diff --git a/aio.c b/aio.c index f164a47..2f08655 100644 --- a/aio.c +++ b/aio.c @@ -113,7 +113,9 @@ void qemu_aio_flush(void) qemu_aio_wait(); QLIST_FOREACH(node, &aio_handlers, node) { - ret |= node->io_flush(node->opaque); + if (node->io_flush) { + ret |= node->io_flush(node->opaque); + } } } while (qemu_bh_poll() || ret > 0); } diff --git a/block.c b/block.c index 7326bfe..298414c 100644 --- a/block.c +++ b/block.c @@ -1636,7 +1636,19 @@ static void multiwrite_cb(void *opaque, int ret) static int multiwrite_req_compare(const void *a, const void *b) { - return (((BlockRequest*) a)->sector - ((BlockRequest*) b)->sector); + const BlockRequest *req1 = a, *req2 = b; + + /* + * Note that we can't simply subtract req2->sector from req1->sector + * here as that could overflow the return value. + */ + if (req1->sector > req2->sector) { + return 1; + } else if (req1->sector < req2->sector) { + return -1; + } else { + return 0; + } } /* @@ -1699,7 +1711,7 @@ static int multiwrite_merge(BlockDriverState *bs, BlockRequest *reqs, // Add the second request qemu_iovec_concat(qiov, reqs[i].qiov, reqs[i].qiov->size); - reqs[outidx].nb_sectors += reqs[i].nb_sectors; + reqs[outidx].nb_sectors = qiov->size >> 9; reqs[outidx].qiov = qiov; mcb->callbacks[i].free_qiov = reqs[outidx].qiov; diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c index c7057b1..b7a5b35 100644 --- a/block/qcow2-cluster.c +++ b/block/qcow2-cluster.c @@ -231,13 +231,6 @@ static uint64_t *l2_allocate(BlockDriverState *bs, int l1_index) return NULL; } - /* update the L1 entry */ - - s->l1_table[l1_index] = l2_offset | QCOW_OFLAG_COPIED; - if (write_l1_entry(s, l1_index) < 0) { - return NULL; - } - /* allocate a new entry in the l2 cache */ min_index = l2_cache_new_entry(bs); @@ -251,13 +244,19 @@ static uint64_t *l2_allocate(BlockDriverState *bs, int l1_index) if (bdrv_pread(s->hd, old_l2_offset, l2_table, s->l2_size * sizeof(uint64_t)) != s->l2_size * sizeof(uint64_t)) - return NULL; + goto fail; } /* write the l2 table to the file */ if (bdrv_pwrite(s->hd, l2_offset, l2_table, s->l2_size * sizeof(uint64_t)) != s->l2_size * sizeof(uint64_t)) - return NULL; + goto fail; + + /* update the L1 entry */ + s->l1_table[l1_index] = l2_offset | QCOW_OFLAG_COPIED; + if (write_l1_entry(s, l1_index) < 0) { + goto fail; + } /* update the l2 cache entry */ @@ -265,6 +264,10 @@ static uint64_t *l2_allocate(BlockDriverState *bs, int l1_index) s->l2_cache_counts[min_index] = 1; return l2_table; + +fail: + qcow2_l2_cache_reset(bs); + return NULL; } static int count_contiguous_clusters(uint64_t nb_clusters, int cluster_size, @@ -672,8 +675,9 @@ int qcow2_alloc_cluster_link_l2(BlockDriverState *bs, QCowL2Meta *m) (i << s->cluster_bits)) | QCOW_OFLAG_COPIED); } - if (write_l2_entries(s, l2_table, l2_offset, l2_index, m->nb_clusters) < 0) { - ret = -1; + ret = write_l2_entries(s, l2_table, l2_offset, l2_index, m->nb_clusters); + if (ret < 0) { + qcow2_l2_cache_reset(bs); goto err; } diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c index 5ebbcb6..465d5d3 100644 --- a/block/qcow2-refcount.c +++ b/block/qcow2-refcount.c @@ -215,8 +215,6 @@ static int64_t alloc_refcount_block(BlockDriverState *bs, int64_t cluster_index) /* Allocate the refcount block itself and mark it as used */ uint64_t new_block = alloc_clusters_noref(bs, s->cluster_size); - memset(s->refcount_block_cache, 0, s->cluster_size); - s->refcount_block_cache_offset = new_block; #ifdef DEBUG_ALLOC2 fprintf(stderr, "qcow2: Allocate refcount block %d for %" PRIx64 @@ -225,6 +223,10 @@ static int64_t alloc_refcount_block(BlockDriverState *bs, int64_t cluster_index) #endif if (in_same_refcount_block(s, new_block, cluster_index << s->cluster_bits)) { + /* Zero the new refcount block before updating it */ + memset(s->refcount_block_cache, 0, s->cluster_size); + s->refcount_block_cache_offset = new_block; + /* The block describes itself, need to update the cache */ int block_index = (new_block >> s->cluster_bits) & ((1 << (s->cluster_bits - REFCOUNT_SHIFT)) - 1); @@ -236,6 +238,11 @@ static int64_t alloc_refcount_block(BlockDriverState *bs, int64_t cluster_index) if (ret < 0) { goto fail_block; } + + /* Initialize the new refcount block only after updating its refcount, + * update_refcount uses the refcount cache itself */ + memset(s->refcount_block_cache, 0, s->cluster_size); + s->refcount_block_cache_offset = new_block; } /* Now the new refcount block needs to be written to disk */ @@ -395,6 +402,10 @@ static int write_refcount_block_entries(BDRVQcowState *s, return 0; } + if (first_index < 0) { + return 0; + } + first_index &= ~(REFCOUNTS_PER_SECTOR - 1); last_index = (last_index + REFCOUNTS_PER_SECTOR) & ~(REFCOUNTS_PER_SECTOR - 1); diff --git a/hw/arm_timer.c b/hw/arm_timer.c index 9fef191..9073ffc 100644 --- a/hw/arm_timer.c +++ b/hw/arm_timer.c @@ -71,7 +71,7 @@ static void arm_timer_recalibrate(arm_timer_state *s, int reload) { uint32_t limit; - if ((s->control & TIMER_CTRL_PERIODIC) == 0) { + if ((s->control & (TIMER_CTRL_PERIODIC | TIMER_CTRL_ONESHOT)) == 0) { /* Free running. */ if (s->control & TIMER_CTRL_32BIT) limit = 0xffffffff; @@ -113,7 +113,7 @@ static void arm_timer_write(void *opaque, target_phys_addr_t offset, case 1: freq >>= 4; break; case 2: freq >>= 8; break; } - arm_timer_recalibrate(s, 0); + arm_timer_recalibrate(s, s->control & TIMER_CTRL_ENABLE); ptimer_set_freq(s->timer, freq); if (s->control & TIMER_CTRL_ENABLE) { /* Restart the timer if still enabled. */ diff --git a/hw/fdc.c b/hw/fdc.c index b291365..c66b7bf 100644 --- a/hw/fdc.c +++ b/hw/fdc.c @@ -370,9 +370,9 @@ enum { FD_CMD_PART_ID = 0x18, FD_CMD_SCAN_LOW_OR_EQUAL = 0x19, FD_CMD_SCAN_HIGH_OR_EQUAL = 0x1d, - FD_CMD_SAVE = 0x2c, + FD_CMD_SAVE = 0x2e, FD_CMD_OPTION = 0x33, - FD_CMD_RESTORE = 0x4c, + FD_CMD_RESTORE = 0x4e, FD_CMD_DRIVE_SPECIFICATION_COMMAND = 0x8e, FD_CMD_RELATIVE_SEEK_OUT = 0x8f, FD_CMD_FORMAT_AND_WRITE = 0xcd, diff --git a/hw/ide/core.c b/hw/ide/core.c index 64aebc2..f9bb338 100644 --- a/hw/ide/core.c +++ b/hw/ide/core.c @@ -2827,10 +2827,6 @@ static void ide_dma_restart(IDEState *s, int is_read) void ide_dma_cancel(BMDMAState *bm) { if (bm->status & BM_STATUS_DMAING) { - bm->status &= ~BM_STATUS_DMAING; - /* cancel DMA request */ - bm->unit = -1; - bm->dma_cb = NULL; if (bm->aiocb) { #ifdef DEBUG_AIO printf("aio_cancel\n"); @@ -2838,6 +2834,10 @@ void ide_dma_cancel(BMDMAState *bm) bdrv_aio_cancel(bm->aiocb); bm->aiocb = NULL; } + bm->status &= ~BM_STATUS_DMAING; + /* cancel DMA request */ + bm->unit = -1; + bm->dma_cb = NULL; } } diff --git a/hw/pci.c b/hw/pci.c index 8f30f73..f8a82f7 100644 --- a/hw/pci.c +++ b/hw/pci.c @@ -317,7 +317,7 @@ static VMStateInfo vmstate_info_pci_config = { static int get_pci_irq_state(QEMUFile *f, void *pv, size_t size) { - PCIDevice *s = container_of(pv, PCIDevice, config); + PCIDevice *s = container_of(pv, PCIDevice, irq_state); uint32_t irq_state[PCI_NUM_PINS]; int i; for (i = 0; i < PCI_NUM_PINS; ++i) { @@ -339,7 +339,7 @@ static int get_pci_irq_state(QEMUFile *f, void *pv, size_t size) static void put_pci_irq_state(QEMUFile *f, void *pv, size_t size) { int i; - PCIDevice *s = container_of(pv, PCIDevice, config); + PCIDevice *s = container_of(pv, PCIDevice, irq_state); for (i = 0; i < PCI_NUM_PINS; ++i) { qemu_put_be32(f, pci_irq_state(s, i)); diff --git a/hw/usb-bus.c b/hw/usb-bus.c index 54027df..aae1fef 100644 --- a/hw/usb-bus.c +++ b/hw/usb-bus.c @@ -102,6 +102,9 @@ USBDevice *usb_create(USBBus *bus, const char *name) USBDevice *usb_create_simple(USBBus *bus, const char *name) { USBDevice *dev = usb_create(bus, name); + if (!dev) { + hw_error("Failed to create USB device '%s'\n", name); + } qdev_init_nofail(&dev->qdev); return dev; } @@ -261,7 +264,8 @@ USBDevice *usbdevice_create(const char *cmdline) USBBus *bus = usb_bus_find(-1 /* any */); DeviceInfo *info; USBDeviceInfo *usb; - char driver[32], *params; + char driver[32]; + const char *params; int len; params = strchr(cmdline,':'); @@ -272,6 +276,7 @@ USBDevice *usbdevice_create(const char *cmdline) len = sizeof(driver); pstrcpy(driver, len, cmdline); } else { + params = ""; pstrcpy(driver, sizeof(driver), cmdline); } @@ -294,7 +299,7 @@ USBDevice *usbdevice_create(const char *cmdline) } if (!usb->usbdevice_init) { - if (params) { + if (*params) { qemu_error("usbdevice %s accepts no params\n", driver); return NULL; } diff --git a/hw/usb-msd.c b/hw/usb-msd.c index 1fb62ad..9d8d044 100644 --- a/hw/usb-msd.c +++ b/hw/usb-msd.c @@ -592,6 +592,9 @@ static USBDevice *usb_msd_init(const char *filename) /* create guest device */ dev = usb_create(NULL /* FIXME */, "usb-storage"); + if (!dev) { + return NULL; + } qdev_prop_set_drive(&dev->qdev, "drive", dinfo); if (qdev_init(&dev->qdev) < 0) return NULL; diff --git a/hw/usb-net.c b/hw/usb-net.c index cfd2f62..6875f11 100644 --- a/hw/usb-net.c +++ b/hw/usb-net.c @@ -1491,6 +1491,9 @@ static USBDevice *usb_net_init(const char *cmdline) } dev = usb_create(NULL /* FIXME */, "usb-net"); + if (!dev) { + return NULL; + } qdev_set_nic_properties(&dev->qdev, &nd_table[idx]); qdev_init_nofail(&dev->qdev); return dev; diff --git a/hw/usb-serial.c b/hw/usb-serial.c index c3f3401..1410b11 100644 --- a/hw/usb-serial.c +++ b/hw/usb-serial.c @@ -594,6 +594,9 @@ static USBDevice *usb_serial_init(const char *filename) return NULL; dev = usb_create(NULL /* FIXME */, "usb-serial"); + if (!dev) { + return NULL; + } qdev_prop_set_chr(&dev->qdev, "chardev", cdrv); if (vendorid) qdev_prop_set_uint16(&dev->qdev, "vendorid", vendorid); diff --git a/hw/virtio-blk.c b/hw/virtio-blk.c index 2fd9b3f..0871d20 100644 --- a/hw/virtio-blk.c +++ b/hw/virtio-blk.c @@ -278,10 +278,20 @@ static void do_multiwrite(BlockDriverState *bs, BlockRequest *blkreq, } } -static void virtio_blk_handle_flush(VirtIOBlockReq *req) +static void virtio_blk_handle_flush(BlockRequest *blkreq, int *num_writes, + VirtIOBlockReq *req, BlockDriverState **old_bs) { BlockDriverAIOCB *acb; + /* + * Make sure all outstanding writes are posted to the backing device. + */ + if (*old_bs != NULL) { + do_multiwrite(*old_bs, blkreq, *num_writes); + } + *num_writes = 0; + *old_bs = req->dev->bs; + acb = bdrv_aio_flush(req->dev->bs, virtio_blk_flush_complete, req); if (!acb) { virtio_blk_req_complete(req, VIRTIO_BLK_S_IOERR); @@ -344,7 +354,8 @@ static void virtio_blk_handle_request(VirtIOBlockReq *req, req->in = (void *)req->elem.in_sg[req->elem.in_num - 1].iov_base; if (req->out->type & VIRTIO_BLK_T_FLUSH) { - virtio_blk_handle_flush(req); + virtio_blk_handle_flush(mrb->blkreq, &mrb->num_writes, + req, &mrb->old_bs); } else if (req->out->type & VIRTIO_BLK_T_SCSI_CMD) { virtio_blk_handle_scsi(req); } else if (req->out->type & VIRTIO_BLK_T_OUT) { diff --git a/i386.ld b/i386.ld index f2dafec..f8df7bf 100644 --- a/i386.ld +++ b/i386.ld @@ -39,8 +39,20 @@ SECTIONS .rela.fini : { *(.rela.fini) } .rel.bss : { *(.rel.bss) } .rela.bss : { *(.rela.bss) } - .rel.plt : { *(.rel.plt) } - .rela.plt : { *(.rela.plt) } + .rel.plt : + { + *(.rel.plt) + PROVIDE_HIDDEN (__rel_iplt_start = .); + *(.rel.iplt) + PROVIDE_HIDDEN (__rel_iplt_end = .); + } + .rela.plt : + { + *(.rela.plt) + PROVIDE_HIDDEN (__rela_iplt_start = .); + *(.rela.iplt) + PROVIDE_HIDDEN (__rela_iplt_end = .); + } .init : { *(.init) } =0x47ff041f .text : { diff --git a/pc-bios/optionrom/linuxboot.S b/pc-bios/optionrom/linuxboot.S index 8aebe51..c109363 100644 --- a/pc-bios/optionrom/linuxboot.S +++ b/pc-bios/optionrom/linuxboot.S @@ -106,10 +106,10 @@ copy_kernel: /* We're now running in 16-bit CS, but 32-bit ES! */ /* Load kernel and initrd */ - read_fw_blob(FW_CFG_KERNEL) - read_fw_blob(FW_CFG_INITRD) - read_fw_blob(FW_CFG_CMDLINE) - read_fw_blob(FW_CFG_SETUP) + read_fw_blob_addr32(FW_CFG_KERNEL) + read_fw_blob_addr32(FW_CFG_INITRD) + read_fw_blob_addr32(FW_CFG_CMDLINE) + read_fw_blob_addr32(FW_CFG_SETUP) /* And now jump into Linux! */ mov $0, %eax diff --git a/pc-bios/optionrom/optionrom.h b/pc-bios/optionrom/optionrom.h index 4dcb906..fbdd48a 100644 --- a/pc-bios/optionrom/optionrom.h +++ b/pc-bios/optionrom/optionrom.h @@ -50,13 +50,7 @@ bswap %eax .endm -/* - * Read a blob from the fw_cfg device. - * Requires _ADDR, _SIZE and _DATA values for the parameter. - * - * Clobbers: %eax, %edx, %es, %ecx, %edi - */ -#define read_fw_blob(var) \ +#define read_fw_blob_pre(var) \ read_fw var ## _ADDR; \ mov %eax, %edi; \ read_fw var ## _SIZE; \ @@ -65,10 +59,32 @@ mov $BIOS_CFG_IOPORT_CFG, %edx; \ outw %ax, (%dx); \ mov $BIOS_CFG_IOPORT_DATA, %dx; \ - cld; \ + cld + +/* + * Read a blob from the fw_cfg device. + * Requires _ADDR, _SIZE and _DATA values for the parameter. + * + * Clobbers: %eax, %edx, %es, %ecx, %edi + */ +#define read_fw_blob(var) \ + read_fw_blob_pre(var); \ /* old as(1) doesn't like this insn so emit the bytes instead: \ rep insb (%dx), %es:(%edi); \ */ \ + .dc.b 0xf3,0x6c + +/* + * Read a blob from the fw_cfg device in forced addr32 mode. + * Requires _ADDR, _SIZE and _DATA values for the parameter. + * + * Clobbers: %eax, %edx, %es, %ecx, %edi + */ +#define read_fw_blob_addr32(var) \ + read_fw_blob_pre(var); \ + /* old as(1) doesn't like this insn so emit the bytes instead: \ + addr32 rep insb (%dx), %es:(%edi); \ + */ \ .dc.b 0x67,0xf3,0x6c #define OPTION_ROM_START \ diff --git a/qemu-img.c b/qemu-img.c index 1d97f2e..2824178 100644 --- a/qemu-img.c +++ b/qemu-img.c @@ -537,7 +537,7 @@ static int img_convert(int argc, char **argv) BlockDriverState **bs, *out_bs; int64_t total_sectors, nb_sectors, sector_num, bs_offset; uint64_t bs_sectors; - uint8_t buf[IO_BUF_SIZE]; + uint8_t * buf; const uint8_t *buf1; BlockDriverInfo bdi; QEMUOptionParameter *param = NULL; @@ -656,6 +656,7 @@ static int img_convert(int argc, char **argv) bs_i = 0; bs_offset = 0; bdrv_get_geometry(bs[0], &bs_sectors); + buf = qemu_malloc(IO_BUF_SIZE); if (flags & BLOCK_FLAG_COMPRESS) { if (bdrv_get_info(out_bs, &bdi) < 0) @@ -788,6 +789,7 @@ static int img_convert(int argc, char **argv) } } } + qemu_free(buf); bdrv_delete(out_bs); for (bs_i = 0; bs_i < bs_n; bs_i++) bdrv_delete(bs[bs_i]); diff --git a/qemu-monitor.hx b/qemu-monitor.hx index 1aa7818..a6a36b8 100644 --- a/qemu-monitor.hx +++ b/qemu-monitor.hx @@ -888,7 +888,7 @@ ETEXI .name = "balloon", .args_type = "value:M", .params = "target", - .help = "request VM to change it's memory allocation (in MB)", + .help = "request VM to change its memory allocation (in MB)", .user_print = monitor_user_noop, .mhandler.cmd_new = do_balloon, }, diff --git a/qemu-sockets.c b/qemu-sockets.c index a88b2a7..993ce12 100644 --- a/qemu-sockets.c +++ b/qemu-sockets.c @@ -130,7 +130,8 @@ int inet_listen_opts(QemuOpts *opts, int port_offset) ai.ai_family = PF_UNSPEC; ai.ai_socktype = SOCK_STREAM; - if (qemu_opt_get(opts, "port") == NULL) { + if ((qemu_opt_get(opts, "host") == NULL) || + (qemu_opt_get(opts, "port") == NULL)) { fprintf(stderr, "%s: host and/or port not specified\n", __FUNCTION__); return -1; } diff --git a/target-ppc/helper.c b/target-ppc/helper.c index b233d4f..28504b3 100644 --- a/target-ppc/helper.c +++ b/target-ppc/helper.c @@ -2066,7 +2066,6 @@ static inline void powerpc_excp(CPUState *env, int excp_model, int excp) srr1 = SPR_SRR1; asrr0 = -1; asrr1 = -1; - msr &= ~((target_ulong)0x783F0000); switch (excp) { case POWERPC_EXCP_NONE: /* Should never happen */ diff --git a/target-ppc/op_helper.c b/target-ppc/op_helper.c index e3bd29c..ee8d8bf 100644 --- a/target-ppc/op_helper.c +++ b/target-ppc/op_helper.c @@ -1646,20 +1646,20 @@ static inline void do_rfi(target_ulong nip, target_ulong msr, void helper_rfi (void) { do_rfi(env->spr[SPR_SRR0], env->spr[SPR_SRR1], - ~((target_ulong)0x0), 1); + ~((target_ulong)0x783F0000), 1); } #if defined(TARGET_PPC64) void helper_rfid (void) { do_rfi(env->spr[SPR_SRR0], env->spr[SPR_SRR1], - ~((target_ulong)0x0), 0); + ~((target_ulong)0x783F0000), 0); } void helper_hrfid (void) { do_rfi(env->spr[SPR_HSRR0], env->spr[SPR_HSRR1], - ~((target_ulong)0x0), 0); + ~((target_ulong)0x783F0000), 0); } #endif #endif diff --git a/x86_64.ld b/x86_64.ld index 24ea77d..46d8d4d 100644 --- a/x86_64.ld +++ b/x86_64.ld @@ -35,8 +35,20 @@ SECTIONS .rela.got : { *(.rela.got) } .rel.bss : { *(.rel.bss .rel.bss.* .rel.gnu.linkonce.b.*) } .rela.bss : { *(.rela.bss .rela.bss.* .rela.gnu.linkonce.b.*) } - .rel.plt : { *(.rel.plt) } - .rela.plt : { *(.rela.plt) } + .rel.plt : + { + *(.rel.plt) + PROVIDE_HIDDEN (__rel_iplt_start = .); + *(.rel.iplt) + PROVIDE_HIDDEN (__rel_iplt_end = .); + } + .rela.plt : + { + *(.rela.plt) + PROVIDE_HIDDEN (__rela_iplt_start = .); + *(.rela.iplt) + PROVIDE_HIDDEN (__rela_iplt_end = .); + } .init : { KEEP (*(.init))