1. 06 7月, 2014 11 次提交
  2. 03 7月, 2014 1 次提交
  3. 02 7月, 2014 2 次提交
  4. 01 7月, 2014 26 次提交
    • P
      Merge remote-tracking branch 'remotes/kraxel/tags/pull-usb-20140701-1' into staging · 596742db
      Peter Maydell 提交于
      usb bugfixes.
      
      # gpg: Signature made Tue 01 Jul 2014 14:51:19 BST using RSA key ID D3E87138
      # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
      # gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
      # gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
      
      * remotes/kraxel/tags/pull-usb-20140701-1:
        ccid-card-emulated: use EventNotifier
        usb: initialize libusb_device to avoid crash
        usb: Fix usb-bt-dongle initialization.
        input: fix jumpy mouse cursor with USB mouse emulation
      Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
      596742db
    • P
      Merge remote-tracking branch 'remotes/kraxel/tags/pull-vnc-20140701-1' into staging · f9119a25
      Peter Maydell 提交于
      vnc: two bugfixes (by Peter Lieven).
      
      # gpg: Signature made Tue 01 Jul 2014 12:32:19 BST using RSA key ID D3E87138
      # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
      # gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
      # gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
      
      * remotes/kraxel/tags/pull-vnc-20140701-1:
        ui/vnc: fix potential memory corruption issues
        ui/vnc: limit client_cut_text msg payload size
      Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
      f9119a25
    • P
      ccid-card-emulated: use EventNotifier · c1129f6b
      Paolo Bonzini 提交于
      Shut up Coverity's complaint about unchecked fcntl return values,
      and especially make the code simpler and more efficient.
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
      c1129f6b
    • P
      Merge remote-tracking branch 'remotes/stefanha/tags/tracing-pull-request' into staging · 1aa85f46
      Peter Maydell 提交于
      Tracing pull request
      
      # gpg: Signature made Tue 01 Jul 2014 09:56:27 BST using RSA key ID 81AB73C8
      # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
      # gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"
      
      * remotes/stefanha/tags/tracing-pull-request:
        trace: add qemu_system_powerdown_request and qemu_system_shutdown_request trace events
      Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
      1aa85f46
    • P
      Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging · 8593efa4
      Peter Maydell 提交于
      Block pull request
      
      # gpg: Signature made Tue 01 Jul 2014 09:47:15 BST using RSA key ID 81AB73C8
      # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
      # gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"
      
      * remotes/stefanha/tags/block-pull-request: (23 commits)
        block: add backing-file option to block-stream
        block: extend block-commit to accept a string for the backing file
        block: add helper function to determine if a BDS is in a chain
        block: add QAPI command to allow live backing file change
        qapi: Change back sector-count to sectors-count in quorum QAPI events.
        block/cow: Avoid use of uninitialized cow_bs in error path
        block: simplify bdrv_find_base() and bdrv_find_overlay()
        block: make 'top' argument to block-commit optional
        iotests: Add more tests to quick group
        iotests: Add qemu tests to quick group
        iotests: Simplify qemu-iotests-quick.sh
        qemu-img create: add 'nocow' option
        virtio-blk: remove need for explicit x-data-plane=on option
        qdev: drop iothread property type
        virtio-blk: replace x-iothread with iothread link property
        virtio-blk: move qdev properties into virtio-blk.c
        virtio: fix virtio-blk child refcount in transports
        virtio-blk: drop virtio_blk_set_conf()
        virtio-blk: use aliases instead of duplicate qdev properties
        qdev: add qdev_alias_all_properties()
        ...
      Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
      8593efa4
    • P
      ui/vnc: fix potential memory corruption issues · bea60dd7
      Peter Lieven 提交于
      this patch makes the VNC server work correctly if the
      server surface and the guest surface have different sizes.
      
      Basically the server surface is adjusted to not exceed VNC_MAX_WIDTH
      x VNC_MAX_HEIGHT and additionally the width is rounded up to multiple of
      VNC_DIRTY_PIXELS_PER_BIT.
      
      If we have a resolution whose width is not dividable by VNC_DIRTY_PIXELS_PER_BIT
      we now get a small black bar on the right of the screen.
      
      If the surface is too big to fit the limits only the upper left area is shown.
      
      On top of that this fixes 2 memory corruption issues:
      
      The first was actually discovered during playing
      around with a Windows 7 vServer. During resolution
      change in Windows 7 it happens sometimes that Windows
      changes to an intermediate resolution where
      server_stride % cmp_bytes != 0 (in vnc_refresh_server_surface).
      This happens only if width % VNC_DIRTY_PIXELS_PER_BIT != 0.
      
      The second is a theoretical issue, but is maybe exploitable
      by the guest. If for some reason the guest surface size is bigger
      than VNC_MAX_WIDTH x VNC_MAX_HEIGHT we end up in severe corruption since
      this limit is nowhere enforced.
      Signed-off-by: NPeter Lieven <pl@kamp.de>
      Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
      bea60dd7
    • P
      ui/vnc: limit client_cut_text msg payload size · f9a70e79
      Peter Lieven 提交于
      currently a malicious client could define a payload
      size of 2^32 - 1 bytes and send up to that size of
      data to the vnc server. The server would allocated
      that amount of memory which could easily create an
      out of memory condition.
      
      This patch limits the payload size to 1MB max.
      
      Please note that client_cut_text messages are currently
      silently ignored.
      Signed-off-by: NPeter Lieven <pl@kamp.de>
      Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
      f9a70e79
    • J
      usb: initialize libusb_device to avoid crash · 3ce21445
      Jincheng Miao 提交于
      If libusb_get_device_list() fails, the uninitialized local variable
      libusb_device would be passed to libusb_free_device_list(), that
      will cause a crash, like:
      (gdb) bt
       #0  0x00007fbbb4bafc10 in pthread_mutex_lock () from /lib64/libpthread.so.0
       #1  0x00007fbbb233e653 in libusb_unref_device (dev=0x6275682d627375)
           at core.c:902
       #2  0x00007fbbb233e739 in libusb_free_device_list (list=0x7fbbb6e8436e,
           unref_devices=<optimized out>) at core.c:653
       #3  0x00007fbbb6cd80a4 in usb_host_auto_check (unused=unused@entry=0x0)
           at hw/usb/host-libusb.c:1446
       #4  0x00007fbbb6cd8525 in usb_host_initfn (udev=0x7fbbbd3c5670)
           at hw/usb/host-libusb.c:912
       #5  0x00007fbbb6cc123b in usb_device_init (dev=0x7fbbbd3c5670)
           at hw/usb/bus.c:106
       ...
      
      So initialize libusb_device at the begin time.
      Signed-off-by: NJincheng Miao <jmiao@redhat.com>
      Reviewed-by: NGonglei <arei.gonglei@huawei.com>
      Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
      3ce21445
    • H
      usb: Fix usb-bt-dongle initialization. · c340a284
      Hani Benhabiles 提交于
      Due to an incomplete initialization, adding a usb-bt-dongle device through HMP
      or QMP will cause a segmentation fault.
      Signed-off-by: NHani Benhabiles <hani@linux.com>
      Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com>
      Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
      c340a284
    • C
      input: fix jumpy mouse cursor with USB mouse emulation · 35e83d10
      Christian Burger 提交于
      Guest mouse pointer was jumpy, when moving host mouse in the vertical direction (see bug #1327800).
      Signed-off-by: NChristian Burger <christian@krikkel.de>
      Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
      35e83d10
    • P
      Merge remote-tracking branch 'remotes/bonzini/memory' into staging · c26f3a0a
      Peter Maydell 提交于
      * remotes/bonzini/memory:
        qdev: correctly send DEVICE_DELETED for recursively-deleted devices
        memory: do not give a name to the internal exec.c regions
        memory: MemoryRegion: Add size property
        memory: MemoryRegion: Add may-overlap and priority props
        memory: MemoryRegion: Add container and addr props
        memory: MemoryRegion: replace owner field with QOM parent
        memory: MemoryRegion: QOMify
        memory: MemoryRegion: use /machine as default owner
        libqtest: escape strings in QMP commands, fix leak
        qom: object: Ignore refs/unrefs of NULL
        qom: object: remove parent pointer when unparenting
        mc146818rtc: add "rtc-time" link to "/machine/rtc"
        qom: allow creating an alias of a child<> property
        qom: add a generic mechanism to resolve paths
        qom: add object_property_add_alias()
      Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
      c26f3a0a
    • P
      Merge remote-tracking branch 'remotes/afaerber/tags/qom-devices-for-2.1' into staging · b3959efd
      Peter Maydell 提交于
      QOM and device refactorings
      
      * QOM unparenting cleanup
      * IRQ conversion to QOM
      
      # gpg: Signature made Tue 01 Jul 2014 04:03:23 BST using RSA key ID 3E7E013F
      # gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
      # gpg:                 aka "Andreas Färber <afaerber@suse.com>"
      
      * remotes/afaerber/tags/qom-devices-for-2.1:
        irq: Slim conversion of qemu_irq to QOM
        irq: Allocate IRQs individually
        hw: Fix qemu_allocate_irqs() leaks
        sdhci: Fix misuse of qemu_free_irqs()
        qom: Remove parent pointer when unparenting
      Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
      b3959efd
    • P
      Merge remote-tracking branch 'remotes/bonzini/scsi-next' into staging · d94a6587
      Peter Maydell 提交于
      * remotes/bonzini/scsi-next:
        configure: Fix -lm test, so that tools can be compiled on hosts that require -lm
        virtio-scsi: scsi events must be converted to target endianness
        virtio-scsi: virtio_scsi_push_event() lacks VirtIOSCSIReq parsing
      Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
      d94a6587
    • Y
      trace: add qemu_system_powerdown_request and qemu_system_shutdown_request trace events · bc78cff9
      Yang Zhiyong 提交于
      We have the experience that the guest doesn't stop successfully
      though it was instructed to shut down.
      
      The root cause may be not in QEMU mostly.  However, QEMU is often
      suspected at the beginning just because the issue occurred in
      virtualization environment.
      
      Therefore, we need to affirm that QEMU received the shutdown
      request and raised ACPI irq from "virsh shutdown" command,
      virt-manger or stopping QEMU process to the VM .
      So that we can affirm the problems was belonged to the Guset OS
      rather than the QEMU itself.
      
      When we stop guests by "virsh shutdown" command or virt-manger,
      or stopping QEMU process, qemu_system_powerdown_request() or
      qemu_system_shutdown_request() is called. Then the below functions
      in main_loop_should_exit() of Vl.c are called roughly in the
      following order.
      
      	if (qemu_powerdown_requested())
      		qemu_system_powerdown()
      			monitor_protocol_event(QEVENT_POWERDOWN, NULL)
      
      	OR
      
      	if(qemu_shutdown_requested()}
      		monitor_protocol_event(QEVENT_SHUTDOWN, NULL);
      
      The tracepoint of monitor_protocol_event() already exists, but no
      tracepoints are defined for qemu_system_powerdown_request() and
      qemu_system_shutdown_request(). So this patch adds two tracepoints for
      the two functions. We believe that it will become much easier to
      isolate the problem mentioned above by these tracepoints.
      Signed-off-by: NYang Zhiyong <yangzy.fnst@cn.fujitsu.com>
      Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
      bc78cff9
    • J
      block: add backing-file option to block-stream · 13d8cc51
      Jeff Cody 提交于
      On some image chains, QEMU may not always be able to resolve the
      filenames properly, when updating the backing file of an image
      after a block job.
      
      For instance, certain relative pathnames may fail, or drives may
      have been specified originally by file descriptor (e.g. /dev/fd/???),
      or a relative protocol pathname may have been used.
      
      In these instances, QEMU may lack the information to be able to make
      the correct choice, but the user or management layer most likely does
      have that knowledge.
      
      With this extension to the block-stream api, the user is able to change
      the backing file of the active layer as part of the block-stream
      operation.
      
      This allows the change to be 'safe', in the sense that if the attempt
      to write the active image metadata fails, then the block-stream
      operation returns failure, without disrupting the guest.
      
      If a backing file string is not specified in the command, the backing
      file string to use is determined in the same manner as it was
      previously.
      Reviewed-by: NEric Blake <eblake@redhat.com>
      Signed-off-by: NJeff Cody <jcody@redhat.com>
      Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
      13d8cc51
    • J
      block: extend block-commit to accept a string for the backing file · 54e26900
      Jeff Cody 提交于
      On some image chains, QEMU may not always be able to resolve the
      filenames properly, when updating the backing file of an image
      after a block commit.
      
      For instance, certain relative pathnames may fail, or drives may
      have been specified originally by file descriptor (e.g. /dev/fd/???),
      or a relative protocol pathname may have been used.
      
      In these instances, QEMU may lack the information to be able to make
      the correct choice, but the user or management layer most likely does
      have that knowledge.
      
      With this extension to the block-commit api, the user is able to change
      the backing file of the overlay image as part of the block-commit
      operation.
      
      This allows the change to be 'safe', in the sense that if the attempt
      to write the overlay image metadata fails, then the block-commit
      operation returns failure, without disrupting the guest.
      
      If the commit top is the active layer, then specifying the backing
      file string will be treated as an error (there is no overlay image
      to modify in that case).
      
      If a backing file string is not specified in the command, the backing
      file string to use is determined in the same manner as it was
      previously.
      Reviewed-by: NEric Blake <eblake@redhat.com>
      Signed-off-by: NJeff Cody <jcody@redhat.com>
      Reviewed-by: NKevin Wolf <kwolf@redhat.com>
      Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
      54e26900
    • J
      block: add helper function to determine if a BDS is in a chain · 5a6684d2
      Jeff Cody 提交于
      This is a small helper function, to determine if 'base' is in the
      chain of BlockDriverState 'top'.  It returns true if it is in the chain,
      and false otherwise.
      
      If either argument is NULL, it will also return false.
      Reviewed-by: NBenoit Canet <benoit@irqsave.net>
      Reviewed-by: NEric Blake <eblake@redhat.com>
      Signed-off-by: NJeff Cody <jcody@redhat.com>
      Reviewed-by: NKevin Wolf <kwolf@redhat.com>
      Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
      5a6684d2
    • J
      block: add QAPI command to allow live backing file change · fa40e656
      Jeff Cody 提交于
      This allows a user to make a live change to the backing file recorded in
      an open image.
      
      The image file to modify can be specified 2 ways:
      
      1) image filename
      2) image node-name
      
      Note: this does not cause the backing file itself to be reopened; it
      merely changes the backing filename in the image file structure, and
      in internal BDS structures.
      
      It is the responsibility of the user to pass a filename string that
      can be resolved when the image chain is reopened, and the filename
      string is not validated.
      
      A good analogy for this command is that it is a live version of
      'qemu-img rebase -u', with respect to changing the backing file string.
      
      [Jeff is offline so I respun this patch in his absence.  Dropped image
      filename since using node-name is preferred and this is a new command.
      No need to introduce the limitations of finding images by filename.
      --Stefan]
      Reviewed-by: NEric Blake <eblake@redhat.com>
      Reviewed-by: NKevin Wolf <kwolf@redhat.com>
      Signed-off-by: NJeff Cody <jcody@redhat.com>
      Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
      fa40e656
    • A
      configure: Fix -lm test, so that tools can be compiled on hosts that require -lm · f80ea986
      Alexey Kardashevskiy 提交于
      The existing test whether "-lm" needs to be included or not is
      insufficient as it reports false negative on Fedora20/ppc64.
      This happens because sin(0.0) is a constant value which compiler
      can safely throw away and therefore there is no need to add "-lm".
      As the result, qemu-nbd/qemu-io/qemu-img tools cannot compile.
      
      This adds a global variable and uses it in the test to prevent
      from optimization.
      Signed-off-by: NAlexey Kardashevskiy <aik@ozlabs.ru>
      [Use Peter's improvement on the test to fool LTO, and remove the
       now useless -lm addition in Makefile.target. - Paolo]
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      f80ea986
    • P
      qdev: correctly send DEVICE_DELETED for recursively-deleted devices · 352e8da7
      Paolo Bonzini 提交于
      When a device is unparented (i.e. made completely hidden from management)
      we want to send a DEVICE_DELETED event only if the device actually was
      realized.  This avoids raising DEVICE_DELETED events when device_add
      fails.
      
      However, this does not work right for recursively-deleted
      devices: the whole tree is _first_ unrealized, _then_ unparented.
      Then device_unparent sees realized==false and fails to trigger
      the event.  The solution is simply to move have_realized into
      the DeviceState struct.  If device_add fails, we never set the
      new field to true and DEVICE_DELETED is not sent.
      
      Fixes qemu-iotests testcase 067 (broken by commit 5942a190, though that
      commit in turn fixed a possible segfault in the same test).
      Reported-by: NMarkus Armbruster <armbru@redhat.com>
      Reviewed-by: NMarkus Armbruster <armbru@redhat.com>
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      352e8da7
    • P
      memory: do not give a name to the internal exec.c regions · 1f6245e5
      Paolo Bonzini 提交于
      There is no need to have them visible under /machine.
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      1f6245e5
    • P
      memory: MemoryRegion: Add size property · 52aef7bb
      Peter Crosthwaite 提交于
      To allow devices to dynamically resize the device. The motivation is
      to allow devices with variable size to init their memory_region
      without size early and then correctly populate size at realize() time.
      Signed-off-by: NPeter Crosthwaite <peter.crosthwaite@xilinx.com>
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      52aef7bb
    • P
      memory: MemoryRegion: Add may-overlap and priority props · d33382da
      Peter Crosthwaite 提交于
      QOM propertyify the .may-overlap and .priority fields. The setters
      will re-add the memory as a subregion if needed (i.e. the values change
      when the memory region is already contained).
      Signed-off-by: NPeter Crosthwaite <peter.crosthwaite@xilinx.com>
      [Remove setters. - Paolo]
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      d33382da
    • P
      memory: MemoryRegion: Add container and addr props · 409ddd01
      Peter Crosthwaite 提交于
      Expose the already existing .parent and .addr fields as QOM properties.
      .parent (i.e. the field describing the memory region that contains this
      one in Memory hierachy) is renamed "container". This is to avoid
      confusion with the QOM parent.
      Signed-off-by: NPeter Crosthwaite <peter.crosthwaite@xilinx.com>
      [Remove setters.  Do not unref parent on releasing the property. Clean
       up error propagation. - Paolo]
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      409ddd01
    • P
      memory: MemoryRegion: replace owner field with QOM parent · 22a893e4
      Paolo Bonzini 提交于
      The two are now the same.
      Reviewed-by: NPeter Crosthwaite <peter.crosthwaite@xilinx.com>
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      22a893e4
    • P
      memory: MemoryRegion: QOMify · b4fefef9
      Peter Crosthwaite 提交于
      QOMify memory regions as an Object. The former init() and destroy()
      routines become instance_init() and instance_finalize() resp.
      
      memory_region_init() is re-implemented to be:
      object_initialize() + set fields
      
      memory_region_destroy() is re-implemented to call unparent().
      Signed-off-by: NPeter Crosthwaite <peter.crosthwaite@xilinx.com>
      [Add newly-created MR as child, unparent on destruction. - Paolo]
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      b4fefef9