When keyboard focus is grabbed, current qemu wants to pass every
keypress to the VM, unless the user is pressing a UI accelerator.
That's exactly how things work without any of the fancy handling. Drop
the special handling, which seems to trigger accelerators twice on gtk3.
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Try kicking off a rhel5 text install over serial, the text menu navigation
is all messed up, and some of the kernel boot messages are randomly
corrupted.
Drop use of a pty and just use vte infrastructure for reading and writing.
This fixes the above corruption, and is simpler to boot.
(I don't know what was wrong with the original code though. FWIW this is
what virt-manager has done for years).
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Stock items are deprecated. As are ImageMenuItems. Convert everything to
text only MenuItems, with the same text content as mentioned in the
conversion guide:
https://docs.google.com/spreadsheet/pub?key=0AsPAM3pPwxagdGF4THNMMUpjUW5xMXZfdUNzMXhEa2c&output=html
gtk2 users lose their menu icons as well, but I don't think that's enough
of a problem to warrant keeping around back compat code.
Example error:
ui/gtk.c:1328:5: error: ‘GtkStock’ is deprecated [-Werror=deprecated-declarations]
ui/gtk.c:1335:5: error: ‘gtk_image_menu_item_new_from_stock’ is deprecated (declared at /usr/include/gtk-3.0/gtk/deprecated/gtkimagemenuitem.h:78): Use 'gtk_menu_item_new' instead [-Werror=deprecated-declarations]
s->zoom_out_item = gtk_image_menu_item_new_from_stock(GTK_STOCK_ZOOM_OUT, NULL);
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Guard this with a VTE version check, since I'm not sure if this is backwards
compatible.
ui/gtk.c: In function ‘gd_vc_init’:
ui/gtk.c:1176:5: error: ‘vte_terminal_get_adjustment’ is deprecated (declared at /usr/include/vte-2.90/vte/vtedeprecated.h:101) [-Werror=deprecated-declarations]
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
In these cases we weren't using an image in the menu item anyways, so
just do as the suggestion says. Should be fine for all qemu supported
gtk versions.
ui/gtk.c: In function ‘gd_create_menu_machine’:
ui/gtk.c:1284:5: error: ‘gtk_image_menu_item_new_with_mnemonic’ is deprecated (declared at /usr/include/gtk-3.0/gtk/deprecated/gtkimagemenuitem.h:76): Use 'gtk_menu_item_new_with_mnemonic' instead [-Werror=deprecated-declarations]
s->reset_item = gtk_image_menu_item_new_with_mnemonic(_("_Reset"));
^
ui/gtk.c:1287:5: error: ‘gtk_image_menu_item_new_with_mnemonic’ is deprecated (declared at /usr/include/gtk-3.0/gtk/deprecated/gtkimagemenuitem.h:76): Use 'gtk_menu_item_new_with_mnemonic' instead [-Werror=deprecated-declarations]
s->powerdown_item = gtk_image_menu_item_new_with_mnemonic(_("Power _Down"));
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reconfiguring with a different --with-gtkabi or --with-sdlabi doesn't
trigger a remake. Generate an (unused) CONFIG_GTKABI/CONFIG_SDLABI
so config-host.h will actually give 'make' something to trigger on.
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* remotes/otubo/seccomp:
seccomp: add shmctl(), mlock(), and munlock() to the syscall whitelist
seccomp: add timerfd_create and timerfd_settime to the whitelist
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* remotes/qmp-unstable/queue/qmp:
monitor: fix qmp_getfd() fd leak in error case
HMP: support specifying dump format for dump-guest-memory
HMP: fix doc of dump-guest-memory
qmp: object-add: Validate class before creating object
monitor: Add device_add and device_del completion.
monitor: Add command_completion callback to mon_cmd_t.
monitor: Fix drive_del id argument type completion.
error: Remove some unused headers
qerror.h: Replace QERR_NOT_SUPPORTED with QERR_UNSUPPORTED
qerror.h: Remove QERR defines that are only used once
qerror.h: Remove unused error classes
error: Print error_report() to stderr if using qmp
monitor: Remove unused monitor_print_filename
error: Privatize error_print_loc
vnc: Remove default_mon usage
slirp: Remove default_mon usage
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Block pull request
# gpg: Signature made Fri 25 Apr 2014 17:05:13 BST using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>"
* remotes/stefanha/tags/block-pull-request:
iscsi: Don't use error_is_set() to suppress additional errors
blockdev: Clean up fragile use of error_is_set()
nbd: Use return values instead of error_is_set(errp)
qemu-img: Consistently name Error * objects err, and not errp
Use error_is_set() only when necessary (again)
block: Expose host_* drivers in blockdev-add
MAINTAINERS: Add qemu-img/io to block subsystem
qemu-iotests: Improve and make use of QMPTestCase.wait_until_completed()
doc: add -drive rerror=,werror= to qemu --help output
block: Prevent coroutine stack overflow when recursing in bdrv_open_backing_file.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Net patches
# gpg: Signature made Fri 25 Apr 2014 15:07:31 BST using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>"
* remotes/stefanha/tags/net-pull-request:
net: Don't use error_is_set() to suppress additional errors
net: Make qmp_query_rx_filter() with name argument more obvious
net: xilinx_axienet.c: Add phy soft reset bit clearing
net/net.c: Remove unnecessary semicolon
pcnet: remove duplicate assignment
tap: Avoid extra iterations while closing file fd
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Some s390x patches:
- gdb stubs to make it compile if gdb support is pulled in
- linux-headers update for new oneregs
- two onereg enhancements
# gpg: Signature made Fri 25 Apr 2014 12:42:46 BST using RSA key ID C6F02FAF
# gpg: Can't check signature: public key not found
* remotes/cohuck/tags/s390x-20140425:
s390x/kvm: sync gbea and pp register
s390x/kvm: rework KVM synchronize to tracing for some ONEREGS
linux-headers update
s390x: empty function stubs in preparation for __KVM_HAVE_GUEST_DEBUG
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The smbd forked by qemu still uses the default ncalrpc directory
in /var/run/samba. This may lead to problems, if /var/run/samba
does not exist (for example if /var/run is a tmpfs and the host
smbd was not started).
This leads to the following error message from samba
and an unworkable smbd:
Failed to create pipe directory /var/run/samba/ncalrpc - No such file or directory
Fix this by pointing smbd to /tmp/qemu-smb.%d.%d/ncalrpc as ncalrpc directory.
Smbd will create the actual ncalrpc subdirectory on its own.
Signed-off-by: Michael Buesch <m@bues.ch>
Cc: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Applying this to -trivial because it _is_ rather trivial
and because Jan does not reply for months)
The rule for messages.po appears to be slightly wrong.
Move the `cd' command within parens.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Tested-by: Stefan Weil <sw@weilnetz.de>
Fields "name" (created with strdup in new_entry) and "pathname"
(created with g_strdup_printf in new_entry) of pathelem struct should
be freed before the whole struct is.
Signed-off-by: Kirill Batuzov <batuzovk@ispras.ru>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
The "Q" of the logo is already included in pc-bios/qemu_logo_no_text.svg.
This file now adds the complete logo as it was designed by Benoît Canet.
Benoît licensed it under CC-BY 3.0, see
http://lists.gnu.org/archive/html/qemu-devel/2012-02/msg02865.html.
Unneeded borders from Benoît's original logo were removed,
and metadata (license, author, date) was added in this version.
Cc: Benoît Canet <benoit@irqsave.net>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
'writeconfig' supports output to stdout (with '-'); when that happens,
we must not close stdout, or further command line options that also use
stdout will be impacted. (Although 'writeconfig' was copied from
'readconfig', the latter does not have the problem because it does not
support reading from '-')
Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
CODING_STYLE frowns upon mixing declarations and statements. main()
has such a declaration. Clean up by eliminating the variable.
Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
"This if else has no code between it and the end of the enclosing
while loop. This makes this continue redundant."
Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
A few more cleanups for .gitignore file.
The final goal is to have only files in there which
are generated during build. Things like .orig or
.gdbinit are definitely not generated during build.
Also, anchor a few more build-time directories.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Old:
There are two paths to show help and exit 1, one is with "-h" or
"--help", one is with invalid options.
New:
Show help and exit 0 for --help.
On invalid option, don't show the long help and bury the early "ERROR:"
line, just give a message pointing to --help.
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Adds option to -m
"size" - startup memory amount
For compatibility with legacy CLI if suffix-less number is passed,
it assumes amount in Mb.
Otherwise user is free to use suffixed number using suffixes b,k/K,M,G
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
These functions don't need type casts (as does cpu_physical_memory_rw)
and also make the code better readable.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Additional testing reveals that PulseAudio requires shmctl() and the
mlock()/munlock() syscalls on some systems/configurations. As before,
on systems that do require these syscalls, the problem can be seen with
the following command line:
# qemu -monitor stdio -sandbox on \
-device intel-hda -device hda-duplex
Signed-off-by: Paul Moore <pmoore@redhat.com>
Signed-off-by: Eduardo Otubo <otubo@linux.vnet.ibm.com>
Using error_is_set(errp) that way can sweep programming errors under
the carpet when we get called incorrectly with an error set.
Commit 24d3bd6 added a broken error path to iscsi_do_inquiry(): it
first calls error_setg(), then jumps to the preexisting error label,
where error_setg() gets called again, triggering an assertion failure.
Commit cbee81f fixed this by guarding the second error_setg() with an
error_is_set().
Replace this fix by a simpler and safer one: jump right behind the
second error_setg().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Using error_is_set(ERRP) to find out whether a function failed is
either wrong, fragile, or unnecessarily opaque. It's wrong when ERRP
may be null, because errors go undetected when it is. It's fragile
when proving ERRP non-null involves a non-local argument. Else, it's
unnecessarily opaque (see commit 84d18f0).
The error_is_set(errp) in internal_snapshot_prepare() is merely
fragile, because the caller never passes a null errp argument.
Make the code more robust and more obviously correct: receive the
error in a local variable, then propagate it through the parameter.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Using error_is_set(errp) to check whether a function call failed is
fragile: it breaks when errp is null. Check perfectly suitable return
values instead when possible. errp can't be null there now, but this
is more robust and more obviously correct
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
error_is_set(&var) is the same as var != NULL, but it takes
whole-program analysis to figure that out. Unnecessarily hard for
optimizers, static checkers, and human readers. Commit 84d18f0 dumbed
it down to obvious, but a few more have crept in since, and
documentation was overlooked. Dumb these down, too.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
All the functionality to use the host_device, host_cdrom and host_floppy
drivers is already there, they just need to be added to the schema.
The block driver names containing underscores are preexisting and cannot
be changed without breaking command line compatibility.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
qemu-img and qemu-io were not covered by any MAINTAINERS entry so far.
Reported-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
These options are already documented on the man page but missing from
qemu --help.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
In 1.7.1 qcow2_create2 reopen the file for flushing without the BDRV_O_NO_BACKING
flags.
As a consequence the code would recursively open the whole backing chain.
These three stack arrays would pile up through the recursion and lead to a coroutine
stack overflow.
Convert these array to malloced buffers in order to streamline the coroutine
footprint.
Symptoms where freezes or segfaults on production machines while taking QMP externals
snapshots. The overflow disturbed coroutine switching.
[Resolved conflicts on qemu.git/master since the patch was against v1.7.1
--Stefan]
Signed-off-by: Benoit Canet <benoit.canet@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
qemu_chr_fe_get_msgfd() transfers ownership of the file descriptor to
the caller. Therefore all code paths in qmp_getfd() should either
register the file descriptor somewhere or close it.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Currently it is very easy to crash QEMU by issuing an object-add command
using an abstract class or a class that doesn't support
TYPE_USER_CREATABLE as parameter.
Example: with the following QMP command:
(QEMU) object-add qom-type=cpu id=foo
QEMU aborts at:
ERROR:qom/object.c:335:object_initialize_with_type: assertion failed: (type->abstract == false)
This patch moves the check for TYPE_USER_CREATABLE before object_new(),
and adds a check to prevent the code from trying to instantiate abstract
classes.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Matthew Rosato <mjrosato@linux.vnet.ibm.com>
Tested-by: Matthew Rosato <mjrosato@linux.vnet.ibm.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Using error_is_set(errp) that way can sweep programming errors under
the carpet when we get called incorrectly with an error set.
qmp_query_rx_filter() breaks its loop when it detects an error. It
needs to set another error when the loop completes normally.
Return right away instead of merely breaking the loop.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
With a client name, the QMP command is specified to return a list of
one element. This isn't locally obvious in the code. Make it so.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Convert object_add and object_del commands to use the new callback.
Signed-off-by: Hani Benhabiles <hani@linux.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
monitor_printf will drop the requested output if cur_mon is qmp (for
good reason). However these messages are often helpful for debugging
issues with via libvirt.
If we know the message won't hit the monitor, send it to stderr.
Cc: Luiz Capitulino <lcapitulino@redhat.com>
Cc: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
These errors don't seem user initiated, so forcibly printing to the
monitor doesn't seem right. Just use error_report.
Drop lprint since it's now unused.
Cc: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
target-alpha queue pull for 20140424
# gpg: Signature made Thu 24 Apr 2014 20:44:23 BST using RSA key ID 4DD0279B
# gpg: Can't check signature: public key not found
* remotes/rth/tags/tgt-axp-pull-20140424: (40 commits)
target-alpha: Remove cpu_unique, cpu_sysval, cpu_usp
target-alpha: Tidy alpha_translate_init
target-alpha: Don't issue goto_tb under singlestep
target-alpha: Use non-local temps for zero/sink
target-alpha: Use extract to get insn fields
target-alpha: Convert mfpr/mtpr to source/sink
target-alpha: Convert gen_cpys et al to source/sink
target-alpha: Convert gen_fcvtlq/ql to source/sink
target-alpha: Convert gen_fcmov to source/sink
target-alpha: Convert gen_bcond to source/sink
target-alpha: Convert most ieee insns to source/sink
target-alpha: Convert gen_ieee_input to source/sink
target-alpha: Convert MVIOP2 to source/sink
target-alpha: Convert ARITH3 to source/sink
target-alpha: Convert FARITH3 to source/sink
target-alpha: Convert FARITH2 to source/sink
target-alpha: Convert gen_zap/not to source/sink
target-alpha: Convert gen_ins_h/l to source/sink
target-alpha: Convert gen_ext_h/l to source/sink
target-alpha: Convert gen_msk_h/l to source/sink
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Avoid iterations for fd 0, 1 & 2 when we are closing file fds in child process.
Signed-off-by: Pankaj Gupta <pagupta@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Block patches
# gpg: Signature made Wed 23 Apr 2014 11:02:29 BST using RSA key ID C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"
* remotes/kevin/tags/for-upstream:
block/cloop: use PRIu32 format specifier for uint32_t
vmdk: Fix "%x" to PRIx32 in format strings for cid
qemu-img: Improve error messages
qemu-iotests: Check common namespace for id and node-name
block: Catch duplicate IDs in bdrv_new()
qemu-img: Avoid duplicate block device IDs
block: Add errp to bdrv_new()
convert fprintf() calls to error_setg() in block/qed.c:bdrv_qed_create()
block: Remove -errno return value from bdrv_assign_node_name
curl: Replaced old error handling with error reporting API.
block: Handle error of bdrv_getlength in bdrv_create_dirty_bitmap
vmdk: Fix %d and %lld to PRI* in format strings
block: Check bdrv_getlength() return value in bdrv_make_zero()
block: Catch integer overflow in bdrv_rw_co()
block: Limit size to INT_MAX in bdrv_check_byte_request()
block: Fix nb_sectors check in bdrv_check_byte_request()
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Some ONE_REGS on s390 are not protected by a capability. Older kernels
might not provide those and return an error. Fortunately these registers
are only critical for the migration path. There is no need to error out
on reset and normal runtime. Furthermore, these kernels don't provide
a proper dirty bitmap anyway, so let's use tracing for those errors.
Also provide generic one reg helper to simplify the code.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
This patch creates empty function stubs (used by the gdbserver) in preparation
for the hw debugging support by kvm on s390, which will enable the
__KVM_HAVE_GUEST_DEBUG define in the linux headers and require these methods on
the qemu side.
Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Pull tcg 2014-04-22
# gpg: Signature made Tue 22 Apr 2014 22:00:04 BST using RSA key ID 4DD0279B
# gpg: Can't check signature: public key not found
* remotes/rth/tags/tcg-next-20140422:
tcg: Use HOST_WORDS_BIGENDIAN
tcg: Fix fallback from muls2_i64 to mulu2_i64
tcg: Use tcg_gen_mulu2_i32 in tcg_gen_muls2_i32
tcg: Relax requirement for mulu2_i32 on 32-bit hosts
tcg-s390: Remove W constraint
tcg-sparc: Use the type parameter to tcg_target_const_match
tcg-ppc64: Use the type parameter to tcg_target_const_match
tcg-aarch64: Remove w constraint
tcg: Add TCGType parameter to tcg_target_const_match
tcg: Fix out of range shift in deposit optimizations
tci: Mask shift counts to avoid undefined behavior
tcg: Mask shift quantities while folding
tcg: Use "unspecified behavior" for shifts
tcg: Fix warning (1 bit signed bitfield entry) and replace int by bool
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Pull for 20140421
# gpg: Signature made Mon 21 Apr 2014 17:57:24 BST using RSA key ID 4DD0279B
# gpg: Can't check signature: public key not found
* remotes/rth/tags/tcg-ia64-pull-20140421:
tcg-ia64: Convert to new ldst opcodes
tcg-ia64: Move part of softmmu slow path out of line
tcg-ia64: Convert to new ldst helpers
tcg-ia64: Reduce code duplication in tcg_out_qemu_ld
tcg-ia64: Move tlb addend load into tlb read
tcg-ia64: Move bswap for store into tlb load
tcg-ia64: Re-bundle the tlb load
tcg-ia64: Optimize small arguments to exit_tb
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
trivial patches for 2014-04-18
# gpg: Signature made Fri 18 Apr 2014 07:36:15 BST using RSA key ID A4C3D7DB
# gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>"
# gpg: aka "Michael Tokarev <mjt@corpit.ru>"
# gpg: aka "Michael Tokarev <mjt@debian.org>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5
# Subkey fingerprint: 6F67 E18E 7C91 C5B1 5514 66A7 BEE5 9D74 A4C3 D7DB
* remotes/mjt/tags/trivial-patches-2014-04-18:
Fix grammar in comment
doc: grammify "allows to"
configure: Remove redundant message for -Werror
scripts: add sample model file for Coverity Scan
xbzrle.c: Avoid undefined behaviour with signed arithmetic
int128.h: Avoid undefined behaviours involving signed arithmetic
hw/ide/ahci.c: Avoid shift left into sign bit
net: Report error when device / hub combo is not found.
configure: Fix indentation of help for --enable/disable-debug-info
qga: trivial fix for unclear documentation of guest-set-time
vl: Report accelerator not supported for target more nicely
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
PRIu32 is the format string specifier for uint32_t, let's use it.
Variables ->block_size, ->n_blocks, and i are all uint32_t.
Suggested-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Implementation of a USB Media Transfer Device device for easy
filesharing. Read-only. No access control inside qemu, it will
happily export any file it is able to open to the guest, i.e.
standard unix access rights for the qemu process apply.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Previously, when there is a user error in argv parsing, qemu-img prints
help text and exits.
Add an error_exit function to print a helpful error message and a hint
to run 'qemu-img --help' for more information.
As a bonus, "qemu-img <cmd> --help" now has a more reasonable exit code
0.
In the future the help text should be split by sub command, and only
print the information for the specified command.
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
A name that is taken by an ID can't be taken by a node-name at the same
time. Check that conflicts are correctly detected.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Since commit f298d071, block devices added with blockdev-add don't have
a QemuOpts around in dinfo->opts. Consequently, we can't rely any more
on QemuOpts catching duplicate IDs for block devices.
This patch adds a new check for duplicate IDs to bdrv_new(), and moves
the existing check that the ID isn't already taken for a node-name there
as well.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
qemu-img used to use "image" as ID for all block devices. This means
that e.g. img_convert() ended up with potentially multiple source images
and one target image, all with the same ID. The next patch will catch
this and fail to open the block device.
This patch makes sure that qemu-img uses meaningful unique IDs for the
block devices it uses.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
This patch adds an errp parameter to bdrv_new() and updates all its
callers. The next patches will make use of this in order to check for
duplicate IDs. Most of the callers know that their ID is fine, so they
can simply assert that there is no error.
Behaviour doesn't change with this patch yet as bdrv_new() doesn't
actually assign errors to errp.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
This patch converts fprintf() calls to error_setg() in block/qed.c:bdrv_qed_create()
(error_setg() is part of error reporting API in include/qapi/error.h)
Signed-off-by: Aakriti Gupta <aakritty@gmail.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
bdrv_getlength could fail, check the return value before using it.
Return NULL and set errno if it fails. Callers are updated to handle
the error case.
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Insanely large requests could cause an integer overflow in
bdrv_rw_co() while converting sectors to bytes. This patch catches the
problem and returns an error (if we hadn't overflown the integer here,
bdrv_check_byte_request() would have rejected the request, so we're not
breaking anything that was supposed to work before).
We actually do have a test case that triggers behaviour where we
accidentally let such a request pass, so that it would return success,
but read 0 bytes instead of the requested 4 GB. It fails now like it
should.
If the vdi block driver wants to be able to deal with huge images, it
can't read the whole block bitmap at once into memory like it does
today, but needs to use a metadata cache like qcow2 does.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Commit 8f4754ed intended to protect against integer overflow bugs in
block drivers by making sure that a single request that is passed to
drivers is no longer than INT_MAX bytes.
However, meanwhile there are some callers that don't use that code path
any more but call bdrv_check_byte_request() directy, so let's add a
check there as well.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Brown Bag sez, don't put the fallback code into the wrong function.
Also, check for muluh_i64 and use tcg_gen_mulu2_i64 instead of raw ops.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Instead require either mulu2_i32 or muluh_i32. The code in tcg-op.h
already supports looking for both. Previous incomplete conversion?
Signed-off-by: Richard Henderson <rth@twiddle.net>
Most 64-bit targets need to be able to ignore the high bits
of a TCG_TYPE_I32 value.
Suggested-by: Stuart Brady <sdb@zubnet.me.uk>
Signed-off-by: Richard Henderson <rth@twiddle.net>
By inspection, for a deposit(x, y, 0, 64), we'd have a shift of (1<<64)
and everything else falls apart. But we can reuse the existing deposit
logic to get this right.
Signed-off-by: Richard Henderson <rth@twiddle.net>
TCG now requires unspecified behavior rather than a potential crash,
bring the C shift within the letter of the law.
Signed-off-by: Richard Henderson <rth@twiddle.net>
The TCG result would be undefined, but we can at least produce one
plausible result and avoid triggering the wrath of analysis tools.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Change the definition such that shifts are not allowed to crash
for any input.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Static code analyzers complain about signed bitfields with only a single
bit. is_ld is used as a boolean value, so make it bool.
ppc64 already used bool for the 2nd argument is_ld of the local function
add_qemu_ldst_label. Modify all other TCG targets to do follow this
example.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Richard Henderson <rth@twiddle.net>
English language grammar does not allow usage
of the word "allows" directly followed by an
infinitive, declaring constructs like "something
allows to do somestuff" un-grammatical. Often
it is possible to just insert "one" between "allows"
and "to" to make the construct grammatical, but
usually it is better to re-phrase the statement.
This patch tries to fix 4 examples of "allows to"
usage in qemu doc, but does not address comments
in the code with similar constructs. It also adds
missing "the" in the same line.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
The compiler flag -Werror is printed (or not printed) as any other
compiler flag which is part of QEMU_CFLAGS.
Therefore an extra output line for -Werror is redundant and can be removed.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
This is the model file that is being used for the QEMU project's scans
on scan.coverity.com. It fixed about 30 false positives (10% of the
total) and exposed about 60 new memory leaks.
The file is not automatically used; changes to it must be propagated
to the website manually by an admin (right now Markus, Peter and me
are admins).
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Use unsigned types for doing bitwise arithmetic in the xzbrle
calculations, to avoid undefined behaviour:
xbzrle.c:99:49: runtime error: left shift of 72340172838076673
by 7 places cannot be represented in type 'long'
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Add casts when we're performing arithmetic on the .hi parts of an
Int128, to avoid undefined behaviour.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Add U suffix to avoid shifting left into the sign bit, which
is undefined behaviour.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Also convert nearby monitor_printf() call to error_report().
Signed-off-by: Hani Benhabiles <hani@linux.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
The help text for the --enable-debug-info and --disable-debug-info
command line options was misindented: delete the stray extra space
and bring it in to line with everything else.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
We mixed the use of "guest time", "system time", "hardware time",
"RTC" in documentation, it's unclear.
This patch just added two remarks of RTC and replace two "guest time"
by "guest's system time".
Signed-off-by: Amos Kong <akong@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
When you ask for an accelerator not supported for your target, you get
a bogus "accelerator does not exist" message:
$ qemu-system-arm -machine none,accel=kvm
KVM not supported for this target
"kvm" accelerator does not exist.
No accelerator found!
Suppress it.
Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Still inline, but updated to the new routines. Always use the LE
helpers, reusing the bswap between the fast and slot paths.
Signed-off-by: Richard Henderson <rth@twiddle.net>
This sequencing requires 5 stop bits instead of 6, and has room left
over to pre-load the tlb addend, and bswap data prior to being stored.
Signed-off-by: Richard Henderson <rth@twiddle.net>
target-arm queue:
* AArch64 system mode support; this is all the CPU emulation code
but not the virt board support
* cadence_ttc match register bugfix
* Allwinner A10 PIC, PIT and ethernet fixes
[with update to avoid duplicate typedef]
* zynq-slcr rewrite
* cadence_gem bugfix
* fix for SMLALD/SMLSLD insn in A32
* fix for SQXTUN in A64
# gpg: Signature made Thu 17 Apr 2014 21:35:57 BST using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
* remotes/pmaydell/tags/pull-target-arm-20140417-1: (51 commits)
target-arm: A64: fix unallocated test of scalar SQXTUN
arm: translate.c: Fix smlald Instruction
net: cadence_gem: Make phy respond to broadcast
misc: zynq_slcr: Make DB_PRINTs always compile
misc: zynq_slcr: Convert SBD::init to object init
misc: zynq-slcr: Rewrite
allwinner-emac: update irq status after writes to interrupt registers
allwinner-emac: set autonegotiation complete bit on link up
allwinner-a10-pit: implement prescaler and source selection
allwinner-a10-pit: use level triggered interrupts
allwinner-a10-pit: avoid generation of spurious interrupts
allwinner-a10-pic: fix behaviour of pending register
allwinner-a10-pic: set vector address when an interrupt is pending
timer: cadence_ttc: Fix match register write logic
target-arm/gdbstub64.c: remove useless 'break' statement.
target-arm: Dump 32-bit CPU state if 64 bit CPU is in AArch32
target-arm: Handle the CPU being in AArch32 mode in the AArch64 set_pc
target-arm: Make Cortex-A15 CBAR read-only
target-arm: Implement CBAR for Cortex-A57
target-arm: Implement Cortex-A57 implementation-defined system registers
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The smlald (and probably smlsld) instruction was doing incorrect sign
extensions of the operands amongst 64bit result calculation. The
instruction psuedo-code is:
operand2 = if m_swap then ROR(R[m],16) else R[m];
product1 = SInt(R[n]<15:0>) * SInt(operand2<15:0>);
product2 = SInt(R[n]<31:16>) * SInt(operand2<31:16>);
result = product1 + product2 + SInt(R[dHi]:R[dLo]);
R[dHi] = result<63:32>;
R[dLo] = result<31:0>;
The result calculation should be done in 64 bit arithmetic, and hence
product1 and product2 should be sign extended to 64b before calculation.
The current implementation was adding product1 and product2 together
then sign-extending the intermediate result leading to false negatives.
E.G. if product1 = product2 = 0x4000000, their sum = 0x80000000, which
will be incorrectly interpreted as -ve on sign extension.
We fix by doing the 64b extensions on both product1 and product2 before
any addition/subtraction happens.
We also fix where we were possibly incorrectly setting the Q saturation
flag for SMLSLD, which the ARM ARM specifically says is not set.
Reported-by: Christina Smith <christina.smith@xilinx.com>
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 2cddb6f5a15be4ab8d2160f3499d128ae93d304d.1397704570.git.peter.crosthwaite@xilinx.com
Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Near total rewrite of this device model. It is stylistically
obsolete, has numerous coverity fails and is not up to date with latest
Xilinx documentation. Fix.
The registers are flattened into a single array. This greatly simplifies
the MMIO accessor functions.
We take the oppurtunity to update the register Macro definitions to
match the latest TRM. Xilinx has de-documented some regs hence there are
some straight deletions. We only do this however in the case or a stock
read-as-written reset-zero register. Non-zero resets are always
preserved. New register definitions are added as needed.
This all comes with a VMSD version break as the union layout from before
was a bit strange and we are better off without it.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 3aa016167b352ed224666909217137285fd3351d.1396503037.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
For system mode, we may have a 64 bit CPU which is currently executing
in AArch32 state; if we're dumping CPU state to the logs we should
therefore show the correct state for the current execution state,
rather than hardwiring it based on the type of the CPU. For consistency
with how we handle translation, we leave the 32 bit dump function
as the default, and have it hand off control to the 64 bit dump code
if we're in AArch64 mode.
Reported-by: Rob Herring <rob.herring@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The AArch64 implementation of the set_pc method needs to be updated to
handle the possibility that the CPU is in AArch32 mode; otherwise there
are weird crashes when doing interprocessing in system emulation mode
when an interrupt occurs and we fail to resynchronize the 32-bit PC
with the TB we need to execute next.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
The Cortex-A15's CBAR register is actually read-only (unlike that
of the Cortex-A9). Correct our model to match the hardware.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
The Cortex-A57, like most of the other ARM cores, has a CBAR
register which defines the base address of the per-CPU
peripherals. However it has a 64-bit view as well as a
32-bit view; expand the QOM reset-cbar property from UINT32
to UINT64 so this can be specified, and implement the
32-bit and 64-bit views of a 64-bit CBAR.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Implement a subset of the Cortex-A57's implementation defined system
registers. We provide RAZ/WI or reads-as-constant/writes-ignored
implementations of the various control and syndrome reigsters.
We do not implement registers which provide direct access to and
manipulation of the L1 cache, since QEMU doesn't implement caches.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Implement the AArch64 RVBAR register, which indicates the reset
address. Since the reset address is implementation defined and
usually configurable by setting config signals in hardware, we
also provide a QOM property so it can be set at board level if
necessary.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Implement the auxiliary fault status registers AFSR0_EL1 and
AFSR1_EL1. These are present on v7 and later, and have IMPDEF
behaviour; we choose to RAZ/WI for all cores.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Many of the reginfo definitions in cp_reginfo[] use CP_ANY wildcards.
This is for a combination of reasons:
* early ARM implementations really did underdecode
* earlier versions of QEMU underdecoded and we can't tighten
this up because we don't know if guests really require this or not
* implementation convenience
For ARMv8 the architecture has tightened things up and system and
coprocessor registers are always specifically decoded. We take
advantage of this opportunity for a clean break by restricting
our CP_ANY wildcarded reginfo to pre-v8 CPUs, and providing
specifically decoded versions where necessary for v8 CPUs.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
In ARMv8 the 32 bit coprocessor ID register space is tidied up to
remove the wildcarded aliases of the MIDR and the RAZ behaviour
for the unassigned space where crm = 3..7. Make sure we don't
expose thes wildcards for v8 cores. This means we need to have
a specific implementation for REVIDR, an IMPDEF register which
may be the same as the MIDR (and which we always implement as such).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
The AArch64 usermode 'any' CPU type was accidentally specified
with the ARM_FEATURE_THUMB2EE bit set. This is incorrect since
ARMv8 removes Thumb2EE completely. Since we never implemented
Thumb2EE anyway having the feature bit set was fairly harmless
for user-mode, but the correct thing is to not set it at all.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Implement the ISR_EL1 register. This is actually present in
ARMv7 as well but was previously unimplemented. It is a
read-only register that indicates whether interrupts are
currently pending.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Implement the AArch64 view of the ACTLR (auxiliary control
register). Note that QEMU internally tends to call this
AUXCR for historical reasons.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Implement AArch64 view of the CONTEXTIDR register.
We tighten up the condition when we flush the TLB on a CONTEXTIDR
write to avoid needlessly flushing the TLB every time on a 64
bit system (and also on a 32 bit system using LPAE, as a bonus).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
All the AArch32 ID registers are visible from AArch64
(in addition to the AArch64-specific ID_AA64* registers).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
For ARMv8 there are two changes to the MVFR media feature registers:
* there is a new MVFR2 which is accessible from 32 bit code
* 64 bit code accesses these via the usual sysreg instructions
rather than with a floating-point specific instruction
Implement this.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Implement exception handling for AArch64 EL1. Exceptions from AArch64 or
AArch32 EL0 are supported.
Signed-off-by: Rob Herring <rob.herring@linaro.org>
[PMM: fixed minor style nits; updated to match changes in
previous patches; added some of the simpler cases of
illegal-exception-return support]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Move arm_log_exception() into internals.h so we can use it from
helper-a64.c for the AArch64 exception entry code.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Implement the AArch64 SPSR_EL1. For compatibility with how KVM
handles SPSRs and with the architectural mapping between AArch32
and AArch64, we put this in the banked_spsr[] array in the slot
that is used for SVC in AArch32. This means we need to extend the
array from uint32_t to uint64_t, which requires some reworking
of the 32 bit KVM save/restore code.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Implement handling for the AArch64 SP_EL0 system register.
This holds the EL0 stack pointer, and is only accessible when
it's not being used as the stack pointer, ie when we're in EL1
and EL1 is using its own stack pointer. We also provide a
definition of the SP_EL1 register; this isn't guest visible
as a system register for an implementation like QEMU which
doesn't provide EL2 or EL3; however it is useful for ensuring
the underlying state is migrated.
We need to update the state fields in the CPU state whenever
we switch stack pointers; this happens when we take an exception
and also when SPSEL is used to change the bit in PSTATE which
indicates which stack pointer EL1 should use.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Add the AArch64 ELR_EL1 register.
Note that this does not live in env->cp15: for KVM migration
compatibility we need to migrate it separately rather than
as part of the system registers, because the KVM-to-userspace
interface puts it in the struct kvm_regs rather than making
them visible via the ONE_REG ioctls.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Implement AArch64 views of ESR_EL1 and FAR_EL1, and make the 32 bit
DFSR, DFAR, IFAR share state with them as architecturally specified.
The IFSR doesn't share state with any AArch64 register visible at EL1,
so just rename the state field without widening it to 64 bits.
Signed-off-by: Rob Herring <rob.herring@linaro.org>
[PMM: Minor tweaks; fix some bugs involving inconsistencies between
use of offsetof() or offsetoflow32() and struct field width]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
The ARM946 model currently uses the c5_data and c5_insn fields in the CPU
state struct to store the contents of its access permission registers.
This is confusing and a good source of bugs because for all the MMU-based
CPUs those fields are fault status and fault address registers, which
behave completely differently; they just happen to use the same cpreg
encoding. Split them out to use their own fields instead.
These registers are only present in PMSAv5 MPU systems (of which the
ARM946 is our only current example); PMSAv6 and PMSAv7 (which we have
no implementations of) handle access permissions differently. We name
the new state fields accordingly.
Note that this change fixes a bug where a data abort or prefetch abort
on the ARM946 would accidentally corrupt the access permission registers
because the interrupt handling code assumed the c5_data and c5_insn
fields were always fault status registers.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Implement the DC ZVA instruction, which clears a block of memory.
The fast path obtains a pointer to the underlying RAM via the TCG TLB
data structure so we can do a direct memset(), with fallback to a
simple byte-store loop in the slow path.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Acked-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Suppress the ID_AA64DFR0_EL1 PMUVer field, even if the CPU specific
value claims that it exists. QEMU doesn't currently implement it,
and not advertising it prevents the guest from trying to use it
and getting UNDEFs on unimplemented registers.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
---
This is arguably a hack, but otherwise Linux tries to prod
half a dozen PMU sysregs.
Add support for v8 page table walks. This supports stage 1 translations
for 4KB, 16KB and 64KB page sizes starting with 0 or 1 level.
Signed-off-by: Rob Herring <rob.herring@linaro.org>
[PMM: fix style nits, fold in 16/64K page support patch, use
arm_el_is_aa64() to decide whether to do 64 bit page table walk]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
The current A32/T32 decoder bases its "is VFP/Neon enabled?" check
on the FPSCR.EN bit. This is correct if EL1 is AArch32, but for
an AArch64 EL1 the logic is different: it must act as if FPSCR.EN
is always set. Instead, trapping must happen according to CPACR
bits for cp10/cp11; these cover all of FP/Neon, including the
FPSCR/FPSID/MVFR register accesses which FPSCR.EN does not affect.
Add support for CPACR checks (which are also required for ARMv7,
but were unimplemented because Linux happens not to use them)
and make sure they generate exceptions with the correct syndrome.
We actually return incorrect syndrome information for cases
where FP is disabled but the specific instruction bit pattern
is unallocated: strictly these should be the Uncategorized
exception, not a "SIMD disabled" exception. This should be
mostly harmless, and the structure of the A32/T32 VFP/Neon
decoder makes it painful to put the 'FP disabled?' checks in
the right places.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Because unallocated encodings generate different exception syndrome
information from traps due to FP being disabled, we can't do a single
"is fp access disabled" check at a high level in the decode tree.
To help in catching bugs where the access check was forgotten in some
code path, we set this flag when the access check is done, and assert
that it is set at the point where we actually touch the FP regs.
This requires us to pass the DisasContext to the vec_reg_offset
and fp_reg_offset functions.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
For the A64 instruction set, the only FP/Neon disable trap
is the CPACR FPEN bits, which may indicate "enabled", "disabled"
or "disabled for EL0". Add a bit to the AArch64 tb flags indicating
whether FP/Neon access is currently enabled and make the decoder
emit code to raise exceptions on use of FP/Neon insns if it is not.
We use a new flag in DisasContext rather than borrowing the
existing vfp_enabled flag because the A32/T32 decoder is going
to need both.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
---
I'm aware this is a rather hard to review patch; sorry.
I have done an exhaustive check that we have fp access checks
in all code paths with the aid of the assertions added in the
next patch plus the code-coverage hack patch I posted to the
list earlier.
This patch is correct as of
09e037354 target-arm: A64: Add saturating accumulate ops (USQADD/SUQADD)
which was the last of the Neon insns to be added, so assuming
no refactoring of the code it should be fine.
Set up the required syndrome information when we detect an MMU fault.
Signed-off-by: Rob Herring <rob.herring@linaro.org>
[PMM: split out from exception handling patch, tweaked to bring
in line with how we create other kinds of syndrome information]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Add new helpers exception_with_syndrome (for generating an exception
with syndrome information) and exception_uncategorized (for generating
an exception with "Unknown or Uncategorized Reason", which have a syndrome
register value of zero), and use them to generate the correct syndrome
information for exceptions which are raised directly from generated code.
This patch includes moving the A32/T32 gen_exception_insn functions
further up in the source file; they will be needed for "VFP/Neon disabled"
exception generation later.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
For exceptions taken to AArch64, if a coprocessor/system register
access fails due to a trap or enable bit then the syndrome information
must include details of the failing instruction (crn/crm/opc1/opc2
fields, etc). Make the decoder construct the syndrome information
at translate time so it can be passed at runtime to the access-check
helper function and used as required.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
For AArch32 exceptions, the only information provided about
the cause of an exception is the individual exception type (data
abort, undef, etc), which we store in cs->exception_index. For
AArch64, the CPU provides much more detail about the cause of
the exception, which can be found in the syndrome register.
Create a set of fields in CPUARMState which must be filled in
whenever an exception is raised, so that exception entry can
correctly fill in the syndrome register for the guest.
This includes the information which in AArch32 appears in
the DFAR and IFAR (fault address registers) and the DFSR
and IFSR (fault status registers) for data aborts and
prefetch aborts, since if we end up taking the MMU fault
to AArch64 rather than AArch32 this will need to end up
in different system registers.
This patch does a refactoring which moves the setting of the
AArch32 DFAR/DFSR/IFAR/IFSR from the point where the exception
is raised to the point where it is taken. (This is no change
for cores with an MMU, retains the existing clearly incorrect
behaviour for ARM946 of trashing the MP access permissions
registers which share the c5_data and c5_insn state fields,
and has no effect for v7M because we don't implement its
MPU fault status or address registers.)
As a side effect of the cleanup we fix a bug in the AArch64
linux-user mode code where we were passing a 64 bit fault
address through the 32 bit c6_data/c6_insn fields: it now
goes via the always-64-bit exception.vaddress.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Implement the DAIF system register which is a view of the
DAIF bits in PSTATE. To avoid needing a readfn, we widen
the daif field in CPUARMState to uint64_t.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Currently cpu.h defines a mixture of functions and types needed by
the rest of QEMU and those needed only by files within target-arm/.
Split the latter out into a new header so they aren't needlessly
exposed further than required.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
* remotes/rth/tcg-aarch-6-5: (25 commits)
tcg-aarch64: Use tcg_out_mov in preference to tcg_out_movr
tcg-aarch64: Prefer unsigned offsets before signed offsets for ldst
tcg-aarch64: Introduce tcg_out_insn_3312, _3310, _3313
tcg-aarch64: Merge aarch64_ldst_get_data/type into tcg_out_op
tcg-aarch64: Introduce tcg_out_insn_3507
tcg-aarch64: Support stores of zero
tcg-aarch64: Implement TCG_TARGET_HAS_new_ldst
tcg-aarch64: Pass qemu_ld/st arguments directly
tcg-aarch64: Use TCGMemOp in qemu_ld/st
tcg-aarch64: Use ADR to pass the return address to the ld/st helpers
tcg-aarch64: Use tcg_out_call for qemu_ld/st
tcg-aarch64: Avoid add with zero in tlb load
tcg-aarch64: Implement tcg_register_jit
tcg-aarch64: Introduce tcg_out_insn_3314
tcg-aarch64: Reuse LR in translated code
tcg-aarch64: Use CBZ and CBNZ
tcg-aarch64: Create tcg_out_brcond
tcg-aarch64: Use symbolic names for branches
tcg-aarch64: Use adrp in tcg_out_movi
tcg-aarch64: Special case small constants in tcg_out_movi
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Technically, these variables could have been referenced both via
offsets from env and as TCG registers, which would be illegal.
Of course, that could only be done from PALcode, and ours doesn't
do that.
But honestly, these are used infrequently enough that they don't
really need to be TCG registers. We wind up with exactly the same
code if we follow the letter of the law and issue explicit ld/st.
Signed-off-by: Richard Henderson <rth@twiddle.net>
This one fixes a bug, previously noted as supressing exceptions
in the (unlikely) case the destination register was $f31.
Signed-off-by: Richard Henderson <rth@twiddle.net>
We were missing quite a few checks for Ra or Rb required to be 31.
Further, the one place we did check we also checked for no literal
operand and the Handbook says nothing about that.
Signed-off-by: Richard Henderson <rth@twiddle.net>
The methods by which we check for cpu features varied wildly
across the function. Using a nice macro cleans this up.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Conform to coding style, and avoid further occurrences of bugs due to
misplaced braces.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
The assembler seems to prefer them, perhaps we should too.
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Replace aarch64_ldst_op_data with AArch64LdstType, as it wasn't encoded
for the proper shift for the field and was confusing.
Merge aarch64_ldst_op_data, AArch64LdstType, and a few stray opcode bits
into a single I3312_* argument, eliminating some magic numbers from the
helper functions.
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Cleaning up the implementation of REV and REV16 at the same time.
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Making the bswap conditional on the memop instead of a compile-time test.
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Some guest env are small enough to reach the tlb with only a 12-bit addition.
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Combines 4 other inline functions and tidies the prologue.
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
It's obviously call-clobbered, but is otherwise unused.
Repurpose it as the TCG temporary.
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
A compare and branch against zero happens at the start of
every single TB.
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Rearrange code to put the compare and branch in the same place.
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
The subset of logical immediates that we support is quite quick to test,
and such constants are quite common to want to load.
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
When profitable, initialize the register with MOVN instead of MOVZ,
before setting the remaining lanes with MOVK.
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Since the kernel doesn't pass any info on the reason for the fault,
disassemble the instruction to detect a store.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
This reverts commit b533f658a9.
The original code was wrong, because effectively it ignored errors
from kernel, because kernel does not return -1 on error case but
returns -errno, and does not return -EPERM for this particular ioctl.
But in some cases kernel actually returned unsuccessful result,
namely, when the dirty bitmap in requested slot does not exist
it returns -ENOENT. With new code this condition becomes an
error when it shouldn't be.
Revert that patch instead of fixing it properly this late in the
release process. I disagree with this approach, but let's make
things move _somewhere_, instead of arguing endlessly whch of
the 2 proposed fixes is better.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Message-id: 1397477644-902-1-git-send-email-mjt@msgid.tls.msk.ru
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
acpi: SSDT update
This has a fix by Igor for a regression introduced by
bridge hotplug code.
Expected test files were updated accordingly.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Mon 14 Apr 2014 13:13:35 BST using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
* remotes/mst/tags/for_upstream:
acpi-test: update expected files
acpi: fix incorrect encoding for 0x{F-1}FFFF
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
commit 58b035c7354afc0c5351ea62264c01d74196ec26
acpi: fix incorrect encoding for 0x{F-1}FFFF
changes the SSDT, update expected files accordingly.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Fix typo in build_append_int() which causes integer
truncation when it's in range 0x{F-1}FFFF by packing it
as WordConst instead of required DWordConst.
In partucular this fixes a regression: hotplug in slots 16,17,18 and 19
didn't work, since SSDT had code like this:
If (And (Arg0, 0x0000))
{
Notify (S80, Arg1)
}
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Since we use the -fstack-protector argument at both compile and
link time in the build, we must check that it works with both
a compile and a link:
* MacOSX only fails in the compile step, not linking
* some gcc cross environments only fail at the link stage (if they
require a libssp and it's not present for some reason)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1397232832-32301-1-git-send-email-peter.maydell@linaro.org
Tested-by: Alexey Kardashevskiy <aik@ozlabs.ru>
When VM guest programs multicast addresses for
a virtio net card, it supplies a 32 bit
entries counter for the number of addresses.
These addresses are read into tail portion of
a fixed macs array which has size MAC_TABLE_ENTRIES,
at offset equal to in_use.
To avoid overflow of this array by guest, qemu attempts
to test the size as follows:
- if (in_use + mac_data.entries <= MAC_TABLE_ENTRIES) {
however, as mac_data.entries is uint32_t, this sum
can overflow, e.g. if in_use is 1 and mac_data.entries
is 0xffffffff then in_use + mac_data.entries will be 0.
Qemu will then read guest supplied buffer into this
memory, overflowing buffer on heap.
CVE-2014-0150
Cc: qemu-stable@nongnu.org
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 1397218574-25058-1-git-send-email-mst@redhat.com
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Block patches for 2.0.0-rc3
# gpg: Signature made Fri 11 Apr 2014 13:37:34 BST using RSA key ID C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"
* remotes/kevin/tags/for-upstream:
block-commit: speed is an optional parameter
iscsi: Remember to set ret for iscsi_open in error case
bochs: Fix catalog size check
bochs: Fix memory leak in bochs_open() error path
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
As speed is an optional parameter for the QMP block-commit command, it
should be set to 0 if not given (as it is undefined if has_speed is
false), that is, the speed should not be limited.
Cc: qemu-stable@nongnu.org
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The old check was off by a factor of 512 and didn't consider cases where
we don't get an exact division. This could lead to an out-of-bounds
array access in seek_to_sector().
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Right now relative mode accelerates too fast, and has the 'invisible wall'
problem. SDL2 added an explicit API to handle this use case, so let's use
it.
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Unbreaks relative mouse mode with sdl2, just like was done with sdl.c
in c3aa84b6.
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
acpi: DSDT update
Two fixes here:
- Test fix to avoid warning with make check.
- Hex file update so people building QEMU
without installing iasl get exactly the same ACPI
as with.
Both should help avoid user confusion.
As it's very easy to check that the produced ACPI
binary didn't change, I think these are very low risk.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Thu 10 Apr 2014 17:09:43 BST using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
* remotes/mst/tags/for_upstream:
acpi: update generated hex files
tests/acpi: update expected DSDT files
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
MacOSX clang silently swallows unrecognized -f options when doing a link
with '-framework' also on the command line, so to detect support for
the various -fstack-protector options we must do a plain .c to .o compile,
not a complete compile-and-link.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 1397041487-28477-1-git-send-email-peter.maydell@linaro.org
commit f2ccc311df
dsdt: tweak ACPI ID for hotplug resource device
changes the DSDT, update hex files to match
Otherwise the fix is only effective if QEMU is built
with iasl.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
commit f2ccc311df
dsdt: tweak ACPI ID for hotplug resource device
changes the DSDT, update test expected files to match
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reported-by: Igor Mammedov <imammedo@redhat.com>
2014-04-09 17:52:08 +03:00
176 changed files with 7702 additions and 4008 deletions
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
