Errors are inadvertently ignored in a few places.  Has always been
broken.  Spotted by Coverity.
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
Reviewed-by: NJeff Cody <jcody@redhat.com>
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>

It is exactly assert_no_active_block_jobs in iotests.py
Signed-off-by: NFam Zheng <famz@redhat.com>
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>

this adds a basic vmdk corruption check. it should detect severe
table corruptions and file truncation.
Signed-off-by: NPeter Lieven <pl@kamp.de>
Reviewed-by: NFam Zheng <famz@redhat.com>
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>

The QCOW2 .bdrv_make_empty implementation always returns 0 for success,
but does not actually do anything.

The proper way to not support an optional driver function stub is to
just not implement it, so let's remove the stub.
Signed-off-by: NJeff Cody <jcody@redhat.com>
Reviewed-by: NBenoit Canet <benoit@irqsave.net>
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>

The QED .bdrv_make_empty() implementation does nothing but return
-ENOTSUP, which causes problems in bdrv_commit().  Since the function
stub exists for QED, it is called, which then always returns an error.

The proper way to not support an optional driver function stub is to
just not implement it, so let's remove the stub.
Signed-off-by: NJeff Cody <jcody@redhat.com>
Reviewed-by: NBenoit Canet <benoit@irqsave.net>
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>

The qemu-img.texi / qemu-doc.texi files currently describe the
qcow2/qcow2 encryption thus

  "Encryption uses the AES format which is very secure (128 bit
   keys). Use a long password (16 characters) to get maximum
   protection."

While AES is indeed a strong encryption system, the way that
QCow/QCow2 use it results in a poor/weak encryption system.
Due to the use of predictable IVs, based on the sector number
extended to 128 bits, it is vulnerable to chosen plaintext
attacks which can reveal the existence of encrypted data.

The direct use of the user passphrase as the encryption key
also leads to an inability to change the passphrase of an
image. If passphrase is ever compromised the image data will
all be vulnerable, since it cannot be re-encrypted. The admin
has to clone the image files with a new passphrase and then
use a program like shred to secure erase all the old files.

Recommend against any use of QCow/QCow2 encryption, directing
users to dm-crypt / LUKS which can meet modern cryptography
best practices.

[Changed "Qcow" to "qcow" for consistency.
--Stefan]
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
Reviewed-by: NMarkus Armbruster <armbru@redhat.com>
Reviewed-by: NEric Blake <eblake@redhat.com>
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>

Tracing pull request

# gpg: Signature made Mon 27 Jan 2014 14:51:09 GMT using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35  775A 9CA4 ABB3 81AB 73C8

* stefanha/tags/tracing-pull-request:
  trace: fix simple trace "disable" keyword
  trace: add glib 2.32+ static GMutex support
  trace: [simple] Do not include "trace/simple.h" in generated tracer headers
  tracing: start trace processing thread in final child process

Message-id: 1390834386-23139-1-git-send-email-stefanha@redhat.com
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

acpi,pci,pc,virtio fixes and enhancements

This includes new unit-tests for acpi by Marcel,
hotplug for pci bridges by myself (piix only so far)
and cpu hotplug for q35.
And a bunch of fixes all over the place as usual.

I included the patch to fix memory alignment for q35
as well - even though it limits 32 bit guests to 3G (they
previously could address more memory with PAE).
To remove the limit, this will have to be fixed in seabios.

I also added self as virtio co-maintainer so I don't need
to troll the list for patches to review.
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Sun 26 Jan 2014 11:12:09 GMT using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17  0970 C350 3912 AFBE 8E67
#      Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA  8A0D 281F 0DB8 D28D 5469

* mst/tags/for_anthony: (35 commits)
  MAINTAINERS: add self as virtio co-maintainer
  q35: document gigabyte_align
  q35: gigabyte alignment for ram
  acpi: Fix PCI hole handling on build_srat()
  pc: Save size of RAM below 4GB
  hw/pci: fix error flow in pci multifunction init
  acpi-test: update expected AML since recent changes
  pc: ACPI: update acpi-dsdt.hex.generated q35-acpi-dsdt.hex.generated
  pc: ACPI: unify source of CPU hotplug IO base/len
  pc: ACPI: expose PRST IO range via _CRS
  pc: Q35 DSDT: exclude CPU hotplug IO range from PCI bus resources
  pc: PIIX DSDT: exclude CPU/PCI hotplug & GPE0 IO range from PCI bus resources
  pc: set PRST base in DSDT depending on chipset
  acpi: ich9: add CPU hotplug handling to Q35 machine
  acpi: factor out common cpu hotplug code for PIIX4/Q35
  acpi-build: enable hotplug for PCI bridges
  piix4: add acpi pci hotplug support
  pcihp: generalization of piix4 acpi
  pci: add pci_for_each_bus_depth_first
  pc: make: fix dependencies: rebuild when included file is changed
  ...

Message-id: 1390735289-15563-1-git-send-email-mst@redhat.com
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

* sstabellini/xen-170114:
  xen_pt: Fix passthrough of device with ROM.
  xen_pt: Fix debug output.
  xenfb: map framebuffer read-only and handle unmap errors

Message-id: alpine.DEB.2.02.1401171537140.21510@kaball.uk.xensource.com
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

Net patches

# gpg: Signature made Mon 27 Jan 2014 14:45:35 GMT using RSA key ID 81AB73C8
# gpg: Can't check signature: public key not found

* stefanha/tags/net-pull-request:
  tap-linux: Get features once and use it many times
  Fix lan9118 buffer length handling
  Fix lan9118 TX "CMD A" handling
  net: Use g_strdup_printf instead of snprintf.

Message-id: 1390834129-19625-1-git-send-email-stefanha@redhat.com
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

* rth/tcg-movbe:
  tcg/i386: cleanup useless #ifdef
  tcg/i386: use movbe instruction in qemu_ldst routines
  tcg/i386: add support for three-byte opcodes
  tcg/i386: remove hardcoded P_REXW value
  disas/i386.c: disassemble movbe instruction

Message-id: 1390692772-15282-1-git-send-email-rth@twiddle.net
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

trivial-patches for 2014-01-16

# gpg: Signature made Thu 16 Jan 2014 17:29:05 GMT using RSA key ID 74F0C838
# gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>"
# gpg:                 aka "Michael Tokarev <mjt@corpit.ru>"
# gpg:                 aka "Michael Tokarev <mjt@debian.org>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6EE1 95D1 886E 8FFB 810D  4324 457C E0A0 8044 65C5
#      Subkey fingerprint: E190 8639 3B10 B51B AC2C  8B73 5253 C5AD 74F0 C838

Message-id: 1389893719-16336-1-git-send-email-mjt@msgid.tls.msk.ru
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

We have cache pools of temporaries that we can reuse later when they've
already been allocated before.

These cache pools differenciate between the target TCG variable type they
contain. So we have one pool for I32 and one pool for I64 variables.

On a 32bit system, we can't work with 64bit registers though. So instead we
spawn two I32 temporaries for every I64 temporary we create. All caching
works the same way as on a real 64-bit system though: We create a cache entry
in the 64bit array for the first i32 index.

However, when we free such a temporary we free it to the pool of its type
(which is always i32 on 32bit systems) rather than its base_type (which is
i64 or i32 depending on the variable). This means we put a temporary that
is of base_type == i64 into the i32 preallocated temporary pool.

Eventually, this results in failures like this on 32bit hosts:

  qemu-system-ppc64: tcg/tcg.c:515: tcg_temp_new_internal: Assertion `ts->base_type == type' failed.

This patch makes the free routine use the base_type instead for the free case,
so it's consistent with the temporary allocation. It fixes the above failure
for me.
Signed-off-by: NAlexander Graf <agraf@suse.de>
Reviewed-by: NRichard Henderson <rth@twiddle.net>
Message-id: 1390146811-59936-1-git-send-email-agraf@suse.de
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

The trace-events "disable" keyword turns an event into a nop at
compile-time.  This is important for high-frequency events that can
impact performance.

The "disable" keyword is currently broken in the simple trace backend.
This patch fixes the problem as follows:

Trace events are identified by their TraceEventID number.  When events
are disabled there are two options for assigning TraceEventID numbers:
1. Skip disabled events and don't assign them a number.
2. Assign numbers for all events regardless of the disabled keyword.

The simple trace backend and its binary file format uses approach #1.

The tracetool infrastructure has been using approach #2 for a while.

The result is that the numbers used in simple trace files do not
correspond with TraceEventIDs.  In trace/simple.c we assumed that they
are identical and therefore emitted bogus numbers.

This patch fixes the bug by using TraceEventID for trace_event_id()
while sticking to approach #1 for simple trace file numbers.  This
preserves simple trace file format compatibility.
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>

The GStaticMutex API was deprecated in glib 2.32.  We cannot switch over
to GMutex unconditionally since we would drop support for older glib
versions.  But the deprecated API warnings during build are annoying so
use static GMutex when possible.
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>

The header is not necessary, given that the simple backend does not define any
inlined tracing routines.
Signed-off-by: NLluís Vilanova <vilanova@ac.upc.edu>
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>

When running with trace backend e.g. "simple" the writer thread needs to be
implemented in the same process context as the trace points that will be
processed. Under libvirtd control, qemu gets first started in daemonized
mode to privide its capabilities. Creating the writer thread in the initial
process context then leads to a dead lock because the thread gets termined
together with the initial parent. (-daemonize)
Signed-off-by: NMichael Mueller <mimu@linux.vnet.ibm.com>
Signed-off-by: NChristian Borntraeger <borntraeger@de.ibm.com>
[minor whitespace fixes]
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>

Signed-off-by: NKusanagi Kouichi <slash@ac.auone-net.jp>
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>

The 9118 ethernet controller supports transmission of multi-buffer packets
with arbitrary byte alignment of the start and end bytes.  All writes to
the packet fifo are 32 bits, so the controller discards bytes at the beginning
and end of each buffer based on the 'Data start offset' and 'Buffer size'
of the TX command 'A' format.

This patch uses the provided buffer length to limit the bytes transmitted.
Previously all the bytes of the last 32-bit word written to the TX fifo
were added to the internal transmit buffer structure resulting in more bytes
being transmitted than were submitted to the hardware in the command.  This
resulted in extra bytes being inserted into the middle of multi-buffer
packets when the non-final buffers had non-32bit aligned ending addresses.
Signed-off-by: NRoy Franz <roy.franz@linaro.org>
Reviewed-by: NPeter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>

The 9118 ethernet controller supports transmission of multi-buffer packets
with arbitrary byte alignment of the start and end bytes.  All writes to
the packet fifo are 32 bits, so the controller discards bytes at the beginning
and end of each buffer based on the 'Data start offset' and 'Buffer size'
of the TX command 'A' format.

This patch changes the buffer size and offset internal state variables to be
updated on every "TX command A" write.  Previously they were only updated for
the first segment, which resulted incorrect behavior for packets with more
than one segment. Each segment of the packet has its own CMD A command, with
its own buffer size and start offset.

Also update extraction of fields from the CMD A word to use extract32().
Signed-off-by: NRoy Franz <roy.franz@linaro.org>
Reviewed-by: NPeter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>

assign_name() in net/net.c is using snprintf + g_strdup to get the same
result as g_strdup_printf.
Signed-off-by: NHani Benhabiles <kroosec@gmail.com>
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>

This will help make sure I get Cc'd on patches.
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

Document the logic behind the below/above 4G split.
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

Map 2G (q35) of memory below 4G, so the RAM pieces
are nicely aligned to gigabyte borders.

Keep old memory layout for (a) old machine types and (b) in case all
memory fits below 4G and thus we don't have to split RAM into pieces
in the first place.  The later makes sure this change doesn't take
away memory from 32bit guests.
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

The original SeaBIOS code used the RamSize variable, that was used by
SeaBIOS for the size of RAM below 4GB, not for all RAM. When copied to
QEMU, the code was changed to use the full RAM size, and this broke the
build_srat() code that handles the PCI hole.

Change build_srat() to use ram_size_below_4g instead of ram_size, to
restore the original behavior from SeaBIOS.
Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

The ram_below_4g value will be useful in other places, such as the ACPI
table code, and other code that currently requires passing
below_4g_mem_size around in function arguments.
Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

Scenario:
  - There is a non multifunction pci device A on 00:0X.0.
  - Hot-plug another multifunction pci device B at 00:0X.1.
  - The operation will fail of course.
  - Try to hot-plug the B device 2-3 more times, qemu will crash.

Reason: The error flow leaves the B's address space into global address spaces
list, but the device object is freed. Fixed that.
Signed-off-by: NMarcel Apfelbaum <marcel.a@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

Signed-off-by: NIgor Mammedov <imammedo@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

use C headers defines as source of IO base/len for respective
values in ASL code.
Signed-off-by: NIgor Mammedov <imammedo@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

.. so OSPM could notice resource conflict if there is any.
Signed-off-by: NIgor Mammedov <imammedo@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

... for range defined at hw/acpi/ich9.c:ICH9_PROC_BASE
Signed-off-by: NIgor Mammedov <imammedo@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

.. so that they might not be used by PCI devices.

Note:
Resort to concatenating templates with preprocessor help,
because 1.0b spec isn't supporting ConcatenateResTemplate,
as result Windows XP fails to execute PCI0._CRS method if
ConcatenateResTemplate() is used.
Signed-off-by: NIgor Mammedov <imammedo@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

Signed-off-by: NIgor Mammedov <imammedo@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

.. use IO port 0cd8-0xcf7 range for CPU present bitmap
Signed-off-by: NIgor Mammedov <imammedo@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

.. so it could be used for adding CPU hotplug to Q35 machine

Add an additional header with that will be shared between
C and ASL code: include/hw/acpi/cpu_hotplug_defs.h
Signed-off-by: NIgor Mammedov <imammedo@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

This enables support for device hotplug behind
pci bridges. Bridge devices themselves need
to be pre-configured on qemu command line.

Design:
    - at machine init time, assign "bsel" property to bridges with
      hotplug support
    - dynamically (At ACPI table read) generate ACPI code to handle
      hotplug events for each bridge with "bsel" property

Note: ACPI doesn't support adding or removing bridges by hotplug.
We detect and prevent removal of bridges by hotplug,
unless they were added by hotplug previously
(and so, are not described by ACPI).
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

Add support for acpi pci hotplug using the
new infrastructure.
PIIX4 legacy interface is maintained as is for
machine types 1.7 and older.
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

Add ACPI based PCI hotplug library with bridge hotplug
support.
Design
   - each bus gets assigned "bsel" property.
   - ACPI code writes this number
     to a new BNUM register, then uses existing
     UP/DOWN registers to probe slot status;
     to eject, write number to BNUM register,
     then slot into existing EJ.

The interface is actually backwards-compatible with
existing PIIX4 ACPI (though not migration compatible).

This is split out from PIIX4 codebase so we can
reuse it for Q35 as well.
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

Useful for ACPI hotplug.
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>