Max Reitz [Mon, 18 Aug 2014 20:07:33 +0000 (22:07 +0200)]
qcow2: Add runtime options for cache sizes
Add options for specifying the size of the metadata caches. This can
either be done directly for each cache (if only one is given, the other
will be derived according to a default ratio) or combined for both.
Max Reitz [Mon, 18 Aug 2014 20:07:31 +0000 (22:07 +0200)]
qcow2: Constant cache size in bytes
Specifying the metadata cache sizes in clusters results in less clusters
(and much less bytes) covered for small cluster sizes and vice versa.
Using a constant byte size reduces this difference, and makes it
possible to manually specify the cache size in an easily comprehensible
unit.
Maria Kustova [Mon, 18 Aug 2014 20:02:35 +0000 (00:02 +0400)]
runner: Kill a program under test by time-out
If a program under test get frozen, the test should finish and report about its
failure.
In such cases the runner waits for 10 minutes until the program ends its
execution. After this time-out the program will be terminated and the test will
be marked as failed.
For current limitation of test image size to 10 MB as a maximum an execution of
each command takes about several seconds in general, so 10 minutes is enough to
discriminate freeze, but not drastically increase an overall test duration.
block: Use g_new() & friends to avoid multiplying sizes
g_new(T, n) is safer than g_malloc(sizeof(*v) * n) for two reasons.
One, it catches multiplication overflowing size_t. Two, it returns
T * rather than void *, which lets the compiler catch more type
errors.
Perhaps a conversion to g_malloc_n() would be neater in places, but
that's merely four years old, and we can't use such newfangled stuff.
This commit only touches allocations with size arguments of the form
sizeof(T), plus two that use 4 instead of sizeof(uint32_t). We can
make the others safe by converting to g_malloc_n() when it becomes
available to us in a couple of years.
block: Use g_new() & friends where that makes obvious sense
g_new(T, n) is neater than g_malloc(sizeof(T) * n). It's also safer,
for two reasons. One, it catches multiplication overflowing size_t.
Two, it returns T * rather than void *, which lets the compiler catch
more type errors.
Patch created with Coccinelle, with two manual changes on top:
* Add const to bdrv_iterate_format() to keep the types straight
* Convert the allocation in bdrv_drop_intermediate(), which Coccinelle
inexplicably misses
Coccinelle semantic patch:
@@
type T;
@@
-g_malloc(sizeof(T))
+g_new(T, 1)
@@
type T;
@@
-g_try_malloc(sizeof(T))
+g_try_new(T, 1)
@@
type T;
@@
-g_malloc0(sizeof(T))
+g_new0(T, 1)
@@
type T;
@@
-g_try_malloc0(sizeof(T))
+g_try_new0(T, 1)
@@
type T;
expression n;
@@
-g_malloc(sizeof(T) * (n))
+g_new(T, n)
@@
type T;
expression n;
@@
-g_try_malloc(sizeof(T) * (n))
+g_try_new(T, n)
@@
type T;
expression n;
@@
-g_malloc0(sizeof(T) * (n))
+g_new0(T, n)
@@
type T;
expression n;
@@
-g_try_malloc0(sizeof(T) * (n))
+g_try_new0(T, n)
@@
type T;
expression p, n;
@@
-g_realloc(p, sizeof(T) * (n))
+g_renew(T, p, n)
@@
type T;
expression p, n;
@@
-g_try_realloc(p, sizeof(T) * (n))
+g_try_renew(T, p, n)
Peter Maydell [Tue, 19 Aug 2014 12:00:57 +0000 (13:00 +0100)]
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
SCSI changes that enable sending vendor-specific commands via virtio-scsi.
Memory changes for QOMification and automatic tracking of MR lifetime.
# gpg: Signature made Mon 18 Aug 2014 13:03:09 BST using RSA key ID 9B4D86F2
# gpg: Good signature from "Paolo Bonzini <[email protected]>"
# gpg: aka "Paolo Bonzini <[email protected]>"
* remotes/bonzini/tags/for-upstream:
mtree: remove write-only field
memory: Use canonical path component as the name
memory: Use memory_region_name for name access
memory: constify memory_region_name
exec: Abstract away ref to memory region names
loader: Abstract away ref to memory region names
tpm_tis: remove instance_finalize callback
memory: remove memory_region_destroy
memory: convert memory_region_destroy to object_unparent
ioport: split deletion and destruction
nic: do not destroy memory regions in cleanup functions
vga: do not dynamically allocate chain4_alias
sysbus: remove unused function sysbus_del_io
qom: object: move unparenting to the child property's release callback
qom: object: delete properties before calling instance_finalize
virtio-scsi: implement parse_cdb
scsi-block, scsi-generic: implement parse_cdb
scsi-block: extract scsi_block_is_passthrough
scsi-bus: introduce parse_cdb in SCSIDeviceClass and SCSIBusInfo
scsi-bus: prepare scsi_req_new for introduction of parse_cdb
The function monitor_fdset_dup_fd_find_remove() references member of
'mon_fdset' which - when remove flag is set - may be freed in function
monitor_fdset_cleanup().
remove is set by monitor_fdset_dup_fd_remove which in practice
does not need the returned value, so make it void,
and return -1 from monitor_fdset_dup_fd_find_remove.
Peter Maydell [Mon, 18 Aug 2014 17:24:38 +0000 (18:24 +0100)]
Merge remote-tracking branch 'remotes/amit/for-2.2' into staging
* remotes/amit/for-2.2:
virtio-serial: search for duplicate port names before adding new ports
virtio-serial: create a linked list of all active devices
Amit Shah [Tue, 15 Jul 2014 04:47:02 +0000 (10:17 +0530)]
virtio-serial: search for duplicate port names before adding new ports
Before adding new ports to VirtIOSerial devices, check if there's a
conflict in the 'name' parameter. This ensures two virtserialports with
identical names are not initialized.
Amit Shah [Wed, 16 Jul 2014 11:08:50 +0000 (16:38 +0530)]
virtio-serial: create a linked list of all active devices
To ensure two virtserialports don't get added to the system with the
same 'name' parameter, we need to access all the ports on all the
devices added, and compare the names.
We currently don't have a list of all VirtIOSerial devices added to the
system. This commit adds a simple linked list in which devices are put
when they're initialized, and removed when they go away.
Peter Maydell [Mon, 18 Aug 2014 11:55:02 +0000 (12:55 +0100)]
Merge remote-tracking branch 'remotes/mcayland/qemu-sparc' into staging
* remotes/mcayland/qemu-sparc:
target-sparc64: implement Short Floating-Point Store Instructions
apb: add IOMMU flush register implementation
sun4u: switch second PCI-ebus bridge BAR over to PCI IO space
Peter Maydell [Mon, 18 Aug 2014 10:59:26 +0000 (11:59 +0100)]
Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging
Block pull request
# gpg: Signature made Fri 15 Aug 2014 18:04:23 BST using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <[email protected]>"
# gpg: aka "Stefan Hajnoczi <[email protected]>"
* remotes/stefanha/tags/block-pull-request: (55 commits)
qcow2: fix new_blocks double-free in alloc_refcount_block()
image-fuzzer: Reduce number of generator functions in __init__
image-fuzzer: Add generators of L1/L2 tables
image-fuzzer: Add fuzzing functions for L1/L2 table entries
docs: Expand the list of supported image elements with L1/L2 tables
image-fuzzer: Public API for image-fuzzer/runner/runner.py
image-fuzzer: Generator of fuzzed qcow2 images
image-fuzzer: Fuzzing functions for qcow2 images
image-fuzzer: Tool for fuzz tests execution
docs: Specification for the image fuzzer
ide: only constrain read/write requests to drive size, not other types
virtio-blk: Correct bug in support for flexible descriptor layout
libqos: Change free function called in malloc
libqos: Correct mask to align size to PAGE_SIZE in malloc-pc
libqtest: add QTEST_LOG for debugging qtest testcases
ide: Fix segfault when flushing a device that doesn't exist
qemu-options: add missing -drive discard option to cmdline help
parallels: 2TB+ parallels images support
parallels: split check for parallels format in parallels_open
parallels: replace tabs with spaces in block/parallels.c
...
Rather than having the name as separate state. This prepares support
for creating a MemoryRegion dynamically (i.e. without
memory_region_init() and friends) and the MemoryRegion still getting
a usable name.
Despite being local to memory.c, use the helper function. This prepares
support for fully QOMifiying the name field of MR (which will remove
this state from MR completely).
Paolo Bonzini [Wed, 11 Jun 2014 10:42:01 +0000 (12:42 +0200)]
memory: convert memory_region_destroy to object_unparent
Explicitly call object_unparent in the few places where we
will re-create the memory region. If the memory region is
simply being destroyed as part of device teardown, let QOM
handle it.
Paolo Bonzini [Wed, 11 Jun 2014 11:02:51 +0000 (13:02 +0200)]
ioport: split deletion and destruction
Of the two functions portio_list_del and portio_list_destroy,
the latter is just freeing a memory area. However, portio_list_del
is the logical equivalent of memory_region_del_subregion so
destruction of memory regions does not belong there.
Actually, neither of these APIs are in use; portio is mostly used by
ISA devices or VGAs, and neither of these is currently hot-unpluggable.
Paolo Bonzini [Wed, 11 Jun 2014 10:23:03 +0000 (12:23 +0200)]
nic: do not destroy memory regions in cleanup functions
The memory regions should be destroyed in the unrealize function;
since these NICs are not even qdev-ified, they cannot be unplugged
and they do not have to do anything to destroy their memory regions.
Paolo Bonzini [Wed, 11 Jun 2014 10:19:25 +0000 (12:19 +0200)]
vga: do not dynamically allocate chain4_alias
Instead, add a boolean variable to indicate the presence of the region.
This avoids a repeated malloc/free (later we can also avoid the
add_child/unparent by changing the offset/size of the alias).
Paolo Bonzini [Wed, 11 Jun 2014 09:57:38 +0000 (11:57 +0200)]
qom: object: move unparenting to the child property's release callback
This ensures that the unparent callback is called automatically
when the parent object is finalized.
Note that there's no need to keep a reference neither in
object_unparent nor in object_finalize_child_property. The
reference held by the child property itself will do.
Mark Cave-Ayland [Mon, 11 Aug 2014 11:22:52 +0000 (12:22 +0100)]
apb: add IOMMU flush register implementation
The IOMMU flush register is a write-only register used to remove entries from the
hardware TLB. Allow guest writes to this register as a no-op, and return a value
of 0 for reads.
This fixes IOMMU DMA operations under NetBSD SPARC64.
sun4u: switch second PCI-ebus bridge BAR over to PCI IO space
The ebus is the sun4u equivalent of the old ISA bus which is already mapped at
the beginning of PCI IO space within QEMU. NetBSD attempts to find the physical
addresses of devices connected to the ebus by parsing the BARs of the PCI-ebus
bridge and using the base address found by matching both the address space
type and range for a particular ebus address.
Since the second PCI-ebus bridge BAR is already aliased onto IO space, switch
the BAR over to match and reduce the size to 0x1000 which is enough to cover
all the legacy ioport devices whilst leaving the remaining IO space for other
PCI devices. This allows NetBSD SPARC64 to correctly detect and access devices
on the ebus.
Peter Maydell [Fri, 15 Aug 2014 17:44:47 +0000 (18:44 +0100)]
Merge remote-tracking branch 'remotes/mjt/tags/trivial-patches-2014-08-15' into staging
trivial patches for 2014-08-15
# gpg: Signature made Fri 15 Aug 2014 16:13:03 BST using RSA key ID A4C3D7DB
# gpg: Good signature from "Michael Tokarev <[email protected]>"
# gpg: aka "Michael Tokarev <[email protected]>"
# gpg: aka "Michael Tokarev <[email protected]>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5
# Subkey fingerprint: 6F67 E18E 7C91 C5B1 5514 66A7 BEE5 9D74 A4C3 D7DB
* remotes/mjt/tags/trivial-patches-2014-08-15:
ivshmem: check the value returned by fstat()
l2cap: fix access to freed memory
intc: i8259: Convert Array allocation to g_new0
ppc: convert g_new(qemu_irq usages to g_new0
ssi: xilinx_spi: Initialise CS GPIOs as NULL
vl: free err
qemu-options.hx: fix typo about l2tpv3
vmxnet3: don't use 'Yoda conditions'
vl: don't use 'Yoda conditions'
spice: don't use 'Yoda conditions'
don't use 'Yoda conditions'
isa-bus: don't use 'Yoda conditions'
audio: don't use 'Yoda conditions'
usb: don't use 'Yoda conditions'
CODING_STYLE: Section about conditional statement
pci-host: update uncorresponding description
pci-host: update obsolete reference about piix_pci.c
qemu-options.hx: fix a typo of chardev
memory: Update obsolete comment about AddrRange field type
apic: Fix reported DFR content
Stefan Hajnoczi [Fri, 15 Aug 2014 16:59:54 +0000 (17:59 +0100)]
qcow2: fix new_blocks double-free in alloc_refcount_block()
Commit de82815db1c89da058b7fb941dab137d6d9ab738 ("qcow2: Handle failure
for potentially large allocations") introduced a double-free of
new_blocks in the alloc_refcount_block() error path.
The qemu-iotests qcow2 026 test case was failing because qemu-io
segfaulted.
Make sure new_blocks is NULL after we free it the first time.
Maria Kustova [Mon, 11 Aug 2014 11:27:46 +0000 (15:27 +0400)]
image-fuzzer: Reduce number of generator functions in __init__
Some issues can be found only when a fuzzed image has a partial structure,
e.g. has L1/L2 tables but no refcount ones. Generation of an entirely
defined image limits these cases. Now the Image constructor creates only
a header and a backing file name (if any), other image elements are generated
in the 'create_image' API.
Maria Kustova [Mon, 11 Aug 2014 11:01:10 +0000 (15:01 +0400)]
image-fuzzer: Add generators of L1/L2 tables
Entries in L1/L2 entries are based on a portion of random guest clusters.
L2 entries contain offsets to host image clusters filled with random data.
Clusters for L1/L2 tables and guest data are selected randomly.
Maria Kustova [Mon, 11 Aug 2014 10:34:01 +0000 (14:34 +0400)]
image-fuzzer: Generator of fuzzed qcow2 images
The layout submodule of the qcow2 package creates a random valid image,
randomly selects some amount of its fields, fuzzes them and write the fuzzed
image to the file. Fuzzing process can be controlled by an external
configuration.
Maria Kustova [Mon, 11 Aug 2014 10:34:00 +0000 (14:34 +0400)]
image-fuzzer: Fuzzing functions for qcow2 images
The fuzz submodule of the qcow2 image generator contains fuzzing functions for
image fields.
Each fuzzing function contains a list of constraints and a call of a helper
function that randomly selects a fuzzed value satisfied to one of constraints.
For now constraints include only known as invalid or potentially dangerous
values. But after investigation of code coverage by fuzz tests they will be
expanded by heuristic values based on inner checks and flows of a program
under test.
Now fuzzing of a header, header extensions and a backing file name is
supported.
Maria Kustova [Mon, 11 Aug 2014 10:33:59 +0000 (14:33 +0400)]
image-fuzzer: Tool for fuzz tests execution
The purpose of the test runner is to prepare the test environment (e.g. create
a work directory, a test image, etc), execute a program under test with
parameters, indicate a test failure if the program was killed during the test
execution and collect core dumps, logs and other test artifacts.
The test runner doesn't depend on an image format, so it can be used with any
external image generator.
[Fixed path to qcow2 format module "qcow2" instead of "../qcow2" since
runner.py is no longer in a sub-directory.
--Stefan]
Michael Tokarev [Wed, 13 Aug 2014 07:23:31 +0000 (11:23 +0400)]
ide: only constrain read/write requests to drive size, not other types
Commit 58ac321135a introduced a check to ide dma processing which
constrains all requests to drive size. However, apparently, some
valid requests (like TRIM) does not fit in this constraint, and
fails in 2.1. So check the range only for reads and writes.
Marc Marà [Tue, 12 Aug 2014 11:41:51 +0000 (13:41 +0200)]
virtio-blk: Correct bug in support for flexible descriptor layout
Without this correction, only a three descriptor layout is accepted, and
requests with just two descriptors are not completed and no error message is
displayed.
Parallels has released in the recent updates of Parallels Server 5/6
new addition to his image format. Images with signature WithouFreSpacExt
have offsets in the catalog coded not as offsets in sectors (multiple
of 512 bytes) but offsets coded in blocks (i.e. header->tracks * 512)
In this case all 64 bits of header->nb_sectors are used for image size.
This patch implements support of this for qemu-img and also adds specific
check for an incorrect image. Images with block size greater than
INT_MAX/513 are not supported. The biggest available Parallels image
cluster size in the field is 1 Mb. Thus this limit will not hurt
anyone.
parallels: split check for parallels format in parallels_open
and rework error path a bit. There is no difference at the moment, but
the code will be definitely shorter when additional processing will
be required for WithouFreSpacExt
parallels: extend parallels format header with actual data values
Parallels image format has several additional fields inside:
- nb_sectors is actually 64 bit wide. Upper 32bits are not used for
images with signature "WithoutFreeSpace" and must be explicitly
zeroed according to Parallels. They will be used for images with
signature "WithouFreSpacExt"
- inuse is magic which means that the image is currently opened for
read/write or was not closed correctly, the magic is 0x746f6e59
- data_off is the location of the first data block. It can be zero
and in this case data starts just beyond the header aligned to
512 bytes. Though this field does not matter for read-only driver
This patch adds these values to struct parallels_header and adds
proper handling of nb_sectors for currently supported WithoutFreeSpace
images.
The dataplane code is currently doing a hard exit if it fails to set
up either guest or host notifiers. In practice, this may mean that a
guest suddenly dies after a dataplane device failed to come up (e.g.,
when a file descriptor limit is hit for tne nth device).
Let's just try to unwind the setup instead and return.
Gonglei [Mon, 11 Aug 2014 09:34:21 +0000 (17:34 +0800)]
channel-posix: using qemu_set_nonblock() instead of fcntl(O_NONBLOCK)
Technically, fcntl(soc, F_SETFL, O_NONBLOCK)
is incorrect since it clobbers all other file flags.
We can use F_GETFL to get the current flags, set or
clear the O_NONBLOCK flag, then use F_SETFL to set the flags.
Gonglei [Mon, 11 Aug 2014 09:34:20 +0000 (17:34 +0800)]
qemu-char: using qemu_set_nonblock() instead of fcntl(O_NONBLOCK)
Technically, fcntl(soc, F_SETFL, O_NONBLOCK)
is incorrect since it clobbers all other file flags.
We can use F_GETFL to get the current flags, set or
clear the O_NONBLOCK flag, then use F_SETFL to set the flags.
cmd646: synchronise DMA interrupt status with UDMA interrupt status
Make sure that the standard DMA interrupt status bits reflect any changes made
to the UDMA interrupt status bits. The CMD646U2 datasheet claims that these
bits are equivalent, and they must be synchronised for guests that manipulate
both registers.
John Snow [Mon, 4 Aug 2014 21:11:25 +0000 (17:11 -0400)]
qtest/ide: Fix small memory leak
For libqos debugging purposes, it's nice to
be able to assert that tests and associated libraries
have no memory leaks. To that end, free up the
trivial cmdline leak.
The remaining leaks caused by pc_alloc_init are fixed
instead by my first-fit pc_alloc implementation already
on the qemu-devel mailing list.
John Snow [Mon, 4 Aug 2014 21:11:24 +0000 (17:11 -0400)]
libqos: allow qpci_iomap to return BAR mapping size
This patch allows qpci_iomap to return the size of the
BAR mapping that it created, to allow driver applications
(e.g, ahci-test) to make determinations about the suitability
or the mapping size, or in the specific case of AHCI, how
many ports are supported by the HBA.
John Snow [Mon, 4 Aug 2014 21:11:23 +0000 (17:11 -0400)]
libqos: Fixes a small memory leak.
Allow users the chance to clean up the QPCIBusPC structure
by adding a small cleanup routine. Helps clear up small
memory leaks during setup/teardown, to allow for cleaner
debug output messages.
John Snow [Mon, 4 Aug 2014 21:11:22 +0000 (17:11 -0400)]
libqtest: Correct small memory leak.
Fixes a small memory leak inside of libqtest.
After we produce a test path and glib copies the string
for itself, we should clean up our temporary copy.
John Snow [Mon, 4 Aug 2014 21:11:20 +0000 (17:11 -0400)]
qtest: Adding qtest_memset and qmemset.
Currently, libqtest allows for memread and memwrite, but
does not offer a simple way to zero out regions of memory.
This patch adds a simple function to do so.
Paolo Bonzini [Mon, 4 Aug 2014 21:11:18 +0000 (17:11 -0400)]
ahci: construct PIO Setup FIS for PIO commands
PIO commands should put a PIO Setup FIS in the receive area when data
transfer ends. Currently QEMU does not do this and only places the
D2H FIS at the end of the operation.
Paolo Bonzini [Mon, 4 Aug 2014 21:11:17 +0000 (17:11 -0400)]
ide: make all commands go through cmd_done
AHCI has code to fill in the D2H FIS trigger the IRQ all over the place.
Centralize this in a single cmd_done callback by generalizing the existing
async_cmd_done callback.
Paolo Bonzini [Mon, 4 Aug 2014 21:11:11 +0000 (17:11 -0400)]
ide: remove wrong setting of BM_STATUS_INT
Similar to the case removed in commit 69c38b8 (ide/core: Remove explicit
setting of BM_STATUS_INT, 2011-05-19), the only remaining use of
add_status(..., BM_STATUS_INT) is for short PRDs. The flag should
not be raised in this case.
Peter Maydell [Fri, 15 Aug 2014 16:43:51 +0000 (17:43 +0100)]
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
post-2.1 bugfixes
A bunch of fixes that missed 2.1 by a small margin.
If we do 2.1.1, some of these would be good candidates,
added Cc qemu-stable as appropriate.
Signed-off-by: Michael S. Tsirkin <[email protected]>
# gpg: Signature made Thu 14 Aug 2014 17:07:25 BST using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <[email protected]>"
# gpg: aka "Michael S. Tsirkin <[email protected]>"
* remotes/mst/tags/for_upstream:
pc: Get rid of pci-info leftovers
e1000: use symbolic constants to init phy ctrl & status registers
e1000: correctly handle phy_ctrl reserved & self-clearing bits
ivshmem: fix building when debug mode is enabled
acpi: align RSDP
numa: show hex number in error message for consistency and prefix them with 0x
pc-dimm: fix up error message
pc-dimm: validate node property
hw:i386: typo fix: MEMORY_HOPTLUG_DEVICE -> MEMORY_HOTPLUG_DEVICE
hw/audio/intel-hda: Fix MSI capability address
pc: Create 2.2 machine type
pci: Use bus master address space for delivering MSI/MSI-X messages
projects / qemu.git / log