Drives defined with -drive if=ide get get created along with the IDE
controller, inside machine->init().  That's before cmos_init().
Drives defined with -device get created during generic device init.
That's after cmos_init().  Because of that, CMOS has no information on
them (type, geometry, translation).  Older versions of Windows such as
XP reportedly choke on that.

Split off the part of CMOS initialization that needs to know about
-device devices, and turn it into a reset handler, so it runs after
device creation.
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
Signed-off-by: NKevin Wolf <kwolf@redhat.com>
(cherry picked from commit c0897e0c)

Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
Signed-off-by: NKevin Wolf <kwolf@redhat.com>
(cherry picked from commit 57c88866)

Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Signed-off-by: Nmalc <av1474@comtv.ru>
(cherry picked from commit d9812b03)

Don't try to be clever by freeing all temporary data and calling all callbacks
when the return value (an error) is certain. Doing so has at least two
important problems:

* The temporary data that is freed (qiov, possibly zero buffer) is still used
  by the requests that have not yet completed.
* Calling the callbacks for all requests in the multiwrite means for the caller
  that it may free buffers etc. which are still in use.

Just remember the error value and do the cleanup when all requests have
completed.
Signed-off-by: NKevin Wolf <kwolf@redhat.com>
(cherry picked from commit de189a1b)

bdrv_aio_writev may call the callback immediately (and it will commonly do so
in error cases). Current code doesn't consider this. For details see the
comment added by this patch.
Signed-off-by: NKevin Wolf <kwolf@redhat.com>
(cherry picked from commit 453f9a16)

Conflicts:

	block.c
Signed-off-by: NKevin Wolf <kwolf@redhat.com>

Use bdrv_(p)write_sync to ensure metadata integrity in case of a crash.
Signed-off-by: NKevin Wolf <kwolf@redhat.com>
(cherry picked from commit 078a458e)

Conflicts:

	block/vpc.c
Signed-off-by: NKevin Wolf <kwolf@redhat.com>

Use bdrv_(p)write_sync to ensure metadata integrity in case of a crash.
Signed-off-by: NKevin Wolf <kwolf@redhat.com>
(cherry picked from commit b8852e87)

Conflicts:

	block/vmdk.c
Signed-off-by: NKevin Wolf <kwolf@redhat.com>

Use bdrv_(p)write_sync to ensure metadata integrity in case of a crash.
Signed-off-by: NKevin Wolf <kwolf@redhat.com>
(cherry picked from commit 8b3b7206)

Conflicts:

	block/qcow2-cluster.c
	block/qcow2-refcount.c
	block/qcow2-snapshot.c
	block/qcow2.c
Signed-off-by: NKevin Wolf <kwolf@redhat.com>

Use bdrv_(p)write_sync to ensure metadata integrity in case of a crash.
Signed-off-by: NKevin Wolf <kwolf@redhat.com>
(cherry picked from commit 5e5557d9)

Conflicts:

	block/qcow.c
Signed-off-by: NKevin Wolf <kwolf@redhat.com>

Add new functions that write and flush the written data to disk immediately.
This is what needs to be used for image format metadata to maintain integrity
for cache=... modes that don't use O_DSYNC. (Actually, we only need barriers,
and therefore the functions are defined as such, but flushes is what is
implemented in this patch - we can try to change that later)
Signed-off-by: NKevin Wolf <kwolf@redhat.com>
(cherry picked from commit f08145fe)

If writing the L1 table to disk failed, we need to restore its old content in
memory to avoid inconsistencies.
Reported-by: NJuan Quintela <quintela@redhat.com>
Signed-off-by: NKevin Wolf <kwolf@redhat.com>
(cherry picked from commit 68dba0bf)

The fix is based on a patch from Kevin Wolf. Here his comment:

"The number of blocks needs to be rounded up to cover all of the virtual hard
disk. Without this fix, we can't even open our own images if their size is not
a multiple of the block size."

While Kevin's patch addressed vdi_create, my modification also fixes
vdi_open which now accepts images with odd disk sizes.

v3:
Don't allow reading of disk images with too large disk sizes.
Neither VBoxManage nor old versions of qemu-img read such images.
This change requires rounding of odd disk sizes before we do the checks.

Cc: Kevin Wolf <kwolf@redhat.com>
Cc: François Revol <revol@free.fr>
Signed-off-by: NStefan Weil <weil@mail.berlios.de>
Signed-off-by: NKevin Wolf <kwolf@redhat.com>
(cherry picked from commit f21dc3a4)

Conflicts:

	block/vdi.c
Signed-off-by: NKevin Wolf <kwolf@redhat.com>

The VHD algorithm calculates a disk geometry
which is usually smaller than the requested size.

QEMU tried to round up but failed for certain sizes:

qemu-img create -f vpc disk.vpc 9437184
would create an image with 9435136 bytes
(which is too small for qemu-img convert).

Instead of hacking the geometry algorithm, the patch
increases the number of sectors until we get enough
sectors.

Cc: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: NStefan Weil <weil@mail.berlios.de>
Signed-off-by: NKevin Wolf <kwolf@redhat.com>
(cherry picked from commit dede4188)

While it's true that during regular operation free_clusters failure would be a
bug, an I/O error can always happen. There's no need to kill the VM, the worst
thing that can happen (and it will) is that we leak some clusters.
Signed-off-by: NKevin Wolf <kwolf@redhat.com>
(cherry picked from commit 003fad6e)

When trying to do COW, VMDK wrote the data back to the backing file. This
problem was revealed by the patch that made backing files read-only. This patch
does not only fix the problem, but also simplifies the VMDK code a bit.

This fixes the backing file qemu-iotests cases for VMDK.
Signed-off-by: NKevin Wolf <kwolf@redhat.com>
(cherry picked from commit c336500d)

qcow_create2 assumes that the new image will only need one cluster for its
refcount table initially. Obviously that's not true any more when the image is
big enough (exact value depends on the cluster size).

This patch calculates the refcount table size dynamically.
Signed-off-by: NKevin Wolf <kwolf@redhat.com>
(cherry picked from commit 4768fa90)

Conflicts:

	block/qcow2.c
Signed-off-by: NKevin Wolf <kwolf@redhat.com>

fail_gd error case would also free rgd_buf that was already freed
Signed-off-by: NJuan Quintela <quintela@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit a161329b)

Conflicts:

	block/vmdk.c
Signed-off-by: NKevin Wolf <kwolf@redhat.com>

Commit 5989020b introduced a chardev
option to disable signals on stdio. Add the corresponding documentation.
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Signed-off-by: NChih-Min Chao <cmchao@gmail.com>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 4c4fd3f8)

Signed-off-by: NChih-Min Chao <cmchao@gmail.com>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit ed89a2f1)

Signed-off-by: NChih-Min Chao <cmchao@gmail.com>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit bb42e28b)

We were ignoring REX_B while special-casing NOP, i.e. xchg eax,eax.
Signed-off-by: NRichard Henderson <rth@twiddle.net>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 7418027e)

CC    block/vvfat.o
cc1: warnings being treated as errors
block/vvfat.c: In function 'commit_one_file':
block/vvfat.c:2259: error: ignoring return value of 'ftruncate', declared with attribute warn_unused_result
make: *** [block/vvfat.o] Error 1
  CC    block/vvfat.o
In file included from /usr/include/stdio.h:912,
                 from ./qemu-common.h:19,
                 from block/vvfat.c:27:
In function 'snprintf',
    inlined from 'init_directories' at block/vvfat.c:871,
    inlined from 'vvfat_open' at block/vvfat.c:1068:
/usr/include/bits/stdio2.h:65: error: call to __builtin___snprintf_chk will always overflow destination buffer
make: *** [block/vvfat.o] Error 1
Signed-off-by: NKirill A. Shutemov <kirill@shutemov.name>
Signed-off-by: NJuan Quintela <quintela@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 2dedf83e)

Trivial patch to fix the spelling of "parameters".
Signed-off-by: Nmalc <av1474@comtv.ru>
(cherry picked from commit f093feb7)

Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Correct definitions for FD_CMD_SAVE and FD_CMD_RESTORE in hw/fdc.c

Per https://bugs.launchpad.net/qemu/+bug/424453 the correct values
for FD_CMD_SAVE is 0x2e and FD_CMD_RESTORE is 0x4e. Verified against
the Intel 82078 manual which can be found at:
http://wiki.qemu.org/Documentation/HardwareManuals page 22.
Signed-off-by: NJes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: NKevin Wolf <kwolf@redhat.com>
(cherry picked from commit bb350a5e)

After it is done with updating refcounts in the cache, update_refcount writes
all changed entries to disk. If a refcount block allocation fails, however,
there was no change yet and therefore first_index = last_index = -1. Don't
treat -1 as a normal sector index (resulting in a 512 byte write!) but return
without updating anything in this case.
Signed-off-by: NKevin Wolf <kwolf@redhat.com>
(cherry picked from commit 86fa8da8)

Refblock allocation code needs to take into consideration that update_refcount
will load a different refcount block into the cache, so it must initialize the
cache for a new refcount block only afterwards. Not doing this means that not
only the refcount in the wrong block is updated, but also that the caller will
work on the wrong block.
Signed-off-by: NKevin Wolf <kwolf@redhat.com>
(cherry picked from commit 25408c09)

With overlapping requests, the total number of sectors is smaller than the sum
of the nb_sectors of both requests.
Signed-off-by: NKevin Wolf <kwolf@redhat.com>
(cherry picked from commit cbf1dff2)

l2_allocate has some intermediate states in which the image is inconsistent.
Change the order to write to the L1 table only after the new L2 table has
successfully been initialized.

Also reset the L2 cache in failure case, it's very likely wrong.
Signed-off-by: NKevin Wolf <kwolf@redhat.com>
(cherry picked from commit 175e1152)

Conflicts:

	block/qcow2-cluster.c
Signed-off-by: NKevin Wolf <kwolf@redhat.com>

If the L2 table was already updated in cache, but writing it to disk has
failed, we must not continue using the changed version in the cache to stay
consistent with what's on the disk.
Signed-off-by: NKevin Wolf <kwolf@redhat.com>
(cherry picked from commit 1b7c801b)

Conflicts:

	block/qcow2-cluster.c
Signed-off-by: NKevin Wolf <kwolf@redhat.com>

When cancelling a request, bdrv_aio_cancel may decide that it waits for
completion of a request rather than for cancellation. IDE therefore can't
abandon its DMA status before calling bdrv_aio_cancel; otherwise the callback
of a completed request would use invalid data.
Signed-off-by: NKevin Wolf <kwolf@redhat.com>
(cherry picked from commit 38d8dfa1)

After commit 702f3e0f, the params is
nerver NULL. It should check *params instead of params to determine
whether the params is empty.
Signed-off-by: NTeLeMan <geleman@gmail.com>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>
Signed-off-by: NLuiz Capitulino <lcapitulino@redhat.com>
(cherry picked from commit 98f22dc1)

Many usbdevice_init implementors assume params is non-NULL.
Signed-off-by: NJan Kiszka <jan.kiszka@web.de>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 702f3e0f)

If -usbdevice is used on a machine with no USB busses, usb_create
will fail and return NULL.  Patch below handles this failure gracefully
rather than crashing when we try to init the device.
Signed-off-by: NPaul Brook <paul@codesourcery.com>
(cherry picked from commit d44168ff)

Commit dd4239d6 broke multiboot. It replaced the
instruction "rep insb (%dx), %es:(%edi)" by the binary output of
"addr32 rep insb (%dx), %es:(%di)".

Linuxboot calls the respective helper function in a code16 section. So the
original instruction was automatically translated to its "addr32" equivalent.
For multiboot, we're running in code32 so gcc didn't add the "addr32" which
breaks the instruction.

This patch splits that helper function in one which uses addr32 and one which
does not, so everyone's happy.

The good news is that nobody probably cared so far. The bundled multiboot.bin
binary was built before the change and is thus correct.

Please also put this patch into -stable.
Signed-off-by: NAlexander Graf <agraf@suse.de>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 590bf491)

Fix .rel.plt sections in the output to not only include .rel.plt
sections from the input but also the .rel.iplt sections and to define
the hidden symbols __rel_iplt_start and __rel_iplt_end around
.rel.iplt as otherwise we get undefined references to these when
linking statically to a multilib libc.a.  This fixes the static build
under i386.

Apply similar logic to rela.plt/.iplt and __rela_iplt/_plt_start/_end to
fix the static build under amd64.
Signed-off-by: NLoïc Minier <lool@dooz.org>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 845f2c28)

Since commit 2ada0ed7, "Return From Interrupt" is broken for PPC processors
because some interrupt specifics bits of SRR1 are copied to MSR.

SRR1 is a save of MSR during interrupt.
During RFI, MSR must be restored from SRR1.
But some bits of SRR1 are interrupt-specific and are not used for MSR saving.

This is the specification (ISA 2.06) at chapter 6.4.3 (Interrupt Processing):
"2. Bits 33:36 and 42:47 of SRR1 or HSRR1 are loaded with information specific
    to the interrupt type.
 3. Bits 0:32, 37:41, and 48:63 of SRR1 or HSRR1 are loaded with a copy of the
    corresponding bits of the MSR."

Below is a representation of MSR bits which are not saved:
0:15 16:31 32  33:36    37:41      42:47     48:63
——— | ——— | — X X X X — — — — — X X X X X X | ————
0000 0000 |    7   |   8   |   3   |   F    | 0000

History:
In the initial Qemu implementation (e1833e1f), the mask 0x783F0000 was used for
saving MSR in SRR1. But all the bits 32:47 were cleared during RFI restoring.
This was wrong. The commit 2ada0ed7 explains that this breaks Altivec.
Indeed, bit 38 (for Altivec support) must be saved and restored.
The change of 2ada0ed7 was to restore all the bits of SRR1 to MSR.
But it's also wrong.

Explanation:
As an example, let's see what's happening after a TLB miss.
According to the e300 manual (E300CORERM table 5-6), the TLB miss interrupts
set the bits 44-47 for KEY, I/D, WAY and S/L. These bits are specifics to the
interrupt and must not be copied into MSR at the end of the interrupt.
With the current implementation, a TLB miss overwrite bits POW, TGPR and ILE.

Fix:
It shouldn't be needed to filter-out bits on MSR saving when interrupt occurs.
Specific bits overwrite MSR ones in SRR1.
But at the end of interrupt (RFI), specifics bits must be cleared before
restoring MSR from SRR1. The mask 0x783F0000 apply here.

Discussion:
The bits of the mask 0x783F0000 are cleared after an interrupt.
I cannot find a specification which talks about this
but I assume it is the truth since Linux can run this way.
Maybe it's not perfect but it's better (works for e300).
Signed-off-by: NThomas Monjalon <thomas@monjalon.net>
Acked-by: NAlexander Graf <agraf@suse.de>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit c3d420ea)

Fix launchpad #563883
Signed-off-by: NRiccardo Magliocchetti <riccardo.magliocchetti@gmail.com>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 3c05613a)