUQ3ykydJtPLtZVI3MNRmqRtk7zbq8So6g/FYB3VyIeyhMp1peWahHPLXGOQ/
 phpk5G4Yk6p8TtjTe6lo4ajBzAprsxc052Jz+MaxbuihzfHjf2i62iLixcDDTUzz
 6n/sCVsvorA6O6SJ/sMtkQs1N1cXoj3tKSIu8gh6zkAtlg/V6sSRaLCnQQtFQB4=
 =xvq7
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging

Block pull request

# gpg: Signature made Fri 06 Jun 2014 17:08:50 BST using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"

* remotes/stefanha/tags/block-pull-request: (42 commits)
  qapi: Extract qapi/block.json definitions
  qapi: Extract qapi/block-core.json definitions
  qapi: create two block related json modules
  qapi: Extract qapi/common.json definitions
  sheepdog: reload only header in a case of live snapshot
  sheepdog: fix vdi object update after live snapshot
  rbd: Fix leaks in rbd_start_aio() error path
  qemu-img: Document check exit codes
  block: fix wrong order in live block migration setup
  blockdev: acquire AioContext in block_set_io_throttle
  throttle: add detach/attach test case
  throttle: add throttle_detach/attach_aio_context()
  dataplane: Support VIRTIO_BLK_T_SCSI_CMD
  virtio-blk: Factor out virtio_blk_handle_scsi_req from virtio_blk_handle_scsi
  virtio-blk: Allow config-wce in dataplane
  block: Move declaration of bdrv_get_aio_context to block.h
  raw-posix: drop raw_get_aio_fd() since it is no longer used
  dataplane: implement async flush
  dataplane: delete IOQueue since it is no longer used
  dataplane: use the QEMU block layer for I/O
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-06-09 11:54:22 +01:00
Peter Maydell
26edf8cc08 pc,pci,virtio,qdev fixes, tests
new tests for SMBIOS
 SMBIOS fixes
 pc, pci fixes
 qdev patches stayed on list for a month with no review,
 as I told people on KVM forum I'm merging stuch patches
 if they look fine.
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJTkJ2iAAoJECgfDbjSjVRpk4oIALf6RC/Bm3bVaX5TSgqdt8UT
 4vCf10V53KkbfhxN9dGyPluswz/gyY7M/nrOoi0BSbrQndSavgyNRCfMfBfIw1FO
 yvfeyrkBkKBP4ViF6uogcSr79h3vQaXsqZIGmZUsdv3ZfVrLS+7dKsigVI6PumNR
 8YBveGljFjn0nrCC2+M2+LDefcPGSEu9vea9hKER0uPuz1mib8otjm1PAH30QeW/
 9q1bwFEwobFJk32vrayQrwGk5ECXCCHR8LPV1Rv9tyZLEqAbdiNrwGb4MycztLvK
 UHuvNFNqUHKNe/tqvp1RPmWOY2aO8+u0570kc8nhXXq2/tjJTOCmQfmodE6hh8A=
 =bwmA
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

pc,pci,virtio,qdev fixes, tests

new tests for SMBIOS
SMBIOS fixes
pc, pci fixes
qdev patches stayed on list for a month with no review,
as I told people on KVM forum I'm merging stuch patches
if they look fine.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

* remotes/mst/tags/for_upstream:
  qdev: Add test of qdev_prop_check_global
  qdev: Display warning about unused -global
  tests: add smbios testing
  tests: rename acpi-test to bios-tables-test
  virtio-balloon: return empty data when no stats are available
  pcie_host: Turn pcie_host_init() into an instance_init
  SMBIOS: Fix type 17 field sizes
  SMBIOS: Update Type 0 struct generator for machines >= 2.1
  SMBIOS: Fix endian-ness when populating multi-byte fields
  serial-pci: Set prog interface field of pci config to 16550 compatible

Conflicts:
	include/hw/i386/pc.h
[PMM: fixed trivial conflict in pc.h]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-06-05 21:52:37 +01:00
Don Slutz
711e2f1e9e qdev: Add test of qdev_prop_check_global
This will generate a warning from "make check":

...
GTESTER tests/test-qdev-global-props
Warning: "-global dynamic-prop-type-bad.prop3=103" not used
GTESTER tests/check-qom-interface
...

If the warning is not generated, the test will fail.

Signed-off-by: Don Slutz <dslutz@verizon.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
2014-06-05 19:20:38 +03:00
Stefan Hajnoczi
22524f7262 throttle: add detach/attach test case
Add a test case that checks the timer is really removed/added by the
detach/attach functions.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Benoit Canet <benoit@irqsave.net>
2014-06-04 09:56:12 +02:00
Stefan Hajnoczi
13af91ebf0 throttle: add throttle_detach/attach_aio_context()
Block I/O throttling uses timers and currently always adds them to the
main loop.  Throttling will break if bdrv_set_aio_context() is used to
move a BlockDriverState to a different AioContext.

This patch adds throttle_detach/attach_aio_context() interfaces so the
throttling timers and uses them to move timers to the new AioContext.
Note that bdrv_set_aio_context() already drains all requests so we're
sure no throttled requests are pending.

The test cases need to be updated since the throttle_init() interface
has changed.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Benoit Canet <benoit@irqsave.net>
2014-06-04 09:56:12 +02:00
Gerd Hoffmann
d81d410635 usb: improve ehci/uhci test
* Attach usb devices to the bus.
 * Check initial port status register state.
 * Flip ehci initialization bit.
 * Check port status register state again to
   see whenever device handover to ehci worked.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-06-02 16:28:59 +02:00
Gerd Hoffmann
ad489e9346 qtest: fix qpci_config_writel
Found by Paolo.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-06-02 16:28:59 +02:00
Marcel Apfelbaum
a199b2b6a5 tests: Check empty QMP output visitor
Checks the output visitor behaviour for NULL values.

Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-05-28 17:36:09 +02:00
Cole Robinson
0380aef323 qom-test: Test qom-list on link<> properties
But don't test their properties, otherwise we will recurse forever.
Their properties are already tested when we encounter them as child<>
properties elsewhere in the hierarchy, like /machine/unattached/...

This would have caught the crash fixed by 92b3eead.

Signed-off-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-05-28 17:35:01 +02:00
Peter Maydell
3ee933c9d4 Block pull request
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJThdcTAAoJEJykq7OBq3PIH4UH/iKRrso84PjPirsYfQsga+2i
 Nx3FG2AnmCU5jYn0XjXBlq+K56BpAxuimhscPdtCpP2FeBEeFb53XfxyfUH8ybVs
 dACgd4MulFC9UUX06CnaSh011nG7tGELHrnAVOSqMKVSOc+GDv9yQhtN8r8bfqKx
 kt0ZWsZZ6iawbXgnd0L1mS22XANrGy1DlSWzUPL6WgS7ksJ0gg6EalEWfU4YXv+u
 k2xjVfEcHhmvlS+eS1xnI0RrJ9LAWmi0nS5BV7yRiy8+U+V30iADDKObWNIom+jm
 SYH4oT+asIYucl9CpXCa+5AA0tTt52oeBM28TYgJwQx8hEVLN6Td+N4q7RewKsM=
 =kKnv
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging

Block pull request

# gpg: Signature made Wed 28 May 2014 13:31:15 BST using RSA key ID 81AB73C8
# gpg: Can't check signature: public key not found

* remotes/stefanha/tags/block-pull-request: (33 commits)
  block/sheepdog: Don't use qerror_report()
  block/sheepdog: Fix silent sd_open(), sd_create() failures
  block/sheepdog: Propagate errors to open and create methods
  block/sheepdog: Propagate errors through find_vdi_name()
  block/sheepdog: Propagate errors through do_sd_create()
  block/sheepdog: Propagate errors through sd_prealloc()
  block/sheepdog: Propagate errors through get_sheep_fd()
  block/sheepdog: Propagate errors through connect_to_sdog()
  block/vvfat: Propagate errors through init_directories()
  block/vvfat: Propagate errors through enable_write_target()
  block/ssh: Propagate errors to open and create methods
  block/ssh: Propagate errors through connect_to_ssh()
  block/ssh: Propagate errors through authenticate()
  block/ssh: Propagate errors through check_host_key()
  block/ssh: Drop superfluous libssh2_session_last_errno() calls
  block/rbd: Propagate errors to open and create methods
  qemu-nbd: Don't use qerror_report()
  blockdev: Don't use qerror_report() in do_drive_del()
  blockdev: Don't use qerror_report_err() in drive_init()
  docs: Define refcount_bits value
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-05-28 15:22:40 +01:00
Peter Maydell
adbfc34103 Xtensa fixes queue 2014-05-26:
- fix cross-page jumps/calls at the end of TB;
 - add tests for TBs and instructions crossing page boundary.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJTgv1TAAoJEFH5zJH4P6BEiqkQAJMYDOMjp0b8tPMfo1STNLD+
 1QwPEGM55wE8poIYIAiop6xXGEkBihQD9G02xjWJrBgqxQUBgejysfgY7yv+k4Wz
 X5jf518EmLSwv27fuVRy8d05l2WXF+jIe6PzxRBX7o/YZQyjwC6w3KaDbVPr4JiX
 M5rgz0OQev8N0bJ7sKI50wCDSKdV38kfecMGfvz28CoOqh7aSonnpbJv3Eod8zQH
 +CRZnPc9i4gA+J97EhJiSbJ31SDTR4WjyHpCOahoyvIvtF+ilbVyGZzkdu892IJ2
 pRsNDiJIe3bNY+dcMvr/fv5zTdEGWwwEFXLmSyvcHjM/SE4d2q1wGg7HFodQh+4p
 hZtMW8BgLXeIkZXNWoZEVEDdqkYIO/guA/r75HuwrRFTmzWGJdz9dxIJ+nLCFgru
 KPF9+nesE47UMDtaJJsUa/jhaVrnzb+RHQAgc7sf2F8vgGiSdQdTyv/Cl7H2Djqf
 lUGOpfE9pVIOcomMcRUjx83l1zacmJjmH5/vkVwACBUieZ4zQOZn8/RfaJtCqrNa
 Hj/BXyWcrUi62/O8RAIcW2De7I0CrO8joN8EHeddCIvNsJRK/OFPXtRWJLliwpF8
 oQKNqMQXxf46pjoIV633zShLaS6fhgnSulcugYfEZDfpGLc/pGzJO6kJBoVbt0U8
 NKlrnc9x2wlqQejzHm6l
 =4dqX
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/xtensa/tags/20140526-xtensa' into staging

Xtensa fixes queue 2014-05-26:
- fix cross-page jumps/calls at the end of TB;
- add tests for TBs and instructions crossing page boundary.

# gpg: Signature made Mon 26 May 2014 09:37:39 BST using RSA key ID F83FA044
# gpg: Can't check signature: public key not found

* remotes/xtensa/tags/20140526-xtensa:
  target-xtensa: add tests for cross-page TB
  target-xtensa: completely clean TLB between MMU tests
  target-xtensa: fix cross-page jumps/calls at the end of TB

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-05-28 14:47:35 +01:00
Max Reitz
0bf7488afb iotests: Use _img_info in test 089
Currently, test 089 uses $QEMU_IMG info manually in order to obtain the
according output. However, the iotests should generally use _img_info as
this filters out more irrelevant information such as the host image size
or format specific information. Therefore, test 089 should use _img_info
as well.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reported-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-05-28 14:28:46 +02:00
Fam Zheng
271c0f68b4 aio: Fix use-after-free in cancellation path
The current flow of canceling a thread from THREAD_ACTIVE state is:

  1) Caller wants to cancel a request, so it calls thread_pool_cancel.

  2) thread_pool_cancel waits on the conditional variable
     elem->check_cancel.

  3) The worker thread changes state to THREAD_DONE once the task is
     done, and notifies elem->check_cancel to allow thread_pool_cancel
     to continue execution, and signals the notifier (pool->notifier) to
     allow callback function to be called later. But because of the
     global mutex, the notifier won't get processed until step 4) and 5)
     are done.

  4) thread_pool_cancel continues, leaving the notifier signaled, it
     just returns to caller.

  5) Caller thinks the request is already canceled successfully, so it
     releases any related data, such as freeing elem->common.opaque.

  6) In the next main loop iteration, the notifier handler,
     event_notifier_ready, is called. It finds the canceled thread in
     THREAD_DONE state, so calls elem->common.cb, with an (likely)
     dangling opaque pointer. This is a use-after-free.

Fix it by calling event_notifier_ready before leaving
thread_pool_cancel.

Test case update: This change will let cancel complete earlier than
test-thread-pool.c expects, so update the code to check this case: if
it's already done, done_cb sets .aiocb to NULL, skip calling
bdrv_aio_cancel on them.

Reported-by: Ulrich Obergfell <uobergfe@redhat.com>
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-05-28 14:28:46 +02:00
Leandro Dorileo
4ba6fabfb4 QemuOpt: add unit tests
Cover basic aspects and API usage for QemuOpt. The current implementation
covers the API's planned to be changed by Chunyan Liu in his QEMUOptionParameter
replacement/cleanup job.

Other APIs should be covered in future improvements.

[Squashing in a small fix "QemuOpt: use qemu_find_opts_err() to avoid
output on stderr in tests".

qemu_find_opts() calls error_report() instead of propagating the Error
object.  It is undesirable to clutter test case output with error
messages from a passing test.

Use qemu_find_opts_err() to avoid the output on stderr.
--Stefan]

Signed-off-by: Leandro Dorileo <l@dorileo.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-05-28 14:27:42 +02:00
Fam Zheng
7cf6376ae8 qemu-iotests: Handle cache mode option in 091
We should allow testing this on tmpfs. Any cache setting in iotests
should try to obey $CACHEMODE.

The cache mode is still "none" by default but overridable

Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-05-28 14:22:25 +02:00
Gabriel L. Somlo
eb386aaccc tests: add smbios testing
Add tests to find and verify the smbios entry point structure,
and to walk and perform checks on the actual smbios tables.

Suggested-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Gabriel Somlo <somlo@cmu.edu>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-05-27 23:42:16 +03:00
Gabriel L. Somlo
501f28ca9d tests: rename acpi-test to bios-tables-test
The test harness for acpi (generating a boot disk, starting qemu,
waiting for the BIOS to finish booting before examining guest
memory, etc.) is perfectly suited for testing other bios tables
beside acpi, such as e.g., smbios.

This patch renames acpi-test to bios-tables-test to reflect that,
and in preparation for adding smbios tests.

Signed-off-by: Gabriel Somlo <somlo@cmu.edu>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-05-27 23:42:16 +03:00
Max Filippov
57a740514d target-xtensa: add tests for cross-page TB
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2014-05-26 12:33:54 +04:00
Max Filippov
ca3164df4d target-xtensa: completely clean TLB between MMU tests
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2014-05-26 12:33:54 +04:00
Michael Walle
4e7d30a22a test: lm32: use semihosting for testing
Instead of the lm32-sys device, use semihosting to print to the host
console and exit the test.

Signed-off-by: Michael Walle <michael@walle.cc>
2014-05-24 19:42:29 +02:00
Michael Walle
a946ce8020 test: lm32: make test cases independent
Make test cases independent from from each other. Eg. if a test case needs
a specific value in register A, don't rely on the fact that it is already
set by the preceding test case.

Signed-off-by: Michael Walle <michael@walle.cc>
2014-05-24 19:42:29 +02:00
Peter Maydell
ca8c0fab95 Block patches
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJTehNaAAoJEH8JsnLIjy/Ws+QP/0C7GTkY+CAgSSoQmIKr96lf
 k0iRIypxMw68S6NEXtiqFn1yLVv41+puamrznmOSBqxZwwWLpu+J28M8i3M3lr2Q
 /bs7l22+HfakfJ6AJkYXaLPqAlRdCnM3HOLWpDuVFLeaLlHV14w4oWCIAs/lA6Tg
 n4S4nKpWUzm97NnNvQjf953kSFZ/xfH72PcICE5vyaQBnrDMMUnRyffdnVBEGMjd
 hhx/demJNXt+01XxC4VrnvpibGvMthEbQoRwemFi2snD6YXhk9XcT+jiD2VMrgCr
 fC316vdAFAiVNvI+JjCRE/1gaMRI+m0tNpymzGWnbnEc8P86KUaitASRc150NDSO
 UgpDg7oneMXC66OdZXG0XqojiAQ8sqHrvMpV+YiirJUbwIcD5ITDKt9omuIjOWjj
 ENXHOk2U87xoFfqBRRbsuO+U2QtfPDFA4jRjh5ppUy/0xuW/YL3SBCSdUHR8jalM
 H8mYcC9zKsL7D71Nh6spU4btNK2xjZT+vPoiurHNyiBSVniHagsKPGtzQCqhJEa+
 y9xCBCyqZvHBvQ2w1pE4DBOIvt3L0kKd7pRxRch9letCA6Fo/ktb7rvkDkcPVh50
 I0kphrnWqGLgC+8oMvh/gjwtzvWkTCfc8jhvzAcBGaInQr+spSaduCAnrGTpfBh1
 vfvc1o3NUVhvqipMgdzq
 =LnQj
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Block patches

# gpg: Signature made Mon 19 May 2014 15:21:14 BST using RSA key ID C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"

* remotes/kevin/tags/for-upstream: (22 commits)
  block: optimize zero writes with bdrv_write_zeroes
  blockdev: add a function to parse enum ids from strings
  util: add qemu_iovec_is_zero
  qcow1: Stricter backing file length check
  qcow1: Validate image size (CVE-2014-0223)
  qcow1: Validate L2 table size (CVE-2014-0222)
  qcow1: Check maximum cluster size
  qcow1: Make padding in the header explicit
  curl: Add usage documentation
  curl: Add sslverify option
  curl: Remove broken parsing of options from url
  curl: Fix build when curl_multi_socket_action isn't available
  qemu-iotests: Fix blkdebug in VM drive in 030
  qemu-iotests: Fix core dump suppression in test 039
  iotests: Add test for the JSON protocol
  block: Allow JSON filenames
  check-qdict: Add test for qdict_join()
  qdict: Add qdict_join()
  block: add test for vhdx image created by Disk2VHD
  block: vhdx - account for identical header sections
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-05-20 11:57:52 +01:00
Peter Lieven
465bee1da8 block: optimize zero writes with bdrv_write_zeroes
this patch tries to optimize zero write requests
by automatically using bdrv_write_zeroes if it is
supported by the format.

This significantly speeds up file system initialization and
should speed zero write test used to test backend storage
performance.

I ran the following 2 tests on my internal SSD with a
50G QCOW2 container and on an attached iSCSI storage.

a) mkfs.ext4 -E lazy_itable_init=0,lazy_journal_init=0 /dev/vdX

QCOW2         [off]     [on]     [unmap]
-----
runtime:       14secs    1.1secs  1.1secs
filesize:      937M      18M      18M

iSCSI         [off]     [on]     [unmap]
----
runtime:       9.3s      0.9s     0.9s

b) dd if=/dev/zero of=/dev/vdX bs=1M oflag=direct

QCOW2         [off]     [on]     [unmap]
-----
runtime:       246secs   18secs   18secs
filesize:      51G       192K     192K
throughput:    203M/s    2.3G/s   2.3G/s

iSCSI*        [off]     [on]     [unmap]
----
runtime:       8mins     45secs   33secs
throughput:    106M/s    1.2G/s   1.6G/s
allocated:     100%      100%     0%

* The storage was connected via an 1Gbit interface.
  It seems to internally handle writing zeroes
  via WRITESAME16 very fast.

Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-05-19 13:42:27 +02:00
Kevin Wolf
d66e5cee00 qcow1: Stricter backing file length check
Like qcow2 since commit 6d33e8e7, error out on invalid lengths instead
of silently truncating them to 1023.

Also don't rely on bdrv_pread() catching integer overflows that make len
negative, but use unsigned variables in the first place.

Cc: qemu-stable@nongnu.org
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Benoit Canet <benoit@irqsave.net>
2014-05-19 11:36:49 +02:00
Kevin Wolf
46485de0cb qcow1: Validate image size (CVE-2014-0223)
A huge image size could cause s->l1_size to overflow. Make sure that
images never require a L1 table larger than what fits in s->l1_size.

This cannot only cause unbounded allocations, but also the allocation of
a too small L1 table, resulting in out-of-bounds array accesses (both
reads and writes).

Cc: qemu-stable@nongnu.org
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-05-19 11:36:49 +02:00
Kevin Wolf
42eb58179b qcow1: Validate L2 table size (CVE-2014-0222)
Too large L2 table sizes cause unbounded allocations. Images actually
created by qemu-img only have 512 byte or 4k L2 tables.

To keep things consistent with cluster sizes, allow ranges between 512
bytes and 64k (in fact, down to 1 entry = 8 bytes is technically
working, but L2 table sizes smaller than a cluster don't make a lot of
sense).

This also means that the number of bytes on the virtual disk that are
described by the same L2 table is limited to at most 8k * 64k or 2^29,
preventively avoiding any integer overflows.

Cc: qemu-stable@nongnu.org
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Benoit Canet <benoit@irqsave.net>
2014-05-19 11:36:49 +02:00
Kevin Wolf
7159a45b2b qcow1: Check maximum cluster size
Huge values for header.cluster_bits cause unbounded allocations (e.g.
for s->cluster_cache) and crash qemu this way. Less huge values may
survive those allocations, but can cause integer overflows later on.

The only cluster sizes that qemu can create are 4k (for standalone
images) and 512 (for images with backing files), so we can limit it
to 64k.

Cc: qemu-stable@nongnu.org
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Benoit Canet <benoit@irqsave.net>
2014-05-19 11:36:49 +02:00
Fam Zheng
b5e51dd714 qemu-iotests: Fix blkdebug in VM drive in 030
The test test_stream_pause in this class uses vm.pause_drive, which
requires a blkdebug driver on top of image, otherwise it's no-op and the
test running is undeterministic.

So add it.

Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-05-19 11:36:49 +02:00
Markus Armbruster
d530e34232 qemu-iotests: Fix core dump suppression in test 039
The shell script attempts to suppress core dumps like this:

    old_ulimit=$(ulimit -c)
    ulimit -c 0
    $QEMU_IO arg...
    ulimit -c "$old_ulimit"

This breaks the test hard unless the limit was zero to begin with!
ulimit sets both hard and soft limit by default, and (re-)raising the
hard limit requires privileges.  Broken since it was added in commit
dc68afe.

Could be fixed by adding -S to set only the soft limit, but I'm not
sure how portable that is in practice.  Simply do it in a subshell
instead, like this:

    (ulimit -c 0; exec $QEMU_IO arg...)

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-05-19 11:36:49 +02:00
Max Reitz
4ad303369c iotests: Add test for the JSON protocol
Add a test for the JSON protocol driver.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-05-19 11:36:49 +02:00
Max Reitz
8a5eb36a1c check-qdict: Add test for qdict_join()
Add some test cases for qdict_join().

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Benoit Canet <benoit@irqsave.net>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-05-19 11:36:48 +02:00
Jeff Cody
26e2da7279 block: add test for vhdx image created by Disk2VHD
This adds a test for VHDX images created by Microsoft's tool, Disk2VHD.

VHDX images created by this tool have 2 identical header sections, with
identical sequence numbers.  This makes sure we detect VHDX images with
identical headers, and do not flag them as corrupt.

Signed-off-by: Jeff Cody <jcody@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-05-19 11:36:48 +02:00
Benoît Canet
24fd848950 qapi: skip redundant includes
The purpose of this change is to help create a json file containing
common definitions; each bit of generated C code must be emitted
only one time.

A second history global to all QAPISchema instances has been added
to detect when a file is included more than one time and skip these
includes.
It does not act as a stack and the changes made to it by the
__init__ function are propagated back to the caller so it's really
a global state.

Signed-off-by: Benoit Canet <benoit@irqsave.net>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-05-16 10:35:59 -04:00
Markus Armbruster
297a3646c2 qapi: Replace uncommon use of the error API by the common one
We commonly use the error API like this:

    err = NULL;
    foo(..., &err);
    if (err) {
        goto out;
    }
    bar(..., &err);

Every error source is checked separately.  The second function is only
called when the first one succeeds.  Both functions are free to pass
their argument to error_set().  Because error_set() asserts no error
has been set, this effectively means they must not be called with an
error set.

The qapi-generated code uses the error API differently:

    // *errp was initialized to NULL somewhere up the call chain
    frob(..., errp);
    gnat(..., errp);

Errors accumulate in *errp: first error wins, subsequent errors get
dropped.  To make this work, the second function does nothing when
called with an error set.  Requires non-null errp, or else the second
function can't see the first one fail.

This usage has also bled into visitor tests, and two device model
object property getters rtc_get_date() and balloon_stats_get_all().

With the "accumulate" technique, you need fewer error checks in
callers, and buy that with an error check in every callee.  Can be
nice.

However, mixing the two techniques is confusing.  You can't use the
"accumulate" technique with functions designed for the "check
separately" technique.  You can use the "check separately" technique
with functions designed for the "accumulate" technique, but then
error_set() can't catch you setting an error more than once.

Standardize on the "check separately" technique for now, because it's
overwhelmingly prevalent.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-05-15 14:00:46 -04:00
Markus Armbruster
cdaec3808e tests: Don't call visit_end_struct() after visit_start_struct() fails
When visit_start_struct() fails, visit_end_struct() must not be
called.  Three out of four visit_type_TestStruct() call it anyway.  As
far as I can tell, visit_start_struct() doesn't actually fail there.
Fix them anyway.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-05-15 14:00:46 -04:00
Peter Maydell
895527eea5 migration/next for 20140515
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCAAGBQJTdBkpAAoJEPSH7xhYctcj5jAQAJKiJ/43TBk0S0wlpoPjw1yA
 WSC/oJ2yvf+i6EndJPdnxIA/3K3s7suRFBJVYwLVnGJTUZ6gwGcI7cc/EX/iK0vf
 1Ffv/RAuh3nkohFw1ZMLQGqACFskSer0K1wZgQg+YjiJRPzzpVOpaAVm3+c04LRN
 AjO9LTqudi2pFaDHfGQMFES3j/5+h2srdad7YLMu4h/17SLtcowO7Yf7GT+GHRyD
 c3OHcL6vNoCKkIJQULC8X5czh6zapQZG3SRZ/nLt58yjEyVuq4L2cNRA/614K+5b
 1YLz4dX6slj8y17tg8On60emU0Sdu4mOws9HtYSytfmEu045iuF+Wr4kNjO74UGd
 NnnjD1pdnuF7356pz87PiVBf7qer5yrv+Bog1KRUwn3ETFqpSOMiKJo0JAGBMKdN
 w6Mbkg9C7IR62OfmM5157Mj2Xd681GImNiYzerBMfuFAWk5XsMxuz9Xh03I7WpzS
 ASow6SCBIr7bsiKENV7twuz1mIQclsYWXaVt8ldH8bMsTCqiefVeDs4o6A3Na+WC
 LztUHzlhVLZU92uJDiIsyQnwmsw032RjhKY9sV/NMa5HLAhF/zZLcn1OfXshrv8t
 mVnWngGbY185kml0GmLu9TSnSCBSD8lcwZlRA9JVyxfusxElJUOrQzKzvu69Rn6U
 XBWPBwppnDQ0MjOgSZD+
 =gg8m
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/juanquintela/tags/migration/20140515' into staging

migration/next for 20140515

# gpg: Signature made Thu 15 May 2014 02:32:25 BST using RSA key ID 5872D723
# gpg: Can't check signature: public key not found

* remotes/juanquintela/tags/migration/20140515:
  usb: fix up post load checks
  migration: show average throughput when migration finishes
  savevm: Remove all the unneeded version_minimum_id_old (rest)
  savevm: Remove all the unneeded version_minimum_id_old (usb)
  Split ram_save_block
  arch_init: Simplify code for load_xbzrle()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-05-15 17:29:03 +01:00
Peter Maydell
7d983531c6 Revert "iotests: Use configured python"
This reverts commit f915db07ef.

This commit is broken because it does not account for the
build tree and the source tree being different, and can cause
build failures for out-of-tree builds. Revert it until we can
identify a better solution to the problem.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1400153676-30180-1-git-send-email-peter.maydell@linaro.org
Acked-by: Kevin Wolf <kwolf@redhat.com>
2014-05-15 13:41:19 +01:00
Juan Quintela
35d08458a9 savevm: Remove all the unneeded version_minimum_id_old (rest)
After previous Peter patch, they are redundant.  This way we don't
assign them except when needed.  Once there, there were lots of case
where the ".fields" indentation was wrong:

     .fields = (VMStateField []) {
and
     .fields =      (VMStateField []) {

Change all the combinations to:

     .fields = (VMStateField[]){

The biggest problem (appart from aesthetics) was that checkpatch complained
when we copy&pasted the code from one place to another.

Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
2014-05-14 15:24:51 +02:00
Peter Maydell
1b5498f687 Block pull request
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJTbSUxAAoJEJykq7OBq3PIh+EH/1pfLspteDS4hlTZZ8D5r+iN
 AEmemUQpMDGawLHQSJcK3xgNWSz5ei3HxLuXz9+5f3ZhP+ECsrTnf+60uzHkdd6j
 axG1viAHEBtX0ZumTdo0XY6FtCZmCRqRz8nfqxs1Q3O7UtZaDqLf1m/BNguw5K8G
 VHtuPAVidTWcS6QT6CoEdJ4coA3F8ZuK1viTU2nsBE28lqB99ZG9Zkr2pOCXXra2
 5d6OIZYyc+PNW2HuNZTmma41aVoYJnT797qr2cLbZ3q38ykwmWU6cNrLsf+O91yT
 wnsCG6g1MdQb9mwVp0spPU/X/IuKbRg449XOzY9Ko4HmuSn1Inf6gUIBMigecjQ=
 =wmRq
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging

Block pull request

# gpg: Signature made Fri 09 May 2014 19:57:53 BST using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"

* remotes/stefanha/tags/block-pull-request:
  glib: fix g_poll early timeout on windows
  block: qemu-iotests - test for live migration
  block: qemu-iotests - update 085 to use common.qemu
  block: qemu-iotests - add common.qemu, for bash-controlled qemu tests
  block/raw-posix: Try both FIEMAP and SEEK_HOLE
  gluster: Correctly propagate errors when volume isn't accessible
  vl.c: remove init_clocks call from main
  block: Fix open flags with BDRV_O_SNAPSHOT
  qemu-iotests: Test converting to streamOptimized from small cluster size
  vmdk: Implement .bdrv_get_info()
  vmdk: Implement .bdrv_write_compressed
  qemu-img: Convert by cluster size if target is compressed
  block/iscsi: bump year in copyright notice
  block/nfs: Check for NULL server part
  qemu-img: sort block formats in help message
  iotests: Use configured python
  qcow2: Fix alloc_clusters_noref() overflow detection

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-05-13 10:35:47 +01:00
Jeff Cody
fd040174ac block: qemu-iotests - test for live migration
This is an initial, simple live migration test from one
running VM to another, using monitor commands.

This is also an example of using the new common.qemu functions
for controlling multiple running qemu instances, for tests that
need a live qemu vm.

Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-05-09 20:57:32 +02:00
Jeff Cody
e86e869770 block: qemu-iotests - update 085 to use common.qemu
The new functionality of common.qemu implements the QEMU control
and communication functionality that was originally in test 085.

This removes that now-duplicate functionality, and uses the
common.qemu functions.

The QEMU commandline changes slightly due to this; in addition to
monitor and qmp i/o options, the new QEMU commandline from inside
common.qemu now introduces -machine accel=qtest.

Reviewed-by: Benoit Canet <benoit@irqsave.net>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-05-09 20:57:32 +02:00
Jeff Cody
e940bc13ee block: qemu-iotests - add common.qemu, for bash-controlled qemu tests
This creates some common functions for bash language qemu-iotests
to control, and communicate with, a running QEMU process.

4 functions are introduced:

    1. _launch_qemu()
        This launches the QEMU process(es), and sets up the file
        descriptors and fifos for communication.  You can choose to
        launch each QEMU process listening for either QMP or HMP
        monitor.  You can call this function multiple times, and
        save the handle returned from each.  The returned handle is
        in $QEMU_HANDLE.  You must copy this value.

Commands 2 and 3 use the handle received from _launch_qemu(), to talk
to the appropriate process.

    2. _send_qemu_cmd()
        Sends a command string, specified by $2, to QEMU.  If $3 is
        non-NULL, _send_qemu_cmd() will wait to receive $3 as a
        required result string from QEMU.  Failure to receive $3 will
        cause the test to fail.  The command can optionally be retried
        $qemu_cmd_repeat number of times.  Set $qemu_error_no_exit
        to not force the test the fail on exit; in this case,
        $QEMU_STATUS[$1] will be set to -1 on failure.

    3. _timed_wait_for()
        Waits for a response, for up to a default of 10 seconds.  If
        $2 is not seen in that time (anywhere in the response), then
        the test fails.  Primarily used by _send_qemu_cmd, but could
        be useful standalone, as well.  To prevent automatic exit
        (and therefore test failure), set $qemu_error_no_exit to a
        non-NULL value.  If $silent is a non-NULL value, then output
        to stdout will be suppressed.

    4. _cleanup_qemu()
        Kills the running QEMU processes, and removes the fifos.

Signed-off-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-05-09 20:57:32 +02:00
Kevin Wolf
b1e6fc0817 block: Fix open flags with BDRV_O_SNAPSHOT
The immediately visible effect of this patch is that it fixes committing
a temporary snapshot to its backing file. Previously, it would fail with
a "permission denied" error because bdrv_inherited_flags() forced the
backing file to be read-only, ignoring the r/w reopen of bdrv_commit().

The bigger problem this revealed is that the original open flags must
actually only be applied to the temporary snapshot, and the original
image file must be treated as a backing file of the temporary snapshot
and get the right flags for that.

Reported-by: Jan Kiszka <jan.kiszka@web.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-05-09 20:57:31 +02:00
Markus Armbruster
196857f8bf tests/qapi-schema: Drop superfluous error_is_set()
visit_type_TestStruct() does nothing when called with an error set.
Callers shouldn't do that, and no caller does.  Drop the superfluous
test.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-05-09 09:11:31 -04:00
Fam Zheng
10f08a0a34 qemu-iotests: Test converting to streamOptimized from small cluster size
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-05-09 13:32:17 +02:00
Fam Zheng
74fe188cd1 vmdk: Implement .bdrv_get_info()
This will return cluster_size and needs_compressed_writes to caller, if all the
extents have the same value (or there's only one extent). Otherwise return
-ENOTSUP.

cluster_size is only reported for sparse formats.

Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-05-09 13:32:16 +02:00
Max Reitz
f915db07ef iotests: Use configured python
Currently, QEMU's iotests rely on /usr/bin/env to start the correct
Python (that is, at least Python 2.4, but not 3). On systems where
Python 3 is the default, the user has no clean way of making the iotests
use the correct binary.

This commit makes the iotests use the Python selected by configure.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-05-09 13:32:16 +02:00
Markus Armbruster
e940f543ae qmp hmp: Consistently name Error * objects err, and not errp
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-05-08 14:20:00 -04:00
Lluís Vilanova
a719a27c82 qapi: Add a primitive to include other files from a QAPI schema file
The primitive uses JSON syntax, and include paths are relative to the file using the directive:

  { 'include': 'path/to/file.json' }

Signed-off-by: Lluís Vilanova <vilanova@ac.upc.edu>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-05-08 14:19:58 -04:00
Lluís Vilanova
33aaad529e qapi: Use an explicit input file
Use an explicit input file on the command-line instead of reading from standard
input.

It also outputs the proper file name when there's an error.

Signed-off-by: Lluís Vilanova <vilanova@ac.upc.edu>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-05-08 14:19:58 -04:00
Lluís Vilanova
98c1200af1 qapi: [trivial] Do not catch unknown exceptions in "test-qapi.py"
Signed-off-by: Lluís Vilanova <vilanova@ac.upc.edu>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-05-08 14:19:58 -04:00
Lluís Vilanova
0a60774906 qapi: [trivial] Break long command lines
Signed-off-by: Lluís Vilanova <vilanova@ac.upc.edu>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-05-08 14:19:58 -04:00
Peter Maydell
ad0a118fa3 tests/tcg: Fix compilation of test_path
The test_path binary is (unlike the other test binaries in tests/tcg)
actually intended to be compiled with the same compiler used to build
the main QEMU executables. It actually #includes a number of the
QEMU source files in an attempt to unit-test the util/path.c functions,
and so if it is not compiled with the same compiler used by configure
to set CONFIG_ settings then it is liable to fail to build.
Fix the makefile to build it with the default C compiler rules, not
CC_I386, and fix the test itself not to include a lot of unnecessary
trace related source files which cause the build to fail if the trace
backend is anything other than 'simple'.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-05-07 21:00:43 +04:00
Andreas Färber
cc900d34e7 tests: Add EHCI qtest
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-05-05 20:58:33 +02:00
Andreas Färber
efbf5df020 tests: Add ioh3420 qtest
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-05-05 20:58:33 +02:00
Andreas Färber
fbaf445a89 tests: Add intel-hda qtests
Test both the ich6 and the ich9 version (cf. q35 config) and all the
codecs.

Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-05-05 20:58:33 +02:00
Andreas Färber
8fa74c947d tests: Add es1370 qtest
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-05-05 20:58:33 +02:00
Andreas Färber
d7b50c0cc0 tests: Add ac97 qtest
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-05-05 20:58:33 +02:00
Andreas Färber
535b45631a qtest: Be paranoid about accept() addrlen argument
POSIX specifies that address_len shall on output specify the length of
the stored address; it does not however specify whether it may get
updated on failure as well to, e.g., zero.

In case EINTR occurs, re-initialize the variable to the desired value.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-05-05 20:58:33 +02:00
Andreas Färber
a7d915f388 qtest: Add error reporting to socket_accept()
We're not using the GLib infrastructure here, to allow cleaning up the
sockets. Still, knowing why a certain test run failed can be valuable.

Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-05-05 20:58:33 +02:00
Andreas Färber
a7ded163db qtest: Assure that init_socket()'s listen() does not fail
In practice this seems very unlikely, so cleanup is neglected, as done
for bind().

Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-05-05 20:58:33 +02:00
Peter Maydell
e50bf23438 Block patches
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJTYT60AAoJEH8JsnLIjy/WQIoP/2n2/YoSOgtv3IwV1YdjzmLK
 fAVYhkZz+ElvMuoM/Mj9k1VEYlIImCrx2Y8vwLEM0tDbRa4+J2vORAOgt4EaY2G7
 OxEQoxdX380Cug94pJtupGhZmvkLPa/slnoOHoL2X1IfhD52k0xORVRPFy4nSaV0
 f2zOjhPNHCE5ZOnHZshgUjtPUqglJlsBKBlWnXE0EZLBk0jbZO0oRWNEtXZRS3Tp
 GQQEqtG46gEuGJcJ6F1f9bDCLJ6KAdCmHMK3weY7niDSem84p35I76xfM/oGHYmb
 Y5CgQXDys2STXshw9mAeSUfn4QfYW9JZvQAWGrTYM/y4/hbQKsi8jfbqSYinWcjm
 qfBH/nEAqKGgVEmQ4jLlWIa7/Lr0WsirdZZmhBXZcgkfg6+gUP6uw+kDJprqd385
 45mVu1AldLKVV4jBhAahuSLGdv8CErndGqVckVHaSPtl4XJxhZmemPJB4JAbczdM
 LZiQwRuVeYZC+ssQotr2ov5pzWg3n6IzFW6Zt0T7YWmluOAy9vTfm29IdUV7nxKl
 Ht6sm4vLLMtB3snHvLdpTOAXxTJ66J2IqpRGhIgNu71dKLjFU5IEgj5oddw38iiG
 sY2CA6DfWSwRmPfaVsH/F8o/T0vONQ9SrX40459UNADm81qvu70IuR8cr8b4xKXX
 vC9SwuNBO1upONNkX/4B
 =VH6g
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Block patches

# gpg: Signature made Wed 30 Apr 2014 19:19:32 BST using RSA key ID C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"

* remotes/kevin/tags/for-upstream: (31 commits)
  curl: Fix hang reading from slow connections
  curl: Ensure all informationals are checked for completion
  curl: Eliminate unnecessary use of curl_multi_socket_all
  curl: Remove unnecessary explicit calls to internal event handler
  curl: Remove erroneous sleep waiting for curl completion
  curl: Fix return from curl_read_cb with invalid state
  curl: Remove unnecessary use of goto
  curl: Fix long line
  block/vdi: Error out immediately in vdi_create()
  block/bochs: Fix error handling for seek_to_sector()
  qcow2: Check min_size in qcow2_grow_l1_table()
  qcow2: Catch bdrv_getlength() error
  block: Use correct width in format strings
  qcow2: Avoid overflow in alloc_clusters_noref()
  block: Use error_abort in bdrv_image_info_specific_dump()
  block: Fix open_flags in bdrv_reopen()
  Revert "block: another bdrv_append fix"
  block: Unlink temporary files in raw-posix/win32
  block: Remove BDRV_O_COPY_ON_READ for bs->file
  block: Create bdrv_backing_flags()
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-05-02 10:50:58 +01:00
Peter Maydell
87f6ede9bb vga: add secondary stdvga variant
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJTXhtQAAoJEEy22O7T6HE46UAQAJF1fXDHXSUDDU5XoW6vwmfN
 L6Eb85CxIv2iUrY4uX4VceBl2pLYW4hd2ElcihN7Hdk7/j4XeiytTKndYwOym9V6
 roowKf3urYk6vHxGCEQX1ME2VFt2FfpqmqUePdXjeFc4zdVxHHH7zD67doOTU2tx
 xOyhP/H8NvxUWyFhlFgTNiHMP4c9nG4lDEzvYubxVGWBWr1C5qNGqvc3o6wnT3bc
 Tr6JyANLIrxX4VIZFxif/ncnP3VAZeQLWpnsnj48liql0j7B1UdvXSllR9jKbSn8
 r3O9EHSgLpZGnqBx9OesjXO1CEVfpix3VkSax0ylbrWv2IgX5hzLwitd7g68Y2j2
 eVSfYLmWkD9taRkze2wtTwF3mAgPGDbRrg3GW5edeRLuFzzPTEHNl9Xx4AsaUWdk
 ioB1AuYKsWgFBd0IBT6aT21/2Eh3c6d8d8ziU4cZSh1IJ5JllzhuF07k0bH4KM82
 1Kl2fN5De8x3QS5fZPCOTHiJSyHZvAQZr5KTqi/bASYI1jY0dnoKa0+Eq4w67LJY
 yGhomZmIUI9s5dy5KuARmQpuXQwXsE8J77+8fNLNIsCb1kZbUG2ONE0VBTTooWuE
 eDy+pp0FfjV064UbtnFNIzTVkgaWfYUlM6G4Mae9GZaakn8w/J0Bnl+SbIkRnuPJ
 1N/W/OeJ2m0h3qegYShb
 =iuHp
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/pull-vga-2' into staging

vga: add secondary stdvga variant

# gpg: Signature made Mon 28 Apr 2014 10:11:44 BST using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-vga-2:
  add secondary-vga to display-vga test
  add display-vga test
  vga: add secondary stdvga variant
  vga: allow non-global vmstate

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-05-01 16:02:45 +01:00
Max Reitz
cffb12051a iotests: Discarding compressed clusters on qcow2
Add a test which discards a compressed cluster on qcow2. This should
work without any problems.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-04-29 16:39:51 +02:00
Jeff Cody
cc8a7e560c block: qemu-iotests: make test 019 and 086 work with spaced pathnames
Both tests 019 and 086 need proper quotations to work with pathnames
that contain spaces.

Reviewed-by: Benoit Canet <benoit@irqsave.net>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-04-29 16:19:37 +02:00
Jeff Cody
c557527455 block: qemu-iotests - fix image cleanup when using spaced pathnames
The _rm_test_img() function in common.rc did not quote the image
file, which left droppings in the scratch directory (and performed
a potentially unsafe rm -f).

This adds the necessary quotes.

Reviewed-by: Benoit Canet <benoit@irqsave.net>
Signed-off-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-04-29 16:19:33 +02:00
Peter Maydell
93156cef1c trivial patches for 2014-04-28
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 
 iQEcBAABAgAGBQJTXd9hAAoJEL7lnXSkw9fb9XUIAKRVB/RAIuaQExVDOxq1C6ml
 o9gpFbCm1rE/fDB3fxUdppMxeOy4nLaX+H/RspYCtzEF8QBWA+OXiB5sH19I2Yd5
 1eiseNXimTMIWIJNwqgXCEabxOE2ae/9kQWry7pI3F7u2cA8EZZlgUIDzO5ogREj
 bi+Fy6KDlrMCLUBxtmoAkOnDPbTdnkVxu3Uv/oBFcrNCgklpGitIM+dMcayCUJ2q
 Mp2M/jRrGsCVB+cTpEbzqPoC/l2Xv6VYAvnjQWvJM9RpitzghufVAJ9IJa1xJM83
 2F05MEIr6h+ymLB7qh8x2lrJHN14O3t50uFaXL//om9JPlPei9lHQhfpVrg0UmQ=
 =2Bsm
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mjt/tags/trivial-patches-2014-04-28' into staging

trivial patches for 2014-04-28

# gpg: Signature made Mon 28 Apr 2014 05:56:01 BST using RSA key ID A4C3D7DB
# gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>"
# gpg:                 aka "Michael Tokarev <mjt@corpit.ru>"
# gpg:                 aka "Michael Tokarev <mjt@debian.org>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6EE1 95D1 886E 8FFB 810D  4324 457C E0A0 8044 65C5
#      Subkey fingerprint: 6F67 E18E 7C91 C5B1 5514  66A7 BEE5 9D74 A4C3 D7DB

* remotes/mjt/tags/trivial-patches-2014-04-28:
  slirp/smb: Move ncalrpc directory to tmp
  po: add proper Language: tags to .po files
  po/Makefile: fix $SRC_PATH reference
  init_paths: fix minor memory leak
  virtfs-proxy-helper: fix call to accept
  net/net.c: remove unnecessary semicolon
  Add QEMU logo (SVG file)
  vl: avoid closing stdout with 'writeconfig'
  xilinx: Fix typo in comment (Marvel -> Marvell)
  vl: Eliminate a superfluous local variable
  vl: Remove useless 'continue'
  gitignore: cleanups #2
  tests/.gitignore: Ignore test-rfifolock
  move test-* from .gitignore to tests/.gitignore
  configure: Improve help behavior
  vl: convert -m to QemuOpts
  qemu-option: introduce qemu_find_opts_singleton
  misc: Use cpu_physical_memory_read and cpu_physical_memory_write

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-28 13:43:17 +01:00
Gerd Hoffmann
a889bc2bb2 add secondary-vga to display-vga test
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-04-28 11:03:39 +02:00
Gerd Hoffmann
0850fd583f add display-vga test
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-04-28 11:03:35 +02:00
Cole Robinson
a27b04577e tests/.gitignore: Ignore test-rfifolock
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-04-27 13:04:18 +04:00
Laszlo Ersek
296b14491a move test-* from .gitignore to tests/.gitignore
Also sort the test-* entries in the latter.

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-04-27 13:04:18 +04:00
Markus Armbruster
0fb6395c0c Use error_is_set() only when necessary (again)
error_is_set(&var) is the same as var != NULL, but it takes
whole-program analysis to figure that out.  Unnecessarily hard for
optimizers, static checkers, and human readers.  Commit 84d18f0 dumbed
it down to obvious, but a few more have crept in since, and
documentation was overlooked.  Dumb these down, too.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-04-25 18:05:06 +02:00
Fam Zheng
9974ad40bf qemu-iotests: Improve and make use of QMPTestCase.wait_until_completed()
This eliminates code duplication.

Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-04-25 18:05:05 +02:00
Kevin Wolf
90d9d30152 qemu-iotests: Check common namespace for id and node-name
A name that is taken by an ID can't be taken by a node-name at the same
time. Check that conflicts are correctly detected.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
2014-04-22 12:12:30 +02:00
Kevin Wolf
f2d953ec31 block: Catch duplicate IDs in bdrv_new()
Since commit f298d071, block devices added with blockdev-add don't have
a QemuOpts around in dinfo->opts. Consequently, we can't rely any more
on QemuOpts catching duplicate IDs for block devices.

This patch adds a new check for duplicate IDs to bdrv_new(), and moves
the existing check that the ID isn't already taken for a node-name there
as well.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2014-04-22 12:00:28 +02:00
Kevin Wolf
da15ee5134 block: Catch integer overflow in bdrv_rw_co()
Insanely large requests could cause an integer overflow in
bdrv_rw_co() while converting sectors to bytes. This patch catches the
problem and returns an error (if we hadn't overflown the integer here,
bdrv_check_byte_request() would have rejected the request, so we're not
breaking anything that was supposed to work before).

We actually do have a test case that triggers behaviour where we
accidentally let such a request pass, so that it would return success,
but read 0 bytes instead of the requested 4 GB. It fails now like it
should.

If the vdi block driver wants to be able to deal with huge images, it
can't read the whole block bitmap at once into memory like it does
today, but needs to use a metadata cache like qcow2 does.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-04-22 11:57:02 +02:00
Michael S. Tsirkin
8611224a7b acpi-test: update expected files
commit 58b035c7354afc0c5351ea62264c01d74196ec26
    acpi: fix incorrect encoding for 0x{F-1}FFFF
changes the SSDT, update expected files accordingly.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-04-14 15:13:27 +03:00
Kevin Wolf
715c3f60ef bochs: Fix catalog size check
The old check was off by a factor of 512 and didn't consider cases where
we don't get an exact division. This could lead to an out-of-bounds
array access in seek_to_sector().

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
2014-04-11 13:59:49 +02:00
Michael S. Tsirkin
50329d3418 tests/acpi: update expected DSDT files
commit f2ccc311df
    dsdt: tweak ACPI ID for hotplug resource device
changes the DSDT, update test expected files to match

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reported-by: Igor Mammedov <imammedo@redhat.com>
2014-04-09 17:52:08 +03:00
Andreas Färber
f85e3457ce tests: Update check-clean rule
Only i386, x86_64, sparc and sparc64 qtests were cleaned up.
Make this more generic to not miss any newly tested targets.

Reported-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-04-07 18:33:22 +02:00
Kevin Wolf
b998875dcf block: Fix snapshot=on for protocol parsed from filename
Since commit 9fd3171a, BDRV_O_SNAPSHOT uses an option QDict to specify
the originally requested image as the backing file of the newly created
temporary snapshot. This means that the filename is stored in
"file.filename", which is an option that is not parsed for protocol
names. Therefore things like -drive file=nbd:localhost:10809 were
broken because it looked for a local file with the literal name
'nbd:localhost:10809'.

This patch changes the way BDRV_O_SNAPSHOT works once again. We now open
the originally requested image as normal, and then do a similar
operation as for live snapshots to put the temporary snapshot on top.
This way, both driver specific options and parsed filenames work.

As a nice side effect, this results in code movement to factor
bdrv_append_temp_snapshot() out. This is a good preparation for moving
its call to drive_init() and friends eventually.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
2014-04-04 19:35:51 +02:00
Kevin Wolf
cd40890816 qemu-iotests: Remove CR line endings in reference output
qemu doesn't print these CRs any more. The test still didn't fail
because the output comparison ignores line endings, but the change turns
up each time when you want to update the output.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
2014-04-04 17:10:32 +02:00
Kevin Wolf
e3fa4bfa72 block: Don't parse 'filename' option
When using the QDict option 'filename', it is supposed to be interpreted
literally. The code did correctly avoid guessing the protocol from any
string before the first colon, but it still called bdrv_parse_filename()
which would, for example, incorrectly remove a 'file:' prefix in the
raw-posix driver.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
2014-04-04 17:10:25 +02:00
Kevin Wolf
4c2e5f8f46 qcow2: Flush metadata during read-only reopen
If lazy refcounts are enabled for a backing file, committing to this
backing file may leave it in a dirty state even if the commit succeeds.
The reason is that the bdrv_flush() call in bdrv_commit() doesn't flush
refcount updates with lazy refcounts enabled, and qcow2_reopen_prepare()
doesn't take care to flush metadata.

In order to fix this, this patch also fixes qcow2_mark_clean(), which
contains another ineffective bdrv_flush() call beause lazy refcounts are
disabled only afterwards. All existing callers of qcow2_mark_clean()
either don't modify refcounts or already flush manually, so that this
fixes only a latent, but not yet actually triggerable bug.

Another instance of the same problem is live snapshots. Again, a real
corruption is prevented by an explicit flush for non-read-only images in
external_snapshot_prepare(), but images using lazy refcounts stay dirty.

Cc: qemu-stable@nongnu.org
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-04-04 14:12:26 +02:00
Peter Maydell
53e11bd384 Block pull request
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJTOvM0AAoJEJykq7OBq3PIx0sH/0TKpaRIVq+CLpT783tEExuz
 QWTUIc69CQn/+E4kb0p7m76i9E7FPd0Ye9JhC5u6lLVdkkFIvAavCpCf4OyCQfqi
 Q+y7DxPYfWKbg3PnQuzezLFu/euucAU217nW/4B2S1lx3ceVDiSPcAN2Ar/9UcJ1
 9YXKpST3dTwZmCJdAfQ/fsbqJybtfC76uGsO2nHkqr6FOWMdB+tMyEkNh1lNnFsn
 HEBJRk71e/d5RyWiWXNVS77gNtjvSfGoJvD/+WZsqmeNNRslgtMlY2nhc38tpM38
 +au6Arbi6lv8+dE7hZcrgF7QEy/sBlM8MLhdW2hCRmqeGXhx1lw3Yen1+tVc9Bk=
 =NGXr
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging

Block pull request

# gpg: Signature made Tue 01 Apr 2014 18:11:16 BST using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"

* remotes/stefanha/tags/block-pull-request: (51 commits)
  qcow2: link all L2 meta updates in preallocate()
  parallels: Sanity check for s->tracks (CVE-2014-0142)
  parallels: Fix catalog size integer overflow (CVE-2014-0143)
  qcow2: Limit snapshot table size
  qcow2: Check maximum L1 size in qcow2_snapshot_load_tmp() (CVE-2014-0143)
  qcow2: Fix L1 allocation size in qcow2_snapshot_load_tmp() (CVE-2014-0145)
  qcow2: Fix NULL dereference in qcow2_open() error path (CVE-2014-0146)
  qcow2: Fix copy_sectors() with VM state
  block: Limit request size (CVE-2014-0143)
  block: vdi bounds check qemu-io tests
  dmg: prevent chunk buffer overflow (CVE-2014-0145)
  dmg: use uint64_t consistently for sectors and lengths
  dmg: sanitize chunk length and sectorcount (CVE-2014-0145)
  dmg: use appropriate types when reading chunks
  dmg: drop broken bdrv_pread() loop
  dmg: prevent out-of-bounds array access on terminator
  dmg: coding style and indentation cleanup
  qcow2: Fix new L1 table size check (CVE-2014-0143)
  qcow2: Protect against some integer overflows in bdrv_check
  qcow2: Fix types in qcow2_alloc_clusters and alloc_clusters_noref
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-01 18:23:28 +01:00
Kevin Wolf
9302e863aa parallels: Sanity check for s->tracks (CVE-2014-0142)
This avoids a possible division by zero.

Convert s->tracks to unsigned as well because it feels better than
surviving just because the results of calculations with s->tracks are
converted to unsigned anyway.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-04-01 15:22:35 +02:00
Kevin Wolf
afbcc40bee parallels: Fix catalog size integer overflow (CVE-2014-0143)
The first test case would cause a huge memory allocation, leading to a
qemu abort; the second one to a too small malloc() for the catalog
(smaller than s->catalog_size), which causes a read-only out-of-bounds
array access and on big endian hosts an endianess conversion for an
undefined memory area.

The sample image used here is not an original Parallels image. It was
created using an hexeditor on the basis of the struct that qemu uses.
Good enough for trying to crash the driver, but not for ensuring
compatibility.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-04-01 15:22:35 +02:00
Kevin Wolf
6a83f8b5be qcow2: Check maximum L1 size in qcow2_snapshot_load_tmp() (CVE-2014-0143)
This avoids an unbounded allocation.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-04-01 15:22:35 +02:00
Kevin Wolf
c05e4667be qcow2: Fix L1 allocation size in qcow2_snapshot_load_tmp() (CVE-2014-0145)
For the L1 table to loaded for an internal snapshot, the code allocated
only enough memory to hold the currently active L1 table. If the
snapshot's L1 table is actually larger than the current one, this leads
to a buffer overflow.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-04-01 15:22:35 +02:00
Kevin Wolf
11b128f406 qcow2: Fix NULL dereference in qcow2_open() error path (CVE-2014-0146)
The qcow2 code assumes that s->snapshots is non-NULL if s->nb_snapshots
!= 0. By having the initialisation of both fields separated in
qcow2_open(), any error occuring in between would cause the error path
to dereference NULL in qcow2_free_snapshots() if the image had any
snapshots.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-04-01 15:22:35 +02:00
Kevin Wolf
6b7d4c5558 qcow2: Fix copy_sectors() with VM state
bs->total_sectors is not the highest possible sector number that could
be involved in a copy on write operation: VM state is after the end of
the virtual disk. This resulted in wrong values for the number of
sectors to be copied (n).

The code that checks for the end of the image isn't required any more
because the code hasn't been calling the block layer's bdrv_read() for a
long time; instead, it directly calls qcow2_readv(), which doesn't error
out on VM state sector numbers.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-04-01 15:22:35 +02:00
Jeff Cody
1e7226f70c block: vdi bounds check qemu-io tests
This test checks for proper bounds checking of some VDI input
headers.  The following is checked:

1. Max image size (1024TB) with the appropriate Blocks In Image
   value (0x3fffffff) is detected as valid.

2. Image size exceeding max (1024TB) is seen as invalid

3. Valid image size but with Blocks In Image value that is too
   small fails

4. Blocks In Image size exceeding max (0x3fffffff) is seen as invalid

5. 64MB image, with 64 Blocks In Image, and 1MB Block Size is seen
   as valid

6. Block Size < 1MB not supported

7. Block Size > 1MB not supported

[Max Reitz <mreitz@redhat.com> pointed out that "1MB + 1" in the test
case is wrong.  Change to "1MB + 64KB" to match the 0x110000 value.
--Stefan]

Signed-off-by: Jeff Cody <jcody@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-04-01 15:22:35 +02:00
Kevin Wolf
b106ad9185 qcow2: Don't rely on free_cluster_index in alloc_refcount_block() (CVE-2014-0147)
free_cluster_index is only correct if update_refcount() was called from
an allocation function, and even there it's brittle because it's used to
protect unfinished allocations which still have a refcount of 0 - if it
moves in the wrong place, the unfinished allocation can be corrupted.

So not using it any more seems to be a good idea. Instead, use the
first requested cluster to do the calculations. Return -EAGAIN if
unfinished allocations could become invalid and let the caller restart
its search for some free clusters.

The context of creating a snapsnot is one situation where
update_refcount() is called outside of a cluster allocation. For this
case, the change fixes a buffer overflow if a cluster is referenced in
an L2 table that cannot be represented by an existing refcount block.
(new_table[refcount_table_index] was out of bounds)

[Bump the qemu-iotests 026 refblock_alloc.write leak count from 10 to
11.
--Stefan]

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-04-01 15:21:03 +02:00
Kevin Wolf
6d33e8e7dc qcow2: Fix backing file name length check
len could become negative and would pass the check then. Nothing bad
happened because bdrv_pread() happens to return an error for negative
length values, but make variables for sizes unsigned anyway.

This patch also changes the behaviour to error out on invalid lengths
instead of silently truncating it to 1023.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-04-01 14:19:09 +02:00
Kevin Wolf
2d51c32c4b qcow2: Validate active L1 table offset and size (CVE-2014-0144)
This avoids an unbounded allocation.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-04-01 14:19:09 +02:00
Kevin Wolf
ce48f2f441 qcow2: Validate snapshot table offset/size (CVE-2014-0144)
This avoid unbounded memory allocation and fixes a potential buffer
overflow on 32 bit hosts.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-04-01 14:19:09 +02:00
Kevin Wolf
8c7de28305 qcow2: Validate refcount table offset
The end of the refcount table must not exceed INT64_MAX so that integer
overflows are avoided.

Also check for misaligned refcount table. Such images are invalid and
probably the result of data corruption. Error out to avoid further
corruption.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-04-01 14:19:09 +02:00
Kevin Wolf
5dab2faddc qcow2: Check refcount table size (CVE-2014-0144)
Limit the in-memory reference count table size to 8 MB, it's enough in
practice. This fixes an unbounded allocation as well as a buffer
overflow in qcow2_refcount_init().

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-04-01 14:19:09 +02:00
Kevin Wolf
a1b3955c94 qcow2: Check backing_file_offset (CVE-2014-0144)
Header, header extension and the backing file name must all be stored in
the first cluster. Setting the backing file to a much higher value
allowed header extensions to become much bigger than we want them to be
(unbounded allocation).

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-04-01 14:19:09 +02:00
Kevin Wolf
24342f2cae qcow2: Check header_length (CVE-2014-0144)
This fixes an unbounded allocation for s->unknown_header_fields.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-04-01 14:19:09 +02:00
Kevin Wolf
5e71dfad76 vpc: Validate block size (CVE-2014-0142)
This fixes some cases of division by zero crashes.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-04-01 13:59:47 +02:00
Kevin Wolf
8e53abbc20 bochs: Check extent_size header field (CVE-2014-0142)
This fixes two possible division by zero crashes: In bochs_open() and in
seek_to_sector().

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-04-01 13:59:47 +02:00
Kevin Wolf
e3737b820b bochs: Check catalog_size header field (CVE-2014-0143)
It should neither become negative nor allow unbounded memory
allocations. This fixes aborts in g_malloc() and an s->catalog_bitmap
buffer overflow on big endian hosts.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-04-01 13:59:47 +02:00
Kevin Wolf
246f65838d bochs: Use unsigned variables for offsets and sizes (CVE-2014-0147)
Gets us rid of integer overflows resulting in negative sizes which
aren't correctly checked.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-04-01 13:59:47 +02:00
Kevin Wolf
24f3078a04 qemu-iotests: Support for bochs format
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-04-01 13:59:47 +02:00
Stefan Hajnoczi
42d43d35d9 block/cloop: fix offsets[] size off-by-one
cloop stores the number of compressed blocks in the n_blocks header
field.  The file actually contains n_blocks + 1 offsets, where the extra
offset is the end-of-file offset.

The following line in cloop_read_block() results in an out-of-bounds
offsets[] access:

    uint32_t bytes = s->offsets[block_num + 1] - s->offsets[block_num];

This patch allocates and loads the extra offset so that
cloop_read_block() works correctly when the last block is accessed.

Notice that we must free s->offsets[] unconditionally now since there is
always an end-of-file offset.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-04-01 13:59:47 +02:00
Stefan Hajnoczi
f56b9bc3ae block/cloop: refuse images with bogus offsets (CVE-2014-0144)
The offsets[] array allows efficient seeking and tells us the maximum
compressed data size.  If the offsets are bogus the maximum compressed
data size will be unrealistic.

This could cause g_malloc() to abort and bogus offsets mean the image is
broken anyway.  Therefore we should refuse such images.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-04-01 13:59:47 +02:00
Stefan Hajnoczi
7b103b36d6 block/cloop: refuse images with huge offsets arrays (CVE-2014-0144)
Limit offsets_size to 512 MB so that:

1. g_malloc() does not abort due to an unreasonable size argument.

2. offsets_size does not overflow the bdrv_pread() int size argument.

This limit imposes a maximum image size of 16 TB at 256 KB block size.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-04-01 13:59:47 +02:00
Stefan Hajnoczi
509a41bab5 block/cloop: prevent offsets_size integer overflow (CVE-2014-0143)
The following integer overflow in offsets_size can lead to out-of-bounds
memory stores when n_blocks has a huge value:

    uint32_t n_blocks, offsets_size;
    [...]
    ret = bdrv_pread(bs->file, 128 + 4, &s->n_blocks, 4);
    [...]
    s->n_blocks = be32_to_cpu(s->n_blocks);

    /* read offsets */
    offsets_size = s->n_blocks * sizeof(uint64_t);
    s->offsets = g_malloc(offsets_size);

    [...]

    for(i=0;i<s->n_blocks;i++) {
        s->offsets[i] = be64_to_cpu(s->offsets[i]);

offsets_size can be smaller than n_blocks due to integer overflow.
Therefore s->offsets[] is too small when the for loop byteswaps offsets.

This patch refuses to open files if offsets_size would overflow.

Note that changing the type of offsets_size is not a fix since 32-bit
hosts still only have 32-bit size_t.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-04-01 13:59:47 +02:00
Stefan Hajnoczi
d65f97a82c block/cloop: validate block_size header field (CVE-2014-0144)
Avoid unbounded s->uncompressed_block memory allocation by checking that
the block_size header field has a reasonable value.  Also enforce the
assumption that the value is a non-zero multiple of 512.

These constraints conform to cloop 2.639's code so we accept existing
image files.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-04-01 13:59:47 +02:00
Stefan Hajnoczi
05560fcebb qemu-iotests: add cloop input validation tests
Add a cloop format-specific test case.  Later patches add tests for
input validation to the script.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-04-01 13:59:46 +02:00
Stefan Hajnoczi
47f73da0a7 qemu-iotests: add ./check -cloop support
Add the cloop block driver to qemu-iotests.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-04-01 13:59:46 +02:00
Paolo Bonzini
7373fc7693 tmp105-test: Test QOM property and precision
This adds a regression test for commit
efdf6a56a7 (tmp105: Read temperature in
milli-celsius).

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-31 23:03:14 +02:00
Paolo Bonzini
a4ec5bb718 tmp105-test: Add a second sensor and test that one
This will make it easier to reach the device under test via QOM.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-31 22:57:35 +02:00
Paolo Bonzini
cebac61498 tmp105-test: Wrap simple building blocks for testing
The next patches will add more reads and writes.  Add a simple testing
API for this.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-31 22:53:45 +02:00
Andreas Färber
e683eb9ecc tests: Add i82801b11 qtest
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-31 22:36:17 +02:00
Andreas Färber
627b1a17ce pvpanic-test: Assert pause event
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-31 22:36:17 +02:00
Andreas Färber
66e0c7b187 qtest: Factor out qtest_qmp_receive()
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-31 22:36:16 +02:00
Andreas Färber
abc53733f3 tests: Add pvpanic qtest
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-31 22:36:16 +02:00
Andreas Färber
2d888c099c tests: Add virtio-9p qtest
Make it conditional to 9p availability.
Create a temporary directory to share.

Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-31 22:35:50 +02:00
Andreas Färber
fc9677915c tests: Add nvme qtest
Acked-by: Keith Busch <keith.busch@intel.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-31 22:35:03 +02:00
Stefan Hajnoczi
5c4e24c151 tests: Correctly skip qtest on non-POSIX hosts
qtest test cases only work on POSIX hosts.  The following line only
defines dependencies for qtest binaries on POSIX hosts:

  check-qtest-$(CONFIG_POSIX)=$(foreach TARGET,$(TARGETS),$(check-qtest-$(TARGET)-y))

But the QTEST_TARGETS definition earlier in the Makefile fails to check
CONFIG_POSIX.  This causes make targets to be generated for qtest test
cases even though we don't know how to build the binaries.

The following error message is printed when trying to run gtester on a
binary that was never built:

  GLib-WARNING **: Failed to execute test binary: tests/endianness-test.exe: Failed to execute child process "tests/endianness-test.exe" (No such file or directory)

This patch makes QTEST_TARGETS empty on non-POSIX hosts.  This prevents
the targets from being generated.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-31 22:35:03 +02:00
Stefan Hajnoczi
d597a32a6d tests: Skip POSIX-only tests on Windows
test-rfifolock and test-vmstate only build on POSIX hosts.  Exclude them
if building for Windows.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-31 22:35:02 +02:00
Stefan Weil
0875709429 tests: Remove unsupported tests for MinGW
test_timer_schedule and test_source_timer_schedule don't compile for MinGW
because some functions are not implemented for MinGW (qemu_pipe,
aio_set_fd_handler).

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-31 22:35:02 +02:00
Stefan Hajnoczi
d766825190 qtest: Keep list of qtest instances for SIGABRT handler
Keep track of active qtest instances so we can kill them when the test
aborts.  This ensures no QEMU processes are left running after test
failure.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel.a@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-31 22:20:04 +02:00
Stefan Hajnoczi
96b8ca47f8 Revert "qtest: Fix crash if SIGABRT during qtest_init()"
It turns out there are test cases that use multiple libqtest instances.
We cannot use a global qtest instance in the SIGABRT handler.

This reverts commit cb201b4872.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel.a@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-31 22:20:04 +02:00
Peter Maydell
a879125b47 tests/libqos/pci-pc: Avoid shifting left into sign bit
Add U suffix when doing "1 << 31" to avoid undefined behaviour.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-03-27 19:22:49 +04:00
Michael S. Tsirkin
53a786acac Revert "acpi-test: rebuild SSDT"
This reverts commit d07e0e9cdd.

Since
commit b4f4d54812
    acpi: make SSDT 1.0 spec compliant when possible
We are back to old encoding.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-03-26 12:42:31 +02:00
Peter Maydell
90c49ef165 acpi,pc,test bug fixes
More small fixes all over the place.
 Notably fixes for big-endian hosts by Marcel.
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJTMAvDAAoJECgfDbjSjVRptUEIAMYNC76eQSPNoVv9vP/XaTT1
 c9TE67jo6HfxO7JaHSishyaf0bNrGIske+ua3J4NbiEAHnX22SDjn0o/CmX+tbjb
 n70hpjF+KNgt0SR/Wxsl8nOa+nwsrbrlv/ReN7UehGicH+Af2OR65PZFwKwC3pjF
 nupmucOmCBQzcmWDzx+DgSXulh02bfmpRHJo/EMhg7RXnkdNPnlwh5klycotJVgW
 ggnY9IRuPr1m4Aq4V7wN/I8kIpkcAJxF5RlxdyopsdQtklLItSRi4xiMJlkhIPjA
 lLdkOiFnVFKSggiVy9LFTdQWtGog1H4sVypM6J6Z2zOIKQsJFvHMpCrbcE8+7CY=
 =C8sW
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

acpi,pc,test bug fixes

More small fixes all over the place.
Notably fixes for big-endian hosts by Marcel.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Mon 24 Mar 2014 10:41:07 GMT using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17  0970 C350 3912 AFBE 8E67
#      Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA  8A0D 281F 0DB8 D28D 5469

* remotes/mst/tags/for_upstream:
  tests/acpi-test: do not fail if iasl is broken
  vl.c: Use MAX_CPUMASK_BITS macro instead of hardcoded constant
  sysemu.h: Document what MAX_CPUMASK_BITS really limits
  acpi: fix endian-ness for table ids
  acpi-test: signature endian-ness fixes
  i386/acpi-build: support hotplug of VCPU with APIC ID 0xFF
  acpi-test: rebuild SSDT
  i386/acpi-build: allow more than 255 elements in CPON
  pc: Refuse max_cpus if it results in too large APIC ID
  acpi: Don't use MAX_CPUMASK_BITS for APIC ID bitmap
  acpi: Assert sts array limit on AcpiCpuHotplug_add()
  pc: Refuse CPU hotplug if the resulting APIC ID is too large
  acpi: Add ACPI_CPU_HOTPLUG_ID_LIMIT macro
  acpi-test: update expected SSDT files
  acpi-build: fix misaligned access

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-03-24 19:00:02 +00:00
Marcel Apfelbaum
dac23a6c05 tests/acpi-test: do not fail if iasl is broken
There is an issue with iasl on big endian machines: It
cannot disassemble acpi tables taken from little endian
machines, so we cannot check the expected tables.

The acpi test will check if the expected aml files
can be disassembled, and will issue an warning not
failing the test on those machines until this
problem is solved by the acpica community.

Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-03-24 12:37:36 +02:00
Paolo Bonzini
6b1566cbe3 qdev: Introduce FWPathProvider interface
QEMU supports firmware names for all devices in the QEMU tree but
some architectures expect some parts of firmware path names in different
format.

This introduces a firmware-pathname-change interface definition.
If some machines needs to redefine the firmware path format, it has
to add the TYPE_FW_PATH_PROVIDER interface to an object that is above
the device on the QOM tree (typically /machine).

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-20 02:40:13 +01:00
Michael S. Tsirkin
c225aa3c6d acpi-test: signature endian-ness fixes
acpi table signature is really an ASCII string.
Treat it as such in tests.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-03-18 16:46:02 +02:00
Michael S. Tsirkin
d07e0e9cdd acpi-test: rebuild SSDT
commit 9bcc80cd71
    i386/acpi-build: allow more than 255 elements in CPON

Replaces 0x1 with a smaller One constant.

rebuild expected SSDT.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-03-18 16:16:46 +02:00
Michael S. Tsirkin
3dd46eb496 acpi-test: update expected SSDT files
commit 13f65b2e10
    acpi-test: update expected SSDT files

set an incorrect SSDT.
rebuild it.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-03-18 16:08:42 +02:00
Peter Maydell
6fffa26244 trivial patches for 2014-03-15
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 
 iJwEAAECAAYFAlMkI1YACgkQUlPFrXTwyDheOAP+JbRS4/vuZW8MWcGNeReqmK8P
 /33svZGdoLFcSjv23dpJ9lBlo+JmUywGksAe6+D8DcxNKDOk1N+KGFTIeWAlQi/z
 QTIRmQAAgAEZwu32jptOzQLtjVC9f+tbZPh/BTaiivWIptp0qAdhyUKQOevrZR+d
 9MVdWj1XBGkM1HF13rM=
 =JppC
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mjt/tags/trivial-patches-2014-03-15' into staging

trivial patches for 2014-03-15

# gpg: Signature made Sat 15 Mar 2014 09:54:30 GMT using RSA key ID 74F0C838
# gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>"
# gpg:                 aka "Michael Tokarev <mjt@corpit.ru>"
# gpg:                 aka "Michael Tokarev <mjt@debian.org>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6EE1 95D1 886E 8FFB 810D  4324 457C E0A0 8044 65C5
#      Subkey fingerprint: E190 8639 3B10 B51B AC2C  8B73 5253 C5AD 74F0 C838

* remotes/mjt/tags/trivial-patches-2014-03-15:
  FSL eTSEC: Fix typo in rx ring
  scripts/make-release: Don't distribute .git directories
  configure: Don't use __int128_t for clang versions before 3.2
  audio: Add 'static' attributes to several variables
  tests: Fix 'make test' for i686 hosts (build regression)
  misc: Fix typos in comments
  Add qga/qapi-generated to .gitignore
  hw/timer/grlib_gptimer: Avoid integer overflows
  .travis.yml: add IRC notifications for build failures
  .travis.yml: trivial whitespace fixup
  .travis.yml: re-enable lttng user space trace test
  .travis.yml: add a new build target with non-core devlibs
  sasl: Avoid 'Could not find keytab file' in syslog

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-03-15 18:22:11 +00:00
Stefan Weil
6d4adef48d tests: Fix 'make test' for i686 hosts (build regression)
'make test' is broken at least since commit
baacf04799. Several source files were moved
to util/, and some of them there split, so add the missing prefix and new
files to fix the compiler and linker errors.

There remain more issues, but these changes allow running the test on a
Linux i686 host.

Cc: qemu-stable@nongnu.org
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-03-15 13:54:18 +04:00
Stefan Hajnoczi
46dea4160d qemu-iotests: remove 085 and 087 from 'quick' group
The 'quick' group in qemu-iotests are not allowed to run QEMU since we
don't know which targets are available.  In other words, they may only
use qemu-img, qemu-io, and qemu-nbd.

Drop 085 and 087 from the 'quick' group since they run QEMU.  This
makes "make check-block" pass again.

Reported-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-03-14 16:30:38 +01:00
Stefan Hajnoczi
dc668ded10 qemu-iotests: add 083 NBD client disconnect tests
This new test case uses nbd-fault-injector.py to simulate broken TCP
connections at each stage in the NBD protocol.  This way we can exercise
block/nbd-client.c's socket error handling code paths.

In particular, this serves as a regression test to make sure
nbd-client.c doesn't cause an infinite loop by leaving its
nbd_receive_reply() fd handler registered after the connection has been
closed.  This bug was fixed in an earlier patch.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-03-14 16:29:02 +01:00
Stefan Hajnoczi
1e8ece0db3 tests: add nbd-fault-injector.py utility
The nbd-fault-injector.py script is a special kind of NBD server.  It
throws away all writes and produces zeroes for reads.  Given a list of
fault injection rules, it can simulate NBD protocol errors and is useful
for testing NBD client error handling code paths.

See the patch for documentation.  This scripts is modelled after Kevin
Wolf <kwolf@redhat.com>'s blkdebug block driver.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-03-14 16:28:28 +01:00
Markus Armbruster
c3adb58fe0 blockdev: Refuse to open encrypted image unless paused
Opening an encrypted image takes an additional step: setting the key.
Between open and the key set, the image must not be used.

We have some protection against accidental use in place: you can't
unpause a guest while we're missing keys.  You can, however, hot-plug
block devices lacking keys into a running guest just fine, or insert
media lacking keys.  In the latter case, notifying the guest of the
insert is delayed until the key is set, which may suffice to protect
at least some guests in common usage.

This patch makes the protection apply in more cases, in a rather
heavy-handed way: it doesn't let you open encrypted images unless
we're in a paused state.

It doesn't extend the protection to users other than the guest (block
jobs?).  Use of runstate_check() from block.c is disgusting.  Best I
can do right now.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-03-14 16:24:42 +01:00
Stefan Hajnoczi
cb201b4872 qtest: Fix crash if SIGABRT during qtest_init()
If an assertion fails during qtest_init() the SIGABRT handler is
invoked.  This is the correct behavior since we need to kill the QEMU
process to avoid leaking it when the test dies.

The global_qtest pointer used by the SIGABRT handler is currently only
assigned after qtest_init() returns.  This results in a segfault if an
assertion failure occurs during qtest_init().

Move global_qtest assignment inside qtest_init().  Not pretty but let's
face it - the signal handler depends on global state.

Reported-by: Marcel Apfelbaum <marcel.a@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Tested-by: Marcel Apfelbaum <marcel.a@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-13 21:12:07 +01:00
Andreas Färber
f33f991185 virtio-console-test: Test virtserialport as well
A test is only as good as its coverage - testing virtserialport in
addition to virtconsole showed that commit
0399a3819b (virtio-console: QOM cast
cleanup for VirtConsole) broke virtserialport.

Acked-by: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-13 21:12:07 +01:00
Peter Maydell
57fac92c2d Block pull request
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJTIbe5AAoJEJykq7OBq3PI0/AH/jglW+rsN+0/kAr5wIY4BQUn
 qvzYHBP9xvPtd0cGubTt2N3bZPlb/zTVFe/OOpJmaENrVJY/rPZNF3nKqdrr5uOP
 WrBbQZi2hkOG82uuiN2BiGh324zOMBNSh3d2WaHmJpxjabZcjN28UOkx5WGlBImu
 VAHY/HaImOLMkS120GxbMsFziXRLM66o9XWEbA/l0EBOISM6KloX6mtZd7y6MGzA
 a35JbUueyRo+hvndFEHY2P2XvUc5ZycOYF2yOz59X5QrqhmP6I+Ym4ohtyO2Olga
 jpoAO7jDpV/7PJwo1xC8j+1jhl3VGdX2L7iWgDUTJ0jY8mV3hQWhy58fOEwYY+k=
 =0llk
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging

Block pull request

# gpg: Signature made Thu 13 Mar 2014 13:50:49 GMT using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35  775A 9CA4 ABB3 81AB 73C8

* remotes/stefanha/tags/block-pull-request: (24 commits)
  block/raw-win32: bdrv_parse_filename() for hdev
  block/raw-posix: Strip protocol prefix on creation
  block/raw-posix: bdrv_parse_filename() for cdrom
  block/raw-posix: bdrv_parse_filename() for floppy
  block/raw-posix: bdrv_parse_filename() for hdev
  qemu-io: Fix warnings from static code analysis
  block: Unlink temporary file
  qcow2: Don't write with BDRV_O_INCOMING
  qcow2: Keep option in qcow2_invalidate_cache()
  qmp: add query-iothreads command
  iothread: stash thread ID away
  dataplane: replace internal thread with IOThread
  iothread: add "iothread" qdev property type
  qdev: make get_pointer() handle temporary strings
  iothread: add I/O thread object
  aio: add aio_context_acquire() and aio_context_release()
  rfifolock: add recursive FIFO lock
  object: add object_get_canonical_path_component()
  block: Rewrite the snapshot authorization mechanism for block filters.
  iotests: Test corruption during COW request
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-03-13 15:33:04 +00:00
Stefan Hajnoczi
98563fc3ec aio: add aio_context_acquire() and aio_context_release()
It can be useful to run an AioContext from a thread which normally does
not "own" the AioContext.  For example, request draining can be
implemented by acquiring the AioContext and looping aio_poll() until all
requests have been completed.

The following pattern should work:

  /* Event loop thread */
  while (running) {
      aio_context_acquire(ctx);
      aio_poll(ctx, true);
      aio_context_release(ctx);
  }

  /* Another thread */
  aio_context_acquire(ctx);
  bdrv_read(bs, 0x1000, buf, 1);
  aio_context_release(ctx);

This patch implements aio_context_acquire() and aio_context_release().

Note that existing aio_poll() callers do not need to worry about
acquiring and releasing - it is only needed when multiple threads will
call aio_poll() on the same AioContext.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-03-13 14:42:24 +01:00
Stefan Hajnoczi
2da61b671e rfifolock: add recursive FIFO lock
QemuMutex does not guarantee fairness and cannot be acquired
recursively:

Fairness means each locker gets a turn and the scheduler cannot cause
starvation.

Recursive locking is useful for composition, it allows a sequence of
locking operations to be invoked atomically by acquiring the lock around
them.

This patch adds RFifoLock, a recursive lock that guarantees FIFO order.
Its first user is added in the next patch.

RFifoLock has one additional feature: it can be initialized with an
optional contention callback.  The callback is invoked whenever a thread
must wait for the lock.  For example, it can be used to poke the current
owner so that they release the lock soon.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-03-13 14:42:21 +01:00
Max Reitz
98d39e34fe iotests: Test corruption during COW request
Extend test file 060 by a test case for corruption occuring concurrently
to a COW request. QEMU should not crash but rather return an appropriate
error message.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-03-13 14:23:27 +01:00
Peter Maydell
c8d146aecc QOM/QTest infrastructure fixes and device conversions
* QTest cleanups and test cases for some virtio devices
 * QTest for sPAPR PCI host bridge
 * qom-test now tests reading all properties beneath /machine
 * QOM API leak fixes
 * QOM cleanups for SSI devices
 * QOM conversion of QEMUMachine
 * QOM realize for buses
 * sPAPR PCI bus name change
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJTIPpQAAoJEPou0S0+fgE/waAQAImhHJ9NE9l9ba7xsuZRmr+B
 8LvYDQ6VhiYG0sRQ+wn6GbU9yY91l+OgY2M/AaPRLSnqP84c5ypmRSq33777x19T
 Mvnh6kWwVHFTWTaLpeb7G6rb67fbinx79QOdiNd7QI/WKrEl14meMlIxqDtGH/tk
 e++GYQLzQbhkl13pNGfuqEu7Zwj1cvoPyZYiRmqRkONVoDuZg+3y0Joo9fYnl57p
 lAcw4SxKA9K/mdjZrDJRjpZ8pDuoMx3ILaKDhEscZGSi6/vSRHUHnfqYehWbCFl4
 64V4QmAYuSHEiPjOdHxMaeAUgk5RYgvMTjsu7uDCCbrI1np5j0ELzjrU/X9BGiTP
 X1vYgCXRLmC9yNr4Bs4heIzdvEs7bw4XbM2IQ3ox102q1ZuYnS8BtGTr5G1nS/VE
 p7gdQ9tbfBnuZYE5ahI/nVM853xKWYkgQvYEbFKyCjTtPCN2c/2cbCpptBFUBhHN
 Ud6N3i3x39BuwDRIWXiFmrHEOa4jOcoorTVWmJyoXbE7NLp4cDZPTXEzU3R6aB4v
 KtzFcJAUUQsbXRJCllVieVjfDyuL3WdUdIpLTnXsgcr+495FKVeZI+98Jxi8ncVv
 s8J/OnXoZgE9Uwq9kZFRHTA7knsfxcFtAjTkbT8P/cLLK03o+c95d1m0OeXAl+FM
 RdFERQ0NZP8dRuOTQ3Fn
 =2uZO
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/afaerber/tags/qom-devices-for-peter' into staging

QOM/QTest infrastructure fixes and device conversions

* QTest cleanups and test cases for some virtio devices
* QTest for sPAPR PCI host bridge
* qom-test now tests reading all properties beneath /machine
* QOM API leak fixes
* QOM cleanups for SSI devices
* QOM conversion of QEMUMachine
* QOM realize for buses
* sPAPR PCI bus name change

# gpg: Signature made Thu 13 Mar 2014 00:22:40 GMT using RSA key ID 3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg:                 aka "Andreas Färber <afaerber@suse.com>"

* remotes/afaerber/tags/qom-devices-for-peter: (31 commits)
  libqtest: Fix possible deadlock in qtest initialization
  pci: Move VMState registration/unregistration to QOM realize/unrealize
  qdev: Realize buses on device realization
  qdev: Prepare realize/unrealize hooks for BusState
  tests: Add spapr-pci-host-bridge qtest
  virtio-serial-port: Convert to QOM realize/unrealize
  virtio-console: QOM cast cleanup for VirtConsole
  tests: Add virtio-console qtest
  tests: Add virtio-serial qtest
  tests: Add virtio-scsi qtest
  tests: Add virtio-rng qtest
  tests: Add virtio-balloon qtest
  tests: Add virtio-blk qtest
  tests: Clean up IndustryPack TPCI200 gcov paths
  qom-test: Test QOM properties
  hw/boards: Convert current_machine to MachineState
  vl: Use MachineClass instead of global QEMUMachine list
  hw/core: Introduce QEMU machine as QOM object
  qdev-monitor-test: Don't test human-readable error message
  qdev-monitor-test: Simplify using g_assert_cmpstr()
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-03-13 12:32:47 +00:00
Peter Maydell
0100f42550 libqtest: Avoid inline varargs functions
Older versions of gcc (eg 4.6) can't handle varargs functions declared
inline for anything other than completely trivial uses, and complain:

tests/qom-test.c: In function 'qmp': tests/libqtest.h:359:60: sorry,
unimplemented: function 'qmp' can never be inlined because it uses
variable argument lists

Avoid this problem by putting the functions into libqtest.c instead
of using inline definitions in libqtest.h.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
2014-03-13 12:31:05 +00:00