This fixes a warning from the static code analysis (smatch).
Signed-off-by: NStefan Weil <sw@weilnetz.de>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

Signed-off-by: NStefan Weil <sw@weilnetz.de>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

Since QEMU 0.15, slirp (user mode networking) supports ping to the
Internet, see e6d43cfbSigned-off-by: NGernot Hillier <gernot.hillier@siemens.com>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

In this case, 'ret' is already '-1', so need not do it again.
Signed-off-by: NChen Gang <gang.chen.5i5j@gmail.com>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

arbitary -> arbitrary
basicly -> basically
Signed-off-by: NStefan Weil <sw@weilnetz.de>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

If the user specified a (vlan ID, slirp stack name) tuple in a monitor
hostfwd_add/remove command and we can't find it, give the user an
error message rather than silently doing nothing.

This brings this error case in slirp_lookup() into line with the
other two.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NMichael Tokarev <mjt@tls.msk.ru>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

pc,vhost,test fixes

Minor bugfixes all over the place.
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Fri 18 Jul 2014 00:43:04 BST using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"

* remotes/mst/tags/for_upstream:
  vhost-user: minor cleanups
  qtest: Adapt vhost-user-test to latest vhost-user changes
  vhost-user: Fix VHOST_SET_MEM_TABLE processing
  qtest: fix vhost-user-test compilation with old GLib
  fix typo: apci -> acpi
  pc_piix: Reuse pc_compat_1_2() for pc-0.1[0123]
  pc: fix qemu exiting with error when -m X < 128 with old machines types
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

assert to verify cast does not discard information
minor style fixup.
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

A new field mmap_offset was added in the vhost-user message, we need to reflect
this change in the test too.
Signed-off-by: NNikolay Nikolaev <n.nikolaev@virtualopensystems.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

qemu_get_ram_fd doesn't accept a guest physical address. ram_addr_t are
opaque values that are assigned in qemu_ram_alloc.

Find the ram_addr_t corresponding to the userspace_addr using qemu_ram_addr_from_host,
and then call qemu_get_ram_fd on it.

Thanks to Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NNikolay Nikolaev <n.nikolaev@virtualopensystems.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com>

If machine doesn't support memory hotplug then starting QEMU
with initial memory less than default will make QEMU exit with
following error message:

$QEMU -m 16  -M isapc
qemu-system-i386: "-memory 'slots|maxmem'" is not supported by: isapc

Set maxram_size to initial memory value before parsing
'maxmem' option allows to keep maxmem in sync with initial
memory size if no maxmem option was specified.
Signed-off-by: NIgor Mammedov <imammedo@redhat.com>
CC: Bruce Rogers <brogers@suse.com>
Reviewed-By: NBruce Rogers <brogers@suse.com>
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

This checks that s->chr is not NULL before using it.
Signed-off-by: NKONRAD Frederic <fred.konrad@greensocs.com>
Reviewed-by: NPeter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

* remotes/amit-migration/for-2.1:
  vmstate static checker: detect section renames
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

* remotes/amit/for-2.1:
  virtio-serial-bus: keep port 0 reserved for virtconsole even on unplug
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

We keep port 0 reserved for compat with older guests, where only
virtio-console was expected.  Even if a system is started without a
virtio-console port, port #0 is kept aside.  However, after a
virtconsole port is unplugged, port id 0 became available, and the next
hotplug of a virtserialport caused failure due to it not being a console
port.

Steps to reproduce:

$ ./x86_64-softmmu/qemu-system-x86_64 -m 512 -cpu host -enable-kvm -device virtio-serial-pci -monitor stdio  -vnc :1
QEMU 2.0.91 monitor - type 'help' for more information
(qemu) device_add virtconsole,id=p1
(qemu) device_del p1
(qemu) device_add virtserialport,id=p1
Port number 0 on virtio-serial devices reserved for virtconsole devices for backward compatibility.
Device 'virtserialport' could not be initialized
(qemu) quit
Reported-by: Ndengmin <mdeng@redhat.com>
Reviewed-by: NAmos Kong <akong@redhat.com>
Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NAmit Shah <amit.shah@redhat.com>

Commit 292b1634 changed the section name of "ICH9 LPC" to "ICH9-LPC",
and that causes the static checker to flag this:

Section "ICH9 LPC" does not exist in dest

This patch introduces a function that checks for section renames and
also a dictionary that maps those renames.
Reported-by: N"Dr. David Alan Gilbert" <dgilbert@redhat.com>
Signed-off-by: NAmit Shah <amit.shah@redhat.com>

---
This is a small patch to a script; doesn't break qemu and helps with the
static checker, so it's a very low-risk patch for 2.1.

Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

vhost-user-test uses the linux/vhost.h header, so it must only be
enabled if CONFIG_LINUX is defined. (Previously it was enabled
for CONFIG_POSIX, which broke 'make check' on MacOSX.)
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

* remotes/riku/linux-user-for-upstream:
  linux-user: use TARGET_SA_ONSTACK in get_sigframe
  alloca one extra byte sockets
  linux-user: handle AF_PACKET sockaddrs in target_to_host_sockaddr
  qemu-user: Impl. setsockopt(SO_BINDTODEVICE)
  SIOCGIFINDEX: fix typo
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

Patch queue for ppc - 2014-07-15

Some more bug fixes during the RC phase:

  - Fix huge page mapping regressions
  - Fix Book3S thread number enumeration
  - Fix Book3S VFIO permission issue

# gpg: Signature made Tue 15 Jul 2014 15:13:54 BST using RSA key ID 03FEDC60
# gpg: Can't check signature: public key not found

* remotes/agraf/tags/signed-ppc-for-upstream:
  sPAPR/IOMMU: Fix TCE entry permission
  spapr: Enable use of huge pages
  spapr: Move RMA memory region registration code
  ppc: memory: Replace memory_region_init_ram with memory_region_allocate_system_memory
  target-ppc: Fix number of threads per core limit
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

The permission of TCE entry should exclude physical base address.
Otherwise, unmapping TCE entry can be interpreted to mapping TCE
entry wrongly for VFIO devices.
Signed-off-by: NGavin Shan <gwshan@linux.vnet.ibm.com>
Acked-by: NAlex Williamson <alex.williamson@redhat.com>
Signed-off-by: NAlexander Graf <agraf@suse.de>

0b183fc8 "memory: move mem_path handling to
memory_region_allocate_system_memory" disabled -mempath use for all
machines that do not use memory_region_allocate_system_memory() to
register RAM. Since SPAPR uses memory_region_init_ram(), the huge pages
support was disabled for it.

This replaces memory_region_init_ram()+vmstate_register_ram_global() with
memory_region_allocate_system_memory() to get huge pages back.

This changes RAM size from (ram_limit - rma_alloc_size) to ram_limit as
the previous patch moved RMA memory region allocation after RAM allocation
and therefore this change does not have immediate effect but simplifies
the code.
Signed-off-by: NAlexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: NAlexander Graf <agraf@suse.de>

PPC970 does not support VRMA (virtual RMA) so real memory required
for SLOF to execute must be allocated by the KVM_ALLOCATE_RMA ioctl.
Later this memory is used as a part of the guest RAM area.
The RMA allocating code also registers a memory region for this piece
of RAM.

We are going to simplify memory regions layout: RMA memory region
will be a subregion in the RAM memory region, both starting from zero.
This way we will not have to take care of start address alignment for
the piece of RAM next to the RMA.

This moves memory region business closer to the RAM memory region
creation/allocation code.

As this is a mechanical patch, no change in behaviour is expected.
Signed-off-by: NAlexey Kardashevskiy <aik@ozlabs.ru>
[agraf: fix compilation on non-kvm systems]
Signed-off-by: NAlexander Graf <agraf@suse.de>

Commit 0b183fc8:"memory: move mem_path handling to
memory_region_allocate_system_memory" split memory_region_init_ram and
memory_region_init_ram_from_file. Also it moved mem-path handling a step
up from memory_region_init_ram to memory_region_allocate_system_memory.

Therefore for any board that uses memory_region_init_ram directly,
-mem-path is not supported.

Fix this by replacing memory_region_init_ram with
memory_region_allocate_system_memory.
Signed-off-by: NShreyas B. Prabhu <shreyas@linux.vnet.ibm.com>
Signed-off-by: NAlexander Graf <agraf@suse.de>

The number of threads per core is different for POWER6/7/8 CPUs.
Guest systems do not expect to see more threads per core than
a specific CPU supports so we need to limit this number.
This limit is implemented by ppc_get_compat_smt_threads().

However it has a problem as it checks for PCR (Processor Compatibility
Register) mask, 2.05 means 2 threads per core, 2.06 - 4 threads.
For POWER8 one would expect PCR_COMPAT_2_07 bit set and
ppc_get_compat_smt_threads() checking for it to return 8 threads
per core. But the latest PowerISA spec now is 2.07 and there is
no 2.07 compatibility mode defined, QEMU does not define it either
(will be in PowerISA 2.08).

Instead of relying on a PCR mask, this uses kvmppc_smt_threads()
which returns the maximum supported threads number for KVM or
1 for TCG.
Signed-off-by: NAlexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: NAlexander Graf <agraf@suse.de>

As reported by Laurent, which should use TARGET_SA_ONSTACK
on arm, microblaze and openrisc targets like we do on all
others. Practical matter is minimal as for almost all archs
SA_ONSTACK is 0x08000000:

http://lxr.free-electrons.com/ident?i=SA_ONSTACKReported-by: NLaurent Desnogues <laurent.desnogues@gmail.com>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

Block pull request

# gpg: Signature made Tue 15 Jul 2014 14:49:01 BST using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"

* remotes/stefanha/tags/block-pull-request:
  virtio-blk: dataplane: notify guest as a batch
  virtio-blk: data-plane: fix save/set .complete_request in start
  linux-aio: Fix laio resource leak
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

Now requests are submitted as a batch, so it is natural
to notify guest as a batch too.

This may suppress interrupt notification to VM a lot:

        - in my test, decreased by ~13K/sec
Signed-off-by: NMing Lei <ming.lei@canonical.com>
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>

The callback has to be saved and reset in virtio_blk_data_plane_start(),
otherwise dataplane's requests will be completed in qemu aio context.
Reviewed-by: NFam Zheng <famz@redhat.com>
Signed-off-by: NMing Lei <ming.lei@canonical.com>
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>

when hotplug virtio-scsi disks using laio, the aio_nr will
increase in laio_init() by io_setup(), we can see the number by
  # cat /proc/sys/fs/aio-nr
  128
if the aio_nr attach the maxnum, which found from
  # cat /proc/sys/fs/aio-max-nr
  65536
the hotplug process will fail because of aio context leak.

Fix it by io_destroy in laio_cleanup().
Reported-by: Ndaifulai <daifulai@huawei.com>
Signed-off-by: NGonglei <arei.gonglei@huawei.com>
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>

target_to_host_sockaddr() may increase the lenth with 1 byte
for AF_UNIX sockets so allocate 1 extra byte.
Signed-off-by: NJoakim Tjernlund <Joakim.Tjernlund@transmode.se>
Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

Implement conversion of the AF_PACKET sockaddr subtype
in target_to_host_sockaddr.
Signed-off-by: NJoakim Tjernlund <Joakim.Tjernlund@transmode.se>
Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

Signed-off-by: NJoakim Tjernlund <Joakim.Tjernlund@transmode.se>
Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

Wrong type was used in ioctl definition.
Signed-off-by: NJoakim Tjernlund <Joakim.Tjernlund@transmode.se>
Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

The libqos implementation of io_read{b,w,l} and io_write{b,w,l} hooks
was relying on qtest_mem{read,write}() respectively. With d81d4106 (usb:
improve ehci/uhci test) this resulted in assertion failures on ppc hosts:

 ERROR:tests/usb-hcd-ehci-test.c:78:ehci_port_test: assertion failed: ((value & mask) == (expect & mask))

 ERROR:tests/usb-hcd-ehci-test.c:128:pci_uhci_port_2: assertion failed: (pcibus != NULL)

 ERROR:tests/usb-hcd-ehci-test.c:150:pci_ehci_port_2: assertion failed: (pcibus != NULL)

qtest_read{b,w,l,q}() and qtest_write{b,w,l,q}() had been introduced
as endian-safe replacement for qtest_mem{read,write}() in I2C in
872536bf (qtest: Add MMIO support). Use them for PCI as well.

Cc: Anthony Liguori <aliguori@amazon.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Fixes: c4efe1ca qtest: add libqos including PCI support
Fixes: d81d4106 usb: improve ehci/uhci test
Signed-off-by: NAndreas Färber <afaerber@suse.de>
Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

Misc 2.1 fixes regarding character/serial devices and SCSI.

# gpg: Signature made Mon 14 Jul 2014 16:26:08 BST using RSA key ID 9B4D86F2
# gpg: Can't check signature: public key not found

* remotes/bonzini/tags/for-upstream:
  serial-pci: remove memory regions from BAR before destroying them
  virtio-scsi: fix with -M pc-i440fx-2.0
  serial: change retry logic to avoid concurrency
  qemu-char: fix deadlock with "-monitor pty"
  scsi: Report error when lun number is in use
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

Otherwise, hot-unplug of pci-serial-2x trips the assertion
in memory_region_destroy:

    (qemu) device_del gg
    (qemu) qemu-system-x86_64: /work/armbru/tmp/qemu/memory.c:1021: memory_region_destroy: Assertion `((&mr->subregions)->tqh_first == ((void *)0))' failed.
    Aborted (core dumped)
Reported-by: NMarkus Armbruster <armbru@redhat.com>
Reviewed-by: NMarkus Armbruster <armbru@redhat.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Right now starting a machine with virtio-scsi and a <= 2.0 machine type
fails with:

    qemu-system-x86_64: -device virtio-scsi-pci: Property .any_layout not found

This is because the any_layout bit was actually never set after
virtio-scsi was changed to support arbitrary layout for virtio buffers.

(This was just a cleanup and a preparation for virtio 1.0; no guest
actually checks the bit, but the new request parsing algorithms are
tested even with old guest).
Reported-by: NDavid Gilbert <dgilbert@redhat.com>
Reviewed-by: NDavid Gilbert <dgilbert@redhat.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Whenever serial_xmit fails to transmit a byte it adds a watch that would
call it again when the "line" becomes ready. This results in a retry
chain:
  serial_xmit -> add_watch -> serial_xmit
Each chain is able to transmit one character, and for every character
passed to serial by the guest driver a new chain is spawned.

The problem lays with the fact that a new chain is spawned even when
there is one already waiting on the watch. So there can be several retry
chains waiting concurrently on one "line". Every chain tries to transmit
current character, so character order is not messed up. But also every
chain increases retry counter (tsr_retry). If there are enough
concurrent chains this counter will hit MAX_XMIT_RETRY value and
the character will be dropped.

To reproduce this bug you need to feed serial output to some program
consuming it slowly enough. A python script from bug #1335444
description is an example of such program.

This commit changes retry logic in the following way to avoid
concurrency: instead of spawning a new chain for each character being
transmitted spawn only one and make it transmit characters until FIFO is
empty.

The change consists of two parts:
 - add a do {} while () loop in serial_xmit (diff is a bit erratic
   for this part, diff -w will show actual change),
 - do not call serial_xmit from serial_ioport_write if there is one
   waiting on the watch already.

This should fix another issue causing bug #1335444.
Signed-off-by: NKirill Batuzov <batuzovk@ispras.ru>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

qemu_chr_be_generic_open cannot be called with the write lock taken,
because it calls client code that may call qemu_chr_fe_write.  This
actually happens for the monitor:

    0x00007ffff27dbf79 in __GI_raise (sig=sig@entry=6)
    0x00007ffff27df388 in __GI_abort ()
    0x00005555555ef489 in error_exit (err=<optimized out>, msg=msg@entry=0x5555559796d0 <__func__.5959> "qemu_mutex_lock")
    0x00005555558f9080 in qemu_mutex_lock (mutex=mutex@entry=0x555556248a30)
    0x0000555555713936 in qemu_chr_fe_write (s=0x555556248a30, buf=buf@entry=0x5555563d8870 "QEMU 2.0.90 monitor - type 'help' for more information\r\n", len=56)
    0x00005555556217fd in monitor_flush_locked (mon=mon@entry=0x555556251fd0)
    0x0000555555621a12 in monitor_flush_locked (mon=0x555556251fd0)
    monitor_puts (mon=mon@entry=0x555556251fd0, str=0x55555634bfa7 "", str@entry=0x55555634bf70 "QEMU 2.0.90 monitor - type 'help' for more information\n")
    0x0000555555624359 in monitor_vprintf (mon=0x555556251fd0, fmt=<optimized out>, ap=<optimized out>)
    0x0000555555624414 in monitor_printf (mon=<optimized out>, fmt=fmt@entry=0x5555559105a0 "QEMU %s monitor - type 'help' for more information\n")
    0x0000555555629806 in monitor_event (opaque=0x555556251fd0, event=<optimized out>)
    0x000055555571343c in qemu_chr_be_generic_open (s=0x555556248a30)

To avoid this, defer the call to an idle callback, which will be
called as soon as the main loop is re-entered.  In order to simplify
the cleanup and do it in one place only, change pty_chr_close to
call pty_chr_state.

To reproduce, run with "-monitor pty", then try to read from the
slave /dev/pts/FOO that it creates.

Fixes: 9005b2a7Reported-by: NLi Liang <liangx.z.li@intel.com>
Reviewed-by: NFam Zheng <famz@redhat.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>