This reverts commit b533f658a9.
The original code was wrong, because effectively it ignored errors
from kernel, because kernel does not return -1 on error case but
returns -errno, and does not return -EPERM for this particular ioctl.
But in some cases kernel actually returned unsuccessful result,
namely, when the dirty bitmap in requested slot does not exist
it returns -ENOENT. With new code this condition becomes an
error when it shouldn't be.
Revert that patch instead of fixing it properly this late in the
release process. I disagree with this approach, but let's make
things move _somewhere_, instead of arguing endlessly whch of
the 2 proposed fixes is better.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Message-id: 1397477644-902-1-git-send-email-mjt@msgid.tls.msk.ru
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
acpi: SSDT update
This has a fix by Igor for a regression introduced by
bridge hotplug code.
Expected test files were updated accordingly.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Mon 14 Apr 2014 13:13:35 BST using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
* remotes/mst/tags/for_upstream:
acpi-test: update expected files
acpi: fix incorrect encoding for 0x{F-1}FFFF
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
commit 58b035c7354afc0c5351ea62264c01d74196ec26
acpi: fix incorrect encoding for 0x{F-1}FFFF
changes the SSDT, update expected files accordingly.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Fix typo in build_append_int() which causes integer
truncation when it's in range 0x{F-1}FFFF by packing it
as WordConst instead of required DWordConst.
In partucular this fixes a regression: hotplug in slots 16,17,18 and 19
didn't work, since SSDT had code like this:
If (And (Arg0, 0x0000))
{
Notify (S80, Arg1)
}
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Since we use the -fstack-protector argument at both compile and
link time in the build, we must check that it works with both
a compile and a link:
* MacOSX only fails in the compile step, not linking
* some gcc cross environments only fail at the link stage (if they
require a libssp and it's not present for some reason)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1397232832-32301-1-git-send-email-peter.maydell@linaro.org
Tested-by: Alexey Kardashevskiy <aik@ozlabs.ru>
When VM guest programs multicast addresses for
a virtio net card, it supplies a 32 bit
entries counter for the number of addresses.
These addresses are read into tail portion of
a fixed macs array which has size MAC_TABLE_ENTRIES,
at offset equal to in_use.
To avoid overflow of this array by guest, qemu attempts
to test the size as follows:
- if (in_use + mac_data.entries <= MAC_TABLE_ENTRIES) {
however, as mac_data.entries is uint32_t, this sum
can overflow, e.g. if in_use is 1 and mac_data.entries
is 0xffffffff then in_use + mac_data.entries will be 0.
Qemu will then read guest supplied buffer into this
memory, overflowing buffer on heap.
CVE-2014-0150
Cc: qemu-stable@nongnu.org
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 1397218574-25058-1-git-send-email-mst@redhat.com
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Block patches for 2.0.0-rc3
# gpg: Signature made Fri 11 Apr 2014 13:37:34 BST using RSA key ID C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"
* remotes/kevin/tags/for-upstream:
block-commit: speed is an optional parameter
iscsi: Remember to set ret for iscsi_open in error case
bochs: Fix catalog size check
bochs: Fix memory leak in bochs_open() error path
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
As speed is an optional parameter for the QMP block-commit command, it
should be set to 0 if not given (as it is undefined if has_speed is
false), that is, the speed should not be limited.
Cc: qemu-stable@nongnu.org
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The old check was off by a factor of 512 and didn't consider cases where
we don't get an exact division. This could lead to an out-of-bounds
array access in seek_to_sector().
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Right now relative mode accelerates too fast, and has the 'invisible wall'
problem. SDL2 added an explicit API to handle this use case, so let's use
it.
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Unbreaks relative mouse mode with sdl2, just like was done with sdl.c
in c3aa84b6.
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
acpi: DSDT update
Two fixes here:
- Test fix to avoid warning with make check.
- Hex file update so people building QEMU
without installing iasl get exactly the same ACPI
as with.
Both should help avoid user confusion.
As it's very easy to check that the produced ACPI
binary didn't change, I think these are very low risk.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Thu 10 Apr 2014 17:09:43 BST using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
* remotes/mst/tags/for_upstream:
acpi: update generated hex files
tests/acpi: update expected DSDT files
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
MacOSX clang silently swallows unrecognized -f options when doing a link
with '-framework' also on the command line, so to detect support for
the various -fstack-protector options we must do a plain .c to .o compile,
not a complete compile-and-link.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 1397041487-28477-1-git-send-email-peter.maydell@linaro.org
commit f2ccc311df
dsdt: tweak ACPI ID for hotplug resource device
changes the DSDT, update hex files to match
Otherwise the fix is only effective if QEMU is built
with iasl.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
commit f2ccc311df
dsdt: tweak ACPI ID for hotplug resource device
changes the DSDT, update test expected files to match
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reported-by: Igor Mammedov <imammedo@redhat.com>
The raven_io_read() and raven_io_write() functions pass and
return values in little-endian format (since the IO op struct
is marked DEVICE_LITTLE_ENDIAN); however they were storing the
values in the buffer to pass to address_space_read/write()
in host-endian order, which meant that on big-endian hosts
the values were inadvertently reversed. Use the *_le_p()
accessors instead so that we are consistent regardless of
host endianness.
Strictly speaking the byte order of the buffer for
address_space_rw() is target byte order (which for PPC
will be BE) but it doesn't actually matter as long as we
are consistent about the marking on the IO op struct and
which stl_*_p().
This bug was probably introduced due to confusion caused by
the two different versions of ldl_p() and friends:
bswap.h defines versions meaning "host endianness access"
cpu-all.h defines versions meaning "target endianness access"
As a target-independent source file prep.c gets the bswap.h
versions; the very similar looking code in ioport.c is
compiled per-target and gets the cpu-all.h versions.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1396972271-22660-1-git-send-email-peter.maydell@linaro.org
Reviewed-by: Richard Henderson <rth@twiddle.net>
acpi bug fix
Here is a single last minute fix for 2.0
This changes the HID of the container used to claim
resources for CPU hotplug.
As a result, windows XP SP3 no longer brings up
an annoying "found new hardware" wizard on boot.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Tue 08 Apr 2014 13:23:30 BST using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
* remotes/mst/tags/for_upstream:
dsdt: tweak ACPI ID for hotplug resource device
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
ACPI0004 seems too new:
Windows XP complains about an unrecognized device.
This is a regression since 1.7.
Use PNP0A06 instead - Generic Container Device.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-By: Igor Mammedov <imammedo@redhat.com>
This patch changes the behavior in the relative mode to be compatible
with other UIs, namely, grabbing the input at the first left click.
It improves the usability a lot; otherwise you have to press ctl-alt-G
or select from menu at each time you want to move the pointer. Also,
the input grab is cleared when the current mode is switched to the
absolute mode.
The automatic reset of the implicit grabbing is needed since the
switching to the absolute mode happens always after the click even on
Gtk. That is, we cannot check whether the absolute mode is already
available at the first click time even though it should have been
switched in X11 input driver side.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Patch queue for ppc - 2014-04-08
This is the final queue for 2.0! It fixes a lot of bugs people have
seen during testing:
- Fix e500 SMP
- Fix book3s_64 DEC
- Fix VSX (new feature in 2.0) for LE hosts
- Fix PR KVM on top of pHyp (SLOF update)
# gpg: Signature made Tue 08 Apr 2014 10:24:18 BST using RSA key ID 03FEDC60
# gpg: Can't check signature: public key not found
* remotes/agraf/tags/signed-ppc-for-upstream:
PPC: Add l1 cache sizes for 970 and above systems
ppce500_spin: Initialize struct properly
PPC: Only enter MSR_POW when no interrupts pending
PPC: Clean up DECR implementation
target-ppc: Correct VSX Integer to FP Conversion
target-ppc: Correct VSX FP to Integer Conversion
target-ppc: Correct VSX FP to FP Conversions
target-ppc: Correct VSX Scalar Compares
target-ppc: Correct Simple VSR LE Host Inversions
target-ppc: Correct LE Host Inversion of Lower VSRs
target-ppc: Define Endian-Correct Accessors for VSR Field Access
target-ppc: Bug: VSX Convert to Integer Should Truncate
softfloat: Introduce float32_to_uint64_round_to_zero
pseries: Update SLOF firmware image to qemu-slof-20140404
PPC: E500: Set PIR default reset value rather than SPR value
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Book3s_64 guests expect the L1 cache size in device tree, so let's give
them proper values for all CPU types we support.
This fixes a "not compliant" warning with sles11 guests on -M pseries for me.
Signed-off-by: Alexander Graf <agraf@suse.de>
The spinning struct is in guest endianness, so we need to initialize
its variables in guest endianness too.
This fixes booting e500 guests with SMP on x86 for me.
Signed-off-by: Alexander Graf <agraf@suse.de>
We were entering the power saving state even when interrupts (like an
external interrupt or a decrementer interrupt) were still in flight.
In case we find a pending interrupt, don't enter power saving state.
Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Tom Musta <tmusta@gmail.com>
There are 3 different variants of the decrementor for BookE and BookS.
The BookE variant sets TSR[DIS] to 1 when the DEC value becomes 1 or 0. TSR[DIS]
is then the indicator whether the decrementor interrupt line is asserted or not.
The old BookS variant treats DEC as an edge interrupt that gets triggered when
the DEC value's top bit turns 1 from 0.
The new BookS variant maintains the assertion bit inside DEC itself. Whenever
the DEC value becomes negative (top bit set) the DEC interrupt line is asserted.
So far we implemented mostly the old BookS variant. Let's do them all properly.
This fixes booting pseries ppc64 guest images in TCG mode for me.
Signed-off-by: Alexander Graf <agraf@suse.de>
This patch corrects the VSX integer to floating point conversion instructions
by using the endian correct accessors. The auxiliary "j" index used by the
existing macros is now obsolete and is removed. The JOFFSET preprocessor
macro is also obsolete and removed.
Signed-off-by: Tom Musta <tommusta@gmail.com>
Tested-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
This patch corrects the VSX floating point to integer conversion
instructions by using the endian correct accessors. The auxiliary
"j" index used by the existing macros is now obsolete and is removed.
Signed-off-by: Tom Musta <tommusta@gmail.com>
Tested-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
This change corrects the VSX double precision to single precision and
single precision to double precisions conversion routines. The endian
correct accessors are now used. The auxiliary "j" index is no longer
necessary and is eliminated.
Signed-off-by: Tom Musta <tommusta@gmail.com>
Tested-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
This change fixes the VSX scalar compare instructions. The existing usage of "x.f64[0]"
is changed to "x.VsrD(0)".
Signed-off-by: Tom Musta <tommusta@gmail.com>
Tested-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
A common pattern in the VSX helper code macros is the use of "x.fld[i]" where
"x" is a VSR and "fld" is an argument to a macro ("f64" or "f32" is passed).
This is not always correct on LE hosts.
This change addresses all instances of this pattern to be "x.fld" where "fld" is:
- "VsrD(0)" for scalar instructions accessing 64-bit numbers
- "VsrD(i)" for vector instructions accessing 64-bit numbers
- "VsrW(i)" for vector instructions accessing 32-bit numbers
Note that there are no instances of this pattern where a scalar instruction
accesses a 32-bit number.
Note also that it would be correct to use "VsrD(i)" for scalar instructions since
the loop index is only ever "0". I have choosen to use "VsrD(0)" instead ... it
seems a little clearer.
Signed-off-by: Tom Musta <tommusta@gmail.com>
Tested-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
This change properly orders the doublewords of the VSRs 0-31. Because these
registers are constructed from separate doublewords, they must be inverted
on Little Endian hosts. The inversion is performed both when the VSR is read
and when it is written.
Signed-off-by: Tom Musta <tommusta@gmail.com>
Tested-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
This change defines accessors for VSR doubleword and word fields that
are correct from a host Endian perspective. This allows code to
use the Power ISA indexing numbers in code.
For example, the xscvdpsxws instruction has a target VSR that looks
like this:
0 32 64 127
+-----------+--------+-----------+-----------+
| undefined | SW | undefined | undefined |
+-----------+--------+-----------+-----------+
VSX helper code will use VsrW(1) to access this field.
Signed-off-by: Tom Musta <tommusta@gmail.com>
Tested-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
The various VSX Convert to Integer instructions should truncate the
floating point number to an integer value, which is equivalent to
a round-to-zero rounding mode. The existing VSX floating point to
integer conversion helpers are erroneously using the rounding mode set
int the PowerPC Floating Point Status and Control Register (FPSCR).
This change corrects this defect by using the appropriate
float*_to_*_round_to_zero() routines fro the softfloat library.
Signed-off-by: Tom Musta <tommusta@gmail.com>
Tested-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
This change adds the float32_to_uint64_round_to_zero function to the softfloat
library. This function fills out the complement of float32 to INT round-to-zero
conversion rountines, where INT is {int32_t, uint32_t, int64_t, uint64_t}.
This contribution can be licensed under either the softfloat-2a or -2b
license.
Signed-off-by: Tom Musta <tommusta@gmail.com>
Tested-by: Tom Musta <tommusta@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
The change log is:
> Isolate sc 1 detection logic
> build: auto-detect ppc64 architecture
> cas: increase hcall buffer size to accomodate 256 cpus
> usb: change device tree naming
> usb-core: adjust port numbers in set_address
> virtio-scsi: correct srplun comment
> Fix kernel loading
> Workaround to make grub2 assign server ip from dhcp ack packet only
> ELF: Enter LE binary in LE mode
> ELF loading should fail for virt != phys
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
We now reset SPRs to their reset values on CPU reset. So if we want
to have an SPR persistently changed, we need to change its default
reset value rather than the value itself manually.
Do this for SPR_BOOKE_PIR, fixing e500v2 SMP boot.
Reported-by: Frederic Konrad <fred.konrad@greensocs.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Tested-by: KONRAD Frederic <fred.konrad@greensocs.com>
In mingw64-headers-3.1.0, definition of _com_issue_error() is added, which
conflicts with definition in install.cpp. This adds version checking for
mingw headers to disable the definition when the headers>=3.1 is used.
Signed-off-by: Tomoki Sekiyama <tomoki.sekiyama@hds.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
The build rule for qga/vss-win32/qga-vss.dll is broken by commit
ba1183da9a, because it misses
qga-vss-dll-obj-y in the list of nested variables.
This fixes build of qga-vss.dll by adding qga-vss-dll-obj-y to the list.
Signed-off-by: Tomoki Sekiyama <tomoki.sekiyama@hds.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Only i386, x86_64, sparc and sparc64 qtests were cleaned up.
Make this more generic to not miss any newly tested targets.
Reported-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andreas Färber <afaerber@suse.de>
When installing modules (when --enable-modules is specified for
./configure), Makefile uses the following construct to replace all
slashes with dashes in module name:
${s//\//-}
This is a bash-specific substitution mechanism. POSIX does not
have it, and some operating systems (for example Debian) does not
implement this construct in default shell (for example dash).
Use more traditional way to perform the substitution: use `tr' tool.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Message-id: 1396707946-21351-1-git-send-email-mjt@msgid.tls.msk.ru
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
With Amazon eating Anthonys time status "Maintained" certainly isn't
true any more. Update entry accordingly.
Also add myself, so scripts/get_maintainer.pl will Cc: me, to reduce
the chance ui patches fall through the cracks on our pretty loaded
qemu-devel mailing list.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The relative pointer tracking mode was still buggy even after the
previous fix of the motion-notify-event since the events are filtered
out when the pointer moves outside the drawing window due to the
boundary check for the absolute mode.
This patch fixes the issue by moving the unnecessary boundary check
into the if block of absolute mode, and keep the coordinate in the
relative mode even if it's outside the drawing area. But this makes
the coordinate (last_x, last_y) possibly pointing to (-1,-1),
introduce a new flag to indicate the last coordinate has been
updated.
Reference: https://bugzilla.novell.com/show_bug.cgi?id=849587
Tested-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
Tested-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The GDK motion-notify-event isn't generated when the pointer goes out
of the target window even if the pointer is grabbed, which essentially
means to lose the pointer tracking in gtk-ui.
Meanwhile the generic "event" signal is sent when the pointer is
grabbed, so we can use this and pick the motion notify events manually
there instead.
Reference: https://bugzilla.novell.com/show_bug.cgi?id=849587
Tested-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
Tested-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The subsection already exists in one well-known enterprise Linux
distribution, but for some strange reason the fields were swapped
when forward-porting the patch to upstream.
Limit headaches for said enterprise Linux distributor when the
time will come to rebase their version of QEMU.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1396452782-21473-1-git-send-email-pbonzini@redhat.com
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Block patches for 2.0.0
# gpg: Signature made Fri 04 Apr 2014 20:25:08 BST using RSA key ID C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"
* remotes/kevin/tags/for-upstream:
dataplane: replace iothread object_add() with embedded instance
iothread: make IOThread struct definition public
dma-helpers: Initialize DMAAIOCB in_cancel flag
block: Check bdrv_getlength() return value in bdrv_append_temp_snapshot()
block: Fix snapshot=on for protocol parsed from filename
qemu-iotests: Remove CR line endings in reference output
block: Don't parse 'filename' option
qcow2: Put cache reference in error case
qcow2: Flush metadata during read-only reopen
iscsi: Don't set error if already set in iscsi_do_inquiry
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Before IOThread was its own object, each virtio-blk device would create
its own internal thread. We need to preserve this behavior for
backwards compatibility when users do not specify -device
virtio-blk-pci,iothread=<id>.
This patch changes how the internal IOThread object is created.
Previously we used the monitor object_add() function, which is really a
layering violation. The problem is that this needs to assign a name but
we don't have a name for this internal object.
Generating names for internal objects is a pain but even worse is that
they may collide with user-defined names.
Paolo Bonzini <pbonzini@redhat.com> suggested that the internal IOThread
object should not be named. This way the conflict cannot happen and we
no longer need object_add().
One gotcha is that internal IOThread objects will not be listed by the
query-iothreads command since they are not named. This is okay though
because query-iothreads is new and the internal IOThread is just for
backwards compatibility. New users should explicitly define IOThread
objects.
Reported-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Tested-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Initialize the dbs->in_cancel flag in dma_bdrv_io(), since qemu_aio_get()
does not return zero-initialized memory. Spotted by the clang sanitizer
(which complained when the value loaded in dma_complete() was not valid
for a bool type); this might have resulted in leaking the AIO block.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Since commit 9fd3171a, BDRV_O_SNAPSHOT uses an option QDict to specify
the originally requested image as the backing file of the newly created
temporary snapshot. This means that the filename is stored in
"file.filename", which is an option that is not parsed for protocol
names. Therefore things like -drive file=nbd:localhost:10809 were
broken because it looked for a local file with the literal name
'nbd:localhost:10809'.
This patch changes the way BDRV_O_SNAPSHOT works once again. We now open
the originally requested image as normal, and then do a similar
operation as for live snapshots to put the temporary snapshot on top.
This way, both driver specific options and parsed filenames work.
As a nice side effect, this results in code movement to factor
bdrv_append_temp_snapshot() out. This is a good preparation for moving
its call to drive_init() and friends eventually.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
If the guest attempts to execute from unreadable memory, this will
cause us to longjmp back to the main loop from inside the
target frontend decoder. For linux-user mode, this means we will
still hold the tb_ctx.tb_lock, and will deadlock when we try to
start executing code again. Unlock the lock in the return-from-longjmp
code path to avoid this.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Andrei Warkentin <andrey.warkentin@gmail.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
When checking a page range, if we found that a page was
made read-only by QEMU because it contained translated code,
we were incorrectly returning immediately after unprotecting
that page, rather than continuing to check the entire range,
so we might fail to unprotect pages later in the range, or
might incorrectly return a "success" result even if later
pages were not writable.
In particular, this could cause segfaults in a case where
signals are delivered back to back on a target architecture
which uses trampoline code in the stack frame (as AArch64
currently does). The second signal causes a segfault because
the frame cannot be written to (it was protected because
we translated and executed the restorer trampoline, and the
unprotect logic did not unprotect the whole range).
Signed-off-by: Andrei Warkentin <andrey.warkentin@gmail.com
[PMM: expanded commit message a bit]
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
For the machine models which can have a Cortex-A15 CPU (vexpress-a15 and
midway), silently continue if the CPU object has no reset-cbar property
rather than failing. This allows these boards to be used under KVM with
the "-cpu host" option, since the 'host' CPU object has no reset-cbar
property.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Rob Herring <rob.herring@linaro.org>
If the user passes an unknown CPU name via the '-cpu' option, exit
with an error message rather than segfaulting.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Rob Herring <rob.herring@linaro.org>
qemu doesn't print these CRs any more. The test still didn't fail
because the output comparison ignores line endings, but the change turns
up each time when you want to update the output.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
When using the QDict option 'filename', it is supposed to be interpreted
literally. The code did correctly avoid guessing the protocol from any
string before the first colon, but it still called bdrv_parse_filename()
which would, for example, incorrectly remove a 'file:' prefix in the
raw-posix driver.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
When qcow2_get_cluster_offset() sees a zero cluster in a version 2
image, it (rightfully) returns an error. But in doing so it shouldn't
leak an L2 table cache reference.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
If lazy refcounts are enabled for a backing file, committing to this
backing file may leave it in a dirty state even if the commit succeeds.
The reason is that the bdrv_flush() call in bdrv_commit() doesn't flush
refcount updates with lazy refcounts enabled, and qcow2_reopen_prepare()
doesn't take care to flush metadata.
In order to fix this, this patch also fixes qcow2_mark_clean(), which
contains another ineffective bdrv_flush() call beause lazy refcounts are
disabled only afterwards. All existing callers of qcow2_mark_clean()
either don't modify refcounts or already flush manually, so that this
fixes only a latent, but not yet actually triggerable bug.
Another instance of the same problem is live snapshots. Again, a real
corruption is prevented by an explicit flush for non-read-only images in
external_snapshot_prepare(), but images using lazy refcounts stay dirty.
Cc: qemu-stable@nongnu.org
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
This eliminates the possible assertion failure in error_setg().
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
FreeBSD 10.0-RELEASE has bswap16() etc. macros defined in sys/endian.h,
which leads to a conflict with our static inline definitions.
Force using the system version of the macros.
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Tested-by: Ed Maste <emaste@freebsd.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Max WRITE SAME length is also used when the UNMAP bit is zero, so it
should be queried even if LBPWS=0. Same for the optimal transfer
length.
However, the write_zeroes_alignment only matters for UNMAP=1 so we
still restrict it to LBPWS=1.
Reviewed-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Non-block SCSI devices do not support flushing, but we may still send
them requests via bdrv_flush_all. Just ignore them.
Reviewed-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Some targets may return "invalid field" as the ASCQ from WRITE SAME
if they support the command only without the UNMAP field. Recognize
that, and return ENOTSUP just like for "invalid operation code".
Reviewed-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This assertion is invalid, because get_sg_list can return an
empty sg-list even for commands that transfer no data (such
as SYNCHRONIZE CACHE).
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
SystemTap sdt.h sometimes results in compiled probes without sufficient
information to extract arguments. This can be solved in a slightly
hacky way by encouraging the compiler to place arguments into registers.
This patch fixes the apic_reset_irq_delivered() trace event on Fedora 20
with gcc-4.8.2-7.fc20 and systemtap-sdt-devel-2.4-2.fc20 on x86_64.
Signed-off-by: Frank Ch. Eigler <fche@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
preallocate() only links the first QCowL2Meta's data clusters into the
L2 table and ignores any chained QCowL2Metas in the linked list.
Chains of QCowL2Meta structs are built up when contiguous clusters span
L2 tables. Each QCowL2Meta describes one L2 table update. This is a
rare case in preallocate() but can happen.
This patch fixes preallocate() by iterating over the whole list of
QCowL2Metas. Compare with the qcow2_co_writev() function's
implementation, which is similar but also also handles request
dependencies. preallocate() only performs one allocation at a time so
there can be no dependencies.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This avoids a possible division by zero.
Convert s->tracks to unsigned as well because it feels better than
surviving just because the results of calculations with s->tracks are
converted to unsigned anyway.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The first test case would cause a huge memory allocation, leading to a
qemu abort; the second one to a too small malloc() for the catalog
(smaller than s->catalog_size), which causes a read-only out-of-bounds
array access and on big endian hosts an endianess conversion for an
undefined memory area.
The sample image used here is not an original Parallels image. It was
created using an hexeditor on the basis of the struct that qemu uses.
Good enough for trying to crash the driver, but not for ensuring
compatibility.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Even with a limit of 64k snapshots, each snapshot could have a filename
and an ID with up to 64k, which would still lead to pretty large
allocations, which could potentially lead to qemu aborting. Limit the
total size of the snapshot table to an average of 1k per entry when
the limit of 64k snapshots is fully used. This should be plenty for any
reasonable user.
This also fixes potential integer overflows of s->snapshot_size.
Suggested-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
For the L1 table to loaded for an internal snapshot, the code allocated
only enough memory to hold the currently active L1 table. If the
snapshot's L1 table is actually larger than the current one, this leads
to a buffer overflow.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The qcow2 code assumes that s->snapshots is non-NULL if s->nb_snapshots
!= 0. By having the initialisation of both fields separated in
qcow2_open(), any error occuring in between would cause the error path
to dereference NULL in qcow2_free_snapshots() if the image had any
snapshots.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
bs->total_sectors is not the highest possible sector number that could
be involved in a copy on write operation: VM state is after the end of
the virtual disk. This resulted in wrong values for the number of
sectors to be copied (n).
The code that checks for the end of the image isn't required any more
because the code hasn't been calling the block layer's bdrv_read() for a
long time; instead, it directly calls qcow2_readv(), which doesn't error
out on VM state sector numbers.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Limiting the size of a single request to INT_MAX not only fixes a
direct integer overflow in bdrv_check_request() (which would only
trigger bad behaviour with ridiculously huge images, as in close to
2^64 bytes), but can also prevent overflows in all block drivers.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This test checks for proper bounds checking of some VDI input
headers. The following is checked:
1. Max image size (1024TB) with the appropriate Blocks In Image
value (0x3fffffff) is detected as valid.
2. Image size exceeding max (1024TB) is seen as invalid
3. Valid image size but with Blocks In Image value that is too
small fails
4. Blocks In Image size exceeding max (0x3fffffff) is seen as invalid
5. 64MB image, with 64 Blocks In Image, and 1MB Block Size is seen
as valid
6. Block Size < 1MB not supported
7. Block Size > 1MB not supported
[Max Reitz <mreitz@redhat.com> pointed out that "1MB + 1" in the test
case is wrong. Change to "1MB + 64KB" to match the 0x110000 value.
--Stefan]
Signed-off-by: Jeff Cody <jcody@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Both compressed and uncompressed I/O is buffered. dmg_open() calculates
the maximum buffer size needed from the metadata in the image file.
There is currently a buffer overflow since ->lengths[] is accounted
against the maximum compressed buffer size but actually uses the
uncompressed buffer:
switch (s->types[chunk]) {
case 1: /* copy */
ret = bdrv_pread(bs->file, s->offsets[chunk],
s->uncompressed_chunk, s->lengths[chunk]);
We must account against the maximum uncompressed buffer size for type=1
chunks.
This patch fixes the maximum buffer size calculation to take into
account the chunk type. It is critical that we update the correct
maximum since there are two buffers ->compressed_chunk and
->uncompressed_chunk.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The DMG metadata is stored as uint64_t, so use the same type for
sector_num. int was a particularly poor choice since it is only 32-bit
and would truncate large values.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Chunk length and sectorcount are used for decompression buffers as well
as the bdrv_pread() count argument. Ensure that they have reasonable
values so neither memory allocation nor conversion from uint64_t to int
will cause problems.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Use the right types instead of signed int:
size_t new_size;
This is a byte count for g_realloc() that is calculated from uint32_t
and size_t values.
uint32_t chunk_count;
Use the same type as s->n_chunks, which is used together with
chunk_count.
This patch is a cleanup and does not fix bugs.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
It is not necessary to check errno for EINTR and the block layer does
not produce short reads. Therefore we can drop the loop that attempts
to read a compressed chunk.
The loop is buggy because it incorrectly adds the transferred bytes
twice:
do {
ret = bdrv_pread(...);
i += ret;
} while (ret >= 0 && ret + i < s->lengths[chunk]);
Luckily we can drop the loop completely and perform a single
bdrv_pread().
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
When a terminator is reached the base for offsets and sectors is stored.
The following records that are processed will use this base value.
If the first record we encounter is a terminator, then calculating the
base values would result in out-of-bounds array accesses. Don't do
that.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Clean up the mix of tabs and spaces, as well as the coding style
violations in block/dmg.c. There are no semantic changes since this
patch simply reformats the code.
This patch is necessary before we can make meaningful changes to this
file, due to the inconsistent formatting and confusing indentation.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The size in bytes is assigned to an int later, so check that instead of
the number of entries.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
If the size becomes larger than what qcow2_open() would accept, fail the
growing operation.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This ensures that the checks catch all invalid cluster indexes
instead of returning the refcount of a wrong cluster.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
free_cluster_index is only correct if update_refcount() was called from
an allocation function, and even there it's brittle because it's used to
protect unfinished allocations which still have a refcount of 0 - if it
moves in the wrong place, the unfinished allocation can be corrupted.
So not using it any more seems to be a good idea. Instead, use the
first requested cluster to do the calculations. Return -EAGAIN if
unfinished allocations could become invalid and let the caller restart
its search for some free clusters.
The context of creating a snapsnot is one situation where
update_refcount() is called outside of a cluster allocation. For this
case, the change fixes a buffer overflow if a cluster is referenced in
an L2 table that cannot be represented by an existing refcount block.
(new_table[refcount_table_index] was out of bounds)
[Bump the qemu-iotests 026 refblock_alloc.write leak count from 10 to
11.
--Stefan]
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
len could become negative and would pass the check then. Nothing bad
happened because bdrv_pread() happens to return an error for negative
length values, but make variables for sizes unsigned anyway.
This patch also changes the behaviour to error out on invalid lengths
instead of silently truncating it to 1023.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This avoid unbounded memory allocation and fixes a potential buffer
overflow on 32 bit hosts.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The end of the refcount table must not exceed INT64_MAX so that integer
overflows are avoided.
Also check for misaligned refcount table. Such images are invalid and
probably the result of data corruption. Error out to avoid further
corruption.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Limit the in-memory reference count table size to 8 MB, it's enough in
practice. This fixes an unbounded allocation as well as a buffer
overflow in qcow2_refcount_init().
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Header, header extension and the backing file name must all be stored in
the first cluster. Setting the backing file to a much higher value
allowed header extensions to become much bigger than we want them to be
(unbounded allocation).
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
curl_read_cb is callback function for libcurl when data arrives. The
data size passed in here is not guaranteed to be within the range of
request we submitted, so we may overflow the guest IO buffer. Check the
real size we have before memcpy to buffer to avoid overflow.
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Other variables (e.g. sectors_per_block) are calculated using these
variables, and if not range-checked illegal values could be obtained
causing infinite loops and other potential issues when calculating
BAT entries.
The 1.00 VHDX spec requires BlockSize to be min 1MB, max 256MB.
LogicalSectorSize is required to be either 512 or 4096 bytes.
Reported-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The maximum blocks_in_image is 0xffffffff / 4, which also limits the
maximum disk_size for a VDI image to 1024TB. Note that this is the maximum
size that QEMU will currently support with this driver, not necessarily the
maximum size allowed by the image format.
This also fixes an incorrect error message, a bug introduced by commit
5b7aa9b56d (Reported by Stefan Weil)
Signed-off-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This adds checks to make sure that max_table_entries and block_size
are in sane ranges. Memory is allocated based on max_table_entries,
and block_size is used to calculate indices into that allocated
memory, so if these values are incorrect that can lead to potential
unbounded memory allocation, or invalid memory accesses.
Also, the allocation of the pagetable is changed from g_malloc0()
to qemu_blockalign().
Signed-off-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
It should neither become negative nor allow unbounded memory
allocations. This fixes aborts in g_malloc() and an s->catalog_bitmap
buffer overflow on big endian hosts.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Gets us rid of integer overflows resulting in negative sizes which
aren't correctly checked.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This is an on-disk structure, so offsets must be accurate.
Before this patch, sizeof(bochs) != sizeof(header_v1), which makes the
memcpy() between both invalid. We're lucky enough that the destination
buffer happened to be the larger one, and the memcpy size to be taken
from the smaller one, so we didn't get a buffer overflow in practice.
This patch unifies the both structures, eliminating the need to do a
memcpy in the first place. The common fields are extracted to the top
level of the struct and the actually differing part gets a union of the
two versions.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
cloop stores the number of compressed blocks in the n_blocks header
field. The file actually contains n_blocks + 1 offsets, where the extra
offset is the end-of-file offset.
The following line in cloop_read_block() results in an out-of-bounds
offsets[] access:
uint32_t bytes = s->offsets[block_num + 1] - s->offsets[block_num];
This patch allocates and loads the extra offset so that
cloop_read_block() works correctly when the last block is accessed.
Notice that we must free s->offsets[] unconditionally now since there is
always an end-of-file offset.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The offsets[] array allows efficient seeking and tells us the maximum
compressed data size. If the offsets are bogus the maximum compressed
data size will be unrealistic.
This could cause g_malloc() to abort and bogus offsets mean the image is
broken anyway. Therefore we should refuse such images.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Limit offsets_size to 512 MB so that:
1. g_malloc() does not abort due to an unreasonable size argument.
2. offsets_size does not overflow the bdrv_pread() int size argument.
This limit imposes a maximum image size of 16 TB at 256 KB block size.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The following integer overflow in offsets_size can lead to out-of-bounds
memory stores when n_blocks has a huge value:
uint32_t n_blocks, offsets_size;
[...]
ret = bdrv_pread(bs->file, 128 + 4, &s->n_blocks, 4);
[...]
s->n_blocks = be32_to_cpu(s->n_blocks);
/* read offsets */
offsets_size = s->n_blocks * sizeof(uint64_t);
s->offsets = g_malloc(offsets_size);
[...]
for(i=0;i<s->n_blocks;i++) {
s->offsets[i] = be64_to_cpu(s->offsets[i]);
offsets_size can be smaller than n_blocks due to integer overflow.
Therefore s->offsets[] is too small when the for loop byteswaps offsets.
This patch refuses to open files if offsets_size would overflow.
Note that changing the type of offsets_size is not a fix since 32-bit
hosts still only have 32-bit size_t.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Avoid unbounded s->uncompressed_block memory allocation by checking that
the block_size header field has a reasonable value. Also enforce the
assumption that the value is a non-zero multiple of 512.
These constraints conform to cloop 2.639's code so we accept existing
image files.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Add a cloop format-specific test case. Later patches add tests for
input validation to the script.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Otherwise, the index of an input device like a usb-kbd is silently accepted.
(qemu) info mice
Mouse #2: QEMU PS/2 Mouse
* Mouse #3: QEMU HID Mouse
(qemu) mouse_set 1
(qemu) info mice
Mouse #2: QEMU PS/2 Mouse
* Mouse #3: QEMU HID Mouse
Also replace monitor_printf() call in do_mouse_set() with error_report() and
adjust error message.
Signed-off-by: Hani Benhabiles <hani@linux.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Flags NONBLOCK and CLOEXEC can have different values on the host and the
guest, so set correct host values before calling accept4().
This fixes several issues with accept4 system call and user-mode of QEMU.
Signed-off-by: Petar Jovanovic <petar.jovanovic@imgtec.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
QOM/QTest infrastructure fixes
* Revised QTest SIGABRT fix
* Test cleanups for non-POSIX hosts
* QTest test cases for NVMe, virtio-9p, pvpanic, i82801b11
* QTest API addition for reading events
* TMP105 fix and regression test
# gpg: Signature made Mon 31 Mar 2014 22:08:10 BST using RSA key ID 3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg: aka "Andreas Färber <afaerber@suse.com>"
* remotes/afaerber/tags/qom-devices-for-2.0:
tmp105-test: Test QOM property and precision
tmp105-test: Add a second sensor and test that one
tmp105-test: Wrap simple building blocks for testing
tmp105: Read temperature in milli-celsius
tests: Add i82801b11 qtest
pvpanic-test: Assert pause event
qtest: Factor out qtest_qmp_receive()
tests: Add pvpanic qtest
tests: Add virtio-9p qtest
tests: Add nvme qtest
nvme: Permit zero-length block devices
tests: Correctly skip qtest on non-POSIX hosts
tests: Skip POSIX-only tests on Windows
tests: Remove unsupported tests for MinGW
qtest: Keep list of qtest instances for SIGABRT handler
Revert "qtest: Fix crash if SIGABRT during qtest_init()"
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This adds a regression test for commit
efdf6a56a7 (tmp105: Read temperature in
milli-celsius).
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
This will make it easier to reach the device under test via QOM.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
The next patches will add more reads and writes. Add a simple testing
API for this.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Right now, the temperature property must be written in milli-celsius,
but it reads back the value in 8.8 fixed point. Fix this by letting the
property read back the original value (possibly rounded). Also simplify
the code that does the conversion.
Before:
(QEMU) qom-set path=/machine/peripheral/sensor property=temperature value=20000
{u'return': {}}
(QEMU) qom-get path=sensor property=temperature
{u'return': 5120}
After:
(QEMU) qom-set path=/machine/peripheral/sensor property=temperature value=20000
{u'return': {}}
(QEMU) qom-get path=sensor property=temperature
{u'return': 20000}
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
It may not be sensible for normal use cases, but it allows to use
/dev/null in QTest.
Acked-by: Keith Busch <keith.busch@intel.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
qtest test cases only work on POSIX hosts. The following line only
defines dependencies for qtest binaries on POSIX hosts:
check-qtest-$(CONFIG_POSIX)=$(foreach TARGET,$(TARGETS),$(check-qtest-$(TARGET)-y))
But the QTEST_TARGETS definition earlier in the Makefile fails to check
CONFIG_POSIX. This causes make targets to be generated for qtest test
cases even though we don't know how to build the binaries.
The following error message is printed when trying to run gtester on a
binary that was never built:
GLib-WARNING **: Failed to execute test binary: tests/endianness-test.exe: Failed to execute child process "tests/endianness-test.exe" (No such file or directory)
This patch makes QTEST_TARGETS empty on non-POSIX hosts. This prevents
the targets from being generated.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
test-rfifolock and test-vmstate only build on POSIX hosts. Exclude them
if building for Windows.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Andreas Färber <afaerber@suse.de>
test_timer_schedule and test_source_timer_schedule don't compile for MinGW
because some functions are not implemented for MinGW (qemu_pipe,
aio_set_fd_handler).
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Keep track of active qtest instances so we can kill them when the test
aborts. This ensures no QEMU processes are left running after test
failure.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel.a@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
It turns out there are test cases that use multiple libqtest instances.
We cannot use a global qtest instance in the SIGABRT handler.
This reverts commit cb201b4872.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel.a@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
irq_state is cleared before calling pci_device_deassert_intx, but the
latter misbehaves if the former isn't accurate. In this case, any raised
IRQs are not cleared, which hits an assertion in pcibus_reset:
qemu-system-x86_64: hw/pci/pci.c:250: pcibus_reset: Assertion
`bus->irq_count[i] == 0' failed.
pci_device_deassert_intx should clear irq_state anyways, so add
an assert.
This fixes migration with usb2 + usb-tablet.
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Message-id: 7da1ad94ce027183b4049c2de370cb191b0073c1.1396290569.git.crobinso@redhat.com
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
CPU address spaces touching load and store helpers as well as the
movement of (almost) all fields from CPU_COMMON to CPUState have led to
a noticeable increase of CPU() usage in "hot" paths for both TCG and KVM.
While CPU()'s OBJECT_CHECK() might help detect development errors, i.e.
in form of crashes due to QOM vs. non-QOM mismatches rather than QOM
type mismatches, it is not really needed at runtime since mostly used in
CPU-specific paths, coming from a target-specific CPU subtype. If that
pointer is damaged, other errors are highly likely to occur elsewhere
anyway.
Keep the CPU() macro for a consistent developer experience and for
flexibility to exchange its implementation, but turn it into a pure,
unchecked C cast for now.
Compare commit 6e42be7cd1.
Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Linux guests, when using more than 4GB of RAM, may end up using 1GB pages
to store (kernel) data. When this happens, we're unable to debug a running
Linux kernel with GDB:
(gdb) p node_data[0]->node_id
Cannot access memory at address 0xffff88013fffd3a0
(gdb)
GDB returns this error because x86_cpu_get_phys_page_debug() doesn't support
translating 1GB pages in IA-32e paging mode and returns an error to GDB.
This commit adds support for 1GB page translation for IA32e paging.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
acpi,pc,build bug fixes
Here are some bugfixes for 2.0.
A bugfix for acpi for pci bridges, and a build fix for
old systems without pthread_setname_np: both fix regressions
so we definitely want to include them.
HPET fix is not for a regression but looks very safe,
fixes a nasty bug and has been on list for a while.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Fri 28 Mar 2014 12:00:12 GMT using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
* remotes/mst/tags/for_upstream:
acpi: fix ACPI generation for pci bridges
Don't enable a HPET timer if HPET is disabled
Detect pthread_setname_np at configure time
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit 8dcf525abc
acpi-build: append description for non-hotplug
appended description for all occupied non hotpluggable PCI slots.
However the bridge devices are already added to SSDT,
adding them again will create an incorrect SSDT table.
Fixed by skipping the pci bridge devices, marking them as 'system'.
Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The arm ldrd/strd insns must cause alignment traps, whereas
at least for armv7 ldr/str must handle unaligned operations.
While this is hardly the only problem facing user-only emu,
this solves one problem for i386 on armv7 emulation.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reported-by: Huw Davies <huw@codeweavers.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
PowerPC queue for 2.0
* OpenPIC fix
* MSR fixes for POWER7 upwards
* TCG instruction set support fix for POWER8
# gpg: Signature made Thu 27 Mar 2014 16:12:12 GMT using RSA key ID 3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg: aka "Andreas Färber <afaerber@suse.com>"
* remotes/afaerber/tags/ppc-for-2.0:
target-ppc: MSR_POW not supported on POWER7/7+/8
target-ppc: POWER7+ supports the MSR_VSX bit
target-ppc: POWER8 supports isel
target-ppc: POWER8 supports the MSR_LE bit
intc/openpic_kvm: Fix MemListener delete region callback function
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
trivial patches for 2014-03-27
# gpg: Signature made Thu 27 Mar 2014 15:23:53 GMT using RSA key ID 74F0C838
# gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>"
# gpg: aka "Michael Tokarev <mjt@corpit.ru>"
# gpg: aka "Michael Tokarev <mjt@debian.org>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5
# Subkey fingerprint: E190 8639 3B10 B51B AC2C 8B73 5253 C5AD 74F0 C838
* remotes/mjt/tags/trivial-patches-2014-03-27: (23 commits)
linux-user: remove duplicate statement
hw/timer/grlib_gptimer: remove unnecessary assignment
hw/pci-host/apb.c: Avoid shifting left into sign bit
hw/intc/xilinx_intc: Avoid shifting left into sign bit
hw/intc/slavio_intctl: Avoid shifting left into sign bit
tests/libqos/pci-pc: Avoid shifting left into sign bit
hw/ppc: Avoid shifting left into sign bit
hw/intc/openpic: Avoid shifting left into sign bit
hw/usb/hcd-ohci.c: Avoid shifting left into sign bit
target-mips: Avoid shifting left into sign bit
hw/i386/acpi_build.c: Avoid shifting left into sign bit
hw/pci/pci_host.c: Avoid shifting left into sign bit
hw/intc/apic.c: Use uint32_t for mask word in foreach_apic
target-i386: Avoid shifting left into sign bit
CODING_STYLE: Section about mixed declarations
doc: update default PowerPC framebuffer settings
doc: update sun4m documentation
fix return check for KVM_GET_DIRTY_LOG ioctl
target-i386: Add missing 'static' and 'const' attributes
util: Add 'static' attribute to function implementation
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
A HPET timer can be started when HPET is not yet
enabled. This will not generate an interrupt
to the guest, but causes problems when HPET is later
enabled.
A timer that is created and expires at least once before
HPET is enabled will have an initialized comparator based
on a hpet_offset of 0 (uninitialized). When HPET is
enabled, hpet_set_timer() is called a second time, which
modifies the timer expiry to a time based on the
difference between current ticks (measured with the
newly initialized hpet_offset) and the timer's
comparator (which was generated before hpet_offset was
initialized). This results in a long period of no HPET
timer ticks.
When this occurs with a CentOS 5.x guest, the guest
may not receive timer interrupts during its narrow
timer check window and panic on boot.
Signed-off-by: Matt Lupfer <mlupfer@ddn.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Warn if no way of setting thread name is available.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
target-arm queue:
* Don't default to integratorcp board if no machine specified
# gpg: Signature made Thu 27 Mar 2014 14:09:12 GMT using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
* remotes/pmaydell/tags/pull-target-arm-20140327:
vl.c: Improve message when no default machine is found
hw/arm: Stop specifying integratorcp as the default board
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Avoid undefined behaviour shifting left into the sign bit.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Add U suffix when doing "1 << 31" to avoid undefined behaviour.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Add U suffix to various places where we were doing "1 << 31",
which is undefined behaviour, and also to other constant
definitions in the same groups, for consistency.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Add U suffix to avoid undefined behaviour. This is only strictly
necessary for the 1 << 31 cases; for consistency we extend it
to other constants in the same group.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Add U suffix to avoid undefined behaviour. This is only
strictly necessary for the 1<<31 cases, but we add it for the
other constants in these groups for consistency.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Add U suffix to various places where we shift a 1 left by 31,
to avoid undefined behaviour.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Use unsigned arithmetic for operations on the mask word
in the foreach_apic() macro, to avoid relying on undefined
behaviour when shifting into the sign bit.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Add 'U' suffixes where necessary to avoid (1 << 31) which
shifts left into the sign bit, which is undefined behaviour.
Add the suffix also for other constants in the same groupings
even if they don't shift into bit 31, for consistency.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
We had an unwritten rule about declarations having to be at beginning of
blocks. Make it a written rule.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
A few minor tidy-ups, plus add reference to the new -vga tcx and cg3 options.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Fix return condition check from kvm_vm_ioctl(s, KVM_GET_DIRTY_LOG, &d) to
handle internal failures or no support for memory slot dirty bitmap.
Otherwise the ioctl succeeds and continues with migration.
Addresses BUG# 1294227
Signed-off-by: Mario Smarduch <m.smarduch@samsung.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
This fixes warnings from the static code analysis (smatch).
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
The static code analyzer smatch complains because of a missing 'static'
attribute:
util/module.c:166:6: warning:
symbol 'module_load' was not declared. Should it be static?
'static' is used in the forward declaration, but not in the implementation.
Add it there, too.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
This fixes a warning from the static code analysis (smatch).
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
This fixes a warning from the static code analysis (smatch).
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
This fixes warnings from the static code analysis (smatch).
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Remove MSR_POW from the msr_mask for POWER7/7P/8.
Signed-off-by: Anton Blanchard <anton@samba.org>
Reviewed-by: Cédric Le Goater <clg@fr.ibm.com>
Tested-by: Cédric Le Goater <clg@fr.ibm.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Without MSR_VSX we die early during a Linux boot.
Signed-off-by: Anton Blanchard <anton@samba.org>
Reviewed-by: Cédric Le Goater <clg@fr.ibm.com>
Tested-by: Cédric Le Goater <clg@fr.ibm.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
migration: traces
Adds trace messages to migration path. Patches have been on list for a
while, and have been reviewed by Juan.
# gpg: Signature made Thu 27 Mar 2014 10:44:21 GMT using RSA key ID 854083B6
# gpg: Can't check signature: public key not found
* remotes/amit-migration/tags/for_upstream:
migration: add more traces
util: add qemu_ether_ntoa
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Improve the clarity of the message QEMU prints when the user
doesn't specify a machine model to use and there is no default.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel.a@redhat.com>
Currently for both qemu-system-arm and qemu-system-aarch64
the default board model if the user doesn't specify one
is the 'integratorcp'. This is a totally arbitrary historical
accident since it was the first board to be modelled.
That board is now just one target among many for us, and
is a very poor choice of default:
* it's an ancient board that is now only found in the
junkpiles of longtime ARM/Linux hackers, if at all
* it's an ARMv5 CPU, when most distros are now assuming
ARMv7
* it's pretty much unmaintained in QEMU
* it doesn't even have versatilepb's advantage of
supporting PCI
Making it or any other board the default serves only
to confuse people new to ARM who expect something more
like the x86 monoculture. Remove the is_default marker
from integratorcp, and don't set it for any other board,
to give users a nudge that they need to think about
which board they want a QEMU model of. (QEMU will produce
the admittedly slightly cryptic error "No machine found.")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
This replaces DPRINTF macro with tracepoints.
This moves some messages from migration.c to savevm.c.
This adds tracepoint to signal about fileds failed to migrate.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
The signed integer division -0x8000_0000_0000_0000 / -1 must be handled
separately to avoid an overflow on the QEMU host.
Negative overflow must be a negative number for correct sign
extension in Sparc64 mode. Use <stdint.h> constants.
Signed-off-by: Olivier Danet <odanet@caramail.com>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
acpi,virtio bug fixes
Two bugfixes for virtio-net, and one for a recent
regression in acpi.
Both issues have been reported in the wild, so
I think it's preferable to merge these ASAP so
that reporters can make sure RC fixes their issue.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Wed 26 Mar 2014 10:52:16 GMT using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
* remotes/mst/tags/for_upstream:
virtio-net: add vlan receive state to RxFilterInfo
virtio-net: Do not filter VLANs without F_CTRL_VLAN
Revert "acpi-test: rebuild SSDT"
acpi: make SSDT 1.0 spec compliant when possible
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit a07c67dfcc (Implement AT_CLKTCK.) back in March 2008 added a
new auxvec entry but didn't increment DLINFO_ITEMS, so it's been out of
sync ever since.
Bump it up to 14 so that it matches the number of NEW_AUX_ENT's that
need to be counted in create_elf_tables().
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Riku Voipio <riku.voipio@iki.fi>
Cc: Paul Brook <paul@codesourcery.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Stefan Fritsch just fixed a virtio-net driver bug [1], virtio-net won't
filter out VLAN-tagged packets if VIRTIO_NET_F_CTRL_VLAN isn't negotiated.
This patch added a new field to @RxFilterInfo to indicate vlan receive
state ('normal', 'none', 'all'). If VIRTIO_NET_F_CTRL_VLAN isn't
negotiated, vlan receive state will be 'all', then all VLAN-tagged packets
will be received by guest.
This patch also fixed a boundary issue in visiting vlan table.
[1] http://lists.nongnu.org/archive/html/qemu-devel/2014-02/msg02604.html
Signed-off-by: Amos Kong <akong@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
If VIRTIO_NET_F_CTRL_VLAN is not negotiated, do not filter out all
VLAN-tagged packets but send them to the guest.
This fixes VLANs with OpenBSD guests (and probably NetBSD, too, because
the OpenBSD driver started as a port from NetBSD).
Signed-off-by: Stefan Fritsch <sf@sfritsch.de>
Signed-off-by: Amos Kong <akong@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This reverts commit d07e0e9cdd.
Since
commit b4f4d54812
acpi: make SSDT 1.0 spec compliant when possible
We are back to old encoding.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The ACPI specification says:
The ASL compiler can emit two different AML opcodes for a Package
declaration, either PackageOp or VarPackageOp. For small, fixed-length
packages, the PackageOp is used and this opcode is compatible with ACPI
1.0. A VarPackageOp will be emitted if any of the following conditions
are true:
. The NumElements argument is a TermArg that can only be resolved at
runtime.
. At compile time, NumElements resolves to a constant that is larger than
255.
. The PackageList contains more than 255 initializer elements.
Note: The ability to create variable-sized packages was first introduced
in ACPI 2.0. ACPI 1.0 only allowed fixed-size packages with up to 255 elements.
So the spec seems to say a fixed value up to 255 must always
be used with PackageOp and not VarPackageOp, and some guests
(windows up to win2k8) seem to interpret it like this.
Let's do just this, choosing the encoding depending on
the number of elements.
Fixes 9bcc80cd71
(i386/acpi-build: allow more than 255 elements in CPON).
https://bugs.launchpad.net/bugs/1297651
Reported-by: Robert Hu <robert.hu@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
GTK without VTE is needed for hosts which don't support VTE (for example
all variants of MinGW), but it can also be reasonable for other hosts.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Previous implementation presumed that FPU registers are 64-bit and are
working in 64-bit mode. This change first checks MIPS_HFLAG_F64 and if not
set, it does load/store from the odd numbered register pair.
Patch by Matthew Fortune.
Signed-off-by: Matthew Fortune <matthew.fortune@imgtec.com>
Signed-off-by: Petar Jovanovic <petar.jovanovic@imgtec.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
A couple trivial fixes for QEMU 2.0:
- Coding correction that allowed attempts to read the device
ROM after we'd already marked it failed (Bandan)
- Cosmetic error reporting fixes to remove unnecessary new lines
and fix a cut-n-paste wording error (Alex)
# gpg: Signature made Tue 25 Mar 2014 18:18:57 GMT using RSA key ID 3BB08B22
# gpg: Can't check signature: public key not found
* remotes/awilliam/tags/vfio-pci-for-qemu-20140325.0:
vfio: Cosmetic error reporting fixes
vfio: Correction in vfio_rom_read when attempting rom loading
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* Remove terminating newlines from hw_error() and error_report() calls
* Fix cut-n-paste error in text (s/to/from/)
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Net patches
# gpg: Signature made Tue 25 Mar 2014 15:02:48 GMT using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8
* remotes/stefanha/tags/net-pull-request:
net: netmap_poll must update both read/write poll state
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Block pull request
# gpg: Signature made Tue 25 Mar 2014 14:34:45 GMT using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8
* remotes/stefanha/tags/block-pull-request:
mirror: fix early wake from sleep due to aio
mirror: fix throttling delay calculation
Fixed various typos
qemu-img: mandate argument to 'qemu-img check --repair'
osdep: initialize glib threads in all QEMU tools
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
commit e638073c56 added a flag to track whether
a previous rom read had failed. Accidentally, the code
ended up adding vfio_load_option_rom twice. (Thanks to Alex
for spotting it)
Signed-off-by: Bandan Das <bsd@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
The mirror blockjob coroutine rate-limits itself by sleeping. The
coroutine also performs I/O asynchronously so it's important that the
aio callback doesn't wake the coroutine early as that breaks
rate-limiting.
Reported-by: Joaquim Barrera <jbarrera@ac.upc.edu>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The throttling delay calculation was using an inaccurate sector count to
calculate the time to sleep. This broke rate-limiting for the block
mirror job.
Move the delay calculation into mirror_iteration() where we know how
many sectors were transferred. This lets us calculate an accurate delay
time.
Reported-by: Joaquim Barrera <jbarrera@ac.upc.edu>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
qemu-img check --repair option accepts an argument. The argument to
--repair switch can either be 'all' or 'leak'. Fix the long option to
mandate argument with --repair switch.
The patch fixes following segmentation fault
Core was generated by `qemu-img check -f qcow2 --repair all t.qcow2'.
Program terminated with signal 11, Segmentation fault.
0 in img_check (argc=6, argv=0x7fffab9b8a10) at qemu-img.c:588
588 if (!strcmp(optarg, "leaks")) {
(gdb) bt
0 img_check (argc=6, argv=0x7fffab9b8a10) at qemu-img.c:588
1 __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6
2 _start ()
(gdb)
Signed-off-by: Prasad Joshi <prasadjoshi.linux@gmail.com>
Reviewed-by: Leandro Dorileo <l@dorileo.org>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
glib versions prior to 2.31.0 require an explicit g_thread_init() call
to enable multi-threading.
Failure to initialize threading causes glib to take single-threaded code
paths without synchronization. For example, the g_slice allocator will
crash due to race conditions.
Fix this for all QEMU tool programs (qemu-nbd, qemu-io, qemu-img) by
moving the g_thread_init() call from vl.c:main() into a new
osdep.c:thread_init() constructor function.
thread_init() has __attribute__((constructor)) and is automatically
invoked by the runtime during startup.
We can now drop the "simple" trace backend's g_thread_init() call since
thread_init() already called it.
Note that we must keep coroutine-gthread.c's g_thread_init() call which
is located in a constructor function. There is no guarantee for
constructor function ordering so thread_init() may only be called later.
Reported-by: Mario de Chenno <mario.dechenno@unina2.it>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
target-arm queue for 2.0:
* Fix wrong-results bug in A64 Neon MLS instruction
* Fix loading of ELF images for 32 bit boards in qemu-system-aarch64
# gpg: Signature made Mon 24 Mar 2014 17:14:07 GMT using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
* remotes/pmaydell/tags/pull-target-arm-20140324:
target-arm: Load ELF images with the correct machine type for CPU
target-arm: Fix A64 Neon MLS
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
acpi,pc,test bug fixes
More small fixes all over the place.
Notably fixes for big-endian hosts by Marcel.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Mon 24 Mar 2014 10:41:07 GMT using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67
# Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469
* remotes/mst/tags/for_upstream:
tests/acpi-test: do not fail if iasl is broken
vl.c: Use MAX_CPUMASK_BITS macro instead of hardcoded constant
sysemu.h: Document what MAX_CPUMASK_BITS really limits
acpi: fix endian-ness for table ids
acpi-test: signature endian-ness fixes
i386/acpi-build: support hotplug of VCPU with APIC ID 0xFF
acpi-test: rebuild SSDT
i386/acpi-build: allow more than 255 elements in CPON
pc: Refuse max_cpus if it results in too large APIC ID
acpi: Don't use MAX_CPUMASK_BITS for APIC ID bitmap
acpi: Assert sts array limit on AcpiCpuHotplug_add()
pc: Refuse CPU hotplug if the resulting APIC ID is too large
acpi: Add ACPI_CPU_HOTPLUG_ID_LIMIT macro
acpi-test: update expected SSDT files
acpi-build: fix misaligned access
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
When trying to load an ELF file specified via -kernel, we need to
pass load_elf() the ELF machine type corresponding to the CPU we're
booting with, not the one corresponding to the softmmu binary
we happen to be running. (The two are different in the case of
loading a 32-bit ARM ELF file into a 32 bit CPU being emulated
by qemu-system aarch64.) This was causing us to incorrectly fail
to load ELF images in this situation.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Message-id: 1395427476-25546-1-git-send-email-peter.maydell@linaro.org
The order of operands for the accumulate step in disas_simd_3same_int()
was reversed. This only affected the MLS instruction, since all the
other accumulating instructions in this category perform an addition
rather than a subtraction.
Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Tested-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
There is an issue with iasl on big endian machines: It
cannot disassemble acpi tables taken from little endian
machines, so we cannot check the expected tables.
The acpi test will check if the expected aml files
can be disassembled, and will issue an warning not
failing the test on those machines until this
problem is solved by the acpica community.
Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Current tablet + spice is unusable. Regressed with the UI input rework.
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
PowerPC queue for 2.0
* sPAPR loop fix
* SPR reset fix
* Reduce allocation size of indirect opcode tables
* Restrict number of CPU threads
* sPAPR H_SET_MODE fixes
* sPAPR firmware path fixes
* Static and constness cleanups
# gpg: Signature made Thu 20 Mar 2014 01:46:14 GMT using RSA key ID 3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg: aka "Andreas Färber <afaerber@suse.com>"
* remotes/afaerber/tags/ppc-for-2.0:
spapr: Implement interface to fix device pathname
spapr: QOM'ify pseries machine
spapr_vio: Fix firmware names
spapr_llan: Add to boot device list
qdev: Introduce FWPathProvider interface
vl.c: Extend get_boot_devices_list() to ignore suffixes
spapr_hcall: Fix little-endian resource handling in H_SET_MODE
target-ppc: Introduce powerisa-207-server flag
target-ppc: Force CPU threads count to be a power of 2
target-ppc: Fix overallocation of opcode tables
target-ppc: Reset SPRs on CPU reset
spapr_hcall: Fix h_enter to loop correctly
target-ppc: Add missing 'static' and 'const' attributes
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This extends the pseries machine type with the interface to fix firmware
pathnames for devices which have @bootindex property.
This fixes SCSI disks' device node names (which are wildcard nodes in
the device-tree), for spapr-vscsi, virtio-scsi and usb-storage.
This fixes PHB name from "pci" to "pci@XXXX" where XXXX is a BUID as
there is no bus on top of sPAPRPHBState where PHB firmware name could
be fixed using the BusClass::get_fw_dev_path() mechanism.
This stores the boot list in the /chosen/qemu,boot-list property of
the device tree. "\n" are replaced by spaces to support OF1275.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Andreas Färber <afaerber@suse.de>
This changes VIO bridge fw name from spapr-vio-bridge to vdevice and
vscsi/veth node names from QEMU object names to VIO specific device tree
names.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Andreas Färber <afaerber@suse.de>
QEMU supports firmware names for all devices in the QEMU tree but
some architectures expect some parts of firmware path names in different
format.
This introduces a firmware-pathname-change interface definition.
If some machines needs to redefine the firmware path format, it has
to add the TYPE_FW_PATH_PROVIDER interface to an object that is above
the device on the QOM tree (typically /machine).
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Andreas Färber <afaerber@suse.de>
As suffixes do not make sense for sPAPR's device tree and
there is no way to filter them out on the BusState::get_fw_dev_path()
level, let's add an ability for the external caller to specify
whether to apply suffixes or not.
We could handle suffixes in SLOF (ignored for now) but this would require
serious rework in the node opening code in SLOF, which has no obvious
benefit for the currently emulated sPAPR machine.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Andreas Färber <afaerber@suse.de>
This changes resource code definitions to ones used in the host kernel.
This fixes H_SET_MODE_RESOURCE_LE (switch between big endian and
little endian) to sync registers from KVM before changing LPCR value.
This adds a set_spr() helper to update an SPR in a CPU's context to avoid
possible races and makes use of it to change LPCR.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
This flag will be used to decide whether to emulate some bits of
H_SET_MODE hypercall because some are POWER8-only.
While we are here, add 2.05 flag to POWER8 family too. POWER7/7+ already
have it.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
PowerPC kernel expects the number of SMT threads in a core to be a power
of 2. Since QEMU doesn't enforce this, it leads to an early guest kernel
crash if invalid threads count is specified.
Prevent this crash and make it a graceful exit from QEMU itself by
validating the user-supplied threads count.
Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Stewart Smith <stewart@linux.vnet.ibm.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
create_new_table() should allocate 0x20 opc_handler_t pointers, but
actually allocates 0x20 opc_handler_t structs. Fix this.
Signed-off-by: Stuart Brady <sdb@zubnet.me.uk>
Reviewed-by: Tom Musta <tommusta@gmail.com>
Tested-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
This resets SPR values to defaults on CPU reset. This should help
with little-endian guests reboot issues.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
We wanted to loop till index is 8. On 8 we return with H_PTEG_FULL. If we
are successful in loading hpte with any other index, we continue with that
index value.
Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
PReP machine and devices
* Raven PCI host bridge memory fixes (remainder)
# gpg: Signature made Wed 19 Mar 2014 23:35:08 GMT using RSA key ID 3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg: aka "Andreas Färber <afaerber@suse.com>"
* remotes/afaerber/tags/prep-for-2.0:
raven: Use raven_ for all function prefixes
raven: Fix PCI bus accesses with size > 1
raven: Add PCI bus mastering address space
raven: Set a correct PCI memory region
raven: Set a correct PCI I/O memory region
raven: Implement non-contiguous I/O region
raven: Rename intack region to pci_intack
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This has been tested on Linux 2.4/PPC with the lsi53c895a SCSI adapter.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
PCI memory region is 0x3f000000 bytes starting at 0xc0000000.
However, keep compatibility with Open Hack'Ware expectations
by adding a hack for Open Hack'Ware display.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
PCI I/O region is 0x3f800000 bytes starting at 0x80000000.
Do not use global QEMU I/O region, which is only 64KB.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Regions added subsequently will also have the pci_ prefix.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
QOM CPUState refactorings / X86CPU
* CPUState layout optimization for TCG
# gpg: Signature made Wed 19 Mar 2014 21:51:46 GMT using RSA key ID 3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg: aka "Andreas Färber <afaerber@suse.com>"
* remotes/afaerber/tags/qom-cpu-for-2.0:
cpu: Move tcg_exit_req to the end of CPUState
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
QOM child properties take a reference to the object and release it when
the property is deleted. Therefore we should unref the default_backend
after we have added it as a child property.
Cc: KONRAD Frederic <fred.konrad@greensocs.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
There are currently three types of object_property_add_link() callers:
1. The link property may be set at any time.
2. The link property of a DeviceState instance may only be set before
realize.
3. The link property may never be set, it is read-only.
Something similar can already be achieved with
object_property_add_str()'s set() argument. Follow its example and add
a check() argument to object_property_add_link().
Also provide default check() functions for case #1 and #2. Case #3 is
covered by passing a NULL function pointer.
Cc: Peter Crosthwaite <peter.crosthwaite@petalogix.com>
Cc: Alexander Graf <agraf@suse.de>
Cc: Anthony Liguori <aliguori@amazon.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
[AF: Tweaked documentation comment]
Signed-off-by: Andreas Färber <afaerber@suse.de>
Some object_property_add_link() callers expect property deletion to
unref the link property object. Other callers expect to manage the
refcount themselves. The former are currently broken and therefore leak
the link property object.
This patch adds a flags argument to object_property_add_link() so the
caller can specify which refcount behavior they require. The new
OBJ_PROP_LINK_UNREF_ON_RELEASE flag causes the link pointer to be
unreferenced when the property is deleted.
This fixes refcount leaks in qdev.c, xilinx_axidma.c, xilinx_axienet.c,
s390-virtio-bus.c, virtio-pci.c, virtio-rng.c, and ui/console.c.
Rationale for refcount behavior:
* hw/core/qdev.c
- bus children are explicitly unreferenced, don't interfere
- parent_bus is essentially a read-only property that doesn't hold a
refcount, don't unref
- hotplug_handler is leaked, do unref
* hw/dma/xilinx_axidma.c
- rx stream "dma" links are set using set_link, therefore they
need unref
- tx streams are set using set_link, therefore they need unref
* hw/net/xilinx_axienet.c
- same reasoning as hw/dma/xilinx_axidma.c
* hw/pcmcia/pxa2xx.c
- pxa2xx bypasses set_link and therefore does not use refcounts
* hw/s390x/s390-virtio-bus.c
* hw/virtio/virtio-pci.c
* hw/virtio/virtio-rng.c
* ui/console.c
- set_link is used and there is no explicit unref, do unref
Cc: Peter Crosthwaite <peter.crosthwaite@petalogix.com>
Cc: Alexander Graf <agraf@suse.de>
Cc: Anthony Liguori <aliguori@amazon.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
The error behavior of object_property_set_link() is dangerous. It sets
the link property object to NULL if an error occurs. A setter function
should either succeed or fail, it shouldn't leave the value NULL on
failure.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
The path resolution logic in object_property_set_link() should be a
separate function. This makes the code easier to read and maintain.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Machine rewriting added MACHINE() macro which is
already in use by other OpenBSD library.
Since qemu/sockets.h exposes the OpenBSD namespace,
the minimalistic approach is to add it as the first QEMU include.
Reported-by: Brad Smith <brad@comstyle.com>
Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Since commit 261747f176 (vl: Use MachineClass instead of global
QEMUMachine list) valgrind complains about the following:
==54082== 57 bytes in 3 blocks are definitely lost in loss record 365 of
729
==54082== at 0x4031AFE: malloc (vg_replace_malloc.c:292)
==54082== by 0x4145569: g_malloc (in
/usr/lib64/libglib-2.0.so.0.3400.2)
==54082== by 0x415F9E9: g_strconcat (in
/usr/lib64/libglib-2.0.so.0.3400.2)
==54082== by 0x80157FE7: qemu_register_machine (vl.c:1597)
==54082== by 0x80208E6B: module_call_init (module.c:105)
==54082== by 0x80013B91: main (vl.c:3000)
Turns out that valgrind is right. We simply forget the memory that
g_strconcat() has allocated. Lets free it after the type_register().
We need a 2nd variable due to constness of the name part of the
type structure.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Commit 259186a7d2 (cpu: Move halted and
interrupt_request fields to CPUState) passed CPUState::env_ptr to
tlb_flush() directory rather than through a typed variable.
Commit 00c8cb0a36 (cputlb: Change
tlb_flush() argument to CPUState) now changed the argument type.
This was unnoticed by gcc because env_ptr is a void pointer.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
This fixes warnings from the static code analysis (smatch).
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Andreas Färber <afaerber@suse.de>
* remotes/riku/linux-user-for-upstream:
linux-user: Implement capget, capset
linux-user: Don't allow guest to block SIGSEGV
signal: added a wrapper for sigprocmask function
linux-user: Don't reserve space for commpage for AArch64
linux-user: implement F_[GS]ETOWN_EX
linux-user: Don't return uninitialized value for atomic_barrier syscall
linux-user/signal.c: Correct error path for AArch64 do_rt_sigreturn
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Block patches for 2.0.0-rc1
# gpg: Signature made Wed 19 Mar 2014 13:03:27 GMT using RSA key ID C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"
* remotes/kevin/tags/for-upstream:
dataplane: fix implicit IOThread refcount
block/nfs: report errors from libnfs
block/nfs: bump libnfs requirement to 1.9.3
qcow2: Fix fail path in realloc_refcount_block()
qcow2: Correct comment for realloc_refcount_block()
qemu-io: Extended "--cmd" description in usage text
qemu-io-cmds: Fixed typo in example for writev.
block: Add error handling to bdrv_invalidate_cache()
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target-arm queue:
* last few A64 Neon instructions
* fix some PL011 UART bugs causing occasional serial lockups
* fix the non-PCI AHCI device
# gpg: Signature made Wed 19 Mar 2014 12:00:59 GMT using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
* remotes/pmaydell/tags/pull-target-arm-20140319:
target-arm: A64: Add saturating accumulate ops (USQADD/SUQADD)
target-arm: A64: Add saturating int ops (SQNEG/SQABS)
pl011: fix incorrect logic to set the RXFF flag
pl011: fix UARTRSR accesses corrupting the UARTCR value
pl011: reset the fifo when enabled or disabled
ahci: fix sysbus support
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
When creating an IOThread implicitly (the user did not specify
x-iothread=<id>) remember that iothread_find() does not return the
object with an incremented refcount.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
if an NFS operation fails we should report what libnfs knows
about the failure. It is likely more than just an error code.
Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
libnfs prior to 1.9.3 contains a bug that will report
wrong transfer sizes if the file offset grows beyond 4GB
and RPC responses are received out of order. this
error is not detectable and fixable in qemu.
additionally 1.9.3 introduces support for handling short
read/writes in general and takes care of the necessary
retransmissions internally.
Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
If qcow2_alloc_clusters() fails, new_offset and ret will both be
negative after the fail label, thus passing the first if condition and
subsequently resulting in a call of qcow2_free_clusters() with an
invalid (negative) offset parameter. Fix this by introducing a new label
"fail_free_cluster" which is only invoked if new_offset is indeed
pointing to a newly allocated cluster that should be cleaned up by
freeing it.
While we're at it, clean up the whole fail path. qcow2_cache_put()
should (and actually can) never fail, hence the return value can safely
be ignored (aside from asserting that it indeed did not fail).
Furthermore, there is no reason to give QCOW2_DISCARD_ALWAYS to
qcow2_free_clusters(), a mere QCOW2_DISCARD_OTHER will suffice.
Ultimately, rename the "fail" label to "done", as it is invoked both on
failure and success.
Suggested-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Contrary to the comment describing this function's behavior, it does not
return 0 on success, but rather the offset of the newly allocated
cluster. This patch adjusts the comment accordingly to reflect the
actual behavior.
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
It's not clear from the usage description that "--cmd" option accepts
its argument as a string, so any special symbols have to be quoted from
the shell.
Updates in usage text:
- Specified parameter format for "--cmd" option.
- Added an instruction how to get help for "--cmd" option.
Signed-off-by: Maria Kustova <maria.k@catit.be>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
If it returns an error, the migrated VM will not be started, but qemu
exits with an error message.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Benoit Canet <benoit@irqsave.net>
Add the saturating accumulate operations USQADD and SUQADD
to the A64 instruction set. This completes coverage of A64 Neon.
These operations (which are unsigned + signed -> signed and
signed + unsigned -> unsigned) don't exist in the A32/T32
instruction set, so require a complete new set of helper functions.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
This mostly re-uses the existing NEON helpers with an additional two for
the 64 bit case. I also took the opportunity to add TCG_CALL_NO_RWG
options to the helpers as they don't modify globals (saturation flags
are in the CPU Environment).
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Offset 4 is UARTRSR/UARTECR, not the UARTCR. The UARTCR would be
corrupted if the UARTRSR is ever written. Fix by implementing a correct
model of the UARTRSR/UARTECR register. Reads of this register simply
reflect the error bits in data register. Only breaks can be triggered in
QEMU. With the pl011_can_receive function, we effectively have flow
control between the host and the model. Framing and parity errors simply
don't make sense in the model and will never occur.
Signed-off-by: Rob Herring <rob.herring@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1395166721-15716-3-git-send-email-robherring2@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Intermittent issues have been seen where no serial input occurs. It
appears the pl011 gets in a state where the rx interrupt never fires
because the rx interrupt only asserts when crossing the fifo trigger
level. The fifo state appears to get out of sync when the pl011 is
re-configured. This combined with the rx timeout interrupt not being
modeled results in no more rx interrupts.
Disabling the fifo is the recommended way to clear the tx fifo in the
TRM (section 3.3.8). The behavior in this case for the rx fifo is
undefined in the TRM, but having fifo contents to be maintained during
configuration changes is not likely expected behavior. Reseting the
fifo state when the fifo size is changed is the simplest solution.
Signed-off-by: Rob Herring <rob.herring@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1395166721-15716-2-git-send-email-robherring2@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Non-PCI AHCI support is broken due to assertion failures when trying
to convert AHCIState to a PCIDevice pointer as AHCIState can have
different container structs. Fix this by using the non-asserting object
cast and checking the returned pointer is not NULL.
The AddressSpace pointer is also being initialized to NULL and causing
dma_memory_map call to fail. Fix this by initializing to
address_space_memory for sysbus instances.
Also correct AHCI_VMSTATE to use the correct container SysbusAHCIState
for sysbus instances.
Signed-off-by: Rob Herring <rob.herring@linaro.org>
Message-id: 1392073373-3295-1-git-send-email-robherring2@gmail.com
[PMM: added linebreaks to fix overlong lines]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
when using signature for table ID, we forgot to byte-swap it.
signatures are really ASCII strings, let's treat them as such.
While at it, get rid of most of _SIGNATURE macros.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Building on the previous patch, raise the maximal count of processor
objects / NTFY branches / CPON elements from 255 to 256. This allows the
VCPU with APIC ID 0xFF to be hotplugged.
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
commit 9bcc80cd71
i386/acpi-build: allow more than 255 elements in CPON
Replaces 0x1 with a smaller One constant.
rebuild expected SSDT.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The build_ssdt() function builds a number of AML objects that are related
to CPU hotplug, and whose IDs form a contiguous sequence of APIC IDs.
(APIC IDs are in fact discontiguous, but this is the traditional
interface: build a contiguous sequence from zero up that covers all
possible APIC IDs.) These objects are:
- a Processor() object for each VCPU,
- a NTFY method, with one branch for each VCPU,
- a CPON package with one element (hotplug status byte) for each VCPU.
The build_ssdt() function currently limits the *count* of processor
objects, and NTFY branches, and CPON elements, in 0xFF (see the assignment
to "acpi_cpus"). This allows for an inclusive APIC ID range of [0..254].
This is incorrect, because the highest APIC ID that we otherwise allow a
VCPU to take is 255.
In order to extend the maximum count to 256, and the traversed APIC ID
range correspondingly to [0..255]:
- the Processor() objects need no change,
- the NTFY method also needs no change,
- the CPON package must be updated, because it is defined with a
DefPackage, and the number of elements in such a package can be at most
255. We pick a DefVarPackage instead.
We replace the Op byte, and the encoding of the number of elements.
Compare:
DefPackage := PackageOp PkgLength NumElements PackageElementList
DefVarPackage := VarPackageOp PkgLength VarNumElements PackageElementList
PackageOp := 0x12
VarPackageOp := 0x13
NumElements := ByteData
VarNumElements := TermArg => Integer
The build_append_int() function implements precisely the following TermArg
encodings (a subset of what the ACPI spec describes):
TermArg := DataObject
DataObject := ComputationalData
ComputationalData := ConstObj | ByteConst | WordConst | DWordConst
directly encoded in the function, with build_append_byte():
ConstObj := ZeroOp | OneOp
ZeroOp := 0x00
OneOp := 0x01
call to build_append_value(..., 1):
ByteConst := BytePrefix ByteData
BytePrefix := 0x0A
ByteData := 0x00 - 0xFF
call to build_append_value(..., 2):
WordConst := WordPrefix WordData
WordPrefix := 0x0B
WordData := ByteData[0:7] ByteData[8:15]
call to build_append_value(..., 4):
DWordConst := DWordPrefix DWordData
DWordPrefix := 0x0C
DWordData := WordData[0:15] WordData[16:31]
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This changes the PC initialization code to reject max_cpus if it results
in an APIC ID that's too large, instead of aborting or erroring out when
it is already too late.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
MAX_CPUMASK_BITS is a limit for max_cpus and CPU indexes, not for APIC
IDs.
ACPI_CPU_HOTPLUG_ID_LIMIT is the right macro for the limit on APIC IDs
on the ACPI and CPU hotplug code.
There are no functional changes introduced by this patch, as
MAX_CPUMASK_BITS + 1 == 255 + 1 == 256 == ACPI_CPU_HOTPLUG_ID_LIMIT.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
AcpiCpuHotplug_add() can't handle vCPU arch IDs larger than
ACPI_CPU_HOTPLUG_ID_LIMIT. Instead of corrupting memory in case the vCPU
ID is too large, use g_assert() to ensure we are not over the limit.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The ACPI CPU hotplug code requires APIC IDs to be smaller than
ACPI_CPU_HOTPLUG_ID_LIMIT, so enforce the limit before trying to hotplug
a new vCPU, returning an error instead of crashing.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The new macro will be helpful to allow us to detect too large SMP limits
before it is too late.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
this fixes invalid rectangle updates observed after commit 12b316d
with the vmware VGA driver. The issues occured because the server
and client surface update seems to be out of sync at some points
and the max width of the surface is not dividable by
VNC_DIRTY_BITS_PER_PIXEL (16).
Reported-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
4 small patches:
- Fixing findings of valgrind regarding minor memory leaks:
Currently we forget the pointer of qemu_allocate_irqs. Since we never
free the irqs, this is not critical, but obviously not good programming
style. While we are at it, we dont need the irq infrastructure for
the sclp consoles.
- Handle new ELF error codes for BIOS loading
# gpg: Signature made Mon 17 Mar 2014 21:34:12 GMT using RSA key ID B5A61C7C
# gpg: Can't check signature: public key not found
* remotes/borntraeger/tags/kvm-s390-20140317:
s390x/sclpconsole-lm: Fix and simplify irq setup
s390x/sclpconsole: Fix and simplify interrupt injection
s390x/cpu hotplug: Fix memory leak
s390/ipl: Fix error path on BIOS loading
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
valgrind complains about a memory leak in irq setup of sclpconsole:
==42117== 8 bytes in 1 blocks are definitely lost in loss record 89of 833
==42117== at 0x4031AFE: malloc (vg_replace_malloc.c:292)
==42117== by 0x8022F855: malloc_and_trace (vl.c:2715)
==42117== by 0x4145569: g_malloc (in /usr/lib64/libglib-2.0.so.0.3400.2)
==42117== by 0x800F696D: qemu_extend_irqs (irq.c:51)
==42117== by 0x800F6AF7: qemu_allocate_irqs (irq.c:68)
==42117== by 0x800F5685: console_init (sclpconsole.c:235)
==42117== by 0x80297C79: event_realize (event-facility.c:386)
==42117== by 0x80105071: device_set_realized (qdev.c:693)
==42117== by 0x801CDC4B: property_set_bool (object.c:1337)
==42117== by 0x801CBD7F: object_property_set (object.c:819)
[...]
We dont need the indirection of an qemu irq to inject an slcp interrupt.
Fixes a valgrind error and makes the code simpler.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Acked-by: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
valgrind complains about a memory leak in irq setup of sclpconsole:
==42117== 8 bytes in 1 blocks are definitely lost in loss record 89 of 833
==42117== at 0x4031AFE: malloc (vg_replace_malloc.c:292)
==42117== by 0x8022F855: malloc_and_trace (vl.c:2715)
==42117== by 0x4145569: g_malloc (in /usr/lib64/libglib-2.0.so.0.3400.2)
==42117== by 0x800F696D: qemu_extend_irqs (irq.c:51)
==42117== by 0x800F6AF7: qemu_allocate_irqs (irq.c:68)
==42117== by 0x800F5685: console_init (sclpconsole.c:235)
==42117== by 0x80297C79: event_realize (event-facility.c:386)
==42117== by 0x80105071: device_set_realized (qdev.c:693)
==42117== by 0x801CDC4B: property_set_bool (object.c:1337)
==42117== by 0x801CBD7F: object_property_set (object.c:819)
[...]
Turns out that we actually dont need the indirection, so trigger the
sclp interrupt directly.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Acked-by: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
valgrind complains about the following:
==42117== 8 bytes in 1 blocks are definitely lost in loss record 88 of 833
==42117== at 0x4031AFE: malloc (vg_replace_malloc.c:292)
==42117== by 0x8022F855: malloc_and_trace (vl.c:2715)
==42117== by 0x4145569: g_malloc (in /usr/lib64/libglib-2.0.so.0.3400.2)
==42117== by 0x800F696D: qemu_extend_irqs (irq.c:51)
==42117== by 0x800F6AF7: qemu_allocate_irqs (irq.c:68)
==42117== by 0x8029FA4B: irq_cpu_hotplug_init (sclpcpu.c:84)
==42117== by 0x80297C79: event_realize (event-facility.c:386)
==42117== by 0x80105071: device_set_realized (qdev.c:693)
[...]
Right it is. Don't drop the pointer of the irq.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Jason J. Herne <jjherne@us.ibm.com>
commit 18674b2678
(elf-loader: add more return codes) enabled the elf loader to return
other errors than -1.
Lets also handle that case for our "BIOS" on s390.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
CC: Alexey Kardashevskiy <aik@ozlabs.ru>
CC: Alexander Graf <agraf@suse.de>
All of the helpers with the explicit big/little endian option
require the return address as a parameter. Acquire this via
a trampoline.
Move the load of areg0 into the trampoline.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Pass address registers explicitly, rather than as indicies of args[].
It's two argument registers either way. Use more TCGReg as appropriate.
Signed-off-by: Richard Henderson <rth@twiddle.net>
We were computing the full address into %o0 and then not using it.
Adjust some of the computation to rely less on having to pull immediate
values into registers.
Signed-off-by: Richard Henderson <rth@twiddle.net>
This adds support for [UF]RSQRTE instructions. It utilises the existing
NEON helpers with some changes. The changes include an explicit passing
of fpstatus (so the correct one is used between arm32 and aarch64),
denormilzation, more correct error handling and also proper scaling of
the fraction going into the estimate.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1394822294-14837-25-git-send-email-peter.maydell@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Implement the FCVTXN operation, which does a narrowing fp precision
conversion using the "round to odd" (von Neumann) mode. This can
conveniently be implemented as "do operation using round to zero;
then set the LSB of the mantissa to 1 if the Inexact flag was set".
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1394822294-14837-24-git-send-email-peter.maydell@linaro.org
Implement URECPE and FRECPE instructions in both scalar and vector forms.
The actual reciprocal estimate function is shared with the A32/T32 Neon
code. However in A64 we aren't using the Neon "standard FPSCR value"
so extra checks are necessary to handle non-squashed denormal inputs
which can never happen for A32/T32. Calling conventions for the helpers
are thus modified to pass the fpst directly; we mark the helpers as
TCG_CALL_NO_RWG since we're changing the declarations anyway.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1394822294-14837-21-git-send-email-peter.maydell@linaro.org
This implements the remaining [US][Q][R]SHR[U][N][2] opcodes, which are
saturating and narrowing shift right operations. These are used in
things like libav. Note signed shifts can have an "unsigned" saturating
narrow operation which will floor negative values.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1394822294-14837-7-git-send-email-peter.maydell@linaro.org
[PMM: Added the scalar encodings, style tweaks]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Implement the PMULL instruction; this is the last unimplemented insn
in the three-reg-diff group.
Note that PMULL with size 3 is considered part of the AES part
of the crypto extensions (see the ID_AA64ISAR0_EL1 register definition
in the v8 ARM ARM), so it isn't necessary to burn an extra feature
bit on it, even though we're using more feature bits than a single
"crypto extension present/not present" toggle.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1394822294-14837-2-git-send-email-peter.maydell@linaro.org
If the CPU is a Cortex-A9 then we should set its reset-cbar property
so that the guest can read the correct PERIPHBASE/CBAR register value;
newer versions of the Linux kernel (as of commit bc41b8724 in 3.12)
will otherwise assume the CPU is a buggy single core A9 SoC. The
realview-pbx-a9 is the only one of the cluster of boards in realview.c
which works with the Cortex-A9 (ie which gets an a9mpcore_priv device);
make sure it also has reset-cbar set correctly.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 1394462692-8871-3-git-send-email-peter.maydell@linaro.org
Newer versions of the Linux kernel (as of commit bc41b8724 in 3.12)
now assume that if the CPU is a Cortex-A9 and the reset value of the
PERIPHBASE/CBAR register is zero then the CPU is a specific buggy
single core A9 SoC, and will not try to start other cores. Since we
now have a CPU property for the reset value of the CBAR, we can
just fix the vexpress board model to correctly set CBAR so SMP
works again. To avoid duplicate boilerplate code in both the A9
and A15 daughterboard init functions, we split out the CPU and
private memory region init to its own function.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reported-by: Rob Herring <rob.herring@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 1394462692-8871-2-git-send-email-peter.maydell@linaro.org
gtk: warp bugfixes.
gtk: Allow to activate grab-on-hover from the command line
# gpg: Signature made Mon 17 Mar 2014 13:35:35 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
* remotes/kraxel/tags/pull-gtk-3:
gtk: Don't warp absolute pointer
gtk: Fix mouse warping with gtk3
gtk: Allow to activate grab-on-hover from the command line
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
We were using the wrong coordinates, this fixes things to match the
original gtk2 implementation.
You can see this error in action by using -vga qxl, however even after this
patch the mouse warps in small increments up and to the left, -7x and -3y
pixels at a time, until the pointer is warped off the widget. I think it's
a qxl bug, but the next patch covers it up.
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
As long as we have no persistent GTK configuration, this allows to
enable the useful grab-on-hover feature already when starting the VM.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
[ kraxel: fix warning with CONFIG_GTK=n ]
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Implement the capget and capset syscalls. This is useful because
simple programs like 'ls' try to use it in AArch64, and otherwise
we emit a lot of noise about it being unimplemented.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Output error message using qemu's error_report() function when user
provides the invalid machine type on the command line. This also saves
time to find what issue is when you downgrade from one version of qemu
to another that doesn't support required machine type yet (the version
user downgraded to have to have this patch applied too, of course).
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
[Replace printf with error_printf, suggested by Markus Armbruster. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Two missing braces, one close and one open, fabulously let the code
compile.
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
There are two issues in qemu-nbd: a missing return value check after
calling accept(), and file descriptor leaks in nbd_client_thread.
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This fixes a dangerous bug: "make clean" after "make distclean" will
delete every single file including those under .git, if you do in-tree
build!
Rationale: A first "make distclean" will unset $(DSOSUF), a following
"make distclean" or "make clean" will find all the files and delete it.
Fix it by explicitly typing the file extensions here, and combine
multiple find invocations into one.
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-id: 1395020122-4957-1-git-send-email-famz@redhat.com
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Don't allow the linux-user guest to block SIGSEGV -- QEMU needs this
signal to detect accesses to pages which it has marked read-only
because it has cached translated code from them.
We implement this by making the do_sigprocmask() wrapper suppress
SIGSEGV when doing the host process signal mask manipulation; instead
we store the current state of SIGSEGV in the TaskState struct.
If we get a SIGSEGV for the guest when the guest has blocked the
signal, we treat it as if the default SEGV handler was in place,
as the kernel does for forced SIGSEGV delivery.
This patch is based on an idea by Alex Barcelo, but rather than
simply lying to the guest about the SIGSEGV state we track it.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reported-by: Alex Barcelo <abarcelo@ac.upc.edu>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Create a wrapper for signal mask changes initiated by the guest;
(this includes syscalls and also the sigreturns from signal.c)
this will give us a place to put code which prevents the guest
from changing the handling of signals used by QEMU itself
internally.
The wrapper is called from all the guest-initiated sigprocmask, but
is not called from internal qemu sigprocmask calls.
Signed-off-by: Alex Barcelo <abarcelo@ac.upc.edu>
[PMM: Added calls to wrapper for sigprocmask uses in signal.c
when setting the signal mask on entry and exit from signal
handlers, since these also are guest-provided signal masks.]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
AArch64 Linux, unlike AArch32, doesn't use a commpage. This means we
should not be reserving room in the guest address space for one.
Fixes LP:1287195.
Reported-by: Amanieu d'Antras <amanieu@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
F_GETOWN is replaced by F_GETOWN_EX inside the glibc fcntl wrapper
Signed-off-by: Andreas Schwab <schwab@suse.de>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
QEMU's implementation of the m68k atomic_barrier syscall, like the kernel's,
is just a no-op. However we still need to return a result code from it.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
The error path in AArch64 do_rt_sigreturn() which fails before
attempting lock_user_struct() was doing an unlock_user_struct()
on an uninitialized variable. Initialize frame to NULL so we
can use the same error-exit path in all cases (unlock of NULL
is permitted and does nothing).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
trivial patches for 2014-03-15
# gpg: Signature made Sat 15 Mar 2014 09:54:30 GMT using RSA key ID 74F0C838
# gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>"
# gpg: aka "Michael Tokarev <mjt@corpit.ru>"
# gpg: aka "Michael Tokarev <mjt@debian.org>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5
# Subkey fingerprint: E190 8639 3B10 B51B AC2C 8B73 5253 C5AD 74F0 C838
* remotes/mjt/tags/trivial-patches-2014-03-15:
FSL eTSEC: Fix typo in rx ring
scripts/make-release: Don't distribute .git directories
configure: Don't use __int128_t for clang versions before 3.2
audio: Add 'static' attributes to several variables
tests: Fix 'make test' for i686 hosts (build regression)
misc: Fix typos in comments
Add qga/qapi-generated to .gitignore
hw/timer/grlib_gptimer: Avoid integer overflows
.travis.yml: add IRC notifications for build failures
.travis.yml: trivial whitespace fixup
.travis.yml: re-enable lttng user space trace test
.travis.yml: add a new build target with non-core devlibs
sasl: Avoid 'Could not find keytab file' in syslog
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* remotes/rth/tcg-aarch-6-2:
tcg-aarch64: Introduce tcg_out_insn_3405
tcg-aarch64: Support div, rem
tcg-aarch64: Support muluh, mulsh
tcg-aarch64: Support add2, sub2
tcg-aarch64: Support deposit
tcg-aarch64: Use tcg_out_insn for setcond
tcg-aarch64: Support movcond
tcg-aarch64: Support andc, orc, eqv, not, neg
tcg-aarch64: Handle constant operands to and, or, xor
tcg-aarch64: Handle constant operands to add, sub, and compare
tcg-aarch64: Implement mov with tcg_out_insn
tcg-aarch64: Introduce tcg_out_insn_3401
tcg-aarch64: Convert shift insns to tcg_out_insn
tcg-aarch64: Introduce tcg_out_insn
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
'make test' is broken at least since commit
baacf04799. Several source files were moved
to util/, and some of them there split, so add the missing prefix and new
files to fix the compiler and linker errors.
There remain more issues, but these changes allow running the test on a
Linux i686 host.
Cc: qemu-stable@nongnu.org
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Codespell found and fixed these new typos:
* doesnt -> doesn't
* funtion -> function
* perfomance -> performance
* remaing -> remaining
A coding style issue (line too long) was fixed manually.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
The folder "qga/qapi-generated" shows up after building QEMU, and
gets in the way during e.g. "git add ."; Add it to .gitignore to
keep it from accidentally ending up in the wrong place.
Signed-off-by: Gabriel Somlo <somlo@cmu.edu>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
The GPTIMER uses 32-bit registers. Use a 64-bit operation to get the
ptimer count, otherwise we end up with a count of 0 for GPTIMER counter
values of 0xffffffff.
Use the GPTIMER counter value for tracing to avoid an overflow of the
32-bit value passed to trace_grlib_gptimer_enable().
Reviewed-by: Fabien Chouteau <chouteau@adacore.com>
Signed-off-by: Sebastian Huber <sebastian.huber@embedded-brains.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
I'm trying to avoid spamming the IRC channel (not overly likely as
builds take a while). So failure will always be reported but if the
build continues to work then the IRC notifications will be quiet.
Note any GitHub based repository with Travis enabled will use this
notification. If it proves to be too spammy we may want to ask users not
to use Travis themselves although this seems sub-optimal.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
This build was disabled while the lttng tracing was broken. Stefan has
recently submitted a pull request with it re-enabled.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
The current builds don't include all the features which are
auto-detected and then disabled when the appropriate test packages don't
exist. I've added another target that enables all known additional
packages for increased coverage. I didn't add it to the core package
list to reduce build time.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
The "keytab" specification in "qemu.sasl" only makes sense if "gssapi" is
selected in "mech_list". Even if the latter is not done (ie. "gssapi" is
not selected), the cyrus-sasl library tries to open the specified keytab
file, although nothing has a use for it outside the gssapi backend.
Since the default keytab file "/etc/qemu/krb5.tab" is usually absent, the
cyrus-sasl library emits a warning to syslog at startup, which tends to
annoy users (who didn't ask for gssapi in the first place).
Comment out the keytab specification per default.
"qemu-doc.texi" already correctly explains how to use "mech_list: gssapi"
together with "keytab:".
See also:
- upstream libvirt commit fe772f24,
- Red Hat Bugzilla <https://bugzilla.redhat.com/show_bug.cgi?id=1018434>.
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
ACKed-By: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Block pull request
# gpg: Signature made Fri 14 Mar 2014 16:12:14 GMT using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8
* remotes/stefanha/tags/block-pull-request:
qemu-iotests: remove 085 and 087 from 'quick' group
qemu-iotests: add 083 NBD client disconnect tests
tests: add nbd-fault-injector.py utility
nbd: close socket if connection breaks
block: Explicitly specify 'unsigned long long' for VHDX 64-bit constants
blockdev: Refuse to open encrypted image unless paused
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* remotes/bonzini/scsi-next:
virtio-scsi: actually honor sense_size from configuration space
scsi: Fix migration of scsi sense data
spapr-vscsi: fix CRQ status
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Clean up multiply at the same time.
For remainder, generic code will produce mul+sub,
whereas we can implement with msub.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Tested-by: Claudio Fontana <claudio.fontana@huawei.com>
Handle a simplified set of logical immediates for the moment.
The way gcc and binutils do it, with 52k worth of tables, and
a binary search depth of log2(5334) = 13, seems slow for the
most common cases.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Tested-by: Claudio Fontana <claudio.fontana@huawei.com>
The 'quick' group in qemu-iotests are not allowed to run QEMU since we
don't know which targets are available. In other words, they may only
use qemu-img, qemu-io, and qemu-nbd.
Drop 085 and 087 from the 'quick' group since they run QEMU. This
makes "make check-block" pass again.
Reported-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This new test case uses nbd-fault-injector.py to simulate broken TCP
connections at each stage in the NBD protocol. This way we can exercise
block/nbd-client.c's socket error handling code paths.
In particular, this serves as a regression test to make sure
nbd-client.c doesn't cause an infinite loop by leaving its
nbd_receive_reply() fd handler registered after the connection has been
closed. This bug was fixed in an earlier patch.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The nbd-fault-injector.py script is a special kind of NBD server. It
throws away all writes and produces zeroes for reads. Given a list of
fault injection rules, it can simulate NBD protocol errors and is useful
for testing NBD client error handling code paths.
See the patch for documentation. This scripts is modelled after Kevin
Wolf <kwolf@redhat.com>'s blkdebug block driver.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
nbd_receive_reply() is called by the event loop whenever data is
available or the socket has been closed by the remote side.
This patch closes the socket when an error occurs to prevent the
nbd_receive_reply() handler from being called indefinitely after the
connection has failed.
Note that we were already correctly returning EIO for pending requests
but leaving the nbd_receive_reply() handler registered resulted in high
CPU consumption and a flood of error messages.
Reuse nbd_teardown_connection() to close the socket.
Reported-by: Zhifeng Cai <bluewindow@h3c.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
On 32-bit hosts, some compilers will warn on too large integer constants
for constants that are 64-bit in length. Explicitly put a 'ULL' suffix
on those defines.
Reported-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Opening an encrypted image takes an additional step: setting the key.
Between open and the key set, the image must not be used.
We have some protection against accidental use in place: you can't
unpause a guest while we're missing keys. You can, however, hot-plug
block devices lacking keys into a running guest just fine, or insert
media lacking keys. In the latter case, notifying the guest of the
insert is delayed until the key is set, which may suffice to protect
at least some guests in common usage.
This patch makes the protection apply in more cases, in a rather
heavy-handed way: it doesn't let you open encrypted images unless
we're in a paused state.
It doesn't extend the protection to users other than the guest (block
jobs?). Use of runstate_check() from block.c is disgusting. Best I
can do right now.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
c5f52875 changed the size of sense array in vmstate_scsi_device by
mistake. This patch restores the old size, and add a subsection for the
remaining part of the buffer size. So that migration is not broken.
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Normally VIOSRP_OK (0) means success and non-zero value means error
except VIOSRP_OK2 (0x99) which is another success code by weird accident.
This uses 0 as success code always as some guests do not cope with
the 0x99 value well. The existing linux driver checks for both VIOSRP_OK
and VIOSRP_OK2 since 2.6.32.
This returns non-zero code (VIOSRP_ADAPTER_FAIL == 0x10) on errors which
can only happen if DMA write failed.
Suggested-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
PowerPC queue for 2.0
* Fixes for -device VGA
# gpg: Signature made Thu 13 Mar 2014 19:57:12 GMT using RSA key ID 3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg: aka "Andreas Färber <afaerber@suse.com>"
* remotes/afaerber/tags/ppc-for-2.0:
spapr: Fix return value of vga initialization
Fix vga_interface_type for command line argument '-device VGA'
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
When running under qtest we don't actually have any vcpu threads
to be starved, so the warning about the I/O thread spinning isn't
relevant, and the way qtest manipulates the simulated clock means
the warning is produced a lot as a false positive. Suppress it if
qtest_enabled(), so 'make check' output is less noisy.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
If an assertion fails during qtest_init() the SIGABRT handler is
invoked. This is the correct behavior since we need to kill the QEMU
process to avoid leaking it when the test dies.
The global_qtest pointer used by the SIGABRT handler is currently only
assigned after qtest_init() returns. This results in a segfault if an
assertion failure occurs during qtest_init().
Move global_qtest assignment inside qtest_init(). Not pretty but let's
face it - the signal handler depends on global state.
Reported-by: Marcel Apfelbaum <marcel.a@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Tested-by: Marcel Apfelbaum <marcel.a@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
A test is only as good as its coverage - testing virtserialport in
addition to virtconsole showed that commit
0399a3819b (virtio-console: QOM cast
cleanup for VirtConsole) broke virtserialport.
Acked-by: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Commit 0399a3819b (virtio-console: QOM
cast cleanup for VirtConsole) broke virtserialport since it shares
functions and state struct with virtconsole. Let virtconsole inherit
from virtserialport, and use virtserialport type for casting.
Note that virtio-serial-port is the abstract base type in
virtio-serial-bus.c, whereas virtserialport is the user-instantiatable
type in virtio-console.c. Therefore using TYPE_VIRTIO_CONSOLE_SERIAL_PORT.
Reported-by: Richard W.M. Jones <rjones@redhat.com>
Acked-by: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Before spapr_vga_init will returned false if the vga is specified by
the command '-device VGA' because vga_interface_type was evaluated to
VGA_NONE. With the change in previous patch of this series,
spapr_vga_init should return true if it's told that the vga will be
initialized in flow of the generic devices initialization.
To keep '-nodefaults' have the semantics of bare minimum, it adds a
check of 'has_defaults' in usb_enabled() to avoid that a USB controller
is added by '-nodefautls, -device VGA' implicitly.
This patch also makes two cleanups:
1. skip initialization for VGA_NONE
2. remove the useless 'break'
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Mark Wu <wudxw@linux.vnet.ibm.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Some machine (like pseries) initialization code determines if it has
graphics according to vga_interface_type. In the original code,
vga_interface_type is evaluated to VGA_NONE even if a VGA is added
via '-device VGA'. It causes the machine not aware of the graphics
device configured. Add a new VGA device type to indicate that it has a
VGA device, which will be initialized in QOM device initialization.
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Mark Wu <wudxw@linux.vnet.ibm.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Raven datasheet explains where firmware lives in system memory, so do
it there instead of in board code. Other boards using the same PCI
host will not have to copy the firmware loading code.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
[AF: Drop BIOS size workaround in favor of replacing our firmware blob]
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Most targets were using offsetof(CPUFooState, breakpoints) to determine
how much of CPUFooState to clear on reset. Use the next field after
CPU_COMMON instead, if any, or sizeof(CPUFooState) otherwise.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Note that while such functions may exist both for *-user and softmmu,
only *-user uses the CPUState hook, while softmmu reuses the prototype
for calling it directly.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Remove the custom qemu_assert() function defined by target-m68k/translate.c
in favour of either using glib g_assert_not_reached() (for the genuinely
can't-happen cases) or cpu_abort() (for the "this isn't implemented",
in line with other unimplemented cases in the target).
This has the benefit of silencing some clang warnings about
variables used while uninitialized (which are emitted because
clang can't figure out that qemu_assert(0, something) never
returns.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andreas Färber <afaerber@suse.de>
All targets using it gain the ability to set -cpu name,key=value,...
options via the default TYPE_CPU CPUClass::parse_features() implementation.
Signed-off-by: Andreas Färber <afaerber@suse.de>
CPUs who do not provide their own implementation of feature parsing
will treat each option as a QOM property and set it to the supplied
value.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Factor cpu_model parsing out of cpu_sparc_find_by_name() by passing
cpu_sparc_find_by_name() the name portion only and calling
CPUClass::parse_features() from cpu_sparc_register() afterwards.
Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Adapt the X86CPU implementation to suit the generic hook.
This involves a cleanup of error handling to cope with NULL errp.
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Register separate QOM types for each x86 CPU model.
This will allow management code to more easily probe what each CPU model
provides, by simply creating objects using the appropriate class name,
without having to restart QEMU.
This also allows us to eliminate the qdev_prop_set_globals_for_type()
hack to set CPU-model-specific global properties.
Instead of creating separate class_init functions for each class, I just
used class_data to store a pointer to the X86CPUDefinition struct for
each CPU model. This should make the patch shorter and easier to review.
Later we can gradually convert each X86CPUDefinition field to lists of
per-class property defaults.
The "host" CPU model is special, as the feature flags depend on KVM
being initialized. So it has its own class_init and instance_init
function, and feature flags are set on instance_init instead of
class_init.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Tested-by: Eduardo Habkost <ehabkost@redhat.com>
[AF: Limit the host CPU type to CONFIG_KVM as build fix]
Signed-off-by: Andreas Färber <afaerber@suse.de>
When on KVM mode, enable x2apic by default on all CPU models.
Normally we try to keep the CPU model definitions as close as the real
CPUs as possible, but x2apic can be emulated by KVM without host CPU
support for x2apic, and it improves performance by reducing APIC access
overhead. x2apic emulation is available on KVM since 2009 (Linux
2.6.32-rc1), there's no reason for not enabling x2apic by default when
running KVM.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Instead of the feature-specific disable_kvm_pv_eoi() function, create a
more general function that can be used to disable other feature bits in
machine-type compat code.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
We will later make the KVM-specific code affect other feature words,
too.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Some of my recent changes introduced variable declarations in the middle
of code blocks.
Fix the code so that it compiles without warnings when using
-Wdeclaration-after-statement.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
As the new X86CPU subclass code is going to change lots of the code
invoving x86_def_t, let's rename the struct to match coding style first.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
As we will initialize the X86CPU fields on instance_init eventually,
move the code that initializes the X86CPU data based on the CPU model
name closer to the object_new() call.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
There isn't any kind of "registration" involved in cpu_x86_register()
anymore: it is simply looking up a CPU model name and loading the model
definition data into the X86CPU object. Rename it to x86_cpu_load_def()
to reflect what it does.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Default to false.
Tidy variable naming and inline cast uses while at it.
Tested-by: Jia Liu <proljc@gmail.com> (or32)
Signed-off-by: Andreas Färber <afaerber@suse.de>
cpu->exit_request is part of the execution environment and should
not be cleared when a CPU resets.
Otherwise, we might deadlock QEMU if a CPU resets while there is
I/O going on.
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andreas Färber <afaerber@suse.de>
The "host_device" protocol driver should strip the "host_device:" prefix
from filenames if present.
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Benoit Canet <benoit@irqsave.net>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The hdev_create() implementation in block/raw-posix.c is used by the
"host_device", "host_cdrom" and "host_floppy" protocol block drivers
together. Thus, any of the associated prefixes may occur and exactly one
should should be stripped, if it does (thus,
"host_device:host_cdrom:/dev/cdrom" is not shortened to "/dev/cdrom").
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Benoit Canet <benoit@irqsave.net>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The "host_cdrom" protocol drivers should strip the "host_cdrom:" prefix
from filenames if present.
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Benoit Canet <benoit@irqsave.net>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The "host_floppy" protocol driver should strip the "host_floppy:" prefix
from filenames if present.
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Benoit Canet <benoit@irqsave.net>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The "host_device" protocol driver should strip the "host_device:" prefix
from filenames if present.
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Benoit Canet <benoit@irqsave.net>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Smatch complains about several global symbols which should be local.
Add the missing 'static' attributes and move the 'extern' declaration
of variable qemuio_misalign to qemu-io.h. This variable also changes
the type from 'int' to 'bool' which better fits documents its use.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
If the image file cannot be opened and was created as a temporary file,
it should be deleted; thus, in this case, we should jump to the
"unlink_and_fail" label and not just to "fail".
Reported-by: Benoît Canet <benoit@irqsave.net>
Signed-off-by: Max Reitz <mreitz@redhat.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
qcow2_open() causes writes when repairing an image with the dirty flag
set and when clearing autoclear flags. It shouldn't do this when another
qemu instance is still actively working on this image file.
One effect of the bug is that images may have a cleared dirty flag while
the migration source host still has it in use with lazy refcounts
enabled, so refcounts are not accurate and the dirty flag must remain
set.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Instead of manually building a list of all options from BDRVQcowState
values just reuse the options that were used to open the image.
qcow2_open() won't fully use all of the options in the QDict, but that's
okay.
This fixes all of the driver-specific options in qcow2, except for
lazy-refcounts, which was special cased before.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The "query-iothreads" command returns a list of information about
iothreads. See the patch for API documentation.
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Keep the thread ID around so we can report it via QMP.
There's only one problem: qemu_get_thread_id() (gettid() wrapper on
Linux) must be called from the thread itself. There is no way to get
the thread ID outside the thread.
This patch uses a condvar to wait for iothread_run() to populate the
thread_id inside the thread.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Today virtio-blk dataplane uses a 1:1 device-per-thread model. Now that
IOThreads have been introduced we can generalize this to N:M devices per
threads.
This patch drops thread code from dataplane in favor of running inside
an IOThread AioContext.
As a bonus we solve the case where a guest keeps submitting I/O requests
while dataplane is trying to stop. Previously the dataplane thread
would continue to process requests until the request gave it a break.
Now we can shut down in bounded time thanks to
aio_context_acquire/release.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Add a "iothread" qdev property type so devices can be hooked up to an
IOThread from the comand-line:
qemu -object iothread,id=iothread0 \
-device some-device,x-iothread=iothread0
Note that Paolo Bonzini <pbonzini@redhat.com> has suggested using QOM
links instead. This way the relationship between the objects is
reflected in QOM. There are currently shortcomings of
object_property_add_link() which prevent this use case. I will attempt
to fix them and move to QOM links in a separate series.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
get_pointer()'s print() callback might return a heap allocated
string, to avoid adding dedicated get_pointer_foo for this case
convert current print() callbacks to return temporary heap
allocated string and make get_pointer() free it.
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This is a stand-in for Michael Roth's QContext. I expect this to be
replaced once QContext is completed.
The IOThread object is an AioContext event loop thread. This patch adds
the concept of multiple event loop threads, allowing users to define
them.
When SMP guests run on SMP hosts it makes sense to instantiate multiple
IOThreads. This spreads event loop processing across multiple cores.
Note that additional patches are required to actually bind a device to
an IOThread.
[Andreas Färber <afaerber@suse.de> pointed out that the embedded parent
object instance should be called "parent_obj" and have a newline
afterwards. This patch has been changed to reflect this.
-- Stefan]
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
It can be useful to run an AioContext from a thread which normally does
not "own" the AioContext. For example, request draining can be
implemented by acquiring the AioContext and looping aio_poll() until all
requests have been completed.
The following pattern should work:
/* Event loop thread */
while (running) {
aio_context_acquire(ctx);
aio_poll(ctx, true);
aio_context_release(ctx);
}
/* Another thread */
aio_context_acquire(ctx);
bdrv_read(bs, 0x1000, buf, 1);
aio_context_release(ctx);
This patch implements aio_context_acquire() and aio_context_release().
Note that existing aio_poll() callers do not need to worry about
acquiring and releasing - it is only needed when multiple threads will
call aio_poll() on the same AioContext.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
QemuMutex does not guarantee fairness and cannot be acquired
recursively:
Fairness means each locker gets a turn and the scheduler cannot cause
starvation.
Recursive locking is useful for composition, it allows a sequence of
locking operations to be invoked atomically by acquiring the lock around
them.
This patch adds RFifoLock, a recursive lock that guarantees FIFO order.
Its first user is added in the next patch.
RFifoLock has one additional feature: it can be initialized with an
optional contention callback. The callback is invoked whenever a thread
must wait for the lock. For example, it can be used to poke the current
owner so that they release the lock soon.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
It is often useful to find an object's child property name. Also use
this new function to simplify the implementation of
object_get_canonical_path().
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This patch keep the recursive way of doing things but simplify it by giving
two responsabilities to all block filters implementors.
They will need to do two things:
-Set the is_filter field of their block driver to true.
-Implement the bdrv_recurse_is_first_non_filter method of their block driver like
it is done on the Quorum block driver. (block/quorum.c)
[Paolo Bonzini <pbonzini@redhat.com> pointed out that this patch changes
the semantics of blkverify, which now recurses down both bs->file and
s->test_file.
-- Stefan]
Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Benoit Canet <benoit@irqsave.net>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Extend test file 060 by a test case for corruption occuring concurrently
to a COW request. QEMU should not crash but rather return an appropriate
error message.
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Currently, bdrv_debug_resume() requires every bs->drv in the BDS stack
to be NULL until a bs->drv with an implementation of bdrv_debug_resume()
is found. For a normal function, this would be fine, but this is a
function for debugging purposes and should therefore allow intermediate
BDS not to have a driver (i.e., be "ejected"). Otherwise, it is hard to
debug such situations.
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Before dereferencing bs->drv for a call to its member bdrv_co_readv(),
copy_sectors() should check whether that pointer is indeed valid, since
it may have been set to NULL by e.g. a concurrent write triggering the
corruption prevention mechanism.
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
After migration has completed, we call bdrv_invalidate_cache() so that
drivers which cache some data drop their stale copy of the data and
reread it from the image file to get a new version of data that the
source modified while the migration was running.
Reloading metadata from the image file is useless, though, if the size
of the image file stays stale (this is a value that is cached for all
image formats in block.c). Reads from (meta)data after the old EOF
return only zeroes, causing image corruption.
We need to update bs->total_sectors in all layers that could potentially
have changed their size (i.e. backing files are not a concern - if they
are changed, we're in bigger trouble)
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
When reading the refcount table entry in get_refcount(), only bits which
are actually significant for the refcount block offset should be taken
into account.
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Older versions of gcc (eg 4.6) can't handle varargs functions declared
inline for anything other than completely trivial uses, and complain:
tests/qom-test.c: In function 'qmp': tests/libqtest.h:359:60: sorry,
unimplemented: function 'qmp' can never be inlined because it uses
variable argument lists
Avoid this problem by putting the functions into libqtest.c instead
of using inline definitions in libqtest.h.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Fix a bug that was introduced in commit 386a5a1e. A removal of a device
set the chr handlers to NULL. However when the device is plugged back,
its read callback is not restored so data can't be transferred from the
host to the guest (e.g. via the virtio-serial port).
https://bugzilla.redhat.com/show_bug.cgi?id=1027181
Signed-off-by: Gal Hammer <ghammer@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This converts the old-style SysBusDevice::init() callback to a new-style
DeviceClass::realize() callback.
As a part of conversion, this replaces fprintf(stderr) with error_setg()
as realize() does not "return" any value, instead it puts the extended
error into **errp.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Mike Day <ncmike@ncultra.org>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Currently interrupt priorities are set to 0 (highest) at the very
beginning of the guest execution which is not correct and makes the guest
produce random interrupt error messages such as:
"Interrupt 0x1001 (real) is invalid, disabling it".
This also prevents interrupt states from correct migration.
This initializes priority to 0xFF as the emulated XICS does.
Suggested-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Andreas Färber <afaerber@suse.de>
The changelog is:
> version: update to 20140304
> Introduce dummy console device
> vio-vscsi: Fix CRQ allocation alignment
> version: update to 20140204
> virtio-9p: disable unused structure
> Make "boot net:dhcp" boot from IPv4 only
> Fix virtio device shutdown
> Change shutdown method name for virtio-scsi
> Add support for 64bit LE ABI v1 and v2 support
> Change representation of string environment variable
> cas: return error when unknown node found
> version: update
> Reset obp-tftp arguments before parsing
> Enable seamless netboot on IPv6 network
> Fix shutdown for virtio devices
> Fix zero checksum in UDP header
> Handle router advertisement message properly
> [oex]hci_exit: Check before freeing/unmapping memory
> Work around missing sc 1 traps on pHyp
> fix print_version() to return where it came from
> usb-xhci: memory freeing and using returns as bool uniformly
> Output banner and initial display output in VNC window
> use VERSION file to generate FW version
> cas: remove warning
> Add support for loading little endian ELF binaries.
> Add bswap_{16,32,64}p
> dhcpv6 and other minor net-snk fixes
> Fix missing drop in virtio-fs setup-alias
> Find next available alias name
> SLOF does not exit if given 1KB disk
> boot: enable support for bootindex
> pci-properties: add properties to enable hotplug for spapr
> e1000: remember node handle
> Increase quiesce tokens array size
> virtio: timeout after 5sec
> Enable IPv6 support in dns
> usb-ohci: fix warnings
> Add ipv6 support in net-snk
> ipv4: fix frame overwriting following arp_send_request
> e1000: fix SLOF_dma_map_out arguments
> Maintain single global packet buffer for tftp
> Increase virtio-net receive queue size
> Increase veth receive queue size
> Fix dprintf macros at various points
> usb-ohci: rewrite done_head processing code
> boot: add net in default boot order
> block 0 address in the allocator
> scsi: make-media-alias fix
> usb-xhci: add xhci host controller support
> usb-xhci: add xhci support
> Avoid veth read/write calls with zero length buffer
> boot: include other aliases
> usb-core: disable xhci
Cc: Andreas Färber <afaerber@suse.de>
Cc: Nikunj A Dadhania <nikunj@linux.vnet.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
As reported in commit 9c06a1f79f, xen.h is
not self-contained with regards to its use of QEMUMachine. Fix this.
Reported-by: Alexander Graf <agraf@suse.de>
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
This reverts commit 9c06a1f79f.
The new header sysemu/qemumachine.h is undesired.
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
'socket_accept' waits for QEMU to init its unix socket.
If QEMU encounters an error during command line parsing,
it can exit before initializing the communication channel.
Using a timeout for sockets fixes the issue.
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Use the realize and unrealize hooks to register and unregister
vmstate_pcibus respectively.
Relocate some stuff to avoid forward declarations.
Signed-off-by: Bandan Das <bsd@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
[AF: Keep using PCI_BUS() cast macro]
Signed-off-by: Andreas Färber <afaerber@suse.de>
Integrate (un)realization of child buses with realization/unrealization
of the device hosting them. Code in device_unparent() is reordered for
unrealization of buses to work as part of device unrealization.
That way no changes need to be made to bus instantiation.
Signed-off-by: Bandan Das <bsd@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Add a "realized" property calling realize/unrealize hooks as for devices.
Signed-off-by: Bandan Das <bsd@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
This adds a test whether sPAPR PHB can be added via the command line.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Recursively walk all properties under /machine and try to retrieve their
value. This is a regression test for link<> properties and the
DeviceState::hotpluggable property.
Cf. be2f78b6b0 and
1a37eca107
Signed-off-by: Andreas Färber <afaerber@suse.de>
In order to allow attaching machine options to a machine instance,
current_machine is converted into MachineState.
As a first step of deprecating QEMUMachine, some of the functions
were modified to return MachineClass.
Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
The machine registration flow is refactored to use the QOM functionality.
Instead of linking the machines into a list, each machine has a type
and the types can be traversed in the QOM way.
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
The main functional change is to convert QEMUMachine into MachineClass
and QEMUMachineInitArgs into MachineState, instance of MachineClass.
As a first step, in order to make possible an incremental development,
both QEMUMachine and QEMUMachineInitArgs are being embedded into the
new types.
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Test the error class instead. Expecting a specific message is
fragile. In fact, it broke once already, in commit 75884af. Restore
the test of error member "class" dropped there, and drop the test of
error member "desc".
There are no other tests of "desc" as far as I can tell.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Use g_assert_cmpstr() instead of combining g_assert() and strcmp(3).
This simplifies the code since we no longer have to play games to
distinguish NULL from "" using "(null)".
gcc extension haters will also be happy that ?: was dropped.
Suggested-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Previously libvirt required the first/default PCI bus to have name "pci".
Since QEMU can support multiple buses now, libvirt wants "pci.0" now.
This removes custom bus name and lets QEMU make up default names.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Andreas Färber <afaerber@suse.de>
There are no usages left of this legacy cast. Delete.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
[AF: Rename SSISlave parent field]
Signed-off-by: Andreas Färber <afaerber@suse.de>
ssi: Rename parent field
Define and use QOM cast macro. Removes some usages of legacy casting
systems.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
[AF: Rename parent field]
Signed-off-by: Andreas Färber <afaerber@suse.de>
Create an abstract class that encompasses both max111x variants. This is
needed for QOM cast macro creation (and is the right thing to do
anyway). Macroify type-names in the process.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Remove two legacy ->qbus style casts from TYPE_SSI_BUS to TYPE_BUS in
ssi.c.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
[AF: Convert one missing ->qbus and rename parent field]
Signed-off-by: Andreas Färber <afaerber@suse.de>
Convert legacy ->qdev style casts from TYPE_SSI_SLAVE to TYPE_DEVICE.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
[AF: Introduce local DeviceState variable for transition to QOM realize]
Signed-off-by: Andreas Färber <afaerber@suse.de>
When object_property_add_str() and object_property_add_bool() fail, they
leak their internal StringProperty and BoolProperty structs. Remember
to free the structs on error.
Luckily this is a low-impact memory leak since most QOM properties are
static qdev properties that will never take the error case.
object_property_add() only fails if the property name is already in use.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Andreas Färber <afaerber@suse.de>
Test steps:
(qemu) device_add e1000,addr=adsf
Property 'e1000.addr' doesn't take value 'adsf'
(qemu) info qtree
Then qemu crashed.
Currently we set a link to the new device from its parent bus, but the
device hasn't been added to QOM tree yet. When it fails to set properties,
object_unparent() can't clean up the device.
Delay setting of device properties until the device has been added to
the QOM composition tree. This way, when setting a property fails,
object_unparent() can clean up the device properly.
Signed-off-by: Amos Kong <akong@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Move setting DeviceClass::hotpluggable default from device's
class_base_init() to device's class_init().
Reported-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Commit 1a37eca107 (qdev: add
"hotpluggable" property to Device) added a property "hotpluggable" to
each device, with its getter accessing parent_bus->allow_hotplug.
Add a NULL check.
Cc: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Net patches
# gpg: Signature made Wed 12 Mar 2014 13:48:20 GMT using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8
* remotes/stefanha/tags/net-pull-request:
tap: avoid deadlocking rx
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Functionally, this is a revert of Jocelyn's r3309 /
55aa45ddde (Quickly hack PowerPC BIOS
able to boot on CDROM again.), for which we do not have the sources.
Therefore the sources used are v0.4.1 plus pc-bios/ohw.diff plus a
workaround turning IDE errors into warnings.
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Tracing pull request
# gpg: Signature made Wed 12 Mar 2014 13:20:10 GMT using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8
* remotes/stefanha/tags/tracing-pull-request:
trace: Fix build warnings for Win32 build
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Docs: Introduce multiport serial support in qemupciserial.inf.
# gpg: Signature made Wed 12 Mar 2014 09:35:55 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
* remotes/kraxel/tags/pull-misc-1:
Docs: Introduce multiport serial support in qemupciserial.inf.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The Win32 build warns about trace/control-internal.h:
warning: 'trace_event_count' declared inline after being called
Fix this by simply reordering trace_event_id() and
trace_event_count().
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* remotes/kiszka/queues/slirp:
slirp smb with modern win guests when samba is also running on host
qemu/slirp: Fix SMB security configuration on newer samba versions
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* remotes/qmp-unstable/queue/qmp:
tests: test-qmp-commands: Fix double free
qapi script: do not add "_" for every capitalized char in enum
qapi script: do not allow string discriminator
qapi: convert BlockdevOptions to use enum discriminator
qapi script: support enum type as discriminator in union
qapi script: use same function to generate enum string
qapi script: code move for generate_enum_name()
qapi script: check correctness of union
qapi script: remember line number in schema parsing
qapi script: add check for duplicated key
qapi script: remember explicitly defined enum values
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Hook into scroll-event to properly forward mouse wheel movements to the
guest, just like we already do in SDL.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Restores traditional behavior: Keyboard input will be routed to the most
recently added keyboard. Without this all kbd input goes to the ps/2
keyboard, even if you add a usb keyboard to your guest.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Support for pci-serial-2x and pci-serial-4x
was added to the inf file.
Standard Windows driver mf.sys used to
split single function device into per-port nodes.
Signed-off-by: Miki Mishael <mmishael@redhat.com>
Signed-off-by: Dmitry Fleytman <dfleytma@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The net subsystem has a control flow mechanism so peer NetClientStates
can tell each other to stop sending packets. This is used to stop
monitoring the tap file descriptor for incoming packets if the guest rx
ring has no spare buffers.
There is a corner case when tap_can_send() is true at the beginning of
an event loop iteration but becomes false before the tap_send() fd
handler is invoked.
tap_send() will read the packet from the tap file descriptor and attempt
to send it. The net queue will hold on to the packet and return 0,
indicating that further I/O is not possible. tap then stops monitoring
the file descriptor for reads.
This is unlike the normal case where tap_can_send() is the same before
and during the event loop iteration. The event loop would simply not
monitor the file descriptor if tap_can_send() returns true. Upon next
iteration it would check tap_can_send() again and begin monitoring if we
can send.
The deadlock happens because tap_send() explicitly disabled read_poll.
This is done with the expectation that the peer will call
qemu_net_queue_flush(). But hw/net/virtio-net.c does not monitor
vm_running transitions and issue the flush. Hence we're left with a
broken tap device.
Cc: qemu-stable@nongnu.org
Reported-by: Neil Skrypuch <neil@tembosocial.com>
Tested-by: Neil Skrypuch <neil@tembosocial.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
After numerous reports that -smb (or -netdev user,smb=foo) not working
with modern windows (win7 and vista are reported as non-working), I
started digging myself. And found that indeed it doesn't work, and
why.
The thing is that modern win tries to connect to port 445 (microsoft-ds)
first, and if that fails, it falls back to old port 139 (netbios-ssn).
slirp code in qemu only redirects port 139, it does not touch port 445.
So the prob is that if samba is also running on the host, guest will try
to communicate using port 445, and that will succed, but ofcourse guest
will not talk with our samba but with samba running on the host.
If samba is not running on the host, guest will fall back to port 139,
and will reach the redirecting rule and qemu will spawn smbd correctly.
The solution is to redirect both ports (139 and 445), and the fix is
a one-liner, adding second call to slirp_add_exec() at the end of
net/slirp.c:slirp_smb() function (provided below).
But it looks like that is not a proper fix really, since in theory
we should redirect both ports to the SAME, single samba instance,
but I'm not sure this is possible with slirp. Well, even if two
smbd processes will be run on the same config dir, it should not
be a problem.
The one-liner (not exactly 1 since it touches previous line too) is like
this:
Signed-off-By: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
The smb.conf automatically generated by qemu's -smb option fails on current
samba, because smbd rejects the security=share option with the following warning:
> WARNING: Ignoring invalid value 'share' for parameter 'security'
Which makes it fall back to security=user without guest login.
This results in being unable to login to the samba server from the guest OS.
This fixes it by selecting 'user' explicitly and mapping
unknown users to guest logins.
Signed-off-by: Michael Buesch <m@bues.ch>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
The LEON3 processor has support for the CASA instruction which is
normally only available for SPARC V9 processors. Binutils 2.24
and GCC 4.9 will support this instruction for LEON3. GCC uses it to
generate C11 atomic operations.
The CAS synthetic instruction uses an ASI of 0x80. If TARGET_SPARC64 is
not defined use a supervisor data load/store for an ASI of 0x80 in
helper_ld_asi()/helper_st_asi(). The supervisor data load/store was
choosen according to the LEON3 documentation.
The ASI 0x80 is defined in the SPARC V9 manual, Table 12—Address Space
Identifiers (ASIs). Here we have: 0x80, ASI_PRIMARY, Unrestricted
access, Primary address space.
Tested with the following program:
#include <assert.h>
#include <stdatomic.h>
void test(void)
{
atomic_int a;
int e;
_Bool b;
atomic_store(&a, 1);
e = 1;
b = atomic_compare_exchange_strong(&a, &e, 2);
assert(b);
assert(atomic_load(&a) == 2);
atomic_store(&a, 3);
e = 4;
b = atomic_compare_exchange_strong(&a, &e, 5);
assert(!b);
assert(atomic_load(&a) == 3);
}
Tested also on a NGMP board with a LEON4 processor.
Reviewed-by: Fabien Chouteau <chouteau@adacore.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Sebastian Huber <sebastian.huber@embedded-brains.de>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
acpi,pc,test bug fixes
More small fixes: the issues annoy developers so
I thought they are worth fixing quickly.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Tue 11 Mar 2014 11:27:44 GMT using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67
# Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469
* remotes/mst/tags/for_upstream:
acpi-test: update expected SSDT files
acpi-build: don't access unaligned addresses
q35: Correct typo BRDIGE -> BRIDGE
configure: don't modify .status on error
pc: avoid duplicate names for ROM MRs
loader: rename in_ram/has_mr
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* remotes/kvm/uq/master:
target-i386: bugfix of Intel MPX
file_ram_alloc: unify mem-path,mem-prealloc error handling
kvm-all: exit in case max vcpus exceeded
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target-arm queue:
* implement WFE as yield (improves performance with emulated SMP)
* fixes to avoid undefined behaviour shifting left into sign bit
* libvixl format string fixes for 32 bit hosts
* fix build error when intptr_t and tcg_target_long are different
sizes (eg x32)
* implement PMCCNTR register
* fix incorrect setting of E bit in CPSR (broke booting under
KVM on ARM)
# gpg: Signature made Mon 10 Mar 2014 15:05:25 GMT using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
* remotes/pmaydell/tags/pull-target-arm-20140310:
target-arm: Implement WFE as a yield operation
hw/arm/musicpal: Avoid shifting left into sign bit
hw/ssi/xilinx_spips.c: Avoid shifting left into sign bit
hw/arm/omap1.c: Avoid shifting left into sign bit
pxa2xx: Don't shift into sign bit
libvixl: Fix format strings for several int64_t values
target-arm: Fix intptr_t vs tcg_target_long
target-arm: Implements the ARM PMCCNTR register
target-arm: Fix incorrect setting of E bit in CPSR
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Now "enum AIOContext" will generate AIO_CONTEXT instead of A_I_O_CONTEXT,
"X86CPU" will generate X86_CPU instead of X86_C_P_U.
Signed-off-by: Wenchao Xia <wenchaoqemu@gmail.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Since enum based discriminators provide better type-safety and
ensure that future qapi additions do not forget to adjust dependent
unions, forbid using string as discriminator from now on.
Signed-off-by: Wenchao Xia <wenchaoqemu@gmail.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
After this patch, hidden enum type BlockdevOptionsKind will not
be generated, and other API can use enum BlockdevDriver.
Signed-off-by: Wenchao Xia <wenchaoqemu@gmail.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
By default, any union will automatically generate a enum type as
"[UnionName]Kind" in C code, and it is duplicated when the discriminator
is specified as a pre-defined enum type in schema. After this patch,
the pre-defined enum type will be really used as the switch case
condition in generated C code, if discriminator is an enum field.
Signed-off-by: Wenchao Xia <wenchaoqemu@gmail.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Prior to this patch, qapi-visit.py used custom code to generate enum
names used for handling a qapi union. Fix it to instead reuse common
code, with identical generated results, and allowing future updates to
generation to only need to touch one place.
Signed-off-by: Wenchao Xia <wenchaoqemu@gmail.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Since line info is remembered as QAPISchema.line now, this patch
uses it as additional info for every expr in QAPISchema inside qapi.py,
then improves error message with it in checking of exprs.
For common union the patch will check whether base is a valid complex
type if specified. For flat union it will check whether base presents,
whether discriminator is found in base, whether the key of every branch
is correct when discriminator is an enum type.
Signed-off-by: Wenchao Xia <wenchaoqemu@gmail.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Before this patch, 'QAPISchemaError' scans whole input until 'pos'
to get error line number. After this patch, the scan is avoided since
line number is remembered in schema parsing. This patch also benefits
other error report functions, which would be introduced later.
Signed-off-by: Wenchao Xia <wenchaoqemu@gmail.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
It is bad that same key was specified twice, especially when a union has
two branches with same condition. This patch can prevent it.
Signed-off-by: Wenchao Xia <wenchaoqemu@gmail.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
casting an unaligned address to e.g.
uint32_t can trigger undefined behaviour in C.
Replace cast + assignment with memcpy.
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
./configure --help
make
will try to re-run configure with --help
which isn't what was intended.
The reason is that config.status was written
even on configure error.
Defer writing config.status until configure
has completed successfully.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Since
commit 04920fc0fa
loader: store FW CFG ROM files in RAM
RAM MRs including ROM files in FW CFGs are created
and named using the file basename.
This becomes problematic if these names are
supplied by user, since the basename might not
be unique.
There are two cases we care about:
- option-rom flag.
- option ROM for devices. This triggers e.g. when
using rombar=0.
At the moment we get an assert. E.g
qemu -option-rom /usr/share/ipxe/8086100e.rom -option-rom
/usr/share/ipxe.efi/8086100e.rom
RAMBlock "/rom@genroms/8086100e.rom" already registered, abort!
This is a regression from 1.6.
For now let's keep it simple and just avoid creating the
MRs in case of option ROMs.
when using 1.7 machine types, enable
option ROMs in RAM to match that version.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
acpi,pc,pci,virtio,memory bug fixes
This collects several small fixes from all over the place.
Additionally, Marcel's changes make acpi unit tests more robust.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Sun 09 Mar 2014 19:14:57 GMT using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67
# Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469
* remotes/mst/tags/for_upstream:
qemu: x86: ignore ioapic polarity
pckbd: return 'keyboard enabled' on read input port command
pam: partly fix write-only mode
acpi-test: issue errors instead of warnings when possible
acpi-test: retain both asl and aml files on failure
MAINTAINERS: drop an out of date address
Add a 'name' parameter to qemu_thread_create
Add 'debug-threads' suboption to --name
Rework --name to use QemuOpts
PCIE: fix regression with coldplugged multifunction device
memory_region_present: return false if address is not found in child MemoryRegion
virtio-net: remove function calls from assert
acpi-test-data: update expected files
acpi-build: append description for non-hotplug
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* remotes/riku/linux-user-for-upstream:
linux-user: set minimum kernel version to 2.6.32
linux-user: correct handling of break exception for MIPS
linux-user: translate signal number on return from sigtimedwait
linux-user: Implement sendmmsg syscall
linux-user: Fix getresuid, getresgid if !USE_UID16
linux-user: Don't use UID16 on AArch64
linux-user: AArch64: Implement SA_RESTORER for signal handlers
linux-user/signal.c: Fix AArch64 big-endian FP register restore
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Implement WFE to yield our timeslice to the next CPU.
This avoids slowdowns in multicore configurations caused
by one core busy-waiting on a spinlock which can't possibly
be unlocked until the other core has an opportunity to run.
This speeds up my test case A15 dual-core boot by a factor
of three (though it is still four or five times slower than
a single-core boot).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1393339545-22111-1-git-send-email-peter.maydell@linaro.org
Reviewed-by: Richard Henderson <rth@twiddle.net>
Tested-by: Rob Herring <rob.herring@linaro.org>
Commit 4cc35614a moved the exception mask bits out of env->uncached_cpsr
and into env->daif. However the env->daif contents are AArch64 style
mask bits, which include not just the AArch32 AIF bits but also the
new D bit (masks debug exceptions). This means that when reconstructing
the AArch32 CPSR value we must not allow the D bit in env->daif to get
into the CPSR, because the corresponding bit in the CPSR is E, the
endianness bit.
This bug didn't affect execution under TCG because we don't implement
endianness-swapping and so simply ignored the E bit; however it meant
that kernel booting under KVM failed, because KVM does honour the E bit.
Reported-by: Alexey Ignatov <lexszero@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Instead of
spice support no (/)
configure now prints
spice support no
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* remotes/rth/tcg-aarch-6-1:
tcg-aarch64: Remove nop from qemu_st slow path
tcg-aarch64: Simplify tcg_out_ldst_9 encoding
tcg-aarch64: Use intptr_t apropriately
tcg-aarch64: Remove the shift_imm parameter from tcg_out_cmp
tcg-aarch64: Hoist common argument loads in tcg_out_op
tcg-aarch64: Don't handle mov/movi in tcg_out_op
tcg-aarch64: Set ext based on TCG_OPF_64BIT
tcg-aarch64: Change all ext variables to TCGType
tcg-aarch64: Remove redundant CPU_TLB_ENTRY_BITS check
tcg-aarch64: Enable builtin disassembler
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Popular glibc based distributions[1] require minimum
2.6.32 as kernel version. For some targets 2.6.18
would be enough, but dropping so low would mean some
suboptimal system calls could get used.
Set the minimum kernel advertized to 2.6.32 for
all architectures but aarch64 to ensure working qemu
linux-user in case host kernel is older.
[1] https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/921078
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
migration/next for 20140308
# gpg: Signature made Sat 08 Mar 2014 21:26:01 GMT using RSA key ID 5872D723
# gpg: Can't check signature: public key not found
* remotes/juanquintela/tags/migration/20140308-1:
migration: extend section_start/end traces
vl: add system_wakeup_request tracepoint
qemu_file: Fix mismerge of "use fwrite() correctly"
XBZRLE: Fix qemu crash when resize the xbzrle cache
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The following artifical test (just the bitmap operation part) running
vnc_update_client 65536 times on a 2560x2048 surface illustrates the
performance difference:
All bits clean - vnc_update_client_new: 0.07 secs
vnc_update_client_new2: 0.07 secs
vnc_update_client_old: 10.98 secs
All bits dirty - vnc_update_client_new: 11.26 secs
- vnc_update_client_new2: 0.29 secs
vnc_update_client_old: 20.19 secs
Few bits dirty - vnc_update_client_new: 0.07 secs
- vnc_update_client_new2: 0.07 secs
vnc_update_client_old: 10.98 secs
vnc_update_client_new2 shows the performance of vnc_update_client
with this patch added.
Comparing with the test run of the last patch the performance
is at least unchanged while it is significantly improved
for the all bits dirty case.
Signed-off-by: Peter Lieven <pl@kamp.de>
Reviewed-by: Wenchao Xia <xiawenc@linux.vnet.ibm.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
vnc_update_client currently scans the dirty bitmap of each client
bitwise which is a very costly operation if only few bits are dirty.
vnc_refresh_server_surface does almost the same.
this patch optimizes both by utilizing the heavily optimized
function find_next_bit to find the offset of the next dirty
bit in the dirty bitmaps.
The following artifical test (just the bitmap operation part) running
vnc_update_client 65536 times on a 2560x2048 surface illustrates the
performance difference:
All bits clean - vnc_update_client_new: 0.07 secs
vnc_update_client_old: 10.98 secs
All bits dirty - vnc_update_client_new: 11.26 secs
vnc_update_client_old: 20.19 secs
Few bits dirty - vnc_update_client_new: 0.08 secs
vnc_update_client_old: 10.98 secs
The case for all bits dirty is still rather slow, this
is due to the implementation of find_and_clear_dirty_height.
This will be addresses in a separate patch.
Signed-off-by: Peter Lieven <pl@kamp.de>
Reviewed-by: Wenchao Xia <xiawenc@linux.vnet.ibm.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
this allows for setting VNC_DIRTY_PIXELS_PER_BIT to different
values than 16 if desired.
Reviewed-by: Wenchao Xia <xiawenc@linux.vnet.ibm.com>
Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Spotted by Coverity:
876 static int vnc_update_client_sync(VncState *vs, int has_dirty)
877 {
(1) Event freed_arg: "vnc_update_client(VncState *, int)" frees "vs". [details]
Also see events: [deref_arg]
878 int ret = vnc_update_client(vs, has_dirty);
(2) Event deref_arg: Calling "vnc_jobs_join(VncState *)" dereferences freed pointer "vs". [details]
Also see events: [freed_arg]
879 vnc_jobs_join(vs);
880 return ret;
881 }
Remove vnc_update_client_sync wrapper, replace it with an additional
argument to vnc_update_client, so we can so the sync properly in
vnc_update_client (i.e. skip it in case of a client disconnect).
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Hi,
When I use RealVNC viewer client (http://www.realvnc.com/) to connect vnc server,
the client disconnect suddenly, and I click reconnect button immediately, then the Qemu crashed.
In the function vnc_worker_thread_loop, will call vnc_async_encoding_start
to set the local vs->output buffer by global queue's buffer. Then send rectangles to
the vnc client call function vnc_send_framebuffer_update. Finally, Under normal circumstances,
call vnc_async_encoding_end to set the global queue'buffer by the local vs->output conversely.
When the vnc client disconnect, the job->vs->csock will be set to -1. And the current prcoess
logic will goto disconnected partion without call function vnc_async_encoding_end.
But, the function vnc_send_framebuffer_update will call buffer_reserve, which
maybe call g_realloc reset the local vs's buffer, meaning the global queue's buffer is modified also.
If anyone use the original global queue's buffer memory will cause corruption and then crash qemu.
This patch assure the function vnc_async_encoding_end being called
even though the vnc client disconnect suddenly.
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
VncTight member uint8_t quality is either (uint8_t)-1 for lossless or
less than 10 for lossy.
tight_detect_smooth_image() first promotes it to int, then compares
with -1. Always unequal, so we always execute the lossy code. Reads
beyond tight_conf[] and returns crap when quality is actually
lossless.
Compare to (uint8_t)-1 instead, like we do elsewhere.
Spotted by Coverity.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
we put copy of ROMs in MR for migration.
but the name rom_in_ram makes one think we
load it in guest RAM.
Rename has_mr to make intent clearer.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Both QEMU and KVM have already accumulated a significant number of
optimizations based on the hard-coded assumption that ioapic polarity
will always use the ActiveHigh convention, where the logical and
physical states of level-triggered irq lines always match (i.e.,
active(asserted) == high == 1, inactive == low == 0). QEMU guests
are expected to follow directions given via ACPI and configure the
ioapic with polarity 0 (ActiveHigh). However, even when misbehaving
guests (e.g. OS X <= 10.9) set the ioapic polarity to 1 (ActiveLow),
QEMU will still use the ActiveHigh signaling convention when
interfacing with the emulated ioapic.
This patch modifies the emulated ioapic to completely ignore polarity
as set by the guest OS, enabling misbehaving guests to work alongside
those which comply with the ActiveHigh polarity specified by QEMU's
ACPI tables.
Signed-off-by: Gabriel L. Somlo <somlo@cmu.edu>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Bit 7 of Input Port is the keyboard inhibit switch.
0 means keyboard inhibited, while 1 means keyboard enabled.
Incidentaly, this also fixes an error encountered while booting
an Award BIOS: "Keyboard is locked out - Unlock the key".
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
In write-only mode, writes are forwarded to RAM, while reads should not be
handled (ie should return 0xff).
Assume that in this mode, no read access is ever done, as they shouldn't
give any sensible result.
So, in write-only mode, alias PAM region to RAM, instead of PCI memory
(which can even be mapped to some device!)
This fixes Award BIOS, which use this mode to shadow system BIOS and video BIOS.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
If the expected (offline) acpi tables loaded correctly,
it is safe to assume the iasl installation is OK and
issue an error if the actual tables failed to load.
Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Updated the error message while at it.
Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Gleb's address seems to be out of date. Since it stayed like that for a
while now, I'm guessing he's no longer interested in getting mail.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
If enabled, set the thread name at creation (on GNU systems with
pthread_set_np)
Fix up all the callers with a thread name
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Add flag storage to qemu-thread-* to store the namethreads flag
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Windows XP shows COM2 port as non functional in
"Device Manager" although no COM2 port backing device
is present in QEMU.
This regression is really due to
3bb28b7208b349e7a1b326e3c6ef9efac1d462bf?
memory: Provide separate handling of unassigned io ports accesses
That is caused by the fact that QEMU reports to
OSPM that device is present by setting 5th bit in
PII4XPM.pci_conf[0x67] register when COM2 doesn't
exist.
It happens due to memory_region_present(io_as, 0x2f8)
returning false positive since 0x2f8 address eventually
translates into catchall io_as address space.
Fix memory_region_present(parent, addr) by returning
true only if addr maps into a MemoryRegion within
parent (excluding parent itself), to match its
doc comment.
While at it fix copy/paste error in
memory_region_present() doc comment.
Note: this is a temporary hack: we really need better handling for
unassigned regions, we should avoid fallback regions since they are bad
for performance (breaking radix tree assumption that the data structure
is sparsely populated); for memory we need to fix this to implement PCI
master abort properly, anyway.
Cc: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
peer_{de,at}tach were called from inside assert().
We don't support building without NDEBUG but it's not tidy.
Rearrange to attach peer outside assert calls.
Signed-off-by: Joel Stanley <joel@jms.id.au>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
As reported in
http://article.gmane.org/gmane.comp.emulators.qemu/253987
Mac OSX actually requires describing all occupied slots
in ACPI - even if hotplug isn't enabled.
I didn't expect this so I dropped description of all
non hotpluggable slots from ACPI.
As a result: before
commit 99fd437dee (enable
hotplug for pci bridges), PCI cards show up in the "device tree" of OS X
(System Information). E.g., on MountainLion users have:
Hardware -> PCI Cards:
Card Type Driver Installed Slot
*ethernet Ethernet Controller Yes PCI Slot 2
pci8086,2934 USB UHC Yes PCI Slot 29
ethernet:
Type: Ethernet Controller
Driver Installed: Yes
MSI: No
Bus: PCI
Slot PCI Slot 2
Vendor ID: 0x8086
Device ID: 0x100e
Subsystem Vendor ID: 0x1af4
Subsystem ID: 0x1100
Revision ID: 0x0003
Hardware -> Ethernet Cards
ethernet:
Type: Ethernet Controller
Bus: PCI
Slot PCI Slot 2
Vendor ID: 0x8086
Device ID: 0x100e
Subsystem Vendor ID: 0x1af4
Subsystem ID: 0x1100
Revision ID: 0x0003
BSD name: en0
Kext name: AppleIntel8254XEthernet.kext
Location: /System/Library/Extensions/...
Version: 3.1.1b1
After commit 99fd437dee, users get:
Hardware -> PCI Cards:
This computer doesn't contain any PCI cards. If you installed PCI
cards, make sure they're properly installed.
Hardware -> Ethernet Cards
ethernet:
Type: Ethernet Controller
Bus: PCI
Vendor ID: 0x8086
Device ID: 0x100e
Subsystem Vendor ID: 0x1af4
Subsystem ID: 0x1100
Revision ID: 0x0003
BSD name: en0
Kext name: AppleIntel8254XEthernet.kext
Location: /System/Library/Extensions/...
Version: 3.1.1b1
Ethernet still works, but it's not showing up on the PCI bus, and it
no longer thinks it's plugged in to slot #2, as it used to before the
change.
To fix, append description for all occupied non hotpluggable PCI slots.
One need to be careful when doing this: VGA devices
are now described in SSDT, so we need to drop description from DSDT.
And ISA devices are used in DSDT so drop them from SSDT.
Reported-by: Gabriel L. Somlo <gsomlo@gmail.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Also update generated dsdt and pcihp hex dump files.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
At first glance the code appears to be using 1's compliment encoding,
a-la AArch32. Except that the constant is "off", creating a complicated
split field 2's compliment encoding.
Much clearer to just use a normal mask and shift.
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
It was unused. Let's not overcomplicate things before we need them.
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
We assert that the values for _I32 and _I64 are 0 and 1 respectively.
This will make a couple of functions declared by tcg.c cleaner.
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
This adds @idstr to savevm_section_start and savevm_section_end
tracepoints.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Resizing the xbzrle cache during migration causes qemu-crash,
because the main-thread and migration-thread modify the xbzrle
cache size concurrently without lock-protection.
Signed-off-by: ChenLiang <chenliang88@huawei.com>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Exception with break instruction has not been correctly propagated as
SIGTRAP. This resolves crash issues with examples that use break
instruction on MIPS.
Signed-off-by: Petar Jovanovic <petar.jovanovic@imgtec.com>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
On success, sigtimedwait() returns a signal number that needs to be
translated from a host value to a target value.
This change also fixes issues with sigwait (that is implemented using
sigtimedwait()).
Signed-off-by: Petar Jovanovic <petar.jovanovic@imgtec.com>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Glibc when built for newer kernels assumes that the sendmmsg syscall is
available. Without it, dns resolution simply fails to work.
Wrap the syscall with existing infrastructure so that we don't have a host
dependency on sendmmsg.
To avoid locking the same area of guest memory twice (which will break if
DEBUG_REMAP is defined) we pull the lock/unlock part of do_sendrecvmsg()
out into its own function so the actual implementation can be shared.
Signed-off-by: Alexander Graf <agraf@suse.de>
[PMM: add recvmmsg support;
handle errors (which also implies support for non-blocking operations);
cap the vector length as the kernel implementation does;
don't lock guest memory twice;
support MSG_WAITFORONE flag]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
The size of the UID/GID types depends on whether USE_UID16 is
defined. Define a new put_user_id() which writes a uid/gid
type to guest memory. This fixes getresuid and getresgid, which
were always storing 16 bits even if the uid type was 32 bits.
Reported-by: Michael Matz <matz@suse.de>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
The AArch64 kernel defines its __kernel_uid_t type as 32 bits, unlike
32 bit ARM, so don't enable our 16-bit UID wrapper handling.
Signed-off-by: Andreas Schwab <schwab@suse.de>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Implement support for signal handlers with the SA_RESTORER
flag set.
Signed-off-by: Michael Matz <matz@suse.de>
[PMM: minor tweaks to make patch apply to current master]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Fix the loop restoring the FP registers from the signal frame to match
the one used when setting up the signal frame, so that it handles
TARGET_WORDS_BIGENDIAN being set.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
-mem-prealloc asks to preallocate memory residing on -mem-path path.
Currently QEMU exits in case:
- Memory file has been created but allocation via explicit write
fails.
And it fallbacks to malloc in case:
- Querying huge page size fails.
- Lack of sync MMU support.
- Open fails.
- mmap fails.
Have the same behaviour for all cases: fail in case -mem-path and
-mem-prealloc are specified for regions where the requested size is
suitable for hugepages.
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Rather than fall back to TCG (so the user has to discover
whats happening, in case of no access to qemu stdout/stderr).
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-02-27 19:30:51 +01:00
540 changed files with 14723 additions and 7698 deletions
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
