aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2012-08-10ahci: Fix ahci cdrom read corruptions for reads > 128kJason Baron
While testing q35, which has its cdrom attached to the ahci controller, I found that the Fedora 17 install would panic on boot. The panic occurs while squashfs is trying to read from the cdrom. The errors are: [ 8.622711] SQUASHFS error: xz_dec_run error, data probably corrupt [ 8.625180] SQUASHFS error: squashfs_read_data failed to read block 0x20be48a I was also able to produce corrupt data reads using an installed piix based qemu machine, using 'dd'. I found that the corruptions were only occuring when then read size was greater than 128k. For example, the following command results in corrupted reads: dd if=/dev/sr0 of=/tmp/blah bs=256k iflag=direct The > 128k size reads exercise a different code path than 128k and below. In ide_atapi_cmd_read_dma_cb() s->io_buffer_size is capped at 128k. Thus, ide_atapi_cmd_read_dma_cb() is called a second time when the read is > 128k. However, ahci_dma_rw_buf() restart the read from offset 0, instead of at 128k. Thus, resulting in a corrupted read. To fix this, I've introduced 'io_buffer_offset' field in IDEState to keep track of the offset. I've also modified ahci_populate_sglist() to take a new 3rd offset argument, so that the sglist is property initialized. I've tested this patch using 'dd' testing, and Fedora 17 now correctly boots and installs on q35 with the cdrom ahci controller. Signed-off-by: Jason Baron <jbaron@redhat.com> Tested-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-08-10virtio-blk: fix use-after-free while handling scsi commandsAvi Kivity
The scsi passthrough handler falls through after completing a request into the failure path, resulting in a use after free. Reproducible by running a guest with aio=native on a block device. Reported-by: Stefan Priebe <s.priebe@profihost.ag> Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-08-09handle device help before accelerator set upBruce Rogers
A command line device probe using just -device "?" gets processed after qemu-kvm initializes the accelerator. If /dev/kvm is not present, the accelerator check will fail (kvm is defaulted to on), which causes libvirt to not be set up to handle qemu guests. Moving the device help handling before the accelerator set up allows the device probe to work in this configuration and libvirt succeeds in setting up for a qemu hypervisor mode. Signed-off-by: Bruce Rogers <brogers@suse.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-08-09Merge branch 'x86cpu_qom_tcg_v2' of git://github.com/imammedo/qemuBlue Swirl
* 'x86cpu_qom_tcg_v2' of git://github.com/imammedo/qemu: target-i386: move tcg initialization into x86_cpu_initfn() cleanup cpu_set_debug_excp_handler target-xtensa: drop usage of prev_debug_excp_handler target-i386: drop usage of prev_debug_excp_handler
2012-08-09qemu_rearm_alarm_timer: do not call rearm if the next deadline is INT64_MAXStefano Stabellini
qemu_rearm_alarm_timer partially duplicates the code in qemu_next_alarm_deadline to figure out if it needs to rearm the timer. If it calls qemu_next_alarm_deadline, it always rearms the timer even if the next deadline is INT64_MAX. This patch simplifies the behavior of qemu_rearm_alarm_timer and removes the duplicated code, always calling qemu_next_alarm_deadline and only rearming the timer if the deadline is less than INT64_MAX. Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Reviewed-by: Stefan Weil <sw@weilnetz.de> Tested-by: Andreas Färber <andreas.faerber@web.de> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-08-09target-xtensa: make 'sim' to be the default machineMax Filippov
This fixes the following error: $ qemu-system-xtensa -cpu help Segmentation fault Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-08-09target-xtensa: make default CPU depend on target endiannessMax Filippov
This makes usable default for -cpu option both for qemu-system-xtensa and qemu-system-xtensaeb fixing the following error: $ qemu-system-xtensaeb -M sim Unable to find CPU definition Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> Tested-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-08-09MIPS: Correct FCR0 initializationNathan Froyd
This change addresses a problem where QEMU incorrectly traps on floating-point MADD group instructions with SIGILL, at least while emulating MIPS32r2 processors. These instructions use the COP1X major opcode and include ones like: madd.d $f2,$f4,$f2,$f6 Here's Nathan's original analysis of the problem: "QEMU essentially does: d = find_cpu (cpu_string) // get CPU definition fpu_init (env, d) // initialize fpu state (init FCR0, basically) cpu_reset (env) ...and the cpu_reset call clears all interesting state that fpu_init setup, then proceeds to reinitialize all the CP0 registers...but not FCR0." I have verified this change with system emulation running the GDB test suite for the mips-sde-elf target (o32, big endian, 24Kf CPU emulated), there were 55 progressions and no regressions. Signed-off-by: Maciej W. Rozycki <macro@codesourcery.com> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-08-09scsi-bus: remove overlapping entryBlue Swirl
LOAD_UNLOAD and START_STOP have same value, so the table entry is initialized twice. Spotted by Clang compiler. Remove LOAD_UNLOAD entry since START_STOP entry already represents both. Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-08-09xilinx_axienet: avoid useless self-assignmentBlue Swirl
Statement s=s; makes little sense, remove it. Spotted by Clang compiler. Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-08-09user: fix accidental AREG0 useBlue Swirl
Global register AREG0 was always assumed to be usable in user-exec.c, but this is incorrect for several targets. Fix with #ifdeffery and by using other variables. Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-08-09qapi: avoid reserved keywordsBlue Swirl
Clang compiler complained about use of reserved word 'restrict' in SLIRP and QAPI. Prefix C keywords with "q_", adjust SLIRP accordingly. Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-08-09sparc: fix expression with uninitialized initial valueBlue Swirl
err was uninitialized, it's not OK to use |=. Spotted by Clang compiler. Fix by implementing the earlier statement which initializes the variable. Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-08-09sparc: fix floppy TC line setupBlue Swirl
The qemu_irq for Terminal Count (TC) line between FDC and Slavio misc device was created only after use, spotted by Clang compiler. Also, it was not created if the FDC didn't exist. Rearrange code to fix order. Always create the TC line. Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-08-09esp: add Tekram DC-390 emulation (PC SCSI adapter)Hervé Poussineau
Difference with AMD PCscsi is that DC-390 contains a EEPROM, and that a romfile is available to add INT13 support. This has been successfully tested on: - MS DOS 6.22 (using DC390 ASPI driver) - MS Windows 98 SE (using DC390 driver) - MS Windows NT 3.1 (using DC390 driver) - MS Windows NT 4.0 (using DC390 driver) - hard disk and cdrom boot Signed-off-by: Hervé Poussineau <hpoussin@reactos.org> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-08-09Revert "pci: add some stubs"Hervé Poussineau
This reverts commit 0883c5159f1df05d8761014f65451c3c3b77ebcf. Those stubs were only used by PCI ESP emulation, which is now not compiled on architectures which have no PCI bus support. Signed-off-by: Hervé Poussineau <hpoussin@reactos.org> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-08-09esp: move PCI emulation to a new file esp-pci.cHervé Poussineau
sparc machines loose ability to instanciate PCI ESP SCSI adapter, which is not a big loose as they don't have PCI bus support. Signed-off-by: Hervé Poussineau <hpoussin@reactos.org> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-08-09esp: move some definitions to header fileHervé Poussineau
These will be used by next commits. Signed-off-by: Hervé Poussineau <hpoussin@reactos.org> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-08-09scsi-disk: add support for the UNMAP commandPaolo Bonzini
The unmap command can reuse the same infrastructure as MODE SELECT for reading the descriptor list into memory. The descriptors are processed sequentially. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-08-09scsi-disk: improve out-of-range LBA detection for WRITE SAMEPaolo Bonzini
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-08-09scsi-disk: more assertions and resets for aiocbPaolo Bonzini
Leaving the aiocb to a non-NULL value leads to an assertion failure when rerror/werror are set to stop or enospc, and the operation is retried. scsi-disk checks that the aiocb member is NULL before filling it. This patch correctly resets the aiocb to NULL values everywhere, and adds the dual assertion that the aiocb was non-NULL before calling bdrv_acct_done. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-08-09virtio-scsi: do not compare 32-bit QEMU tags against 64-bit virtio-scsi tagsPaolo Bonzini
This patch fixes a problem in handling task management functions in virtio-scsi. The cause of the problem is a mismatch between the size of the tag in QEMU (32-bit) and virtio-scsi (64-bit). Changing the QEMU size is hard because the migration format uses 32 bits to store the tag; so just don't use the QEMU tag (virtio-scsi only uses the tag for task management functions anyway) and look up the full 64-bit tag in the hba_private field. The reproducer is a bit obscure. If you cause an I/O timeout (for example with rerror=stop and doing 'cont' on the monitor continuously without fixing the error), sooner or later the guest will try to abort the command and reissue it. At this point, QEMU will report _two_ errors instead of one when you hit 'c', because the first error has not been canceled correctly. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-08-09iscsi: Pick default initiator-name based on the name of the VMRonnie Sahlberg
This patch updates the iscsi layer to automatically pick a 'unique' initiator-name based on the name of the vm in case the user has not set an explicit iqn-name to use. Create a new function qemu_get_vm_name() that returns the name of the VM, if specified. This way we can thus create default names to use as the initiator name based on the guest session. If the VM is not named via the '-name' command line argument, the iscsi initiator-name used wiull simply be iqn.2008-11.org.linux-kvm If a name for the VM was specified with the '-name' option, iscsi will use a default initiatorname of iqn.2008-11.org.linux-kvm:<name> These names are just the default iscsi initiator name that qemu will generate/use only when the user has not set an explicit initiator name via the commandlines or config files. Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
2012-08-08iscsi: reorganize code for parse_initiator_namePaolo Bonzini
Merge the occurrences of the "iqn.2008-11.org.linux-kvm" string to avoid duplication. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-08-08iscsi: do not leak initiator_namePaolo Bonzini
The argument of iscsi_create_context is never freed by libiscsi, which in fact calls strdup on it. Avoid a leak. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-08-07Merge remote-tracking branch 'kraxel/usb.58' into stagingAnthony Liguori
* kraxel/usb.58: usb-storage: fix SYNCHRONIZE_CACHE usb-storage: improve debug logging
2012-08-07Merge remote-tracking branch 'kwolf/for-anthony' into stagingAnthony Liguori
* kwolf/for-anthony: qemu-img: use QemuOpts instead of QEMUOptionParameter in resize function qemu-iotests: Be more flexible with image creation options qemu-iotests: add 039 qcow2 lazy refcounts test qemu-io: add "abort" command to simulate program crash qcow2: implement lazy refcounts qemu-iotests: ignore qemu-img create lazy_refcounts output docs: add lazy refcounts bit to qcow2 specification qcow2: introduce dirty bit docs: add dirty bit to qcow2 specification qemu-iotests: add qed.py image manipulation utility qapi: generalize documentation of streaming commands ide scsi: Mess with geometry only for hard disk devices
2012-08-07usb-storage: fix SYNCHRONIZE_CACHEGerd Hoffmann
Commit 59310659073d85745854f2f10c4292555c5a1c51 is incomplete, we'll arrive in the scsi command complete callback in CSW state and must handle that case correctly. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-08-07usb-storage: improve debug loggingGerd Hoffmann
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-08-06slirp: fix build on mingw32Anthony Liguori
in_addr_t isn't available on mingw32. Just use an unsigned long instead. I considered typedef'ing in_addr_t on mingw32 but this would potentially be brittle if mingw32 did introduce the type. Cc: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-06qemu-img: use QemuOpts instead of QEMUOptionParameter in resize functionDong Xu Wang
Signed-off-by: Dong Xu Wang <wdongxu@linux.vnet.ibm.com> Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-08-06qemu-iotests: Be more flexible with image creation optionsKevin Wolf
qemu-iotests already filters out image creation options that may be present or not in order to get the same output in both cases. However, often it only considers the default value of the option. Cover all valid values instead so that ./check -o name=value can be used successfull for all of them. Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-08-06qemu-iotests: add 039 qcow2 lazy refcounts testStefan Hajnoczi
This tests establishes the basic post-conditions of the qcow2 lazy refcounts features: 1. If the image was closed normally, it is marked clean. 2. If an allocating write was performed and the image was not closed normally, then it is marked dirty. a. Written data can be read back successfully. b. The image file can be repaired and will be marked clean again. c. The image file is automatically repaired when opened read/write. Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-08-06qemu-io: add "abort" command to simulate program crashStefan Hajnoczi
Avoiding data loss and corruption is the top requirement for image file formats. The qemu-io "abort" command makes it possible to simulate program crashes and does not give the image format a chance to cleanly shut down. This command is useful for data integrity test cases. Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-08-06qcow2: implement lazy refcountsStefan Hajnoczi
Lazy refcounts is a performance optimization for qcow2 that postpones refcount metadata updates and instead marks the image dirty. In the case of crash or power failure the image will be left in a dirty state and repaired next time it is opened. Reducing metadata I/O is important for cache=writethrough and cache=directsync because these modes guarantee that data is on disk after each write (hence we cannot take advantage of caching updates in RAM). Refcount metadata is not needed for guest->file block address translation and therefore does not need to be on-disk at the time of write completion - this is the motivation behind the lazy refcount optimization. The lazy refcount optimization must be enabled at image creation time: qemu-img create -f qcow2 -o compat=1.1,lazy_refcounts=on a.qcow2 10G qemu-system-x86_64 -drive if=virtio,file=a.qcow2,cache=writethrough Update qemu-iotests 031 and 036 since the extension header size changes when we add feature bit table entries. Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-08-06qemu-iotests: ignore qemu-img create lazy_refcounts outputStefan Hajnoczi
Hide the default lazy_refcounts=off output from qemu-img like we do with other image creation options. This ensures that existing golden outputs continue to pass despite the new option that has been added. Note that this patch applies before the one that actually introduces the lazy_refcounts=on|off option. This ensures git-bisect(1) continues to work. Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-08-06docs: add lazy refcounts bit to qcow2 specificationStefan Hajnoczi
The lazy refcounts bit indicates that this image can take advantage of the dirty bit and that refcount updates can be postponed. Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-08-06qcow2: introduce dirty bitStefan Hajnoczi
This patch adds an incompatible feature bit to mark images that have not been closed cleanly. When a dirty image file is opened a consistency check and repair is performed. Update qemu-iotests 031 and 036 since the extension header size changes when we add feature bit table entries. Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-08-06docs: add dirty bit to qcow2 specificationStefan Hajnoczi
The dirty bit will make it possible to perform lazy refcount updates, where the image file is not kept consistent all the time. Upon opening a dirty image file, it is necessary to perform a consistency check and repair any incorrect refcounts. Therefore the dirty bit must be an incompatible feature bit. We don't want old programs accessing a file with stale refcounts. Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-08-06qemu-iotests: add qed.py image manipulation utilityStefan Hajnoczi
The qed.py utility can inspect and manipulate QED image files. It can be used for testing to see the state of image metadata and also to inject corruptions into the image file. It also has a scrubbing feature to copy just the metadata out of an image file, allowing users to share broken image files without revealing data in bug reports. This has lived in my local repo for a long time but could be useful to others. Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-08-06qapi: generalize documentation of streaming commandsPaolo Bonzini
Talk about background operations in general, rather than specifically about streaming. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-08-06ide scsi: Mess with geometry only for hard disk devicesMarkus Armbruster
Legacy -drive cyls=... are now ignored completely when the drive doesn't back a hard disk device. Before, they were first checked against a hard disk's limits, then ignored. Signed-off-by: Markus Armbruster <armbru@redhat.com> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-08-06virtio: fix vhost handlingPaolo Bonzini
Commit b1f416aa8d870fab71030abc9401cfc77b948e8e breaks vhost_net because it always registers the virtio_pci_host_notifier_read() handler function on the ioeventfd, even when vhost_net.ko is using the ioeventfd. The result is both QEMU and vhost_net.ko polling on the same eventfd and the virtio_net.ko guest driver seeing inconsistent results: # ifconfig eth0 192.168.0.1 netmask 255.255.255.0 virtio_net virtio0: output:id 0 is not a head! To fix this, proceed the same as we do for irqfd: add a parameter to virtio_queue_set_host_notifier_fd_handler and in that case only set the notifier, not the handler. Cc: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Tested-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-06Merge remote-tracking branch 'kiszka/queues/slirp' into stagingAnthony Liguori
* kiszka/queues/slirp: slirp: Handle whole 127.0.0.0/8 network as local addresses.
2012-08-04Merge branch 'axp-next' of git://repo.or.cz/qemu/rthBlue Swirl
* 'axp-next' of git://repo.or.cz/qemu/rth: alpha-linux-user: Fix the getpriority syscall alpha-linux-user: Properly handle the non-rt sigprocmask syscall. alpha-linux-user: Fix a3 error return with v0 error bypass. linux-user: Translate pipe2 flags; add to strace linux-user: Allocate the right amount of space for non-fixed file maps linux-user: Handle O_SYNC, O_NOATIME, O_CLOEXEC, O_PATH linux-user: Sync fcntl.h bits with the kernel alpha-linux-user: Handle TARGET_SSI_IEEE_RAISE_EXCEPTION properly alpha-linux-user: Work around hosted mmap allocation problems alpha-linux-user: Fix signal handling
2012-08-04alpha-linux-user: Fix the getpriority syscallRichard Henderson
Alpha uses unbiased priority values in the syscall, with the a3 return value signaling error conditions. Therefore, properly interpret the libc getpriority as needed for the guest rather than passing the host value through unchanged. Signed-off-by: Richard Henderson <rth@twiddle.net>
2012-08-04alpha-linux-user: Properly handle the non-rt sigprocmask syscall.Richard Henderson
Name the syscall properly for QEMU, kernel source notwithstanding. Fix syntax errors in the code thus enabled within do_syscall. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
2012-08-04alpha-linux-user: Fix a3 error return with v0 error bypass.Richard Henderson
We were failing to initialize a3 for syscalls that bypass the negative return value error check. Signed-off-by: Richard Henderson <rth@twiddle.net>
2012-08-04linux-user: Translate pipe2 flags; add to straceRichard Henderson
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
2012-08-04linux-user: Allocate the right amount of space for non-fixed file mapsRichard Henderson
If we let the kernel handle the implementation of mmap_find_vma, via an anon mmap, we must use the size as indicated by the user and not the size truncated to the filesize. This happens often in ld.so, where we initially mmap the file to the size of the text+data+bss to reserve an area, then mmap+fixed over the top to properly handle data and bss. Signed-off-by: Richard Henderson <rth@twiddle.net>