Works fine since the previous commit fixed the underlying range data
type. Of course it filters out nothing, but so does
0..1,2..0xffffffffffffffff, and we don't bother rejecting that either.
Range represents a range as follows. Member @start is the inclusive
lower bound, member @end is the exclusive upper bound. Zero @end is
special: if @start is also zero, the range is empty, else @end is to
be interpreted as 2^64. No other empty ranges may occur.
The range [0,2^64-1] cannot be represented. If you try to create it
with range_set_bounds1(), you get the empty range instead. If you try
to create it with range_set_bounds() or range_extend(), assertions
fail. Before range_set_bounds() existed, the open-coded creation
usually got you the empty range instead. Open deathtrap.
Moreover, the code dealing with the janus-faced @end is too clever by
half.
Dumb this down to a more pedestrian representation: members @lob and
@upb are inclusive lower and upper bounds. The empty range is encoded
as @lob = 1, @upb = 0.
Users of struct Range mess liberally with its members, which makes
refactoring hard. Create a set of methods, and convert all users to
call them instead of accessing members. The methods have carefully
worded contracts, and use assertions to check them.
Range encodes an integer interval [a,b] as { begin = a, end = b + 1 },
where a \in [0,2^64-1] and b \in [1,2^64]. Thus, zero end is to be
interpreted as 2^64.
The implementation of -dfilter (commit 3514552) uses Range
differently: it encodes [a,b] as { begin = a, end = b }. The code
works, but it contradicts the specification of Range in range.h.
Switch to the specified representation. Since it can't represent
[0,UINT64_MAX], we have to reject that now. Add a test for it.
While we're rejecting anyway: observe that we reject -dfilter LOB..UPB
where LOB > UPB when UPB is zero, but happily create an empty Range
when it isn't. Reject it then, too, and add a test for it.
While there, add a positive test for the problematic upper bound
UINT64_MAX.
virtio migrates the low 32 feature bits twice, the first copy is there
for compatibility but ever since 019a3edbb25f1571e876f8af1ce4c55412939e5d: ("virtio: make features 64bit
wide") it's ignored on load. This is wrong since virtio_net_load tests
self announcement and guest offloads before the second copy including
high feature bits is loaded. This means that self announcement, control
vq and guest offloads are all broken after migration.
Fix it up by loading low feature bits: somewhat ugly since high and low
bits become out of sync temporarily, but seems unavoidable for
compatibility. The right thing to do for new features is probably to
test the host features, anyway.
Cornelia Huck [Thu, 30 Jun 2016 15:31:42 +0000 (17:31 +0200)]
virtio: revert host notifiers to old semantics
The host notifier rework tried both to unify host notifiers across
transports and plug a possible hole during host notifier
re-assignment. Unfortunately, this meant a change in semantics that
breaks vhost and iSCSI+dataplane.
As the minimal fix, keep the common host notifier code but revert
to the old semantics so that we have time to figure out the proper
fix.
PcPciInfo has two (ill-named) members: Range w32 is the PCI hole, and
w64 is the PCI64 hole.
Three users:
* I440FXState and MCHPCIState have a member PcPciInfo pci_info, but
only pci_info.w32 is actually used. This is confusing. Replace by
Range pci_hole.
* acpi_build() uses auto PcPciInfo pci_info to forward both PCI holes
from acpi_get_pci_info() to build_dsdt(). Replace by two variables
Range pci_hole, pci_hole64. Rename acpi_get_pci_info() to
acpi_get_pci_holes().
piix: Set I440FXState member pci_info.w32 in one place
Range pci_info.w32 records the location of the PCI hole.
It's initialized to empty when QOM zeroes I440FXState. That's a fine
value for a still unknown PCI hole.
i440fx_init() sets pci_info.w32.begin = below_4g_mem_size. Changes
the PCI hole from empty to [below_4g_mem_size, UINT64_MAX]. That's a
bogus value.
i440fx_pcihost_initfn() sets pci_info.end = IO_APIC_DEFAULT_ADDRESS.
Since i440fx_init() ran already, this changes the PCI hole to
[below_4g_mem_size, IO_APIC_DEFAULT_ADDRESS-1]. That's the correct
value.
Setting the bounds of the PCI hole in two separate places is
confusing, and begs the question whether the bogus intermediate value
could be used by something, or what would happen if we somehow managed
to realize an i440FX device without having run the board init function
i440fx_init() first.
Avoid the confusion by setting the (constant) upper bound along with
the lower bound in i440fx_init().
Skip bus_master_enable region creation on PCI device init
in order to be sure the IOMMU device (if present) would
be created in advance. Add this memory region at machine_done time.
Gerd Hoffmann [Fri, 24 Jun 2016 11:35:17 +0000 (13:35 +0200)]
xen: fix ram init regression
Commit "8156d48 pc: allow raising low memory via max-ram-below-4g
option" causes a regression on xen, because it uses a different
memory split.
This patch initializes max-ram-below-4g to zero and leaves the
initialization to the memory initialization functions. That way
they can pick different default values (max-ram-below-4g is zero
still) or use the user supplied value (max-ram-below-4g is non-zero).
Also skip the whole ram split calculation on Xen. xen_ram_init()
does its own split calculation anyway so it is superfluous, also
this way xen_ram_init can actually see whenever max-ram-below-4g
is zero or not.
Thomas Huth [Tue, 28 Jun 2016 10:48:31 +0000 (12:48 +0200)]
slirp: Add support for stateless DHCPv6
Provide basic support for stateless DHCPv6 (see RFC 3736) so
that guests can also automatically boot via IPv6 with SLIRP
(for IPv6 network booting, see RFC 5970 for details).
Tested with:
qemu-system-ppc64 -nographic -vga none -boot n -net nic \
-net user,ipv6=yes,ipv4=no,tftp=/path/to/tftp,bootfile=ppc64.img
Thomas Huth [Mon, 27 Jun 2016 10:41:36 +0000 (12:41 +0200)]
slirp: Remove superfluous memset() calls from the TFTP code
Commit fad7fb9ccd8013ea03 ("Add IPv6 support to the TFTP code")
refactored some common code for preparing the mbuf into a new
function called tftp_prep_mbuf_data(). One part of this common
code is to do a "memset(m->m_data, 0, m->m_size);" for the related
buffer first. However, at two spots, the memset() was not removed
from the calling function, so it currently done twice in these code
paths. Thus let's delete these superfluous memsets in the calling
functions now.
Samuel Thibault [Sun, 20 Mar 2016 15:02:52 +0000 (16:02 +0100)]
slirp: Add RDNSS advertisement
This adds the RDNSS option to IPv6 router advertisements, so that the guest
can autoconfigure the DNS server address.
Signed-off-by: Samuel Thibault <[email protected]> Reviewed-by: Thomas Huth <[email protected]>
---
Changes since last submission:
- Disable on windows, until we have support for it
Peter Maydell [Fri, 1 Jul 2016 18:29:27 +0000 (19:29 +0100)]
Merge remote-tracking branch 'remotes/gkurz/tags/for-upstream' into staging
Only trivial fixes.
# gpg: Signature made Fri 01 Jul 2016 13:39:06 BST
# gpg: using DSA key 0x02FC3AEB0101DBC2
# gpg: Good signature from "Greg Kurz <[email protected]>"
# gpg: aka "Greg Kurz <[email protected]>"
# gpg: aka "Greg Kurz <[email protected]>"
# gpg: aka "Gregory Kurz (Groug) <[email protected]>"
# gpg: aka "Gregory Kurz (Cimai Technology) <[email protected]>"
# gpg: aka "Gregory Kurz (Meiosys Technology) <[email protected]>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 2BD4 3B44 535E C0A7 9894 DBA2 02FC 3AEB 0101 DBC2
* remotes/gkurz/tags/for-upstream:
9p: synth: drop v9fs_ prefix
9p: don't include <sys/uio.h>
Greg Kurz [Fri, 1 Jul 2016 12:38:54 +0000 (14:38 +0200)]
9p: don't include <sys/uio.h>
The <sys/uio.h> system header doesn't exist on all host platforms. Code
should include "qemu/osdep.h" instead to avoid build breaks on plafforms
that don't define CONFIG_IOVEC (like win32, if it is to support 9p one day).
Peter Maydell [Fri, 1 Jul 2016 12:31:48 +0000 (13:31 +0100)]
Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.7-20160701' into staging
ppc patch queue 2016-07-01
Here's the current ppc patch queue. This is a fairly large batch,
containing:
* A number of further preliminary patches towards full hypervisor
mode emulation
* Some further fixes / cleanups for the recently merged device_add
based CPU hotplug
* Preliminary patches towards supporting a native (rather than
paravirtualized) XICS device. This will be needed to emulate a
physical Power machine, including hypervisor capabilities
* Assorted bug fixes
# gpg: Signature made Fri 01 Jul 2016 06:56:35 BST
# gpg: using RSA key 0x6C38CACA20D9B392
# gpg: Good signature from "David Gibson <[email protected]>"
# gpg: aka "David Gibson (Red Hat) <[email protected]>"
# gpg: aka "David Gibson (ozlabs.org) <[email protected]>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E 87DC 6C38 CACA 20D9 B392
* remotes/dgibson/tags/ppc-for-2.7-20160701: (23 commits)
qmp: fix spapr example of query-hotpluggable-cpus
spapr: drop duplicate variable in spapr_core_release()
spapr: do proper error propagation in spapr_cpu_core_realize_child()
spapr: drop reference on child object during core realization
spapr: Restore support for 970MP and POWER8NVL CPU cores
target-ppc: gen_pause for instructions: yield, mdoio, mdoom, miso
ppc/xics: Replace "icp" with "xics" in most places
ppc/xics: Implement H_IPOLL using an accessor
ppc/xics: Move SPAPR specific code to a separate file
ppc/xics: Rename existing xics to xics_spapr
ppc: Fix 64K pages support in full emulation
target-ppc: Eliminate redundant and incorrect function booke206_page_size_to_tlb
spapr: Restore support for older PowerPC CPU cores
spapr: fix write-past-end-of-array error in cpu core device init code
hw/ppc/spapr: Add some missing hcall function set strings
ppc: Print HSRR0/HSRR1 in "info registers"
ppc: LPCR is a HV resource
ppc: Initial HDEC support
ppc: Enforce setting MSR:EE,IR and DR when MSR:PR is set
ppc: Fix conditions for delivering external interrupts to a guest
...
Peter Maydell [Fri, 1 Jul 2016 10:18:00 +0000 (11:18 +0100)]
Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2016-06-30' into staging
QAPI patches 2016-06-30
# gpg: Signature made Thu 30 Jun 2016 14:29:43 BST
# gpg: using RSA key 0x3870B400EB918653
# gpg: Good signature from "Markus Armbruster <[email protected]>"
# gpg: aka "Markus Armbruster <[email protected]>"
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653
* remotes/armbru/tags/pull-qapi-2016-06-30:
qapi: Fix memleak in string visitors on int lists
qapi: Simplify use of range.h
range: Create range.c for code that should not be inline
qapi: Fix crash on missing alternate member of QAPI struct
checkpatch: There is no qemu_strtod()
qobject: Correct JSON lexer grammar comments
json-streamer: Don't leak tokens on incomplete parse
Igor Mammedov [Thu, 30 Jun 2016 08:17:54 +0000 (10:17 +0200)]
qmp: fix spapr example of query-hotpluggable-cpus
27393c33 qapi: keep names in 'CpuInstanceProperties' in sync with struct CPUCore
added -id suffix to property names but forgot to fix example in qmp-commands.hx
Fix example to have 'core-id' instead of 'core' to match current code
Greg Kurz [Wed, 29 Jun 2016 20:50:20 +0000 (22:50 +0200)]
spapr: drop reference on child object during core realization
When a core is being realized, we create a child object for each thread
of the core.
The child is first initialized with object_initialize() which sets its ref
count to 1, and then added to the core with object_property_add_child()
which bumps the ref count to 2.
When the core gets released, object_unparent() decreases the ref count to 1,
and we g_free() the object: we hence loose the reference on an unfinalized
object. This is likely to cause random crashes.
Let's drop the extra reference as soon as we don't need it, after the
thread is added to the core.
Aaron Larson [Fri, 24 Jun 2016 20:18:28 +0000 (13:18 -0700)]
target-ppc: gen_pause for instructions: yield, mdoio, mdoom, miso
Call gen_pause for all "or rx,rx,rx" encodings other nop. This
provides a reasonable implementation for yield, and a better
approximation for mdoio, mdoom, and miso. The choice to pause for all
encodings !=0 leverages the PowerISA admonition that the reserved
encodings might change program priority, providing a slight "future
proofing".
ppc/xics: Replace "icp" with "xics" in most places
The "ICP" is a different object than the "XICS". For historical reasons,
we have a number of places where we name a variable "icp" while it contains
a XICSState pointer. There *is* an ICPState structure too so this makes
the code really confusing.
This is a mechanical replacement of all those instances to use the name
"xics" instead. There should be no functional change.
ppc/xics: Move SPAPR specific code to a separate file
Leave the core ICP/ICS logic in xics.c and move the top level
class wrapper, hypercall and RTAS handlers to xics_spapr.c
Signed-off-by: Benjamin Herrenschmidt <[email protected]>
[add cpu.h in xics_spapr.c, move set_nr_irqs and set_nr_servers to
xics_spapr.c] Signed-off-by: Nikunj A Dadhania <[email protected]> Signed-off-by: David Gibson <[email protected]>
We were always advertising only 4K & 16M. Additionally the code wasn't
properly matching the page size with the PTE content, which meant we
could potentially hit an incorrect PTE if the guest used multiple sizes.
Finally, honor the CPU capabilities when decoding the size from the SLB
so we don't try to use 64K pages on 970.
This still doesn't add support for MPSS (Multiple Page Sizes per Segment)
Signed-off-by: Benjamin Herrenschmidt <[email protected]>
[clg: fixed checkpatch.pl errors
commits 61a36c9b5a12 and 1114e712c998 reworked the hpte code
doing insertion/removal in hw/ppc/spapr_hcall.c. The hunks
modifying these areas were removed. ] Signed-off-by: Cédric Le Goater <[email protected]> Signed-off-by: David Gibson <[email protected]>
Aaron Larson [Tue, 28 Jun 2016 13:50:05 +0000 (06:50 -0700)]
target-ppc: Eliminate redundant and incorrect function booke206_page_size_to_tlb
Eliminate redundant and incorrect booke206_page_size_to_tlb function
from ppce500_spin.c in preference to previously existing but newly
exported definition from e500.c
Defect analysis:
The booke206_page_size_to_tlb function in e500.c was updated in commit 2bd9543 "ppc: booke206: use MAV=2.0 TSIZE definition, fix 4G pages" to
reflect a change in the definition of MAS1_TSIZE_SHIFT from 8
(corresponding to a min TLB page size of 4kb) to a value of 7 (TLB
page size 2k). The booke206_page_size_to_tlb() function defined in
ppce500_spin.c was never updated to reflect the change in
MAS1_TSIZE_SHIFT.
In http://lists.nongnu.org/archive/html/qemu-ppc/2016-06/msg00533.html,
Scott Wood suggested this "root cause" explanation:
SW> The patch that changed MAS1_TSIZE_SHIFT from 8 to 7 was around the
SW> same time as the patch that added this code, which is probably why
SW> adjusting it got missed. Commit 2bd9543cd3 did update the
SW> equivalent code in ppce500_mpc8544ds.c, which now resides in
SW> hw/ppc/e500.c and has been changed to not assume a power-of-2
SW> size. The ppce500_spin version should be eliminated.
Thomas Huth [Mon, 27 Jun 2016 11:25:03 +0000 (13:25 +0200)]
hw/ppc/spapr: Add some missing hcall function set strings
Add "hcall-sprg0" (for H_SET_SPRG0), "hcall-copy" (for H_PAGE_INIT)
and "hcall-debug" (for H_LOGICAL_CI_LOAD/STORE) to the property
"ibm,hypertas-functions" to indicate that we support these hypercalls.
This handles filtering bits based on what is implemented by a
given architecture version. We also use it to copy to LPCR
some of the relevant 970 HID4 bits.
The IOMMU driver may change behavior depending on whether a notifier
client is present. In the case of POWER, this represents a change in
the visibility of the IOTLB, for other drivers such as intel-iommu and
future AMD-Vi emulation, notifier support is not yet enabled and this
provides the opportunity to flag that incompatibility.
Alex Williamson [Thu, 30 Jun 2016 19:00:23 +0000 (13:00 -0600)]
vfio/pci: Hide SR-IOV capability
The kernel currently exposes the SR-IOV capability as read-only
through vfio-pci. This is sufficient to protect the host kernel, but
has the potential to confuse guests without further virtualization.
In particular, OVMF tries to size the VF BARs and comes up with absurd
results, ending with an assert. There's not much point in adding
virtualization to a read-only capability, so we simply hide it for
now. If the kernel ever enables SR-IOV virtualization, we should
easily be able to test it through VF BAR sizing or explicit flags.
Testing whether we should parse extended capabilities is also pulled
into the function to keep these assumptions in one place.
Chen Fan [Thu, 30 Jun 2016 19:00:23 +0000 (13:00 -0600)]
vfio: add pcie extended capability support
For vfio pcie device, we could expose the extended capability on
PCIE bus. due to add a new pcie capability at the tail of the chain,
in order to avoid config space overwritten, we introduce a copy config
for parsing extended caps. and rebuild the pcie extended config space.
Alex Williamson [Thu, 30 Jun 2016 19:00:22 +0000 (13:00 -0600)]
vfio/pci: Fix VGA quirks
Commit 2d82f8a3cdb2 ("vfio/pci: Convert all MemoryRegion to dynamic
alloc and consistent functions") converted VFIOPCIDevice.vga to be
dynamically allocted, negating the need for VFIOPCIDevice.has_vga.
Unfortunately not all of the has_vga users were converted, nor was
the field removed from the structure. Correct these oversights.
Reported-by: Peter Maloney <[email protected]> Tested-by: Peter Maloney <[email protected]> Fixes: 2d82f8a3cdb2 ("vfio/pci: Convert all MemoryRegion to dynamic alloc and consistent functions") Fixes: https://bugs.launchpad.net/qemu/+bug/1591628 Cc: [email protected] Signed-off-by: Alex Williamson <[email protected]>
Peter Maydell [Thu, 30 Jun 2016 16:33:49 +0000 (17:33 +0100)]
linux-user: Fix compilation when F_SETPIPE_SZ isn't defined
Older kernels don't have F_SETPIPE_SZ and F_GETPIPE_SZ (in
particular RHEL6's system headers don't define these). Add
ifdefs so that we can gracefully fall back to not supporting
those guest ioctls rather than failing to build.
Paolo Bonzini [Thu, 30 Jun 2016 14:57:37 +0000 (16:57 +0200)]
pcspk: fix KVM
The link property that was added to the pcspk device has the wrong type:
it is only correct for TCG and for KVM's userspace or split irqchip
options. The default KVM option (fully in-kernel irqchip) breaks
because it uses a PIT whose type is a sibling of TYPE_I8254.
Eric Blake [Tue, 31 May 2016 16:41:30 +0000 (10:41 -0600)]
qapi: Fix memleak in string visitors on int lists
Commit 7f8f9ef1 introduced the ability to store a list of
integers as a sorted list of ranges, but when merging ranges,
it leaks one or more ranges. It was also using range_get_last()
incorrectly within range_compare() (a range is a start/end pair,
but range_get_last() is for start/len pairs), and will also
mishandle a range ending in UINT64_MAX (remember, we document
that no range covers 2**64 bytes, but that ranges that end on
UINT64_MAX have end < begin).
The whole merge algorithm was rather complex, and included
unnecessary passes over data within glib functions, and enough
indirection to make it hard to easily plug the data leaks.
Since we are already hard-coding things to a list of ranges,
just rewrite the thing to open-code the traversal and
comparisons, by making the range_compare() helper function give
us an answer that is easier to use, at which point we avoid the
need to pass any callbacks to g_list_*(). Then by reusing
range_extend() instead of duplicating effort with range_merge(),
we cover the corner cases correctly.
Drop the now-unused range_merge() and ranges_can_merge().
Doing this lets test-string-{input,output}-visitor pass under
valgrind without leaks.
Eric Blake [Tue, 31 May 2016 16:41:29 +0000 (10:41 -0600)]
qapi: Simplify use of range.h
Calling our function g_list_insert_sorted_merged is a misnomer,
since we are NOT writing a glib function. Furthermore, we are
making every caller pass the same comparator function of
range_merge(): any caller that would try otherwise would break
in weird ways since our internal call to ranges_can_merge() is
hard-coded to operate only on ranges, rather than paying
attention to the caller's comparator.
Better is to fix things so that callers don't have to care about
our internal comparator, by picking a function name and updating
the parameter type away from a gratuitous use of void*, to make
it obvious that we are operating specifically on a list of ranges
and not a generic list. Plus, refactoring the code here will
make it easier to plug a memory leak in the next patch.
range_compare() is now internal only, and moves to the .c file.
Eric Blake [Tue, 31 May 2016 16:41:28 +0000 (10:41 -0600)]
range: Create range.c for code that should not be inline
g_list_insert_sorted_merged() is rather large to be an inline
function; move it to its own file. range_merge() and
ranges_can_merge() can likewise move, as they are only used
internally. Also, it becomes obvious that the condition within
range_merge() is already satisfied by its caller, and that the
return value is not used.
The diffstat is misleading, because of the copyright boilerplate.
Eric Blake [Wed, 15 Jun 2016 17:37:51 +0000 (11:37 -0600)]
qapi: Fix crash on missing alternate member of QAPI struct
If a QAPI struct has a mandatory alternate member which is not
present on input, the input visitor reports an error for the
missing alternate without setting the discriminator, but the
cleanup code for the struct still tries to use the dealloc
visitor to clean up the alternate.
Commit dbf11922 changed visit_start_alternate to set *obj to NULL
when an error occurs, where it was previously left untouched.
Thus, before the patch, the dealloc visitor is blindly trying to
cleanup whatever branch corresponds to (*obj)->type == 0 (that is,
QTYPE_NONE, because *obj still pointed to zeroed memory), which
selects the default branch of the switch and sets an error, but
this second error is ignored by the way the dealloc visitor is
used; but after the patch, the attempt to switch dereferences NULL.
When cleaning up after a partial object parse, we specifically
check for !*obj after visit_start_struct() (see gen_visit_object());
doing the same for alternates fixes the crash. Enhance the testsuite
to give coverage for both missing struct and missing alternate
members.
Also add an abort - we expect visit_start_alternate() to either set an
error or to set (*obj)->type to a valid QType that corresponds to
actual user input, and QTYPE_NONE should never be reachable from valid
input. Had the abort() been in place earlier, we might have noticed
the dealloc visitor dereferencing bogus zeroed memory prior to when
commit dbf11922 forced our hand by setting *obj to NULL and causing a
fault.
The choice of 'driver':'raw' selects a BlockdevOptionsGenericFormat
struct, which has a mandatory 'file':'BlockdevRef' in QAPI. Since
'file' is missing as a sibling of 'driver', this should report a
graceful error rather than fault. After this patch, we are back to:
{"error": {"class": "GenericError", "desc": "Parameter 'file' is missing"}}
Eric Blake [Fri, 10 Jun 2016 02:48:06 +0000 (20:48 -0600)]
qobject: Correct JSON lexer grammar comments
Fix the regex comments describing what we parse as JSON. No change
to the lexer itself, just to the comments:
- The "" and '' string construction was missing alternation between
different escape sequences
- The construction for numbers forgot to handle optional leading '-'
- The construction for numbers was grouped incorrectly so that it
didn't permit '0.1'
- The construction for numbers forgot to mark the exponent as optional
- No mention that our '' string and "\'" are JSON extensions
- No mention of our %d and related extensions when constructing JSON
Eric Blake [Wed, 18 May 2016 21:46:52 +0000 (15:46 -0600)]
json-streamer: Don't leak tokens on incomplete parse
Valgrind complained about a number of leaks in
tests/check-qobject-json:
==12657== definitely lost: 17,247 bytes in 1,234 blocks
All of which had the same root cause: on an incomplete parse,
we were abandoning the token queue without cleaning up the
allocated data within each queue element. Introduced in
commit 95385fe, when we switched from QList (which recursively
frees contents) to g_queue (which does not).
We don't yet require glib 2.32 with its g_queue_free_full(),
so open-code it instead.
Blue hasn't been active in the QEMU project for a long time. Drop his
last MAINTAINERS entries.
As per Paolo's recommendation, downgrade status of "BSD user" from
Maintained to Orphan since the FreeBSD guys effectively forked it, and
"SPARC target" from Maintained to Odd Fixes, since we still have the
overall TCG maintainer looking after it.
I'm leaving Checkpatch's status at Odd Fixes. Calling it Maintained
wouldn't be wrong, but I'm not comfortable upgrading it while nobody
is willing to have his name nailed to the thing.
* remotes/cody/tags/block-pull-request:
mirror: fix misleading comments
blockjob: assert(cb) when create job
iotests: add small-granularity mirror test
mirror: limit niov to IOV_MAX elements, again
mirror: clarify mirror_do_read return code
block/gluster: add support for selecting debug logging level
mirror: fix trace_mirror_yield_in_flight usage in mirror_iteration()
block/nfs: add support for libnfs pagecache
block/nfs: refuse readahead if cache.direct is on
block/gluster: add support for SEEK_DATA/SEEK_HOLE
Peter Maydell [Wed, 29 Jun 2016 13:07:57 +0000 (14:07 +0100)]
Merge remote-tracking branch 'remotes/stefanha/tags/tracing-pull-request' into staging
# gpg: Signature made Tue 28 Jun 2016 22:27:20 BST
# gpg: using RSA key 0x9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <[email protected]>"
# gpg: aka "Stefan Hajnoczi <[email protected]>"
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8
* remotes/stefanha/tags/tracing-pull-request:
trace: [*-user] Add events to trace guest syscalls in syscall emulation mode
trace: enable tracing in qemu-img
qemu-img: move common options parsing before commands processing
trace: enable tracing in qemu-nbd
trace: enable tracing in qemu-io
trace: move qemu_trace_opts to trace/control.c
doc: move text describing --trace to specific .texi file
doc: sync help description for --trace with man for qemu.1
Andrew Jones [Tue, 21 Jun 2016 16:34:04 +0000 (18:34 +0200)]
vl: smp_parse: fix regression
Commit 0544edd88a "vl: smp_parse: cleanups" regressed any -smp
config that left either cores or threads unspecified, and specified
a topology supporting more cpus than the given online cpus. The
correct way to calculate the missing parameter would be to use
maxcpus, but it's too late to change that now. Restore the old
way, which is to calculate it with the online cpus (as is still
done), but then, if the result is zero, just set it to one.
Paolo Bonzini [Mon, 20 Jun 2016 13:02:40 +0000 (15:02 +0200)]
char: change qemu_chr_fe_add_watch to return unsigned
g_source_attach can return any value between 1 and UINT_MAX if you let
QEMU run long enough. However, qemu_chr_fe_add_watch can also return
a negative errno value when the device is disconnected or does not
support chr_add_watch. Change it to return zero to avoid overloading
these values.
Fix the cadence_uart which asserts in this case (easily obtained with
"-serial pty").
Paolo Bonzini [Mon, 20 Jun 2016 13:08:20 +0000 (15:08 +0200)]
serial: separate serial_xmit and serial_watch_cb
serial_xmit starts transmission of whatever is in the transmitter
register, THR or FIFO; serial_watch_cb is a wrapper around it and is
only used as a qemu_chr_fe_add_watch callback.
Paolo Bonzini [Tue, 14 Jun 2016 12:20:50 +0000 (14:20 +0200)]
serial: simplify tsr_retry reset
Move common code outside the if, and reset tsr_retry even in loopback mode.
Right now it cannot become non-zero, but it will be possible as soon as
we start respecting the baud rate.
Peter Lieven [Mon, 20 Jun 2016 09:24:40 +0000 (11:24 +0200)]
iscsi: fix assertion in is_sector_request_lun_aligned
Commit 94d047a added an assertion the the request alignment check.
This introduced 2 issues:
a) A off-by-one error since a request of BDRV_REQUEST_MAX_SECTORS
is actually allowed.
b) The bdrv_get_block_status call in the read path to check the allocation
status requests up to INT_MAX sectors which triggers the assertion.
This function needs to be converted to QOM hook and virtualised for
multi-arch. This rename interferes, as cpu-qom will not have access
to the renaming causing name divergence. This rename doesn't really do
anything anyway so just delete it.
Lin Ma [Wed, 15 Jun 2016 17:05:27 +0000 (01:05 +0800)]
pci-assign: Move "Invalid ROM" error message to pci-assign-load-rom.c
In function pci_assign_dev_load_option_rom, For those pci devices don't
have 'rom' file under sysfs or if loading ROM from external file, The
function returns NULL, and won't set the passed 'size' variable.
In these 2 cases, qemu still reports "Invalid ROM" error message, Users
may be confused by it.
Paolo Bonzini [Mon, 20 Jun 2016 14:32:39 +0000 (16:32 +0200)]
scsi: esp: fix migration
Commit 926cde5 ("scsi: esp: make cmdbuf big enough for maximum CDB size",
2016-06-16) changed the size of a migrated field. Split it in two
parts, and only migrate the second part in a new vmstate version.
Efimov Vasily [Wed, 22 Jun 2016 12:24:57 +0000 (15:24 +0300)]
MC146818 RTC: add GPIO access to output IRQ
The MC146818 RTC device has output IRQ line. Currently the corresponding field
is only accessible through direct access. Such access violates Qemu model.
The patch makes the field accessible through GPIO. It also updates the setting
of the IRQ during initialization.
Efimov Vasily [Wed, 22 Jun 2016 12:24:55 +0000 (15:24 +0300)]
ICH9 LPC: move call of isa_bus_irqs to 'realize' method
The isa_bus_irqs function initializes ISA bus IRQ array pointer with specified
value.
Previously the ICH9 LPC bridge model did not have its own IRQs but
only IRQ pointer cache. And same GSI were used for ISA bus and other sources
behind the bridge (PCI, SCI). Hence, the pc_q35_init was only possible place to
setup both ISA bus IRQs and the bridge IRQ cache.
As a result, the call of isa_bus_irqs was made from pc_q35_init.
Now the ICH9 LPC bridge has its own output IRQs which are connected to GSI. The
output IRQs are already used to route IRQs from PCI and SCI.
The patch makes the ICH9 LPC bridge output IRQs to used for ISA bus too.
projects / qemu.git / log