summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2011-04-12unicore32: add target-unicore32 directory for unicore32-linux-user supportGuan Xuetao6-0/+3142
Signed-off-by: Guan Xuetao <gxt@mprc.pku.edu.cn> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2011-04-12microblaze: Add partial decoding of stream insnsEdgar E. Iglesias4-0/+78
Based on a patch from: Alejandro Cabrera <aldaya@gmail.com> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2011-04-12microblaze: Add stream-insn related constantsEdgar E. Iglesias1-0/+9
Based on a patch from: Alejandro Cabrera <aldaya@gmail.com> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2011-04-11microblaze: Correct ec mask in debug printEdgar E. Iglesias1-1/+1
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2011-04-11microblaze: Add constant for exception-code maskEdgar E. Iglesias1-0/+1
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2011-04-11microblaze: Correct MMU_ZONES maskAlejandro Cabrera1-1/+1
Signed-off-by: Alejandro Cabrera <aldaya@gmail.com> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2011-04-11ppc: remove a write-only variableBlue Swirl1-2/+0
Remove a write-only variable, spotted by GCC 4.6.0: /src/qemu/hw/ppc.c: In function 'power7_set_irq': /src/qemu/hw/ppc.c:255:9: error: variable 'cur_level' set but not used [-Werror=unused-but-set-variable] Acked-by: Alexander Graf <agraf@suse.de> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2011-04-10s390x: fix virtio feature bitmapAlexander Graf1-2/+2
The feature bitmap in the s390 virtio machine is little endian. To address for that, we need to bswap the values after reading them out. Signed-off-by: Alexander Graf <agraf@suse.de> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2011-04-10s390x: set alignment for long to 8Alexander Graf1-0/+1
The alignment for longs on s390x is 8. That's the only place where it differs from the default alignments found in configure already. The example alignment program from Laurent printed the following on a real s390x: alignof(short) 2 alignof(int) 4 alignof(long) 8 alignof(long long) 8 Signed-off-by: Alexander Graf <agraf@suse.de> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2011-04-10musicpal: Fix registration of MMIO-less sysbus devicesJan Kiszka1-2/+2
The proper way to signal that a sysbus devices need no MMIO region is to pass -1 to sysbus_create_simple. Signed-off-by: Jan Kiszka <jan.kiszka@web.de> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2011-04-10acpi, acpi_piix: factor out GPE logicIsaku Yamahata3-70/+108
factor out ACPI GPE logic. Later it will be used by ICH9 ACPI. Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2011-04-10arm: basic support for ARMv4/ARMv4T emulationDmitry Eremin-Solenikov3-12/+80
Currently target-arm/ assumes at least ARMv5 core. Add support for handling also ARMv4/ARMv4T. This changes the following instructions: BX(v4T and later) BKPT, BLX, CDP2, CLZ, LDC2, LDRD, MCRR, MCRR2, MRRC, MCRR, MRC2, MRRC, MRRC2, PLD QADD, QDADD, QDSUB, QSUB, STRD, SMLAxy, SMLALxy, SMLAWxy, SMULxy, SMULWxy, STC2 (v5 and later) All instructions that are "v5TE and later" are also bound to just v5, as that's how it was before. This patch doesn _not_ include disabling of cp15 access and base-updated data abort model (that will be required to emulate chips based on a ARM7TDMI), because: * no ARM7TDMI chips are currently emulated (or planned) * those features aren't strictly necessary for my purposes (SA-1 core emulation). All v5 models are handled as they are v5T. Internally we still have a check if the model is a v5(T) or v5TE, but as all emulated cores are v5TE, those two cases are simply aliased (for now). Patch is heavily based on patch by Filip Navara <filip.navara@gmail.com> which in turn is based on work by Ulrich Hecht <uli@suse.de> and Vincent Sanders <vince@kyllikki.org>. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2011-04-10Fix conversions from pointer to tcg_target_longStefan Weil12-14/+14
tcg_gen_exit_tb takes a parameter of type tcg_target_long, so the type casts of pointer to long should be replaced by type casts of pointer to tcg_target_long (suggested by Blue Swirl). These changes are needed for build environments where sizeof(long) != sizeof(void *), especially for w64. Signed-off-by: Stefan Weil <weil@mail.berlios.de> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2011-04-10vnc: tight: Fix crash after 2GB of outputMichael Tokarev2-4/+5
fix 2Gb integer overflow in in VNC tight and zlib encodings As found by Roland Dreier <roland@purestorage.com> (excellent catch!), when amount of VNC compressed data produced by zlib and sent to client exceeds 2Gb, integer overflow occurs because currently, we calculate amount of data produced at each step by comparing saved total_out with new total_out, and total_out is something which grows without bounds. Compare it with previous avail_out instead of total_out, and leave total_out alone. The same code is used in vnc-enc-tight.c and vnc-enc-zlib.c, so fix both cases. There, there's no actual need to save previous_out value, since capacity-offset (which is how that value is calculated) stays the same so it can be recalculated again after call to deflate(), but whole thing becomes less readable this way. Reported-by: Roland Dreier <roland@purestorage.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Corentin Chary <corentin.chary@gmail.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2011-04-09smbus_eeprom: consolidate smbus eeprom creation oc pc_piix, mips_mapta, ↵Isaku Yamahata5-28/+28
mips_fulong consolidate smbus initialization for pc_piix, mips_malta and mips_fulong. Cc: Aurelien Jarno <aurelien@aurel32.net> Cc: Huacai Chen <zltjiangshi@gmail.com> Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp> Reviewed-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2011-04-09lan9118: Ignore write to MAC_VLAN1 registerAtsushi Nemoto1-0/+6
On Mon, 4 Apr 2011 20:15:30 +0200, Aurelien Jarno <aurelien@aurel32.net> wrote: > Is it really safe ignoring write to this register? If yes, it's probably > a good idea to explain why in a comment. In any case, if supporting this > register is easy to do, it would be the best option. I think it is safe. Please see an updated comment below. And though implementing this register might be possible, I suppose it is not worth to supporting FrameTooLong detection, for now at least. Thank you for comments. >8--------------------------------------------------------------------- From: Atsushi Nemoto <anemo@mba.ocn.ne.jp> Date: Tue, 5 Apr 2011 23:12:07 +0900 Subject: [PATCH] lan9118: Ignore write to MAC_VLAN1 register Since linux 2.6.38, smsc911x driver writes to VLAN1 registger. Since this register only affects FrameTooLong detection, ignoring write to this register should be safe. Signed-off-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2011-04-09acpi, acpi_piix, vt82c686: factor out PM1_CNT logicIsaku Yamahata4-52/+74
factor out ACPI PM1_CNT logic. This will be used by ich9 acpi. Cc: Blue Swirl <blauwirbel@gmail.com> Cc: Huacai Chen <zltjiangshi@gmail.com> Cc: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2011-04-09acpi, acpi_piix, vt82c686: factor out PM1a EVT logicIsaku Yamahata4-75/+81
factor out ACPI PM1a EVT logic. Later this will be used by ich9 acpi. Cc: Blue Swirl <blauwirbel@gmail.com> Cc: Huacai Chen <zltjiangshi@gmail.com> Cc: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2011-04-09acpi, acpi_piix, vt82c686: factor out PM_TMR logicIsaku Yamahata4-65/+96
factor out PM_TMR logic. Later This will be used by ich9 acpi. Also fixes the same bug in vt82c686.c that was fixed by the following commits. > commit 055479feab63607b8042bb8ebb2e0523f17cbc4e > Author: aliguori <aliguori@c046a42c-6fe2-441c-8c8c-71466251a162> > Date: Wed Jan 21 16:31:20 2009 +0000 > > Always return latest pmsts instead of the old one (Xiantao Zhang) > > It may lead to the issue when booting windows guests with acpi=1 > if return the old pmsts. > > Signed-off-by: Xiantao Zhang <xiantao.zhang@intel.com> > Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> Cc: Blue Swirl <blauwirbel@gmail.com> Cc: Huacai Chen <zltjiangshi@gmail.com> Cc: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2011-04-09hw/pflash_cfi02: Fix lazy reset of ROMD modeJordan Justen1-1/+1
When checking pfl->rom_mode for when to lazily reenter ROMD mode, the value was check was the opposite of what it should have been. This prevent the part from returning to ROMD mode after a write was made to the CFI rom region. Signed-off-by: Jordan Justen <jordan.l.justen@intel.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2011-04-09configure: avoid basename usage messageScott Wood1-1/+1
basename prints a missing-argument error when sdlconfig is empty and we're cross-compiling. Signed-off-by: Scott Wood <scottwood@freescale.com> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2011-04-09mpc85xx_pci_map_irq: change "unknow" to "unknown"Scott Wood1-1/+1
Signed-off-by: Scott Wood <scottwood@freescale.com> Acked-by: Alexander Graf <agraf@suse.de> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2011-04-09event: trivial coding style fixesBrad Hards1-7/+7
Signed-off-by: Brad Hards <bradh@frogmouth.net> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2011-04-09multiboot: Quote filename in error messageAdam Lackorzynski1-1/+1
Quote filename in error message to spot possible whitespace character in the filename and make error message more meaningful. Signed-off-by: Adam Lackorzynski <adam@os.inf.tu-dresden.de> Acked-by: Alexander Graf <agraf@suse.de> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2011-04-08ppce500_mpc8544ds: Fix compile with --enable-debug and --disable-kvmDavid Gibson1-0/+9
When configured with --enable-debug, we compile without optimization. This means that the function mpc8544_copy_soc_cell() in ppce500_mpc8544ds.c is not optimized out, even though it is never called without kvm. That in turn causes a link failure, because it calls the function kvmppc_read_host_property() which is in kvm_ppc.o and therefore not included in a --disable-kvm build. This patch fixes the problem by providing a dummy stub for kvmppc_read_host_property() in kvm_ppc.h when !CONFIG_KVM. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2011-04-08Use existing helper function to implement popcntd instructionDavid Gibson1-13/+1
The recent patches adding partial support for POWER7 cpu emulation included implementing the popcntd instruction. The support for this was open coded, but host-utils.h already included a function implementing an equivalent population count function, which uses a gcc builtin (which can use special host instructions) if available. This patch makes the popcntd implementation use the existing, potentially faster, implementation. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2011-04-08Delay creation of pseries device tree until resetDavid Gibson2-48/+75
At present, the 'pseries' machine creates a flattened device tree in the machine->init function to pass to either the guest kernel or to firmware. However, the machine->init function runs before processing of -device command line options, which means that the device tree so created will be (incorrectly) missing devices specified that way. Supplying a correct device tree is, in any case, part of the required platform entry conditions. Therefore, this patch moves the creation and loading of the device tree from machine->init to a reset callback. The setup of entry point address and initial register state moves with it, which leads to a slight cleanup. This is not, alas, quite enough to make a fully working reset for pseries. For that we would need to reload the firmware images, which on this machine are loaded into RAM. It's a step in the right direction, though. Signed-off-by: David Gibson <dwg@au1.ibm.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2011-04-08pseries: Abolish envs arrayDavid Gibson3-38/+46
Currently the pseries machine init code builds up an array, envs, of CPUState pointers for all the cpus in the system. This is kind of pointless, given the generic code already has a perfectly good linked list of the cpus. In addition, there are a number of places which assume that the cpu's cpu_index field is equal to its index in this array. This is true in practice, because cpu_index values are just assigned sequentially, but it's conceptually incorrect and may not always be true. Therefore, this patch abolishes the envs array, and explicitly uses the generic cpu linked list and cpu_index values throughout. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2011-04-08spapr_vscsi: Set uninitialized variableStefan Weil1-1/+1
cppcheck reports this error: hw/spapr_vscsi.c:274: error: Uninitialized variable: rc If llen == 0, rc was indeed used without being initialized. Signed-off-by: Stefan Weil <weil@mail.berlios.de> Signed-off-by: Alexander Graf <agraf@suse.de>
2011-04-08Don't call cpu_synchronize_state() from machine init.Scott Wood2-4/+0
This will deadlock when the I/O thread is used, since the CPU thread is blocked waiting for qemu_system_ready. The synchronization is unnecessary since this is before cpu_synchronize_all_post_init(). Signed-off-by: Scott Wood <scottwood@freescale.com> Acked-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2011-04-07Merge remote branch 'kwolf/for-anthony' into stagingAnthony Liguori28-712/+825
2011-04-07virtio-blk: fail unaligned requestsChristoph Hellwig1-0/+8
Like all block drivers virtio-blk should not allow small than block size granularity access. But given that the protocol specifies a byte unit length field we currently accept such requests, which cause qemu to abort() in lower layers. Add checks to the main read and write handlers to catch them early. Reported-by: Conor Murphy <conor_murphy_virt@hotmail.com> Tested-by: Conor Murphy <conor_murphy_virt@hotmail.com> Signed-off-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-04-07virtio-balloon: fixed endianness bug in the config spaceAlexey Kardashevskiy1-1/+1
The specification for the virtio balloon device requres that the values in the config space be encoded little-endian. This differs from most virtio things, where guest-native endian is the norm. Currently, the qemu virtio-balloon code correctly makes the conversion on get_config(), but doesn't on set_config for the 'actual' field. The kernel driver, on the other hand, correctly converts when setting the actual field, but does not convert when reading the config space. The upshot is that virtio-balloon will only work correctly if both host and guest are LE, making all the conversions nops. This patch corrects the qemu side, correctly doing host-native <-> LE conversions when accessing the config space. This won't break any setups that aren't already broken, and fixes the case of BE host, LE guest. Fixing the BE guest case will require kernel fixes as well. Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2011-04-07virtio-9p: fixed LE-to-host conversion bug when QEMU is called from guestAlexey Kardashevskiy1-6/+3
The 9p code already contains an attempt at the necessary endian conversions, but it's broken. The code which does conversion from host to guest does it correctly and this code was copied to the function which does guest to host conversion. However the copied code hasn't been correctly updated, so it first endian converts some garbage on the stack and then overwrites it with a field from incoming packet without conversion. The patch fixes the mistakes. Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2011-04-07spapr_llan: Fix warning when compiled with -dDEBUGAlexey Kardashevskiy1-3/+0
Compiling with the DEBUG macro causes leaves hw/spapr_llan.c with an unused variable, which is treated as an error in the qemu build. Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2011-04-07qdev: Fix comment around qdev_init_nofail()Michael Tokarev1-1/+2
In previous life qdev_init_nofail() used to call hw_error() which did register dump and other scary things. Now it calls error_report() and does a regular exit(1). Fix the comment to match reality. Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2011-04-07usb-ccid: Spelling fixesBrad Hards1-4/+4
While looking at David Gibson's build-fix for hw/usb-ccid.c, I noticed a spello in a comment on the following (unchanged) line. Signed-off-by: Brad Hards <bradh@frogmouth.net> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2011-04-07Fix integer overflow in block migration bandwidth calculationAvishay Traeger1-1/+1
block_mig_state.reads is an int, and multiplying by BLOCK_SIZE yielded a negative number, resulting in a negative bandwidth (running on a 32-bit machine). Change order to avoid. Signed-off-by: Avishay Traeger <avishay@il.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-04-07floppy: save and restore DIR registerJason Wang1-1/+50
We need to keep DIR register unchanged across migration, but currently it depends on the media_changed flags from block layer. Since we do not save/restore it and the bdrv_open() called in dest node may set the media_changed flag when trying to open floppy image, guest driver may think the floppy have changed after migration. To fix this, a new filed media_changed in FDrive strcutre was introduced in order to save and restore the it from block layer through pre_save/post_load callbacks. Signed-off-by: Jason Wang <jasowang@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-04-07NBD device: Separate out parsing configuration and opening sockets.Nick Thomas1-55/+102
We also change the way the file parameter is parsed so IPv6 IP addresses can be used, e.g.: "drive=nbd:[::1]:5000" Signed-off-by: Nick Thomas <nick@bytemark.co.uk> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-04-07NBD: Use qemu_socket functions to open TCP and UNIX socketsNick Thomas3-133/+38
This commit has the side-effect of making the qemu-nbd binary capable of binding to IPv6 addresses. ("-b ::1", for instance). block/nbd.c fails to parse IPv6 IP addresses correctly at this point, but will work over IPv6 when given a hostname. It still works over IPv4 as before. We move the qemu-sockets object from the 'common' to the 'block' list in the Makefile. The common list includes the block list, so this is effectively a no-op for the rest of the code. We also add 32-bit 'magic' attributes to nbd_(request|reply) to facilitate calculating maximum request/response sizes later. Signed-off-by: Nick Thomas <nick@bytemark.co.uk> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-04-07Set errno=ENOTSUP for attempts to use UNIX sockets on Windows platformsNick Thomas1-0/+4
Signed-off-by: Nick Thomas <nick@bytemark.co.uk> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-04-07NBD library: whitespace changesNick Thomas1-417/+418
Signed-off-by: Nick Thomas <nick@bytemark.co.uk> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-04-07ide: consolidate drive_get(IF_IDE)Isaku Yamahata10-69/+28
factor out ide initialization to call drive_get(IF_IDE) Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-04-07exit if -drive specified is invalid instead of ignoring the "wrong" -driveMichael Tokarev1-1/+3
This fixes the problem when qemu continues even if -drive specification is somehow invalid, resulting in a mess. Applicable for both current master and for stable-0.14 (and the same issue exist 0.13 and 0.12 too). The prob can actually be seriuos: when you start guest with two drives and make an error in the specification of one of them, and the guest has something like a raid array on the two drives, guest may start failing that array or kick "missing" drives which may result in a mess - this is what actually happened to me, I did't want a resync at all, and a resync resulted in re-writing (and allocating) a 4TB virtual drive I used for testing, which in turn resulted in my filesystem filling up and whole thing failing badly. Yes it was just testing VM, I experimented with larger raid arrays, but the end result was quite, well, unexpected. Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Acked-by: Jes Sorensen <Jes.Sorensen@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-04-07qemu-img rebase: Fix segfault if backing file can't be openedKevin Wolf1-2/+6
bdrv_delete must not be called for a NULL BlockDriverState. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2011-04-07qemu-img: Initial progress printing supportJes Sorensen5-5/+132
This adds the basic infrastructure for supporting progress output on the command line, as well as progress support for qemu-img commands 'rebase' and 'convert'. Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-04-07block: Do not cache device size for removable mediaStefan Hajnoczi1-8/+6
The block layer caches the device size to avoid doing lseek(fd, 0, SEEK_END) every time this value is needed. For removable media the device size becomes stale if a new medium is inserted. This patch simply prevents device size caching for removable media. A smarter solution is to update the cached device size when a new medium is inserted. Given that there are currently bugs with CD-ROM media change I do not want to implement that approach until we've gotten things correct first. Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-04-07trace: Trace bdrv_set_locked()Stefan Hajnoczi2-0/+3
It can be handy to know when the guest locks/unlocks the CD-ROM tray. This trace event makes that possible. Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-04-07Do not delete BlockDriverState when deleting the driveRyan Harper3-20/+20
When removing a drive from the host-side via drive_del we currently have the following path: drive_del qemu_aio_flush() bdrv_close() // zaps bs->drv, which makes any subsequent I/O get // dropped. Works as designed drive_uninit() bdrv_delete() // frees the bs. Since the device is still connected to // bs, any subsequent I/O is a use-after-free. The value of bs->drv becomes unpredictable on free. As long as it remains null, I/O still gets dropped, however it could become non-null at any point after the free resulting SEGVs or other QEMU state corruption. To resolve this issue as simply as possible, we can chose to not actually delete the BlockDriverState pointer. Since bdrv_close() handles setting the drv pointer to NULL, we just need to remove the BlockDriverState from the QLIST that is used to enumerate the block devices. This is currently handled within bdrv_delete, so move this into its own function, bdrv_make_anon(). The result is that we can now invoke drive_del, this closes the file descriptors and sets BlockDriverState->drv to NULL which prevents futher IO to the device, and since we do not free BlockDriverState, we don't have to worry about the copy retained in the block devices. We also don't attempt to remove the qdev property since we are no longer deleting the BlockDriverState on drives with associated drives. This also allows for removing Drives with no devices associated either. Reported-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Ryan Harper <ryanh@us.ibm.com> Acked-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>