Discard packets longer than 16384 when !SBP to match the hardware behavior.
Signed-off-by: Michael Contreras <michael@inetric.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 2c0331f4f7)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
When qxl + vnc are used, a dummy spice_server is initialized.
The spice_server has to be told when the VM runstate changes,
which is what this patch does.
Without it, from qxl_send_events(), the following error message is shown:
qxl_send_events: spice-server bug: guest stopped, ignoring
Cc: qemu-stable@nongnu.org
Signed-off-by: Uri Lublin <uril@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 938b8a36b6)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
With MMU option xtensa architecture has two TLBs: ITLB and DTLB. ITLB is
only used for code access, DTLB is only for data. However TLB entries in
both TLBs have attribute field controlling write and exec access. These
bits need to be properly masked off depending on TLB type before being
used as tlb_set_page prot argument. Otherwise the following happens:
(1) ITLB entry for some PFN gets invalidated
(2) DTLB entry for the same PFN gets updated, attributes allow code
execution
(3) code at the page with that PFN is executed (possible due to step 2),
entry for the TB is written into the jump cache
(4) QEMU TLB entry for the PFN gets replaced with an entry for some
other PFN
(5) code in the TB from step 3 is executed (possible due to jump cache)
and it accesses data, for which there's no DTLB entry, causing DTLB
miss exception
(6) re-translation of the TB from step 5 is attempted, but there's no
QEMU TLB entry nor xtensa ITLB entry for that PFN, which causes ITLB
miss exception at the TB start address
(7) ITLB miss exception is handled by the guest, but execution is
resumed from the beginning of the faulting TB (the point where ITLB
miss occured), not from the point where DTLB miss occured, which is
wrong.
With that fix the above scenario causes ITLB miss exception (that used
to be step 7) at step 3, right at the beginning of the TB.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit 659f807c0a)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
This patch adds an x argument to qemu_pixman_linebuf_fill so it can
also be used to convert a partial scanline. Then fix tight + png/jpeg
encoding by passing in the x+y offset, so the data is read from the
correct screen location instead of the upper left corner.
Cc: 1087974@bugs.launchpad.net
Cc: qemu-stable@nongnu.org
Reported-by: Tim Hardeneck <thardeck@suse.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit bc210eb163)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
This patch updates seabios to latest git master. Changes:
(1) q35 patches merged.
(2) some acpi cleanups.
(3) fixes irq 8 conflict.
(3) makes this a candidate for the stable branch
Cc: qemu-stable@nongnu.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit ff1562908d)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
kvm_irqchip_in_kernel() has an architecture specific meaning, so
we shouldn't be using it to determine whether to enabled KVM INTx
bypass. kvm_irqfds_enabled() seems most appropriate. Also use this
to protect our other call to kvm_check_extension() as that explodes
when KVM isn't enabled.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Cc: qemu-stable@nongnu.org
(cherry picked from commit d281084d3e)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
helper_shilo has not been shifting an accumulator value correctly for negative
values in 'shift' field. Minor optimization for shift=0 case.
This change also adds tests that will trigger issue and check for regressions.
Signed-off-by: Petar Jovanovic <petarj@mips.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Eric Johnson <ericj@mips.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 19e6c50d2d)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Content of register rs should be shifted for pos before applying a mask.
This change contains both fix for the instruction and to the existing test.
Signed-off-by: Petar Jovanovic <petarj@mips.com>
Reviewed-by: Eric Johnson <ericj@mips.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 34f5606ee1)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
madvise(DONTNEED) will throw away the contents of the whole page at the
given address, even if the given length is less than the page size. One
can argue about whether that's the correct behaviour, but that's what it's
done for a long time in Linux at least.
That means that the madvise() in ram_load(), on a setup where
TARGET_PAGE_SIZE is smaller than the host page size, can throw away data
in guest pages adjacent to the one it's actually processing right now,
leading to guest memory corruption on an incoming migration.
This patch therefore, disables the madvise() if the host page size is
larger than TARGET_PAGE_SIZE. This means we don't get the benefits of that
madvise() in this case, but a more complete fix is more difficult to
accomplish. This at least fixes the guest memory corruption.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reported-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 45e6cee42b)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
The code for migrating (or savevm-ing) memory pages starts off by creating
a dirty bitmap and filling it with 1s. Except, actually, because bit
addresses are 0-based it fills every bit except bit 0 with 1s and puts an
extra 1 beyond the end of the bitmap, potentially corrupting unrelated
memory. Oops. This patch fixes it.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 7ec81e56ed)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Disable the semaphores fallback code for OpenBSD as modern OpenBSD
releases now have sem_timedwait().
Signed-off-by: Brad Smith <brad@comstyle.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit 927fa909d5)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
As reported in bug 1087114 the semaphores fallback code is broken which
results in QEMU crashing and making QEMU unusable.
This patch is from Paolo.
This needs to be back ported to the 1.3 stable tree as well.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Brad Smith <brad@comstyle.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit a795ef8dcb)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
The e1000_receive function for the e1000 needs to discard packets longer than
1522 bytes if the SBP and LPE flags are disabled. The linux driver assumes
this behavior and allocates memory based on this assumption.
Signed-off-by: Michael Contreras <michael@inetric.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
* kraxel/seabios-b1c35f2:
seabios: update binaries in pc-bios/
roms: also copy the dsdt when updating seabios.
seabios: update to b1c35f2b28cc0c94ebed8176ff61ac0e0b377798
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
* kwolf/for-anthony:
coroutine-sigaltstack.c: Use stack_t, not struct sigaltstack
stream: fix ratelimit_set_speed
atapi: make change media detection for guests easier
Documentation: Update image format information
Documentation: Update block cache mode information
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
* kraxel/usb.73:
ehci-sysbus: Attach DMA context.
usb: fail usbdevice_create() when there is no USB bus
usb: tag usb host adapters as not hotpluggable.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This reverts commit 456a84d156.
This patch wasn't submitted to the list and did not get Acked by other
copyright holders in the file.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This reverts commit 72bc6f1bf7.
This patch wasn't submitted to the list and did not get Acked by other
copyright holders in the file.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This patch updates the seabios submodule to commit
b1c35f2b28cc0c94ebed8176ff61ac0e0b377798.
Most important change is that seabios sets the busmaster bit
in the pci config space for the lsi and esp scsi host adapters.
Since commit 1c380f9460 qemu
is strict here and disallows any dma access when the bit is
clear.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The e801 memory sizes in the multiboot structures hard-code the available
low memory to 640. However, the value should not include the size of the
EBDA. Fill the value in the option ROM, getting the size of low memory
from the BIOS.
Cc: Alexander Graf <agraf@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
According to the bug 855162[0] - there's the need of adding new syscalls
to the whitelist when using Qemu with Libvirt.
[0] - https://bugzilla.redhat.com/show_bug.cgi?id=855162
Reported-by: Paul Moore <pmoore@redhat.com>
Tested-by: Paul Moore <pmoore@redhat.com>
Signed-off-by: Eduardo Otubo <otubo@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Use the POSIX-specified stack_t type as the argument to sigaltstack()
rather than the legacy struct sigaltstack. This allows us to compile
on MacOSX with --with-coroutine=sigaltstack.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The formula to compute slice_quota was wrong since commit 6ef228fc.
Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
If you have a guest with a media in the optical drive and you change
it, the windows guest cannot properly recognize this media change.
Windows needs to detect sense "NOT_READY with ASC_MEDIUM_NOT_PRESENT"
before we send sense "UNIT_ATTENTION with ASC_MEDIUM_MAY_HAVE_CHANGED".
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Document new and yet undocumented options and image formats. The
qemu-img man page contains information only for raw and qcow2 now and
references the HTML documentation for a more detailed description of
other formats.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Somehow we forgot to update this when cache=writeback became the
default. While changing the information on the default, also make the
description of all caches modes a bit more accurate.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Commit 0d8d769085 introduced
a regression in virtio-net performance because it looks
into the ring aggressively while we really only care
about a single packet worth of buffers.
Reported as bugzilla 1066055 in launchpad.
To fix, add parameters limiting lookahead, and
use in virtqueue_avail_bytes.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reported-by: Edivaldo de Araujo Pereira <edivaldoapereira@yahoo.com.br>
Tested-by: Edivaldo de Araujo Pereira <edivaldoapereira@yahoo.com.br>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Debug option is available since QEMU-1.2; FP coprocessor and
coprocessor context is available since QEMU-1.3.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
We are currently checking for an exact type match. Use QOM dynamic_cast to
check for a compatible type instead.
Cc: Konrad Frederic <fred.konrad@greensocs.com>
Cc: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
---
v1 -> v2:
- also add cast to qbus_find_recursive (Peter)
- simplify by doing object_dynamic_cast instead of messing with classes
The second parameter to qapi_dealloc_type_size should be a uint64_t *,
not a size_t *. This was causing our 32 bit x86 build to fail, since
warnings are treated as errors.
Signed-off-by: Bruce Rogers <brogers@suse.com>
Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
This was left as NULL on the initial merge due to debate on the mailing list on
how to handle DMA contexts for sysbus devices. Patch
9e11908f12 was later merged to fix OHCI. This is the,
equivalent fix for sysbus EHCI.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Report an error instead of segfaulting when attaching a USB device to a
machine with no USB busses:
$ qemu-system-arm -machine vexpress-a9 \
-sd Fedora-17-armhfp-vexpress-mmcblk0.img \
-kernel vmlinuz-3.4.2-3.fc17.armv7hl \
-initrd initramfs-3.4.2-3.fc17.armv7hl.img \
-usbdevice disk:format=raw:test.img
Note that the vexpress-a9 machine does not have a USB host controller.
Reported-by: David Abdurachmanov <David.Abdurachmanov@cern.ch>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Hotplugging them simply doesn't work, so tag them accordingly to
avoid users trying and then crashing qemu.
For xhci there is nothing fundamental which prevents hotplug from
working, we'll "only" need a exit() function which cleans up
everything properly. That isn't for 1.3 though.
For ehci+uhci+ohci hotplug can't be supported until qemu gains the
capability to hotplug multifunction pci devices.
https://bugzilla.redhat.com/show_bug.cgi?id=879096
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The devram memslot stays active when qxl enters UNDEFINED mode (i.e, no
primary surface). If migration has occurred while the device is in
UNDEFINED stae, the memslots have to be reloaded at the destination.
Fixes rhbz#874574
Signed-off-by: Yonit Halperin <yhalperi@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The event notifier state is only reset by test_and_clear. But we created
the windows event object with auto-reset, which subtly swallowed events.
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
* bonzini/nbd-next:
nbd-server-add: Fix the default for 'writable'
nbd: fix use of two uninitialized bytes when connecting to a named export
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
* bonzini/scsi-next:
virtio-scsi: Fix subtle (guest) endian bug
virtio-scsi: Fix some endian bugs with virtio-scsi
iscsi: do not assume device is zero initialized
iscsi: fix deadlock during login
iscsi: fix segfault in url parsing
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
* agraf/s390-for-upstream-1.3:
sclp: Fix uninitialized var in handle_write_event_buf().
s390: Fix ram_size updating in machine init
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
* afaerber/qom-cpu-1.3:
target-i386: Enable SSSE3 TCG support
target-i386/cpu: Add missing flags to Haswell CPU model
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
These versions of GCC require insane (>2GB) amounts of memory to compile
translate.o. As a countermeasure, disable the culprit optimization pass.
This should fix the buildbot failure for default_x86_64_fedora16. Anyway
this is a good thing to do because people will try to compile 1.3 with
less than 2GB of memory and complain.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The virtio-scsi config space is, by specification, in guest endian (which
is ill-defined, but there you go). In virtio_scsi_get_config() we set up
all the fields in there, using stl_raw(). Which is a problem for the
max_channel and max_target fields, which are 16-bit, not 32-bit. For
little-endian targets we get away with it by accident, since the first
two bytes will still be correct, and the extra two bytes written (with
zeroes) will be overwritten correctly by the next store.
But for big-endian guests, this means the max_target field ends up as zero,
which means the guest will only recognize a single disk on the virtio-scsi
bus. This patch fixes the problem.
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Paul 'Rusty' Russell <rusty@rustcorp.com.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Michael Contreras