Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
Reviewed-by: NEric Blake <eblake@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
Reviewed-by: NEric Blake <eblake@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

New device, has never been released, so we can still improve things
without worrying about compatibility.

Naming is a mess.  The code calls the device driver CirMemCharDriver,
the public API calls it "memory", "memchardev", or "memchar", and the
special commands are named like "memchar-FOO".  "memory" is a
particularly unfortunate choice, because there's another character
device driver called MemoryDriver.  Moreover, the device's distinctive
property is that it's a ring buffer, not that's in memory.  Therefore:

* Rename CirMemCharDriver to RingBufCharDriver, and call the thing a
  "ringbuf" in the API.

* Rename QMP and HMP commands from memchar-FOO to ringbuf-FOO.

* Rename device parameter from maxcapacity to size (simple words are
  good for you).

* Clearly mark the parameter as optional in documentation.

* Fix error reporting so that chardev-add reports to current monitor,
  not stderr.

* Replace cirmem in C identifiers by ringbuf.

* Rework documentation.  Document the impact of our crappy UTF-8
  handling on reading.

* QMP examples that even work.

I could split this up into multiple commits, but they'd change the
same documentation lines multiple times.  Not worth it.
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
Reviewed-by: NEric Blake <eblake@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Inline trivial cirmem_chr_is_empty() into its only caller.

Rename qemu_chr_cirmem_count() to cirmem_count().

Fast ring buffer index wraparound.  Without this, there's no point in
restricting size to a power two.

qemu_is_chr(chr, "memory") returns *zero* when chr is a memory
character device, which isn't what I'd expect.  Replace it by the
saner and more obviously correct chr_is_cirmem().  Also avoids
encouraging testing for specific character devices elsewhere.
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
Reviewed-by: NEric Blake <eblake@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

This is a new device, so there's no compatibility to maintain, and its
use case isn't common enough to justify shorthand syntax.
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
Reviewed-by: NEric Blake <eblake@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Undocumented misfeature, get rid of it while we can.
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
Reviewed-by: NEric Blake <eblake@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
Reviewed-by: NEric Blake <eblake@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
Reviewed-by: NEric Blake <eblake@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
Reviewed-by: NEric Blake <eblake@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Const-correctness, consistently use standard C types instead of mixing
them with GLib types.
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
Reviewed-by: NEric Blake <eblake@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

New errors should be generic unless there's a real use case for rich
errors.
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
Reviewed-by: NEric Blake <eblake@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

The data returned has a well-defined size, which makes the size
returned along with it redundant at best.  Drop it.
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
Reviewed-by: NEric Blake <eblake@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Command memchar-write takes data and size parameter.  Begs the
question what happens when data doesn't match size.

With format base64, qmp_memchar_write() copies the full data argument,
regardless of size argument.

With format utf8, qmp_memchar_write() copies size bytes from data,
happily reading beyond data.  Copies crap from the heap or even
crashes.

Drop the size parameter, and always copy the full data argument.
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
Reviewed-by: NEric Blake <eblake@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

As reported in http://bugs.debian.org/697641 , some Hungarian keys
does not work with qemu when using vnc display.

This is because while the Hungarian keymap mentions these symbols,
qemu know nothing about them.  So add them.

This patch is applicable to -stable for all previous releases.
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

We use the clunk request to do the actual xattr operation. So don't
ignore the error value for fid clunk.

Security model "none" don't support posix acl. Without this patch
guest won't get EOPNOTSUPP error on setxattr("system.posix_acl_access")
Signed-off-by: NAneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Since these values can possibly be sent from guest (for hw/9pfs), do a sanity check
on them. A 9p write request with 0 bytes caused qemu to abort without this patch
Signed-off-by: NAneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Fixes a couple of regression bugs introduced by
b9d03e35 and related to
auto-negotiation:
-   Auto-negotiation currently sets link up even if it was
    forced down from the monitor.
-   If Auto-negotiation was in progress during migration,
    link will never come up.

As a fix, don't touch NC link_down field at all,
instead add code on receive path to check
guest link status.
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

The build is broken on ppc64-linux, possibly only with new binutils:

ld: hw/lm32/../milkymist-tmu2.o: undefined reference to symbol 'XFree'
ld: note: 'XFree' is defined in DSO /lib64/libX11.so.6 so try \
  adding it to the linker command line

So let's follow the linker's advice.
Signed-off-by: NRichard Henderson <rth@twiddle.net>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

The misnamed HOST_LONG_BITS is really HOST_POINTER_BITS.  Here we're
explicitly using an unsigned long, rather than uintptr_t, so it is
more correct to select the swap size via ULONG_MAX.
Acked-by: NAndreas Färber <afaerber@suse.de>
Signed-off-by: NRichard Henderson <rth@twiddle.net>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

SeaBIOS is really close to spilling over to 256k.  Until we can better
handle migration across RAM block size changes, recompile SeaBIOS with
a compiler that causes the binary to still fit in 128k.

This was built with:

gcc version 4.7.2 20121109 (Red Hat 4.7.2-8) (GCC)

On 64-bit Fedora 18.
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

gcc with -Wextra complains about an ordered pointer comparison:

target-s390x/helper.c:660:27: warning:
 ordered comparison of pointer with integer zero [-Wextra]

Obviously the index was missing in the code.
Signed-off-by: NStefan Weil <sw@weilnetz.de>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

As best I can tell, this is a false positive.

  [aliguori@ccnode4 qemu-s390]$ make
    CC    s390x-softmmu/target-s390x/helper.o
  /home/aliguori/git/qemu/target-s390x/helper.c: In function ‘do_interrupt’:
  /home/aliguori/git/qemu/target-s390x/helper.c:673:17: error: ‘addr’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
  /home/aliguori/git/qemu/target-s390x/helper.c:620:20: note: ‘addr’ was declared here
  /home/aliguori/git/qemu/target-s390x/helper.c:673:17: error: ‘mask’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
  /home/aliguori/git/qemu/target-s390x/helper.c:620:14: note: ‘mask’ was declared here
  cc1: all warnings being treated as errors
  make[1]: *** [target-s390x/helper.o] Error 1
  make: *** [subdir-s390x-softmmu] Error 2

Cc: Cornelia Huck <cornelia.huck@de.ibm.com>
Cc: Stefan Weil <sw@weilnetz.de>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

b0b873a0 bumped the vmstate version and
introduced an old-style load function to handle migration from prior
(<= 1.2) versions.

The load function passes the top-level PIIX4PMState pointer to
vmstate_load_state() to handle nested structs for APMState and
pci_status, which leads to corruption of the top-level PIIX4PMState,
since pointers to the nested structs are expected.

A segfault can be fairly reliably triggered by migrating from 1.2 and
issuing a reset, which will trigger a number of QOM operations which
rely on the now corrupted ObjectClass/Object members.

Fix this by passing in the expected pointers for vmstate_load_state().

Cc: qemu-stable@nongnu.org
Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

- Accept empty strings without aborting
- Use parse_uint*() to parse numbers
- Abort if anything except '-' or end-of-string is found after the first
  number.
- Check for endvalue < value

Also change the MAX_CPUMASK_BITS warning message from "A max of %d CPUs
are supported in a guest" to "qemu: NUMA: A max of %d VCPUs are
supported".
Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
Reviewed-by: NEric Blake <eblake@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

This will make it easier to refactor that code later.
Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
Reviewed-by: NEric Blake <eblake@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

This should catch many kinds of errors that the current code wasn't
checking for:

 - Values that can't be parsed as a number
 - Negative values
 - Overflow
 - Empty string
Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
Reviewed-by: NEric Blake <eblake@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Without this check, QEMU will corrupt memory if a too-large nodeid is
provided in the command-line. e.g.:

  -numa node,mem=...,cpus=...,nodeid=65

This changes nodenr to unsigned long long, to avoid integer conversion
issues when converting the strtoull() result to int.
Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
Reviewed-by: NEric Blake <eblake@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Instead of checking the limit before calling numa_add(), check the limit
only when we already know we're going to add a new node.
Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
Reviewed-by: NEric Blake <eblake@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Abort in case an invalid -numa option is provided, instead of silently
ignoring it.
Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
Reviewed-by: NEric Blake <eblake@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

The numa_add() code was unconditionally adding 1 to the get_opt_name()
return value, making it point after the end of the string if no ','
separator is present.

Example of weird behavior caused by the bug:

  $ qemu-img create -f qcow2 this-file-image-has,cpus=5,mem=1000,in-its-name.qcow2 5G
  Formatting 'this-file-image-has,cpus=5,mem=1000,in-its-name.qcow2', fmt=qcow2 size=5368709120 encryption=off cluster_size=65536
  $ ./x86_64-softmmu/qemu-system-x86_64 -S -monitor stdio -numa node 'this-file-image-has,cpus=5,mem=1000,in-its-name.qcow2'
  QEMU 1.3.50 monitor - type 'help' for more information
  (qemu) info numa
  1 nodes
  node 0 cpus: 0
  node 0 size: 1000 MB
  (qemu)

This changes the code to nove the pointer only if ',' is found.
Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
Reviewed-by: NEric Blake <eblake@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

There are lots of duplicate parsing code using strto*() in QEMU, and
most of that code is broken in one way or another. Even the visitors
code have duplicate integer parsing code[1]. This introduces functions
to help parsing unsigned int values: parse_uint() and parse_uint_full().

Parsing functions for signed ints and floats will be submitted later.

parse_uint_full() has all the checks made by opts_type_uint64() at
opts-visitor.c:

 - Check for NULL (returns -EINVAL)
 - Check for negative numbers (returns -EINVAL)
 - Check for empty string (returns -EINVAL)
 - Check for overflow or other errno values set by strtoll() (returns
   -errno)
 - Check for end of string (reject invalid characters after number)
   (returns -EINVAL)

parse_uint() does everything above except checking for the end of the
string, so callers can continue parsing the remainder of string after
the number.

Unit tests included.

[1] string-input-visitor.c:parse_int() could use the same parsing code
    used by opts-visitor.c:opts_type_int(), instead of duplicating that
    logic.
Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
Reviewed-by: NEric Blake <eblake@redhat.com>
Reviewed-by: NLaszlo Ersek <lersek@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Around r3361 (81fdc5f8) env->debug1 used
to contain the address of an MMU fault. This is now written into
env->pregs[PR_EDA] instead.
Signed-off-by: NAndreas Färber <afaerber@suse.de>
Signed-off-by: NEdgar E. Iglesias <edgar.iglesias@gmail.com>

We had two copies of a ffs function for longs with subtly different
semantics and, for the one in bitops.h, a confusing name: the result
was off-by-one compared to the library function ffsl.

Unify the functions into one, and solve the name problem by calling
the 0-based functions "bitops_ctzl" and "bitops_ctol" respectively.

This also fixes the build on platforms with ffsl, including Mac OS X
and Windows.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Reviewed-by: NEric Blake <eblake@redhat.com>
Tested-by: NAndreas Färber <afaerber@suse.de>
Tested-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

MinGW has no strtok_r, so we need a declaration in sysemu/os-win32.h.
We must also fix the include statements in util/envlist.c to include
that file.

We currently don't need an implementation of strtok_r because the
code is compiled but not linked for MinGW.
Signed-off-by: NStefan Weil <sw@weilnetz.de>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

The multiqueue patch series broke -netdev tap,fd=X which manifests
as libvirt not being able to start a guest.  This was because it
passed NULL for the netdev name which results in an anonymous netdev
device regardless of what the user specified.

Cc: Jason Wang <jasowang@redhat.com>
Cc: Bruce Rogers <brogers@suse.com>
Reported-by: NBruce Rogers <brogers@suse.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

This is now unused.  Document the initial reference count of an object
and when it will be freed/finalized.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

CPUs are never added to the composition tree, so delete is achieved
simply by removing the last references to them.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

qdev_free and qbus_free have to do unparent+unref, because nobody else
drops the initial reference (the one included by object_initialize)
before them.

For device_init_func and do_device_add, this is trivially correct,
since the DeviceState goes out of scope.

For qdev_create, qdev_try_create and qbus_init, it is a bit more tricky.
What we are doing here is just assuming that the caller knows what it's
doing, and won't call qdev_free/qbus_free while the device is still there.
This is a pretty reasonable assumption and (behind the scenes) is also
what GObject/GTK does.  GTK actually has a "floating reference" that
goes away as soon as the caller does gtk_container_add or something
like that, but in the end qbus_init and qdev_try_create are already
adding the new object to its qdev parent!  So in the end the two solutions
are the same.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

We want object_delete to disappear, and we will do this one class at a
time.  Inline it for the qdev case, which we will tackle first.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>