Commit Graph

47850 Commits

Author SHA1 Message Date
Richard Henderson
5a18407f55 tcg: Lower indirect registers in a separate pass
Rather than rely on recursion during the middle of register allocation,
lower indirect registers to loads and stores off the indirect base into
plain temps.

For an x86_64 host, with sufficient registers, this results in identical
code, modulo the actual register assignments.

For an i686 host, with insufficient registers, this means that temps can
be (temporarily) spilled to the stack in order to satisfy an allocation.
This as opposed to the possibility of not being able to spill, to allocate
a register for the indirect base, in order to perform a spill.

Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Richard Henderson <rth@twiddle.net>
2016-08-05 21:44:40 +05:30
Richard Henderson
c0ef05b5e6 tcg: Require liveness analysis
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Richard Henderson <rth@twiddle.net>
2016-08-05 21:44:40 +05:30
Richard Henderson
bdfb460ef7 tcg: Include liveness info in the dumps
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Richard Henderson <rth@twiddle.net>
2016-08-05 21:44:40 +05:30
Richard Henderson
c70fbf0a99 tcg: Compress dead_temps and mem_temps into a single array
We only need two bits per temporary.  Fold the two bytes into one,
and reduce the memory and cachelines required during compilation.

Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Richard Henderson <rth@twiddle.net>
2016-08-05 21:44:40 +05:30
Richard Henderson
bee158cb4d tcg: Fold life data into TCGOp
Reduce the size of other bitfields to make room.
This reduces the cache footprint of compilation.

Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Richard Henderson <rth@twiddle.net>
2016-08-05 21:44:40 +05:30
Richard Henderson
dcb8e75870 tcg: Reorg TCGOp chaining
Instead of using -1 as end of chain, use 0, and link through the 0
entry as a fully circular double-linked list.

Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Richard Henderson <rth@twiddle.net>
2016-08-05 21:44:18 +05:30
Richard Henderson
a1b3c48d2b tcg: Compress liveness data to 16 bits
This reduces both memory usage and per-insn cacheline usage
during code generation.

Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Richard Henderson <rth@twiddle.net>
2016-08-05 21:44:17 +05:30
Peter Maydell
51009170d8 tests: Rename qtests which have names ending "error"
We have three qtest tests which have test names ending with "error".
This is awkward because the output of verbose test runs looks like
  /crypto/task/error:                                                  OK
  /crypto/task/thread_error:                                           OK

which gives false positives if you are grepping build logs for
errors by looking for "error:". Since there are only three tests
with this problem, just rename them all to 'failure' instead.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 1470307178-22848-1-git-send-email-peter.maydell@linaro.org
2016-08-05 15:27:15 +01:00
Stefan Weil
c025f689a1 wxx: Fix handling of files used for character devices
On Windows, such files were not truncated like on all other hosts.
Now we also test whether truncation is needed when running on Windows.

The append case was also incorrect because it needs a different value
for the desired access mode.

Reported-by: Benjamin David Lunt <fys@fysnet.net>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1470114877-1466-1-git-send-email-sw@weilnetz.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-08-05 14:15:14 +01:00
Peter Maydell
bd8eda537f Block layer patches for 2.7.0-rc2
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJXpFykAAoJEH8JsnLIjy/WBDgQAK4fzZR0RwCs0n2ihtia3HUv
 RQgV9RasYJNnS/bWsShDQ7Jm+R/2Qo7KXz5vLl0WtkMPnfx/+mMyY+vCWKODQ4cA
 264LfV8TyXeqZQ1pTc27sdZ2mN2QiZxZp6rP9fNBeVMjcX4+hUTD8FpEnfwoukOf
 n7XLCRoPsdHySbQ3j/3+YX48LxjcUuBkEnRlEMLort5kAVJwj5iN+ch6f0Ie9JIw
 h1RxO7NSWgDqP/J1j3Xn4/0qByZ/DwcpYHvFSSLnCcEAHx7R24BY0+V38B8fGkiw
 8rIJ2I4vBiBKIH29Swnzn3zvimh2Zz5gKzJHG+wmm59dp4pguKcDYsoUat9se2YB
 Lb+tR25VEunaPm/g9omV4YyOkh/j0moGvHM16L7yx3KT63+abxAUWCumzLoPY/mY
 O03GxeNkc8ezMmbjBMhZKXRduT1Tt3bjqZPLuCcy5bYZrfhJiPtmyHoopxzpuyS7
 jylR+ED2q+RGNA2/vKzvBUjZ27kkBVtkhcIL7TLDxU6YpP3x57Xl509wz6KLgoPn
 xd+ByCOsVkjTiNPxjmdPoP+PhXYDF8WBdoN9Unm+JH/ccaKVwRznQb85cw48Uk0z
 4eRfemKWXosWNp5NVBTdHeF85ktNYP8EKlro83VrLLamOTREGgFTFeWluu3FYcgN
 qraQOE2NguELfstUFCxB
 =xfT+
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Block layer patches for 2.7.0-rc2

# gpg: Signature made Fri 05 Aug 2016 10:30:12 BST
# gpg:                using RSA key 0x7F09B272C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74  56FE 7F09 B272 C88F 2FD6

* remotes/kevin/tags/for-upstream:
  nvme: bump PCI revision
  nvme: fix identify to be NVMe 1.1 compliant
  block: Accept any target node for transactional blockdev-backup

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-08-05 13:05:29 +01:00
Peter Maydell
8bfa87a231 -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
 
 iQEcBAABAgAGBQJXpFtSAAoJEJykq7OBq3PIQGcIAIhYEhWlP1Ju3N4fupPi/YIW
 MyIZm0QfUtuxaOgxWtqPXBcAhx2T6MmZMNT3x3EcnHBPjuW8GA+CLYNTcn76L1z6
 UuC53WVIhuzVnHvb0FikFVjtL9jZIvP9qLQN1K/+C6sOizD8qx3Hs4VEGIFME0Zt
 RwD/8DOV8rCrbcAyaPVY0oIM83HCFCoXSFth4oIQHjZ40ixzUgtjOdVgmgYCISiw
 fmCDt78scyGzrVU/i3e0OjMUZHy3TVJ8eXGVq/uXA/F8PoVg3b1RgJDpvykAvwKO
 /dX7pd6dr5zAc4y0pKDnOF2Fm4Jkxjibjt0+yZkD9KaQ55HLjlVckB1CimRIIUY=
 =9poP
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging

# gpg: Signature made Fri 05 Aug 2016 10:24:34 BST
# gpg:                using RSA key 0x9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35  775A 9CA4 ABB3 81AB 73C8

* remotes/stefanha/tags/block-pull-request:
  virtio-blk: Remove stale comment about draining
  virtio-blk: Release s->rq queue at system_reset
  throttle: Test burst limits lower than the normal limits
  throttle: Don't allow burst limits to be lower than the normal limits
  block/parallels: check new image size

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-08-05 11:44:56 +01:00
Peter Maydell
fbe400d246 -----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
 iQEcBAABCAAGBQJXpFVKAAoJEMo1YkxqkXHG6TIIAIPgHrfWNsiPxgZMuLwKGRYn
 eh9/x3Xb3pK5IqpVCdse4jvcH7LeKvQ0Q43dSpoeIOsrNskuKyo9TGgxMk6ehTSc
 02HanVRF3ANasA+HU/F10q5hSyLcNkfQ+XhsSp/9RM+NX/7uh0Z7ee6qdZuNfBTi
 QSXhMm7XWc9q2p79+b09Lh7ezEOm/PYCKiVQ+H1BjcAZayO8zwu2Dk3X/vuhkoFg
 +zY6RWIbN0vvlNtI3zjvHbKNHgZkWlVAR/BWRWQd7XtjOaJ4pqNpZokyTaA8EMPj
 YoGvBYrFwNFlg0ird4H2DKsmPhj1fCQeEN98JY6p9ldgsb0Ocs3e4C/79QgoE3Y=
 =MPXN
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/famz/tags/docker-pull-request' into staging

# gpg: Signature made Fri 05 Aug 2016 09:58:50 BST
# gpg:                using RSA key 0xCA35624C6A9171C6
# gpg: Good signature from "Fam Zheng <famz@redhat.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 5003 7CB7 9706 0F76 F021  AD56 CA35 624C 6A91 71C6

* remotes/famz/tags/docker-pull-request:
  docker: Add "--enable-werror" to configure command line
  docker: Be compatible with older docker

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-08-05 11:16:30 +01:00
Peter Maydell
676e844d56 Xen 2016/08/04
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJXo36yAAoJEIlPj0hw4a6QlLsQAKnfWatcdTSdXHX6Qrutr5dZ
 erGylIG7NJC6UVcF6Q0jJGfkLnAwryQ+XJf93UOTqx5y6yuwMLX4wxEGD0T9GpiZ
 vHqwF5yHGceZbDgHF7dE/9oMmYlDa5IyatYKwWgj8XqWC9NeB7ID9/SutO6N4QwF
 a8COUI/YwkmTl9iLA7JHj25Cho1fXzlmljLAckBcmbkoa0/P2TZNdavbW1rIrSZr
 Ys2IzzRQH/b0bCYcNsRX4K0GnZVYBeAd40W5M5bi537IKbgKw9+89F4Lx7j51d2D
 EaDCqzxfSeXonICE78gBxoHuN2jvMTvn6Y1ek9y+Zs7Hb4muBpUrXorbbmzm43HP
 9ef++7vDg9JEPruriLzPT1QjlwDQmFIDmLhRKONF2WIGswIzx2JoodCu2Z8GFNIR
 udZMcN5LyvBKQ2k9800+28MYXsuPCTASTL2T3hEQbbmdRDMXcsFcdKzgKgdbmjU6
 5U0MyA77RErk7DeR4YxZ2PWnjs5OWWKY5MkJpvOn7yCcEpcqZeWOpOCwWC4oDRK3
 pCqHMFljZ7yr/jDJPA9BRo6ceul28e6dTO/Puh75xRNGERzExK7gbqkmMaEi2NQk
 ZychhtGWdFZdv9mgUTu3y+QQ/swOrWY4UGue7iqr0nPxzERy6GRgiacoIjeojTaf
 LLrpKbBL9pnElW/nmdVx
 =aSWm
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/sstabellini/tags/xen-20160804-tag' into staging

Xen 2016/08/04

# gpg: Signature made Thu 04 Aug 2016 18:43:14 BST
# gpg:                using RSA key 0x894F8F4870E1AE90
# gpg: Good signature from "Stefano Stabellini <stefano.stabellini@eu.citrix.com>"
# Primary key fingerprint: D04E 33AB A51F 67BA 07D3  0AEA 894F 8F48 70E1 AE90

* remotes/sstabellini/tags/xen-20160804-tag:
  Xen PCI passthrough: fix passthrough failure when no interrupt pin

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-08-05 10:23:12 +01:00
Fam Zheng
27d1b87688 virtio-blk: Remove stale comment about draining
This is stale after commit 6e40b3bf (virtio-blk: Use blk_drain() to
drain IO requests), remove it.

Suggested-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Message-id: 1470278654-13525-3-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-08-05 09:59:06 +01:00
Fam Zheng
26307f6aa4 virtio-blk: Release s->rq queue at system_reset
At system_reset, there is no point in retrying the queued request,
because the driver that issued the request won't be around any more.

Analyzed-by: Laszlo Ersek <lersek@redhat.com>
Reported-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Message-id: 1470278654-13525-2-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-08-05 09:59:06 +01:00
Alberto Garcia
5fc8c052ce throttle: Test burst limits lower than the normal limits
This checks that making FOO_max lower than FOO is not allowed.

We could also forbid having FOO_max == FOO, but that doesn't have
any odd side effects and it would require us to update several other
tests, so let's keep it simple.

Signed-off-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 2f90f9ee58aa14b7bd985f67c5996b06e0ab6c19.1469693110.git.berto@igalia.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-08-05 09:59:06 +01:00
Alberto Garcia
aaa1e77ffa throttle: Don't allow burst limits to be lower than the normal limits
Setting FOO_max to a value that is lower than FOO does not make
sense, and it produces odd results depending on the value of
FOO_max_length. Although the user should not set that configuration
in the first place it's better to reject it explicitly.

https://bugzilla.redhat.com/show_bug.cgi?id=1355665

Signed-off-by: Alberto Garcia <berto@igalia.com>
Reported-by: Gu Nini <ngu@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 663d5aca406060e31f80d8113f77b6feee63b919.1469693110.git.berto@igalia.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-08-05 09:59:06 +01:00
Klim Kireev
555a608c5d block/parallels: check new image size
Before this patch incorrect image could be created via qemu-img
(Example: qemu-img create -f parallels -o size=4096T hack.img),
incorrect images cannot be used due to overflow in main image structure.

This patch add check of size in image creation.

After reading size it compare it with UINT32_MAX * cluster_size.

Signed-off-by: Klim Kireev <proffk@virtuozzo.mipt.ru>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Message-id: 1469639300-12155-1-git-send-email-den@openvz.org
CC: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-08-05 09:59:06 +01:00
Christoph Hellwig
47989f1447 nvme: bump PCI revision
The broken Identify implementation in earlier Qemu versions means we
need to blacklist it from issueing the NVMe 1.1 Identify Namespace List
command.  As we want to be able to use it in newer Qemu versions we need
a way to identify those.  Bump the PCI revision as a guest visible
indicator of this bug fix.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Acked-by: Keith Busch <keith.busch@intel.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-08-05 10:56:08 +02:00
Christoph Hellwig
03035a23a3 nvme: fix identify to be NVMe 1.1 compliant
NVMe 1.1 requires devices to implement a Namespace List subcommand of
the identify command.  Qemu not only not implements this features, but
also misinterprets it as an Identify Controller request.  Due to this
any OS trying to use the Namespace List will fail the probe.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Acked-by: Keith Busch <keith.busch@intel.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-08-05 10:55:52 +02:00
Kevin Wolf
39d990ac38 block: Accept any target node for transactional blockdev-backup
Commit 0d978913 changed blockdev-backup to accept arbitrary node names
instead of device names (i.e. root nodes) for the backup target.
However, it forgot to make the same change in transactions and to update
the documentation. This patch fixes these omissions.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-08-05 10:55:14 +02:00
Fam Zheng
4a93f78ed0 docker: Add "--enable-werror" to configure command line
We don't have .git in the docker checkout, add this to enable -Werror
explicitly.

Signed-off-by: Fam Zheng <famz@redhat.com>
Message-id: 1469453510-658-1-git-send-email-famz@redhat.com
2016-08-05 16:34:55 +08:00
Fam Zheng
95d203cd1e docker: Be compatible with older docker
By not using "--format" with docker images command.

The option is not available on RHEL 7 docker command. Use an awk
matching command instead.

Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-Id: <1470202928-3392-1-git-send-email-famz@redhat.com>
2016-08-05 16:34:52 +08:00
Bruce Rogers
0968c91ce0 Xen PCI passthrough: fix passthrough failure when no interrupt pin
Commit 5a11d0f7 mistakenly converted a log message into an error
condition when no pin interrupt is found for the pci device being
passed through. Revert that part of the commit.

Signed-off-by: Bruce Rogers <brogers@suse.com>
Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>
Acked-by: Anthony PERARD <anthony.perard@citrix.com>
2016-08-04 10:42:48 -07:00
Peter Maydell
42e0d60f16 linux-user important fixes for 2.7
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIVAwUAV6NM8bRIkN7ePJvAAQiK0BAAmmTJgRhaUxxm17gR5H9FH7db7knwmeir
 YliQAQDLeQi7h2CPHPnZ5swWxRpfFbfkRq3QlFhGisGK/DuVKhUkTADIHcrfGOQV
 9+yO/jF+uTqTV69mvbgvmPusyuJEXHk44IQ41k6F0ygTln1mrEwNsbz7/gfynVUd
 0SJSli1cThZHbr04YolW4UeIwHb4EP9ZGuB1QpyHMSJsBEmLt/0i7wqqth0734tV
 gLVNwTnlqZTiX9VpPeFheFAdUJ7a4eRYp5ydsxqnR/EcYE94MzQHvZVEsw9njy6Z
 hNTNoCVKXWxySd7kAsd3FsXfRxQTVksHIXwxnjyfjV8upv4O7Za3MCKQiE1XMu6v
 26ZVccLnoZEL+76yRDGjcHBTDFVV6TF0Z7dg7fOiXPn8EVg01fFeSBWiUDOnf9tj
 0E4CXlfH7yMczqasgFxuhgFk2V0xUq3UVB2Z7nxHEP+M9Hl6Vu5SlmybBJQ+36Nj
 hHZZPMMfwkQ721xjrIu2tzruU7gKt0a+T/4GaPWNcQ7HNplG4vlLJllcwRxsXn3q
 eN2NoRlf6nhhpxas8Jb7bEL2ThnpMPziXfuHNGeXB9AH6rFL4JvVjEK8QKhuuvac
 cyv08e0W6e+Z226KEsywi0GPnxo4/bSUa7JxbiB6PVal/Rfp9k1/hO7wzgNRrfv+
 PlQRKbfOwk4=
 =TVF0
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/riku/tags/pull-linux-user-20160804' into staging

linux-user important fixes for 2.7

# gpg: Signature made Thu 04 Aug 2016 15:10:57 BST
# gpg:                using RSA key 0xB44890DEDE3C9BC0
# gpg: Good signature from "Riku Voipio <riku.voipio@iki.fi>"
# gpg:                 aka "Riku Voipio <riku.voipio@linaro.org>"
# Primary key fingerprint: FF82 03C8 C391 98AE 0581  41EF B448 90DE DE3C 9BC0

* remotes/riku/tags/pull-linux-user-20160804:
  linux-user: Handle brk() attempts with very large sizes
  linux-user: Fix target_semid_ds structure definition
  linux-user: Don't write off end of new_utsname buffer
  linux-user: Fix memchr() argument in open_self_cmdline()
  linux-user: Use correct alignment for long long on i386 guests

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-08-04 18:36:05 +01:00
Peter Maydell
ef4330c23b linux-user: Handle brk() attempts with very large sizes
In do_brk(), we were inadvertently truncating the size
of a requested brk() from the guest by putting it into an
'int' variable. This meant that we would incorrectly report
success back to the guest rather than a failed allocation,
typically resulting in the guest then segfaulting. Use
abi_ulong instead.

This fixes a crash in the '31370.cc' test in the gcc libstdc++ test
suite (the test case starts by trying to allocate a very large
size and reduces the size until the allocation succeeds).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
2016-08-04 16:38:17 +03:00
Peter Maydell
005eb2ae1f linux-user: Fix target_semid_ds structure definition
The target_semid_ds structure is not correct for all
architectures: the padding fields should only exist for:
 * 32-bit ABIs
 * x86

It is also misnamed, since it is following the kernel
semid64_ds structure (QEMU doesn't support the legacy
semid_ds structure at all). Rename the struct, provide
a correct generic definition and allow the oddball x86
architecture to provide its own version.

This fixes broken SYSV semaphores for all our 64-bit
architectures except x86 and ppc.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
2016-08-04 16:36:53 +03:00
Peter Maydell
332c9781f6 linux-user: Don't write off end of new_utsname buffer
Use g_strlcpy() rather than strcpy() to copy the uname string
into the structure we return to the guest for the uname syscall.
This avoids overrunning the buffer if the user passed us an
overlong string via the QEMU command line.

We fix a comment typo while we're in the neighbourhood.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
2016-08-04 16:36:26 +03:00
Peter Maydell
ba4b3f668a linux-user: Fix memchr() argument in open_self_cmdline()
In open_self_cmdline() we look for a 0 in the buffer we read
from /prc/self/cmdline. We were incorrectly passing the length
of our buf[] array to memchr() as the length to search, rather
than the number of bytes we actually read into it, which could
be shorter. This was spotted by Coverity (because it could
result in our trying to pass a negative length argument to
write()).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
2016-08-04 16:35:30 +03:00
Peter Maydell
d9fe91d868 linux-user: Use correct alignment for long long on i386 guests
For i386, the ABI specifies that 'long long' (8 byte values)
need only be 4 aligned, but we were requiring them to be
8-aligned. This meant we were laying out the target_epoll_event
structure wrongly. Add a suitable ifdef to abitypes.h to
specify the i386-specific alignment requirement.

Reported-by: Icenowy Zheng <icenowy@aosc.xyz>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
2016-08-04 16:34:59 +03:00
Peter Maydell
09704e6ded * xsetbv fix (x86 targets TCG)
* remove unused functions
 * qht segfault and memory leak fixes
 * NBD fixes
 * Fix for non-power-of-2 discard granularity
 * Memory hotplug fixes
 * Migration regressions
 * IOAPIC fixes and (disabled by default) EOI register support
 * Various other small fixes
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQExBAABCAAbBQJXoiNRFBxwYm9uemluaUByZWRoYXQuY29tAAoJEL/70l94x66D
 ZwMH/1HmEYIAyyd9T8z2sNjdN7vKCNsphS7OXALDnwTp+VX4icUbf41NC6Eeg/e+
 6OKA90KSBTquG3wxsXrUK5Nwy7EKMoCXVQrdYw5T04OidQLtJosKgPx4MrvPSx8h
 caFUXo9WynT/aGRNc14gnZZiooQxsy/JoNhuml/WL0nupEmoUb/Ns3Yo++HRHntR
 rFmJvvD9SrQsWzd9+aJ8zm+Qi09gXsbj1grr6LHCLVmwDWAJooFev6MqBvplkL50
 OLqCJfAXJ2srUoEboVdg3V+sFtB8Eru+iMdpZyLwo07V4BBK7heEsXx6JJkTObMC
 90MSnMo6BauUO/R/bMvvLlNWykU=
 =XqbI
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

* xsetbv fix (x86 targets TCG)
* remove unused functions
* qht segfault and memory leak fixes
* NBD fixes
* Fix for non-power-of-2 discard granularity
* Memory hotplug fixes
* Migration regressions
* IOAPIC fixes and (disabled by default) EOI register support
* Various other small fixes

# gpg: Signature made Wed 03 Aug 2016 18:01:05 BST
# gpg:                using RSA key 0xBFFBD25F78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream: (25 commits)
  util: Fix assertion in iov_copy() upon zero 'bytes' and non-zero 'offset'
  qdev: Fix use after free in qdev_init_nofail error path
  Reorganize help output of '-display' option
  x86: ioapic: add support for explicit EOI
  x86: ioapic: ignore level irq during processing
  apic: fix broken migration for kvm-apic
  fw_cfg: Make base type "fw_cfg" abstract
  block: Cater to iscsi with non-power-of-2 discard
  osdep: Document differences in rounding macros
  nbd: Limit nbdflags to 16 bits
  nbd: Fix bad flag detection on server
  i2c: fix migration regression introduced by broadcast support
  mptsas: really fix migration compatibility
  qdist: return "(empty)" instead of NULL when printing an empty dist
  qdist: use g_renew and g_new instead of g_realloc and g_malloc.
  qdist: fix memory leak during binning
  target-i386: fix typo in xsetbv implementation
  qht: do not segfault when gathering stats from an uninitialized qht
  util: Drop inet_listen()
  util: drop unix_nonblocking_connect()
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-08-04 10:24:27 +01:00
Peter Maydell
29b2517ac7 vnc: fixes for "-vnc none".
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJXog6zAAoJEEy22O7T6HE4RCgP/2qdRZPbzC0KF1PVpcOF+YOt
 qHN/DZ7X7PCf+JSl8H6VwQJK2cZaCr0BAoDb9OvIRZYESLZJu887tpyWZ13eL3gV
 fMkqf009uyh8ockNmda/STzxDf6BTDNthuU07DNfg2YAdxWtRdLSsRwLQbI5P2EG
 +2qUXu1XTq//k007el023W8OAuGyBDZ6zwnff09b0gLtV3w1O8JyMw9x2WP6tT4x
 3+xXZqs1W1eJ/Df8Re1LKtDZxV7HoPrR58KEm6eEJDajRYJqZFyDcoYMah6wHkb+
 03lUVRwGLBcGUkYqmMArhUJfugv1Mc+ZosYtdhxEARQnsjyvF26Xqq0BKD177k8E
 xd13l9to6vTJVMd4O0sKwW/Q/EIrzz5dnsPayv5dj/3aRcjD5gnqPTLx6RO/CKLE
 kEIjwxbRVoqn2rIkDMn+AVpyj9RAqt7pXQtb1V+KBXSOXWcnuMc/M1j7ueGt+dt+
 gh5LIKpJSHNm9M9H2EnxIhDN6bwnA3La6c9YhIviYGpvm3Ib23lBzyf2ySV8FIkV
 FDi57xYo3lzYj1UV+/jLCi+pLJMUU2HB8YUc1fIMv+UqF7dcgvxoXIsHibBE8Xew
 dSIYo0S4/Q9v1QJw3zf4DxMFBKfoyWqLHLty26fEFKwazOZn3TF7Cg8mmjG4AW4R
 OcKv6cOSHU6dZvtKt2Rr
 =Eu3k
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/pull-vnc-20160803-1' into staging

vnc: fixes for "-vnc none".

# gpg: Signature made Wed 03 Aug 2016 16:33:07 BST
# gpg:                using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/pull-vnc-20160803-1:
  vnc: ensure connection sharing/limits is always configured
  vnc: fix crash when vnc_server_info_get has an error
  vnc: don't crash getting server info if lsock is NULL

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-08-03 18:22:51 +01:00
Shmulik Ladkani
e911765cbb util: Fix assertion in iov_copy() upon zero 'bytes' and non-zero 'offset'
In cases where iov_copy() is passed with zero 'bytes' argument and a
non-zero 'offset' argument, nothing gets copied - as expected.

However no copy iterations are performed, so 'offset' is left
unaltered, leading to the final assert(offset == 0) to fail.

Instead, change the loop condition to continue as long as 'offset || bytes',
similar to other iov_* functions.

This ensures 'offset' gets zeroed (even if no actual copy is made),
unless it is beyond end of source iov - which is asserted.

Signed-off-by: Shmulik Ladkani <shmulik.ladkani@ravellosystems.com>
Message-Id: <1470130880-1050-1-git-send-email-shmulik.ladkani@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-08-03 18:44:57 +02:00
Fam Zheng
0d4104e576 qdev: Fix use after free in qdev_init_nofail error path
Since 69382d8b (qdev: Fix object reference leak in case device.realize()
fails), object_property_set_bool could release the object. The error
path wants the type name, so hold an reference before realizing it.

Cc: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-Id: <1470109301-12966-1-git-send-email-famz@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-08-03 18:44:57 +02:00
Robert Ho
f04ec5afbb Reorganize help output of '-display' option
The '-display' help information is not very correct. This patch sort
it a little.
Also, in its help information, reveals what implicit display option
will be chosen if no definition.

Signed-off-by: Robert Ho <robert.hu@intel.com>
Message-Id: <1469528231-26206-1-git-send-email-robert.hu@intel.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-08-03 18:44:57 +02:00
Peter Xu
20fd4b7b6d x86: ioapic: add support for explicit EOI
Some old Linux kernels (upstream before v4.0), or any released RHEL
kernels has problem in sending APIC EOI when IR is enabled. Meanwhile,
many of them only support explicit EOI for IOAPIC, which is only
introduced in IOAPIC version 0x20. This patch provide a way to boost
QEMU IOAPIC to version 0x20, in order for QEMU to correctly receive EOI
messages.

Without boosting IOAPIC version to 0x20, kernels before commit d32932d
("x86/irq: Convert IOAPIC to use hierarchical irqdomain interfaces")
will have trouble enabling both IR and level-triggered interrupt devices
(like e1000).

To upgrade IOAPIC to version 0x20, we need to specify:

  -global ioapic.version=0x20

To be compatible with old systems, 0x11 will still be the default IOAPIC
version. Here 0x11 and 0x20 are the only versions to be supported.

One thing to mention: this patch only applies to emulated IOAPIC. It
does not affect kernel IOAPIC behavior.

Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <1470059959-372-1-git-send-email-peterx@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-08-03 18:44:57 +02:00
Peter Xu
f99b86b949 x86: ioapic: ignore level irq during processing
For level triggered interrupts, we will get Remote IRR bit cleared after
guest kernel finished processing specific request. Before that, we
should ignore the same interrupt from triggering again.

Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <1469974685-4144-1-git-send-email-peterx@redhat.com>
[Push new "if" up so that it covers KVM split irqchip as well. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-08-03 18:44:57 +02:00
Igor Mammedov
7298d4fd51 apic: fix broken migration for kvm-apic
commit f6e98444 (apic: Use apic_id as apic's migration instance_id)
breaks migration when in kernel irqchip is used for 2.6 and older
machine types.

It applies compat property only for userspace 'apic' type
instead of applying it to all apic types inherited from
'apic-common' type as it was supposed to do.

Fix it by setting compat property 'legacy-instance-id' for
'apic-common' type which affects inherited types (i.e. not
only 'apic' but also 'kvm-apic' types)

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <1469800542-11402-1-git-send-email-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-08-03 18:44:57 +02:00
Markus Armbruster
e061fa3ca9 fw_cfg: Make base type "fw_cfg" abstract
Missed when commit 5712db6 split off "fw_cfg_io" and "fw_cfg_mem".

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1469777353-9383-1-git-send-email-armbru@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-08-03 18:44:57 +02:00
Eric Blake
b8d0a9804d block: Cater to iscsi with non-power-of-2 discard
Dell Equallogic iSCSI SANs have a very unusual advertised geometry:

$ iscsi-inq -e 1 -c $((0xb0)) iscsi://XXX/0
wsnz:0
maximum compare and write length:1
optimal transfer length granularity:0
maximum transfer length:0
optimal transfer length:0
maximum prefetch xdread xdwrite transfer length:0
maximum unmap lba count:30720
maximum unmap block descriptor count:2
optimal unmap granularity:30720
ugavalid:1
unmap granularity alignment:0
maximum write same length:30720

which says that both the maximum and the optimal discard size
is 15M.  It is not immediately apparent if the device allows
discard requests not aligned to the optimal size, nor if it
allows discards at a finer granularity than the optimal size.

I tried to find details in the SCSI Commands Reference Manual
Rev. A on what valid values of maximum and optimal sizes are
permitted, but while that document mentions a "Block Limits
VPD Page", I couldn't actually find documentation of that page
or what values it would have, or if a SCSI device has an
advertisement of its minimal unmap granularity.  So it is not
obvious to me whether the Dell Equallogic device is compliance
with the SCSI specification.

Fortunately, it is easy enough to support non-power-of-2 sizing,
even if it means we are less efficient than truly possible when
targetting that device (for example, it means that we refuse to
unmap anything that is not a multiple of 15M and aligned to a
15M boundary, even if the device truly does support a smaller
granularity where unmapping actually works).

Reported-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1469129688-22848-5-git-send-email-eblake@redhat.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-08-03 18:44:57 +02:00
Eric Blake
e9fd416e66 osdep: Document differences in rounding macros
Make it obvious which macros are safe in which situations.

Useful since QEMU_ALIGN_UP and ROUND_UP both purport to do
the same thing, but differ on whether the alignment must be
a power of 2.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1469129688-22848-4-git-send-email-eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-08-03 18:44:56 +02:00
Eric Blake
7423f41782 nbd: Limit nbdflags to 16 bits
Rather than asserting that nbdflags is within range, just give
it the correct type to begin with :)  nbdflags corresponds to
the per-export portion of NBD Protocol "transmission flags", which
is 16 bits in response to NBD_OPT_EXPORT_NAME and NBD_OPT_GO.

Furthermore, upstream NBD has never passed the global flags to
the kernel via ioctl(NBD_SET_FLAGS) (the ioctl was first
introduced in NBD 2.9.22; then a latent bug in NBD 3.1 actually
tried to OR the global flags with the transmission flags, with
the disaster that the addition of NBD_FLAG_NO_ZEROES in 3.9
caused all earlier NBD 3.x clients to treat every export as
read-only; NBD 3.10 and later intentionally clip things to 16
bits to pass only transmission flags).  Qemu should follow suit,
since the current two global flags (NBD_FLAG_FIXED_NEWSTYLE
and NBD_FLAG_NO_ZEROES) have no impact on the kernel's behavior
during transmission.

CC: qemu-stable@nongnu.org
Signed-off-by: Eric Blake <eblake@redhat.com>

Message-Id: <1469129688-22848-3-git-send-email-eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-08-03 18:44:56 +02:00
Eric Blake
5bee0f4717 nbd: Fix bad flag detection on server
Commit ab7c548e added a check for invalid flags, but used an
early return on error instead of properly going through the
cleanup label.

Signed-off-by: Eric Blake <eblake@redhat.com>

Message-Id: <1469129688-22848-2-git-send-email-eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-08-03 18:44:56 +02:00
Igor Mammedov
71ae65e552 i2c: fix migration regression introduced by broadcast support
QEMU fails migration with following error:

qemu-system-x86_64: Missing section footer for i2c_bus
qemu-system-x86_64: load of migration failed: Invalid argument

when migrating from:
  qemu-system-x86_64-v2.6.0 -m 256M rhel72.img -M pc-i440fx-2.6
to
  qemu-system-x86_64-v2.7.0-rc0 -m 256M rhel72.img -M pc-i440fx-2.6

Regression is added by commit 2293c27f (i2c: implement broadcast write)

Fix it by dropping 'broadcast' VMState introduced by 2293c27f and
reuse broadcast 0x00 address as broadcast flag in bus->saved_address.
Then if there were ongoing broadcast at migration time, set
bus->saved_address to it and at i2c_slave_post_load() time check
for it instead of transfering and using 'broadcast' VMState.

As result of reusing existing saved_address VMState, no compat
glue will be needed to keep forward/backward compatiblity. which
makes fix much less intrusive.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <1469623198-177227-1-git-send-email-imammedo@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-08-03 18:44:56 +02:00
Paolo Bonzini
0b646f44d9 mptsas: really fix migration compatibility
Commit 2e2aa316 removed internal flag msi_in_use, but it
existed in vmstate.  Restore it for migration to older QEMU
versions.

Reported-by: Amit Shah <amit.shah@redhat.com>
Suggested-by: Amit Shah <amit.shah@redhat.com>
Cc: Markus Armbruster <armbru@redhat.com>
Cc: Marcel Apfelbaum <marcel@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Amit Shah <amit.shah@redhat.com>
Cc: Cao jin <caoj.fnst@cn.fujitsu.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-08-03 18:44:56 +02:00
Emilio G. Cota
11b7b07f8a qdist: return "(empty)" instead of NULL when printing an empty dist
Printf'ing a NULL string is undefined behaviour. Avoid it.

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-Id: <1469459025-23606-4-git-send-email-cota@braap.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-08-03 18:44:56 +02:00
Emilio G. Cota
071d405477 qdist: use g_renew and g_new instead of g_realloc and g_malloc.
This is safer against overflow.  g_renew is available in all
version of glib, while g_realloc_n is only available in 2.24.

Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-Id: <1469459025-23606-3-git-send-email-cota@braap.org>
[Rewritten to use g_new/g_renew. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-08-03 18:42:35 +02:00
Peter Maydell
6eac5f7bad usb: bugfixes for xen-usb and ehci, mingw build fix.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJXoevaAAoJEEy22O7T6HE4+88P/369r+byyvzudzoyux8X2v43
 bVhz75a6PLk+gGfe9TttNdm+t/l+bFPjO0af2+xe6fKk9Qj4R1HRYU8b0VjcmeRf
 Ege1jz74cfTOG1qX4FdX5u/hKeVCSlC04G4ja1AiU6gdIz1qiFo6brVq173Ug2vB
 rKetESqphMK0t9fo8o8YwgeYboKSl0BZMwHNr71i47bFT0vk33sPAU0jGgXadWNz
 KiMM2UuDn/GZH/5T+5x985fThBgyg4IO2MQJwC85l4P18aNhBa7fkifisAzsBwZz
 euRZLh3Gw10LqkTD9SyiKndT91aJ1z6juivAlfCrhzOhNlB6mU3jYPIi+7p5CEH2
 9JxTEms/UoIqeq9U7ZNXJMFpRtWAYaPJWW6QhBmXIJA1XxSZWsTXG5jOwJA5EelU
 ZjjkDV4M3xSn7RFjk5vN47lYer52CWG8mRo8kIMWNgsyZ2O+91UjC5G3b/uoGl+K
 pQNYO7xBtly/ir77JSptbero/gbHH9Zi2WSHHrjHDfNP7OztWwFlene9keTdBF+Y
 /1SVrvXhIm5j/TwcG5xh7TX8FgfwO0tkTAE50y7+DqVPxO0xmEwyFffdpx2nR0+c
 yooscLSvtrj6OprYU/eV11rOpEvu/G0drgIe1sknf0WN5QuBwdQtgrR9Uccglbpq
 ZW5kv3gAI2Gw4b7su2jP
 =9vGX
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/pull-usb-20160803-1' into staging

usb: bugfixes for xen-usb and ehci, mingw build fix.

# gpg: Signature made Wed 03 Aug 2016 14:04:26 BST
# gpg:                using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/pull-usb-20160803-1:
  xen: use a common function for pv and hvm guest backend register calls
  xen: drain submit queue in xen-usb before removing device
  xen: when removing a backend don't remove many of them
  ehci: faster frame index calculation for skipped frames
  wxx: Fix compilation of host-libusb.c
  wxx: Fix compiler warning for host-libusb.c

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-08-03 14:25:10 +01:00
Daniel P. Berrange
12e29b1682 vnc: ensure connection sharing/limits is always configured
The connection sharing / limits are only set in the
vnc_display_open() method and so missed when VNC is running
with '-vnc none'. This in turn prevents clients being added
to the VNC server with the QMP "add_client" command.

This was introduced in

  commit e5f34cdd2d
  Author: Gerd Hoffmann <kraxel@redhat.com>
  Date:   Thu Oct 2 12:09:34 2014 +0200

      vnc: track & limit connections

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 1470134726-15697-4-git-send-email-berrange@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-08-03 15:06:32 +02:00
Daniel P. Berrange
3e7f136d8b vnc: fix crash when vnc_server_info_get has an error
The vnc_server_info_get will allocate the VncServerInfo
struct and then call vnc_init_basic_info_from_server_addr
to populate the basic fields. If this returns an error
though, the qapi_free_VncServerInfo call will then crash
because the VncServerInfo struct instance was not properly
NULL-initialized and thus contains random stack garbage.

 #0  0x00007f1987c8e6f5 in raise () at /lib64/libc.so.6
 #1  0x00007f1987c902fa in abort () at /lib64/libc.so.6
 #2  0x00007f1987ccf600 in __libc_message () at /lib64/libc.so.6
 #3  0x00007f1987cd7d4a in _int_free () at /lib64/libc.so.6
 #4  0x00007f1987cdb2ac in free () at /lib64/libc.so.6
 #5  0x00007f198b654f6e in g_free () at /lib64/libglib-2.0.so.0
 #6  0x0000559193cdcf54 in visit_type_str (v=v@entry=
     0x5591972f14b0, name=name@entry=0x559193de1e29 "host", obj=obj@entry=0x5591961dbfa0, errp=errp@entry=0x7fffd7899d80)
     at qapi/qapi-visit-core.c:255
 #7  0x0000559193cca8f3 in visit_type_VncBasicInfo_members (v=v@entry=
     0x5591972f14b0, obj=obj@entry=0x5591961dbfa0, errp=errp@entry=0x7fffd7899dc0) at qapi-visit.c:12307
 #8  0x0000559193ccb523 in visit_type_VncServerInfo_members (v=v@entry=
     0x5591972f14b0, obj=0x5591961dbfa0, errp=errp@entry=0x7fffd7899e00) at qapi-visit.c:12632
 #9  0x0000559193ccb60b in visit_type_VncServerInfo (v=v@entry=
     0x5591972f14b0, name=name@entry=0x0, obj=obj@entry=0x7fffd7899e48, errp=errp@entry=0x0) at qapi-visit.c:12658
 #10 0x0000559193cb53d8 in qapi_free_VncServerInfo (obj=<optimized out>) at qapi-types.c:3970
 #11 0x0000559193c1e6ba in vnc_server_info_get (vd=0x7f1951498010) at ui/vnc.c:233
 #12 0x0000559193c24275 in vnc_connect (vs=0x559197b2f200, vs=0x559197b2f200, event=QAPI_EVENT_VNC_CONNECTED) at ui/vnc.c:284
 #13 0x0000559193c24275 in vnc_connect (vd=vd@entry=0x7f1951498010, sioc=sioc@entry=0x559196bf9c00, skipauth=skipauth@entry=tru e, websocket=websocket@entry=false) at ui/vnc.c:3039
 #14 0x0000559193c25806 in vnc_display_add_client (id=<optimized out>, csock=<optimized out>, skipauth=<optimized out>)
     at ui/vnc.c:3877
 #15 0x0000559193a90c28 in qmp_marshal_add_client (args=<optimized out>, ret=<optimized out>, errp=0x7fffd7899f90)
     at qmp-marshal.c:105
 #16 0x000055919399c2b7 in handle_qmp_command (parser=<optimized out>, tokens=<optimized out>)
     at /home/berrange/src/virt/qemu/monitor.c:3971
 #17 0x0000559193ce3307 in json_message_process_token (lexer=0x559194ab0838, input=0x559194a6d940, type=JSON_RCURLY, x=111, y=1 2) at qobject/json-streamer.c:105
 #18 0x0000559193cfa90d in json_lexer_feed_char (lexer=lexer@entry=0x559194ab0838, ch=125 '}', flush=flush@entry=false)
     at qobject/json-lexer.c:319
 #19 0x0000559193cfaa1e in json_lexer_feed (lexer=0x559194ab0838, buffer=<optimized out>, size=<optimized out>)
     at qobject/json-lexer.c:369
 #20 0x0000559193ce33c9 in json_message_parser_feed (parser=<optimized out>, buffer=<optimized out>, size=<optimized out>)
     at qobject/json-streamer.c:124
 #21 0x000055919399a85b in monitor_qmp_read (opaque=<optimized out>, buf=<optimized out>, size=<optimized out>)
     at /home/berrange/src/virt/qemu/monitor.c:3987
 #22 0x0000559193a87d00 in tcp_chr_read (chan=<optimized out>, cond=<optimized out>, opaque=0x559194a7d900)
     at qemu-char.c:2895
 #23 0x00007f198b64f703 in g_main_context_dispatch () at /lib64/libglib-2.0.so.0
 #24 0x0000559193c484b3 in main_loop_wait () at main-loop.c:213
 #25 0x0000559193c484b3 in main_loop_wait (timeout=<optimized out>) at main-loop.c:258
 #26 0x0000559193c484b3 in main_loop_wait (nonblocking=<optimized out>) at main-loop.c:506
 #27 0x0000559193964c55 in main () at vl.c:1908
 #28 0x0000559193964c55 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4603

This was introduced in

  commit 98481bfcd6
  Author: Eric Blake <eblake@redhat.com>
  Date:   Mon Oct 26 16:34:45 2015 -0600

    vnc: Hoist allocation of VncBasicInfo to callers

which added error reporting for vnc_init_basic_info_from_server_addr
but didn't change the g_malloc calls to g_malloc0.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 1470134726-15697-3-git-send-email-berrange@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-08-03 15:06:32 +02:00