POSIX mandates[1] that a child process of a multi-thread program uses
only async-signal-safe functions before exec(). We consider qemu-ga
to be multi-thread, because it uses glib.

However, qmp_guest_shutdown() uses functions that are not
async-signal-safe. Fix it the following way:

- fclose() -> reopen_fd_to_null()
- execl() -> execle()
- exit() -> _exit()
- drop slog() usage (which is not safe)

  [1] http://pubs.opengroup.org/onlinepubs/009695399/functions/fork.htmlSigned-off-by: NLuiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: NEric Blake <eblake@redhat.com>
Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>

Last commit dropped qemu-ga's SIGCHLD handler, used to automatically
reap terminated children processes. This introduced a bug to
qmp_guest_shutdown(): it will generate zombies.

This problem probably doesn't matter in the success case, as the VM
will shutdown anyway, but let's do the right thing and reap the
created process. This ultimately means that guest-shutdown is now a
synchronous command.

An interesting side effect is that guest-shutdown is now able to
report an error to the client if shutting down fails.
Signed-off-by: NLuiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: NEric Blake <eblake@redhat.com>
Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>

Currently, qemu-ga has a SIGCHLD handler that automatically reaps terminated
children processes. The idea is to avoid having qemu-ga commands blocked
waiting for children to terminate.

That approach has two problems:

 1. qemu-ga is unable to detect errors in the child, meaning that qemu-ga
    returns success even if the child fails to perform its task

 2. if a command does depend on the child exit status, the command has to
    play tricks to bypass the automatic reaper

Case 2 impacts the guest-suspend-* API, because it has to execute an external
program to check for suspend support. Today, to bypass the automatic reaper,
suspend code has to double fork and pass exit status information through a
pipe. Besides being complex, this is prone to race condition bugs. Indeed,
the current code does have such bugs.

Making the guest-suspend-* API synchronous (ie. by dropping the SIGCHLD
handler and calling waitpid() from commands) is a much simpler approach,
which fixes current race conditions bugs and enables commands to detect
errors in the child.

This commit does just that. There's a side effect though, guest-shutdown
will generate zombies if shutting down fails. This will be fixed by the
next commit.
Signed-off-by: NLuiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: NEric Blake <eblake@redhat.com>
Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>

This fixes a bug where qemu-ga doesn't suspend the guest because it
fails to detect suspend support even when the guest does support
suspend. This happens because of the way qemu-ga fds are managed in
daemon mode.

When starting qemu-ga with --daemon, become_daemon() will close all
standard fds. This will cause qemu-ga to end up with the following
fds (if started with 'qemu-ga --daemon'):

    0 -> /dev/vport0p1
    3 -> /run/qemu-ga.pid

Then a guest-suspend-* function is issued. They call bios_supports_mode(),
which will call pipe(), and qemu-ga's fd will be:

    0 -> /dev/vport0p1
    1 -> pipe:[16247]
    2 -> pipe:[16247]
    3 -> /run/qemu-ga.pid

bios_supports_mode() forks off a child and blocks waiting for the child
to write something to the pipe. The child, however, closes its reading
end of the pipe _and_ reopen all standard fds to /dev/null. This will
cause the child's fds to be:

    0 -> /dev/null
    1 -> /dev/null
    2 -> /dev/null
    3 -> /run/qemu-ga.pid

In other words, the child's writing end of the pipe is now /dev/null.
It writes there and exits. The parent process (blocked on read()) will
get an EOF and interpret this as "something unexpected happened in
the child, let's assume the guest doesn't support suspend". And suspend
will fail.

To solve this problem we have to reopen standard fds to /dev/null
in become_daemon(), instead of closing them.
Signed-off-by: NLuiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: NEric Blake <eblake@redhat.com>
Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>

The next commit wants to use it.
Signed-off-by: NLuiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: NEric Blake <eblake@redhat.com>
Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>

Today, qemu-ga may not be able to emit a success response when
guest-suspend-hybrid completes. This happens because the VM may
suspend before qemu-ga is able to emit a response.

This semantic is a bit confusing, as it's not clear for clients if
they should wait for a response or how they should check for success.

This commit solves that problem by changing guest-suspend-hybrid to
never emit a success response and suggests in the documentation
what clients should do to check for success.
Signed-off-by: NLuiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>

Today, qemu-ga may not be able to emit a success response when
guest-suspend-ram completes. This happens because the VM may
suspend before qemu-ga is able to emit a response.

This semantic is a bit confusing, as it's not clear for clients if
they should wait for a response or how they should check for success.

This commit solves that problem by changing guest-suspend-ram to
never emit a success response and suggests in the documentation
what clients should do to check for success.
Signed-off-by: NLuiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>

Today, qemu-ga may not be able to emit a success response when
guest-suspend-disk completes. This happens because the VM may
vanish before qemu-ga is able to emit a response.

This semantic is a bit confusing, as it's not clear for clients if
they should wait for a response or how they should check for success.

This commit solves that problem by changing guest-suspend-disk to
never emit a success response and suggests in the documentation
what clients could do to check for success.
Signed-off-by: NLuiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>

Today, qemu-ga may not be able to emit a success response when
guest-shutdown completes. This happens because the VM may vanish
before qemu-ga is able to emit a response.

This semantic is a bit confusing, as it's not clear for clients if
they should wait for a response or how they should check for success.

This commit solves that problem by changing guest-shutdown to never
emit a success response and suggests in the documentation what
clients could do to check for success.
Signed-off-by: NLuiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>

This is a valid condition when a command chooses to not emit a
success response.
Signed-off-by: NLuiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>

Options allow for changes in commands behavior. This commit introduces
the QCO_NO_SUCCESS_RESP option, which causes a command to not emit a
success response.

This is needed by commands such as qemu-ga's guest-shutdown, which
may not be able to complete before the VM vanishes. In this case, it's
useful and simpler not to bother sending a success response.
Signed-off-by: NLuiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>

Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

In qemu_ld/st load the registers for the helper calls directly rather
than rotating them around afterwards for AREG0.

Also clobber the additional register.
Signed-off-by: NAndreas F?rber <afaerber@suse.de>
Signed-off-by: Nmalc <av1474@comtv.ru>

Facilitates using r3 for prepended AREG0.
Signed-off-by: NAndreas F?rber <afaerber@suse.de>
Signed-off-by: Nmalc <av1474@comtv.ru>

* kwolf/for-anthony:
  qemu-img: Fix segmentation fault
  qcow2: Don't ignore failure to clear autoclear flags
  coroutine: Fix setup of sigaltstack coroutines

* qmp/queue/qmp:
  qapi: QMP input visitor, handle floats parsed as ints

* afaerber-or/qom-1.1:
  mips_fulong2e: Don't register "cpu" VMState twice
  pc: Add back PCI.rombar compat property
  qdev: Fix adding of ptr properties
  qdev: Use object_property_print() in info qtree
  target-i386: Defer MCE init
  qom: Documentation addition for object_class_by_name()
  target-mips: Remove commented-out function declaration

* kraxel/usb.50:
  usb-host: handle guest-issued clear halt

* spice/spice.v55:
  qxl: set size of PCI IO BAR correctly (16) for revision 2

* sweil/for-1.1:
  qemu-doc: Use QEMU instead of qemu for product name
  qemu-doc: Fix executable name in examples
  qemu-doc: Add missing parameter in description of -D option
  configure: Use QEMU instead of Qemu
  fix some common typos
  qemu-timer: Fix wrong error message

Since most property types do not have a parse property now, this was
broken.  Fix it by looking at the setter instead.
Reviewed-by: NAnthony Liguori <aliguori@us.ibm.com>
Acked-by: NAndreas F=E4rber <afaerber@suse.de>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

The following command generates a segmentation fault.
qemu-img convert -O vpc -o ? test test2
This is because the 'goto out;' statement calls qemu_progress_end
before qemu_progress_init is called resulting in a NULL pointer
invocation.
Signed-off-by: NCharles Arnold <carnold@suse.com>
Signed-off-by: NKevin Wolf <kwolf@redhat.com>

Signed-off-by: NKevin Wolf <kwolf@redhat.com>

Use pthread_kill instead of process-wide kill to invoke the signal
handler used for stack switching. This may fix spurious lock-ups with
this backend, easily triggerable by extending the time window between
kill and sigsuspend.
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NKevin Wolf <kwolf@redhat.com>

* origin/master:
  sun4u: implement interrupt clearing registers
  sun4u: initialize OBIO interrupt mappings
  fix block loads broken in commit 30038fd8
  Implement address masking for SPARC v9 CPUs
  vga: disable default VGA if appropriate -device is used
  cputlb: fix watchpoints handling

JSON numbers can be interpreted as either integers or floating point
values depending on their representation. As a result, QMP input visitor
might visit a QInt when it was expecting a QFloat, so add handling to
account for this.
Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: NLuiz Capitulino <lcapitulino@redhat.com>
Acked-by: NAndreas Färber <afaerber@suse.de>

Most important here is to update our internal endpoint state so we know
the endpoint isn't in halted state any more.  Without this usb-host
tries to clear halt again with the next data transfer submitted.  Doing
this twice is (a) not correct and (b) confuses some usb devices,
rendering them non-functional in the guest.
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Also move it up into switch(qxl->revision) block
Signed-off-by: NUri Lublin <uril@redhat.com>
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

When 'qemu' was used as a product name or as a generic process name,
it is now replaced by the official upper case 'QEMU'.

v2:
Added missing period (hint from Andreas Färber).
Reviewed-by: NAndreas Färber <afaerber@suse.de>
Signed-off-by: NStefan Weil <sw@weilnetz.de>

The executable name qemu was replaced some time ago by qemu-system-i386.
Fix all examples accordingly.

Some examples will only work with qemu-system-i386 or qemu-system-x86_64
for obvious reasons ("dos.img").

To keep things simple, I did not vary the executable name.
Place holders like qemu-system-TARGET were also only used once
in the enhanced description for QEMU launches using Wine.
Signed-off-by: NStefan Weil <sw@weilnetz.de>

'logfile' is a place holder for a non optional parameter.
Signed-off-by: NStefan Weil <sw@weilnetz.de>

This new 'Qemu' was recently added.
Replace it by the official all upper case 'QEMU'.
Reviewed-by: NAndreas Färber <afaerber@suse.de>
Signed-off-by: NStefan Weil <sw@weilnetz.de>

These were identified using: http://github.com/lyda/misspell-check
and run like this to create a bourne shell script using GNU sed's
-i option:

git ls-files|grep -vF .bin | misspellings -f - |grep -v '^ERROR:' |perl \
-pe 's/^(.*?)\[(\d+)\]: (\w+) -> "(.*?)"$/sed -i '\''${2}s!$3!$4!'\'' $1/'

Manually eliding the FP, "rela->real" and resolving "addres" to
address (not "adders") we get this:

  sed -i '450s!thru!through!' Changelog
  sed -i '260s!neccessary!necessary!' coroutine-sigaltstack.c
  sed -i '54s!miniscule!minuscule!' disas.c
  sed -i '1094s!thru!through!' hw/usb/hcd-ehci.c
  sed -i '1095s!thru!through!' hw/usb/hcd-ehci.c
  sed -i '21s!unecessary!unnecessary!' qapi-schema-guest.json
  sed -i '307s!explictly!explicitly!' qemu-ga.c
  sed -i '490s!preceeding!preceding!' qga/commands-posix.c
  sed -i '792s!addres!address!' qga/commands-posix.c
  sed -i '6s!beeing!being!' tests/tcg/test-mmap.c

Also, manually fix "arithmentic", spotted by Peter Maydell:

  sed -i 's!arithmentic!arithmetic!' coroutine-sigaltstack.c
Signed-off-by: NJim Meyering <meyering@redhat.com>
Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>

Function timeSetEvent returns 0 when it fails, but it does not set
an error code which can be retrieved by GetLastError.

Therefore calling GetLastError is useless.
Signed-off-by: NStefan Weil <sw@weilnetz.de>

We have the following simplified callgraph in mips_fulong2e_init():

  cpu_init() => cpu_mips_init()
    object_new()
      mips_cpu_initfn()
        cpu_exec_init()
          register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
                          cpu_save, cpu_load, env)
  register_savevm(NULL, "cpu", 0, 3, cpu_save, cpu_load, env)

CPU_SAVE_VERSION is defined as 3 in target-mips/cpu.h.
fulong2e instantiates one CPU, so its cpu_index is 0.
Thus the two are fully identical.

Therefore just remove the second call in fulong2e.
Signed-off-by: NJuan Quintela <quintela@redhat.com>
[AF: Extend explanation in commit message]
Signed-off-by: NAndreas Färber <afaerber@suse.de>

This was erroneously dropped in d6c73008
(pc: reduce duplication in compat machine types).
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NAndreas Färber <afaerber@suse.de>
Acked-by: NMichael S. Tsirkin <mst@redhat.com>

ptr properties have neither a get/set or a print/parse which means that when
they're added they aren't treated as static or legacy properties.

Just assume properties like this are legacy properties and treat them as such.
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NAndreas Färber <afaerber@suse.de>

Otherwise, non-string properties without a legacy counterpart are missed.
Also fix error propagation in object_property_print() itself.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Reviewed-by: NAnthony Liguori <aliguori@us.ibm.com>
Signed-off-by: NAndreas Färber <afaerber@suse.de>

Commit de024815 (target-i386: QOM'ify
CPU init) moved mce_init() call from helper.c:cpu_x86_init() into
X86CPU's cpu.c:x86_cpu_initfn().
mce_init() checks for a family >= 6 though, so we could end up with a
sequence such as for -cpu somecpu,family=6:

  x86_cpu_initfn => X86CPU::family == 5
    mce_init => no-op
  cpu_x86_register => X86CPU::family = 6
  => MCE unexpectedly not init'ed

or for -cpu someothercpu,family=5:

  x86_cpu_initfn => X86CPU::family == 6
    mce_init => init'ed
  cpu_x86_register => X86CPU::family = 5
  => MCE unexpectedly init'ed

Therefore partially revert the above commit. To avoid moving
mce_init() back into helper.c, foresightedly move it into a
new x86_cpu_realize() function and, in lack of ObjectClass::realize,
call it directly from cpu_x86_init().

While at it, move the qemu_init_vcpu() call that used to follow
mce_init() in cpu_x86_init() into the new realizefn as well.
Reported-by: NIgor Mammedov <imammedo@redhat.com>
Signed-off-by: NAndreas Färber <afaerber@suse.de>
Reviewed-by: NIgor Mammedov <imammedo@redhat.com>

Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
[AF: Document the possible NULL return value]
Signed-off-by: NAndreas Färber <afaerber@suse.de>