The default stack size of PE is 1MB on win32 and IO_BUF_SIZE in
img_convert() & img_rebase() is 2MB, so qemu-img will crash when doing
"convert" & "rebase" on win32.
Although we can improve the stack size of PE to resolve it, I think we
should avoid using the huge stack variables.
Signed-off-by: NTeLeMan <geleman@gmail.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Most of these are obvious NULL-deref bug fixes, for example,
the ones in these files:

  block/curl.c
  net.c
  slirp/misc.c

and the first one in block/vvfat.c.
The others in block/vvfat.c may not lead to an immediate segfault, but I
traced the two schedule_rename(..., strdup(path)) uses, and a failed
strdup would appear to trigger this assertion in handle_renames_and_mkdirs:

	    assert(commit->path);

The conversion to use qemu_strdup in envlist_to_environ is not technically
needed, but does avoid a theoretical leak in the caller when strdup fails
for one value, but later succeeds in allocating another buffer(plausible,
if one string length is much larger than the others).  The caller does
not know the length of the returned list, and as such can only free
pointers until it hits the first NULL.  If there are non-NULL pointers
beyond the first, their buffers would be leaked.  This one is admittedly
far-fetched.

The two in linux-user/main.c are worth fixing to ensure that an
OOM error is diagnosed up front, rather than letting it provoke some
harder-to-diagnose secondary error, in case of exec failure, or worse, in
case the exec succeeds but with an invalid list of command line options.
However, considering how unlikely it is to encounter a failed strdup early
in main, this isn't a big deal.  Note that adding the required uses of
qemu_strdup here and in envlist.c induce link failures because qemu_strdup
is not currently in any library they're linked with.  So for now, I've
omitted those changes, as well as the fixes in target-i386/helper.c
and target-sparc/helper.c.

If you'd like to see the above discussion (or anything else)
in the commit log, just let me know and I'll be happy to adjust.

>From 9af42864fd1ea666bd25e2cecfdfae74c20aa8c7 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering@redhat.com>
Date: Mon, 8 Feb 2010 18:29:29 +0100
Subject: [PATCH] don't dereference NULL after failed strdup

Handle failing strdup by replacing each use with qemu_strdup,
so as not to dereference NULL or trigger a failing assertion.
* block/curl.c (curl_open): s/\bstrdup\b/qemu_strdup/
* block/vvfat.c (init_directories): Likewise.
(get_cluster_count_for_direntry, check_directory_consistency): Likewise.
* net.c (parse_host_src_port): Likewise.
* slirp/misc.c (fork_exec): Likewise.
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

QMP's chardev event callback doesn't call
json_message_parser_destroy() on CHR_EVENT_CLOSED. As the call
to json_message_parser_init() on CHR_EVENT_OPENED allocates memory,
we'are leaking on close.

Fix that by just calling json_message_parser_destroy() on
CHR_EVENT_CLOSED.
Signed-off-by: NLuiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Ideally, Monitor code should report an error only once and
return the error information up the call chain.

To assure that this happens as expected and that no error is
lost, we have an assert() in qemu_error_internal().

However, we still have not fully converted handlers using
monitor_printf() to report errors. As there can be multiple
monitor_printf() calls on an error, the assertion is easily
triggered when debugging is enabled; and we will get a memory
leak if it's not.

The solution to this problem is to allow multiple faults by only
reporting the first one, and to release the additional error objects.

A better mechanism to report multiple errors to programmers is
underway.
Signed-off-by: NLuiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

It's not needed to check the return of qobject_from_jsonf()
anymore, as an assert() has been added there.
Signed-off-by: NLuiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Add an assert() to qobject_from_jsonf() to assure that the returned
QObject is not NULL. Currently this is duplicated in the callers.
Signed-off-by: NLuiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Fix a race condition where qemu finds that there are not enough virtio
ring buffers available and the guest make more buffers available before
qemu can enable notifications.
Signed-off-by: NTom Lendacky <toml@us.ibm.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

OK we are fooled by the json lexer and parser. As we use %I64d to
print 'long long' variables in Win32, but lexer and parser only deal
with %lld but not %I64d, this patch add support for %I64d and solve
'info pci', 'powser_reset' and 'power_powerdown' assert failure in
Win32.
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

qemu_opt_set wants on/off, not yes/no.
Signed-off-by: NMarcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Round robin vcpus in tcg_cpu_next even if the vm stopped. This
allows all cpus to enter stopped state.
Signed-off-by: NMarcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Signed-off-by: NLuiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

With this commit QMP will be started in Capabilities Negotiation
mode, where the only command allowed to run is 'qmp_capabilities'.

All other commands will return CommandNotFound error. Asynchronous
messages are not delivered either.

When 'qmp_capabilities' is successfully executed QMP enters in
Command mode, where all commands (except 'qmp_capabilities') are
allowed to run and asynchronous messages are delivered.
Signed-off-by: NLuiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

This command will be used to enable QMP capabilities advertised
by the capabilities array.

Note that it will be mandatory to issue this command in order
to make QMP functional (although this behavior is not being
enforced by this commit).

Also, as we don't have any capabilities yet, the new command
doesn't accept any arguments. I will postpone the decision for
a format for this until we get our first capability.

Finally, this command is visible from the user Monitor too, in
the meaning that you can execute it but it won't do anything.
Making it only visible in QMP is beyond this series' goal, as
it requires changes in unrelated places.
Signed-off-by: NLuiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

With capability negotiation support clients will only have a chance
to check QEMU's version (ie. issue 'query-version') after the
negotiation procedure is done.

It might be useful to clients to check QEMU's version before
negotiating features, though.

To allow that, this commit adds the QEMU's version object to the
greeting message.

Not really sure this is needed, but doesn't hurt anyway.
Signed-off-by: NLuiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

This fixes a segfault due to buffer overrun in the usb-serial device.
The memcpy was incrementing the start location by recv_used yet, the
computation of first_size (how much to write at the end of the buffer
before wrapping to the front) was not accounting for it. This causes the
next element after the receive buffer (recv_ptr) to get overwritten with
random data.
Signed-off-by: NDavid Ahern <daahern@cisco.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

I have streaming audio devices working within qemu-kvm. This is a port
of the changes to qemu.

Streaming audio generates a series of isochronous requests that are
repetitive and time sensitive. The URBs need to be submitted in
consecutive USB frames and responses need to be handled in a timely manner.

Summary of the changes for isochronous requests:

1. The initial 'valid' value is increased to 32. It needs to be higher
than its current value of 10 since the host adds a 10 frame delay to the
scheduling of the first request; if valid is set to 10 the first
isochronous request times out and qemu cancels it. 32 was chosen as a
nice round number, and it is used in the path where a TD-async pairing
already exists.

2. The token field in the TD is *not* unique for isochronous requests,
so it is not a good choice for finding a matching async request. The
buffer (where to write the guest data) is unique, so use that value instead.

3. TD's for isochronous request need to be completed in the async
completion handler so that data is pushed to the guest as soon as it is
available. The uhci code currently attempts to process complete
isochronous TDs the next time the UHCI frame with the request is
processed. The results in lost data since the async requests will have
long since timed out based on the valid parameter. Increasing the valid
value is not acceptable as it introduces a 1+ second delay in the data
getting pushed to the guest.

4. The frame timer needs to be run on 1 msec intervals. Currently, the
expire time for the processing the next frame is computed after the
processing of each frame. This regularly causes the scheduling of frames
to shift in time. When this happens the periodic scheduling of the
requests is broken and the subsequent request is seen as a new request
by the host resulting in a 10 msec delay (first isochronous request is
scheduled for 10 frames from when the URB is submitted).

[ For what's worth a small change is needed to the guest driver to have
more outstanding URBs (at least 4 URBs with 5 packets per URB).]
Signed-off-by: NDavid Ahern <daahern@cisco.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Just a 1-1 conversion for now.
Signed-off-by: NAmit Shah <amit.shah@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

We have some duplicated code in the CONFIG_IOTHREAD #ifdef and #else
cases. Fix that.
Signed-off-by: NAmit Shah <amit.shah@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

* Add line options to function index.

* Add description for -set (TODO).

* Add description for -global (TODO).
Signed-off-by: NStefan Weil <weil@mail.berlios.de>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

* Add monitor commands to function index.

* Fix description for acl_remove.
Signed-off-by: NStefan Weil <weil@mail.berlios.de>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

* Add some keywords for the concept index.

* Add some keywords for the keystroke index.

* Mark invalid or unclear documentation with TODO.
  Is there a better proposal how to do this?

* Fix copy+paste error in ColdFire section
  (options were copied from ARM).

* Fix documentation for Wine.

* Add placeholders for missing system emulations.

* Add placeholders for missing user emulation commands.

* Add an appendix with license (to be discussed).

* Add an appendix for every type of index which is
  supported by texinfo. Currently, not all are used,
  but this might change in the future.
Signed-off-by: NStefan Weil <weil@mail.berlios.de>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

@itemize @minus does not work as expected
(the items start with "* -").

A simple @itemize gives a better result.
Signed-off-by: NStefan Weil <weil@mail.berlios.de>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

This should help new users to get started.
Signed-off-by: NStefan Weil <weil@mail.berlios.de>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

At least for Linux distributions UTF-8 is now standard,
so the QEMU documentation should use this encoding, too.

Even if there was currently only a single special character
using ISO-8859-1, this might change in the future.

So the texinfo keywords @documentlanguage and
@documentencoding now document the language and the
encoding. The special character was changed to UTF-8
(it could also have been changed to an x, but the
original cross looks really nice if it is displayed
correctly).

These changes fix the html presentation at
http://www.qemu.org/qemu-doc.html#SEC65
(ARM System emulator).
Signed-off-by: NStefan Weil <weil@mail.berlios.de>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

update-info-dir maintains an index of all available
documentation in info format (the file /usr/share/info/dir).

It reads special @direntry tags in info files.

This patch (extracted from a larger patch provided by
Dirk Ullrich) adds these tags for qemu-doc.info and
qemu-tech.info.
Signed-off-by: NStefan Weil <weil@mail.berlios.de>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Clean up the current mess about figuring out which flags to pass to the
driver.  BDRV_O_FILE, BDRV_O_SNAPSHOT and BDRV_O_NO_BACKING are flags
only used by the block layer internally so filter them out directly.
Previously BDRV_O_NO_BACKING could accidentally be passed to the drivers,
but wasn't ever used.
Signed-off-by: NChristoph Hellwig <hch@lst.de>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Just call bdrv_mon_event() in the right place.
Signed-off-by: NLuiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Just call bdrv_mon_event() in the right place.
Signed-off-by: NLuiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Just call bdrv_mon_event() in the right place.
Signed-off-by: NLuiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

This commit introduces the bdrv_mon_event() function, which
should be called by block subsystems (eg. IDE) when a I/O
error occurs, so that an QMP event is emitted.

The following information is currently provided in the event:

- device name
- operation (ie. "read" or "write")
- action taken (eg. "stop")

Event example:

{ "event": "BLOCK_IO_ERROR",
    "data": { "device": "ide0-hd1",
              "operation": "write",
              "action": "stop" },
    "timestamp": { "seconds": 1265044230, "microseconds": 450486 } }
Signed-off-by: NLuiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

This commit adds the basic definitions for the BLOCK_IO_ERROR
event, but actual event emission will be introduced by the
next commits.
Signed-off-by: NLuiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Checking for return codes < 0 isn't really going to work with unsigned
types. Use signed types instead.
Signed-off-by: NKevin Wolf <kwolf@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Commit 03cbdac7 "Disable fall-back to read-only when cannot open drive's
file for read-write" result in read-only image can't be used as backed
image in qemu-img.

Cc: Naphtali Sprei <nsprei@redhat.com>
Signed-off-by: NSheng Yang <sheng@linux.intel.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

The "Cross compilation for Windows with Linux" section of qemu-doc.texi
still instructs the user to use 'configure --enable-mingw32'
even after the option was removed in Aug 2008:
http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=cd01b4a312248dd4e12c3d389d1a349cea4015d8

This documentation only change updates the instructions to:
* Remove use of '--enable-mingw32' in the configure example
* Correct the 'sdl-config' script name
* Remove references to i386-mingw32msvc.tar.gz which no longer exists in
  recent SDL releases
* Document the zlib dependency
Signed-off-by: NScott Tsai <scottt.tw@gmail.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

In case, when qemu is executed with option like
-serial /dev/ttyS0, report if there are problems with
opening of devices. At now errors are silently ignoring.
Signed-off-by: NEvgeniy Dushistov <dushistov@mail.ru>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Makefile already supported dvi, html and info formats,
but pdf was missing.

pdf is especially convenient for printing and for
documentation reviews. I hope it will help to
improve qemu's documentation.

Make now supports the new target 'pdf' which will
create qemu-doc.pdf and qemu-tech.pdf. It is also
possible to build both files individually.

texi2pdf and texi2dvi are rather noisy, so normally
some less important warnings are suppressed.
When make is called with V=1 (verbose mode),
warnings are not suppressed.

The patch also sorts the documentation targets
alphabetically and wraps a line which was too long.
Signed-off-by: NStefan Weil <weil@mail.berlios.de>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

The #ifdef CONFIG_SOLARIS below was useless without this patch.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Same as what qemu-kvm does.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

No need to loop if less than a full buffer is read, the next
read would return EAGAIN.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Move to stage3 only when remaining work can be done below max downtime.
Use qemu_get_clock_ns for measuring read performance.
Signed-off-by: NLiran Schour <lirans@il.ibm.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>