tests/qapi-schema: Cover non-string, non-dictionary members
We always report "should be a dictionary" then. This is misleading:
when allow_dict, it can be a dictionary or a type name string, else it
can only be a type name.
qapi: Drop one of two "simple union must not have base" checks
The first check ensures the second one can't trigger. Drop the first
one, because the second one is in a more logical place, and emits a
nicer error message.
qapi: Command returning anonymous type doesn't work, outlaw
Reproducer: with
{ 'command': 'user_def_cmd4', 'returns': { 'a': 'int' } }
added to qapi-schema-test.json, qapi-commands.py dies when it tries to
generate the command handler function
Traceback (most recent call last):
File "/work/armbru/qemu/scripts/qapi-commands.py", line 359, in <module>
ret = generate_command_decl(cmd['command'], arglist, ret_type) + "\n"
File "/work/armbru/qemu/scripts/qapi-commands.py", line 29, in generate_command_decl
ret_type=c_type(ret_type), name=c_name(name),
File "/work/armbru/qemu/scripts/qapi.py", line 927, in c_type
assert isinstance(value, str) and value != ""
AssertionError
because the return type doesn't exist.
Simply outlaw this usage, and drop or dumb down test cases accordingly.
tests/qapi-schema: Rename tests from data- to args-
Since every schema entity has 'data', the data- prefix conveys no
information. These tests actually exercise commands. Only commands
have arguments, so change the prefix to to args-.
Eric Blake [Thu, 30 Jul 2015 22:33:07 +0000 (16:33 -0600)]
qapi: Document that input visitor semantics are prone to leaks
Most functions that can return a pointer or set an Error ** value
are decent enough to guarantee a NULL return when reporting an error.
Not so with our generated qapi visitor functions. If the caller
is not careful to clean up partially-allocated objects on error,
then the caller suffers a memory leak.
Properly fixing it is probably complex enough to save for a later
day, so merely document it for now.
tests/qapi-schema: Document events with base don't work
When event FOO's 'data' is a struct with a base, we consider only the
struct's direct members, and ignore its base. The generated
qapi_event_send_foo() doesn't take arguments for base members.
tests/qapi-schema: Document alternate's enum lacks visit function
We generate a declaration, but no definition.
The QMP schema has two: Qcow2OverlapChecks and BlockdevRef. Neither
visit_type_Qcow2OverlapChecksKind() nor visit_type_BlockdevRefKind()
is actually used.
qapi-visit: Fix two name arguments passed to visitors
The generated code passes mangled schema names to visit_type_enum()
and union's visit_start_struct(). Fix it to pass the names
unadulterated, like we do everywhere else.
Only qapi-schema-test.json actually has names where this makes a
difference: enum __org.qemu_x-Enum, flat union __org.qemu_x-Union2,
simple union __org.qemu_x-Union1 and its implicit enum
__org.qemu_x-Union1Kind.
qapi-visit: Fix generated code when schema has forward refs
The visit_type_implicit_FOO() are generated on demand, right before
their first use. Used by visit_type_STRUCT_fields() when STRUCT has
base FOO, and by visit_type_UNION() when flat UNION has member a FOO.
If the schema defines FOO after its first use as struct base or flat
union member, visit_type_implicit_FOO() calls
visit_type_implicit_FOO() before its definition, which doesn't
compile.
Rearrange qapi-schema-test.json to demonstrate the bug.
Fix by generating the necessary forward declaration.
Change to put all base members at the beginning, unadulterated. Not
only is this easier to understand, it also permits casting the flat
union to its base, if that should become useful.
We now generate:
struct UserDefFlatUnion
{
/* Members inherited from UserDefUnionBase: */
char *string;
EnumOne enum1;
/* Own members: */
union { /* union tag is @enum1 */
void *data;
UserDefA *value1;
UserDefB *value2;
UserDefB *value3;
};
};
qapi: Drop unused and useless parameters and variables
gen_sync_call()'s parameter indent is useless: gen_sync_call() uses it
only as optional argument for push_indent() and pop_indent(), their
default is four, and gen_sync_call()'s only caller passes four. Drop
the parameter.
gen_visitor_input_containers_decl()'s parameter obj is always
"QOBJECT(args)". Use that, and drop the parameter.
Drop unused parameters of gen_marshal_output(),
gen_marshal_input_decl(), generate_visit_struct_body(),
generate_visit_list(), generate_visit_enum(), generate_declaration(),
generate_enum_declaration(), generate_decl_enum().
Drop unused variables in generate_event_enum_lookup(),
generate_enum_lookup(), generate_visit_struct_fields(), check_event().
qapi-event: Clean up how name of enum QAPIEvent is made
Use c_name() instead of ad hoc code. Doesn't upcase the -p prefix,
which is an improvement in my book. Unbreaks prefix containing '.',
but other funny characters remain broken. To be fixed next.
Commit 05dfb26 added eatspace stripping to mcgen(). Move it to
cgen(), just in case somebody gets tempted to use cgen() directly
instead of via mcgen().
cgen() indents blank lines. No such lines get generated right now,
but fix it anyway.
We use triple-quoted strings for program text, like this:
'''
Program text
any number of lines
'''
Keeps the program text relatively readable, but puts an extra newline
at either end. mcgen() "fixes" that by dropping the first and last
line outright. Drop only the newlines.
This unmasks a bug in qapi-commands.py: four quotes instead of three.
Fix it up.
Routines to save/load guest storage keys are provided. register_savevm is
called to register them as migration handlers.
We prepare the protocol to support more complex parameters. So we will
later be able to support standby memory (having empty holes), compression
and "state live migration" like done for ram.
Jason J. Herne [Fri, 26 Jun 2015 18:10:16 +0000 (14:10 -0400)]
s390x: Info skeys sub-command
Provide an info skeys hmp sub-command to allow the end user to dump a storage
key for a given address. This is useful for guest operating system developers.
Jason J. Herne [Fri, 26 Jun 2015 18:03:16 +0000 (14:03 -0400)]
s390x: Dump storage keys qmp command
Provide a dump-skeys qmp command to allow the end user to dump storage
keys. This is useful for debugging problems with guest storage key support
within Qemu and for guest operating system developers.
Jason J. Herne [Fri, 26 Jun 2015 18:01:00 +0000 (14:01 -0400)]
s390x: Enable new s390-storage-keys device
s390 guest initialization is modified to make use of new s390-storage-keys
device. Old code that globally allocated storage key array is removed.
The new device enables storage key access for kvm guests.
Cache storage key QOM objects in frequently used helper functions to avoid a
performance hit every time we use one of these functions.
Jason J. Herne [Fri, 26 Jun 2015 15:54:51 +0000 (11:54 -0400)]
s390x: Create QOM device for s390 storage keys
A new QOM style device is provided to back guest storage keys. A special
version for KVM is created, which handles the storage key access via
KVM_S390_GET_SKEYS and KVM_S390_SET_SKEYS ioctl.
Peter Maydell [Thu, 3 Sep 2015 10:15:01 +0000 (11:15 +0100)]
Merge remote-tracking branch 'remotes/stefanha/tags/net-pull-request' into staging
# gpg: Signature made Wed 02 Sep 2015 17:14:40 BST using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <[email protected]>"
# gpg: aka "Stefan Hajnoczi <[email protected]>"
* remotes/stefanha/tags/net-pull-request:
ne2000: Drop ne2000_can_receive
vmxnet3: Drop net_vmxnet3_info.can_receive
rtl8139: Do not consume the packet during overflow in standard mode.
rtl8139: Fix receive buffer overflow check
rtl8139: use ldl/stl wrapper for unaligned 32-bit access
rtl8139: use net/eth.h macros instead of custom macros
rtl8139: remove duplicate net/eth.h definitions
tcg/i386: omit a few REXW prefixes in softmmu code
When computing the TLB address we are likely to mask out the high
32-bits by using shr + and. We can use 32-bit instructions in that
case. This saves 2 bytes per TLB access.
tcg/aarch64: Fix tcg_out_qemu_{ld, st} for guest_base == 0
In ffc6372851d8631a9f9fa56ec613b3244dc635b9, we swapped the guest
base to the address base register from the address index register.
Except that 31 in the base slot is SP not XZR, so we need to be
more intelligent about which reg gets placed in which slot.
We use mirror+replace to fix quorum's broken child. bs/s->common.bs
is quorum, and to_replace is the broken child. The new child is target_bs.
Without this patch, the replace node can be any node, and it can be
top BDS with BB, or another quorum's child. We just check if the broken
child is part of the quorum BDS in this patch.
Denis V. Lunev [Fri, 21 Aug 2015 17:44:16 +0000 (20:44 +0300)]
MAINTAINERS: add responsible person for Parallels format driver
Denis has spent 6 years working with this format in Parallels and QEMU
code was rewritten almost completely by his. Thus it would be quite
natural to add him as a maintainer and point of contact.
ne2000_receive already checks the same conditions and drops the packet
if it's not ready, removing the .can_receive callback avoids the
necessity to add explicit flushes when the conditions turn true (which
is required by the new semantics of .can_receive since 6e99c63
"net/socket: Drop net_socket_can_send").
Plus the "return 1" if E8390_STOP is also suspicious.
Commit 6e99c63 ("net/socket: Drop net_socket_can_send") changed the
semantics around .can_receive for sockets to now require the device to
flush queued pkts when transitioning to a .can_receive=true state. But
it's OK to drop incoming packets when the link is not active.
rtl8139: Do not consume the packet during overflow in standard mode.
When operation in standard mode, we currently return the size
of packet during buffer overflow. This consumes the overflow
packet. Return 0 instead so we can re-process the overflow packet
when we have room.
This fixes issues with lost/dropped fragments of large messages.
rtl8139_do_receive() tries to check for the overflow condition
by making sure that packet_size + 8 does not exceed the
available buffer space. The issue here is that RxBuffAddr,
used to calculate available buffer space, is aligned to a
a 4 byte boundry after every update. So it is possible that
every packet ends up being slightly padded when written
to the receive buffer. This padding is not taken into
account when checking for overflow and we may end up missing
the overflow condition can causing buffer overwrite.
This patch takes alignment into consideration when
checking for overflow condition.
Stefan Hajnoczi [Mon, 3 Aug 2015 12:15:57 +0000 (13:15 +0100)]
rtl8139: use ldl/stl wrapper for unaligned 32-bit access
The tx offload feature accesses a 16-bit aligned TCP header struct. The
32-bit fields must be accessed using ldl/stl wrappers since some host
architectures fault on unaligned access.
Peter Maydell [Tue, 1 Sep 2015 18:42:43 +0000 (19:42 +0100)]
Merge remote-tracking branch 'remotes/mdroth/tags/qga-pull-2015-09-01-v2-tag' into staging
qemu-ga patch queue
* add config file dump/load support for qemu-ga
* various w32 build fixes, particularly WRT to msi package creation
* fixes for msi installer
* w32 support for guest-set-user-password
v2:
* replaced g_list_free_full with g_list_foreach to maintain glib 2.22
compatibility
* remotes/mdroth/tags/qga-pull-2015-09-01-v2-tag: (26 commits)
Makefile: qemu-ga: fix msi target error message
build: qemu-ga: fix VSS dependencies
configure: qemu-ga: explicitly enable qemu-ga MSI support when probed
configure: qemu-ga: move MSI installer probe after qga probe
qemu-ga: implement win32 guest-set-user-password
qga: start a man page
qga: add --dump-conf option
qga: add an optional qemu-ga.conf system configuration
qga: free a bit more
qga: move agent run in a separate function
qga: fill default options in main()
qga: move option parsing to separate function
qga: copy argument strings
qga: rename 'path' to 'channel_path'
qga: make split_list() return allocated strings
qga: move string split in separate function
qga: use exit() when parsing options
qga: misc spelling
configure: qemu-ga: report MSI install support in summary
qemu-ga: Fixed paths issue with MSI build
...
Michael Roth [Wed, 26 Aug 2015 22:05:01 +0000 (17:05 -0500)]
Makefile: qemu-ga: fix msi target error message
'msi' target reports error if we attempt to use it when QEMU hasn't
been ./configure'd to enable it. The parenthesis cause an interpreter
error if we don't enclose the error in quotes.
Michael Roth [Wed, 26 Aug 2015 21:19:41 +0000 (16:19 -0500)]
build: qemu-ga: fix VSS dependencies
Currently VSS dll/tlb files for use in w32 builds are only built as a
result of having been added to the general 'tools' target alongside
qemu-ga. This is fine for default make target, but if we build
qemu-ga directly via `make qemu-ga.exe`, the VSS files are not
created.
Fix this by moving the VSS dependencies to qemu-ga.exe directly.
With this move we can move the VSS files back out of 'tools',
and drop the extra handling from MSI target in Makefile.
Now we can build qemu-ga MSI package with:
./configure ...
make qemu-ga.exe
make msi
Michael Roth [Wed, 26 Aug 2015 16:14:31 +0000 (11:14 -0500)]
configure: qemu-ga: explicitly enable qemu-ga MSI support when probed
Currently, if we don't explicitly disable support for MSI installer
via --disable-guest-agent-msi, the configure variable that tracks
the flag, 'guest_agent_msi', never gets set unless one of the probes
fails. Subsequent code then treats this unset value the same as if it
were a "yes" value (via != "no" style checks).
Instead, set the default "yes" value explicitly after the probes, then
make subsequent code expect the values to be set.
This makes it easier to report on whether or not MSI support was
enabled via probe by looking at the ./configure summary.
Michael Roth [Wed, 26 Aug 2015 15:49:13 +0000 (10:49 -0500)]
configure: qemu-ga: move MSI installer probe after qga probe
MSI probe assumes that qemu-ga support has been probed already, but in
cases where --enable-guest-agent/--disable-guest-agent have not been
passed to configure, qemu-ga support may end up getting enabled later,
as is the case with w32 builds. This leads to MSI probe prematurely
reporting error due to lack of qemu-ga support.
Fix this by moving MSI installer probe after the final qga probes.
This function is notoriously known to be problematic for users with EFS
encrypted files. But the alternative, NetUserChangePassword() requires
the old password. Nevertheless, The EFS file should be recovered by
changing back to the old password.
Following patch will return allocated strings, so we must correctly
initialize alloc & free them. The nice side effect is that we no longer
have to check for "fixed_state_dir" to call ga_install_service() with a
NULL state dir. The default values are set after parsing the command
line options.
Michael Roth [Tue, 25 Aug 2015 20:46:18 +0000 (15:46 -0500)]
configure: qemu-ga: report MSI install support in summary
Currently we need to examine config-host.mak to determine whether
options/probes for MSI package generation had desired result. Report
this more prominently in ./configure summary as we do with other
guest agent configure options.
Leonid Bloch [Mon, 3 Aug 2015 17:54:24 +0000 (20:54 +0300)]
qemu-ga: Prevent QEMU-GA VSS provider from being unregistered on MSI reinstall
Previously, running the .msi would unregister the QEMU GA VSS service if QEMU GA was already installed on the machine, and then register it only if QEMU GA was NOT previously installed. This behavior caused the service to be registered only after the INITIAL installation, and any subsequent run of the .msi (to redo, repair, or upgrade the installation) ended in the service being unregistered.
Now, the VSS service is still unregistered if QEMU GA is already installed (so that a fix or an update could be performed) but then it is registered again (if the GA is not being uninstalled) thus finishing the repair/upgrade correctly. Additionally, downgrading is now prevented. If a user would like to downgrade a version, he/she must uninstall the newer version first.
Peter Maydell [Fri, 28 Aug 2015 10:42:53 +0000 (11:42 +0100)]
qemu-doc.texi: Fix capitalization error in OS X build instructions
Fix a capitalization error in the OS X build instructions;
this was picked up in review of commit b352153f5f and intended to be
corrected before I applied it, but I accidentally didn't include it.
Peter Maydell [Thu, 27 Aug 2015 12:31:55 +0000 (13:31 +0100)]
Merge remote-tracking branch 'remotes/weil/tags/pull-tci-20150826' into staging
tci patch queue
# gpg: Signature made Wed 26 Aug 2015 19:51:07 BST using RSA key ID 677450AD
# gpg: Good signature from "Stefan Weil <[email protected]>"
# gpg: aka "Stefan Weil <[email protected]>"
# gpg: aka "Stefan Weil <[email protected]>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 4923 6FEA 75C9 5D69 8EC2 B78A E08C 21D5 6774 50AD
* remotes/weil/tags/pull-tci-20150826:
exec-all: Translate TCI return addresses backwards too
exec-all: Translate TCI return addresses backwards too
This subtraction of return addresses applies directly to TCI as well as
host-TCG. This fixes Linux boots for at least Microblaze, CRIS, ARM and
SH4 when using TCI.
[sw: Removed indentation for preprocessor statement]
[sw: The patch also fixes Linux boot for x86_64]
Gerd Hoffmann [Mon, 17 Aug 2015 17:56:53 +0000 (19:56 +0200)]
vnc: fix memory corruption (CVE-2015-5225)
The _cmp_bytes variable added by commit "bea60dd ui/vnc: fix potential
memory corruption issues" can become negative. Result is (possibly
exploitable) memory corruption. Reason for that is it uses the stride
instead of bytes per scanline to apply limits.
For the server surface is is actually fine. vnc creates that itself,
there is never any padding and thus scanline length always equals stride.
For the guest surface scanline length and stride are typically identical
too, but it doesn't has to be that way. So add and use a new variable
(guest_ll) for the guest scanline length. Also rename min_stride to
line_bytes to make more clear what it actually is. Finally sprinkle
in an assert() to make sure we never use a negative _cmp_bytes again.
Peter Maydell [Tue, 25 Aug 2015 14:45:09 +0000 (15:45 +0100)]
target-arm: Restrict AArch64 TLB flushes to the MMU indexes they must touch
Now we have the ability to flush the TLB only for specific MMU indexes,
update the AArch64 TLB maintenance instruction implementations to only
flush the parts of the TLB they need to, rather than doing full flushes.
We take the opportunity to remove some duplicate functions (the per-asid
tlb ops work like the non-per-asid ones because we don't support
flushing a TLB only by ASID) and to bring the function names in line
with the architectural TLBI operation names.
Peter Maydell [Tue, 25 Aug 2015 14:45:09 +0000 (15:45 +0100)]
cputlb: Add functions for flushing TLB for a single MMU index
Guest CPU TLB maintenance operations may be sufficiently
specialized to only need to flush TLB entries corresponding
to a particular MMU index. Implement cputlb functions for
this, to avoid the inefficiency of flushing TLB entries
which we don't need to.
Peter Maydell [Tue, 25 Aug 2015 14:45:08 +0000 (15:45 +0100)]
target-arm: Enable the AArch32 ATS12NSO ops
Apply the correct conditions in the ats_access() function for
the ATS12NSO* address translation operations:
* succeed at EL2 or EL3
* normal UNDEF trap from NS EL1
* trap to EL3 from S EL1 (only possible if EL3 is AArch64)
(This change means they're now available in our EL3-supporting
CPUs when they would previously always UNDEF.)
Some coprocessor register access functions need to be able
to report "trap to EL3 with an 'uncategorized' syndrome";
add the necessary CPAccessResult enum and handling for it.
I don't currently know of any registers that need to trap
to EL2 with the 'uncategorized' syndrome, but adding the
_EL2 enum as well is trivial and fills in what would
otherwise be an odd gap in the handling.
projects / qemu.git / log