summaryrefslogtreecommitdiffstats
path: root/tests
Commit message (Collapse)AuthorAgeFilesLines
* Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into ↵Peter Maydell2014-06-163-3/+3
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | staging Block pull request # gpg: Signature made Mon 16 Jun 2014 12:22:22 BST using RSA key ID 81AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" * remotes/stefanha/tags/block-pull-request: (39 commits) QemuOpts: cleanup tmp 'allocated' member from QemuOptsList cleanup QEMUOptionParameter vpc.c: replace QEMUOptionParameter with QemuOpts vmdk.c: replace QEMUOptionParameter with QemuOpts vhdx.c: replace QEMUOptionParameter with QemuOpts vdi.c: replace QEMUOptionParameter with QemuOpts ssh.c: replace QEMUOptionParameter with QemuOpts sheepdog.c: replace QEMUOptionParameter with QemuOpts rbd.c: replace QEMUOptionParameter with QemuOpts raw_bsd.c: replace QEMUOptionParameter with QemuOpts raw-win32.c: replace QEMUOptionParameter with QemuOpts raw-posix.c: replace QEMUOptionParameter with QemuOpts qed.c: replace QEMUOptionParameter with QemuOpts qcow2.c: replace QEMUOptionParameter with QemuOpts QemuOpts: export qemu_opt_find qcow.c: replace QEMUOptionParameter with QemuOpts nfs.c: replace QEMUOptionParameter with QemuOpts iscsi.c: replace QEMUOptionParameter with QemuOpts gluster.c: replace QEMUOptionParameter with QemuOpts cow.c: replace QEMUOptionParameter with QemuOpts ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * change block layer to support both QemuOpts and QEMUOptionParamterChunyan Liu2014-06-162-2/+2
| | | | | | | | | | | | | | | | | | | | | | Change block layer to support both QemuOpts and QEMUOptionParameter. After this patch, it will change backend drivers one by one. At the end, QEMUOptionParameter will be removed and only QemuOpts is kept. Signed-off-by: Dong Xu Wang <wdongxu@linux.vnet.ibm.com> Signed-off-by: Chunyan Liu <cyliu@suse.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
| * configure: Enable dead code (lzo, snappy, quorum)Stefan Weil2014-06-161-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Those options were not enabled by default, even when the build environment would have supported them, so the corresponding code was not compiled in normal test builds like on build bots. [Building quorum by default "broke" qemu-iotests ./check 081. It turns out the 081.out master output was just bitrotted. Fix this by updating the error message. --Stefan] Signed-off-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Qiao Nuohan <qiaonuohan@cn.fujitsu.com> Reviewed-by: Benoit Canet <benoit@irqsave.net> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* | vmstate: Refactor opening of filesJuan Quintela2014-06-161-19/+19
|/ | | | | | Signed-off-by: Juan Quintela <quintela@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Amit Shah <amit.shah@redhat.com>
* Merge remote-tracking branch 'remotes/stefanha/tags/net-pull-request' into ↵Peter Maydell2014-06-091-7/+26
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | staging Net patches # gpg: Signature made Mon 09 Jun 2014 14:41:34 BST using RSA key ID 81AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" * remotes/stefanha/tags/net-pull-request: e1000: remove broken support for 82573L tests: e1000: test additional device IDs e1000: allow command-line selection of card model vmxnet3: fix msix vectors unuse net: xilinx_ethlite: Fix Rx-pong interrupt Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * e1000: remove broken support for 82573LGabriel L. Somlo2014-06-091-1/+0Star
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, e1000 support is based on the manual for the 8254xx model series. 82573x models are documented in a separate manual (see http://www.intel.com/content/dam/www/public/us/en/documents/manuals/pcie-gbe-controllers-open-source-manual.pdf) and the 82573L device ID no longer works correctly on either Linux (3.14.*) or Windows 7. This patch removes stale code claiming to support 82573L, cleaning up the code base for the remaining 8254xx model series. Signed-off-by: Gabriel Somlo <somlo@cmu.edu> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
| * tests: e1000: test additional device IDsGabriel L. Somlo2014-06-091-7/+27
| | | | | | | | | | | | | | | | | | | | | | Update e1000-test.c to check all currently supported devices. Suggested-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Gabriel Somlo <somlo@cmu.edu> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* | Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into ↵Peter Maydell2014-06-091-5/+44
|\ \ | |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | staging Block pull request # gpg: Signature made Fri 06 Jun 2014 17:08:50 BST using RSA key ID 81AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" * remotes/stefanha/tags/block-pull-request: (42 commits) qapi: Extract qapi/block.json definitions qapi: Extract qapi/block-core.json definitions qapi: create two block related json modules qapi: Extract qapi/common.json definitions sheepdog: reload only header in a case of live snapshot sheepdog: fix vdi object update after live snapshot rbd: Fix leaks in rbd_start_aio() error path qemu-img: Document check exit codes block: fix wrong order in live block migration setup blockdev: acquire AioContext in block_set_io_throttle throttle: add detach/attach test case throttle: add throttle_detach/attach_aio_context() dataplane: Support VIRTIO_BLK_T_SCSI_CMD virtio-blk: Factor out virtio_blk_handle_scsi_req from virtio_blk_handle_scsi virtio-blk: Allow config-wce in dataplane block: Move declaration of bdrv_get_aio_context to block.h raw-posix: drop raw_get_aio_fd() since it is no longer used dataplane: implement async flush dataplane: delete IOQueue since it is no longer used dataplane: use the QEMU block layer for I/O ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * throttle: add detach/attach test caseStefan Hajnoczi2014-06-041-0/+24
| | | | | | | | | | | | | | | | Add a test case that checks the timer is really removed/added by the detach/attach functions. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Benoit Canet <benoit@irqsave.net>
| * throttle: add throttle_detach/attach_aio_context()Stefan Hajnoczi2014-06-041-5/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Block I/O throttling uses timers and currently always adds them to the main loop. Throttling will break if bdrv_set_aio_context() is used to move a BlockDriverState to a different AioContext. This patch adds throttle_detach/attach_aio_context() interfaces so the throttling timers and uses them to move timers to the new AioContext. Note that bdrv_set_aio_context() already drains all requests so we're sure no throttled requests are pending. The test cases need to be updated since the throttle_init() interface has changed. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Benoit Canet <benoit@irqsave.net>
* | Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into stagingPeter Maydell2014-06-053-2/+132
|\ \ | |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | pc,pci,virtio,qdev fixes, tests new tests for SMBIOS SMBIOS fixes pc, pci fixes qdev patches stayed on list for a month with no review, as I told people on KVM forum I'm merging stuch patches if they look fine. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> * remotes/mst/tags/for_upstream: qdev: Add test of qdev_prop_check_global qdev: Display warning about unused -global tests: add smbios testing tests: rename acpi-test to bios-tables-test virtio-balloon: return empty data when no stats are available pcie_host: Turn pcie_host_init() into an instance_init SMBIOS: Fix type 17 field sizes SMBIOS: Update Type 0 struct generator for machines >= 2.1 SMBIOS: Fix endian-ness when populating multi-byte fields serial-pci: Set prog interface field of pci config to 16550 compatible Conflicts: include/hw/i386/pc.h [PMM: fixed trivial conflict in pc.h] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * qdev: Add test of qdev_prop_check_globalDon Slutz2014-06-051-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This will generate a warning from "make check": ... GTESTER tests/test-qdev-global-props Warning: "-global dynamic-prop-type-bad.prop3=103" not used GTESTER tests/check-qom-interface ... If the warning is not generated, the test will fail. Signed-off-by: Don Slutz <dslutz@verizon.com> Acked-by: Michael S. Tsirkin <mst@redhat.com>
| * tests: add smbios testingGabriel L. Somlo2014-05-271-0/+126
| | | | | | | | | | | | | | | | | | | | Add tests to find and verify the smbios entry point structure, and to walk and perform checks on the actual smbios tables. Suggested-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Gabriel Somlo <somlo@cmu.edu> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
| * tests: rename acpi-test to bios-tables-testGabriel L. Somlo2014-05-272-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The test harness for acpi (generating a boot disk, starting qemu, waiting for the BIOS to finish booting before examining guest memory, etc.) is perfectly suited for testing other bios tables beside acpi, such as e.g., smbios. This patch renames acpi-test to bios-tables-test to reflect that, and in preparation for adding smbios tests. Signed-off-by: Gabriel Somlo <somlo@cmu.edu> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* | usb: improve ehci/uhci testGerd Hoffmann2014-06-022-5/+152
| | | | | | | | | | | | | | | | | | | | * Attach usb devices to the bus. * Check initial port status register state. * Flip ehci initialization bit. * Check port status register state again to see whenever device handover to ehci worked. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* | qtest: fix qpci_config_writelGerd Hoffmann2014-06-021-1/+1
| | | | | | | | | | | | Found by Paolo. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* | tests: Check empty QMP output visitorMarcel Apfelbaum2014-05-281-0/+11
| | | | | | | | | | | | | | | | | | Checks the output visitor behaviour for NULL values. Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Acked-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
* | qom-test: Test qom-list on link<> propertiesCole Robinson2014-05-281-4/+11
| | | | | | | | | | | | | | | | | | | | | | But don't test their properties, otherwise we will recurse forever. Their properties are already tested when we encounter them as child<> properties elsewhere in the hierarchy, like /machine/unattached/... This would have caught the crash fixed by 92b3eead. Signed-off-by: Cole Robinson <crobinso@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
* | Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into ↵Peter Maydell2014-05-286-9/+450
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | staging Block pull request # gpg: Signature made Wed 28 May 2014 13:31:15 BST using RSA key ID 81AB73C8 # gpg: Can't check signature: public key not found * remotes/stefanha/tags/block-pull-request: (33 commits) block/sheepdog: Don't use qerror_report() block/sheepdog: Fix silent sd_open(), sd_create() failures block/sheepdog: Propagate errors to open and create methods block/sheepdog: Propagate errors through find_vdi_name() block/sheepdog: Propagate errors through do_sd_create() block/sheepdog: Propagate errors through sd_prealloc() block/sheepdog: Propagate errors through get_sheep_fd() block/sheepdog: Propagate errors through connect_to_sdog() block/vvfat: Propagate errors through init_directories() block/vvfat: Propagate errors through enable_write_target() block/ssh: Propagate errors to open and create methods block/ssh: Propagate errors through connect_to_ssh() block/ssh: Propagate errors through authenticate() block/ssh: Propagate errors through check_host_key() block/ssh: Drop superfluous libssh2_session_last_errno() calls block/rbd: Propagate errors to open and create methods qemu-nbd: Don't use qerror_report() blockdev: Don't use qerror_report() in do_drive_del() blockdev: Don't use qerror_report_err() in drive_init() docs: Define refcount_bits value ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * | iotests: Use _img_info in test 089Max Reitz2014-05-282-6/+1Star
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, test 089 uses $QEMU_IMG info manually in order to obtain the according output. However, the iotests should generally use _img_info as this filters out more irrelevant information such as the host image size or format specific information. Therefore, test 089 should use _img_info as well. Signed-off-by: Max Reitz <mreitz@redhat.com> Reported-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
| * | aio: Fix use-after-free in cancellation pathFam Zheng2014-05-281-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The current flow of canceling a thread from THREAD_ACTIVE state is: 1) Caller wants to cancel a request, so it calls thread_pool_cancel. 2) thread_pool_cancel waits on the conditional variable elem->check_cancel. 3) The worker thread changes state to THREAD_DONE once the task is done, and notifies elem->check_cancel to allow thread_pool_cancel to continue execution, and signals the notifier (pool->notifier) to allow callback function to be called later. But because of the global mutex, the notifier won't get processed until step 4) and 5) are done. 4) thread_pool_cancel continues, leaving the notifier signaled, it just returns to caller. 5) Caller thinks the request is already canceled successfully, so it releases any related data, such as freeing elem->common.opaque. 6) In the next main loop iteration, the notifier handler, event_notifier_ready, is called. It finds the canceled thread in THREAD_DONE state, so calls elem->common.cb, with an (likely) dangling opaque pointer. This is a use-after-free. Fix it by calling event_notifier_ready before leaving thread_pool_cancel. Test case update: This change will let cancel complete earlier than test-thread-pool.c expects, so update the code to check this case: if it's already done, done_cb sets .aiocb to NULL, skip calling bdrv_aio_cancel on them. Reported-by: Ulrich Obergfell <uobergfe@redhat.com> Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Fam Zheng <famz@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
| * | QemuOpt: add unit testsLeandro Dorileo2014-05-282-0/+444
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Cover basic aspects and API usage for QemuOpt. The current implementation covers the API's planned to be changed by Chunyan Liu in his QEMUOptionParameter replacement/cleanup job. Other APIs should be covered in future improvements. [Squashing in a small fix "QemuOpt: use qemu_find_opts_err() to avoid output on stderr in tests". qemu_find_opts() calls error_report() instead of propagating the Error object. It is undesirable to clutter test case output with error messages from a passing test. Use qemu_find_opts_err() to avoid the output on stderr. --Stefan] Signed-off-by: Leandro Dorileo <l@dorileo.org> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
| * | qemu-iotests: Handle cache mode option in 091Fam Zheng2014-05-281-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We should allow testing this on tmpfs. Any cache setting in iotests should try to obey $CACHEMODE. The cache mode is still "none" by default but overridable Signed-off-by: Fam Zheng <famz@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* | | Merge remote-tracking branch 'remotes/xtensa/tags/20140526-xtensa' into stagingPeter Maydell2014-05-281-7/+239
|\ \ \ | |/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Xtensa fixes queue 2014-05-26: - fix cross-page jumps/calls at the end of TB; - add tests for TBs and instructions crossing page boundary. # gpg: Signature made Mon 26 May 2014 09:37:39 BST using RSA key ID F83FA044 # gpg: Can't check signature: public key not found * remotes/xtensa/tags/20140526-xtensa: target-xtensa: add tests for cross-page TB target-xtensa: completely clean TLB between MMU tests target-xtensa: fix cross-page jumps/calls at the end of TB Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * | target-xtensa: add tests for cross-page TBMax Filippov2014-05-261-0/+220
| | | | | | | | | | | | Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
| * | target-xtensa: completely clean TLB between MMU testsMax Filippov2014-05-261-7/+19
| | | | | | | | | | | | Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
* | | test: lm32: use semihosting for testingMichael Walle2014-05-245-22/+103
| | | | | | | | | | | | | | | | | | | | | Instead of the lm32-sys device, use semihosting to print to the host console and exit the test. Signed-off-by: Michael Walle <michael@walle.cc>
* | | test: lm32: make test cases independentMichael Walle2014-05-248-0/+25
|/ / | | | | | | | | | | | | | | Make test cases independent from from each other. Eg. if a test case needs a specific value in register A, don't rely on the fact that it is already set by the preceding test case. Signed-off-by: Michael Walle <michael@walle.cc>
* | Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into stagingPeter Maydell2014-05-2014-18/+441
|\ \ | |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Block patches # gpg: Signature made Mon 19 May 2014 15:21:14 BST using RSA key ID C88F2FD6 # gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" * remotes/kevin/tags/for-upstream: (22 commits) block: optimize zero writes with bdrv_write_zeroes blockdev: add a function to parse enum ids from strings util: add qemu_iovec_is_zero qcow1: Stricter backing file length check qcow1: Validate image size (CVE-2014-0223) qcow1: Validate L2 table size (CVE-2014-0222) qcow1: Check maximum cluster size qcow1: Make padding in the header explicit curl: Add usage documentation curl: Add sslverify option curl: Remove broken parsing of options from url curl: Fix build when curl_multi_socket_action isn't available qemu-iotests: Fix blkdebug in VM drive in 030 qemu-iotests: Fix core dump suppression in test 039 iotests: Add test for the JSON protocol block: Allow JSON filenames check-qdict: Add test for qdict_join() qdict: Add qdict_join() block: add test for vhdx image created by Disk2VHD block: vhdx - account for identical header sections ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * block: optimize zero writes with bdrv_write_zeroesPeter Lieven2014-05-191-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | this patch tries to optimize zero write requests by automatically using bdrv_write_zeroes if it is supported by the format. This significantly speeds up file system initialization and should speed zero write test used to test backend storage performance. I ran the following 2 tests on my internal SSD with a 50G QCOW2 container and on an attached iSCSI storage. a) mkfs.ext4 -E lazy_itable_init=0,lazy_journal_init=0 /dev/vdX QCOW2 [off] [on] [unmap] ----- runtime: 14secs 1.1secs 1.1secs filesize: 937M 18M 18M iSCSI [off] [on] [unmap] ---- runtime: 9.3s 0.9s 0.9s b) dd if=/dev/zero of=/dev/vdX bs=1M oflag=direct QCOW2 [off] [on] [unmap] ----- runtime: 246secs 18secs 18secs filesize: 51G 192K 192K throughput: 203M/s 2.3G/s 2.3G/s iSCSI* [off] [on] [unmap] ---- runtime: 8mins 45secs 33secs throughput: 106M/s 1.2G/s 1.6G/s allocated: 100% 100% 0% * The storage was connected via an 1Gbit interface. It seems to internally handle writing zeroes via WRITESAME16 very fast. Signed-off-by: Peter Lieven <pl@kamp.de> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
| * qcow1: Stricter backing file length checkKevin Wolf2014-05-192-0/+18
| | | | | | | | | | | | | | | | | | | | | | | | Like qcow2 since commit 6d33e8e7, error out on invalid lengths instead of silently truncating them to 1023. Also don't rely on bdrv_pread() catching integer overflows that make len negative, but use unsigned variables in the first place. Cc: qemu-stable@nongnu.org Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Benoit Canet <benoit@irqsave.net>
| * qcow1: Validate image size (CVE-2014-0223)Kevin Wolf2014-05-192-0/+16
| | | | | | | | | | | | | | | | | | | | | | | | A huge image size could cause s->l1_size to overflow. Make sure that images never require a L1 table larger than what fits in s->l1_size. This cannot only cause unbounded allocations, but also the allocation of a too small L1 table, resulting in out-of-bounds array accesses (both reads and writes). Cc: qemu-stable@nongnu.org Signed-off-by: Kevin Wolf <kwolf@redhat.com>
| * qcow1: Validate L2 table size (CVE-2014-0222)Kevin Wolf2014-05-192-0/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Too large L2 table sizes cause unbounded allocations. Images actually created by qemu-img only have 512 byte or 4k L2 tables. To keep things consistent with cluster sizes, allow ranges between 512 bytes and 64k (in fact, down to 1 entry = 8 bytes is technically working, but L2 table sizes smaller than a cluster don't make a lot of sense). This also means that the number of bytes on the virtual disk that are described by the same L2 table is limited to at most 8k * 64k or 2^29, preventively avoiding any integer overflows. Cc: qemu-stable@nongnu.org Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Benoit Canet <benoit@irqsave.net>
| * qcow1: Check maximum cluster sizeKevin Wolf2014-05-193-0/+77
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Huge values for header.cluster_bits cause unbounded allocations (e.g. for s->cluster_cache) and crash qemu this way. Less huge values may survive those allocations, but can cause integer overflows later on. The only cluster sizes that qemu can create are 4k (for standalone images) and 512 (for images with backing files), so we can limit it to 64k. Cc: qemu-stable@nongnu.org Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Benoit Canet <benoit@irqsave.net>
| * qemu-iotests: Fix blkdebug in VM drive in 030Fam Zheng2014-05-191-1/+1
| | | | | | | | | | | | | | | | | | | | | | The test test_stream_pause in this class uses vm.pause_drive, which requires a blkdebug driver on top of image, otherwise it's no-op and the test running is undeterministic. So add it. Signed-off-by: Fam Zheng <famz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
| * qemu-iotests: Fix core dump suppression in test 039Markus Armbruster2014-05-193-12/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The shell script attempts to suppress core dumps like this: old_ulimit=$(ulimit -c) ulimit -c 0 $QEMU_IO arg... ulimit -c "$old_ulimit" This breaks the test hard unless the limit was zero to begin with! ulimit sets both hard and soft limit by default, and (re-)raising the hard limit requires privileges. Broken since it was added in commit dc68afe. Could be fixed by adding -S to set only the soft limit, but I'm not sure how portable that is in practice. Simply do it in a subshell instead, like this: (ulimit -c 0; exec $QEMU_IO arg...) Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
| * iotests: Add test for the JSON protocolMax Reitz2014-05-193-0/+185
| | | | | | | | | | | | | | | | Add a test for the JSON protocol driver. Signed-off-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
| * check-qdict: Add test for qdict_join()Max Reitz2014-05-191-0/+87
| | | | | | | | | | | | | | | | | | Add some test cases for qdict_join(). Signed-off-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Benoit Canet <benoit@irqsave.net> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
| * block: add test for vhdx image created by Disk2VHDJeff Cody2014-05-193-0/+14
| | | | | | | | | | | | | | | | | | | | | | | | This adds a test for VHDX images created by Microsoft's tool, Disk2VHD. VHDX images created by this tool have 2 identical header sections, with identical sequence numbers. This makes sure we detect VHDX images with identical headers, and do not flag them as corrupt. Signed-off-by: Jeff Cody <jcody@redhat.com> Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* | qapi: skip redundant includesBenoît Canet2014-05-166-1/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The purpose of this change is to help create a json file containing common definitions; each bit of generated C code must be emitted only one time. A second history global to all QAPISchema instances has been added to detect when a file is included more than one time and skip these includes. It does not act as a stack and the changes made to it by the __init__ function are propagated back to the caller so it's really a global state. Signed-off-by: Benoit Canet <benoit@irqsave.net> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
* | qapi: Replace uncommon use of the error API by the common oneMarkus Armbruster2014-05-154-13/+45
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We commonly use the error API like this: err = NULL; foo(..., &err); if (err) { goto out; } bar(..., &err); Every error source is checked separately. The second function is only called when the first one succeeds. Both functions are free to pass their argument to error_set(). Because error_set() asserts no error has been set, this effectively means they must not be called with an error set. The qapi-generated code uses the error API differently: // *errp was initialized to NULL somewhere up the call chain frob(..., errp); gnat(..., errp); Errors accumulate in *errp: first error wins, subsequent errors get dropped. To make this work, the second function does nothing when called with an error set. Requires non-null errp, or else the second function can't see the first one fail. This usage has also bled into visitor tests, and two device model object property getters rtc_get_date() and balloon_stats_get_all(). With the "accumulate" technique, you need fewer error checks in callers, and buy that with an error check in every callee. Can be nice. However, mixing the two techniques is confusing. You can't use the "accumulate" technique with functions designed for the "check separately" technique. You can use the "check separately" technique with functions designed for the "accumulate" technique, but then error_set() can't catch you setting an error more than once. Standardize on the "check separately" technique for now, because it's overwhelmingly prevalent. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
* | tests: Don't call visit_end_struct() after visit_start_struct() failsMarkus Armbruster2014-05-153-15/+39
|/ | | | | | | | | | | When visit_start_struct() fails, visit_end_struct() must not be called. Three out of four visit_type_TestStruct() call it anyway. As far as I can tell, visit_start_struct() doesn't actually fail there. Fix them anyway. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
* Merge remote-tracking branch 'remotes/juanquintela/tags/migration/20140515' ↵Peter Maydell2014-05-151-6/+3Star
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | into staging migration/next for 20140515 # gpg: Signature made Thu 15 May 2014 02:32:25 BST using RSA key ID 5872D723 # gpg: Can't check signature: public key not found * remotes/juanquintela/tags/migration/20140515: usb: fix up post load checks migration: show average throughput when migration finishes savevm: Remove all the unneeded version_minimum_id_old (rest) savevm: Remove all the unneeded version_minimum_id_old (usb) Split ram_save_block arch_init: Simplify code for load_xbzrle() Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * savevm: Remove all the unneeded version_minimum_id_old (rest)Juan Quintela2014-05-141-6/+3Star
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | After previous Peter patch, they are redundant. This way we don't assign them except when needed. Once there, there were lots of case where the ".fields" indentation was wrong: .fields = (VMStateField []) { and .fields = (VMStateField []) { Change all the combinations to: .fields = (VMStateField[]){ The biggest problem (appart from aesthetics) was that checkpatch complained when we copy&pasted the code from one place to another. Signed-off-by: Juan Quintela <quintela@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
* | Revert "iotests: Use configured python"Peter Maydell2014-05-159-64/+43Star
|/ | | | | | | | | | | | | This reverts commit f915db07ef9c368ea6db6430256de064fdd1525f. This commit is broken because it does not account for the build tree and the source tree being different, and can cause build failures for out-of-tree builds. Revert it until we can identify a better solution to the problem. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1400153676-30180-1-git-send-email-peter.maydell@linaro.org Acked-by: Kevin Wolf <kwolf@redhat.com>
* Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into ↵Peter Maydell2014-05-1318-104/+439
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | staging Block pull request # gpg: Signature made Fri 09 May 2014 19:57:53 BST using RSA key ID 81AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" * remotes/stefanha/tags/block-pull-request: glib: fix g_poll early timeout on windows block: qemu-iotests - test for live migration block: qemu-iotests - update 085 to use common.qemu block: qemu-iotests - add common.qemu, for bash-controlled qemu tests block/raw-posix: Try both FIEMAP and SEEK_HOLE gluster: Correctly propagate errors when volume isn't accessible vl.c: remove init_clocks call from main block: Fix open flags with BDRV_O_SNAPSHOT qemu-iotests: Test converting to streamOptimized from small cluster size vmdk: Implement .bdrv_get_info() vmdk: Implement .bdrv_write_compressed qemu-img: Convert by cluster size if target is compressed block/iscsi: bump year in copyright notice block/nfs: Check for NULL server part qemu-img: sort block formats in help message iotests: Use configured python qcow2: Fix alloc_clusters_noref() overflow detection Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * block: qemu-iotests - test for live migrationJeff Cody2014-05-093-0/+134
| | | | | | | | | | | | | | | | | | | | | | | | | | This is an initial, simple live migration test from one running VM to another, using monitor commands. This is also an example of using the new common.qemu functions for controlling multiple running qemu instances, for tests that need a live qemu vm. Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Jeff Cody <jcody@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
| * block: qemu-iotests - update 085 to use common.qemuJeff Cody2014-05-091-61/+12Star
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The new functionality of common.qemu implements the QEMU control and communication functionality that was originally in test 085. This removes that now-duplicate functionality, and uses the common.qemu functions. The QEMU commandline changes slightly due to this; in addition to monitor and qmp i/o options, the new QEMU commandline from inside common.qemu now introduces -machine accel=qtest. Reviewed-by: Benoit Canet <benoit@irqsave.net> Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Jeff Cody <jcody@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
| * block: qemu-iotests - add common.qemu, for bash-controlled qemu testsJeff Cody2014-05-091-0/+200
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This creates some common functions for bash language qemu-iotests to control, and communicate with, a running QEMU process. 4 functions are introduced: 1. _launch_qemu() This launches the QEMU process(es), and sets up the file descriptors and fifos for communication. You can choose to launch each QEMU process listening for either QMP or HMP monitor. You can call this function multiple times, and save the handle returned from each. The returned handle is in $QEMU_HANDLE. You must copy this value. Commands 2 and 3 use the handle received from _launch_qemu(), to talk to the appropriate process. 2. _send_qemu_cmd() Sends a command string, specified by $2, to QEMU. If $3 is non-NULL, _send_qemu_cmd() will wait to receive $3 as a required result string from QEMU. Failure to receive $3 will cause the test to fail. The command can optionally be retried $qemu_cmd_repeat number of times. Set $qemu_error_no_exit to not force the test the fail on exit; in this case, $QEMU_STATUS[$1] will be set to -1 on failure. 3. _timed_wait_for() Waits for a response, for up to a default of 10 seconds. If $2 is not seen in that time (anywhere in the response), then the test fails. Primarily used by _send_qemu_cmd, but could be useful standalone, as well. To prevent automatic exit (and therefore test failure), set $qemu_error_no_exit to a non-NULL value. If $silent is a non-NULL value, then output to stdout will be suppressed. 4. _cleanup_qemu() Kills the running QEMU processes, and removes the fifos. Signed-off-by: Jeff Cody <jcody@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
| * block: Fix open flags with BDRV_O_SNAPSHOTKevin Wolf2014-05-092-0/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The immediately visible effect of this patch is that it fixes committing a temporary snapshot to its backing file. Previously, it would fail with a "permission denied" error because bdrv_inherited_flags() forced the backing file to be read-only, ignoring the r/w reopen of bdrv_commit(). The bigger problem this revealed is that the original open flags must actually only be applied to the temporary snapshot, and the original image file must be treated as a backing file of the temporary snapshot and get the right flags for that. Reported-by: Jan Kiszka <jan.kiszka@web.de> Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>