1. 10 12月, 2014 15 次提交
  2. 09 12月, 2014 1 次提交
  3. 04 12月, 2014 2 次提交
  4. 01 12月, 2014 4 次提交
  5. 28 11月, 2014 2 次提交
    • D
      Fix for crash after migration in virtio-rng on bi-endian targets · db12451d
      David Gibson 提交于
      VirtIO devices now remember which endianness they're operating in in order
      to support targets which may have guests of either endianness, such as
      powerpc.  This endianness state is transferred in a subsection of the
      virtio device's information.
      
      With virtio-rng this can lead to an abort after a loadvm hitting the
      assert() in virtio_is_big_endian().  This can be reproduced by doing a
      migrate and load from file on a bi-endian target with a virtio-rng device.
      The actual guest state isn't particularly important to triggering this.
      
      The cause is that virtio_rng_load_device() calls virtio_rng_process() which
      accesses the ring and thus needs the endianness.  However,
      virtio_rng_process() is called via virtio_load() before it loads the
      subsections.  Essentially the ->load callback in VirtioDeviceClass should
      only be used for actually reading the device state from the stream, not for
      post-load re-initialization.
      
      This patch fixes the bug by moving the virtio_rng_process() after the call
      to virtio_load().  Better yet would be to convert virtio to use vmsd and
      have the virtio_rng_process() as a post_load callback, but that's a bigger
      project for another day.
      
      This is bugfix, and should be considered for the 2.2 branch.
      Signed-off-by: NDavid Gibson <david@gibson.dropbear.id.au>
      Reviewed-by: NGreg Kurz <gkurz@linux.vnet.ibm.com>
      Message-id: 1417067290-20715-1-git-send-email-david@gibson.dropbear.id.au
      Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
      db12451d
    • J
      virtio-net: fix unmap leak · 771b6ed3
      Jason Wang 提交于
      virtio_net_handle_ctrl() and other functions that process control vq
      request call iov_discard_front() which will shorten the iov. This will
      lead unmapping in virtqueue_push() leaks mapping.
      
      Fixes this by keeping the original iov untouched and using a temp variable
      in those functions.
      
      Cc: Wen Congyang <wency@cn.fujitsu.com>
      Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
      Cc: qemu-stable@nongnu.org
      Signed-off-by: NJason Wang <jasowang@redhat.com>
      Reviewed-by: NStefano Stabellini <stefano.stabellini@eu.citrix.com>
      Reviewed-by: NFam Zheng <famz@redhat.com>
      Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
      Message-id: 1417082643-23907-1-git-send-email-jasowang@redhat.com
      Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
      771b6ed3
  6. 27 11月, 2014 2 次提交
    • M
      hmp: fix regression of HMP device_del auto-completion · 4cae4d5a
      Marcel Apfelbaum 提交于
      The commits:
       - 6a1fa9f5 (monitor: add del completion for peripheral device)
       - 66e56b13 (qdev: add qdev_build_hotpluggable_device_list helper)
      
      cause a QEMU crash when trying to use HMP device_del auto-completion.
      It can be easily reproduced by:
          <qemu-bin> -enable-kvm  ~/images/fedora.qcow2 -monitor stdio -device virtio-net-pci,id=vnet
      
          (qemu) device_del
          /home/mapfelba/git/upstream/qemu/hw/core/qdev.c:941:qdev_build_hotpluggable_device_list: Object 0x7f6ce04e4fe0 is not an instance of type device
          Aborted (core dumped)
      
      The root cause is qdev_build_hotpluggable_device_list going recursively over
      all peripherals and their children assuming all are devices. It doesn't work
      since PCI devices have at least on child which is a memory region (bus master).
      
      Solved by observing that all devices appear as direct children of
      /machine/peripheral container. No need of going recursively
      over all the children.
      Signed-off-by: NMarcel Apfelbaum <marcel.a@redhat.com>
      Reported-by: NGal Hammer <ghammer@redhat.com>
      Reviewed-by: NIgor Mammedov <imammedo@redhat.com>
      Message-id: 1417002601-20799-1-git-send-email-marcel.a@redhat.com
      Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
      4cae4d5a
    • P
      qemu-timer: Avoid overflows when converting timeout to struct timespec · 490309fc
      Peter Maydell 提交于
      In qemu_poll_ns(), when we convert an int64_t nanosecond timeout into
      a struct timespec, we may accidentally run into overflow problems if
      the timeout is very long. This happens because the tv_sec field is a
      time_t, which is signed, so we might end up setting it to a negative
      value by mistake. This will result in what was intended to be a
      near-infinite timeout turning into an instantaneous timeout, and we'll
      busy loop. Cap the maximum timeout at INT32_MAX seconds (about 68 years)
      to avoid this problem.
      
      This specifically manifested on ARM hosts as an extreme slowdown on
      guest shutdown (when the guest reprogrammed the PL031 RTC to not
      generate alarms using a very long timeout) but could happen on other
      hosts and guests too.
      Reported-by: NChristoffer Dall <christoffer.dall@linaro.org>
      Cc: qemu-stable@nongnu.org
      Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
      Reviewed-by: NFam Zheng <famz@redhat.com>
      Message-id: 1416939705-1272-1-git-send-email-peter.maydell@linaro.org
      490309fc
  7. 26 11月, 2014 6 次提交
  8. 25 11月, 2014 8 次提交
    • P
      Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging · ca602818
      Peter Maydell 提交于
      pc, pci, misc bugfixes
      
      A bunch of bugfixes for 2.2.
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      
      # gpg: Signature made Mon 24 Nov 2014 18:59:47 GMT using RSA key ID D28D5469
      # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
      # gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"
      
      * remotes/mst/tags/for_upstream:
        pc: acpi: mark all possible CPUs as enabled in SRAT
        pcie: fix improper use of negative value
        pcie: fix typo in pcie_cap_deverr_init()
        target-i386: move generic memory hotplug methods to DSDTs
        acpi-build: mark RAM dirty on table update
        hw/pci: fix crash on shpc error flow
        pc: count in 1Gb hugepage alignment when sizing hotplug-memory container
        pc: explicitly check maxmem limit when adding DIMM
        pc: pc-dimm: use backend alignment during address auto allocation
        pc: align DIMM's address/size by backend's alignment value
        memory: expose alignment used for allocating RAM as MemoryRegion API
        pc: limit DIMM address and size to page aligned values
        pc: make pc_dimm_plug() more readble
        pc: kvm: check if KVM has free memory slots to avoid abort()
        qemu-char: fix tcp_get_fds
      Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
      ca602818
    • I
      pc: acpi: mark all possible CPUs as enabled in SRAT · dd0247e0
      Igor Mammedov 提交于
      If QEMU is started with  -numa ... Windows only notices that
      CPU has been hot-added but it will not online such CPUs.
      
      It's caused by the fact that possible CPUs are flagged as
      not enabled in SRAT and Windows honoring that information
      doesn't use corresponding CPU.
      
      ACPI 5.0 Spec regarding to flag says:
      "
      Table 5-47 Local APIC Flags
      ...
      Enabled: if zero, this processor is unusable, and the operating system
      support will not attempt to use it.
      "
      
      Fix QEMU to adhere to spec and mark possible CPUs as enabled
      in SRAT.
      
      With that Windows onlines hot-added CPUs as expected.
      Signed-off-by: NIgor Mammedov <imammedo@redhat.com>
      Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      dd0247e0
    • G
      pcie: fix improper use of negative value · 6c150fbd
      Gonglei 提交于
      Signed-off-by: NGonglei <arei.gonglei@huawei.com>
      Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      6c150fbd
    • G
    • P
      target-i386: move generic memory hotplug methods to DSDTs · 4f99ab7a
      Paolo Bonzini 提交于
      This makes it simpler to keep the SSDT byte-for-byte identical for a
      given machine type, which is a goal we want to have for 2.2 and newer
      types.
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      4f99ab7a
    • M
      acpi-build: mark RAM dirty on table update · ad5b88b1
      Michael S. Tsirkin 提交于
      acpi build modifies internal FW CFG RAM on first access
      but we forgot to mark it dirty.
      If this RAM has been migrated already, it won't be
      migrated again, returning corrupted tables to guest.
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      ad5b88b1
    • M
      hw/pci: fix crash on shpc error flow · 109e90e4
      Marcel Apfelbaum 提交于
      If the pci bridge enters in error flow as part
      of init process it will only delete the shpc mmio
      subregion but not remove it from the properties list,
      resulting in segmentation fault when the bridge runs
      the exit function.
      
      Example: add a pci bridge without specifing the chassis number:
          <qemu-bin> ... -device pci-bridge,id=p1
      Result:
          (qemu) qemu-system-x86_64: -device pci-bridge,id=p1: Bridge chassis not specified. Each bridge is required to be assigned a unique chassis id > 0.
          qemu-system-x86_64: -device pci-bridge,id=p1: Device
          initialization failed.
          Segmentation fault (core dumped)
      
          if (child->class->unparent) {
          #0  0x00005555558d629b in object_finalize_child_property (obj=0x555556d2e830, name=0x555556d30630 "shpc-mmio[0]", opaque=0x555556a42fc8) at qom/object.c:1078
          #1  0x00005555558d4b1f in object_property_del_all (obj=0x555556d2e830) at qom/object.c:367
          #2  0x00005555558d4ca1 in object_finalize (data=0x555556d2e830) at qom/object.c:412
          #3  0x00005555558d55a1 in object_unref (obj=0x555556d2e830) at qom/object.c:720
          #4  0x000055555572c907 in qdev_device_add (opts=0x5555563544f0) at qdev-monitor.c:566
          #5  0x0000555555744f16 in device_init_func (opts=0x5555563544f0, opaque=0x0) at vl.c:2213
          #6  0x00005555559cf5f0 in qemu_opts_foreach (list=0x555555e0f8e0 <qemu_device_opts>, func=0x555555744efa <device_init_func>, opaque=0x0, abort_on_failure=1) at util/qemu-option.c:1057
          #7  0x000055555574a11b in main (argc=16, argv=0x7fffffffdde8, envp=0x7fffffffde70) at vl.c:423
      
      Unparent the shpc mmio region as part of shpc cleanup.
      Signed-off-by: NMarcel Apfelbaum <marcel.a@redhat.com>
      Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      Reviewed-by: NAmos Kong <akong@redhat.com>
      109e90e4
    • I
      pc: count in 1Gb hugepage alignment when sizing hotplug-memory container · 085f8e88
      Igor Mammedov 提交于
      if DIMMs with different size/alignment are interleaved
      in creation order, it could lead to hotplug-memory
      container fragmentation and following inability to use
      all RAM upto maxmem.
      For example:
          -m 4G,slots=3,maxmem=7G
          -object memory-backend-file,id=mem-1,size=256M,mem-path=/pagesize-2MB
          -device pc-dimm,id=mem1,memdev=mem-1
          -object memory-backend-file,id=mem-2,size=1G,mem-path=/pagesize-1GB
          -device pc-dimm,id=mem2,memdev=mem-2
          -object memory-backend-file,id=mem-3,size=256M,mem-path=/pagesize-2MB
          -device pc-dimm,id=mem3,memdev=mem-3
      
      fragments hotplug-memory container and doesn't allow
      to use 1GB hugepage backend to consume remainig 1Gb.
      
      To ease managment factor count in max 1Gb alignment for
      each memory slot when sizing hotplug-memory region so
      that regadless of fragmentaion it would be possible to
      add max aligned DIMM.
      Signed-off-by: NIgor Mammedov <imammedo@redhat.com>
      Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      085f8e88