- 24 6月, 2015 1 次提交
-
-
由 Gonglei 提交于
in_num = req->elem.in_num, and req->elem.in_num is checked in line 489, so the check about in_num variable is superflous, let's drop it. Signed-off-by: NGonglei <arei.gonglei@huawei.com> Reviewed-by: NFam Zheng <famz@redhat.com> Message-id: 1435138164-11728-1-git-send-email-arei.gonglei@huawei.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
- 23 6月, 2015 2 次提交
-
-
由 Lu Lina 提交于
Signed-off-by: NLu Lina <lina.lulina@huawei.com> Acked-by: NKeith Busch <keith.busch@intel.com> Message-id: 1434695254-69808-1-git-send-email-kathy.wangting@huawei.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Alexander Yarygin 提交于
Each call of the virtio_blk_reset() function calls blk_drain_all(), which works for all existing BlockDriverStates, while draining only one is needed. This patch replaces blk_drain_all() by blk_drain() in virtio_blk_reset(). virtio_blk_data_plane_stop() should be called after draining because it restores vblk->complete_request. Cc: "Michael S. Tsirkin" <mst@redhat.com> Cc: Christian Borntraeger <borntraeger@de.ibm.com> Cc: Cornelia Huck <cornelia.huck@de.ibm.com> Cc: Kevin Wolf <kwolf@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: NAlexander Yarygin <yarygin@linux.vnet.ibm.com> Message-id: 1434537440-28236-3-git-send-email-yarygin@linux.vnet.ibm.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
- 12 6月, 2015 1 次提交
-
-
由 Juan Quintela 提交于
We create optional sections with this patch. But we already have optional subsections. Instead of having two mechanism that do the same, we can just generalize it. For subsections we just change: - Add a needed function to VMStateDescription - Remove VMStateSubsection (after removal of the needed function it is just a VMStateDescription) - Adjust the whole tree, moving the needed function to the corresponding VMStateDescription Signed-off-by: NJuan Quintela <quintela@redhat.com>
-
- 05 6月, 2015 3 次提交
-
-
由 Paolo Bonzini 提交于
When this property is set, MMIO accesses are only allowed with the MEMTXATTRS_SECURE attribute. This is used for secure access to UEFI variables stored in flash. Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Paolo Bonzini 提交于
This is a required step to implement read_with_attrs and write_with_attrs. Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Paolo Bonzini 提交于
Make this consistent with the secure property, added in the next patch. Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
- 03 6月, 2015 7 次提交
-
-
由 Kevin Wolf 提交于
The RQM bit in MSR should be set whenever the guest is supposed to access the FIFO, and it should be cleared in all other cases. This is important so the guest can't continue writing/reading the FIFO beyond the length that it's suppossed to access (see CVE-2015-3456). Commit e9077462 fixed the CVE by adding code that avoids the buffer overflow; however it doesn't correct the wrong behaviour of the floppy controller which should already have cleared RQM. Currently, RQM stays set all the time and during all phases while a command is being processed. This is error-prone because the command has to explicitly clear the flag if it doesn't need data (and indeed, the two buggy commands that are the culprits for the CVE just forgot to do that). This patch clears RQM immediately as soon as all bytes that are expected have been received. If the the FIFO is used in the next phase, the flag has to be set explicitly there. It also clear RQM after receiving all bytes even if the phase transition immediately sets it again. While it's technically not necessary at the moment because the state between clearing and setting RQM is not observable by the guest, this is more explicit and matches how real hardware works. It will actually become necessary in qemu once asynchronous code paths are introduced. This alone should have been enough to fix the CVE, but now we have two lines of defense - even better. Signed-off-by: NKevin Wolf <kwolf@redhat.com> Reviewed-by: NJohn Snow <jsnow@redhat.com> Message-id: 1432214378-31891-8-git-send-email-kwolf@redhat.com Signed-off-by: NJohn Snow <jsnow@redhat.com>
-
由 Kevin Wolf 提交于
This commit makes similar improvements as have already been made to the write function: Instead of relying on a flag in the MSR to distinguish controller phases, use the explicit phase that we store now. Assertions of the right MSR flags are added. Signed-off-by: NKevin Wolf <kwolf@redhat.com> Reviewed-by: NJohn Snow <jsnow@redhat.com> Message-id: 1432214378-31891-7-git-send-email-kwolf@redhat.com Signed-off-by: NJohn Snow <jsnow@redhat.com>
-
由 Kevin Wolf 提交于
Factor out a few common lines of code, reformat, improve comments. Signed-off-by: NKevin Wolf <kwolf@redhat.com> Reviewed-by: NJohn Snow <jsnow@redhat.com> Message-id: 1432214378-31891-6-git-send-email-kwolf@redhat.com Signed-off-by: NJohn Snow <jsnow@redhat.com>
-
由 Kevin Wolf 提交于
Instead of relying on a flag in the MSR to distinguish controller phases, use the explicit phase that we store now. Assertions of the right MSR flags are added. Signed-off-by: NKevin Wolf <kwolf@redhat.com> Reviewed-by: NJohn Snow <jsnow@redhat.com> Message-id: 1432214378-31891-5-git-send-email-kwolf@redhat.com Signed-off-by: NJohn Snow <jsnow@redhat.com>
-
由 Kevin Wolf 提交于
The floppy controller spec describes three different controller phases, which are currently not explicitly modelled in our emulation. Instead, each phase is represented by a combination of flags in registers. This patch makes explicit in which phase the controller currently is. Signed-off-by: NKevin Wolf <kwolf@redhat.com> Acked-by: NJohn Snow <jsnow@redhat.com> Message-id: 1432214378-31891-4-git-send-email-kwolf@redhat.com Signed-off-by: NJohn Snow <jsnow@redhat.com>
-
由 Kevin Wolf 提交于
What callers really do with this function is to switch from execution phase (including data transfers) to result phase where the guest can read out one or more status bytes from the FIFO (the number depends on the command). Rename the function accordingly. Signed-off-by: NKevin Wolf <kwolf@redhat.com> Reviewed-by: NJohn Snow <jsnow@redhat.com> Message-id: 1432214378-31891-3-git-send-email-kwolf@redhat.com Signed-off-by: NJohn Snow <jsnow@redhat.com>
-
由 Kevin Wolf 提交于
What all callers of fdctrl_reset_fifo() really want to do is to start the command phase, where writes to the data port initiate a new command. The function doesn't only clear the FIFO, but also sets up the state so that a new command can be received. Rename it to reflect this. Signed-off-by: NKevin Wolf <kwolf@redhat.com> Reviewed-by: NJohn Snow <jsnow@redhat.com> Message-id: 1432214378-31891-2-git-send-email-kwolf@redhat.com Signed-off-by: NJohn Snow <jsnow@redhat.com>
-
- 01 6月, 2015 1 次提交
-
-
由 Gerd Hoffmann 提交于
Make features 64bit wide everywhere. On migration a full 64bit guest_features field is sent if one of the high bits is set, in addition to the lower 32bit guest_features field which must stay for compatibility reasons. That way we send the lower 32 feature bits twice, but the code is simpler because we don't have to split and compose the 64bit features into two 32bit fields. Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
- 22 5月, 2015 1 次提交
-
-
由 Christoph Hellwig 提交于
The SCSI emulation in the Linux NVMe driver really wants to know if a device has a volatile write cache. Given that qemu has moved away from a model where we report the backing store WCE bit to one where the WCE bit is supposed to be part of the migratable guest-visible state we always return 1 here. Signed-off-by: NChristoph Hellwig <hch@lst.de> Acked-by: NKeith Busch <keith.busch@intel.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
- 13 5月, 2015 1 次提交
-
-
由 Petr Matousek 提交于
During processing of certain commands such as FD_CMD_READ_ID and FD_CMD_DRIVE_SPECIFICATION_COMMAND the fifo memory access could get out of bounds leading to memory corruption with values coming from the guest. Fix this by making sure that the index is always bounded by the allocated memory. This is CVE-2015-3456. Signed-off-by: NPetr Matousek <pmatouse@redhat.com> Reviewed-by: NJohn Snow <jsnow@redhat.com> Signed-off-by: NJohn Snow <jsnow@redhat.com>
-
- 30 4月, 2015 2 次提交
-
-
由 Daniel Stekloff 提交于
Windows seems to send two separate calls to NVMe controller configuration. The first sends configuration info and the second the enable bit. I couldn't enable the Windows 8.1 in-box NVMe driver with base Qemu. I made the following change to store the configuration data and then handle enable and NVMe driver works on Windows 8.1. I am not a Windows expert and I'm not entirely sure this is the correct approach. I'm offering it for anyone who wishes to use NVMe on Windows 8.1 using Qemu. I have tested this change with Linux and Windows guests with NVMe devices. Signed-off-by: NDaniel Stekloff <dan@wendan.org> Acked-by: NKeith Busch <keith.busch@intel.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Stefan Weil 提交于
All of them were reported by codespell. Most typos are in comments, one is in an error message. Signed-off-by: NStefan Weil <sw@weilnetz.de> Reviewed-by: NPeter Maydell <peter.maydell@linaro.org> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>
-
- 29 4月, 2015 1 次提交
-
-
由 Hervé Poussineau 提交于
They were introduced in 6f7e9aec and 82407d1a and lots of bug fixes were done after that. This fixes (at least) the detection of the floppy controller on Debian 4.0r9/SPARC, and SS-5's OBP initialization routine still works. Signed-off-by: NHervé Poussineau <hpoussin@reactos.org> Tested-by: NMark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Message-id: 1426351846-6497-1-git-send-email-hpoussin@reactos.org Signed-off-by: NJohn Snow <jsnow@redhat.com>
-
- 28 4月, 2015 2 次提交
-
-
由 Stefan Hajnoczi 提交于
Delay the call to blk_blockalign() until s->blk has been assigned. This never caused a crash because blk_blockalign(NULL, size) defaults to 4096 alignment but it's technically incorrect. Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com> Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com> Message-id: 1429091024-25098-1-git-send-email-stefanha@redhat.com Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Paolo Bonzini 提交于
Of the block devices that poked into -drive options via drive_get_next, m25p80 was the only one who also did not attach itself to the BlockBackend. Since sd does it, and all other devices go through a "drive" property, with this change all block backends attached to the guest will have a non-NULL result for blk_get_attached_dev(). Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> Reviewed-by: NPeter Crosthwaite <peter.crosthwaite@xilinx.com> Message-id: 1429025387-11077-1-git-send-email-pbonzini@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
- 08 4月, 2015 1 次提交
-
-
由 Paolo Bonzini 提交于
After qemu_iovec_destroy, the QEMUIOVector's size is zeroed and the zero size ultimately is used to compute virtqueue_push's len argument. Therefore, reads from virtio-blk devices did not migrate their results correctly. (Writes were okay). Save the size in virtio_blk_handle_request, and use it when the request is completed. Based on a patch by Wen Congyang. Signed-off-by: NWen Congyang <wency@cn.fujitsu.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> Tested-by: NLi Zhijian <lizhijian@cn.fujitsu.com> Message-id: 1427997044-392-1-git-send-email-pbonzini@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
- 02 4月, 2015 1 次提交
-
-
由 Markus Armbruster 提交于
Drives defined with if!=none are for board initialization to wire up. Board code calls drive_get() or similar to find them, and creates devices with their qdev drive properties set accordingly. Except a few devices go on a fishing expedition for a suitable backend instead of exposing a drive property for board code to set: they call driver_get() or drive_get_next() in their realize() or init() method to implicitly connect to the "next" backend with a certain interface type. Picking up backends that way works when the devices are created by board code. But it's inappropriate for -device or device_add. Not only is this inconsistent with how the other block device models work (they connect to a backend explicitly identified by a "drive" property), it breaks when the "next" backend has been picked up by the board already. Example: $ qemu-system-arm -S -M connex -pflash flash.img -device ssi-sd Aborted (core dumped) Mark them with suitable FIXME comments. Cc: Andrzej Zaborowski <balrogg@gmail.com> Cc: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Cc: "Andreas Färber" <andreas.faerber@web.de> Cc: Michael Walle <michael@walle.cc> Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
-
- 27 3月, 2015 1 次提交
-
-
由 Stefan Weil 提交于
The shift operation on nlb gives a 32 bit result if no type cast is applied. This bug was reported by Coverity. Signed-off-by: NStefan Weil <sw@weilnetz.de> Message-id: 1426348844-8793-1-git-send-email-sw@weilnetz.de Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
- 10 3月, 2015 5 次提交
-
-
由 Fam Zheng 提交于
By default, we have ioeventfd enabled, so the IO request processing is in IO thread; in the vcpu thread, guest mode is returned to as quickly as possible, and completion is delivered via irqfd. Therefore this comment from the initial implementation is barely relevant. Signed-off-by: NFam Zheng <famz@redhat.com> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Ekaterina Tumanova 提交于
geometry: hd_geometry_guess function autodetects the drive geometry. This patch adds a block backend call, that probes the backing device geometry. If the inner driver method is implemented and succeeds (currently only for DASDs), the blkconf_geometry will pass-through the backing device geometry. Otherwise will fallback to old logic. blocksize: This patch initializes blocksize properties to 0. In order to set the property a blkconf_blocksizes was introduced. If user didn't set physical or logical blocksize, it will retrieve its value from a driver (only succeeds for DASD), otherwise it will set default 512 value. The blkconf_blocksizes call was added to all users of BlkConf. Signed-off-by: NEkaterina Tumanova <tumanova@linux.vnet.ibm.com> Reviewed-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> Message-id: 1424087278-49393-6-git-send-email-tumanova@linux.vnet.ibm.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Fam Zheng 提交于
Since commit 1dc936aa (virtio-blk: Use blk_aio_ioctl) we silently lose the request if blk_aio_ioctl returns NULL (not implemented). Fix it by directly returning VIRTIO_BLK_S_UNSUPP as we used to do. Signed-off-by: NFam Zheng <famz@redhat.com> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> [ kwolf: Fixed build error on win32 ] Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Markus Armbruster 提交于
Three kinds of callers: 1. On failure, report the error and abort Passing &error_abort does the job. No functional change. 2. On failure, report the error and exit() This is qdev_prop_set_drive_nofail(). Error reporting moves from qdev_prop_set_drive() to its caller. Because hiding away the error in the monitor right before exit() isn't helpful, replace qerror_report_err() by error_report_err(). Shouldn't make a difference, because qdev_prop_set_drive_nofail() should never be used in QMP context. 3. On failure, report the error and recover This is usb_msd_init() and scsi_bus_legacy_add_drive(). Error reporting and freeing the error object moves from qdev_prop_set_drive() to its callers. Because usb_msd_init() can't run in QMP context, replace qerror_report_err() by error_report_err() there. No functional change. scsi_bus_legacy_add_drive() calling qerror_report_err() is of course inappropriate, but this commit merely makes it more obvious. The next one will clean it up. Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NPeter Crosthwaite <peter.crosthwaite@xilinx.com> Message-Id: <1425925048-15482-3-git-send-email-armbru@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Gonglei 提交于
Signed-off-by: NGonglei <arei.gonglei@huawei.com> Reviewed-by: NMarkus Armbruster <armbru@redhat.com> Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>
-
- 26 2月, 2015 3 次提交
-
-
由 Cornelia Huck 提交于
Add a helper function for checking whether a bit is set in the guest features for a vdev as well as one that works on a feature bit set. Convert code that open-coded this: It cleans up the code and makes it easier to extend the guest feature bits. Signed-off-by: NCornelia Huck <cornelia.huck@de.ibm.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
由 Cornelia Huck 提交于
Add virtio_{add,clear}_feature helper functions for manipulating a feature bits variable. This has some benefits over open coding: - add check that the bit is in a sane range - make it obvious at a glance what is going on - have a central point to change when we want to extend feature bits Convert existing code manipulating features to use the new helpers. Signed-off-by: NCornelia Huck <cornelia.huck@de.ibm.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
由 Michael S. Tsirkin 提交于
Drop duplicated code. Minor codechanges were required as geometry is a sub-structure now. Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Reviewed-by: NThomas Huth <thuth@linux.vnet.ibm.com>
-
- 18 2月, 2015 1 次提交
-
-
由 Markus Armbruster 提交于
Coccinelle semantic patch: @@ expression E; @@ - error_report("%s", error_get_pretty(E)); - error_free(E); + error_report_err(E); @@ expression E, S; @@ - error_report("%s", error_get_pretty(E)); + error_report_err(E); ( exit(S); | abort(); ) Trivial manual touch-ups in block/sheepdog.c. Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com>
-
- 16 2月, 2015 2 次提交
-
-
由 Max Reitz 提交于
As part of the required changes, this fixes a bug where specifying an invalid driver would result in the block layer probing the image format; now it will result in an error, unless "<unset>" is specified as the driver name. Fixing this would require further work on the xen_disk code which does not seem worth it (at this point and for this patch). Signed-off-by: NMax Reitz <mreitz@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Message-id: 1423162705-32065-7-git-send-email-mreitz@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Cornelia Huck 提交于
The vring.c code currently assumes that guest and host endianness match, which is not true for a number of cases: - emulating targets with a different endianness than the host - bi-endian targets, where the correct endianness depends on the virtio device - upcoming support for the virtio-1 standard mandates little-endian accesses even for big-endian targets and hosts Make sure to use accessors that depend on the virtio device. Note that dataplane now needs to be built per-target. Cc: Stefan Hajnoczi <stefanha@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Fam Zheng <famz@redhat.com> Reviewed-by: NDavid Gibson <david@gibson.dropbear.id.au> Tested-by: NDavid Gibson <david@gibson.dropbear.id.au> Signed-off-by: NCornelia Huck <cornelia.huck@de.ibm.com> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> Message-id: 1422289602-17874-2-git-send-email-cornelia.huck@de.ibm.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
- 10 2月, 2015 1 次提交
-
-
由 Markus Armbruster 提交于
Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Reviewed-by: NGonglei <arei.gonglei@huawei.com> Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>
-
- 07 2月, 2015 3 次提交
-
-
由 Peter Lieven 提交于
we check and adjust request sizes at several places with sometimes inconsistent checks or default values: INT_MAX INT_MAX >> BDRV_SECTOR_BITS UINT_MAX >> BDRV_SECTOR_BITS SIZE_MAX >> BDRV_SECTOR_BITS This patches introdocues a macro for the maximal allowed sectors per request and uses it at several places. Signed-off-by: NPeter Lieven <pl@kamp.de> Reviewed-by: NDenis V. Lunev <den@openvz.org> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Peter Lieven 提交于
this adds a knob to disable request merging for debugging or benchmarks if dedired. Signed-off-by: NPeter Lieven <pl@kamp.de> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Peter Lieven 提交于
this patch finally introduces multiread support to virtio-blk. While multiwrite support was there for a long time, read support was missing. The complete merge logic is moved into virtio-blk.c which has been the only user of request merging ever since. This is required to be able to merge chunks of requests and immediately invoke callbacks for those requests. Secondly, this is required to switch to direct invocation of coroutines which is planned at a later stage. The following benchmarks show the performance of running fio with 4 worker threads on a local ram disk. The numbers show the average of 10 test runs after 1 run as warmup phase. | 4k | 64k | 4k MB/s | rd seq | rd rand | rd seq | rd rand | wr seq | wr rand --------------+--------+---------+--------+---------+--------+-------- master | 1221 | 1187 | 4178 | 4114 | 1745 | 1213 multiread | 1829 | 1189 | 4639 | 4110 | 1894 | 1216 Signed-off-by: NPeter Lieven <pl@kamp.de> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-