Commit Graph

52332 Commits

Author SHA1 Message Date
John Snow
184dd9c49b blockdev: fix bitmap clear undo
Only undo the action if we actually prepared the action.

Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2017-03-17 12:54:06 +01:00
Fam Zheng
c1cef67251 block: Always call bdrv_child_check_perm first
bdrv_child_set_perm alone is not very usable because the caller must
call bdrv_child_check_perm first. This is already encapsulated
conveniently in bdrv_child_try_set_perm, so remove the other prototypes
from the header and fix the one wrong caller, block/mirror.c.

Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2017-03-17 12:54:06 +01:00
Fam Zheng
fed414df9d file-posix: Don't leak fd in hdev_get_max_segments
This fixes a leaked fd introduced in commit 9103f1ce.

Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2017-03-17 12:54:06 +01:00
Changlong Xie
37a9051cc7 replication: clarify permissions
Even if hidden_disk, secondary_disk are backing files, they all need
write permissions in replication scenario. Otherwise we will encouter
below exceptions on secondary side during adding nbd server:

{'execute': 'nbd-server-add', 'arguments': {'device': 'colo-disk', 'writable': true } }
{"error": {"class": "GenericError", "desc": "Conflicts with use by hidden-qcow2-driver as 'backing', which does not allow 'write' on sec-qcow2-driver-for-nbd"}}

CC: Zhang Hailiang <zhang.zhanghailiang@huawei.com>
CC: Zhang Chen <zhangchen.fnst@cn.fujitsu.com>
CC: Wen Congyang <wencongyang2@huawei.com>
Signed-off-by: Changlong Xie <xiecl.fnst@cn.fujitsu.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2017-03-17 12:54:06 +01:00
Stefan Hajnoczi
6958349085 file-posix: clean up max_segments buffer termination
The following pattern is unsafe:

  char buf[32];
  ret = read(fd, buf, sizeof(buf));
  ...
  buf[ret] = 0;

If read(2) returns 32 then a byte beyond the end of the buffer is
zeroed.

In practice this buffer overflow does not occur because the sysfs
max_segments file only contains an unsigned short + '\n'.  The string is
always shorter than 32 bytes.

Regardless, avoid this pattern because static analysis tools might
complain and it could lead to real buffer overflows if copy-pasted
elsewhere in the codebase.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2017-03-17 12:54:06 +01:00
Gerd Hoffmann
f019722cbb cirrus: fix off-by-one in cirrus_bitblt_rop_bkwd_transp_*_16
The switch from pointers to addresses (commit
026aeffcb4 and
ffaf857778) added
a off-by-one bug to 16bit backward blits.  Fix.

Reported-by: 李强 <liqiang6-s@360.cn>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Li Qiang <liqiang6-s@360.cn>
Message-id: 1489735296-19047-1-git-send-email-kraxel@redhat.com
2017-03-17 10:23:44 +01:00
Alex Bennée
8bb93c6f99 ui/console: ensure graphic updates don't race with TCG vCPUs
Commit 8d04fb55..

  tcg: drop global lock during TCG code execution

..broke the assumption that updates to the GUI couldn't happen at the
same time as TCG vCPUs where running. As a result the TCG vCPU could
still be updating a directly mapped frame-buffer while the display
side was updating. This would cause artefacts to appear when the
update code assumed that memory block hadn't changed.

The simplest solution is to ensure the two things can't happen at the
same time like the old BQL locking scheme. Here we use the solution
introduced for MTTCG and schedule the update as async_safe_work when
we know no vCPUs can be running.

Reported-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20170315144825.3108-1-alex.bennee@linaro.org
Cc: BALATON Zoltan <balaton@eik.bme.hu>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>

[ kraxel: updated comment clarifying the display adapters are buggy
          and this is a temporary workaround ]

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2017-03-17 10:17:21 +01:00
Peter Maydell
272d7dee59 cirrus: blitter fixes.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJYylVSAAoJEEy22O7T6HE4zzkQALxdIoO2Na1+iLqumzZHBl5y
 czfhtiu9jIZPYs2n7d04LJklnJxNA+3whvculwyVQprXmjwA/WCFPM7gPerI8AMC
 sNTqH5VhyIU+CljNUFV5nJXmrNpwd2os0rGwkIAohgyXgt7le5fyIpw4QcGr0b7m
 quFP3sVQXGp0LjPKwSwzHDrtXjHS4vvsxUFEdXbqoFIsCXjCmIRM4DK2g6XyQZMA
 ttFEWQTN0jRinR4s2aptbzLZp04GxUutw01EEWfavcwZg3MtWJtUuYOT5eObhd2T
 yustoBBakxBaAvIcWY+MIXQFHD7tHjnKgjJLOJTxa12psGTZYmpwavAq/SmXT1RL
 PggJpnsnEqodkeiX3VeNelMo0HDWOzrezpDbQLya5kNE/puS3r8tglVO4d6CVJYN
 0gzgkT5b4to5FbJkYfoSjZ0SFfAqFkXC5v5/xc9bHbc+EKTp+K7bkB0Z9X2c82Qh
 HTdwOdTL6mB+GqOwPAUHBGfiwcZ/uMPW1sedUBYzrWEGeOa76oXj5mDa3cx5po1g
 rzi0dlgTrzXIsmcOr6z2Q8Mk8FEGl6awvXmtAvF6SY1cRHBRYPUw9KMRvwCgkqr0
 ldn8kY03n/ZQMVLETQbsWq68/E3hea8id4QSFLu0OxC7zi6ruloGnDrUUeRYnjXX
 atBgO7G+482f/m5Jvt/G
 =iKnI
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/pull-cirrus-20170316-1' into staging

cirrus: blitter fixes.

# gpg: Signature made Thu 16 Mar 2017 09:05:22 GMT
# gpg:                using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/pull-cirrus-20170316-1:
  cirrus: stop passing around src pointers in the blitter
  cirrus: stop passing around dst pointers in the blitter
  cirrus: fix cirrus_invalidate_region
  cirrus: add option to disable blitter
  cirrus: switch to 4 MB video memory by default
  cirrus/vnc: zap bitblit support from console code.
  fix :cirrus_vga fix OOB read case qemu Segmentation fault

# Conflicts:
#	include/hw/compat.h

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-03-16 16:40:44 +00:00
Peter Maydell
c5e737e5fb migration/next for 20170316
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABCAAGBQJYyksfAAoJEPSH7xhYctcjC2EP/RitHPcaOhaP54TR0SJOgsVa
 eVZ2kqXsy641hL85eVVlXV/lNfCko7nACieGEk/Xo6mZoM3r+ta6gafraUR3fzSJ
 HVCeI9S2UDFO9lc4L3cOSNPJ7+UHae0SfeRikyB/zmltDRda7QIh3SOQ2wTkSoEE
 UoRmnAGkjXVplaktpaqgrPrh/W/SDH+++lDB46yH6XddMAaVfddoMqG84g6qmhHN
 3nwsxzW5VD1dLjdeiDZ5ksSaV0RgJQbsQKOu7+9bmjnIVHH5jdA7usg/AZnarCKl
 obIMuWz5hxt6uUX98fV6rt9mfBeIyTDi6kP9k16aGqJfWWNSG4g9XwYr2v87R8Io
 P3Mvjq4WXKnKw/nYgTI48kzmNMgj0FXXYRX90RTSCz1moaAWgDxM0Qgmxe1JwLmP
 hZXYCmVkXdc6se2N/IAjqXLPw9eJYfPozZTY4CAn1FhCN3gqi8pbaVw3X2tvgdMp
 VVEBrMzfyTpTsZobndUklIHa6HllCGg5OpZS7WSmKSOy3e+wOFP8KbdBAd6Ir0mQ
 QL7t0MCS8TZH7+h2Hh84DFcZvhcGFyHcLsOK6+caq9EMwZFnMELp5niUiZ5oI0XH
 PeWbaaKPt7ra40/Y4JUfkaHuerchO89KiORVooCDc1Ntx2I0LpGCStXJde8MF8qb
 b117+BQeS/S20S8n5btz
 =hzT9
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/juanquintela/tags/migration/20170316' into staging

migration/next for 20170316

# gpg: Signature made Thu 16 Mar 2017 08:21:51 GMT
# gpg:                using RSA key 0xF487EF185872D723
# gpg: Good signature from "Juan Quintela <quintela@redhat.com>"
# gpg:                 aka "Juan Quintela <quintela@trasno.org>"
# Primary key fingerprint: 1899 FF8E DEBF 58CC EE03  4B82 F487 EF18 5872 D723

* remotes/juanquintela/tags/migration/20170316:
  postcopy: Check for shared memory
  RAMBlocks: qemu_ram_is_shared
  vmstate: fix failed iotests case 68 and 91
  migration/block: Avoid invoking blk_drain too frequently
  migration: use "" as the default for tls-creds/hostname
  Change the method to calculate dirty-pages-rate

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-03-16 15:32:08 +00:00
Peter Maydell
094a9a7cd6 Pull request
Tracing makefile fixes for QEMU 2.9.
 -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJYyjcKAAoJEJykq7OBq3PIlYoH/2x7ADmCL6TK0ORbmsUqqv3M
 KaAPUT/dbNEumoeqm1a0uDJO/d6m2D8qlwQ4wT72uvp5jwWSzqoUqw6Bg7ojEnjS
 wKlDnGuViKkBkhauNl1FcDzELvkEdCZ3mxy0Zvp1F4r86hwPEMjwRDXpjlOtLTFi
 6EsH3jp4aR/g86EHaWC3whAoyHqFGwyZATwI2QxZjt+mPAUBzwsbe5RgqMBaqyS/
 NkxdcXBKyACYm8wnpgI3cI/sY/bSP9o1vA/CnN0z7ag70L9Gdh0TmRvOKKsp2rLM
 yMFneJRFLgHRZ2eXm0y30gv81hb1hcsx6ZXt4e8Ymg2LnY0e2JpSRG0iizFLyac=
 =vZRY
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/stefanha/tags/tracing-pull-request' into staging

Pull request

Tracing makefile fixes for QEMU 2.9.

# gpg: Signature made Thu 16 Mar 2017 06:56:10 GMT
# gpg:                using RSA key 0x9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35  775A 9CA4 ABB3 81AB 73C8

* remotes/stefanha/tags/tracing-pull-request:
  trace: ensure $(tracetool-y) is defined in top level makefile
  makefile: generate trace-events-all upfront
  makefile: merge GENERATED_HEADERS & GENERATED_SOURCES variables

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-03-16 14:23:10 +00:00
Peter Maydell
699f6c6fd4 dtc: Revert unintentional submodule downgrade from commit c2cabb3422
Commit c2cabb3422 inadvertently downgraded the 'dtc' submodule,
undoing the increments added in earlier commits. Revert this,
returning the submodule state to where we should be.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-03-16 14:11:15 +00:00
Peter Maydell
3c2758c286 QAPI patches for 2017-03-16
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJYyi4+AAoJEDhwtADrkYZTvK4P/3S4ggOt/BKs13ayJUMXemeT
 snGc0lpDOQMobE6zjsjuPtO0oZYtqi2A+LW+PC5aPADTvjqna6mywLxoEUc/Q7tB
 +Tv27NerbpYKzmZxUJKkTrVCwTPaYmEfnKO0wTjYI/cme359nEiMPd4ZPYZSgAfh
 ZTdeMVp0mUoQTbNHkw8/y4KsWMtwgsJDNgIcYyq303BPAG9P1QOAWi4gj/11GZoo
 MnDMk5KmoE7S9eq1R/GCjmg9plEbkx/nwXqpddpwTBQiwicPORhRzEa/SmOOd5xY
 vIOIakukRUYBpqTZdvyvNX8HGvI32qyG87mG/2+sWH+nSM5bYG+uSxJKoJuy7PFS
 ABmEmfd8ghkOe2mGDy/jiCa0VGYImd+uCwNEUUOlko4ccxXHDnC9rlZepc4STeDW
 Un4KoBszBXKOL6oqtdSqNWgCd2IpULFBldi27qo2K7EZCBZ62daP8y7CONLbisj9
 bwuKgkp0124Ds/MV/dTJ5bFPgYdAyG85POnxQfktSqHKGwYunmyh/98Awj4zhy0h
 5gDuN5FjDeRsjzao9xkVYhQPMS97TuUVMvixz6pGTilKu3pMyrw0YfveIE7iif0d
 AZicrwGlUHoccZyhjM+wbutPjt4P2/pFKk7J0p1LX1PCa7ZU79ORRwVdAeNVywoF
 M+PtTo1TYvJ9TfdPkH2g
 =u+an
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2017-03-16' into staging

QAPI patches for 2017-03-16

# gpg: Signature made Thu 16 Mar 2017 06:18:38 GMT
# gpg:                using RSA key 0x3870B400EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>"
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867  4E5F 3870 B400 EB91 8653

* remotes/armbru/tags/pull-qapi-2017-03-16: (49 commits)
  qapi: Fix a misleading parser error message
  qapi: Make pylint a bit happier
  qapi: Drop unused .check_clash() parameter schema
  qapi: union_types is a list used like a dict, make it one
  qapi: struct_types is a list used like a dict, make it one
  qapi: enum_types is a list used like a dict, make it one
  qapi: Factor add_name() calls out of the meta conditional
  qapi: Simplify what gets stored in enum_types
  qapi: Drop unused variable events
  qapi: Eliminate check_docs() and drop QAPIDoc.expr
  qapi: Fix detection of bogus member documentation
  tests/qapi-schema: Improve coverage of bogus member docs
  tests/qapi-schema: Rename doc-bad-args to doc-bad-command-arg
  qapi: Move empty doc section checking to doc parser
  qapi: Improve error message on @NAME: in free-form doc
  qapi: Move detection of doc / expression name mismatch
  qapi: Fix detection of doc / expression mismatch
  tests/qapi-schema: Improve doc / expression mismatch coverage
  qapi2texi: Use category "Object" for all object types
  qapi2texi: Generate descriptions for simple union tags
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-03-16 12:05:03 +00:00
Peter Maydell
3716fba3f5 virtio, pci: fixes
More fixes missed in the previous pull request.
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJYyfidAAoJECgfDbjSjVRp1yYIAKC52EwDVcJxL2CEGncCQTVT
 i9x04TYmzLOO+dERsO7Z+jphoB1cxpVxZVrvG5wfZo07gcGheNk524ABM2c9tNqa
 7OZFcdBmN/l5C9ynL6aCdgu/bns5sEMUXf3By3l8iWKupc1C8URWGrfMVypFDumZ
 AOSD/4bbvXxZlZjOENq5LsRHYU68KBK07C1fDRJA7b7ChXHS6qefeq6fbOvI9zJ7
 24MltJMsNS36l//namD2HFPnO1eD3HXc57yBn5QBTTn5FERIghxYSsluAY7irKMp
 UurF1D0pUL1sU2fjaLwFRBJL15tz6syjYOkna9cGmOT8m1D7CYnKjCRErxtqAmE=
 =4pMp
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

virtio, pci: fixes

More fixes missed in the previous pull request.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Thu 16 Mar 2017 02:29:49 GMT
# gpg:                using RSA key 0x281F0DB8D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17  0970 C350 3912 AFBE 8E67
#      Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA  8A0D 281F 0DB8 D28D 5469

* remotes/mst/tags/for_upstream:
  virtio-serial-bus: Delete timer from list before free it
  hw/virtio: fix Power Management Control Register for PCI Express virtio devices
  hw/virtio: fix Link Control Register for PCI Express virtio devices
  hw/virtio: fix error enabling flags in Device Control register
  hw/pcie: fix Extended Configuration Space for devices with no Extended Capabilities

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-03-16 11:05:47 +00:00
Peter Maydell
7c75638028 -----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJYyeHZAAoJEH3vgQaq/DkOHQQQAKG2yjWKowQBmThYnRQ2F4Fb
 Fas73702vAZ0vrpMSVby+GvlvOIXbcXLgGDmCOaniAK9oJWKleMeY+cL4OrT8bPQ
 fBRAvMg811/4aiW4nrgrm4LMd9X46ZWpEj67pjUdquWPZmswTo2wKK1plAYAjAIL
 KfR8u9HbN1wdbrTcRf9ZYXZrNUtApvsql9c1C3nWn9vTlpyQBAJJwytRz5yjwf4K
 O81+NwZlU1miBA3tUq00sr46Met6UGkTC8du9anPigYaPhdCs1R+lveCxOL/AjPF
 cd5RNiQP+MsawNHdZpUYIUcB0psfebwvf+rTg7e4NUqXn558dwVimC1yVcRjPROA
 xxz848bA24Tli+Ts+DeqRwWpC/2xdOq29XncaveV5v7Q2yYDxhK9ysyqZojH9Z2O
 72gPWUJvwN6kuNn3UbdTu4Xjjm9yIYOjq92ES5GpQjsZzRLSWcHeEZSlJMa/rE6e
 hpFIomzgHd0cMxddMKBX4q1Vt6dQWd0wYQvgjkJk/ZPA4FCcyY6xk/U2v4LEVwEU
 v5vXePZM7W1aGk7EKwW78tox4x8yKNaQQxyjYUU6iNFsSPTZ6SQI9iEAldF99sfy
 BEW/oAKfUtx8PaDh5J/YG5mt3UrtiQlHLkXWfNOtdfWKdifkffpt1m2zGTElhrFo
 Hd8iI4jQtysx1wF1z8e7
 =C/29
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/jnsnow/tags/ide-pull-request' into staging

# gpg: Signature made Thu 16 Mar 2017 00:52:41 GMT
# gpg:                using RSA key 0x7DEF8106AAFC390E
# gpg: Good signature from "John Snow (John Huston) <jsnow@redhat.com>"
# Primary key fingerprint: FAEB 9711 A12C F475 812F  18F2 88A9 064D 1835 61EB
#      Subkey fingerprint: F9B7 ABDB BCAC DF95 BE76  CBD0 7DEF 8106 AAFC 390E

* remotes/jnsnow/tags/ide-pull-request:
  ide: ahci: call cleanup function in ahci unit
  ide: core: add cleanup function
  ide: qdev: register ide bus unrealize function

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-03-16 10:04:41 +00:00
Dr. David Alan Gilbert
8679638b0e postcopy: Check for shared memory
Postcopy doesn't support migration of RAM shared with another process
yet (we've got a bunch of things to understand).
Check for the case and don't allow postcopy to be enabled.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2017-03-16 09:02:26 +01:00
Dr. David Alan Gilbert
463a4ac23b RAMBlocks: qemu_ram_is_shared
Provide a helper to say whether a RAMBlock was created as a
shared mapping.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2017-03-16 09:00:58 +01:00
QingFeng Hao
e1e686c1fa vmstate: fix failed iotests case 68 and 91
This problem affects s390x only if we are running without KVM.
Basically, S390CPU.irqstate is unused if we do not use KVM,
and thus no buffer is allocated.
This causes size=0, first_elem=NULL and n_elems=1 in
vmstate_load_state and vmstate_save_state. And the assert fails.
With this fix we can go back to the old behavior and support
VMS_VBUFFER with size 0 and nullptr.

Signed-off-by: QingFeng Hao <haoqf@linux.vnet.ibm.com>
Signed-off-by: Halil Pasic <pasic@linux.vnet.ibm.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2017-03-16 08:59:52 +01:00
Lidong Chen
1cf6aa74b3 migration/block: Avoid invoking blk_drain too frequently
Increase bmds->cur_dirty after submit io, so reduce the frequency
involve into blk_drain, and improve the performance obviously
when block migration.

The performance test result of this patch:

During the block dirty save phase, this patch improve guest os IOPS
from 4.0K to 9.5K. and improve the migration speed from
505856 rsec/s to 855756 rsec/s.

Signed-off-by: Lidong Chen <jemmy858585@gmail.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2017-03-16 08:58:27 +01:00
Gerd Hoffmann
ffaf857778 cirrus: stop passing around src pointers in the blitter
Does basically the same as "cirrus: stop passing around dst pointers in
the blitter", just for the src pointer instead of the dst pointer.

For the src we have to care about cputovideo blits though and fetch the
data from s->cirrus_bltbuf instead of vga memory.  The cirrus_src*()
helper functions handle that.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1489584487-3489-1-git-send-email-kraxel@redhat.com
2017-03-16 08:58:16 +01:00
Gerd Hoffmann
026aeffcb4 cirrus: stop passing around dst pointers in the blitter
Instead pass around the address (aka offset into vga memory).  Calculate
the pointer in the rop_* functions, after applying the mask to the
address, to make sure the address stays within the valid range.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1489574872-8679-1-git-send-email-kraxel@redhat.com
2017-03-16 08:58:15 +01:00
Gerd Hoffmann
e048dac616 cirrus: fix cirrus_invalidate_region
off_cur_end is exclusive, so off_cur_end == cirrus_addr_mask is valid.
Fix calculation to make sure to allow that, otherwise the assert added
by commit f153b563f8 can trigger for valid
blits.

Test case: boot windows nt 4.0

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1489579606-26020-1-git-send-email-kraxel@redhat.com
2017-03-16 08:58:15 +01:00
Gerd Hoffmann
827bd51726 cirrus: add option to disable blitter
Ok, we have this beast in the cirrus code which is not used at all by
modern guests, except when you try to find security holes in qemu.  So,
add an option to disable blitter altogether.  Guests released within
the last ten years should not show any rendering issues if you turn off
blitter support.

There are no known bugs in the cirrus blitter code.  But in the past we
hoped a few times already that we've finally nailed the last issue.  So
having some easy way to mitigate in case yet another blitter issue shows
up certainly makes me sleep a bit better at night.

For completeness:  The by far better way to mitigate is to switch away
from cirrus and use stdvga instead.  Or something more modern like
virtio-vga in case your guest has support for it.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1489494540-15745-1-git-send-email-kraxel@redhat.com
2017-03-16 08:58:15 +01:00
Gerd Hoffmann
73c148130b cirrus: switch to 4 MB video memory by default
Quoting cirrus source code:
   Follow real hardware, cirrus card emulated has 4 MB video memory.
   Also accept 8 MB/16 MB for backward compatibility.

So just use 4MB by default.  We decided to leave that at 8MB by default
a while ago, for live migration compatibility reasons.  But we have
compat properties to handle that, so that isn't a compeling reason.

This also removes some sanity check inconsistencies in the cirrus code.
Some places check against the allocated video memory, some places check
against the 4MB physical hardware has.  Guest code can trigger asserts
because of that.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1489494514-15606-1-git-send-email-kraxel@redhat.com
2017-03-16 08:58:15 +01:00
Gerd Hoffmann
50628d3479 cirrus/vnc: zap bitblit support from console code.
There is a special code path (dpy_gfx_copy) to allow graphic emulation
notify user interface code about bitblit operations carryed out by
guests.  It is supported by cirrus and vnc server.  The intended purpose
is to optimize display scrolls and just send over the scroll op instead
of a full display update.

This is rarely used these days though because modern guests simply don't
use the cirrus blitter any more.  Any linux guest using the cirrus drm
driver doesn't.  Any windows guest newer than winxp doesn't ship with a
cirrus driver any more and thus uses the cirrus as simple framebuffer.

So this code tends to bitrot and bugs can go unnoticed for a long time.
See for example commit "3e10c3e vnc: fix qemu crash because of SIGSEGV"
which fixes a bug lingering in the code for almost a year, added by
commit "c7628bf vnc: only alloc server surface with clients connected".

Also the vnc server will throttle the frame rate in case it figures the
network can't keep up (send buffers are full).  This doesn't work with
dpy_gfx_copy, for any copy operation sent to the vnc client we have to
send all outstanding updates beforehand, otherwise the vnc client might
run the client side blit on outdated data and thereby corrupt the
display.  So this dpy_gfx_copy "optimization" might even make things
worse on slow network links.

Lets kill it once for all.

Oh, and one more reason: Turns out (after writing the patch) we have a
security bug in that code path ...

Fixes: CVE-2016-9603
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1489494419-14340-1-git-send-email-kraxel@redhat.com
2017-03-16 08:58:15 +01:00
hangaohuai
215902d7b6 fix :cirrus_vga fix OOB read case qemu Segmentation fault
check the validity of parameters in cirrus_bitblt_rop_fwd_transp_xxx
and cirrus_bitblt_rop_fwd_xxx to avoid the OOB read which causes qemu Segmentation fault.

After the fix, we will touch the assert in
cirrus_invalidate_region:
assert(off_cur_end >= off_cur);

Signed-off-by: fangying <fangying1@huawei.com>
Signed-off-by: hangaohuai <hangaohuai@huawei.com>
Message-id: 20170314063919.16200-1-hangaohuai@huawei.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2017-03-16 08:58:15 +01:00
Daniel P. Berrange
4af245dc3e migration: use "" as the default for tls-creds/hostname
The tls-creds parameter has a default value of NULL indicating
that TLS should not be used. Setting it to non-NULL enables
use of TLS. Once tls-creds are set to a non-NULL value via the
monitor, it isn't possible to set them back to NULL again, due
to current implementation limitations. The empty string is not
a valid QObject identifier, so this switches to use "" as the
default, indicating that TLS will not be used

The tls-hostname parameter has a default value of NULL indicating
the the hostname from the migrate connection URI should be used.
Again, once tls-hostname is set non-NULL, to override the default
hostname for x509 cert validation, it isn't possible to reset it
back to NULL via the monitor. The empty string is not a valid
hostname, so this switches to use "" as the default, indicating
that the migrate URI hostname should be used.

Using "" as the default for both, also means that the monitor
commands "info migrate_parameters" / "query-migrate-parameters"
will report existance of tls-creds/tls-parameters even when set
to their default values.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>

Signed-off-by: Juan Quintela <quintela@redhat.com>
2017-03-16 08:57:08 +01:00
Chao Fan
1ffb5dfd35 Change the method to calculate dirty-pages-rate
In function cpu_physical_memory_sync_dirty_bitmap, file
include/exec/ram_addr.h:

if (src[idx][offset]) {
    unsigned long bits = atomic_xchg(&src[idx][offset], 0);
    unsigned long new_dirty;
    new_dirty = ~dest[k];
    dest[k] |= bits;
    new_dirty &= bits;
    num_dirty += ctpopl(new_dirty);
}

After these codes executed, only the pages not dirtied in bitmap(dest),
but dirtied in dirty_memory[DIRTY_MEMORY_MIGRATION] will be calculated.
For example:
When ram_list.dirty_memory[DIRTY_MEMORY_MIGRATION] = 0b00001111,
and atomic_rcu_read(&migration_bitmap_rcu)->bmap = 0b00000011,
the new_dirty will be 0b00001100, and this function will return 2 but not
4 which is expected.
the dirty pages in dirty_memory[DIRTY_MEMORY_MIGRATION] are all new,
so these should be calculated also.

Signed-off-by: Chao Fan <fanc.fnst@cn.fujitsu.com>
Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2017-03-16 08:55:56 +01:00
Peter Maydell
5b467b9081 Update OpenBIOS images
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 
 iQEcBAABAgAGBQJYyavBAAoJEFvCxW+uDzIfD5IH/00O4yywM77OcRiEspyN54rd
 6vG2+XuaXVYedJd4qUbzwcX0xWVkl6Vh44msL2LAzUPGWtUZeUdBVuVZnoFjR8qz
 OzaAG9RxwUyr1Xz9FREYy0BV/iLNqBHko+E+TsW6nDtdCP7vjjAKo0W2m8TIWiDe
 efhLk7tEhh/Wds+1B2frgglwRymHqnYsPmd9ON3NhS1+CKXrVbyrimdHnG1ZtHoH
 yvnaUx5LrVy8++uSLQ8qAust+mboRqtsqcg5Y2iCArJSKUd65qfw2FnrbaxIePVN
 dbJPp2ORnOeQ6QILZbzB4ZPlF2ITUa6ih+S0xDFRxFL4iWK3mFgIE8+VAtraKL4=
 =vkk7
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mcayland/tags/qemu-openbios-signed' into staging

Update OpenBIOS images

# gpg: Signature made Wed 15 Mar 2017 21:01:53 GMT
# gpg:                using RSA key 0x5BC2C56FAE0F321F
# gpg: Good signature from "Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>"
# Primary key fingerprint: CC62 1AB9 8E82 200D 915C  C9C4 5BC2 C56F AE0F 321F

* remotes/mcayland/tags/qemu-openbios-signed:
  Update OpenBIOS images to f233c3f built from submodule.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-03-16 07:47:12 +00:00
Markus Armbruster
012b126de2 qapi: Fix a misleading parser error message
When choking on a token where an expression is expected, we report
'Expected "{", "[" or string'.  Close, but no cigar.  Fix it to
Expected '"{", "[", string, boolean or "null"'.

Missed in commit e53188a.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <1489582656-31133-48-git-send-email-armbru@redhat.com>
2017-03-16 07:13:04 +01:00
Markus Armbruster
c261394978 qapi: Make pylint a bit happier
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <1489582656-31133-47-git-send-email-armbru@redhat.com>
2017-03-16 07:13:04 +01:00
Markus Armbruster
6bbfb12de6 qapi: Drop unused .check_clash() parameter schema
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <1489582656-31133-46-git-send-email-armbru@redhat.com>
2017-03-16 07:13:04 +01:00
Markus Armbruster
768562ded0 qapi: union_types is a list used like a dict, make it one
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <1489582656-31133-45-git-send-email-armbru@redhat.com>
2017-03-16 07:13:04 +01:00
Markus Armbruster
ed285bf821 qapi: struct_types is a list used like a dict, make it one
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <1489582656-31133-44-git-send-email-armbru@redhat.com>
2017-03-16 07:13:04 +01:00
Markus Armbruster
5f018446fe qapi: enum_types is a list used like a dict, make it one
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <1489582656-31133-43-git-send-email-armbru@redhat.com>
2017-03-16 07:13:04 +01:00
Markus Armbruster
6f05345f8f qapi: Factor add_name() calls out of the meta conditional
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <1489582656-31133-42-git-send-email-armbru@redhat.com>
2017-03-16 07:13:04 +01:00
Markus Armbruster
eda43c6844 qapi: Simplify what gets stored in enum_types
Don't invent a new dictionary structure just for enum_types, simply
store the defining expression, like we do for struct_types and
union_types.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <1489582656-31133-41-git-send-email-armbru@redhat.com>
2017-03-16 07:13:04 +01:00
Markus Armbruster
062e856b15 qapi: Drop unused variable events
Missed in commit e98859a

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <1489582656-31133-40-git-send-email-armbru@redhat.com>
2017-03-16 07:13:04 +01:00
Markus Armbruster
a9f396b028 qapi: Eliminate check_docs() and drop QAPIDoc.expr
Move what's left in check_docs() to check_expr().  Delegate the actual
checking to new QAPIDoc.check_expr().

QAPIDoc.expr is now unused; drop it.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <1489582656-31133-39-git-send-email-armbru@redhat.com>
2017-03-16 07:13:04 +01:00
Markus Armbruster
816a57cd6e qapi: Fix detection of bogus member documentation
check_definition_doc() checks for member documentation without a
matching member.  It laboriously second-guesses what members
QAPISchema._def_exprs() will create.  That's a stupid game.

Move the check into QAPISchema.check(), where the members are known.
Delegate the actual checking to new QAPIDoc.check().

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <1489582656-31133-38-git-send-email-armbru@redhat.com>
2017-03-16 07:13:04 +01:00
Markus Armbruster
f641d06ad6 tests/qapi-schema: Improve coverage of bogus member docs
New test doc-bad-union-member.json shows we can fail to reject
documentation for nonexistent members.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <1489582656-31133-37-git-send-email-armbru@redhat.com>
2017-03-16 07:13:03 +01:00
Markus Armbruster
bdc001caaa tests/qapi-schema: Rename doc-bad-args to doc-bad-command-arg
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <1489582656-31133-36-git-send-email-armbru@redhat.com>
2017-03-16 07:13:03 +01:00
Markus Armbruster
4ea7148e89 qapi: Move empty doc section checking to doc parser
Results in a more precise error location, but the real reason is
emptying out check_docs() step by step.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <1489582656-31133-35-git-send-email-armbru@redhat.com>
2017-03-16 07:13:03 +01:00
Markus Armbruster
2d433236df qapi: Improve error message on @NAME: in free-form doc
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <1489582656-31133-34-git-send-email-armbru@redhat.com>
2017-03-16 07:13:03 +01:00
Markus Armbruster
7947016d1c qapi: Move detection of doc / expression name mismatch
Move the check whether the doc matches the expression name from
check_definition_doc() to check_exprs().  This changes the error
location from the comment to the expression.  Makes sense as the
message talks about the expression: "Definition of '%s' follows
documentation for '%s'".  It's also a step towards getting rid of
check_docs().

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <1489582656-31133-33-git-send-email-armbru@redhat.com>
2017-03-16 07:13:03 +01:00
Markus Armbruster
e7823a2adf qapi: Fix detection of doc / expression mismatch
This fixes the errors uncovered by the previous commit.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <1489582656-31133-32-git-send-email-armbru@redhat.com>
2017-03-16 07:13:03 +01:00
Markus Armbruster
2028be8eea tests/qapi-schema: Improve doc / expression mismatch coverage
New tests doc-before-include.json and doc-before-pragma.json show we
fail to reject a misplaced expression comment.

New test doc-no-symbol.json shows a bad error message.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1489582656-31133-31-git-send-email-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2017-03-16 07:13:03 +01:00
Markus Armbruster
75b50196d9 qapi2texi: Use category "Object" for all object types
At the protocol level, the distinction between struct, flat union and
simple union is meaningless, they are all JSON objects.  Document them
that way.

Example change (qemu-qmp-ref.txt):

- -- Simple Union: InputEvent
+ -- Object: InputEvent

      Input event union.

This also fixes the completely broken headings for flat and simple
unions in qemu-qmp-ref.7 and qemu-ga-ref.7, by sidestepping a bug in
texi2pod.pl.  For instance, it mistranslates "@deftp {Simple Union}
InputEvent" to "B<Union> (Simple)", but translates "@deftp Object
InputEvent" to "B<SocketAddress> (Object)".

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <1489582656-31133-30-git-send-email-armbru@redhat.com>
2017-03-16 07:13:03 +01:00
Markus Armbruster
c19eaa64df qapi2texi: Generate descriptions for simple union tags
Simple union tags carry no type information, because their type is
implicit.  Their description should make up for it, but many have
none.  Generate one automatically then.

Example change (qemu-qmp-ref.txt):

  -- Simple Union: ImageInfoSpecific

      A discriminated record of image format specific information
      structures.

      Members:
      'type'
-          Not documented
+          One of "qcow2", "vmdk", "luks"
      'data: ImageInfoSpecificQCow2' when 'type' is "qcow2"
      'data: ImageInfoSpecificVmdk' when 'type' is "vmdk"
      'data: QCryptoBlockInfoLUKS' when 'type' is "luks"

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <1489582656-31133-29-git-send-email-armbru@redhat.com>
2017-03-16 07:13:03 +01:00
Markus Armbruster
5169cd8767 qapi2texi: Generate documentation for variant members
A flat union's branch brings in the members of another type.  Generate
a suitable reference to that type.

Example change (qemu-qmp-ref.txt):

  -- Flat Union: QCryptoBlockOpenOptions

      The options that are available for all encryption formats when
      opening an existing volume

      Members:
      The members of 'QCryptoBlockOptionsBase'
+     The members of 'QCryptoBlockOptionsQCow' when 'format' is "qcow"
+     The members of 'QCryptoBlockOptionsLUKS' when 'format' is "luks"

      Since: 2.6

A simple union's branch adds a member 'data' of some other type.
Generate documentation for that member.

Example change (qemu-qmp-ref.txt):

  -- Simple Union: SocketAddress

      Captures the address of a socket, which could also be a named file
      descriptor

      Members:
      'type'
	   Not documented
+     'data: InetSocketAddress' when 'type' is "inet"
+     'data: UnixSocketAddress' when 'type' is "unix"
+     'data: VsockSocketAddress' when 'type' is "vsock"
+     'data: String' when 'type' is "fd"

      Since: 1.3

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <1489582656-31133-28-git-send-email-armbru@redhat.com>
2017-03-16 07:13:03 +01:00
Markus Armbruster
88f63467c5 qapi2texi: Generate reference to base type members
The generated documentation doesn't mention object type members
inherited from a base type.  Fix that.

Example change (qemu-qmp-ref.txt):

  -- Struct: VncServerInfo

      The network connection information for server

      Members:
      'auth' (optional)
	   authentication method used for the plain (non-websocket) VNC
	   server
+     The members of 'VncBasicInfo'

      Since: 2.1

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <1489582656-31133-27-git-send-email-armbru@redhat.com>
2017-03-16 07:13:03 +01:00