When the synchronous read and write functions were dropped, they were replaced
by generic emulation functions. Unfortunately, these emulation functions don't
provide the same semantics as the original functions did.

The original bdrv_read would mean that we read some data synchronously and that
we won't be interrupted during this read. The latter assumption is no longer
true with the emulation function which needs to use qemu_aio_poll and therefore
allows the callback of any other concurrent AIO request to be run during the
read. Which in turn means that (meta)data read earlier could have changed and
be invalid now. qcow2 is not prepared to work in this way and it's just scary
how many places there are where other requests could run.

I'm not sure yet where exactly it breaks, but you'll see breakage with virtio
on qcow2 with a backing file. Providing synchronous functions again fixes the
problem for me.

Patchworks-ID: 35437
Signed-off-by: NKevin Wolf <kwolf@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit ef845c3b)
Signed-off-by: NKevin Wolf <kwolf@redhat.com>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

With the recent device handling changes the I2C slave addressing code
was broken. With current code, if a slave with the correct address is

not found on the bus the last scanned slave on the bus will be
addressed. This is wrong. Please find attached a patch to fix it.
Signed-off-by: NJuha Riihimäki <juha.riihimaki@nokia.com>
Acked-by: NRiku Voipio <riku.voipio@iki.fi>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

This causes ctrl+alt+u or ctrl+alt+f to not work when windows hasn't been
resized first. Other graphic emulators do resize the screen on
hw_invalidate.

This reverts commit 0bd8246b.

460fec67 introduced a use-after free in slirp.

Cc: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: NMark McLoughlin <markmc@redhat.com>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Makes 91b40c5b unnecessary.
Acked-by: NKirill A. Shutemov <kirill@shutemov.name>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Rename ELF coredump types to avoid conflict with the corresponding host types.
Signed-off-by: NLaurent Desnogues <laurent.desnogues@gmail.com>

Unbreaks PowerPC and S390 KVM builds.
Signed-off-by: NHollis Blanchard <hollisb@us.ibm.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

preventing the correct handling of --cpu=armv4l.

Laurent
Signed-off-by: NLaurent Desnogues <laurent.desnogues@gmail.com>
Signed-off-by: NAndrzej Zaborowski <andrew.zaborowski@intel.com>

If qemu_send_packet_async() returns zero, it means the packet has been
queued and the sent callback will be invoked once it has been flushed.

This is only possible where the NIC's receive() handler returns zero
and promises to notify the networking core that room is available in its
queue again.

In the case where the receive handler does not have this capability
(and its queue fills up) it returns -1 and the networking core does not
queue up the packet. This condition is indicated by a -1 return from
qemu_send_packet_async().

Currently, tap handles this condition simply by dropping the packet. It
should do its best to avoid getting into this situation by checking such
NIC's have room for a packet before copying the packet from the tap
interface.

tap_send() used to achieve this by only reading a single packet before
returning to the mainloop. That way, tap_can_send() is called before
reading each packet.

tap_send() was changed to completely drain the tap interface queue
without taking into account the situation where the NIC returns an
error and the packet is not queued. Let's start fixing this by
reverting to the previous behaviour of reading one packet at a time.
Reported-by: NScott Tsai <scottt.tw@gmail.com>
Tested-by: NSven Rudolph <Sven_Rudolph@drewag.de>
Signed-off-by: NMark McLoughlin <markmc@redhat.com>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Just like we call into pcnet_poll_timer on stop, we need to call it on
start to trigger the setup of the poll timer.

Patchworks-ID: 35313
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Don't assign the same devfn to two different PCI devices.
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

In usb-linux.c:usb_host_handle_control, we pass a 1024-byte buffer and
length to the kernel.  However, the length was provided by the caller
of dev->handle_packet, and is not checked, so the kernel might provide
too much data and overflow our buffer.

For example, hw/usb-uhci.c could set the length to 2047.
hw/usb-ohci.c looks like it might go up to 4096 or 8192.

This causes a qemu crash, as reported here:
  http://www.mail-archive.com/kvm@vger.kernel.org/msg18447.html

This patch increases the usb-linux.c buffer size to 2048 to fix the
specific device reported, and adds a check to avoid the overflow in
any case.
Signed-off-by: NJim Paris <jim@jtan.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

This patch fixes the linking of generated blocks on an ARM host.
No need to say this brings a very nice speedup :-)
Signed-off-by: NLaurent Desnogues <laurent.desnogues@gmail.com>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Well one problem seems to be the rx condition,
        ... if ((s->ier & UART_IER_RDI) && (s->lsr & UART_LSR_DR))
is not enough to trigger an irq, yet still causes the following
conditions not to be checked anymore at all.
Signed-off-by: NJuergen Lock <nox@jelal.kn-bremen.de>
Acked-by: NJan Kiszka <jan.kiszka@web.de>
Acked-by: NStefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

The x86_64 ror instruction on a 32-bit host can generate up to 77 TCG
ops. Some more space should be left for opc that are added at the end
of the translation.

Thanks to Laurent Desnogues for the debugging help.
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

The RTC emulation does not set the IRQ flags independent of the IRQ enable bits.

The original MC146818A datasheet from 1984 notes:
        "flag bits in Register C [...] are set independent of the
        state of the corresponding enable bits in Register B"
Similar sections can be found in newer documentation e.g. in rtc82885.

Qemu and Bochs set the IRQ flags only if they are enabled,
which breaks drivers polling on them.

The following patch corrects this for the update-ended-flag in Qemu only.
It does not fix the handling of the other flags.
Signed-off-by: NBernhard Kauer <kauer@tudos.org>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

When two AIO requests write to the same cluster, and this cluster is
unallocated, currently both requests allocate a new cluster and the second one
merges the first one when it is completed. This means an cluster allocation, a
read and a cluster deallocation which cause some overhead. If we simply let the
second request wait until the first one is done, we improve overall performance
with AIO requests (specifially, qcow2/virtio combinations).

This patch maintains a list of in-flight requests that have allocated new
clusters. A second request touching the same cluster is limited so that it
either doesn't touch the allocation of the first request (so it can have a
non-overlapping allocation) or it waits for the first request to complete.
Signed-off-by: NKevin Wolf <kwolf@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

* Add missing include for struct timeval.
* Replace non-portable strsep by local qemu_strsep.
* Use POSIX basename by including libgen.h.
Signed-off-by: NStefan Weil <weil@mail.berlios.de>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

The extlh instruction on Alpha currently doesn't work properly.
It's a combination of a cut/paste bug (16 where it should be 32) as well
as a "shift by 64" bug.
Signed-off-by: NVince Weaver <vince@csl.cornell.edu>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

t0, t1 must be 64 bit values, not 32 bit.
Signed-off-by: NStefan Weil <weil@mail.berlios.de>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Ensure that packets enqueued for delayed delivery are dequeued in FIFO
order. At least one simplistic guest TCP/IP stack became unhappy due to
sporadically reordered packet streams.

At this chance, switch the send queue implementation to TAILQ.
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

The logic of Zilog makes channel B the first device and channel A the
second one.
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Backport from master:

  Recent versions of the Linux kernel will not preempt CPU-intensive
  tasks unless the clock used by sched_clock() works.  On -M versatilepb
  that's the 24MHz timer in the system controller.  It's a very simple
  timer, so implement it.
Signed-off-by: NDaniel Jacobowitz <dan@codesourcery.com>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Don't call curses_resize() at the end of curses_display_init() as height
and width are not yet defined. It will be called later by code from
vl.c.

This save 250MB of memory when using -curses.
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

The error message for an unknown network device given to
monitor command set_link looks better with a terminating
linefeed.
Signed-off-by: NStefan Weil <weil@mail.berlios.de>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Clean up VGA type selection; far too many variables being used to track one state leads to confusion if new variables are added.
Signed-off-by: NZachary Amsden <zamsden@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

When using stdio monitor and VNC display, one can set or clear a VNC password; this should set or turn off VNC authentication as well.
Signed-off-by: NZachary Amsden <zamsden@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Signed-off-by: NZachary Amsden <zamsden@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

When trying to do detached migration with exec, I found that
the monitor wouldn't always return in a timely manner.  I
tracked this down to exec_start_outgoing_migration.  It
appeared we were setting the fd to NONBLOCK'ing, but in
point of fact we weren't.

This bugfix should also go onto the stable 0.10 branch
Signed-off-by: NChris Lalancette <clalance@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

If the user does not want autostart, they can specify -S.
Signed-off-by: NAvi Kivity <avi@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Hi all,
currently the vga screen_dump code doesn't use the DisplayState
interface properly and tries to replace it temporarily while taking the
screenshot.
A better approach is to register a DisplayChangeListener, call
vga_hw_update, and finally write the ppm in the next call from dpy_update.

Testing is appreciated.
Signed-off-by: NStefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Hello,
currently when a 32 bpp cursor gets defined the result is all-black in
the areas that are not transparent (you'll get a 32 bpp cursor if you
use my previous patch to allow vmware_vga to use a 32 bpp framebuffer).
This is because the switch in sdl.c lacks a 32 bpp case.
The thing I am unsure about though is which byte is the unused one and
should be skipped, the first or the last - for the black-and-white
cursors I tested it doesn't make a difference...
Signed-off-by: NReimar Döffinger <Reimar.Doeffinger@gmx.de>
Signed-off-by: NAndrzej Zaborowski <balrogg@gmail.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Hello,
for what I can tell, there is no way for vmware_vga to work correctly
right now. It assumes that the framebuffer bits-per-pixel and the one
from the DisplaySurface are identical (it uses directly the VRAM from
vga.c), but it always assumes 3 bytes per pixel, which is never possible
with the current version of DisplaySurface.
Attached patch fixes that by using ds_get_bits_per_pixel.
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

commit 93c8cfd9
Author: Gleb Natapov <gleb@redhat.com>
Date:   Sun Aug 2 11:36:47 2009 +0300

    make windows notice media change

Broke save/restore by loading a new field but not saving it.
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Depending on what glibc/kernel headers you are compiling against,
PR_SET_NAME may or may not be defined.  Do the right thing if
PR_SET_NAME isn't defined and skip setting the process name.
Signed-off-by: NNathan Froyd <froydnj@codesourcery.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>
Message-Id: