Commit Graph

34489 Commits

Author SHA1 Message Date
Riku Voipio b545f63fa9 linux-user: use TARGET_SA_ONSTACK in get_sigframe
As reported by Laurent, which should use TARGET_SA_ONSTACK
on arm, microblaze and openrisc targets like we do on all
others. Practical matter is minimal as for almost all archs
SA_ONSTACK is 0x08000000:

http://lxr.free-electrons.com/ident?i=SA_ONSTACK

Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
2014-07-15 17:08:41 +03:00
Peter Maydell 2c65ebe646 Block pull request
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJTxTFNAAoJEJykq7OBq3PIti0IALlbGEfEjysUSmKbmnhJg5pH
 MoEkGJ8FZ7nIaaLfKPfVIzc5oeZVTWrtyckJLuLdxGOA1BYGXMQ/41Qs64UyT6NA
 TIFE9nZX6h5hQrLXt9u0O6smpkq7wt7M9a3RhVxUZ27Rujf8q+8V2KmgdEy8tchq
 vesyeDXBBx/G6tDGQey7WoRq1s6NafdNm9V0V8pkhonQ3uVErqhz5ZAaTV0zDZIr
 7CreUitr0XPsMx+FIAwEsRcFxw1uD5c5LQVWzBtNJUTMIjcmhauXH8YkreDYCJVY
 4Q555XvMGbEe/4OTqfhq5LI065uTpwYC1cvM16rVksa7KN25salupUn2MBVTbOI=
 =dnaT
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging

Block pull request

# gpg: Signature made Tue 15 Jul 2014 14:49:01 BST using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"

* remotes/stefanha/tags/block-pull-request:
  virtio-blk: dataplane: notify guest as a batch
  virtio-blk: data-plane: fix save/set .complete_request in start
  linux-aio: Fix laio resource leak

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-07-15 15:06:17 +01:00
Ming Lei 5b2ffbe4d9 virtio-blk: dataplane: notify guest as a batch
Now requests are submitted as a batch, so it is natural
to notify guest as a batch too.

This may suppress interrupt notification to VM a lot:

        - in my test, decreased by ~13K/sec

Signed-off-by: Ming Lei <ming.lei@canonical.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-07-15 15:34:13 +02:00
Ming Lei e926d9b8c5 virtio-blk: data-plane: fix save/set .complete_request in start
The callback has to be saved and reset in virtio_blk_data_plane_start(),
otherwise dataplane's requests will be completed in qemu aio context.

Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Ming Lei <ming.lei@canonical.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-07-15 15:34:13 +02:00
Gonglei a1abf40d6b linux-aio: Fix laio resource leak
when hotplug virtio-scsi disks using laio, the aio_nr will
increase in laio_init() by io_setup(), we can see the number by
  # cat /proc/sys/fs/aio-nr
  128
if the aio_nr attach the maxnum, which found from
  # cat /proc/sys/fs/aio-max-nr
  65536
the hotplug process will fail because of aio context leak.

Fix it by io_destroy in laio_cleanup().

Reported-by: daifulai <daifulai@huawei.com>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-07-15 15:34:13 +02:00
Joakim Tjernlund 2dd08dfd9a alloca one extra byte sockets
target_to_host_sockaddr() may increase the lenth with 1 byte
for AF_UNIX sockets so allocate 1 extra byte.

Signed-off-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
2014-07-15 16:28:36 +03:00
Joakim Tjernlund 33a29b51c9 linux-user: handle AF_PACKET sockaddrs in target_to_host_sockaddr
Implement conversion of the AF_PACKET sockaddr subtype
in target_to_host_sockaddr.

Signed-off-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
2014-07-15 16:28:25 +03:00
Joakim Tjernlund 451aaf688c qemu-user: Impl. setsockopt(SO_BINDTODEVICE)
Signed-off-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
2014-07-15 16:28:20 +03:00
Joakim Tjernlund 27a07827c4 SIOCGIFINDEX: fix typo
Wrong type was used in ioctl definition.

Signed-off-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
2014-07-15 16:26:31 +03:00
Andreas Färber 0e16297461 libqos: Fix PC PCI endianness glitches
The libqos implementation of io_read{b,w,l} and io_write{b,w,l} hooks
was relying on qtest_mem{read,write}() respectively. With d81d410 (usb:
improve ehci/uhci test) this resulted in assertion failures on ppc hosts:

 ERROR:tests/usb-hcd-ehci-test.c:78:ehci_port_test: assertion failed: ((value & mask) == (expect & mask))

 ERROR:tests/usb-hcd-ehci-test.c:128:pci_uhci_port_2: assertion failed: (pcibus != NULL)

 ERROR:tests/usb-hcd-ehci-test.c:150:pci_ehci_port_2: assertion failed: (pcibus != NULL)

qtest_read{b,w,l,q}() and qtest_write{b,w,l,q}() had been introduced
as endian-safe replacement for qtest_mem{read,write}() in I2C in
872536b (qtest: Add MMIO support). Use them for PCI as well.

Cc: Anthony Liguori <aliguori@amazon.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Fixes: c4efe1c qtest: add libqos including PCI support
Fixes: d81d410 usb: improve ehci/uhci test
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-07-15 14:18:15 +01:00
Peter Maydell 0a9934eef1 Misc 2.1 fixes regarding character/serial devices and SCSI.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABAgAGBQJTw/aQAAoJEBvWZb6bTYbyQFkQAJ1/P6aG5EOd8dBQ2rNZ72Zp
 tWLnCQNZFIRLu1PGwiiqKihRk3N+YSMh0xERe1H8ZPwv1xIpia5zfcZ+fwEizyb2
 62zaTSSbUssWvt/p/mnb8K4H3HhBnEfEcQsFJi9GiML8G7rFwq5pUYTPfu0DQkq0
 +j1sk/sfzaKfdzDuxpz1cxPkFw7BjDTPDJPsKJCSok25sS7EhfN00auc33r8427k
 k5p/1xz7K/edUhZ86XhCIOs5bHIGxEnpK4bjV5F4MXCMC5vgp1VFFrK8GRG7rncO
 rB0rYCzpgxLA8DYpSGOIl6VNfZfHfvtrAdPbQwPfh1FzEya2PL/WorfwFcibKU3V
 3aa07rVOunIxVsCET49Q36RnSCX9COKww9BJxcsLu7C/G8id4tu67OS0/FMI/EaJ
 1oy7miUJuWhZEA115zyBfWBrv88PgNdlYVP8NtekBoHaL5m+Tk6ZAVmmxz5AxDZs
 zXrzUgotQ+cQZdeHJ/UVvjk4J1RUsolOEIwASgxBFph4fwAT/kRtlkZCpX/2xfDA
 VSTxKqoiQkdepQzBcNBOJvhQ38kU5qQ3AZb871T+y4WwP6jKj8kqZ7yiFf6yYz4a
 AqzSpichWVan99HuTLfiexHyq4r2D75To6ZQFVduYhQg8YX5byDcjtiQRFyy1uKv
 FwkEa/mpZdB1p0fSc7i3
 =8zIe
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

Misc 2.1 fixes regarding character/serial devices and SCSI.

# gpg: Signature made Mon 14 Jul 2014 16:26:08 BST using RSA key ID 9B4D86F2
# gpg: Can't check signature: public key not found

* remotes/bonzini/tags/for-upstream:
  serial-pci: remove memory regions from BAR before destroying them
  virtio-scsi: fix with -M pc-i440fx-2.0
  serial: change retry logic to avoid concurrency
  qemu-char: fix deadlock with "-monitor pty"
  scsi: Report error when lun number is in use

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-07-14 17:01:45 +01:00
Paolo Bonzini 7497bce6c2 serial-pci: remove memory regions from BAR before destroying them
Otherwise, hot-unplug of pci-serial-2x trips the assertion
in memory_region_destroy:

    (qemu) device_del gg
    (qemu) qemu-system-x86_64: /work/armbru/tmp/qemu/memory.c:1021: memory_region_destroy: Assertion `((&mr->subregions)->tqh_first == ((void *)0))' failed.
    Aborted (core dumped)

Reported-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-07-14 16:14:15 +02:00
Paolo Bonzini 1f4e6a069b virtio-scsi: fix with -M pc-i440fx-2.0
Right now starting a machine with virtio-scsi and a <= 2.0 machine type
fails with:

    qemu-system-x86_64: -device virtio-scsi-pci: Property .any_layout not found

This is because the any_layout bit was actually never set after
virtio-scsi was changed to support arbitrary layout for virtio buffers.

(This was just a cleanup and a preparation for virtio 1.0; no guest
actually checks the bit, but the new request parsing algorithms are
tested even with old guest).

Reported-by: David Gilbert <dgilbert@redhat.com>
Reviewed-by: David Gilbert <dgilbert@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-07-14 16:14:15 +02:00
Kirill Batuzov f702e62a19 serial: change retry logic to avoid concurrency
Whenever serial_xmit fails to transmit a byte it adds a watch that would
call it again when the "line" becomes ready. This results in a retry
chain:
  serial_xmit -> add_watch -> serial_xmit
Each chain is able to transmit one character, and for every character
passed to serial by the guest driver a new chain is spawned.

The problem lays with the fact that a new chain is spawned even when
there is one already waiting on the watch. So there can be several retry
chains waiting concurrently on one "line". Every chain tries to transmit
current character, so character order is not messed up. But also every
chain increases retry counter (tsr_retry). If there are enough
concurrent chains this counter will hit MAX_XMIT_RETRY value and
the character will be dropped.

To reproduce this bug you need to feed serial output to some program
consuming it slowly enough. A python script from bug #1335444
description is an example of such program.

This commit changes retry logic in the following way to avoid
concurrency: instead of spawning a new chain for each character being
transmitted spawn only one and make it transmit characters until FIFO is
empty.

The change consists of two parts:
 - add a do {} while () loop in serial_xmit (diff is a bit erratic
   for this part, diff -w will show actual change),
 - do not call serial_xmit from serial_ioport_write if there is one
   waiting on the watch already.

This should fix another issue causing bug #1335444.

Signed-off-by: Kirill Batuzov <batuzovk@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-07-14 16:14:14 +02:00
Paolo Bonzini 7b3621f47a qemu-char: fix deadlock with "-monitor pty"
qemu_chr_be_generic_open cannot be called with the write lock taken,
because it calls client code that may call qemu_chr_fe_write.  This
actually happens for the monitor:

    0x00007ffff27dbf79 in __GI_raise (sig=sig@entry=6)
    0x00007ffff27df388 in __GI_abort ()
    0x00005555555ef489 in error_exit (err=<optimized out>, msg=msg@entry=0x5555559796d0 <__func__.5959> "qemu_mutex_lock")
    0x00005555558f9080 in qemu_mutex_lock (mutex=mutex@entry=0x555556248a30)
    0x0000555555713936 in qemu_chr_fe_write (s=0x555556248a30, buf=buf@entry=0x5555563d8870 "QEMU 2.0.90 monitor - type 'help' for more information\r\n", len=56)
    0x00005555556217fd in monitor_flush_locked (mon=mon@entry=0x555556251fd0)
    0x0000555555621a12 in monitor_flush_locked (mon=0x555556251fd0)
    monitor_puts (mon=mon@entry=0x555556251fd0, str=0x55555634bfa7 "", str@entry=0x55555634bf70 "QEMU 2.0.90 monitor - type 'help' for more information\n")
    0x0000555555624359 in monitor_vprintf (mon=0x555556251fd0, fmt=<optimized out>, ap=<optimized out>)
    0x0000555555624414 in monitor_printf (mon=<optimized out>, fmt=fmt@entry=0x5555559105a0 "QEMU %s monitor - type 'help' for more information\n")
    0x0000555555629806 in monitor_event (opaque=0x555556251fd0, event=<optimized out>)
    0x000055555571343c in qemu_chr_be_generic_open (s=0x555556248a30)

To avoid this, defer the call to an idle callback, which will be
called as soon as the main loop is re-entered.  In order to simplify
the cleanup and do it in one place only, change pty_chr_close to
call pty_chr_state.

To reproduce, run with "-monitor pty", then try to read from the
slave /dev/pts/FOO that it creates.

Fixes: 9005b2a758
Reported-by: Li Liang <liangx.z.li@intel.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-07-14 16:13:58 +02:00
Peter Maydell 7a6d04e73f Block patches for 2.1.0-rc2 (v2)
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJTw6scAAoJEH8JsnLIjy/WWk8QAMmThVQhJqajBbriVJWfB5w4
 A4ZaRpk+NsDUZhzbsVBJ06ZdlQSX76JOT17V1hDFe7wcu1Aq8XL2b0PzV4iDNRgJ
 QPjW7vKAfFq/ANziGfgfAhpeQkq8o5+R8OepmdqJXzIDCjg+nDtJVdsc7G8DIWOx
 1ssEqW8zaRuZMck61mo3hpdCCA+m+3HTHhcDEf/lzS69XHi2+BZ6ATVh3zShJqxy
 +68hDHdPNMTWESkN5MBQAo82flbdmNjqpD5SYYuJsoCOV+Tb5jLUGbED/VM1LqCf
 8ukXlu4TO0u3ZmO+3XeQJiNsBSQEGOp9/9gOYj8J7AaZcZzC4cON3RmiYLZLgapj
 zdKIvgCxuFzyFheJYPCwpr3483w6/mh4uMzasZ+jHETqieAyvy1L860FNdWQaXoX
 K96m/1yIaQ2NOogcWrxZZ4Jt/diKh+NWynBFm8MZON6MK46FLiCcma2ZedoX6dNc
 R+Ul0qiYMo5B9fX05uhf15dU8cmVQuVFRo2ftIIqxZDY9IPjJjrJPw9EjHajGIJb
 MpU25NRHCdf0BscgYufuf1W9llasl0fbAd3SIA4FccTFdAeDwu5SQXHTodhu64hh
 7gf23N7Let/Gnucxx7gOTi1Jz3uR8V7MbIYRgBBvyRqhNRRRjYDwpg2c8guCzM2F
 VObGeTRdNa9QhTXqBPdQ
 =YxHy
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Block patches for 2.1.0-rc2 (v2)

# gpg: Signature made Mon 14 Jul 2014 11:04:12 BST using RSA key ID C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"

* remotes/kevin/tags/for-upstream: (22 commits)
  ide: Treat read/write beyond end as invalid
  virtio-blk: Treat read/write beyond end as invalid
  virtio-blk: Bypass error action and I/O accounting on invalid r/w
  virtio-blk: Factor common checks out of virtio_blk_handle_read/write()
  dma-helpers: Fix too long qiov
  qtest: fix vhost-user-test compilation with old GLib
  tests: Fix unterminated string output visitor enum human string
  AioContext: do not rely on aio_poll(ctx, true) result to end a loop
  virtio-blk: embed VirtQueueElement in VirtIOBlockReq
  virtio-blk: avoid g_slice_new0() for VirtIOBlockReq and VirtQueueElement
  dataplane: do not free VirtQueueElement in vring_push()
  virtio-blk: avoid dataplane VirtIOBlockReq early free
  block: Assert qiov length matches request length
  qed: Make qiov match request size until backing file EOF
  qcow2: Make qiov match request size until backing file EOF
  block: Make qiov match the request size until EOF
  AioContext: speed up aio_notify
  test-aio: fix GSource-based timer test
  block: drop aio functions that operate on the main AioContext
  block: prefer aio_poll to qemu_aio_wait
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-07-14 13:09:29 +01:00
Peter Maydell c15a34eda0 A s390x/kvm bugfix for missing floating point register synchronization.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 
 iQIcBAABAgAGBQJTw4USAAoJEN7Pa5PG8C+vgB0QAKnzhUdqIr0rnsUuTOqhl/Ri
 7PER+qKt2O4GVGGFWxmZMrmeJ4qGMZwj8q441jRoiaSp/7zmpdTJDmZtC6GL8rm1
 Sj+krzlCOxcSUFYtF0maBFMb8O7olt6Qe4wJhYnax9CSTTYzDG/ezOIPRF6KZra4
 jCyRD4Q+Vjnp8sdFH1rNZXdDqal3DpRglLS4pRt0nIAtE8RnXQGRNS7lYZPC+AvN
 6R/9VMFU38PxXsycNGMoVnAtgIe3VV0iiUbdxsa/R8FHXYZkWVHmwq2+CyxGIC2y
 lhubaljhfAYJGEhSgLPW0BUOJSDibIq3LbZ+sSTQESU1l0oysfuQ+pBrMmyvTYDg
 OIMOaMFm2rM7Jtmmpvf/wdTNZs0RJrtppPa1oTvy7YzmyHPHtdnZjZif6iY/rXsx
 6jxWtx8wM4NmnNpeJNuM6qITB3pMd4P76AhRsme0P9UgNboj6uCbU2VRDOp+JpZU
 Elu5z11X312BGkldDR0peMaTJ7NeBG+MHXBDsZ+LvrbeHrBzu2VAh+RspxZQgnhn
 +HzYeuH8CvRH4kkrsNaCKd/DE36s8bvrcT6MxCD45XtPyW7greSnDvaFgvPIIlzU
 6Rfkr3Zf2NwpRT+yB/F4JpYjaHLO6+dgK/rITUD1cT0Jfz1WALw9c8f0oDwMDbDA
 IDraPJy6iNs0iQE4GuD1
 =TXJv
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20140714' into staging

A s390x/kvm bugfix for missing floating point register synchronization.

# gpg: Signature made Mon 14 Jul 2014 08:21:54 BST using RSA key ID C6F02FAF
# gpg: Can't check signature: public key not found

* remotes/cohuck/tags/s390x-20140714:
  s390x/kvm: synchronize guest floating point registers

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-07-14 11:04:11 +01:00
Markus Armbruster 58ac321135 ide: Treat read/write beyond end as invalid
The block layer fails such reads and writes just fine.  However, they
then get treated like valid operations that fail: the error action
gets executed.  Unwanted; reporting the error to the guest is the only
sensible action.

Reject them before passing them to the block layer.  This bypasses the
error action and I/O accounting.  Not quite correct for DMA, because
DMA can fail after some success, and when that happens, the part that
succeeded isn't counted.  Tolerable, because I/O accounting is an
inconsistent mess anyway.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-07-14 12:03:21 +02:00
Markus Armbruster 3c2daac0b9 virtio-blk: Treat read/write beyond end as invalid
The block layer fails such reads and writes just fine.  However, they
then get treated like valid operations that fail: the error action
gets executed.  Unwanted; reporting the error to the guest is the only
sensible action.

Reject them before passing them to the block layer.  This bypasses the
error action and I/O accounting.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-07-14 12:03:21 +02:00
Markus Armbruster 42e38c1fd0 virtio-blk: Bypass error action and I/O accounting on invalid r/w
When a device model's I/O operation fails, we execute the error
action.  This lets layers above QEMU implement thin provisioning, or
attempt to correct errors before they reach the guest.  But when the
I/O operation fails because it's invalid, reporting the error to the
guest is the only sensible action.

If the guest's read or write asks for an invalid sector range, fail
the request right away, without considering the error action.  No
change with error action BDRV_ACTION_REPORT.

Furthermore, bypass I/O accounting, because we want to track only I/O
that actually reaches the block layer.

The next commit will extend "invalid sector range" to cover attempts
to read/write beyond the end of the medium.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-07-14 12:03:21 +02:00
Markus Armbruster d0e14376ee virtio-blk: Factor common checks out of virtio_blk_handle_read/write()
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-07-14 12:03:21 +02:00
Kevin Wolf 58f423fbd5 dma-helpers: Fix too long qiov
If the size of the scatter/gather list isn't a multiple of 512, the
number of sectors for the block layer request is rounded down, resulting
in a qiov that doesn't match the request length. Truncate the qiov to the
new length of the request.

This fixes the IDE qtest case /x86_64/ide/bmdma/short_prdt.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2014-07-14 12:03:21 +02:00
Nikolay Nikolaev 80504dcaa1 qtest: fix vhost-user-test compilation with old GLib
Mising G_TIME_SPAN_SECOND definition breaks the RHEL6 compilation as GLib
version before 2.26 does not have it. In such case just define it.

Reported-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Nikolay Nikolaev <n.nikolaev@virtualopensystems.com>
Tested-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-07-14 12:03:21 +02:00
Andreas Färber b8864245b1 tests: Fix unterminated string output visitor enum human string
The buffer was being allocated of size string length plus two.
Around the string two quotes were being added, but no terminating NUL.
It was then compared using g_assert_cmpstr(), resulting in fairly random
assertion failures:

 ERROR:tests/test-string-output-visitor.c:213:test_visitor_out_enum: assertion failed (str == str_human): ("\"value1\"" == "\"value1\"\001EEEEEEEEEEEEEE\0171")

There is no g_assert_cmpnstr() counterpart, so use g_strdup_printf()
for safely assembling the string in the first place.

Cc: Hu Tao <hutao@cn.fujitsu.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Suggested-by: Eric Blake <eblake@redhat.com>
Fixes: b4900c0 tests: add human format test for string output visitor
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-07-14 12:03:20 +02:00
Paolo Bonzini acfb23ad3d AioContext: do not rely on aio_poll(ctx, true) result to end a loop
Currently, whenever aio_poll(ctx, true) has completed all pending
work it returns true *and* the next call to aio_poll(ctx, true)
will not block.

This invariant has its roots in qemu_aio_flush()'s implementation
as "while (qemu_aio_wait()) {}".  However, qemu_aio_flush() does
not exist anymore and bdrv_drain_all() is implemented differently;
and this invariant is complicated to maintain and subtly different
from the return value of GMainLoop's g_main_context_iteration.

All calls to aio_poll(ctx, true) except one are guarded by a
while() loop checking for a request to be incomplete, or a
BlockDriverState to be idle.  The one remaining call (in
iothread.c) uses this to delay the aio_context_release/acquire
pair until the AioContext is quiescent, however:

- we can do the same just by using non-blocking aio_poll,
  similar to how vl.c invokes main_loop_wait

- it is buggy, because it does not ensure that the AioContext
  is released between an aio_notify and the next time the
  iothread goes to sleep.  This leads to hangs when stopping
  the dataplane thread.

In the end, these semantics are a bad match for the current
users of AioContext.  So modify that one exception in iothread.c,
which also fixes the hangs, as well as the testcase so that
it use the same idiom as the actual QEMU code.

Reported-by: Christian Borntraeger <borntraeger@de.ibm.com>
Tested-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-07-14 12:03:20 +02:00
Stefan Hajnoczi f897bf751f virtio-blk: embed VirtQueueElement in VirtIOBlockReq
The memory allocation between hw/block/virtio-blk.c,
hw/block/dataplane/virtio-blk.c, and hw/virtio/dataplane/vring.c is
messy.  Structs are allocated in different files than they are freed in.
This is risky and makes memory leaks easier.

Embed VirtQueueElement in VirtIOBlockReq to reduce the amount of memory
allocation we need to juggle.  This also makes vring.c and virtio.c
slightly more similar.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-07-14 12:03:20 +02:00
Stefan Hajnoczi 869d66af53 virtio-blk: avoid g_slice_new0() for VirtIOBlockReq and VirtQueueElement
In commit de6c8042ec ("virtio-blk: Avoid
zeroing every request structure") we avoided the 40 KB memset when
allocating VirtIOBlockReq.

The memset was reintroduced in commit
671ec3f056 ("virtio-blk: Convert
VirtIOBlockReq.elem to pointer").

It must be fixed again to avoid a performance regression.

Cc: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-07-14 12:03:20 +02:00
Stefan Hajnoczi abd764250f dataplane: do not free VirtQueueElement in vring_push()
VirtQueueElement is allocated in vring_pop() so it seems to make sense
that vring_push() should free it.  Alas, virtio-blk frees
VirtQueueElement itself in virtio_blk_free_request().

This patch solves a double-free assertion in glib's g_slice_free().

Rename vring_free_element() to vring_unmap_element() since it no longer
frees the VirtQueueElement.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Tested-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-07-14 12:03:20 +02:00
Stefan Hajnoczi 0a21ea3289 virtio-blk: avoid dataplane VirtIOBlockReq early free
VirtIOBlockReq is freed later by virtio_blk_free_request() in
hw/block/virtio-blk.c.  Remove this extraneous g_slice_free().

This patch fixes the following segfault:

  0x00005555556373af in virtio_blk_rw_complete (opaque=0x5555565ff5e0, ret=0) at hw/block/virtio-blk.c:99
  99          bdrv_acct_done(req->dev->bs, &req->acct);
  (gdb) print req
  $1 = (VirtIOBlockReq *) 0x5555565ff5e0
  (gdb) print req->dev
  $2 = (VirtIOBlock *) 0x0
  (gdb) bt
  #0  0x00005555556373af in virtio_blk_rw_complete (opaque=0x5555565ff5e0, ret=0) at hw/block/virtio-blk.c:99
  #1  0x0000555555840ebe in bdrv_co_em_bh (opaque=0x5555566152d0) at block.c:4675
  #2  0x000055555583de77 in aio_bh_poll (ctx=ctx@entry=0x5555563a8150) at async.c:81
  #3  0x000055555584b7a7 in aio_poll (ctx=0x5555563a8150, blocking=blocking@entry=true) at aio-posix.c:188
  #4  0x00005555556e520e in iothread_run (opaque=0x5555563a7fd8) at iothread.c:41
  #5  0x00007ffff42ba124 in start_thread () from /usr/lib/libpthread.so.0
  #6  0x00007ffff16d14bd in clone () from /usr/lib/libc.so.6

Reported-by: Max Reitz <mreitz@redhat.com>
Cc: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Tested-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-07-14 12:03:20 +02:00
Kevin Wolf 8eb029c26e block: Assert qiov length matches request length
At least raw-posix relies on this because it can allocate bounce buffers
based on the request length, but access it using all of the qiov entries
later.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
2014-07-14 12:03:20 +02:00
Kevin Wolf f06ee3d4aa qed: Make qiov match request size until backing file EOF
If a QED image has a shorter backing file and a read request to
unallocated clusters goes across EOF of the backing file, the backing
file sees a shortened request and the rest is filled with zeros.
However, the original too long qiov was used with the shortened request.

This patch makes the qiov size match the request size, avoiding a
potential buffer overflow in raw-posix.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2014-07-14 12:03:20 +02:00
Kevin Wolf 44deba5a52 qcow2: Make qiov match request size until backing file EOF
If a qcow2 image has a shorter backing file and a read request to
unallocated clusters goes across EOF of the backing file, the backing
file sees a shortened request and the rest is filled with zeros.
However, the original too long qiov was used with the shortened request.

This patch makes the qiov size match the request size, avoiding a
potential buffer overflow in raw-posix.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
2014-07-14 12:03:20 +02:00
Kevin Wolf 33f461e0c5 block: Make qiov match the request size until EOF
If a read request goes across EOF, the block driver sees a shortened
request that stops at EOF (the rest is memsetted in block.c), however
the original qiov was used for this request.

This patch makes the qiov size match the request size, avoiding a
potential buffer overflow in raw-posix.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
2014-07-14 12:03:20 +02:00
Fam Zheng 2039511b8f scsi: Report error when lun number is in use
In the case that the lun number is taken by another scsi device, don't
release the existing device siliently, but report an error to user.

Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-07-14 11:54:57 +02:00
Jason J. Herne 85ad6230b3 s390x/kvm: synchronize guest floating point registers
Add code to kvm_arch_get_registers and kvm_arch_put_registers to
save/restore floating point registers. This missing sync was
unnoticed until migration of userspace that uses fprs.

Signed-off-by: Jason J. Herne <jjherne@us.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
[Update patch to latest upstream]
Cc: qemu-stable@nongnu.org
Reviewed-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2014-07-14 09:15:38 +02:00
Nikolay Nikolaev 0e3cd8334a qtest: fix vhost-user-test compilation with old GLib
Mising G_TIME_SPAN_SECOND definition breaks the RHEL6 compilation as GLib
version before 2.26 does not have it. In such case just define it.

Reported-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Nikolay Nikolaev <n.nikolaev@virtualopensystems.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-07-14 00:42:54 +03:00
Hu Tao 75902802c2 fix typo: apci -> acpi
Signed-off-by: Hu Tao <hutao@cn.fujitsu.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

MST: rebase
2014-07-11 21:31:55 +03:00
Eduardo Habkost faab459797 pc_piix: Reuse pc_compat_1_2() for pc-0.1[0123]
pc-0.13 and older were missing some compat code that was present on
newer machine-types:

* x86_cpu_compat_disable_kvm_features(FEAT_1_ECX, CPUID_EXT_X2APIC);
  (pc-i440fx-1.7 and older)
  (added by commit ef02ef5f45)
* x86_cpu_compat_set_features("n270", FEAT_1_ECX, 0, CPUID_EXT_MOVBE);
  (pc-i440fx-1.4 and older)
  (added by commit 4458c23672
* x86_cpu_compat_set_features("Westmere", FEAT_1_ECX, 0, CPUID_EXT_PCLMULQDQ);
  (pc-i440fx-1.4 and older)
  (added by commit 56383703c0)

Instead of duplicating the code from the previous pc_compat_*()
functions, we can now reuse pc_compat_1_2() and fix those issues.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-07-11 21:13:00 +03:00
Igor Mammedov 4ec6ee5ace pc: fix qemu exiting with error when -m X < 128 with old machines types
If machine doesn't support memory hotplug then staring QEMU
with initial memory less than default will make QEMU exit with
following error message:

$QEMU -m 16  -M isapc
qemu-system-i386: "-memory 'slots|maxmem'" is not supported by: isapc

Set maxram_size to initial memory value before parsing
'maxmem' option allows to keep maxmem in sync with initial
memory size if no maxmem option was specified.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
CC: Bruce Rogers <brogers@suse.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-07-11 21:05:14 +03:00
Peter Maydell ab6d3749c4 vga: some cirrus fixes.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJTv7CYAAoJEEy22O7T6HE4yC0QALjHJKFT3Y3Fw9JguQdVJvsm
 Dam6p0OhaYLQn11Uh2KvR5vGUGDCZ0z0Y4PGTfWT2PpmRhR8Vxj7RG7FL3cVmcva
 unq88nKcUWK45rInZ1buzDTSZrL5YZXy00wfiBmQ/pGQ4yQ69drkhV0T1QQSCs5g
 +LAENT6DqJgk/6s9T0CmeN7itTMm9O6iOqqw/d13ziHWoHtT2+pAMM3btlyQLaIE
 qRhzOwaBi7+jPZp53xH6GI09aDQrlE71f//R47yKFCbhEsRYMAxwm/uD3rewb+vi
 x/U2tpg77xqelYchHgtb50r5gj4Mur74mqZAKTjqwM49GRhQoJTEMRt8WaZEHFzd
 NeldDea619M5BmuH7XjLvEfNC+bS2EaO80LGBmvkBpP0gZbcIRX2BUZND49+z5Ys
 rSA6KzNJQj+wo52xfteoxIvOSeItuuTt32BeflRNvUVpJXU4FBr7zTq+vlP+Z3dW
 NaM8QDKa8ikWFtzLHRywTrYY97z0FldN0scnsUZObmEzBrN2amEnEgHf2w/pkyd6
 gS1zq6OL8iOZb4T3LWXItbgflqJscuD2eHW9ZH6BRXS6Ejlp5xPAb1Vtvw9Iyo7A
 O1dzDOcyFypCQZrud4kd6/pPiCPp8xDoZN9P+g3sPqQfRDHiPU6fGAftDTPKd2A5
 8gkOX+K9g5RD5jlFxlm6
 =gpXl
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/pull-vga-20140711-1' into staging

vga: some cirrus fixes.

# gpg: Signature made Fri 11 Jul 2014 10:38:32 BST using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-vga-20140711-1:
  cirrus: Fix host CPU blits
  cirrus: Fix build of debug code
  cirrus_vga: adding sanity check for vram size

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-07-11 17:50:38 +01:00
Peter Maydell aee230d707 mtp: linux guest detection fix
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJTv700AAoJEEy22O7T6HE4q5MQANaXoHxzlCv5j5YHsdMcK/zU
 MHyvY92tzYFlw7B0SojqOegqkrFXmlKIXwBEK2hGuMczeD8f4mjwWrcBy8n+ZVi/
 uu8j2ageKppU1ucaGmlEYNE+wNZFZFTI6koGfRlBi8Aca9ixCPJGjLelxmxWzwRk
 abMk93Wt/e99FP2TQN1WH/B2dtKKlUFxd1YJIPLlB3sYxs9I4cVgAZ5YVzOxPUOU
 ESdSpfgQDZvL0jycaS4MXkJQNrvdhtscSfhUy/gp6MdHrrP8zIJbOdLb4+XMOipH
 FtclTrH3xZxJQg4ESsQv/sFTf5JgDSCr4xsd1yCWT2bFPeq24iJIgEArQM3RDgPY
 UJa+pzp2ioZ7gLCVpXxUolUoxvEGPwway000AqxhwRGvM4TCiYyQ/W31Pn4zMJc5
 W1UyE9n4hq6sr3FTa/kgzosBYdDHgQnz9kGSLEmzPCvpUQkmLjSPzVPS8id7ZCgn
 fz+0unJgHRM4xVVf6GMptSgG4nbaVU4WeQ7NwM5Kn0xrUd/VVzbqllq8PodpaRXT
 nYx+dVFFwoiDXRhBNTn3Z65vKN49sdMv9nCkTSqCIWxKRbqxfltoooHTSwBV5OL1
 v6VXTb5ZZOZweHK/qdli5InND1KF8aJa1w2IDt6xyIKtDfPuC1MqLzfXJuvGsfHz
 qU9KgU8XSx2kc0OuZ+fX
 =YT+T
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/pull-usb-20140711-1' into staging

mtp: linux guest detection fix

# gpg: Signature made Fri 11 Jul 2014 11:32:20 BST using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-usb-20140711-1:
  mtp: linux guest detection fix.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-07-11 16:01:38 +01:00
Peter Maydell 42ca32f776 spice: auth fixes
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJTv6ubAAoJEEy22O7T6HE4dV8QANelATxQDNDkRAhBsDG8j7A9
 AgZoU4AhVve/xAJMDeHVTaqt2b5Kf3M2Jg4cDZxAXp0gABbFbNLzL4Xtw7mEBgpv
 gOdjWa/tXT/ugvZzCwZL82Ofk0bIpvjVwtfyMk+4i+x4XfpYrdYV60KH9Cw/MSF1
 GTLtrItlbUNxvwuiE/ErzVyCZ6huGah+vcskWuiKx0BOUE+IytE2ofv8BLwNWU5D
 sznOxZESQR+n5mhJLfD867L4r3jRzqiXNGO1MeKHPOBEGgL23eOwGuFsjtFZFJq5
 pcaYadSMCDlVTELs3eWKOcslEQMS9EbumH57lE+D5EKG7cynw8QpEmiAlb00g94O
 QMAplV73B7p9mfJGcx3u6Sj4PNXS+VjK2J6N0OVPHgWohpaGkH3bxjJUgKH/PikN
 cHIIciT0Y0fWLuvpPh5Iza4zkRhux8rjT46YoIyQw6H2AIyOVO1GOsQ285TtcJfh
 FuEBJ/47YyL+ZX0Qj6ZrlBQqTnAAXbULR8gTFqrg3xYNOP5popDEb+tdUFbvsrVd
 N3kzFR5DEDsABlfTH7FeA3KC2KsaaDBlgFT7uIyHY7wTs2HQuJPi45fOtv80IOn0
 NQPelGNOMir34VCpw/60PLXfrtO7TCK2OWun1YTbVsuK2TXMtB3wKzjKlajGeiqZ
 CAnd5AyHav5G2PCRiU+6
 =m1sh
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/spice/tags/pull-spice-20140711-1' into staging

spice: auth fixes

# gpg: Signature made Fri 11 Jul 2014 10:17:15 BST using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/spice/tags/pull-spice-20140711-1:
  spice: auth fixes

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-07-11 14:50:18 +01:00
Peter Maydell 22df3452dc ui/gtk: Restore keyboard focus after Page change
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJTv6RdAAoJEEy22O7T6HE4jMUQANscE1w8llXtYFqBuGjzj9Yw
 45OnIQ6XAiZb7g6MPvKIwCyM7EemmJHV/joR7NqcSl9LsY02vg0eaS4rn4dSsGBM
 6esKTolQ8SgFkNSRsLxUj5+857cxBFMNDhgzId860m3OYYsETEd0pqn26UVAlJkt
 BQrikoGCuQW3Z45xv4xH4nrU2VfsLqz5EP/o6nshnljbswbrTFawA/tQ0vXBk6iy
 PEUwN9WiOhOrZfRd8YoRuo7hXth1tZO5954HJBlzXXsdm2fxypJ/rJj+s8gCXFpm
 zf7fAjwRWhF3pX/SBN1orX7x6rmC4qnQDAxGOkweLTS4gFB1ID99LsmCueUPIGF8
 Rbcogxi9Fg0koZjhZVbQDjLm1/7fPWxDK+kqMSS/O1HST7MG4IzeRJAkfnF/wFV+
 Mt07Q5gVGch4ESJytQj4yO8anJH+94229kjooQGShyH549mRx86InwD2LuEwlndk
 9W3FeZw8SATpwlP3aewngLZtoiuf5LeKriGQWAP0gI0TgxKCqkv9zC/xsST1cx8c
 rForOK1LH3tNSnDkAvVK5O4+x2Slv2ZTrvKN2bNTz8vQAFxyaArPpsVR8PK/oaUF
 HAKntzVFuAnas/4I/pUl7t5d+TOFPeHPLG6Kcmjpw5ds+bnckmza0D0NsqABp3Dd
 w+fgr2tv+a59i+sl41Ca
 =KN7k
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/pull-gtk-20140711-1' into staging

ui/gtk: Restore keyboard focus after Page change

# gpg: Signature made Fri 11 Jul 2014 09:46:21 BST using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-gtk-20140711-1:
  ui/gtk: Restore keyboard focus after Page change

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-07-11 13:48:07 +01:00
Gerd Hoffmann 13d54125a3 mtp: linux guest detection fix.
Attach a name to the MTP interface (android phones have this too).

With this patch recent linux guests such as fedora 20 happily detect and
use the device.  It shows up in nautilus file manager automatically, and
simple-mtpfs can mount it.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-07-11 12:31:41 +02:00
John Snow e72b59fa93 ui/gtk: Restore keyboard focus after Page change
(Resending for correct email addresses via MAINTAINERS ...)

In the GTK UI, after changing focus to the qemu monitor Notebook Page,
when restoring focus to the virtual machine page, the keyboard focus is lost
to a hidden GTK widget. Focus can only be restored to the virtual machine by
pressing "tab" or any of the four directional arrow keys.

Clicking in the window or grabbing/ungrabbing input does not restore keyboard
focus to the child widget.

This patch adjusts the Notebook page switching callback to automatically
steal keyboard focus on the Page switch event, so that keyboard input
does not appear to break or disappear after tabbing to the QEMU monitor.

Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-07-11 10:44:00 +02:00
Benjamin Herrenschmidt d16136d22a cirrus: Fix host CPU blits
Commit b2eb849d4b
"CVE-2007-1320 - Cirrus LGD-54XX "bitblt" heap overflow" broke
cpu to video blits.

When the ROP function is called from cirrus_bitblt_cputovideo_next(),
we pass 0 for the pitch but only operate on one line at a time. The
added test was tripping because after the initial substraction, the
pitch becomes negative. Make the test only trip when the height is
larger than one (ie. the pitch is actually used).

This fixes HW cursor support in Windows NT4.0 (which otherwise was
a white rectangle) and general display of icons in that OS when using
8bpp mode.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-07-11 10:17:02 +02:00
Benjamin Herrenschmidt e8ee4b68be cirrus: Fix build of debug code
Use PRIu64 to print uint64_t

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-07-11 10:17:01 +02:00
Gonglei f61d82c2df cirrus_vga: adding sanity check for vram size
when configure a invalid vram size for cirrus card, such as less
2 MB, which will crash qemu. Follow the real hardware, the cirrus
card has 4 MB video memory. Also for backward compatibility, accept
8 MB and 16 MB vram size.

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-07-11 10:17:01 +02:00
Gerd Hoffmann b1ea7b79e1 spice: auth fixes
Set auth to sasl when sasl is enabled, this makes "info spice" correctly
display sasl auth.  Also throw an error in case someone tries to set
a spice password via monitor without auth mode being "spice".

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-07-11 10:12:47 +02:00
Peter Maydell 74aeb37de0 Merge remote-tracking branch 'remotes/kvm/uq/master' into staging
* remotes/kvm/uq/master:
  qtest: fix vhost-user-test compilation with old GLib
  mc146818rtc: register the clock reset notifier on the right clock
  oslib-posix: Fix new compiler error with -Wclobbered
  target-i386: Add "kvmclock-stable-bit" feature bit name
  Enforce stack protector usage
  watchdog: fix deadlock with -watchdog-action pause
  mips_malta: Catch kernels linked at wrong address
  mips_malta: Remove incorrect KVM T&E references
  mips/kvm: Disable FPU on reset with KVM
  mips/kvm: Init EBase to correct KSEG0

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-07-10 17:37:16 +01:00