Even a new address space might have a non-empty FlatView. In order
to initialize it properly, address_space_init should (a) call
memory_region_transaction_commit after the address space is inserted
into the list; (b) force memory_region_transaction_commit to do something.
This bug was latent so far because all address spaces started empty, including
the PCI address space where the bus master region is initially disabled.
However, the target address space of an IOMMU is usually rooted at
get_system_memory(), which might not be empty at the time the IOMMU is created.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The radix tree is statically sized to fit TARGET_PHYS_ADDR_SPACE_BITS.
If a larger memory region is registered, it will overflow.
Fix by limiting any section in the radix tree to the supported size.
This problem was not observed earlier since artificial regions (containers
and aliases) are eliminated by the memory core, leaving only device regions
which have reasonable sizes. An IOMMU however cannot be eliminated by the
memory core, and may have an artificial size.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Avi Kivity <avi.kivity@gmail.com>
[ Fail the build if TARGET_PHYS_ADDR_SPACE_BITS is too large - Paolo ]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
With the next patch, the memory API will complain if the
TARGET_PHYS_ADDR_SPACE_BITS gets dangerously close to an
overflow. s390x can handle up to 64 bit of physical address
space from its page tables, but we never use that much. Just
decrease the value.
Cc: Alexander Graf <agraf@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
A couple of fields were left uninitialized. This was not observed earlier
because all address spaces were statically allocated. Also free allocation
for those fields.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Avi Kivity <avi.kivity@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Since this is a MemoryListener operation, it only makes sense
on an AddressSpace granularity.
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
"Readable" is a very unfortunate name for this flag because even a
rom_device region will always be readable from the guest POV. What
differs is the mapping, just like the comments had to explain already.
Also, readable could currently be understood as being a generic region
flag, but it only applies to rom_device regions.
So rename the flag and the function to modify it after the original term
"ROMD" which could also be interpreted as "ROM direct", i.e. ROM mode
with direct access. In any case, the scope of the flag is clearer now.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
memory_region_find() is similar to registering a MemoryListener and
checking for the MemoryRegionSections that come from a particular
region. There is no reason for this to be limited to a root memory
region.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
While sized to 15 bits in PhysPageEntry, the ptr field is ORed into the
iotlb entries together with a page-aligned pointer. The ptr field must
not overflow into this page-aligned value, assert that it is smaller than
the page size.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
It is a private interface between exec.c and memory.c.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
See how we call memory_region_section_addr two lines below to
convert a physical address to a base address in the region.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit e7a09b92b7 added a trace at each
memory freeing, but unfortunately inverted size and pointer when printing
them. Fix trace.
This also led to a compilation error on 32 bit hosts:
In file included from include/trace.h:4:0,
from trace/generated-events.c:3:
./trace/generated-tracers.h: In function ‘trace_qemu_anon_ram_free’:
./trace/generated-tracers.h:64:9: error: format ‘%zu’ expects argument of type
‘size_t’, but argument 3 has type ‘void *’ [-Werror=format]
./trace/generated-tracers.h:64:9: error: format ‘%p’ expects argument of type
‘void *’, but argument 4 has type ‘size_t’ [-Werror=format]
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Message-id: 1369045989-14016-1-git-send-email-hpoussin@reactos.org
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
On FreeBSD libutil is used for openpty(), but it also provides a hexdump()
which conflicts with QEMU's.
Signed-off-by: Ed Maste <emaste@freebsd.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1368718348-15199-1-git-send-email-emaste@freebsd.org
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This fixes a problem that after guest panic happens, virsh dump without
--memory-only fails:
ERROR: invalid runstate transition: 'guest-panicked' -> 'finish-migrate'
Reported-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Hu Tao <hutao@cn.fujitsu.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1369046780-17498-1-git-send-email-pbonzini@redhat.com
Cc: qemu-stable@nongnu.org
Signed-off-by: Hu Tao <hutao@cn.fujitsu.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
When register and open a chardev udp, the backend name should be udp
not dgram, and we do not have backend dgram in the chardev list. This
patch makes the new qapi udp backend consistent with the original
udp device.
Signed-off-by: Lei Li <lilei@linux.vnet.ibm.com>
Message-id: 1369032665-18159-2-git-send-email-lilei@linux.vnet.ibm.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Commit 215e47b9 enabled TRIM by default, which revealed a bug in TRIM
support for the IDE macio emulation driver, introduced in d353fb72.
The call to dma_bdrv_io() is using a wrong opaque of type IDEState
instead of DBDMA_io. This patch fixes that.
Fixes LP#1179104
Reported-by: Michael Tokarev <mjt@tls.msk.ru>
Tested-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
First we need to clear the bit and then we set the given value.
Instruction ADDSC sets the bit and instruction ADDWC uses this bit.
Signed-off-by: Petar Jovanovic <petar.jovanovic@imgtec.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
This change makes sure that modifications of pos field in the DSPControl
register do not trash other bits in the register. This bug can be triggered
with the additional test case in mips32-dsp/extpdp.c in this commit.
In addition to this, this change corrects incorrect calculation of the mask
for EXTPDP.
Signed-off-by: Petar Jovanovic <petar.jovanovic@imgtec.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
The mask for EXTP instruction when size=31 has not been correctly
calculated.
The test (mips32-dsp/extp.c) has been extended to include the case that
triggers the issue.
Signed-off-by: Petar Jovanovic <petar.jovanovic@imgtec.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
* mdroth/qga-pull-2013-05-13:
qga: unlink just created guest-file if fchmod() or fdopen() fails on it
qga: distinguish binary modes in "guest_file_open_modes" map
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This reverts commit 7161082c8d.
Reverting this patch fixes a divide-by-zero error in qemu that can be
fairly reliably triggered by doing block migration. In this case, the
configuration/error was:
source: temp/x86_64-softmmu/qemu-system-x86_64 -enable-kvm -L temp-bios
-M pc-i440fx-1.4 -m 512M -kernel boot/vmlinuz-x86_64 -initrd
boot/test-initramfs-x86_64.img.gz -vga std -append seed=1234 -drive
file=disk1.img,if=virtio -drive file=disk2.img,if=virtio -device
virtio-net-pci,netdev=net0 -netdev user,id=net0 -monitor
unix:/tmp/vm-hmp.sock,server,nowait -qmp
unix:/tmp/vm-qmp.sock,server,nowait -vnc :100
16837 Floating point exception(core dumped)
target: temp/x86_64-softmmu/qemu-system-x86_64 -enable-kvm -L temp-bios
-M pc-i440fx-1.4 -m 512M -kernel boot/vmlinuz-x86_64 -initrd
boot/test-initramfs-x86_64.img.gz -vga std -append seed=1234 -drive
file=target_disk1.img,if=virtio -drive file=target_disk2.img,if=virtio
-device virtio-net-pci,netdev=net0 -netdev user,id=net0 -incoming
unix:/tmp/migrate.sock -monitor
unix:/tmp/vm-hmp-incoming.sock,server,nowait -qmp
unix:/tmp/vm-qmp-incoming.sock,server,nowait -vnc :101
Receiving block device images
20 %
21 %
load of migration failed
This revert potentially re-introduces a bug that was present in 1.4,
but fixes a prevalent issue with block migration so we should revert
it for now and take an updated patch later.
Conflicts:
migration.c
* fixed up to remove logic introduced in 7161082c while leaving
changes in HEAD intact
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Message-id: 1368739544-31021-1-git-send-email-mdroth@linux.vnet.ibm.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This patch reverts part of 5e3bc735d9.
Paolo Bonzini wrote this patch and commented:
"WSAEventSelect is edge-triggered and the event will not be signaled if
the socket handler does not consume all the data in the socket buffer."
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1368718561-7816-3-git-send-email-stefanha@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
pollfds_fill() and pollfds_poll() translate GPollFD to rfds/wfds/xfds
for sockets on win32. select(2) is the underlying system call which is
used to monitor sockets for activity.
Currently file descriptors that monitor G_IO_ERR will be included in
both rfds and wfds. As a result, select(2) will report writability on
file descriptors where we only really wanted to monitor readability
(with errors).
slirp_pollfds_poll() hit this issue: UDP sockets are blocking sockets so
we hang in sorecvfrom() when G_IO_ERR is set due to the socket being
writable (we only wanted to check for readability).
This patch fixes the slirp_pollfds_poll() hang.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1368718561-7816-2-git-send-email-stefanha@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This adds virtio_bus_get_dev_path to fix migration id string which is wrong
since the virtio refactoring.
Signed-off-by: KONRAD Frederic <fred.konrad@greensocs.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1368723967-21050-1-git-send-email-fred.konrad@greensocs.com
Cc: mdroth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
# By Michael Roth (1) and Zhangleiqiang (1)
# Via Luiz Capitulino
* luiz/queue/qmp:
qapi: fix leak in unit tests
qmp: fix handling of cmd with Equals in qmp-shell
Message-id: 1368625179-27962-1-git-send-email-lcapitulino@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
On Mac OS X ppc, altivec.h defines "vector", leading to build breakage
when used as variable name, e.g. in tracing code.
Fix this by undefining identifiers after altivec.h inclusion.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Message-id: 1368632771-4328-1-git-send-email-andreas.faerber@web.de
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The test case passes on big endian hosts now (tested on ppc64)
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-id: 1368622839-7084-1-git-send-email-kwolf@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Although we try our best to automatically detect broken versions
of Linux which assume the old broken IRQ mapping we used to implement
for our model of the Versatile PCI controller, it turns out that
some particularly new kernels manage to outwit the autodetection.
We therefore provide a property for enabling the old broken IRQ
mapping, so that if users happen to have such a kernel they can
work around its deficiencies with the command line option:
-global versatile_pci.broken-irq-mapping=1
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1368545616-22344-4-git-send-email-peter.maydell@linaro.org
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Newer versatilepb kernels still don't get the IRQ mapping right
for the PCI controller, but they get it differently wrong (they add
a fixed +64 offset to everything they write to PCI_INTERRUPT_LINE).
Update the autodetection to handle these too, and include a more
detailed comment on the various different behaviours that might
be present.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1368545616-22344-3-git-send-email-peter.maydell@linaro.org
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This reverts commit 5f37ef92b7.
It turns out that some kernels incorrectly depend on the
old QEMU behaviour of not putting the host PCI bridge device
where the hardware puts it, because they use a swizzling IRQ
mapping which is incorrect but happens to match up with old
broken QEMU when the slot number mod 4 is zero. Since we
start PCI devices at 11, if we put the host bridge at 29
then the first real PCI device goes at 11 and doesn't work.
Not putting the host bridge at 29 means it defaults to 11,
so the first real PCI device is at 12 and works.
Since continuing with the old behaviour doesn't cause problems
for kernels which do work with hardware, the simplest fix for
this is to revert the change.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1368545616-22344-2-git-send-email-peter.maydell@linaro.org
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The latest version of MinGW needs a test for __sync_val_compare_and_swap
to fix a missing symbol linker error.
Reported-by: Igor Mitsyanko <i.mitsyanko@gmail.com>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Message-id: 1368301619-32097-2-git-send-email-sw@weilnetz.de
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Commit 7791dba3ec broke compilation on MacOSX, because it introduced
a new include of util.h. On MacOSX this includes pwd.h which in turn
includes the system uuid/uuid.h, which causes a compile failure if
QEMU was configured without CONFIG_UUID due to a conflict between
the system header and our fallback versions:
block/vdi.c:124:20: error: static declaration of 'uuid_generate'
follows non-static declaration
static inline void uuid_generate(uuid_t out)
^
/usr/include/uuid/uuid.h:63:6: note: previous declaration is here
void uuid_generate(uuid_t out);
^
Fix this breakage by improving configure's check for uuid to work on
MacOSX (where there is no need to link in a separate libuuid).
Note that if the user explicitly runs configure with '--disable-uuid'
on MacOSX then QEMU will fail to compile.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1368563799-22755-1-git-send-email-peter.maydell@linaro.org
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The ledstate should be compared before modifiers updated,
otherwise the ledstate would be the same as current_led_state.
Reported-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Lei Li <lilei@linux.vnet.ibm.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Message-id: 1368606040-11950-1-git-send-email-lilei@linux.vnet.ibm.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This forwards the name and the type of virtio-net-x to fix the bad
behaviour of "info network" command.
Signed-off-by: KONRAD Frederic <fred.konrad@greensocs.com>
Message-id: 1368619970-23892-3-git-send-email-fred.konrad@greensocs.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This adds virtio_net_set_netclient_name, which is used to set the
name and type shown in "info network" command.
Signed-off-by: KONRAD Frederic <fred.konrad@greensocs.com>
Message-id: 1368619970-23892-2-git-send-email-fred.konrad@greensocs.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
qmp_output_get_qobject() increments the qobject's reference count. Since
we currently pass this straight into qobject_to_json() so we can feed
the data into a QMP input visitor, we never actually free the underlying
qobject when qmp_output_visitor_cleanup() is called. This causes leaks
on all of the QMP serialization tests.
Fix this by holding a pointer to the qobject and decref'ing it before
returning from qmp_deserialize().
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
qmp: fix handling of cmd with equal mark in qmp-shell
qmp-shell splits the argument and value of input command
by equal mark("="). But there are commands whose values
include equal mark themselves, and the json built by
qmp-shell will not correct. For example, when using NBD as
the target of block-backup command, the input
"block-backup target=nbd+unix:///drive0?socket=/tmp/nbd.sock"
will fail, because the json built will be as follows:
{
"execute":"block-backup",
"arguments":{"target":"nbd+unix:///drive0?socket"}
}
Fix it by joining the sections split by equal mark excluding the
first section in __build_cmd function when the length of sections
is larger than two.
Signed-off-by: zhangleiqiang <zhangleiqiang@huawei.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
# By Kevin Wolf
# Via Stefan Hajnoczi
* stefanha/block:
block: Add hint to -EFBIG error message
qcow2: Catch some L1 table index overflows
Message-id: 1368543269-29784-1-git-send-email-stefanha@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The limit of qcow2 files at least depends on the cluster size. If the
image format has a cluster_size option, suggest to increase it.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This catches the situation that is described in the bug report at
https://bugs.launchpad.net/qemu/+bug/865518 and goes like this:
$ qemu-img create -f qcow2 huge.qcow2 $((1024*1024))T
Formatting 'huge.qcow2', fmt=qcow2 size=1152921504606846976 encryption=off cluster_size=65536 lazy_refcounts=off
$ qemu-io /tmp/huge.qcow2 -c "write $((1024*1024*1024*1024*1024*1024 - 1024)) 512"
Segmentation fault
With this patch applied the segfault will be avoided, however the case
will still fail, though gracefully:
$ qemu-img create -f qcow2 /tmp/huge.qcow2 $((1024*1024))T
Formatting 'huge.qcow2', fmt=qcow2 size=1152921504606846976 encryption=off cluster_size=65536 lazy_refcounts=off
qemu-img: The image size is too large for file format 'qcow2'
Note that even long before these overflow checks kick in, you get
insanely high memory usage (up to INT_MAX * sizeof(uint64_t) = 16 GB for
the L1 table), so with somewhat smaller image sizes you'll probably see
qemu aborting for a failed g_malloc().
If you need huge image sizes, you should increase the cluster size to
the maximum of 2 MB in order to get higher limits.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
We switched from qemu_memalign to mmap() but then we don't modify
qemu_vfree() to do a munmap() over free(). Which we cannot do
because qemu_vfree() frees memory allocated by qemu_{mem,block}align.
Introduce a new function that does the munmap(), luckily the size is
available in the RAMBlock.
Reported-by: Amos Kong <akong@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Amos Kong <akong@redhat.com>
Message-id: 1368454796-14989-3-git-send-email-pbonzini@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This is preparatory to the introduction of a separate freeing API.
Reported-by: Amos Kong <akong@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Amos Kong <akong@redhat.com>
Message-id: 1368454796-14989-2-git-send-email-pbonzini@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This fixes the Home/End keys in the monitor using the GTK frontend.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-id: 1368526554-15866-1-git-send-email-kwolf@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
