1. 06 12月, 2016 5 次提交
    • M
      qapi: fix schema symbol sections · 49687ace
      Marc-André Lureau 提交于
      According to docs/qapi-code-gen.txt, there needs to be '##' to start a
      and end a symbol section, that's also what the documentation parser
      expects.
      Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
      Reviewed-by: NEric Blake <eblake@redhat.com>
      Message-Id: <20161117155504.21843-5-marcandre.lureau@redhat.com>
      Reviewed-by: NMarkus Armbruster <armbru@redhat.com>
      Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
      49687ace
    • M
      qga/schema: fix double-return in doc · 95cd8fd9
      Marc-André Lureau 提交于
      guest-get-memory-block-info documentation should have only one
      "Returns:".
      Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
      Reviewed-by: NEric Blake <eblake@redhat.com>
      Message-Id: <20161117155504.21843-3-marcandre.lureau@redhat.com>
      Reviewed-by: NMarkus Armbruster <armbru@redhat.com>
      Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
      95cd8fd9
    • E
      tests: Avoid qobject_from_jsonf("%"PRId64) · 29a6731a
      Eric Blake 提交于
      The qobject_from_jsonf() function implements a pseudo-printf
      language for creating a QObject; however, it is hard-coded to
      only parse a subset of formats understood by -Wformat, and is
      not a straight synonym to bare printf().  In particular, any
      use of an int64_t integer works only if the system's
      definition of PRId64 matches what the parser expects; which
      works on glibc (%lld or %ld depending on 32- vs. 64-bit) and
      mingw (%I64d), but not on Mac OS (%qd).  Rather than enhance
      the parser, it is just as easy to force the use of int (where
      the value is small enough) or long long instead of int64_t,
      which we know always works.
      
      This should cover all remaining testsuite uses of
      qobject_from_json[fv]() that were trying to rely on PRId64,
      although my proof for that was done by adding in asserts and
      checking that 'make check' still passed, where such asserts
      are inappropriate during hard freeze.  A later series in 2.9
      may remove all dynamic JSON parsing, but that's a bigger task.
      
      Reported by: G 3 <programmingkidx@gmail.com>
      Signed-off-by: NEric Blake <eblake@redhat.com>
      Message-Id: <1479922617-4400-4-git-send-email-eblake@redhat.com>
      Reviewed-by: NMarkus Armbruster <armbru@redhat.com>
      [Rename value64 to value_ll]
      Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
      29a6731a
    • E
      test-qga: Avoid qobject_from_jsonv("%"PRId64) · 1792d7d0
      Eric Blake 提交于
      The qobject_from_jsonv() function implements a pseudo-printf
      language for creating a QObject; however, it is hard-coded to
      only parse a subset of formats understood by -Wformat, and is
      not a straight synonym to bare printf().  In particular, any
      use of an int64_t integer works only if the system's
      definition of PRId64 matches what the parser expects; which
      works on glibc (%lld or %ld depending on 32- vs. 64-bit) and
      mingw (%I64d), but not on Mac OS (%qd).  Rather than enhance
      the parser, it is just as easy to use normal printf() for
      this particular conversion, matching what is done elsewhere
      in this file [1], which is safe in this instance because the
      format does not contain any of the problematic differences
      (bare '%' or the '%s' format).
      
      The use of PRId64 for a variable named 'pid' is gross, but it
      is a sad reality of the 64-bit mingw environment, which
      mistakenly defines pid_t as a 64-bit type even though getpid()
      returns 'int' on that platform [2].  Our definition of the
      QGA GuestExec type defines 'pid' as a 64-bit entity, and we
      can't tighten it to 'int32' unless the mingw header is fixed.
      Using 'long long' instead of 'int64_t' just so that we can
      stick with qobject_from_jsonv("%lld") instead of printf() is
      not any prettier, since we may have later type churn anyways.
      
      [1] see 'git grep -A2 strdup_printf tests/test-qga.c'
      [2] https://bugzilla.redhat.com/show_bug.cgi?id=1397787
      
      Reported by: G 3 <programmingkidx@gmail.com>
      Signed-off-by: NEric Blake <eblake@redhat.com>
      Message-Id: <1479922617-4400-3-git-send-email-eblake@redhat.com>
      Reviewed-by: NMarkus Armbruster <armbru@redhat.com>
      Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
      1792d7d0
    • E
      qmp-event: Avoid qobject_from_jsonf("%"PRId64) · 043b5a49
      Eric Blake 提交于
      The qobject_from_jsonf() function implements a pseudo-printf
      language for creating a QObject; however, it is hard-coded to
      only parse a subset of formats understood by -Wformat, and is
      not a straight synonym to bare printf().  In particular, any
      use of an int64_t integer works only if the system's
      definition of PRId64 matches what the parser expects; which
      works on glibc (%lld or %ld depending on 32- vs. 64-bit) and
      mingw (%I64d), but not on Mac OS (%qd).  Rather than enhance
      the parser, it is just as easy to use 'long long', which we
      know always works.  There are few enough callers of
      qobject_from_json[fv]() that it is easy to audit that this is
      the only non-testsuite caller that was actually relying on
      this particular conversion.
      
      Reported by: G 3 <programmingkidx@gmail.com>
      Signed-off-by: NEric Blake <eblake@redhat.com>
      Message-Id: <1479922617-4400-2-git-send-email-eblake@redhat.com>
      Reviewed-by: NMarkus Armbruster <armbru@redhat.com>
      [Cast tv.tv_sec, tv.tv_usec to long long for type correctness]
      Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
      043b5a49
  2. 01 12月, 2016 3 次提交
    • S
      Merge remote-tracking branch 'dgibson/tags/ppc-for-2.8-20161201' into staging · bd8ef506
      Stefan Hajnoczi 提交于
      ppc patch queue 2016-12-01
      
      Just a single migration / hotplug fix in this set.  I believe it's
      important enough to go in this late in the 2.8 release process.
      
      # gpg: Signature made Thu 01 Dec 2016 04:43:49 AM GMT
      # gpg:                using RSA key 0x6C38CACA20D9B392
      # gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>"
      # gpg:                 aka "David Gibson (kernel.org) <dwg@kernel.org>"
      # gpg:                 aka "David Gibson (Red Hat) <dgibson@redhat.com>"
      # gpg:                 aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>"
      # Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 B392
      
      * dgibson/tags/ppc-for-2.8-20161201:
        spapr: fix default DRC state for coldplugged LMBs
      
      Message-id: 20161201044441.14365-1-david@gibson.dropbear.id.au
      Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
      bd8ef506
    • S
      Merge remote-tracking branch 'mst/tags/for_upstream' into staging · 2cfe5d7b
      Stefan Hajnoczi 提交于
      virtio, vhost, pc: fixes
      
      Minor fixes since 2.8.0-rc2.
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      
      # gpg: Signature made Wed 30 Nov 2016 02:25:12 AM GMT
      # gpg:                using RSA key 0x281F0DB8D28D5469
      # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
      # gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"
      # Primary key fingerprint: 0270 606B 6F3C DF3D 0B17  0970 C350 3912 AFBE 8E67
      #      Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA  8A0D 281F 0DB8 D28D 5469
      
      * mst/tags/for_upstream:
        virtio-crypto: fix uninitialized variables
        loader: fix undefined behavior in rom_order_compare()
        loader: fix handling of custom address spaces when adding ROM blobs
        intel_iommu: fix incorrect device invalidate
        spec/vhost-user: fix the VHOST_USER prefix
      
      Message-id: 1480564455-23933-1-git-send-email-mst@redhat.com
      Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
      2cfe5d7b
    • M
      spapr: fix default DRC state for coldplugged LMBs · 5c0139a8
      Michael Roth 提交于
      Currently we set the initial isolation/allocation state for DRCs
      associated with coldplugged LMBs to ISOLATED/UNUSABLE,
      respectively, under the assumption that the guest will move this
      state to UNISOLATED/USABLE.
      
      In fact, this is only the case for LMBs added via hotplug. For
      coldplugged LMBs, the guest actually assumes the initial state to
      be UNISOLATED/USABLE.
      
      In practice, this only becomes an issue when we attempt to unplug
      one of these LMBs, where the guest kernel will issue an
      rtas-get-sensor-state call to check that the corresponding DRC is
      in an USABLE state before it will release the LMB back to
      QEMU. If the returned state is otherwise, the guest will assume no
      further action is needed, which bypasses the QEMU-side cleanup that
      occurs during the USABLE->UNUSABLE transition. This results in
      LMBs and their corresponding pc-dimm devices to stick around
      indefinitely.
      
      This patch fixes the issue by manually setting DRCs associated with
      cold-plugged LMBs to UNISOLATED/ALLOCATED, but leaving the hotplug
      state untouched. As it turns out, this is analogous to the handling
      for cold-plugged CPUs in spapr_core_plug().
      
      Cc: qemu-ppc@nongnu.org
      Cc: David Gibson <david@gibson.dropbear.id.au>
      Cc: Bharata B Rao <bharata@linux.vnet.ibm.com>
      Cc: Greg Kurz <gkurz@linux.vnet.ibm.com>
      Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
      Signed-off-by: NDavid Gibson <david@gibson.dropbear.id.au>
      5c0139a8
  3. 30 11月, 2016 8 次提交
    • G
      virtio-crypto: fix uninitialized variables · 9730280d
      Gonglei 提交于
      Though crypto_cfg.reserve is an unused field, let me
      initialize the structure in order to make coverity happy.
      
      *** CID 1365923:  Uninitialized variables  (UNINIT)
      /hw/virtio/virtio-crypto.c: 851 in virtio_crypto_get_config()
      845         stl_le_p(&crypto_cfg.mac_algo_h, c->conf.mac_algo_h);
      846         stl_le_p(&crypto_cfg.aead_algo, c->conf.aead_algo);
      847         stl_le_p(&crypto_cfg.max_cipher_key_len, c->conf.max_cipher_key_len);
      848         stl_le_p(&crypto_cfg.max_auth_key_len, c->conf.max_auth_key_len);
      849         stq_le_p(&crypto_cfg.max_size, c->conf.max_size);
      850
      >>>     CID 1365923:  Uninitialized variables  (UNINIT)
      >>>     Using uninitialized value "crypto_cfg". Field "crypto_cfg.reserve"
             is uninitialized when calling "memcpy".
            [Note: The source code implementation of the function
             has been overridden by a builtin model.]
      851         memcpy(config, &crypto_cfg, c->config_size);
      852     }
      853
      Rported-by: NMarkus Armbruster <armbru@redhat.com>
      Signed-off-by: NGonglei <arei.gonglei@huawei.com>
      Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      9730280d
    • L
      loader: fix undefined behavior in rom_order_compare() · 1b57bd4f
      Laszlo Ersek 提交于
      According to ISO C99 / N1256 (referenced in HACKING):
      
      > 6.5.8 Relational operators
      >
      > 4 For the purposes of these operators, a pointer to an object that is
      >   not an element of an array behaves the same as a pointer to the first
      >   element of an array of length one with the type of the object as its
      >   element type.
      >
      > 5 When two pointers are compared, the result depends on the relative
      >   locations in the address space of the objects pointed to. If two
      >   pointers to object or incomplete types both point to the same object,
      >   or both point one past the last element of the same array object, they
      >   compare equal. If the objects pointed to are members of the same
      >   aggregate object, pointers to structure members declared later compare
      >   greater than pointers to members declared earlier in the structure,
      >   and pointers to array elements with larger subscript values compare
      >   greater than pointers to elements of the same array with lower
      >   subscript values. All pointers to members of the same union object
      >   compare equal. If the expression /P/ points to an element of an array
      >   object and the expression /Q/ points to the last element of the same
      >   array object, the pointer expression /Q+1/ compares greater than /P/.
      >   In all other cases, the behavior is undefined.
      
      Our AddressSpace objects are allocated generally individually, and kept in
      the "address_spaces" linked list, so we mustn't compare their addresses
      with relops.
      
      Convert the pointers subjected to the relop in rom_order_compare() to
      "uintptr_t":
      
      > 7.18.1.4 Integer types capable of holding object pointers
      >
      > 1 [...]
      >
      >   The following type designates an unsigned integer type with the
      >   property that any valid pointer to void can be converted to this type,
      >   then converted back to pointer to void, and the result will compare
      >   equal to the original pointer:
      >
      >   /uintptr_t/
      >
      >   These types are optional.
      
      Cc: "Michael S. Tsirkin" <mst@redhat.com>
      Cc: Alistair Francis <alistair.francis@xilinx.com>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: Peter Maydell <peter.maydell@linaro.org>
      Cc: qemu-devel@nongnu.org
      Fixes: 3e76099aSigned-off-by: NLaszlo Ersek <lersek@redhat.com>
      Reviewed-by: NAlistair Francis <alistair.francis@xilinx.com>
      Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      1b57bd4f
    • L
      loader: fix handling of custom address spaces when adding ROM blobs · aa6c6ae8
      Laszlo Ersek 提交于
      * Commit 3e76099a ("loader: Allow a custom AddressSpace when loading
        ROMs") introduced the "Rom.as" field:
      
        (1) It modified the utility callers of rom_insert() to take "as" as a
            new parameter from *their* callers, and set "rom->as" from that
            parameter. The functions covered were rom_add_file() and
            rom_add_elf_program().
      
        (2) It also modified rom_insert() itself, to auto-assign
            "&address_space_memory", in case the external caller passed -- and
            the utility caller forwarded -- as=NULL.
      
        Except, commit 3e76099a forgot to update the third utility caller of
        rom_insert(), under point (1), namely rom_add_blob().
      
      * Later, commit 5e774eb3 ("loader: Add AddressSpace loading support
        to uImages") added the load_uimage_as() function, and the
        rom_add_blob_fixed_as() function-like macro, with the necessary changes
        elsewhere to propagate the new "as" parameter to rom_add_blob():
      
          load_uimage_as()
            load_uboot_image()
              rom_add_blob_fixed_as()
                rom_add_blob()
      
        At this point, the signature (and workings) of rom_add_blob() had been
        broken already, and the rom_add_blob_fixed_as() macro passed its "_as"
        parameter to rom_add_blob() as "callback_opaque". Given that the
        "fw_callback" parameter itself was set to NULL (correctly), this did no
        additional damage (the opaque arg would never be used), but ultimately
        it broke the new functionality of load_uimage_as().
      
      * The load_uimage_as() function would be put to use in one of the later
        patches, commit e481a1f6 ("generic-loader: Add a generic loader").
      
      * We can fix this only in a unified patch now. Append "AddressSpace *as"
        to the signature of rom_add_blob(), and handle the new parameter. Pass
        NULL from all current callers, except from rom_add_blob_fixed_as(),
        where "_as" has to be bumped to the proper position.
      
      * Note that rom_add_file() rejects the case when both "mr" and "as" are
        passed in as non-NULL. The action that this is apparently supposed to
        prevent is the
      
          rom->mr = mr;
      
        assignment (that's the only place where the "mr" parameter is used in
        rom_add_file()). In rom_add_blob() though, we have no "mr" parameter,
        and the actions done on the fw_cfg branch:
      
          if (fw_file_name && fw_cfg) {
              if (mc->rom_file_has_mr) {
                  data = rom_set_mr(rom, OBJECT(fw_cfg), devpath);
                  mr = rom->mr;
              } else {
                  data = rom->data;
              }
      
        reflect those that are performed by rom_add_file() too (with mr==NULL):
      
          if (rom->fw_file && fw_cfg) {
              if ((!option_rom || mc->option_rom_has_mr) &&
                  mc->rom_file_has_mr) {
                  data = rom_set_mr(rom, OBJECT(fw_cfg), devpath);
              } else {
                  data = rom->data;
              }
      
        Hence we need no additional restrictions in rom_add_blob().
      
      * Stable is not affected as both problematic commits appeared first in
        v2.8.0-rc0.
      
      Cc: "Michael S. Tsirkin" <mst@redhat.com>
      Cc: Alistair Francis <alistair.francis@xilinx.com>
      Cc: Igor Mammedov <imammedo@redhat.com>
      Cc: Michael Walle <michael@walle.cc>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: Peter Maydell <peter.maydell@linaro.org>
      Cc: Shannon Zhao <zhaoshenglong@huawei.com>
      Cc: qemu-arm@nongnu.org
      Cc: qemu-devel@nongnu.org
      Fixes: 3e76099a
      Fixes: 5e774eb3Signed-off-by: NLaszlo Ersek <lersek@redhat.com>
      Reviewed-by: NAlistair Francis <alistair.francis@xilinx.com>
      Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
      Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      aa6c6ae8
    • P
      intel_iommu: fix incorrect device invalidate · 6cb99acc
      Peter Xu 提交于
      "mask" needs to be inverted before use.
      Signed-off-by: NPeter Xu <peterx@redhat.com>
      Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      6cb99acc
    • W
    • S
      Update version for v2.8.0-rc2 release · 1cd56fd2
      Stefan Hajnoczi 提交于
      Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
      1cd56fd2
    • S
      Merge remote-tracking branch 'kwolf/tags/for-upstream' into staging · f05234df
      Stefan Hajnoczi 提交于
      Block layer patches for 2.8.0-rc2
      
      # gpg: Signature made Tue 29 Nov 2016 03:16:10 PM GMT
      # gpg:                using RSA key 0x7F09B272C88F2FD6
      # gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"
      # Primary key fingerprint: DC3D EB15 9A9A F95D 3D74  56FE 7F09 B272 C88F 2FD6
      
      * kwolf/tags/for-upstream:
        docs: Specify that cache-clean-interval is only supported in Linux
        qcow2: Remove stale comment
        qcow2: Allow 'cache-clean-interval' in Linux only
        qcow2: Make qcow2_cache_table_release() work only in Linux
      
      Message-id: 1480436227-2211-1-git-send-email-kwolf@redhat.com
      Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
      f05234df
    • P
      rules.mak: Also try -r to build modules · 7ecf44a5
      Paolo Bonzini 提交于
      Building qemu fails in distributions where gcc enables PIE by default
      (e.g. Debian unstable) with:
      
      /usr/bin/ld: -r and -pie may not be used together
      
      You have to use -r instead of -Wl,-r to avoid gcc passing -pie to the linker
      when PIE is enabled and a relocatable object is passed.  However, clang
      does not know about -r, so try -Wl,-r first.
      
      [This is a fix for commit c96f0ee6
      ("rules.mak: Use -r instead of -Wl, -r to fix building when PIE is
      default") which mostly worked but broke the ./configure --enable-modules
      build with clang.
      --Stefan]
      Reported-by: NAdrian Bunk <bunk@stusta.de>
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      Message-id: 20161129153720.29747-1-pbonzini@redhat.com
      Cc: qemu-stable@nongnu.org
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
      7ecf44a5
  4. 29 11月, 2016 11 次提交
  5. 28 11月, 2016 8 次提交
  6. 26 11月, 2016 1 次提交
    • E
      target-i386: Remove unused local_err variable · 685479bd
      Eduardo Habkost 提交于
      local_err can never be set to non-NULL. Remove the variable.
      
      Detected by Coverity:
      
          *** CID 1365201:  Possible Control flow issues  (DEADCODE)
          /target-i386/cpu.c: 2050 in x86_cpu_parse_featurestr()
          2044             prop->value = g_strdup(val);
          2045             prop->errp = &error_fatal;
          2046             qdev_prop_register_global(prop);
          2047         }
          2048
          2049         if (local_err) {
          >>>     CID 1365201:  Possible Control flow issues  (DEADCODE)
          >>>     Execution cannot reach this statement: "error_propagate(errp, local...".
          2050             error_propagate(errp, local_err);
          2051         }
          2052     }
          2053
          2054     static void x86_cpu_load_features(X86CPU *cpu, Error **errp);
          2055     static int x86_cpu_filter_features(X86CPU *cpu);
      Reported-by: NMarkus Armbruster <armbru@redhat.com>
      Message-Id: <1480087313-15102-1-git-send-email-ehabkost@redhat.com>
      Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
      685479bd
  7. 25 11月, 2016 4 次提交