[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] f399ea: scsi-disk: Fix assertion failure on W
|
From: |
GitHub |
|
Subject: |
[Qemu-commits] [qemu/qemu] f399ea: scsi-disk: Fix assertion failure on WRITE SAME |
|
Date: |
Tue, 03 Nov 2015 13:30:07 -0800 |
Branch: refs/heads/stable-2.4
Home: https://github.com/qemu/qemu
Commit: f399ea092ea46c82b819ba1fdbcb082eb8019a32
https://github.com/qemu/qemu/commit/f399ea092ea46c82b819ba1fdbcb082eb8019a32
Author: Fam Zheng <address@hidden>
Date: 2015-10-17 (Sat, 17 Oct 2015)
Changed paths:
M hw/scsi/scsi-disk.c
Log Message:
-----------
scsi-disk: Fix assertion failure on WRITE SAME
The last portion of an unaligned WRITE SAME command could fail the
assertion in bdrv_aligned_pwritev:
assert(!qiov || bytes == qiov->size);
Because we updated data->iov.iov_len right above this if block, but
data->qiov still has the old size.
Reinitialize the qiov to make them equal and keep block layer happy.
Cc: address@hidden
Signed-off-by: Fam Zheng <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
(cherry picked from commit a56537a12757a8cdee24ad8c83e5af7a9833ea70)
Signed-off-by: Michael Roth <address@hidden>
Commit: 0de7d2b793f2e3cfeedfc822429a6bce6e48bda3
https://github.com/qemu/qemu/commit/0de7d2b793f2e3cfeedfc822429a6bce6e48bda3
Author: Kevin Wolf <address@hidden>
Date: 2015-10-17 (Sat, 17 Oct 2015)
Changed paths:
M block/mirror.c
Log Message:
-----------
mirror: Fix coroutine reentrance
This fixes a regression introduced by commit dcfb3beb ("mirror: Do zero
write on target if sectors not allocated"), which was reported to cause
aborts with the message "Co-routine re-entered recursively".
The cause for this bug is the following code in mirror_iteration_done():
if (s->common.busy) {
qemu_coroutine_enter(s->common.co, NULL);
}
This has always been ugly because - unlike most places that reenter - it
doesn't have a specific yield that it pairs with, but is more
uncontrolled. What we really mean here is "reenter the coroutine if
it's in one of the four explicit yields in mirror.c".
This used to be equivalent with s->common.busy because neither
mirror_run() nor mirror_iteration() call any function that could yield.
However since commit dcfb3beb this doesn't hold true any more:
bdrv_get_block_status_above() can yield.
So what happens is that bdrv_get_block_status_above() wants to take a
lock that is already held, so it adds itself to the queue of waiting
coroutines and yields. Instead of being woken up by the unlock function,
however, it gets woken up by mirror_iteration_done(), which is obviously
wrong.
In most cases the code actually happens to cope fairly well with such
cases, but in this specific case, the unlock must already have scheduled
the coroutine for wakeup when mirror_iteration_done() reentered it. And
then the coroutine happened to process the scheduled restarts and tried
to reenter itself recursively.
This patch fixes the problem by pairing the reenter in
mirror_iteration_done() with specific yields instead of abusing
s->common.busy.
Cc: address@hidden
Signed-off-by: Kevin Wolf <address@hidden>
Reviewed-by: Paolo Bonzini <address@hidden>
Reviewed-by: Stefan Hajnoczi <address@hidden>
Reviewed-by: Jeff Cody <address@hidden>
Message-id: address@hidden
Signed-off-by: Jeff Cody <address@hidden>
(cherry picked from commit e424aff5f307227b1c2512bbb8ece891bb895cef)
Signed-off-by: Michael Roth <address@hidden>
Commit: 5b7d840e741aa06751b0fcec02ccda50a6bd574d
https://github.com/qemu/qemu/commit/5b7d840e741aa06751b0fcec02ccda50a6bd574d
Author: Peter Maydell <address@hidden>
Date: 2015-10-17 (Sat, 17 Oct 2015)
Changed paths:
M target-arm/arm-semi.c
Log Message:
-----------
target-arm/arm-semi.c: Fix broken SYS_WRITE0 via gdb
A spurious trailing "\n" in the gdb syscall format string used
for SYS_WRITE0 meant that gdb would reject the remote syscall,
with the effect that the output from the guest was silently dropped.
Remove the newline so that gdb accepts the packet.
Cc: address@hidden
Signed-off-by: Peter Maydell <address@hidden>
(cherry picked from commit 857b55adb77004d9ec9202078b7f1f3a1a076112)
Signed-off-by: Michael Roth <address@hidden>
Commit: 2ac9fa162e25019eaa548f1fadfee256af88ca0f
https://github.com/qemu/qemu/commit/2ac9fa162e25019eaa548f1fadfee256af88ca0f
Author: Peter Lieven <address@hidden>
Date: 2015-10-17 (Sat, 17 Oct 2015)
Changed paths:
M block/iscsi.c
Log Message:
-----------
block/iscsi: validate block size returned from target
It has been reported that at least tgtd returns a block size of 0
for LUN 0. To avoid running into divide by zero later on and protect
against other problematic block sizes validate the block size right
at connection time.
Cc: address@hidden
Reported-by: Andrey Korolyov <address@hidden>
Signed-off-by: Peter Lieven <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
(cherry picked from commit 6d1f252d8c1ba73bf6ed9af28731a9c9c3d473a2)
Signed-off-by: Michael Roth <address@hidden>
Commit: 637dd0bb7c0e8a3275230b771085439f256b403d
https://github.com/qemu/qemu/commit/637dd0bb7c0e8a3275230b771085439f256b403d
Author: Peter Crosthwaite <address@hidden>
Date: 2015-10-17 (Sat, 17 Oct 2015)
Changed paths:
M include/exec/exec-all.h
Log Message:
-----------
exec-all: Translate TCI return addresses backwards too
This subtraction of return addresses applies directly to TCI as well as
host-TCG. This fixes Linux boots for at least Microblaze, CRIS, ARM and
SH4 when using TCI.
[sw: Removed indentation for preprocessor statement]
[sw: The patch also fixes Linux boot for x86_64]
Reviewed-by: Richard Henderson <address@hidden>
Signed-off-by: Stefan Weil <address@hidden>
Signed-off-by: Peter Crosthwaite <address@hidden>
(cherry picked from commit a17d448274575efbfcc1c04ec2641a0afeb74e17)
Signed-off-by: Michael Roth <address@hidden>
Commit: d9af73191cc4a1f23ca8149ca2d5f71f74f5329d
https://github.com/qemu/qemu/commit/d9af73191cc4a1f23ca8149ca2d5f71f74f5329d
Author: Peter Lieven <address@hidden>
Date: 2015-10-17 (Sat, 17 Oct 2015)
Changed paths:
M block/nfs.c
Log Message:
-----------
block/nfs: fix calculation of allocated file size
st.st_blocks is always counted in 512 byte units. Do not
use st.st_blksize as multiplicator which may be larger.
Cc: address@hidden
Signed-off-by: Peter Lieven <address@hidden>
Reviewed-by: Max Reitz <address@hidden>
Reviewed-by: Jeff Cody <address@hidden>
Message-id: address@hidden
Signed-off-by: Jeff Cody <address@hidden>
(cherry picked from commit 055c6f912c8d3cd9a901972ae432c47e5872f71a)
Signed-off-by: Michael Roth <address@hidden>
Commit: 9a20ccaecd45f21ac4766ae6634aaa5499ddc772
https://github.com/qemu/qemu/commit/9a20ccaecd45f21ac4766ae6634aaa5499ddc772
Author: Max Reitz <address@hidden>
Date: 2015-10-17 (Sat, 17 Oct 2015)
Changed paths:
M qemu-img.c
Log Message:
-----------
qemu-img: Fix crash in amend invocation
Example:
$ ./qemu-img create -f qcow2 /tmp/t.qcow2 64M
$ ./qemu-img amend -f qcow2 -o backing_file=/tmp/t.qcow2, -o help \
/tmp/t.qcow2
This should not crash. This actually is tested by iotest 082, but not
caught due to the segmentation fault being silent (which is something
that needs to be fixed, too).
Reported-by: Dr. David Alan Gilbert <address@hidden>
Cc: qemu-stable <address@hidden>
Signed-off-by: Max Reitz <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Signed-off-by: Kevin Wolf <address@hidden>
(cherry picked from commit e814dffcc9810ed77fe99081be9751b620a894c4)
Signed-off-by: Michael Roth <address@hidden>
Commit: 71b685832de15374e75e382a6ff60c95ced37f82
https://github.com/qemu/qemu/commit/71b685832de15374e75e382a6ff60c95ced37f82
Author: Mark Cave-Ayland <address@hidden>
Date: 2015-10-17 (Sat, 17 Oct 2015)
Changed paths:
M hw/misc/macio/mac_dbdma.c
Log Message:
-----------
mac_dbdma: always clear FLUSH bit once DBDMA channel flush is complete
The code to flush the DBDMA channel was effectively duplicated in
dbdma_control_write(), except for the fact that the copy executed outside of a
RUN bit transition was broken by not clearing the FLUSH bit once the flush was
complete.
Newer PPC Linux kernels would timeout waiting for the FLUSH bit to clear again
after submitting a FLUSH command. Fix this by always clearing the FLUSH bit
once the channel flush is complete and removing the repeated code.
Reported-by: Aurelien Jarno <address@hidden>
Signed-off-by: Mark Cave-Ayland <address@hidden>
Reviewed-by: Aurelien Jarno <address@hidden>
Signed-off-by: Alexander Graf <address@hidden>
(cherry picked from commit 1cde732d88af34849343dc1f0e68072eab0841b9)
Signed-off-by: Michael Roth <address@hidden>
Commit: 955ff148de252b2fec92a1beef7f91c0987bb713
https://github.com/qemu/qemu/commit/955ff148de252b2fec92a1beef7f91c0987bb713
Author: Gonglei <address@hidden>
Date: 2015-10-17 (Sat, 17 Oct 2015)
Changed paths:
M hw/scsi/vhost-scsi.c
Log Message:
-----------
vhost-scsi: fix wrong vhost-scsi firmware path
vhost-scsi bootindex does't work because Qemu passes
wrong fireware path to seabios.
before:
/address@hidden/address@hidden@0/address@hidden,0
after applying the patch:
/address@hidden/address@hidden/address@hidden/address@hidden,0
Reported-by: Subo <address@hidden>
Signed-off-by: Gonglei <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
(cherry picked from commit f42bf6a262ab5923a1a3bc8f731b830396937c47)
Signed-off-by: Michael Roth <address@hidden>
Commit: 267bc474382f55eca082065a0f290695a5aa5242
https://github.com/qemu/qemu/commit/267bc474382f55eca082065a0f290695a5aa5242
Author: Michael S. Tsirkin <address@hidden>
Date: 2015-10-17 (Sat, 17 Oct 2015)
Changed paths:
M scripts/dump-guest-memory.py
Log Message:
-----------
scripts/dump-guest-memory.py: fix after RAMBlock change
commit 9b8424d5735278ca382f11adc7c63072b632ab83
"exec: split length -> used_length/max_length"
changed field names in struct RAMBlock
It turns out that scripts/dump-guest-memory.py was
poking at this field, update it accordingly.
Cc: address@hidden
Cc: Paolo Bonzini <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
(cherry picked from commit 0c71d41e2aa3c7356500ae624166f3bb8c201aee)
Signed-off-by: Michael Roth <address@hidden>
Commit: b51715e1c072ecc59a326f31c282501930f7c3ac
https://github.com/qemu/qemu/commit/b51715e1c072ecc59a326f31c282501930f7c3ac
Author: Alexander Graf <address@hidden>
Date: 2015-10-17 (Sat, 17 Oct 2015)
Changed paths:
M pc-bios/u-boot.e500
Log Message:
-----------
PPC: E500: Update u-boot to commit 79c884d7e4
The current U-Boot binary in QEMU has a bug where it fails to support
dynamic CCSR addressing. Without this support, u-boot can not boot the
ppce500 machine anymore. This has been fixed upstream in u-boot commit
e834975b.
Update the u-boot blob we carry in QEMU to the latest u-boot upstream,
so that we can successfully run u-boot with the ppce500 machine again.
CC: address@hidden
Signed-off-by: Alexander Graf <address@hidden>
Tested-by: Thomas Huth <address@hidden>
(cherry picked from commit d4574435a6530bbd96ae130eddfe5b676f91367a)
Signed-off-by: Michael Roth <address@hidden>
Commit: a00431853f6faef36618dad238a859e3d6805054
https://github.com/qemu/qemu/commit/a00431853f6faef36618dad238a859e3d6805054
Author: Cornelia Huck <address@hidden>
Date: 2015-10-17 (Sat, 17 Oct 2015)
Changed paths:
M hw/s390x/css.c
Log Message:
-----------
s390x/css: start with cleared cstat/dstat
When executing the start function, we should start with a clear state
regarding subchannel and device status; it is easy to forget updating one
of them after the ccw has been processed.
Note that we don't need to care about resetting the various control
fields: They are cleared by tsch(), and if they were still pending,
we wouldn't be able to execute the start function in the first
place.
Also note that we don't want to clear cstat/dstat if a suspended
subchannel is resumed.
This fixes a bug where we would continue to present channel-program
check in cstat even though later ccw requests for the subchannel
finished without error (i.e. cstat should be 0).
Cc: address@hidden
Signed-off-by: Cornelia Huck <address@hidden>
Reviewed-by: David Hildenbrand <address@hidden>
(cherry picked from commit 6b7741c2bedeae2e8c54fffce81723ca0a0c25c0)
Signed-off-by: Michael Roth <address@hidden>
Commit: d2b0f96fe2762e2863a6fbbb0acb02606537cc9e
https://github.com/qemu/qemu/commit/d2b0f96fe2762e2863a6fbbb0acb02606537cc9e
Author: Vladislav Yasevich <address@hidden>
Date: 2015-10-20 (Tue, 20 Oct 2015)
Changed paths:
M hw/net/rtl8139.c
Log Message:
-----------
rtl8139: Fix receive buffer overflow check
rtl8139_do_receive() tries to check for the overflow condition
by making sure that packet_size + 8 does not exceed the
available buffer space. The issue here is that RxBuffAddr,
used to calculate available buffer space, is aligned to a
a 4 byte boundry after every update. So it is possible that
every packet ends up being slightly padded when written
to the receive buffer. This padding is not taken into
account when checking for overflow and we may end up missing
the overflow condition can causing buffer overwrite.
This patch takes alignment into consideration when
checking for overflow condition.
Signed-off-by: Vladislav Yasevich <address@hidden>
Reviewed-by: Jason Wang <address@hidden>
Message-id: address@hidden
Signed-off-by: Stefan Hajnoczi <address@hidden>
(cherry picked from commit fabdcd3392f16fc666b1d04fc1bbe5f1dbbf10a4)
Signed-off-by: Michael Roth <address@hidden>
Commit: f6737604da3b44322a91ebaa4b184aa519bbb66a
https://github.com/qemu/qemu/commit/f6737604da3b44322a91ebaa4b184aa519bbb66a
Author: Vladislav Yasevich <address@hidden>
Date: 2015-10-20 (Tue, 20 Oct 2015)
Changed paths:
M hw/net/rtl8139.c
M tcg/aarch64/tcg-target.c
Log Message:
-----------
rtl8139: Do not consume the packet during overflow in standard mode.
When operation in standard mode, we currently return the size
of packet during buffer overflow. This consumes the overflow
packet. Return 0 instead so we can re-process the overflow packet
when we have room.
This fixes issues with lost/dropped fragments of large messages.
Signed-off-by: Vladislav Yasevich <address@hidden>
Reviewed-by: Jason Wang <address@hidden>
Message-id: address@hidden
Signed-off-by: Stefan Hajnoczi <address@hidden>
(cherry picked from commit 26c4e7ca72d970d120f0f51244bc8d37458512a0)
*removed dependency on b76f21a7
*removed context dependency on 4cbea598
Signed-off-by: Michael Roth <address@hidden>
Commit: d077545dfef3d59f0286e0cb28cdb1c6d0570c22
https://github.com/qemu/qemu/commit/d077545dfef3d59f0286e0cb28cdb1c6d0570c22
Author: Aníbal Limón <address@hidden>
Date: 2015-10-20 (Tue, 20 Oct 2015)
Changed paths:
M cpus.c
Log Message:
-----------
cpus.c: qemu_mutex_lock_iothread fix race condition at cpu thread init
When QEMU starts the RCU thread executes qemu_mutex_lock_thread
causing error "qemu:qemu_cpu_kick_thread: No such process" and exits.
This isn't occur frequently but in glibc the thread id can exist and
this not guarantee that the thread is on active/running state. If is
inserted a sleep(1) after newthread assignment [1] the issue appears.
So not make assumption that thread exist if first_cpu->thread is set
then change the validation of cpu to created that is set into cpu
threads (kvm, tcg, dummy).
[1]
https://sourceware.org/git/?p=glibc.git;a=blob;f=nptl/pthread_create.c;h=d10f4ea8004e1d8f3a268b95cc0f8d93b8d89867;hb=HEAD#l621
Cc: address@hidden
Signed-off-by: Aníbal Limón <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
(cherry picked from commit 46036b2462c7ff56c0af6466ea6b9248197a38a8)
Signed-off-by: Michael Roth <address@hidden>
Commit: 0fdf9f756fff60ec1c02dbd59698ba3dbb30eabe
https://github.com/qemu/qemu/commit/0fdf9f756fff60ec1c02dbd59698ba3dbb30eabe
Author: Pierre Morel <address@hidden>
Date: 2015-10-20 (Tue, 20 Oct 2015)
Changed paths:
M hw/virtio/dataplane/vring.c
M include/hw/virtio/dataplane/vring.h
Log Message:
-----------
virtio dataplane: adapt dataplane for virtio Version 1
Let dataplane allocate different region for the desc/avail/used
ring regions.
Take VIRTIO_RING_F_EVENT_IDX into account to increase the used/avail
rings accordingly.
[Fix 32-bit builds by changing 16lx format specifier to HWADDR_PRIx.
--Stefan]
Signed-off-by: Pierre Morel <address@hidden>
Tested-by: Greg Kurz <address@hidden>
Signed-off-by: Greg Kurz <address@hidden>
Message-id: address@hidden
(changed __virtio16 into uint16_t,
map descriptor table and available ring read-only)
Signed-off-by: Greg Kurz <address@hidden>
Signed-off-by: Stefan Hajnoczi <address@hidden>
(cherry picked from commit a9718ef0005d6910097788936dc40c0204713729)
Signed-off-by: Michael Roth <address@hidden>
Commit: 052677b2c87779a6da6181b848825b29e65c0f54
https://github.com/qemu/qemu/commit/052677b2c87779a6da6181b848825b29e65c0f54
Author: Richard Henderson <address@hidden>
Date: 2015-10-20 (Tue, 20 Oct 2015)
Changed paths:
M target-arm/translate-a64.c
M target-arm/translate.c
M target-arm/translate.h
Log Message:
-----------
target-arm: Share all common TCG temporaries
This is a bug fix for aarch64. At present, we have branches using
the 32-bit (translate.c) versions of cpu_[NZCV]F, but we set the flags
using the 64-bit (translate-a64.c) versions of cpu_[NZCV]F. From
the view of the TCG code generator, these are unrelated variables.
The bug is hard to see because we currently only read these variables
from branches, and upon reaching a branch TCG will first spill live
variables and then reload the arguments of the branch. Since the
32-bit versions were never live until reaching the branch, we'd re-read
the data that had just been spilled from the 64-bit versions.
There is currently no such problem with the cpu_exclusive_* variables,
but there's no point in tempting fate.
Cc: address@hidden
Reviewed-by: Peter Maydell <address@hidden>
Signed-off-by: Richard Henderson <address@hidden>
Message-id: address@hidden
Signed-off-by: Peter Maydell <address@hidden>
(cherry picked from commit 78bcaa3e37afbd0c5316634f917c13487384b6ca)
Signed-off-by: Michael Roth <address@hidden>
Commit: c13b1c8314d1178161a1fa1a0c4d460bd4d66a64
https://github.com/qemu/qemu/commit/c13b1c8314d1178161a1fa1a0c4d460bd4d66a64
Author: Max Reitz <address@hidden>
Date: 2015-10-20 (Tue, 20 Oct 2015)
Changed paths:
M block/qcow2-cluster.c
M block/qcow2-refcount.c
M block/qcow2.h
Log Message:
-----------
qcow2: Make size_to_clusters() return uint64_t
Sadly, some images may have more clusters than what can be represented
using a plain int. We should be prepared for that case (in
qcow2_check_refcounts() we actually were trying to catch that case, but
since size_to_clusters() truncated the returned value, that check never
did anything useful).
Cc: qemu-stable <address@hidden>
Signed-off-by: Max Reitz <address@hidden>
Signed-off-by: Kevin Wolf <address@hidden>
(cherry picked from commit b6d36def6d9e9fd187327182d0abafc9b7085d8f)
Conflicts:
block/qcow2-cluster.c
block/qcow2.h
* removed context dependency on ff99129a
Signed-off-by: Michael Roth <address@hidden>
Commit: 63d761388d6fea994ca498c6e7a210851a99ad93
https://github.com/qemu/qemu/commit/63d761388d6fea994ca498c6e7a210851a99ad93
Author: John Snow <address@hidden>
Date: 2015-10-20 (Tue, 20 Oct 2015)
Changed paths:
M hw/ide/core.c
Log Message:
-----------
ide: fix ATAPI command permissions
We're a little too lenient with what we'll let an ATAPI drive handle.
Clamp down on the IDE command execution table to remove CD_OK permissions
from commands that are not and have never been ATAPI commands.
For ATAPI command validity, please see:
- ATA4 Section 6.5 ("PACKET Command feature set")
- ATA8/ACS Section 4.3 ("The PACKET feature set")
- ACS3 Section 4.3 ("The PACKET feature set")
ACS3 has a historical command validity table in Table B.4
("Historical Command Assignments") that can be referenced to find when
a command was introduced, deprecated, obsoleted, etc.
The only reference for ATAPI command validity is by checking that
version's PACKET feature set section.
ATAPI was introduced by T13 into ATA4, all commands retired prior to ATA4
therefore are assumed to have never been ATAPI commands.
Mandatory commands, as listed in ATA8-ACS3, are:
- DEVICE RESET
- EXECUTE DEVICE DIAGNOSTIC
- IDENTIFY DEVICE
- IDENTIFY PACKET DEVICE
- NOP
- PACKET
- READ SECTOR(S)
- SET FEATURES
Optional commands as listed in ATA8-ACS3, are:
- FLUSH CACHE
- READ LOG DMA EXT
- READ LOG EXT
- WRITE LOG DMA EXT
- WRITE LOG EXT
All other commands are illegal to send to an ATAPI device and should
be rejected by the device.
CD_OK removal justifications:
0x06 WIN_DSM Defined in ACS2. Not valid for ATAPI.
0x21 WIN_READ_ONCE Retired in ATA5. Not ATAPI in ATA4.
0x94 WIN_STANDBYNOW2 Retired in ATA4. Did not coexist with ATAPI.
0x95 WIN_IDLEIMMEDIATE2 Retired in ATA4. Did not coexist with ATAPI.
0x96 WIN_STANDBY2 Retired in ATA4. Did not coexist with ATAPI.
0x97 WIN_SETIDLE2 Retired in ATA4. Did not coexist with ATAPI.
0x98 WIN_CHECKPOWERMODE2 Retired in ATA4. Did not coexist with ATAPI.
0x99 WIN_SLEEPNOW2 Retired in ATA4. Did not coexist with ATAPI.
0xE0 WIN_STANDBYNOW1 Not part of ATAPI in ATA4, ACS or ACS3.
0xE1 WIN_IDLEIMMDIATE Not part of ATAPI in ATA4, ACS or ACS3.
0xE2 WIN_STANDBY Not part of ATAPI in ATA4, ACS or ACS3.
0xE3 WIN_SETIDLE1 Not part of ATAPI in ATA4, ACS or ACS3.
0xE4 WIN_CHECKPOWERMODE1 Not part of ATAPI in ATA4, ACS or ACS3.
0xE5 WIN_SLEEPNOW1 Not part of ATAPI in ATA4, ACS or ACS3.
0xF8 WIN_READ_NATIVE_MAX Obsoleted in ACS3. Not ATAPI in ATA4 or ACS.
This patch fixes a divide by zero fault that can be caused by sending
the WIN_READ_NATIVE_MAX command to an ATAPI drive, which causes it to
attempt to use zeroed CHS values to perform sector arithmetic.
Reported-by: Qinghao Tang <address@hidden>
Signed-off-by: John Snow <address@hidden>
Reviewed-by: Markus Armbruster <address@hidden>
Message-id: address@hidden
CC: address@hidden
(cherry picked from commit d9033e1d3aa666c5071580617a57bd853c5d794a)
Signed-off-by: Michael Roth <address@hidden>
Commit: 5644f6f9242895db837d2c825cfe083f2a1d71ab
https://github.com/qemu/qemu/commit/5644f6f9242895db837d2c825cfe083f2a1d71ab
Author: Alberto Garcia <address@hidden>
Date: 2015-10-20 (Tue, 20 Oct 2015)
Changed paths:
M ui/gtk.c
Log Message:
-----------
gtk: use setlocale() for LC_MESSAGES only
The QEMU code is not internationalized and assumes that it runs under
the C locale, but if we use the GTK+ UI we'll end up importing the
locale settings from the environment. This can break things, such as
the JSON generator and iotest 120 in locales that use a decimal comma.
We do however have translations for a few simple strings for the GTK+
menu items, so in order to run QEMU using the C locale, and yet have a
translated UI let's use setlocale() for LC_MESSAGES only.
Cc: address@hidden
Signed-off-by: Alberto Garcia <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>
(cherry picked from commit 2cb5d2a47c655331bcf0ab16bab8fe4701182c58)
Signed-off-by: Michael Roth <address@hidden>
Commit: 6d62d0e3dd47cbdc8a486a7c99cb0c07a1b916d8
https://github.com/qemu/qemu/commit/6d62d0e3dd47cbdc8a486a7c99cb0c07a1b916d8
Author: Michael Roth <address@hidden>
Date: 2015-10-20 (Tue, 20 Oct 2015)
Changed paths:
M hw/ppc/spapr_pci.c
Log Message:
-----------
spapr_pci: fix device tree props for MSI/MSI-X
PAPR requires ibm,req#msi and ibm,req#msi-x to be present in the
device node to define the number of msi/msi-x interrupts the device
supports, respectively.
Currently we have ibm,req#msi-x hardcoded to a non-sensical constant
that happens to be 2, and are missing ibm,req#msi entirely. The result
of that is that msi-x capable devices get limited to 2 msi-x
interrupts (which can impact performance), and msi-only devices likely
wouldn't work at all. Additionally, if devices expect a minimum that
exceeds 2, the guest driver may fail to load entirely.
SLOF still owns the generation of these properties at boot-time
(although other device properties have since been offloaded to QEMU),
but for hotplugged devices we rely on the values generated by QEMU
and thus hit the limitations above.
Fix this by generating these properties in QEMU as expected by guests.
In the future it may make sense to modify SLOF to pass through these
values directly as we do with other props since we're duplicating SLOF
code.
Cc: address@hidden
Cc: address@hidden
Cc: David Gibson <address@hidden>
Cc: Nikunj A Dadhania <address@hidden>
Signed-off-by: Michael Roth <address@hidden>
Reviewed-by: David Gibson <address@hidden>
Signed-off-by: David Gibson <address@hidden>
(cherry picked from commit a8ad731a001d41582c9cec4015f73ab3bc11a28d)
Signed-off-by: Michael Roth <address@hidden>
Commit: 78aeb6984cedf8efdc6a007fddaed46d55a07edf
https://github.com/qemu/qemu/commit/78aeb6984cedf8efdc6a007fddaed46d55a07edf
Author: Wen Congyang <address@hidden>
Date: 2015-10-20 (Tue, 20 Oct 2015)
Changed paths:
M nbd.c
Log Message:
-----------
nbd: release exp->blk after all clients are closed
If the socket fd is shutdown, there may be some data which is received before
shutdown. We will read the data and do read/write in nbd_trip(). But the exp's
blk is NULL, and it will cause qemu crashed.
Reported-by: Li Zhijian <address@hidden>
Signed-off-by: Wen Congyang <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
(cherry picked from commit d6268348493f32ecc096caa637620757472a1196)
Signed-off-by: Michael Roth <address@hidden>
Commit: e00bf9ee701b65a0fa7c6b011b0050845c798aa8
https://github.com/qemu/qemu/commit/e00bf9ee701b65a0fa7c6b011b0050845c798aa8
Author: Stefan Weil <address@hidden>
Date: 2015-10-20 (Tue, 20 Oct 2015)
Changed paths:
M slirp/tcp_input.c
Log Message:
-----------
slirp: Fix non blocking connect for w32
Signed-off-by: Stefan Weil <address@hidden>
(cherry picked from commit a246a01631f90230374c2b8ffce608232e2aa654)
Signed-off-by: Michael Roth <address@hidden>
Commit: 1b8e1f7ad9dcf415e985e943cb7f18a686803fdd
https://github.com/qemu/qemu/commit/1b8e1f7ad9dcf415e985e943cb7f18a686803fdd
Author: John Snow <address@hidden>
Date: 2015-10-20 (Tue, 20 Oct 2015)
Changed paths:
M hw/ide/ahci.c
M hw/ide/core.c
M hw/ide/internal.h
Log Message:
-----------
ide: unify io_buffer_offset increments
IDEState's io_buffer_offset was originally added to keep track of offsets
in AHCI rather exclusively, but it was added to IDEState instead of an
AHCI-specific structure.
AHCI fakes all PIO transfers using DMA and a scatter-gather list. When
the core or atapi layers invoke HBA-specific mechanisms for transfers,
they do not always know that it is being backed by DMA or a sglist, so
this offset is not always updated by the HBA code everywhere.
If we modify it in dma_buf_commit, however, any HBA that needs to use
this offset to manage operating on only part of a sglist will have
access to it.
This will fix ATAPI PIO transfers performed through the AHCI HBA,
which were previously not modifying this value appropriately.
This will fix ATAPI PIO transfers larger than one sector.
Reported-by: Hannes Reinecke <address@hidden>
Signed-off-by: John Snow <address@hidden>
Reviewed-by: Paolo Bonzini <address@hidden>
Tested-by: Laszlo Ersek <address@hidden>
Message-id: address@hidden
CC: address@hidden
(cherry picked from commit aaeda4a3c9e4d1d25c65ce8ca98e2de06daf1eec)
Signed-off-by: Michael Roth <address@hidden>
Commit: d11ff15fd5236bdb82b2def0ecc568290bfdba35
https://github.com/qemu/qemu/commit/d11ff15fd5236bdb82b2def0ecc568290bfdba35
Author: Markus Armbruster <address@hidden>
Date: 2015-10-20 (Tue, 20 Oct 2015)
Changed paths:
M qom/object.c
Log Message:
-----------
qom: Do not reuse errp after a possible error
The argument for an Error **errp parameter must point to a null
pointer. If it doesn't, and an error happens, error_set() fails its
assertion.
Instead of
foo(foos, errp);
bar(bars, errp);
you need to do something like
Error *err = NULL;
foo(foos, &err);
if (err) {
error_propagate(errp, err);
goto out;
}
bar(bars, errp);
out:
Screwed up in commit 0e55884 (v1.3.0): property_get_bool().
Screwed up in commit 1f21772 (v2.1.0): object_property_get_enum() and
object_property_get_uint16List().
Screwed up in commit a8e3fbe (v2.4.0): property_get_enum(),
property_set_enum().
Found by inspection, no actual crashes observed.
Fix them up.
Cc: Anthony Liguori <address@hidden>
Cc: Hu Tao <address@hidden>
Cc: Daniel P. Berrange <address@hidden>
Signed-off-by: Markus Armbruster <address@hidden>
Reviewed-by: Daniel P. Berrange <address@hidden>
Cc: address@hidden
Signed-off-by: Andreas Färber <address@hidden>
(cherry picked from commit 4715d42efe8632b0f9d2594a80e917de45e4ef88)
Signed-off-by: Michael Roth <address@hidden>
Commit: a479b21c111a87a50203a7413c4e5ec419fc88dd
https://github.com/qemu/qemu/commit/a479b21c111a87a50203a7413c4e5ec419fc88dd
Author: Markus Armbruster <address@hidden>
Date: 2015-10-20 (Tue, 20 Oct 2015)
Changed paths:
M qom/object.c
Log Message:
-----------
qom: Fix invalid error check in property_get_str()
When a function returns a null pointer on error and only on error, you
can do
if (!foo(foos, errp)) {
... handle error ...
}
instead of the more cumbersome
Error *err = NULL;
if (!foo(foos, &err)) {
error_propagate(errp, err);
... handle error ...
}
A StringProperty's getter, however, may return null on success! We
then fail to call visit_type_str().
Screwed up in 6a146eb, v1.1.
Fails tests/qom-test in my current, heavily hacked QAPI branch. No
reproducer for master known (but I didn't look hard).
Cc: Anthony Liguori <address@hidden>
Signed-off-by: Markus Armbruster <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Cc: address@hidden
Signed-off-by: Andreas Färber <address@hidden>
(cherry picked from commit e1c8237df5395f6a453f18109bd9dd33fb2a397c)
Signed-off-by: Michael Roth <address@hidden>
Commit: 33fca8589cf2aa7bf91564e6a8f26b3ba0910541
https://github.com/qemu/qemu/commit/33fca8589cf2aa7bf91564e6a8f26b3ba0910541
Author: James Hogan <address@hidden>
Date: 2015-10-20 (Tue, 20 Oct 2015)
Changed paths:
M tcg/mips/tcg-target.c
Log Message:
-----------
tcg/mips: Fix clobbering of qemu_ld inputs
The MIPS TCG backend implements qemu_ld with 64-bit targets using the v0
register (base) as a temporary to load the upper half of the QEMU TLB
comparator (see line 5 below), however this happens before the input
address is used (line 8 to mask off the low bits for the TLB
comparison, and line 12 to add the host-guest offset). If the input
address (addrl) also happens to have been placed in v0 (as in the second
column below), it gets clobbered before it is used.
addrl in t2 addrl in v0
1 srl a0,t2,0x7 srl a0,v0,0x7
2 andi a0,a0,0x1fe0 andi a0,a0,0x1fe0
3 addu a0,a0,s0 addu a0,a0,s0
4 lw at,9136(a0) lw at,9136(a0) set TCG_TMP0 (at)
5 lw v0,9140(a0) lw v0,9140(a0) set base (v0)
6 li t9,-4093 li t9,-4093
7 lw a0,9160(a0) lw a0,9160(a0) set addend (a0)
8 and t9,t9,t2 and t9,t9,v0 use addrl
9 bne at,t9,0x836d8c8 bne at,t9,0x836d838 use TCG_TMP0
10 nop nop
11 bne v0,t8,0x836d8c8 bne v0,a1,0x836d838 use base
12 addu v0,a0,t2 addu v0,a0,v0 use addrl, addend
13 lw t0,0(v0) lw t0,0(v0)
Fix by using TCG_TMP0 (at) as the temporary instead of v0 (base),
pushing the load on line 5 forward into the delay slot of the low
comparison (line 10). The early load of the addend on line 7 also needs
pushing even further for 64-bit targets, or it will clobber a0 before
we're done with it. The output for 32-bit targets is unaffected.
srl a0,v0,0x7
andi a0,a0,0x1fe0
addu a0,a0,s0
lw at,9136(a0)
-lw v0,9140(a0) load high comparator
li t9,-4093
-lw a0,9160(a0) load addend
and t9,t9,v0
bne at,t9,0x836d838
- nop
+ lw at,9140(a0) load high comparator
+lw a0,9160(a0) load addend
-bne v0,a1,0x836d838
+bne at,a1,0x836d838
addu v0,a0,v0
lw t0,0(v0)
Cc: address@hidden
Reviewed-by: Richard Henderson <address@hidden>
Reviewed-by: Aurelien Jarno <address@hidden>
Signed-off-by: James Hogan <address@hidden>
Signed-off-by: Aurelien Jarno <address@hidden>
(cherry picked from commit 5eb4f645eba8a79ea643b228c74a79183d436c97)
Signed-off-by: Michael Roth <address@hidden>
Commit: bac9ce97d33c8034e41bedc1e8d4c0604f069f5e
https://github.com/qemu/qemu/commit/bac9ce97d33c8034e41bedc1e8d4c0604f069f5e
Author: Aurelien Jarno <address@hidden>
Date: 2015-10-20 (Tue, 20 Oct 2015)
Changed paths:
M target-ppc/int_helper.c
Log Message:
-----------
target-ppc: fix vcipher, vcipherlast, vncipherlast and vpermxor
For vector instructions, the helpers get pointers to the vector register
in arguments. Some operands might point to the same register, including
the operand holding the result.
When emulating instructions which access the vector elements in a
non-linear way, we need to store the result in an temporary variable.
This fixes openssl when emulating a POWER8 CPU.
Signed-off-by: Aurelien Jarno <address@hidden>
Reviewed-by: Richard Henderson <address@hidden>
Signed-off-by: Alexander Graf <address@hidden>
(cherry picked from commit 65cf1f65be0fc4883edbd66feeab3ddaceb11c00)
Signed-off-by: Michael Roth <address@hidden>
Commit: 1f21d3b8dc11231c58b1f53804d33151ceeac84b
https://github.com/qemu/qemu/commit/1f21d3b8dc11231c58b1f53804d33151ceeac84b
Author: Aurelien Jarno <address@hidden>
Date: 2015-10-20 (Tue, 20 Oct 2015)
Changed paths:
M target-ppc/translate.c
Log Message:
-----------
target-ppc: fix xscmpodp and xscmpudp decoding
The xscmpodp and xscmpudp instructions only have the AX, BX bits in
there encoding, the lowest bit (usually TX) is marked as an invalid
bit. We therefore can't decode them with GEN_XX2FORM, which decodes
the two lowest bit.
Introduce a new form GEN_XX2FORM, which decodes AX and BX and mark
the lowest bit as invalid.
Signed-off-by: Aurelien Jarno <address@hidden>
Reviewed-by: Richard Henderson <address@hidden>
Tested-by: Richard W.M. Jones <address@hidden>
Signed-off-by: Alexander Graf <address@hidden>
(cherry picked from commit 8f60f8e2e574f341709128ff7637e685fd640254)
Signed-off-by: Michael Roth <address@hidden>
Commit: 2f3c3108186acc992858d2866d3aa20eb2eaf598
https://github.com/qemu/qemu/commit/2f3c3108186acc992858d2866d3aa20eb2eaf598
Author: Cornelia Huck <address@hidden>
Date: 2015-10-21 (Wed, 21 Oct 2015)
Changed paths:
M hw/block/virtio-blk.c
M hw/char/virtio-serial-bus.c
M hw/net/vhost_net.c
M hw/net/virtio-net.c
M hw/scsi/virtio-scsi.c
M hw/virtio/dataplane/vring.c
M hw/virtio/vhost.c
M hw/virtio/virtio-balloon.c
M hw/virtio/virtio.c
M include/hw/virtio/virtio-access.h
M include/hw/virtio/virtio.h
Log Message:
-----------
virtio: avoid leading underscores for helpers
Commit ef546f1275f6563e8934dd5e338d29d9f9909ca6 ("virtio: add
feature checking helpers") introduced a helper __virtio_has_feature.
We don't want to use reserved identifiers, though, so let's
rename __virtio_has_feature to virtio_has_feature and virtio_has_feature
to virtio_vdev_has_feature.
Signed-off-by: Cornelia Huck <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
(cherry picked from commit 95129d6fc9ead97155627a4ca0cfd37282883658)
* prereq for 1f8828e
Signed-off-by: Michael Roth <address@hidden>
Commit: 2935ae915a618bab5b555b8963224fbeac4a5fa9
https://github.com/qemu/qemu/commit/2935ae915a618bab5b555b8963224fbeac4a5fa9
Author: Jason Wang <address@hidden>
Date: 2015-10-21 (Wed, 21 Oct 2015)
Changed paths:
M hw/net/virtio-net.c
Log Message:
-----------
virtio-net: unbreak self announcement and guest offloads after migration
After commit 019a3edbb25f1571e876f8af1ce4c55412939e5d ("virtio: make
features 64bit wide"). Device's guest_features was actually set after
vdc->load(). This breaks the assumption that device specific load()
function can check guest_features. For virtio-net, self announcement
and guest offloads won't work after migration.
Fixing this by defer them to virtio_net_load() where guest_features
were guaranteed to be set. Other virtio devices looks fine.
Fixes: 019a3edbb25f1571e876f8af1ce4c55412939e5d
("virtio: make features 64bit wide")
Cc: address@hidden
Cc: Gerd Hoffmann <address@hidden>
Signed-off-by: Jason Wang <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Reviewed-by: Cornelia Huck <address@hidden>
(cherry picked from commit 1f8828ef573c83365b4a87a776daf8bcef1caa21)
Signed-off-by: Michael Roth <address@hidden>
Commit: 40161bf27b6f0143062f588b496f0a66b6ec769b
https://github.com/qemu/qemu/commit/40161bf27b6f0143062f588b496f0a66b6ec769b
Author: Fam Zheng <address@hidden>
Date: 2015-10-21 (Wed, 21 Oct 2015)
Changed paths:
M hw/net/vmxnet3.c
Log Message:
-----------
vmxnet3: Drop net_vmxnet3_info.can_receive
Commit 6e99c63 ("net/socket: Drop net_socket_can_send") changed the
semantics around .can_receive for sockets to now require the device to
flush queued pkts when transitioning to a .can_receive=true state. But
it's OK to drop incoming packets when the link is not active.
Signed-off-by: Fam Zheng <address@hidden>
Signed-off-by: Stefan Hajnoczi <address@hidden>
(cherry picked from commit 2734a20b8161831ba68c9166014e00522599d1e2)
Signed-off-by: Michael Roth <address@hidden>
Commit: 2d0583fc79ab119def5cfd38b1c695654e332cf2
https://github.com/qemu/qemu/commit/2d0583fc79ab119def5cfd38b1c695654e332cf2
Author: Markus Armbruster <address@hidden>
Date: 2015-10-21 (Wed, 21 Oct 2015)
Changed paths:
M qmp.c
Log Message:
-----------
qmp: Fix device-list-properties not to crash for abstract device
Broken in commit f4eb32b "qmp: show QOM properties in
device-list-properties", v2.1.
Cc: address@hidden
Signed-off-by: Markus Armbruster <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Reviewed-by: Andreas Färber <address@hidden>
Message-Id: <address@hidden>
(cherry picked from commit edb1523d90415cb79f60f83b4028ef3820d15612)
Conflicts:
tests/device-introspect-test.c
* removed hunk specific to QAPI introspection (not in 2.4)
Signed-off-by: Michael Roth <address@hidden>
Commit: 2874c6565e989b7f9ab852ccac437f6d40c61a6b
https://github.com/qemu/qemu/commit/2874c6565e989b7f9ab852ccac437f6d40c61a6b
Author: Markus Armbruster <address@hidden>
Date: 2015-10-21 (Wed, 21 Oct 2015)
Changed paths:
M hw/arm/allwinner-a10.c
M hw/arm/digic.c
M hw/arm/xlnx-zynqmp.c
M hw/pci-host/versatile.c
M include/hw/qdev-core.h
M qmp.c
M target-alpha/cpu.c
M target-arm/cpu.c
M target-cris/cpu.c
M target-i386/cpu.c
M target-lm32/cpu.c
M target-m68k/cpu.c
M target-microblaze/cpu.c
M target-mips/cpu.c
M target-moxie/cpu.c
M target-openrisc/cpu.c
M target-ppc/kvm.c
M target-s390x/cpu.c
M target-sh4/cpu.c
M target-sparc/cpu.c
M target-tricore/cpu.c
M target-unicore32/cpu.c
M target-xtensa/cpu.c
Log Message:
-----------
qdev: Protect device-list-properties against broken devices
Several devices don't survive object_unref(object_new(T)): they crash
or hang during cleanup, or they leave dangling pointers behind.
This breaks at least device-list-properties, because
qmp_device_list_properties() needs to create a device to find its
properties. Broken in commit f4eb32b "qmp: show QOM properties in
device-list-properties", v2.1. Example reproducer:
$ qemu-system-aarch64 -nodefaults -display none -machine none -S -qmp stdio
{"QMP": {"version": {"qemu": {"micro": 50, "minor": 4, "major": 2},
"package": ""}, "capabilities": []}}
{ "execute": "qmp_capabilities" }
{"return": {}}
{ "execute": "device-list-properties", "arguments": { "typename":
"pxa2xx-pcmcia" } }
qemu-system-aarch64: /home/armbru/work/qemu/memory.c:1307:
memory_region_finalize: Assertion `((&mr->subregions)->tqh_first == ((void
*)0))' failed.
Aborted (core dumped)
[Exit 134 (SIGABRT)]
Unfortunately, I can't fix the problems in these devices right now.
Instead, add DeviceClass member cannot_destroy_with_object_finalize_yet
to mark them:
* Hang during cleanup (didn't debug, so I can't say why):
"realview_pci", "versatile_pci".
* Dangling pointer in cpus: most CPUs, plus "allwinner-a10", "digic",
"fsl,imx25", "fsl,imx31", "xlnx,zynqmp", because they create such
CPUs
* Assert kvm_enabled(): "host-x86_64-cpu", host-i386-cpu",
"host-powerpc64-cpu", "host-embedded-powerpc-cpu",
"host-powerpc-cpu" (the powerpc ones can't currently reach the
assertion, because the CPUs are only registered when KVM is enabled,
but the assertion is arguably in the wrong place all the same)
Make qmp_device_list_properties() fail cleanly when the device is so
marked. This improves device-list-properties from "crashes, hangs or
leaves dangling pointers behind" to "fails". Not a complete fix, just
a better-than-nothing work-around. In the above reproducer,
device-list-properties now fails with "Can't list properties of device
'pxa2xx-pcmcia'".
This also protects -device FOO,help, which uses the same machinery
since commit ef52358 "qdev-monitor: include QOM properties in -device
FOO, help output", v2.2. Example reproducer:
$ qemu-system-aarch64 -machine none -device pxa2xx-pcmcia,help
Before:
qemu-system-aarch64: .../memory.c:1307: memory_region_finalize: Assertion
`((&mr->subregions)->tqh_first == ((void *)0))' failed.
After:
Can't list properties of device 'pxa2xx-pcmcia'
Cc: "Andreas Färber" <address@hidden>
Cc: "Edgar E. Iglesias" <address@hidden>
Cc: Alexander Graf <address@hidden>
Cc: Anthony Green <address@hidden>
Cc: Aurelien Jarno <address@hidden>
Cc: Bastian Koppelmann <address@hidden>
Cc: Blue Swirl <address@hidden>
Cc: Eduardo Habkost <address@hidden>
Cc: Guan Xuetao <address@hidden>
Cc: Jia Liu <address@hidden>
Cc: Leon Alrae <address@hidden>
Cc: Mark Cave-Ayland <address@hidden>
Cc: Max Filippov <address@hidden>
Cc: Michael Walle <address@hidden>
Cc: Paolo Bonzini <address@hidden>
Cc: Peter Maydell <address@hidden>
Cc: Richard Henderson <address@hidden>
Cc: address@hidden
Cc: address@hidden
Signed-off-by: Markus Armbruster <address@hidden>
Reviewed-by: Eduardo Habkost <address@hidden>
Message-Id: <address@hidden>
(cherry picked from commit 4c315c27661502a0813b129e41c0bf640c34a8d6)
Conflicts:
hw/arm/fsl-imx25.c
hw/arm/fsl-imx31.c
target-tilegx/cpu.c
tests/device-introspect-test.c
* removed hunks pertaining to devices/tests not in 2.4
Signed-off-by: Michael Roth <address@hidden>
Commit: 55b4efb034155aa22d8392f4d6b7339807e3ab44
https://github.com/qemu/qemu/commit/55b4efb034155aa22d8392f4d6b7339807e3ab44
Author: Markus Armbruster <address@hidden>
Date: 2015-10-21 (Wed, 21 Oct 2015)
Changed paths:
M qdev-monitor.c
Log Message:
-----------
Revert "qdev: Use qdev_get_device_class() for -device <type>,help"
This reverts commit 31bed5509dfcbdfc293154ce81086a4dbd7a80b6.
The reverted commit changed qdev_device_help() to reject abstract
devices and devices that have cannot_instantiate_with_device_add_yet
set, to fix crash bugs like -device x86_64-cpu,help.
Rejecting abstract devices makes sense: they're purely internal, and
the implementation of the help feature can't cope with them.
Rejecting non-pluggable devices makes less sense: even though you
can't use them with -device, the help may still be useful elsewhere,
for instance with -global. This is a regression: -device FOO,help
used to help even for FOO that aren't pluggable.
The previous two commits fixed the crash bug at a lower layer, so
reverting this one is now safe. Fixes the -device FOO,help
regression, except for the broken devices marked
cannot_even_create_with_object_new_yet. For those, the error message
is improved.
Example of a device where the regression is fixed:
$ qemu-system-x86_64 -device PIIX4_PM,help
PIIX4_PM.command_serr_enable=bool (on/off)
PIIX4_PM.multifunction=bool (on/off)
PIIX4_PM.rombar=uint32
PIIX4_PM.romfile=str
PIIX4_PM.addr=int32 (Slot and optional function number, example: 06.0 or 06)
PIIX4_PM.memory-hotplug-support=bool
PIIX4_PM.acpi-pci-hotplug-with-bridge-support=bool
PIIX4_PM.s4_val=uint8
PIIX4_PM.disable_s4=uint8
PIIX4_PM.disable_s3=uint8
PIIX4_PM.smb_io_base=uint32
Example of a device where it isn't fixed:
$ qemu-system-x86_64 -device host-x86_64-cpu,help
Can't list properties of device 'host-x86_64-cpu'
Both failed with "Parameter 'driver' expects pluggable device type"
before.
Cc: address@hidden
Signed-off-by: Markus Armbruster <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Reviewed-by: Eduardo Habkost <address@hidden>
Message-Id: <address@hidden>
(cherry picked from commit 33fe96833015cf15f4c0aa5bf8d34f60526e0732)
Signed-off-by: Michael Roth <address@hidden>
Commit: 16514367efea1172e7b702c61c6f5637bf577f5b
https://github.com/qemu/qemu/commit/16514367efea1172e7b702c61c6f5637bf577f5b
Author: Peter Crosthwaite <address@hidden>
Date: 2015-10-21 (Wed, 21 Oct 2015)
Changed paths:
M hw/misc/zynq_slcr.c
Log Message:
-----------
misc: zynq_slcr: Fix MMIO writes
The /4 for offset calculation in MMIO writes was happening twice giving
wrong write offsets. Fix.
While touching the code, change the if-else to be a short returning if
and convert the debug message to a GUEST_ERROR, which is more accurate
for this condition.
Cc: address@hidden
Cc: Guenter Roeck <address@hidden>
Signed-off-by: Peter Crosthwaite <address@hidden>
Reviewed-by: Alistair Francis <address@hidden>
Signed-off-by: Peter Maydell <address@hidden>
(cherry picked from commit c209b0537203c58a051e5d837320335cea23e494)
Signed-off-by: Michael Roth <address@hidden>
Commit: 7c22dcdeb85dc8b1eb5f923e4c075d3046750513
https://github.com/qemu/qemu/commit/7c22dcdeb85dc8b1eb5f923e4c075d3046750513
Author: Christian Borntraeger <address@hidden>
Date: 2015-10-21 (Wed, 21 Oct 2015)
Changed paths:
M target-s390x/kvm.c
Log Message:
-----------
s390x/kvm: Fix vector validity bit in device machine checks
Device hotplugs trigger a crw machine check. All machine checks
have validity bits for certain register types. With vector support
we also have to claim that vector registers are valid.
This is a band-aid suitable for stable. Long term we should
create the full mcic value dynamically depending on the active
features in the kernel interrupt handler.
Signed-off-by: Christian Borntraeger <address@hidden>
Reviewed-by: Cornelia Huck <address@hidden>
Cc: address@hidden
Signed-off-by: Cornelia Huck <address@hidden>
(cherry picked from commit 2ab75df38e34fe9bc271b5115ab52114e6e63a89)
Signed-off-by: Michael Roth <address@hidden>
Commit: 8c4fa92d010db2ac88ed7a9e5bb51bbe43019872
https://github.com/qemu/qemu/commit/8c4fa92d010db2ac88ed7a9e5bb51bbe43019872
Author: Tony Krowiak <address@hidden>
Date: 2015-10-21 (Wed, 21 Oct 2015)
Changed paths:
M util/qemu-config.c
Log Message:
-----------
util/qemu-config: fix missing machine command line options
Commit 0a7cf217 ("util/qemu-config: fix regression of
qmp_query_command_line_options") aimed to restore parsing of global
machine options, but missed two: "aes-key-wrap" and
"dea-key-wrap" (which were present in the initial version of that
patch). Let's add them to the machine_opts again.
Fixes: 0a7cf217 ("util/qemu-config: fix regression of
qmp_query_command_line_options")
CC: Marcel Apfelbaum <address@hidden>
CC: address@hidden
Signed-off-by: Tony Krowiak <address@hidden>
Reviewed-by: Marcel Apfelbaum <address@hidden>
Tested-by: Christian Borntraeger <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Cornelia Huck <address@hidden>
(cherry picked from commit 5bcfa0c543b42a560673cafd3b5225900ef617e1)
Signed-off-by: Michael Roth <address@hidden>
Commit: f62c10bd206b81644336f7e3c071ed76eab61ce6
https://github.com/qemu/qemu/commit/f62c10bd206b81644336f7e3c071ed76eab61ce6
Author: Dr. David Alan Gilbert <address@hidden>
Date: 2015-10-21 (Wed, 21 Oct 2015)
Changed paths:
M migration/migration.c
Log Message:
-----------
Migration: Generate the completed event only when we complete
The current migration-completed event is generated a bit too early,
which means that an eager libvirt that's ready to go as soon
as it sees the event ends up racing with the actual end of migration.
This corresponds to RH bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1271145
Signed-off-by: Dr. David Alan Gilbert <address@hidden>
Reviewed-by: Juan Quintela <address@hidden>
Reviewed-by: Amit Shah <address@hidden>
xSigned-off-by: Juan Quintela <address@hidden>
(cherry picked from commit ed1f3e0090069dcb9458aa9e450df12bf8eba0b0)
Signed-off-by: Michael Roth <address@hidden>
Commit: 2f99c80963658b491d2f5fb98e6e602dd8d9ede2
https://github.com/qemu/qemu/commit/2f99c80963658b491d2f5fb98e6e602dd8d9ede2
Author: Gerd Hoffmann <address@hidden>
Date: 2015-10-21 (Wed, 21 Oct 2015)
Changed paths:
M hw/input/virtio-input.c
Log Message:
-----------
virtio-input: ignore events until the guest driver is ready
Cc: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>
(cherry picked from commit d9460a7557672af9c4d9d4f153200d1075ed5a78)
Signed-off-by: Michael Roth <address@hidden>
Commit: a64d4cafa9dedad93da475f2f1e41133f433be67
https://github.com/qemu/qemu/commit/a64d4cafa9dedad93da475f2f1e41133f433be67
Author: Jason Wang <address@hidden>
Date: 2015-10-21 (Wed, 21 Oct 2015)
Changed paths:
M hw/virtio/virtio.c
Log Message:
-----------
virtio: introduce virtqueue_unmap_sg()
Factor out sg unmapping logic. This will be reused by the patch that
can discard descriptor.
Cc: Michael S. Tsirkin <address@hidden>
Cc: Andrew James <address@hidden>
Signed-off-by: Jason Wang <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
(cherry picked from commit ce317461573bac12b10d67699b4ddf1f97cf066c)
Signed-off-by: Michael Roth <address@hidden>
Commit: c2a550d3dfa1f22eac77842aceed6047f6db2320
https://github.com/qemu/qemu/commit/c2a550d3dfa1f22eac77842aceed6047f6db2320
Author: Jason Wang <address@hidden>
Date: 2015-10-21 (Wed, 21 Oct 2015)
Changed paths:
M hw/virtio/virtio.c
M include/hw/virtio/virtio.h
Log Message:
-----------
virtio: introduce virtqueue_discard()
This patch introduces virtqueue_discard() to discard a descriptor and
unmap the sgs. This will be used by the patch that will discard
descriptor when packet is truncated.
Cc: Michael S. Tsirkin <address@hidden>
Signed-off-by: Jason Wang <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
(cherry picked from commit 29b9f5efd78ae0f9cc02dd169b6e80d2c404bade)
Signed-off-by: Michael Roth <address@hidden>
Commit: 696317f1895e836d53b670c7b77b7be93302ba08
https://github.com/qemu/qemu/commit/696317f1895e836d53b670c7b77b7be93302ba08
Author: Jason Wang <address@hidden>
Date: 2015-10-21 (Wed, 21 Oct 2015)
Changed paths:
M hw/net/virtio-net.c
Log Message:
-----------
virtio-net: correctly drop truncated packets
When packet is truncated during receiving, we drop the packets but
neither discard the descriptor nor add and signal used
descriptor. This will lead several issues:
- sg mappings are leaked
- rx will be stalled if a lots of packets were truncated
In order to be consistent with vhost, fix by discarding the descriptor
in this case.
Cc: Michael S. Tsirkin <address@hidden>
Signed-off-by: Jason Wang <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
(cherry picked from commit 0cf33fb6b49a19de32859e2cdc6021334f448fb3)
Signed-off-by: Michael Roth <address@hidden>
Commit: 381a290266df4161de71afc8a44e67ae66bde5be
https://github.com/qemu/qemu/commit/381a290266df4161de71afc8a44e67ae66bde5be
Author: Paolo Bonzini <address@hidden>
Date: 2015-10-28 (Wed, 28 Oct 2015)
Changed paths:
M trace-events
M vl.c
Log Message:
-----------
trace: remove malloc tracing
The malloc vtable is not supported anymore in glib, because it broke
when constructors called g_malloc. Remove tracing of g_malloc,
g_realloc and g_free calls.
Note that, for systemtap users, glib also provides tracepoints
glib.mem_alloc, glib.mem_free, glib.mem_realloc, glib.slice_alloc
and glib.slice_free.
Signed-off-by: Paolo Bonzini <address@hidden>
Reviewed-by: Alberto Garcia <address@hidden>
Message-id: address@hidden
Signed-off-by: Stefan Hajnoczi <address@hidden>
(cherry picked from commit 98cf48f60aa4999f5b2808569a193a401a390e6a)
Signed-off-by: Michael Roth <address@hidden>
Commit: d68ba3cab357f73aa74525f86f5da448b39ae34a
https://github.com/qemu/qemu/commit/d68ba3cab357f73aa74525f86f5da448b39ae34a
Author: Markus Armbruster <address@hidden>
Date: 2015-10-28 (Wed, 28 Oct 2015)
Changed paths:
M include/standard-headers/linux/input.h
M scripts/update-linux-headers.sh
Log Message:
-----------
update-linux-headers: Rename SW_MAX to SW_MAX_
The next commit will compile hw/input/virtio-input.c and
hw/input/virtio-input-hid.c even when CONFIG_LINUX is off. These
files include both "include/standard-headers/linux/input.h" and
<windows.h> then. Doesn't work, because both define SW_MAX. We don't
actually use it. Patch input.h to define SW_MAX_ instead.
Signed-off-by: Markus Armbruster <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Gerd Hoffmann <address@hidden>
(cherry picked from commit ac98fa849e834f48e5a64cf4b22218ba4047e142)
Conflicts:
scripts/update-linux-headers.sh
* remove dependency on eddb4de3
Signed-off-by: Michael Roth <address@hidden>
Commit: 91232d98da2bfe042d4c5744076b488880de3040
https://github.com/qemu/qemu/commit/91232d98da2bfe042d4c5744076b488880de3040
Author: Paolo Bonzini <address@hidden>
Date: 2015-10-28 (Wed, 28 Oct 2015)
Changed paths:
M memory.c
Log Message:
-----------
memory: allow destroying a non-empty MemoryRegion
This is legal; the MemoryRegion will simply unreference all the
existing subregions and possibly bring them down with it as well.
However, it requires a bit of care to avoid an infinite loop.
Finalizing a memory region cannot trigger an address space update,
but memory_region_del_subregion errs on the side of caution and
might trigger a spurious update: avoid that by resetting mr->enabled
first.
Signed-off-by: Paolo Bonzini <address@hidden>
Signed-off-by: Markus Armbruster <address@hidden>
Message-Id: <address@hidden>
(cherry picked from commit 2e2b8eb70fdb7dfbec39f3a19b20f9a73f2f813e)
Signed-off-by: Michael Roth <address@hidden>
Commit: 243b80c9c5e8be52c141ff976aecd40667aebd61
https://github.com/qemu/qemu/commit/243b80c9c5e8be52c141ff976aecd40667aebd61
Author: Paolo Bonzini <address@hidden>
Date: 2015-10-28 (Wed, 28 Oct 2015)
Changed paths:
M hw/arm/pxa2xx.c
M hw/display/cg3.c
M hw/display/tcx.c
M hw/misc/arm_integrator_debug.c
M hw/misc/macio/cuda.c
M hw/misc/macio/macio.c
M hw/pcmcia/pxa2xx.c
Log Message:
-----------
hw: do not pass NULL to memory_region_init from instance_init
This causes the region to outlive the object, because it attaches the
region to /machine. This is not nice for the "realize" method, but
much worse for "instance_init" because it can cause dangling pointers
after a simple object_new/object_unref pair.
Reported-by: Markus Armbruster <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
Reviewed-by: Peter Maydell <address@hidden>
Tested-by: Markus Armbruster <address@hidden>
Signed-off-by: Markus Armbruster <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Thomas Huth <address@hidden>
(cherry picked from commit 81e0ab48dda611e9571dc2e166840205a4208567)
Conflicts:
hw/display/cg3.c
hw/display/tcx.c
* removed context dependencies on &error_fatal/&error_abort
Signed-off-by: Michael Roth <address@hidden>
Commit: db97d9d886f7e16571e5eb242d814b6d345affb2
https://github.com/qemu/qemu/commit/db97d9d886f7e16571e5eb242d814b6d345affb2
Author: Paolo Bonzini <address@hidden>
Date: 2015-10-28 (Wed, 28 Oct 2015)
Changed paths:
M hw/misc/macio/macio.c
Log Message:
-----------
macio: move DBDMA_init from instance_init to realize
DBDMA_init is not idempotent, and calling it from instance_init
breaks a simple object_new/object_unref pair. Work around this,
pending qdev-ification of DBDMA, by moving the call to realize.
Reported-by: Markus Armbruster <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
Reviewed-by: Thomas Huth <address@hidden>
Signed-off-by: Markus Armbruster <address@hidden>
Message-Id: <address@hidden>
(cherry picked from commit c7104402353bf32ac1d3a276e3619a20e910506b)
Signed-off-by: Michael Roth <address@hidden>
Commit: 39809852a7769e4271928ce7d5f2f1c4baf16fcf
https://github.com/qemu/qemu/commit/39809852a7769e4271928ce7d5f2f1c4baf16fcf
Author: Markus Armbruster <address@hidden>
Date: 2015-10-28 (Wed, 28 Oct 2015)
Changed paths:
M tests/Makefile
Log Message:
-----------
tests: Fix how qom-test is run
We want to run qom-test for every architecture, without having to
manually add it to every architecture's list of tests. Commit 3687d53
accomplished this by adding it to every architecture's list
automatically.
However, some architectures inherit their tests from others, like this:
check-qtest-x86_64-y = $(check-qtest-i386-y)
check-qtest-microblazeel-y = $(check-qtest-microblaze-y)
check-qtest-xtensaeb-y = $(check-qtest-xtensa-y)
For such architectures, we ended up running the (slow!) test twice.
Commit 2b8419c attempted to avoid this by adding the test only when
it's not already present. Works only as long as we consider adding
the test to the architectures on the left hand side *after* the ones
on the right hand side: x86_64 after i386, microblazeel after
microblaze, xtensaeb after xtensa.
Turns out we consider them in $(SYSEMU_TARGET_LIST) order. Defined as
SYSEMU_TARGET_LIST := $(subst -softmmu.mak,,$(notdir \
$(wildcard $(SRC_PATH)/default-configs/*-softmmu.mak)))
On my machine, this results in the oder xtensa, x86_64, microblazeel,
microblaze, i386. Consequently, qom-test runs twice for microblazeel
and x86_64.
Replace this complex and flawed machinery with a much simpler one: add
generic tests (currently just qom-test) to check-qtest-generic-y
instead of check-qtest-$(target)-y for every target, then run
$(check-qtest-generic-y) for every target.
Signed-off-by: Markus Armbruster <address@hidden>
Reviewed-by: Andreas Färber <address@hidden>
Message-Id: <address@hidden>
(cherry picked from commit e253c287153c6f3ce4177686ac12c196f9bd8292)
Signed-off-by: Michael Roth <address@hidden>
Commit: 70a4483abbbe3ec938b6c39a3cd0b486b96da93e
https://github.com/qemu/qemu/commit/70a4483abbbe3ec938b6c39a3cd0b486b96da93e
Author: Markus Armbruster <address@hidden>
Date: 2015-10-28 (Wed, 28 Oct 2015)
Changed paths:
M tests/drive_del-test.c
M tests/ide-test.c
M tests/libqtest.c
M tests/libqtest.h
Log Message:
-----------
libqtest: New hmp() & friends
New convenience function hmp() to facilitate use of
human-monitor-command in tests. Use it to simplify its existing uses.
To blend into existing libqtest code, also add qtest_hmpv() and
qtest_hmp(). That, and the egregiously verbose GTK-Doc comment format
make this patch look bigger than it is.
Signed-off-by: Markus Armbruster <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Reviewed-by: Thomas Huth <address@hidden>
Message-Id: <address@hidden>
(cherry picked from commit 5fb48d9673b76fc53507a0e717a12968e57d846e)
Signed-off-by: Michael Roth <address@hidden>
Commit: 08231cbb7660876903019ef1b59ef332deea2a83
https://github.com/qemu/qemu/commit/08231cbb7660876903019ef1b59ef332deea2a83
Author: Markus Armbruster <address@hidden>
Date: 2015-10-28 (Wed, 28 Oct 2015)
Changed paths:
M tests/Makefile
A tests/device-introspect-test.c
Log Message:
-----------
device-introspect-test: New, covering device introspection
The test doesn't check that the output makes any sense, only that QEMU
survives. Useful since we've had an astounding number of crash bugs
around there.
In fact, we have a bunch of them right now: a few devices crash or
hang, and some leave dangling pointers behind. The test skips testing
the broken parts. The next commits will fix them up, and drop the
skipping.
Signed-off-by: Markus Armbruster <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Message-Id: <address@hidden>
(cherry picked from commit 2d1abb850fd15fd6eb75a92290be5f93b2772ec5)
Signed-off-by: Michael Roth <address@hidden>
Commit: 9137bd24c8165192917471dca67b778c301fcd54
https://github.com/qemu/qemu/commit/9137bd24c8165192917471dca67b778c301fcd54
Author: Michael S. Tsirkin <address@hidden>
Date: 2015-10-31 (Sat, 31 Oct 2015)
Changed paths:
M net/net.c
Log Message:
-----------
net: don't set native endianness
commit 5be7d9f1b1452613b95c6ba70b8d7ad3d0797991
vhost-net: tell tap backend about the vnet endianness
makes vhost net always try to set LE - even if that matches the
native endian-ness.
This makes it fail on older kernels on x86 without TUNSETVNETLE support.
To fix, make qemu_set_vnet_le/qemu_set_vnet_be skip the
ioctl if it matches the host endian-ness.
Reported-by: Marcel Apfelbaum <address@hidden>
Cc: Greg Kurz <address@hidden>
Cc: address@hidden
Signed-off-by: Michael S. Tsirkin <address@hidden>
Reviewed-by: Marcel Apfelbaum <address@hidden>
(cherry picked from commit 052bd52fa978d3f04bc476137ad6e1b9a697f9bd)
Signed-off-by: Michael Roth <address@hidden>
Commit: 36e1eee7603ad1683df9446e104c6f5849d854c6
https://github.com/qemu/qemu/commit/36e1eee7603ad1683df9446e104c6f5849d854c6
Author: Max Filippov <address@hidden>
Date: 2015-10-31 (Sat, 31 Oct 2015)
Changed paths:
M target-xtensa/translate.c
Log Message:
-----------
target-xtensa: add window overflow check to L32E/S32E
Despite L32E and S32E primary use is for window underflow and overflow
exception handlers they are just normal instructions, and thus need to
check for window overflow.
Cc: address@hidden
Signed-off-by: Max Filippov <address@hidden>
(cherry picked from commit f822b7e497fa6a662094b491f86441015f363362)
Signed-off-by: Michael Roth <address@hidden>
Commit: fc63922556a5064173411d8cea1e303256ee3c8c
https://github.com/qemu/qemu/commit/fc63922556a5064173411d8cea1e303256ee3c8c
Author: Pavel Butsykin <address@hidden>
Date: 2015-10-31 (Sat, 31 Oct 2015)
Changed paths:
M hw/block/virtio-blk.c
M hw/scsi/virtio-scsi.c
Log Message:
-----------
virtio: sync the dataplane vring state to the virtqueue before virtio_save
When creating snapshot with the dataplane enabled, the snapshot file gets
not the actual state of virtqueue, because the current state is stored in
VirtIOBlockDataPlane. Therefore, before saving snapshot need to sync
the dataplane vring state to the virtqueue. The dataplane will resume its
work at the next notify virtqueue.
When snapshot loads with loadvm we get a message:
VQ 0 size 0x80 Guest index 0x15f5 inconsistent with Host index 0x0:
delta 0x15f5
error while loading state for instance 0x0 of device
'0000:00:08.0/virtio-blk'
Error -1 while loading VM state
to reproduce the error I used the following hmp commands:
savevm snap1
loadvm snap1
qemu parameters:
--enable-kvm -smp 4 -m 1024 -drive
file=/var/lib/libvirt/images/centos6.4.qcow2,if=none,id=drive-virtio-disk0,format=qcow2,cache=none,aio=native
-device
virtio-blk-pci,scsi=off,bus=pci.0,addr=0x8,drive=drive-virtio-disk0,id=virtio-disk0
-set device.virtio-disk0.x-data-plane=on
Signed-off-by: Pavel Butsykin <address@hidden>
Signed-off-by: Denis V. Lunev <address@hidden>
Message-id: address@hidden
CC: Stefan Hajnoczi <address@hidden>
CC: "Michael S. Tsirkin" <address@hidden>
CC: Kevin Wolf <address@hidden>
CC: Paolo Bonzini <address@hidden>
Signed-off-by: Stefan Hajnoczi <address@hidden>
(cherry picked from commit 10a06fd65f667a972848ebbbcac11bdba931b544)
Signed-off-by: Michael Roth <address@hidden>
Commit: 32d24131b2d1d98384b96c80f6cd3482550dc68a
https://github.com/qemu/qemu/commit/32d24131b2d1d98384b96c80f6cd3482550dc68a
Author: Michael Roth <address@hidden>
Date: 2015-10-31 (Sat, 31 Oct 2015)
Changed paths:
M VERSION
Log Message:
-----------
Update version for 2.4.1 release
Signed-off-by: Michael Roth <address@hidden>
Compare: https://github.com/qemu/qemu/compare/83c92b45140b...32d24131b2d1
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] f399ea: scsi-disk: Fix assertion failure on WRITE SAME,
GitHub <=