g_list_insert_sorted_merged() is rather large to be an inline
function; move it to its own file. range_merge() and
ranges_can_merge() can likewise move, as they are only used
internally. Also, it becomes obvious that the condition within
range_merge() is already satisfied by its caller, and that the
return value is not used.
The diffstat is misleading, because of the copyright boilerplate.
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1464712890-14262-2-git-send-email-eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
If a QAPI struct has a mandatory alternate member which is not
present on input, the input visitor reports an error for the
missing alternate without setting the discriminator, but the
cleanup code for the struct still tries to use the dealloc
visitor to clean up the alternate.
Commit dbf11922 changed visit_start_alternate to set *obj to NULL
when an error occurs, where it was previously left untouched.
Thus, before the patch, the dealloc visitor is blindly trying to
cleanup whatever branch corresponds to (*obj)->type == 0 (that is,
QTYPE_NONE, because *obj still pointed to zeroed memory), which
selects the default branch of the switch and sets an error, but
this second error is ignored by the way the dealloc visitor is
used; but after the patch, the attempt to switch dereferences NULL.
When cleaning up after a partial object parse, we specifically
check for !*obj after visit_start_struct() (see gen_visit_object());
doing the same for alternates fixes the crash. Enhance the testsuite
to give coverage for both missing struct and missing alternate
members.
Also add an abort - we expect visit_start_alternate() to either set an
error or to set (*obj)->type to a valid QType that corresponds to
actual user input, and QTYPE_NONE should never be reachable from valid
input. Had the abort() been in place earlier, we might have noticed
the dealloc visitor dereferencing bogus zeroed memory prior to when
commit dbf11922 forced our hand by setting *obj to NULL and causing a
fault.
Test case:
{'execute':'blockdev-add', 'arguments':{'options':{'driver':'raw'}}}
The choice of 'driver':'raw' selects a BlockdevOptionsGenericFormat
struct, which has a mandatory 'file':'BlockdevRef' in QAPI. Since
'file' is missing as a sibling of 'driver', this should report a
graceful error rather than fault. After this patch, we are back to:
{"error": {"class": "GenericError", "desc": "Parameter 'file' is missing"}}
Generated code in qapi-visit.c changes as:
|@@ -2444,6 +2444,9 @@ void visit_type_BlockdevRef(Visitor *v,
| if (err) {
| goto out;
| }
|+ if (!*obj) {
|+ goto out_obj;
|+ }
| switch ((*obj)->type) {
| case QTYPE_QDICT:
| visit_start_struct(v, name, NULL, 0, &err);
|@@ -2459,10 +2462,13 @@ void visit_type_BlockdevRef(Visitor *v,
| case QTYPE_QSTRING:
| visit_type_str(v, name, &(*obj)->u.reference, &err);
| break;
|+ case QTYPE_NONE:
|+ abort();
| default:
| error_setg(&err, QERR_INVALID_PARAMETER_TYPE, name ? name : "null",
| "BlockdevRef");
| }
|+out_obj:
| visit_end_alternate(v);
Reported by Kashyap Chamarthy <kchamart@redhat.com>
CC: qemu-stable@nongnu.org
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1466012271-5204-1-git-send-email-eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Tested-by: Kashyap Chamarthy <kchamart@redhat.com>
[Commit message tweaked]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Maybe there should be; but until there is, we should not flag
strtod() calls as something to replaced with qemu_strtod().
We also lack qemu_strtof() and qemu_strtold(), but as no one
has been using strtof() or strtold(), it's not worth complicating
the regex for them.
(Ironically, I had to use 'git commit -n' since checkpatch uses
TAB indents, in violation of its own recommendations.)
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1465526889-8339-3-git-send-email-eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Fix the regex comments describing what we parse as JSON. No change
to the lexer itself, just to the comments:
- The "" and '' string construction was missing alternation between
different escape sequences
- The construction for numbers forgot to handle optional leading '-'
- The construction for numbers was grouped incorrectly so that it
didn't permit '0.1'
- The construction for numbers forgot to mark the exponent as optional
- No mention that our '' string and "\'" are JSON extensions
- No mention of our %d and related extensions when constructing JSON
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1465526889-8339-2-git-send-email-eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Eric's regexp simplification squashed in]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Valgrind complained about a number of leaks in
tests/check-qobject-json:
==12657== definitely lost: 17,247 bytes in 1,234 blocks
All of which had the same root cause: on an incomplete parse,
we were abandoning the token queue without cleaning up the
allocated data within each queue element. Introduced in
commit 95385fe, when we switched from QList (which recursively
frees contents) to g_queue (which does not).
We don't yet require glib 2.32 with its g_queue_free_full(),
so open-code it instead.
CC: qemu-stable@nongnu.org
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1463608012-12760-1-git-send-email-eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Blue hasn't been active in the QEMU project for a long time. Drop his
last MAINTAINERS entries.
As per Paolo's recommendation, downgrade status of "BSD user" from
Maintained to Orphan since the FreeBSD guys effectively forked it, and
"SPARC target" from Maintained to Odd Fixes, since we still have the
overall TCG maintainer looking after it.
I'm leaving Checkpatch's status at Odd Fixes. Calling it Maintained
wouldn't be wrong, but I'm not comfortable upgrading it while nobody
is willing to have his name nailed to the thing.
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
While here, also add a section for the tree I use for 9p.
Signed-off-by: Greg Kurz <groug@kaod.org>
Acked-by: Cédric Le Goater <clg@kaod.org>
Acked-by: Cédric Le Goater <clg@fr.ibm.com>
Acked-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Message-id: 146617410554.7281.1733165006203821878.stgit@bahia.lan
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
qemu leaves unix socket files behind when removing a listening chardev
or leaving. qemu could clean that up, even if doing so isn't race-free.
Fixes:
https://bugzilla.redhat.com/show_bug.cgi?id=1347077
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <1466105332-10285-4-git-send-email-marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This helps to remove various chardev resources leaks when leaving qemu.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <1466105332-10285-2-git-send-email-marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This otherwise causes a use-after-free if network backend cleanup
is performed before character device cleanup.
Cc: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit 0544edd88a "vl: smp_parse: cleanups" regressed any -smp
config that left either cores or threads unspecified, and specified
a topology supporting more cpus than the given online cpus. The
correct way to calculate the missing parameter would be to use
maxcpus, but it's too late to change that now. Restore the old
way, which is to calculate it with the online cpus (as is still
done), but then, if the result is zero, just set it to one.
Signed-off-by: Andrew Jones <drjones@redhat.com>
Message-Id: <1466526844-29245-1-git-send-email-drjones@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Otherwise, a serial port can get stuck if it is migrated while flow control
is in effect.
Tested-by: Bret Ketchum <bcketchum@gmail.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Otherwise, this can cause serial_xmit to be entered with LSR.TEMT=0,
which is invalid and causes an assertion failure.
Reported-by: Bret Ketchum <bcketchum@gmail.com>
Tested-by: Bret Ketchum <bcketchum@gmail.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
g_source_attach can return any value between 1 and UINT_MAX if you let
QEMU run long enough. However, qemu_chr_fe_add_watch can also return
a negative errno value when the device is disconnected or does not
support chr_add_watch. Change it to return zero to avoid overloading
these values.
Fix the cadence_uart which asserts in this case (easily obtained with
"-serial pty").
Tested-by: Bret Ketchum <bcketchum@gmail.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
serial_xmit starts transmission of whatever is in the transmitter
register, THR or FIFO; serial_watch_cb is a wrapper around it and is
only used as a qemu_chr_fe_add_watch callback.
Tested-by: Bret Ketchum <bcketchum@gmail.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Move common code outside the if, and reset tsr_retry even in loopback mode.
Right now it cannot become non-zero, but it will be possible as soon as
we start respecting the baud rate.
Tested-by: Bret Ketchum <bcketchum@gmail.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
It can never become negative; reflect this in the type of the field
and simplify the conditions.
Tested-by: Bret Ketchum <bcketchum@gmail.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit 94d047a added an assertion the the request alignment check.
This introduced 2 issues:
a) A off-by-one error since a request of BDRV_REQUEST_MAX_SECTORS
is actually allowed.
b) The bdrv_get_block_status call in the read path to check the allocation
status requests up to INT_MAX sectors which triggers the assertion.
Fixes: 94d047a35b
Signed-off-by: Peter Lieven <pl@kamp.de>
Message-Id: <1466414680-18383-1-git-send-email-pl@kamp.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This function needs to be converted to QOM hook and virtualised for
multi-arch. This rename interferes, as cpu-qom will not have access
to the renaming causing name divergence. This rename doesn't really do
anything anyway so just delete it.
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-Id: <69bd25a8678b8b31b91cd9760c777bed1aafb44e.1437212383.git.crosthwaite.peter@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Peter Crosthwaite <crosthwaitepeter@gmail.com>
In function pci_assign_dev_load_option_rom, For those pci devices don't
have 'rom' file under sysfs or if loading ROM from external file, The
function returns NULL, and won't set the passed 'size' variable.
In these 2 cases, qemu still reports "Invalid ROM" error message, Users
may be confused by it.
Signed-off-by: Lin Ma <lma@suse.com>
Message-Id: <1466010327-22368-1-git-send-email-lma@suse.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit 926cde5 ("scsi: esp: make cmdbuf big enough for maximum CDB size",
2016-06-16) changed the size of a migrated field. Split it in two
parts, and only migrate the second part in a new vmstate version.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The MC146818 RTC device has output IRQ line. Currently the corresponding field
is only accessible through direct access. Such access violates Qemu model.
The patch makes the field accessible through GPIO. It also updates the setting
of the IRQ during initialization.
Signed-off-by: Efimov Vasily <real@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Currently a direct access to the device structure field is used to connect ISA
device IRQ to the bus. GPIO access should be used instead if possible.
The patch adds wrapper isa_connect_gpio_out. The function connects specified
output GPIO to specified ISA IRQ.
Signed-off-by: Efimov Vasily <real@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The isa_bus_irqs function initializes ISA bus IRQ array pointer with specified
value.
Previously the ICH9 LPC bridge model did not have its own IRQs but
only IRQ pointer cache. And same GSI were used for ISA bus and other sources
behind the bridge (PCI, SCI). Hence, the pc_q35_init was only possible place to
setup both ISA bus IRQs and the bridge IRQ cache.
As a result, the call of isa_bus_irqs was made from pc_q35_init.
Now the ICH9 LPC bridge has its own output IRQs which are connected to GSI. The
output IRQs are already used to route IRQs from PCI and SCI.
The patch makes the ICH9 LPC bridge output IRQs to used for ISA bus too.
Signed-off-by: Efimov Vasily <real@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The ICH9 LPC bridge has 24 output IRQs connected to GSI. Currently the IRQs are
referenced by pointers. The pointers are initialized at startup by direct access
to the structure fields. This violates Qemu device model.
The patch makes the IRQs handling to use GPIO model.
Signed-off-by: Efimov Vasily <real@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
ich9->pic and ich9->ioapic differ for the first 16 GSIs (because
ich9->pic is wired to 8259+IOAPIC but ich9->ioapic is wired to
IOAPIC only). However, ich9->ioapic is never used for the first
16 GSIs, so the two vectors can be merged.
Reviewed-by: Efimov Vasily <real@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Make ich9_lpc_update_pic take care only of GSIs 0-15, and
ich9_lpc_update_apic take care only of GSIs 16-23. Assert
that they are called with the correct GSI indices.
Reviewed-by: Efimov Vasily <real@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
An asserted pirq can be disabled and the corresponding GSIs
should then go down to 0. However, because of the conditional in
ich9_lpc_update_by_pirq, the legacy 8259 pin could remain stuck to 1.
Reviewed-by: Efimov Vasily <real@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
ICH9 SMB bridge can be created using qdev API despite existence of helper
function. The type name is needed for such creation. Using a preprocessor
alias instead the string type name itself is preferable.
The patch makes the alias accessible through the header.
Signed-off-by: Efimov Vasily <real@ispras.ru>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The port92 device has outgouing IRQ line A20. Currently the IRQ is referenced
by a pointer which normally is set during machine initialization. The
pointer is never changed at runtime. Hence, common GPIO model can be applied
to A20 IRQ line. Note that checking for IRQ to be connected as in
previous version of code is not required qemu_set_irq will do it.
Signed-off-by: Efimov Vasily <real@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The i8042 device has outgouing IRQ line A20. Currently the IRQ is referenced
by a pointer which normally is set during machine initialization. The pointer
is never changed at runtime. So common GPIO model can be applied to A20 IRQ
line. Note that checking for IRQ to be connected as in previous version
of code is not required because qemu_set_irq will do it.
Signed-off-by: Efimov Vasily <real@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Currently, Q35 instance is configured using direct access to structure fields.
The patch uses property interface to set the fields.
Signed-off-by: Efimov Vasily <real@ispras.ru>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
During creation of Q35 instance several parameters are set using direct access.
It violates Qemu device model. Correctly, the parameters should be handled as
object properties.
The patch adds four link type properties for fields:
mch.ram_memory
mch.pci_address_space
mch.system_memory
mch.address_space_io
And, it adds two size type properties for fields:
mch.below_4g_mem_size
mch.above_4g_mem_size
Signed-off-by: Efimov Vasily <real@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
qdev API can be used to create CFI pflash devices despite existance of helper
functions. The type name is needed in course of such creation. Using the
preprocessor alias instead of the string literal itself is preferable.
The patch makes the aliases accessible through the header.
Signed-off-by: Efimov Vasily <real@ispras.ru>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Currently vmport device is identified by the string literal. Using a
preprocessor alias instead is preferable.
Signed-off-by: Efimov Vasily <real@ispras.ru>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The speaker device needs pointer to ISA PIT device to operate. But according to
qdev-properties.h, properties of pointer type should be avoided. It seems a
link type property is a good substitution.
Signed-off-by: Efimov Vasily <real@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
and add safe_syscall support for i386, aarch64, arm, ppc64 and
s390x.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUAV3LCdLRIkN7ePJvAAQhVsQ/6AjcR308zzZzJAhYnk7eQYl7pQLpqokbl
XDdZqXZf3qts5z9CUNZGxoCesPb+MTxIRWGZy13QHeJ3hcewMegcZny7b9xN2OaP
SNRbPhkIZe9p+ImI2sZ4Unnb4NFssGdB/9e4I5aQQovrnXbbZqT3tAHqwoPwaI6c
N4ub+HYkIqd7MnRG00PLdLbbrzMVIpbwENYxnb6AwBgYDsE01QL6USsyRVoSGK3i
AHJz5jg/KiTaQJs4Bk8/NmrbfCnVtGpVz03FWsClm1LZ9BO3fpiHajbd9TNPhh3O
v+M5S1UyCejvy+CiyZsIJnq29pYFJF1Yj+IviowQnwIRdSYtz9KI241UXdlrlVYK
Ooadukgsgur+fNKl3I0SxGAqkDbRN3yjy6sCiRJSNNTuV2DWF92XPlrIBNVFQ0rP
p4o2ZhuS9euerfuQ2bu8qFgAV/vyBA2A6XCY0NZYbYgZ/dwVqmuyvtTyPZhsy7Rq
QvsOYKwmWkCM3FDY6oiJBNAwo/jOl28FR4WmtqbjEgtTgelZibW2HPVNc769XujG
+qN+bphgyHUnSIMYcxS2csMsx6FjFz4Kst8TWbXTWG7HzlEbC73ShbQjS6MVDZ7H
h0XbbQ8gWxLl540xLFv8BcjlXUSOth1iNtraWq60lwphhuT5lr1sMu+bu+27SPXm
k3cNZHml3vY=
=zonM
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/riku/tags/pull-linux-user-20160628' into staging
Drop building linux-user targets on HPPA or m68k host systems
and add safe_syscall support for i386, aarch64, arm, ppc64 and
s390x.
# gpg: Signature made Tue 28 Jun 2016 19:31:16 BST
# gpg: using RSA key 0xB44890DEDE3C9BC0
# gpg: Good signature from "Riku Voipio <riku.voipio@iki.fi>"
# gpg: aka "Riku Voipio <riku.voipio@linaro.org>"
# Primary key fingerprint: FF82 03C8 C391 98AE 0581 41EF B448 90DE DE3C 9BC0
* remotes/riku/tags/pull-linux-user-20160628: (24 commits)
linux-user: Provide safe_syscall for ppc64
linux-user: Provide safe_syscall for s390x
linux-user: Provide safe_syscall for aarch64
linux-user: Provide safe_syscall for arm
linux-user: Provide safe_syscall for i386
linux-user: fix x86_64 safe_syscall
linux-user: don't swap NLMSG_DATA() fields
linux-user: fd_trans_host_to_target_data() must process only received data
linux-user: add missing return in netlink switch statement
linux-user: update get_thread_area/set_thread_area strace
linux-user: fix clone() strace
linux-user: add socket() strace
linux-user: add socketcall() strace
linux-user: Support F_GETPIPE_SZ and F_SETPIPE_SZ fcntls
linux-user: Fix wrong type used for argument to rt_sigqueueinfo
linux-user: Create a hostdep.h for each host architecture
user-exec: Remove unused code for OSX hosts
user-exec: Delete now-unused hppa and m68k cpu_signal_handler() code
configure: Don't allow user-only targets for unknown CPU architectures
configure: Don't override ARCH=unknown if enabling TCI
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
s/target bs/to_replace/, also we check to_replace bs is not
blocked in qmp_drive_mirror() not here
Signed-off-by: Changlong Xie <xiecl.fnst@cn.fujitsu.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Jeff Cody <jcody@redhat.com>
Message-id: 1466672241-22485-3-git-send-email-xiecl.fnst@cn.fujitsu.com
Signed-off-by: Jeff Cody <jcody@redhat.com>
Callback for block job should always exist
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Suggested-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Changlong Xie <xiecl.fnst@cn.fujitsu.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Jeff Cody <jcody@redhat.com>
Message-id: 1466672241-22485-2-git-send-email-xiecl.fnst@cn.fujitsu.com
Signed-off-by: Jeff Cody <jcody@redhat.com>
During the refactor of mirror_iteration in e5b43573,
we regressed the fix introduced in cae98cb8.
This patch re-adds IOV_MAX checking to cases where we
aren't checking alignment (and size) already.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-id: 1466625064-11280-3-git-send-email-jsnow@redhat.com
Signed-off-by: Jeff Cody <jcody@redhat.com>
