1. 12 10月, 2016 12 次提交
  2. 10 10月, 2016 28 次提交
    • P
      Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging · 627eae7d
      Peter Maydell 提交于
      virtio, pc: fixes and features
      
      more guest error handling for virtio devices
      virtio migration rework
      pc fixes
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      
      # gpg: Signature made Mon 10 Oct 2016 00:39:11 BST
      # gpg:                using RSA key 0x281F0DB8D28D5469
      # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
      # gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"
      # Primary key fingerprint: 0270 606B 6F3C DF3D 0B17  0970 C350 3912 AFBE 8E67
      #      Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA  8A0D 281F 0DB8 D28D 5469
      
      * remotes/mst/tags/for_upstream: (33 commits)
        intel-iommu: Check IOAPIC's Trigger Mode against the one in IRTE
        virtio: cleanup VMSTATE_VIRTIO_DEVICE
        vhost-vsock: convert VMSTATE_VIRTIO_DEVICE
        virtio-rng: convert VMSTATE_VIRTIO_DEVICE
        virtio-balloon: convert VMSTATE_VIRTIO_DEVICE
        virtio-scsi: convert VMSTATE_VIRTIO_DEVICE
        virtio-input: convert VMSTATE_VIRTIO_DEVICE
        virtio-gpu: convert VMSTATE_VIRTIO_DEVICE
        virtio-serial: convert VMSTATE_VIRTIO_DEVICE
        virtio-9p: convert VMSTATE_VIRTIO_DEVICE
        virtio-net: convert VMSTATE_VIRTIO_DEVICE
        virtio-blk: convert VMSTATE_VIRTIO_DEVICE
        virtio: prepare change VMSTATE_VIRTIO_DEVICE macro
        net: don't poke at chardev internal QemuOpts
        virtio-scsi: handle virtio_scsi_set_config() error
        virtio-scsi: convert virtio_scsi_bad_req() to use virtio_error()
        virtio-net: handle virtio_net_flush_tx() errors
        virtio-net: handle virtio_net_receive() errors
        virtio-net: handle virtio_net_handle_ctrl() error
        virtio-blk: handle virtio_blk_handle_request() errors
        ...
      Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
      627eae7d
    • P
      Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging · 0f183e67
      Peter Maydell 提交于
      Block layer patches
      
      # gpg: Signature made Mon 10 Oct 2016 12:33:14 BST
      # gpg:                using RSA key 0x7F09B272C88F2FD6
      # gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"
      # Primary key fingerprint: DC3D EB15 9A9A F95D 3D74  56FE 7F09 B272 C88F 2FD6
      
      * remotes/kevin/tags/for-upstream:
        dmg: Move libbz2 code to dmg-bz2.so
        module: Don't load the same module if requested multiple times
        scripts: Allow block module to not define BlockDriver
        block: Add qdev ID to DEVICE_TRAY_MOVED
        block-backend: Remember if attached device is non-qdev
        block: Add node name to BLOCK_IO_ERROR event
        block: Add bdrv_runtime_opts to query-command-line-options
        block: use aio_bh_schedule_oneshot
        async: add aio_bh_schedule_oneshot
        block: use bdrv_add_before_write_notifier
      Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
      0f183e67
    • P
      Merge remote-tracking branch 'remotes/mjt/tags/trivial-patches-fetch' into staging · a20fd901
      Peter Maydell 提交于
      trivial patches for 2016-10-08
      
      # gpg: Signature made Sat 08 Oct 2016 09:56:38 BST
      # gpg:                using RSA key 0x701B4F6B1A693E59
      # gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>"
      # gpg:                 aka "Michael Tokarev <mjt@corpit.ru>"
      # gpg:                 aka "Michael Tokarev <mjt@debian.org>"
      # Primary key fingerprint: 6EE1 95D1 886E 8FFB 810D  4324 457C E0A0 8044 65C5
      #      Subkey fingerprint: 7B73 BAD6 8BE7 A2C2 8931  4B22 701B 4F6B 1A69 3E59
      
      * remotes/mjt/tags/trivial-patches-fetch: (26 commits)
        net/filter-mirror: Fix mirror initial check typo
        virtio: rename the bar index field name in VirtIOPCIProxy
        linux-user: include <poll.h> instead of <sys/poll.h>
        char: fix missing return in error path for chardev TLS init
        CODING_STYLE: Fix a typo ("have" vs. "has")
        bitmap: refine and move BITMAP_{FIRST/LAST}_WORD_MASK
        build-sys: fix find-in-path
        m68k: change default system clock for m5208evb
        exec: remove unused compacted argument
        usb: ehci: fix memory leak in ehci_process_itd
        qapi: make the json schema files more regular.
        maint: Add module_block.h to .gitignore
        MAINTAINERS: Some updates related to the SH4 machines
        MAINTAINERS: Add some more MIPS related files
        MAINTAINERS: Add usermode related config files
        MAINTAINERS: Add some more pattern to recognize all win32 related files
        MAINTAINERS: Add some more rocker related files
        MAINTAINERS: Add header files to CRIS section
        MAINTAINERS: Add some more files to the virtio section
        MAINTAINERS: Add some SPARC machine related files
        ...
      
      # Conflicts:
      #	MAINTAINERS
      a20fd901
    • P
      Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2016-10-07' into staging · 0cb01557
      Peter Maydell 提交于
      QAPI patches for 2016-10-07
      
      # gpg: Signature made Fri 07 Oct 2016 18:55:40 BST
      # gpg:                using RSA key 0x3870B400EB918653
      # gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
      # gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>"
      # Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867  4E5F 3870 B400 EB91 8653
      
      * remotes/armbru/tags/pull-qapi-2016-10-07:
        docs: Belatedly update for move of QMP/* to docs/
        docs: Belatedly update for move of qmp-commands.txt
        qmp: Disable query-cpu-* commands when they're unavailable
        MAINTAINERS: Pass the QObject staff from Luiz to Markus
        MAINTAINERS: Pass the HMP staff from Luiz to David
        qapi: return a 'missing parameter' error
        qapi: assert list entry has a value
        qapi: add assert about root value
        tests/test-qmp-input-strict: Cover missing struct members
        qapi: Fix crash when 'any' or 'null' parameter is missing
        qmp: fix object-add assert() without props
      Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
      0cb01557
    • P
      Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging · 86e121ae
      Peter Maydell 提交于
      * Thread Sanitizer fixes (Alex)
      * Coverity fixes (David)
      * test-qht fixes (Emilio)
      * QOM interface for info irq/info pic (Hervé)
      * -rtc clock=rt fix (Junlian)
      * mux chardev fixes (Marc-André)
      * nicer report on death by signal (Michal)
      * qemu-tech TLC (Paolo)
      * MSI support for edu device (Peter)
      * qemu-nbd --offset fix (Tomáš)
      
      # gpg: Signature made Fri 07 Oct 2016 17:25:10 BST
      # gpg:                using RSA key 0xBFFBD25F78C7AE83
      # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
      # gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
      # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
      #      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83
      
      * remotes/bonzini/tags/for-upstream: (39 commits)
        qemu-doc: merge qemu-tech and qemu-doc
        qemu-tech: rewrite some parts
        qemu-tech: reorganize content
        qemu-tech: move TCG test documentation to tests/tcg/README
        qemu-tech: move user mode emulation features from qemu-tech
        qemu-tech: document lazy condition code evaluation in cpu.h
        qemu-tech: move text from qemu-tech to tcg/README
        qemu-doc: drop installation and compilation notes
        qemu-doc: replace introduction with the one from the internals manual
        qemu-tech: drop index
        test-qht: perform lookups under rcu_read_lock
        qht: fix unlock-after-free segfault upon resizing
        qht: simplify qht_reset_size
        qemu-nbd: Shrink image size by specified offset
        qemu_kill_report: Report PID name too
        util: Introduce qemu_get_pid_name
        char: update read handler in all cases
        char: use a fixed idx for child muxed chr
        i8259: give ISA device when registering ISA ioports
        .travis.yml: add gcc sanitizer build
        ...
      Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
      86e121ae
    • F
      intel-iommu: Check IOAPIC's Trigger Mode against the one in IRTE · dea651a9
      Feng Wu 提交于
      The Trigger Mode field of IOAPIC must match the Trigger Mode in
      the IRTE according to VT-d Spec 5.1.5.1.
      Signed-off-by: NFeng Wu <feng.wu@intel.com>
      Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      Reviewed-by: NPeter Xu <peterx@redhat.com>
      dea651a9
    • H
      virtio: cleanup VMSTATE_VIRTIO_DEVICE · 5705653f
      Halil Pasic 提交于
      Now all the usages of the old version of VMSTATE_VIRTIO_DEVICE are gone,
      so we can get rid of the conditionals, and the old macro.
      Signed-off-by: NHalil Pasic <pasic@linux.vnet.ibm.com>
      Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      5705653f
    • H
      vhost-vsock: convert VMSTATE_VIRTIO_DEVICE · 81cc8a65
      Halil Pasic 提交于
      Use the new VMSTATE_VIRTIO_DEVICE macro.
      Signed-off-by: NHalil Pasic <pasic@linux.vnet.ibm.com>
      Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      81cc8a65
    • H
      virtio-rng: convert VMSTATE_VIRTIO_DEVICE · b7de81f6
      Halil Pasic 提交于
      Use the new VMSTATE_VIRTIO_DEVICE macro.
      Signed-off-by: NHalil Pasic <pasic@linux.vnet.ibm.com>
      Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      b7de81f6
    • H
      virtio-balloon: convert VMSTATE_VIRTIO_DEVICE · c5dc16b7
      Halil Pasic 提交于
      Use the new VMSTATE_VIRTIO_DEVICE macro.
      Signed-off-by: NHalil Pasic <pasic@linux.vnet.ibm.com>
      Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      c5dc16b7
    • H
      virtio-scsi: convert VMSTATE_VIRTIO_DEVICE · f20476b9
      Halil Pasic 提交于
      Use the new VMSTATE_VIRTIO_DEVICE macro.
      Signed-off-by: NHalil Pasic <pasic@linux.vnet.ibm.com>
      Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      f20476b9
    • H
      virtio-input: convert VMSTATE_VIRTIO_DEVICE · 73a17349
      Halil Pasic 提交于
      Use the new VMSTATE_VIRTIO_DEVICE macro.
      Signed-off-by: NHalil Pasic <pasic@linux.vnet.ibm.com>
      Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      73a17349
    • H
      virtio-gpu: convert VMSTATE_VIRTIO_DEVICE · 8a502efd
      Halil Pasic 提交于
      Use the new VMSTATE_VIRTIO_DEVICE macro. The device virtio-gpu is
      special because it actually does not adhere to the virtio migration
      schema, because device state is last.
      Signed-off-by: NHalil Pasic <pasic@linux.vnet.ibm.com>
      Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      8a502efd
    • H
      virtio-serial: convert VMSTATE_VIRTIO_DEVICE · 97eed24f
      Halil Pasic 提交于
      Use the new VMSTATE_VIRTIO_DEVICE macro.
      Signed-off-by: NHalil Pasic <pasic@linux.vnet.ibm.com>
      Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      97eed24f
    • H
      virtio-9p: convert VMSTATE_VIRTIO_DEVICE · dcaf8dda
      Halil Pasic 提交于
      Use the new VMSTATE_VIRTIO_DEVICE macro.
      Signed-off-by: NHalil Pasic <pasic@linux.vnet.ibm.com>
      Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      dcaf8dda
    • H
      virtio-net: convert VMSTATE_VIRTIO_DEVICE · 4d45dcfb
      Halil Pasic 提交于
      Use the new VMSTATE_VIRTIO_DEVICE macro.
      Signed-off-by: NHalil Pasic <pasic@linux.vnet.ibm.com>
      Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      4d45dcfb
    • H
      virtio-blk: convert VMSTATE_VIRTIO_DEVICE · 977a117f
      Halil Pasic 提交于
      Use the new VMSTATE_VIRTIO_DEVICE macro.
      Signed-off-by: NHalil Pasic <pasic@linux.vnet.ibm.com>
      Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      977a117f
    • H
      virtio: prepare change VMSTATE_VIRTIO_DEVICE macro · 1a665855
      Halil Pasic 提交于
      In most cases the functions passed to VMSTATE_VIRTIO_DEVICE
      only call the virtio_load and virtio_save wrappers. Some include some
      pre- and post- massaging too. The massaging is better expressed
      as such in the VMStateDescription.
      
      Let us prepare for changing the semantic of the VMSTATE_VIRTIO_DEVICE
      macro so that it is more similar to the other VMSTATE_*_DEVICE macros
      in a sense that it is a field definition.
      
      The preprocessor conditionals are going to be removed as soon as
      every usage is converted to the new semantic.
      Signed-off-by: NHalil Pasic <pasic@linux.vnet.ibm.com>
      Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      1a665855
    • D
      net: don't poke at chardev internal QemuOpts · 0a73336d
      Daniel P. Berrange 提交于
      The vhost-user & colo code is poking at the QemuOpts instance
      in the CharDriverState struct, not realizing that it is valid
      for this to be NULL. e.g. the following crash shows a codepath
      where it will be NULL:
      
       Program terminated with signal SIGSEGV, Segmentation fault.
       #0  0x000055baf6ab4adc in qemu_opt_foreach (opts=0x0, func=0x55baf696b650 <net_vhost_chardev_opts>, opaque=0x7ffc51368c00, errp=0x7ffc51368e48) at util/qemu-option.c:617
       617         QTAILQ_FOREACH(opt, &opts->head, next) {
       [Current thread is 1 (Thread 0x7f1d4970bb40 (LWP 6603))]
       (gdb) bt
       #0  0x000055baf6ab4adc in qemu_opt_foreach (opts=0x0, func=0x55baf696b650 <net_vhost_chardev_opts>, opaque=0x7ffc51368c00, errp=0x7ffc51368e48) at util/qemu-option.c:617
       #1  0x000055baf696b7da in net_vhost_parse_chardev (opts=0x55baf8ff9260, errp=0x7ffc51368e48) at net/vhost-user.c:314
       #2  0x000055baf696b985 in net_init_vhost_user (netdev=0x55baf8ff9250, name=0x55baf879d270 "hostnet2", peer=0x0, errp=0x7ffc51368e48) at net/vhost-user.c:360
       #3  0x000055baf6960216 in net_client_init1 (object=0x55baf8ff9250, is_netdev=true, errp=0x7ffc51368e48) at net/net.c:1051
       #4  0x000055baf6960518 in net_client_init (opts=0x55baf776e7e0, is_netdev=true, errp=0x7ffc51368f00) at net/net.c:1108
       #5  0x000055baf696083f in netdev_add (opts=0x55baf776e7e0, errp=0x7ffc51368f00) at net/net.c:1186
       #6  0x000055baf69608c7 in qmp_netdev_add (qdict=0x55baf7afaf60, ret=0x7ffc51368f50, errp=0x7ffc51368f48) at net/net.c:1205
       #7  0x000055baf6622135 in handle_qmp_command (parser=0x55baf77fb590, tokens=0x7f1d24011960) at /path/to/qemu.git/monitor.c:3978
       #8  0x000055baf6a9d099 in json_message_process_token (lexer=0x55baf77fb598, input=0x55baf75acd20, type=JSON_RCURLY, x=113, y=19) at qobject/json-streamer.c:105
       #9  0x000055baf6abf7aa in json_lexer_feed_char (lexer=0x55baf77fb598, ch=125 '}', flush=false) at qobject/json-lexer.c:319
       #10 0x000055baf6abf8f2 in json_lexer_feed (lexer=0x55baf77fb598, buffer=0x7ffc51369170 "}R\204\367\272U", size=1) at qobject/json-lexer.c:369
       #11 0x000055baf6a9d13c in json_message_parser_feed (parser=0x55baf77fb590, buffer=0x7ffc51369170 "}R\204\367\272U", size=1) at qobject/json-streamer.c:124
       #12 0x000055baf66221f7 in monitor_qmp_read (opaque=0x55baf77fb530, buf=0x7ffc51369170 "}R\204\367\272U", size=1) at /path/to/qemu.git/monitor.c:3994
       #13 0x000055baf6757014 in qemu_chr_be_write_impl (s=0x55baf7610a40, buf=0x7ffc51369170 "}R\204\367\272U", len=1) at qemu-char.c:387
       #14 0x000055baf6757076 in qemu_chr_be_write (s=0x55baf7610a40, buf=0x7ffc51369170 "}R\204\367\272U", len=1) at qemu-char.c:399
       #15 0x000055baf675b3b0 in tcp_chr_read (chan=0x55baf90244b0, cond=G_IO_IN, opaque=0x55baf7610a40) at qemu-char.c:2927
       #16 0x000055baf6a5d655 in qio_channel_fd_source_dispatch (source=0x55baf7610df0, callback=0x55baf675b25a <tcp_chr_read>, user_data=0x55baf7610a40) at io/channel-watch.c:84
       #17 0x00007f1d3e80cbbd in g_main_context_dispatch () from /usr/lib64/libglib-2.0.so.0
       #18 0x000055baf69d3720 in glib_pollfds_poll () at main-loop.c:213
       #19 0x000055baf69d37fd in os_host_main_loop_wait (timeout=126000000) at main-loop.c:258
       #20 0x000055baf69d38ad in main_loop_wait (nonblocking=0) at main-loop.c:506
       #21 0x000055baf676587b in main_loop () at vl.c:1908
       #22 0x000055baf676d3bf in main (argc=101, argv=0x7ffc5136a6c8, envp=0x7ffc5136a9f8) at vl.c:4604
       (gdb) p opts
       $1 = (QemuOpts *) 0x0
      
      The crash occurred when attaching vhost-user net via QMP:
      
      {
          "execute": "chardev-add",
          "arguments": {
              "id": "charnet2",
              "backend": {
                  "type": "socket",
                  "data": {
                      "addr": {
                          "type": "unix",
                          "data": {
                              "path": "/var/run/openvswitch/vhost-user1"
                          }
                      },
                      "wait": false,
                      "server": false
                  }
              }
          },
          "id": "libvirt-19"
      }
      {
          "return": {
      
          },
          "id": "libvirt-19"
      }
      {
          "execute": "netdev_add",
          "arguments": {
              "type": "vhost-user",
              "chardev": "charnet2",
              "id": "hostnet2"
          },
          "id": "libvirt-20"
      }
      
      Code using chardevs should not be poking at the internals of the
      CharDriverState struct. What vhost-user wants is a chardev that is
      operating as reconnectable network service, along with the ability
      to do FD passing over the connection. The colo code simply wants
      a network service. Add a feature concept to the char drivers so
      that chardev users can query the actual features they wish to have
      supported. The QemuOpts member is removed to prevent future mistakes
      in this area.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      Reviewed-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
      Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      0a73336d
    • G
      virtio-scsi: handle virtio_scsi_set_config() error · ad14a46a
      Greg Kurz 提交于
      This error is caused by a buggy guest: let's switch the device to the
      broken state instead of terminating QEMU.
      Signed-off-by: NGreg Kurz <groug@kaod.org>
      Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com>
      Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      ad14a46a
    • G
      virtio-scsi: convert virtio_scsi_bad_req() to use virtio_error() · 661e32fb
      Greg Kurz 提交于
      The virtio_scsi_bad_req() function is called when a guest sends a
      request with missing or ill-sized headers. This generally happens
      when the virtio_scsi_parse_req() function returns an error.
      
      With this patch, virtio_scsi_bad_req() will mark the device as broken,
      detach the request from the virtqueue and free it, instead of forcing
      QEMU to exit.
      
      In nearly all locations where virtio_scsi_bad_req() is called, the only
      thing to do next is to return to the caller.
      
      The virtio_scsi_handle_cmd_req_prepare() function is an exception though.
      
      It is called in a loop by virtio_scsi_handle_cmd_vq() and passed requests
      freshly popped from a cmd virtqueue; virtio_scsi_handle_cmd_req_prepare()
      does some sanity checks on the request and returns a boolean flag to
      indicate whether the request should be queued or not. In the latter case,
      virtio_scsi_handle_cmd_req_prepare() has detected a non-fatal error and
      sent a response back to the guest.
      
      We have now a new condition to take into account: the device is broken
      and should stop all processing.
      
      The return value of virtio_scsi_handle_cmd_req_prepare() is hence changed
      to an int. A return value of zero means that the request should be queued.
      Other non-fatal error cases where the request shoudn't be queued  return
      a negative errno (values are vaguely inspired by the error condition, but
      the only goal here is to discriminate the case we're interested in).
      
      And finally, if virtio_scsi_bad_req() was called, -EINVAL is returned. In
      this case, virtio_scsi_handle_cmd_vq() detaches and frees already queued
      requests, instead of submitting them.
      Signed-off-by: NGreg Kurz <groug@kaod.org>
      Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com>
      Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      661e32fb
    • G
      virtio-net: handle virtio_net_flush_tx() errors · fa5e56c2
      Greg Kurz 提交于
      All these errors are caused by a buggy guest: let's switch the device to
      the broken state instead of terminating QEMU. Also we detach the element
      from the virtqueue and free it.
      
      If this happens, virtio_net_flush_tx() also returns -EINVAL, so that all
      callers can stop processing the virtqueue immediatly.
      Signed-off-by: NGreg Kurz <groug@kaod.org>
      Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com>
      Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      fa5e56c2
    • G
      virtio-net: handle virtio_net_receive() errors · ba10b9c0
      Greg Kurz 提交于
      All these errors are caused by a buggy guest: let's switch the device to
      the broken state instead of terminating QEMU. Also we detach the element
      from the virtqueue and free it.
      Signed-off-by: NGreg Kurz <groug@kaod.org>
      Reviewed-by: NCornelia Huck <cornelia.huck@de.ibm.com>
      Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com>
      Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      ba10b9c0
    • G
      virtio-net: handle virtio_net_handle_ctrl() error · ba7eadb5
      Greg Kurz 提交于
      This error is caused by a buggy guest: let's switch the device to the
      broken state instead of terminating QEMU. Also we detach the element
      from the virtqueue and free it.
      Signed-off-by: NGreg Kurz <groug@kaod.org>
      Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com>
      Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      ba7eadb5
    • G
      virtio-blk: handle virtio_blk_handle_request() errors · 20ea686a
      Greg Kurz 提交于
      All these errors are caused by a buggy guest: QEMU should not exit.
      
      With this patch, if virtio_blk_handle_request() detects a buggy request, it
      marks the device as broken and returns an error to the caller so it takes
      appropriate action.
      
      In the case of virtio_blk_handle_vq(), we detach the request from the
      virtqueue, free its allocated memory and stop popping new requests.
      We don't need to bother about multireq since virtio_blk_handle_request()
      errors out early and mrb.num_reqs == 0.
      
      In the case of virtio_blk_dma_restart_bh(), we need to detach and free all
      queued requests as well.
      Signed-off-by: NGreg Kurz <groug@kaod.org>
      Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com>
      Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      20ea686a
    • G
      virtio-9p: handle handle_9p_output() error · d3d74d6f
      Greg Kurz 提交于
      A broken guest may send a request without providing buffers for the reply
      or for the request itself, and virtqueue_pop() will return an element with
      either in_num == 0 or out_num == 0.
      
      All 9P requests are expected to start with the following 7-byte header:
      
                  uint32_t size_le;
                  uint8_t id;
                  uint16_t tag_le;
      
      If iov_to_buf() fails to return these 7 bytes, then something is wrong in
      the guest.
      
      In both cases, it is wrong to crash QEMU, since the root cause lies in the
      guest.
      
      This patch hence does the following:
      - keep the check of in_num since pdu_complete() assumes it has enough
        space to store the reply and we will send something broken to the guest
      - let iov_to_buf() handle out_num == 0, since it will return 0 just like
        if the guest had provided an zero-sized buffer.
      - call virtio_error() to inform the guest that the device is now broken,
        instead of aborting
      - detach the request from the virtqueue and free it
      Signed-off-by: NGreg Kurz <groug@kaod.org>
      Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com>
      Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      d3d74d6f
    • G
      virtio-blk: make some functions static · d14dde5e
      Greg Kurz 提交于
      Some functions that were called from the dataplane code are now only used
      locally:
      
      virtio_blk_init_request()
      virtio_blk_handle_request()
      virtio_blk_submit_multireq()
      
      since commit "03de2f52 virtio-blk: do not use vring in dataplane", and
      
      virtio_blk_free_request()
      
      since commit "6aa46d8f virtio: move VirtQueueElement at the beginning
      of the structs".
      
      This patch converts them to static.
      Signed-off-by: NGreg Kurz <groug@kaod.org>
      Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com>
      Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      d14dde5e
    • G