this adds a basic vmdk corruption check. it should detect severe
table corruptions and file truncation.
Signed-off-by: Peter Lieven <pl@kamp.de>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The QCOW2 .bdrv_make_empty implementation always returns 0 for success,
but does not actually do anything.
The proper way to not support an optional driver function stub is to
just not implement it, so let's remove the stub.
Signed-off-by: Jeff Cody <jcody@redhat.com>
Reviewed-by: Benoit Canet <benoit@irqsave.net>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The QED .bdrv_make_empty() implementation does nothing but return
-ENOTSUP, which causes problems in bdrv_commit(). Since the function
stub exists for QED, it is called, which then always returns an error.
The proper way to not support an optional driver function stub is to
just not implement it, so let's remove the stub.
Signed-off-by: Jeff Cody <jcody@redhat.com>
Reviewed-by: Benoit Canet <benoit@irqsave.net>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The qemu-img.texi / qemu-doc.texi files currently describe the
qcow2/qcow2 encryption thus
"Encryption uses the AES format which is very secure (128 bit
keys). Use a long password (16 characters) to get maximum
protection."
While AES is indeed a strong encryption system, the way that
QCow/QCow2 use it results in a poor/weak encryption system.
Due to the use of predictable IVs, based on the sector number
extended to 128 bits, it is vulnerable to chosen plaintext
attacks which can reveal the existence of encrypted data.
The direct use of the user passphrase as the encryption key
also leads to an inability to change the passphrase of an
image. If passphrase is ever compromised the image data will
all be vulnerable, since it cannot be re-encrypted. The admin
has to clone the image files with a new passphrase and then
use a program like shred to secure erase all the old files.
Recommend against any use of QCow/QCow2 encryption, directing
users to dm-crypt / LUKS which can meet modern cryptography
best practices.
[Changed "Qcow" to "qcow" for consistency.
--Stefan]
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJS5nJdAAoJEJykq7OBq3PIUV8H/1Vz4Ug/iI0TgUkbyRtoZ/E3
3C5BCO0SyPnZ91iCzbNXo8IcTYejSPeMT951XSxrz/lg5HDqN+vyA1IQzJUc1Sbn
tP+VYffsRAJ/5jW2Jj2cdCxlAIob60THS8Z3Z/NqubcxTlBcbmuFykZLbLhU+DbU
dow3E+hla/I1A/6bjcQ/8u5a4asp9zqRuvOqwcf7i1kNChfYv2/rCrtiWjQhKktq
uqFX2vVL8lmJanp+lOsZcUID4w0Ot6uJNrtzofxvg7OtMfVPb0G8PMcq8/Zxnz72
NJfKuBsAV7/hwWm5EKKRGJRHko29ymOFkuGQR7e0aF8ZdPA0ByQWnPXmgE1p5V0=
=QnyD
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'stefanha/tags/tracing-pull-request' into staging
Tracing pull request
# gpg: Signature made Mon 27 Jan 2014 14:51:09 GMT using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8
* stefanha/tags/tracing-pull-request:
trace: fix simple trace "disable" keyword
trace: add glib 2.32+ static GMutex support
trace: [simple] Do not include "trace/simple.h" in generated tracer headers
tracing: start trace processing thread in final child process
Message-id: 1390834386-23139-1-git-send-email-stefanha@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This includes new unit-tests for acpi by Marcel,
hotplug for pci bridges by myself (piix only so far)
and cpu hotplug for q35.
And a bunch of fixes all over the place as usual.
I included the patch to fix memory alignment for q35
as well - even though it limits 32 bit guests to 3G (they
previously could address more memory with PAE).
To remove the limit, this will have to be fixed in seabios.
I also added self as virtio co-maintainer so I don't need
to troll the list for patches to review.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJS5O2JAAoJECgfDbjSjVRpBRsH/iueYMYqtlIOCFSBf4TSU5LN
3369DwM0EncrEIZhv6jjtX+CSKUca9IXkKcvBBHJOTwhUodGNZ1wJ/FpO9+AhjpB
5XlIcF4nOi2eYDGs/8JToecK+edggTrSjJ8Bg5n7/bEtJ/oNyjTQ0RMX+2jXq1y3
jnpVjO1ntQXkZQZWNM3O+8biVT1o8wJlFhFbYpx4TKgFplPnRrg1gZR3MtnhsZ+M
OoBenpJYrh5Gw52d6HPauMDAux51MjGymzrk2Wmd/w3hPMP9BcxX7NvoapKlGTg9
DkVr7cvbIzZ2JnsRLFNeWsJIupOjl6MwqhGJo5WcB5VS7NZTbVHmtBRvqKa76EU=
=y3wE
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'mst/tags/for_anthony' into staging
acpi,pci,pc,virtio fixes and enhancements
This includes new unit-tests for acpi by Marcel,
hotplug for pci bridges by myself (piix only so far)
and cpu hotplug for q35.
And a bunch of fixes all over the place as usual.
I included the patch to fix memory alignment for q35
as well - even though it limits 32 bit guests to 3G (they
previously could address more memory with PAE).
To remove the limit, this will have to be fixed in seabios.
I also added self as virtio co-maintainer so I don't need
to troll the list for patches to review.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Sun 26 Jan 2014 11:12:09 GMT using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67
# Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469
* mst/tags/for_anthony: (35 commits)
MAINTAINERS: add self as virtio co-maintainer
q35: document gigabyte_align
q35: gigabyte alignment for ram
acpi: Fix PCI hole handling on build_srat()
pc: Save size of RAM below 4GB
hw/pci: fix error flow in pci multifunction init
acpi-test: update expected AML since recent changes
pc: ACPI: update acpi-dsdt.hex.generated q35-acpi-dsdt.hex.generated
pc: ACPI: unify source of CPU hotplug IO base/len
pc: ACPI: expose PRST IO range via _CRS
pc: Q35 DSDT: exclude CPU hotplug IO range from PCI bus resources
pc: PIIX DSDT: exclude CPU/PCI hotplug & GPE0 IO range from PCI bus resources
pc: set PRST base in DSDT depending on chipset
acpi: ich9: add CPU hotplug handling to Q35 machine
acpi: factor out common cpu hotplug code for PIIX4/Q35
acpi-build: enable hotplug for PCI bridges
piix4: add acpi pci hotplug support
pcihp: generalization of piix4 acpi
pci: add pci_for_each_bus_depth_first
pc: make: fix dependencies: rebuild when included file is changed
...
Message-id: 1390735289-15563-1-git-send-email-mst@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJS5nEPAAoJEJykq7OBq3PI2XkH/1+f2mTJydxsg71571fOV+05
IQl5dp14FZe+b3R4gRIEkU78JzsvhSnBdM8BQp4PwUhRIxz37tv3WfiAUVxOVMME
U21/e+Oq0dFwBdCsx8G7ZRNP0xfWz8dvujo1cVZPWfFHAyBecgkcDQM1shHB4kGt
PRrN3UfS6JOLQ6yBbXWSMMA7sWxZ7dlME7OPvUs3rql/mk20+xzpFJiyXVyMTEGA
uu2l0iSpdwytisYTe2Pn8efwvuG1pIvNYmWIFcBjQIXfRTr0X9UGmGfgXTHlWERL
91BR7wcKvQveMRYYbRdYvHLm/wcCc3o+MhS1My5TZItxZPLFIaZZyvf/Z4gvj9U=
=xJOf
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'stefanha/tags/net-pull-request' into staging
Net patches
# gpg: Signature made Mon 27 Jan 2014 14:45:35 GMT using RSA key ID 81AB73C8
# gpg: Can't check signature: public key not found
* stefanha/tags/net-pull-request:
tap-linux: Get features once and use it many times
Fix lan9118 buffer length handling
Fix lan9118 TX "CMD A" handling
net: Use g_strdup_printf instead of snprintf.
Message-id: 1390834129-19625-1-git-send-email-stefanha@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
We have cache pools of temporaries that we can reuse later when they've
already been allocated before.
These cache pools differenciate between the target TCG variable type they
contain. So we have one pool for I32 and one pool for I64 variables.
On a 32bit system, we can't work with 64bit registers though. So instead we
spawn two I32 temporaries for every I64 temporary we create. All caching
works the same way as on a real 64-bit system though: We create a cache entry
in the 64bit array for the first i32 index.
However, when we free such a temporary we free it to the pool of its type
(which is always i32 on 32bit systems) rather than its base_type (which is
i64 or i32 depending on the variable). This means we put a temporary that
is of base_type == i64 into the i32 preallocated temporary pool.
Eventually, this results in failures like this on 32bit hosts:
qemu-system-ppc64: tcg/tcg.c:515: tcg_temp_new_internal: Assertion `ts->base_type == type' failed.
This patch makes the free routine use the base_type instead for the free case,
so it's consistent with the temporary allocation. It fixes the above failure
for me.
Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1390146811-59936-1-git-send-email-agraf@suse.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The trace-events "disable" keyword turns an event into a nop at
compile-time. This is important for high-frequency events that can
impact performance.
The "disable" keyword is currently broken in the simple trace backend.
This patch fixes the problem as follows:
Trace events are identified by their TraceEventID number. When events
are disabled there are two options for assigning TraceEventID numbers:
1. Skip disabled events and don't assign them a number.
2. Assign numbers for all events regardless of the disabled keyword.
The simple trace backend and its binary file format uses approach #1.
The tracetool infrastructure has been using approach #2 for a while.
The result is that the numbers used in simple trace files do not
correspond with TraceEventIDs. In trace/simple.c we assumed that they
are identical and therefore emitted bogus numbers.
This patch fixes the bug by using TraceEventID for trace_event_id()
while sticking to approach #1 for simple trace file numbers. This
preserves simple trace file format compatibility.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The GStaticMutex API was deprecated in glib 2.32. We cannot switch over
to GMutex unconditionally since we would drop support for older glib
versions. But the deprecated API warnings during build are annoying so
use static GMutex when possible.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The header is not necessary, given that the simple backend does not define any
inlined tracing routines.
Signed-off-by: Lluís Vilanova <vilanova@ac.upc.edu>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
When running with trace backend e.g. "simple" the writer thread needs to be
implemented in the same process context as the trace points that will be
processed. Under libvirtd control, qemu gets first started in daemonized
mode to privide its capabilities. Creating the writer thread in the initial
process context then leads to a dead lock because the thread gets termined
together with the initial parent. (-daemonize)
Signed-off-by: Michael Mueller <mimu@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
[minor whitespace fixes]
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The 9118 ethernet controller supports transmission of multi-buffer packets
with arbitrary byte alignment of the start and end bytes. All writes to
the packet fifo are 32 bits, so the controller discards bytes at the beginning
and end of each buffer based on the 'Data start offset' and 'Buffer size'
of the TX command 'A' format.
This patch uses the provided buffer length to limit the bytes transmitted.
Previously all the bytes of the last 32-bit word written to the TX fifo
were added to the internal transmit buffer structure resulting in more bytes
being transmitted than were submitted to the hardware in the command. This
resulted in extra bytes being inserted into the middle of multi-buffer
packets when the non-final buffers had non-32bit aligned ending addresses.
Signed-off-by: Roy Franz <roy.franz@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The 9118 ethernet controller supports transmission of multi-buffer packets
with arbitrary byte alignment of the start and end bytes. All writes to
the packet fifo are 32 bits, so the controller discards bytes at the beginning
and end of each buffer based on the 'Data start offset' and 'Buffer size'
of the TX command 'A' format.
This patch changes the buffer size and offset internal state variables to be
updated on every "TX command A" write. Previously they were only updated for
the first segment, which resulted incorrect behavior for packets with more
than one segment. Each segment of the packet has its own CMD A command, with
its own buffer size and start offset.
Also update extraction of fields from the CMD A word to use extract32().
Signed-off-by: Roy Franz <roy.franz@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
assign_name() in net/net.c is using snprintf + g_strdup to get the same
result as g_strdup_printf.
Signed-off-by: Hani Benhabiles <kroosec@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Map 2G (q35) of memory below 4G, so the RAM pieces
are nicely aligned to gigabyte borders.
Keep old memory layout for (a) old machine types and (b) in case all
memory fits below 4G and thus we don't have to split RAM into pieces
in the first place. The later makes sure this change doesn't take
away memory from 32bit guests.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The original SeaBIOS code used the RamSize variable, that was used by
SeaBIOS for the size of RAM below 4GB, not for all RAM. When copied to
QEMU, the code was changed to use the full RAM size, and this broke the
build_srat() code that handles the PCI hole.
Change build_srat() to use ram_size_below_4g instead of ram_size, to
restore the original behavior from SeaBIOS.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The ram_below_4g value will be useful in other places, such as the ACPI
table code, and other code that currently requires passing
below_4g_mem_size around in function arguments.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Scenario:
- There is a non multifunction pci device A on 00:0X.0.
- Hot-plug another multifunction pci device B at 00:0X.1.
- The operation will fail of course.
- Try to hot-plug the B device 2-3 more times, qemu will crash.
Reason: The error flow leaves the B's address space into global address spaces
list, but the device object is freed. Fixed that.
Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
use C headers defines as source of IO base/len for respective
values in ASL code.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
.. so OSPM could notice resource conflict if there is any.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
... for range defined at hw/acpi/ich9.c:ICH9_PROC_BASE
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
.. so that they might not be used by PCI devices.
Note:
Resort to concatenating templates with preprocessor help,
because 1.0b spec isn't supporting ConcatenateResTemplate,
as result Windows XP fails to execute PCI0._CRS method if
ConcatenateResTemplate() is used.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
.. use IO port 0cd8-0xcf7 range for CPU present bitmap
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
.. so it could be used for adding CPU hotplug to Q35 machine
Add an additional header with that will be shared between
C and ASL code: include/hw/acpi/cpu_hotplug_defs.h
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This enables support for device hotplug behind
pci bridges. Bridge devices themselves need
to be pre-configured on qemu command line.
Design:
- at machine init time, assign "bsel" property to bridges with
hotplug support
- dynamically (At ACPI table read) generate ACPI code to handle
hotplug events for each bridge with "bsel" property
Note: ACPI doesn't support adding or removing bridges by hotplug.
We detect and prevent removal of bridges by hotplug,
unless they were added by hotplug previously
(and so, are not described by ACPI).
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Add support for acpi pci hotplug using the
new infrastructure.
PIIX4 legacy interface is maintained as is for
machine types 1.7 and older.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Add ACPI based PCI hotplug library with bridge hotplug
support.
Design
- each bus gets assigned "bsel" property.
- ACPI code writes this number
to a new BNUM register, then uses existing
UP/DOWN registers to probe slot status;
to eject, write number to BNUM register,
then slot into existing EJ.
The interface is actually backwards-compatible with
existing PIIX4 ACPI (though not migration compatible).
This is split out from PIIX4 codebase so we can
reuse it for Q35 as well.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
some *.dsl files include another *.dsl files but there weren't
any dependicies and when included file changed target table wasn't
rebuild. Fix this by using the same auto dependency generation
as for C files.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The asl comparison will break every time the ACPI
tables are updated. This may break the git bisect.
Instead of failing print a warning on stderr
including the retained asl files, so they can be
compared offline.
Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
It seems that iasl has an issue when disassembles
some ACPI tables using the command line:
iasl -e DSDT -e SSDT -d HPET
Modified the iasl command line to "iasl -d HPET"
until the problem is solved. The command line
remained the same for DSDT and SSDT tables.
Reported-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Just a refactoring, ssdt_tables name was confusing as
it included other tables as well.
Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Double endianness convertion make this test failing on POWERPC machine
running in big-endian.
This fixes the test to success on big-endian host.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
When running the test with TEST_ACPI_REBUILD_AML=y environment
variable, the test will rebuild and validate the expected aml
files.
Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acpi unit-test will fail every time the acpi tables change.
This script rebuild the expected aml files, so the test
will pass. It also validates the modifications.
Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The test checked if iasl is installed by running "iasl"
and checking the error output.
It is better to use the iasl executable as appears
in configuration.
Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acpi unit-tests will extract iasl executable
from CONFIG_IASL define.
Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This test will run only if iasl is installed on the host machine.
The test plan:
1. Dumps the ACPI tables as AML on the disk.
2. Runs iasl to disassembly the tables into ASL files.
3. Runs iasl to disassembly the offline AML files into ASL files.
4. Compares the ASL files.
The test runs for both default machine and q35.
In case the test fails, it can be easily tweaked to
show the differences between the ASL files and
understand the issue.
Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Ensure configure will set-up links for the files
if the build is created in other directory.
Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Added unit-test's expected aml files to be compared
with the actual ACPI tables.
Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>