Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1436791864-4582-8-git-send-email-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Replace magic constants with macros from
hw/arm/virt.h and hw/intc/arm_gic_common.h.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1436791864-4582-7-git-send-email-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1436791864-4582-6-git-send-email-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Prepare for adding the Hypervisor timer, no functional change.
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1436791864-4582-5-git-send-email-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Rename gt_cnt_reset to gt_timer_reset as the function really
resets the timers and not the counters. Move the registration
from counter regs to timer regs.
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1436791864-4582-4-git-send-email-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Adds control for trapping selected timer and counter accesses to EL2.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1436791864-4582-3-git-send-email-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Adds support for the virtual timer offset controlled by EL2.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1436791864-4582-2-git-send-email-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
There was a complicated subtractive arithmetic for determining the
padding on the CPUTLBEntry structure. Simplify this with a union.
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-Id: <1436130533-18565-1-git-send-email-crosthwaite.peter@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Instead of invalidating an original TB in cpu_exec_nocache()
prematurely, just save a link to it in the temporary generated TB. If
cpu_io_recompile() is raised subsequently from the temporary TB,
invalidate the original one as well. That allows reusing the original TB
each time cpu_exec_nocache() is called to handle expired instruction
counter in icount mode.
Signed-off-by: Sergey Fedorov <serge.fdrv@gmail.com>
Message-Id: <1435656909-29116-1-git-send-email-serge.fdrv@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
If mirror has more free buffers than IOV_MAX, preadv(2)/pwritev(2)
EINVAL failures may be encountered.
It is possible to trigger this by setting granularity to a low value
like 8192.
This patch stops appending chunks once IOV_MAX is reached.
The spurious EINVAL failure can be reproduced with a qcow2 image file
and the following QMP invocation:
qmp.command('drive-mirror', device='virtio0', target='/tmp/r7.s1',
granularity=8192, sync='full', mode='absolute-paths',
format='raw')
While the guest is running dd if=/dev/zero of=/var/tmp/foo oflag=direct
bs=4k.
Cc: Jeff Cody <jcody@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1435761950-26714-1-git-send-email-stefanha@redhat.com
Signed-off-by: Jeff Cody <jcody@redhat.com>
Fixes migration in virtio 1 mode.
We still have a known bug with memory hotplug, it doesn't
look like we can fix that in time for 2.4.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJVwiRjAAoJECgfDbjSjVRpps8H/0Qh6JlHLeju9gEgqmreJTuT
xihAdocwe7tFJkvkn6Lg404DtofIhBhS+hoMtnyXRgtGqrJ/qCk/J5fgTFhxk0Bo
SUi45eTaR0W/g1L8Fwy4cwh8oc+vaD/Eaa6PXUYLlXdx0m9GkYRN+/QyVhXUJhhG
90qx59eXfRLI1P0gm1/u+q9aYIwJ3N2dZm4tochVk2FQP9B9ZXKjCC/ux9OTyhmF
APTrGa519CYheICWEdrimNbLa6+gaMnga+JUaLBypGXB6hE3RbLNzfxMmm2jy4i+
qR2Nm6gDJ9Dw+OQJ0qw2BDIcQJo7PLrGgDE13IhqXBFliLTjLwxfLaAE9OaAv5s=
=xygJ
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
virtio fix for 2.4
Fixes migration in virtio 1 mode.
We still have a known bug with memory hotplug, it doesn't
look like we can fix that in time for 2.4.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Wed 05 Aug 2015 15:57:39 BST using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
* remotes/mst/tags/for_upstream:
virtio: fix 1.0 virtqueue migration
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit 488981a4 [block: convert quorum blockdrv to use crypto APIs]
broke qemu-iotest 041 on hosts with GnuTLS < 2.10.0. It converted a
compile-time check to a run-time check at device open time. The result
is that we now advertise a feature (the quorum block driver) that will
never work (on those hosts). There's no way (short of parsing
human-readable error messages) for qemu-iotests or any other API
consumer to recognise that the quorum block driver isn't _actually_
available and shouldn't be used or tested.
Move the run-time check to bdrv_quorum_init() to avoid registering the
quorum block driver if we know it cannot work. This way API consumers
can recognise it's unavailable.
Fixes: 488981a4af
Signed-off-by: Sascha Silbe <silbe@linux.vnet.ibm.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Message-id: 1438699705-21761-1-git-send-email-silbe@linux.vnet.ibm.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
1.0 does not requires physically-contiguous pages layout for a
virtqueue. So we could not infer avail and used from desc. This means
we need to migrate vring.avail and vring.used when host support virtio
1.0. This fixes malfunction of virtio 1.0 device after migration.
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Cornelia Huck <cornelia.huck@de.ibm.com>
Cc: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The bps_max/iops_max values are meaningless without corresponding
bps/iops values. Reported an error if bps_max/iops_max is given without
bps/iops.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Message-id: 1438683733-21111-2-git-send-email-stefanha@redhat.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABCAAGBQJVwN8WAAoJECgHk2+YTcWmPi4P/ikCbJimzKm7PXf1nMyhXpq7
JLJcOxEPMKR+I2tBzPWnO0q5FS2juVjHx1vcFBcfDHcZiHj+poeyFwZWV2bQx56f
mr9fmD0077lJElPDRDeSjRsjK82EEZLlFGrTDgfH1UImN63/Gqvjq0GMKQSrT4qL
cJLBYAPYZuWcye8lkU/J4RyUD+pA3BYuFammz5S2kc9UAWMcQ4nzrGnKr2wv3MgY
VASHZ5/9i+yAg0PvnDCCN0ifMocYzOY5aCdn6P0yX6lHCX4X/q7iLe+OV9nbyzWC
nfbNglxJycytaD2/uHTi9bhZdE7WK1RXjCSoJWHiQKD0fTJIXYrn+MbOUNK8yOMm
/Hh+XnOOaPWQG9TeUYu8oOdtJYYae+xlqgqO3y9m/hmBdz3rhlo9mEwbvjn++E8U
oSHKr4PAOgrZmRYYTUSkOpsPAq7LDBXcDw1Xqvj/WZoSkjOLPDFm8MF2fuozJsd6
TsJYPoP/u4ey41Xu1td9JspoS+zzzybnfyIwWVFp4c39A4eTmcymLE0Am8nZA+0V
Fh+eyY9csVAdlach0Yzli7wU36XEFjxVB1rEz/tR+5aszBiOVT+0DBJfrHeoGwYU
ud4pNkh9OCp/BA8wNN6Im3LqEUOIwSsdMOoMAqAA6QU5RWeMaAXMt0DcQq/MYKoJ
CoVMsFEg0wXw7EyvLfGu
=ttw0
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/ehabkost/tags/x86-pull-request' into staging
X86 queue, 2015-08-04
# gpg: Signature made Tue 04 Aug 2015 16:49:42 BST using RSA key ID 984DC5A6
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF D1AA 2807 936F 984D C5A6
* remotes/ehabkost/tags/x86-pull-request:
target-i386: fix IvyBridge xlevel in PC_COMPAT_2_3
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Changes:
* fix semihosting for microMIPS R6
* fix an abort when booting mips64 kernel with --enable-tcg-debug
-----BEGIN PGP SIGNATURE-----
iQEcBAABAgAGBQJVwKLBAAoJEFIRjjwLKdprdfEH/RVxNZyYkh7/mO6azHnZRJe3
6ZyKi77Bw7xhBB6AkQD6/f7xDPPTfS7NZBTq9MftNCPnUvKk0nCJYVZFB3sla2mS
XxeFdMi4dXBL1Dz8+04ZNsWUfO/SoGgKJUc2sFIn0ssvOS5IuzjjPIYu/+SgcVe7
lAkIyOCfhWAIw6CQNhPrIGCmpfGklvns17HC9rcCNzgvECo8DTL5415DuC+7nJG9
yVMo/gxpjgpGrvGW1I07QfPo6H9gcKwIuxNSlsEq/q6Tkh+aqDl22xscPPBZTOF0
p3xo8cA1dcbZj+sw+DY+2pK3OpFHbM5MdW4W5/S23Un3gpVBLeJDoyLRpxLTdg8=
=DhD7
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/lalrae/tags/mips-20150804' into staging
MIPS patches 2015-08-04
Changes:
* fix semihosting for microMIPS R6
* fix an abort when booting mips64 kernel with --enable-tcg-debug
# gpg: Signature made Tue 04 Aug 2015 12:32:17 BST using RSA key ID 0B29DA6B
# gpg: Good signature from "Leon Alrae <leon.alrae@imgtec.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 8DD3 2F98 5495 9D66 35D4 4FC0 5211 8E3C 0B29 DA6B
* remotes/lalrae/tags/mips-20150804:
target-mips: Copy restrictions from ext/ins to dext/dins
target-mips: fix semihosting for microMIPS R6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The checks in dins is required to avoid triggering an assertion
in tcg_gen_deposit_tl. The check in dext is just for completeness.
Fold the other D cases in via fallthru.
In this case the errant dins appears to be data, not code, as
translation failed to stop after a break insn.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
In semihosting mode the SDBBP 1 instructions should trigger UHI syscall,
but in QEMU this does not happen for recently added microMIPS R6.
Consequently bare metal microMIPS R6 programs supporting UHI will not run.
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
From: Dana Rubin <dana.rubin@ravellosystems.com>
In commit 80da311d81,
"net/vmxnet3: Fix RX TCP/UDP checksum on partially summed packets"
a debug message was introduced in vmxnet3_rx_need_csum_calculate() for
an unlikely input condition.
The message accidentally printed 'len' variable instead of 'pkt_len'.
Fix, providing the correct argument.
Signed-off-by: Dana Rubin <dana.rubin@ravellosystems.com>
Signed-off-by: Shmulik Ladkani <shmulik.ladkani@ravellosystems.com>
Message-id: 1438109090-18957-1-git-send-email-shmulik.ladkani@ravellosystems.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This fix migration from the same QEMU version and from previous QEMU
version.
>From the global state section, we don't need runstate with Xen. Right now,
the way the Xen toolstack knows when QEMU is ready is when QEMU reach
"running" runstate.
The configuration section and the section footers are not going to be
present in previous version of QEMU with xenfv machine, so we skip them.
The Xen toolstack libxenlight does not specify a particular version of the
'pc' machine, so migration from older version of QEMU used by Xen to newer
one would break due to missing "configuration" section and section footers.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
When doing migration via the QMP command xen_save_devices_state, the
current runstate is not store into the global state section. Also the
current runstate is not the one we want on the receiver side.
During migration, the Xen toolstack paused QEMU before save the devices
state. Also, the toolstack expect QEMU to autostart when the migration is
finished.
So this patch store "running" as it's current runstate.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Commit 8e9b0d2 (ui: convert VNC websockets to use crypto APIs) dropped
the --enable-vnc-ws option but forgot to update the help text. Fix this.
Cc: Daniel P. Berrange <berrange@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 1437749257-3313-1-git-send-email-afaerber@suse.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
pci_piix3_xen_ide_unplug should completely unhook the unplugged
IDEDevice from the corresponding BlockBackend, otherwise the next call
to release_drive will try to detach the drive again.
Suggested-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJVv1m5AAoJEJykq7OBq3PIO+QIAMbPSu/ZqfdANX+H4bgshudw
9CMYsgEqlmjOSeFP1Pp7lYbuceInsvY4Ks+GtWsPkV/mhEl4+g1h9uWKMSWg0jsU
14hfi7ibJomFngRPkEhcDemu6JSLAGsqedLPyrFZZyGzVZnY/TmpwG3s9CiSUSU0
h7knQLxt8QemsPU+rlH6xE/QkSdyWpERsUCTpcKufIGwIZJDeUfW1/9UxDp6M0QK
LZj+8ZJzF2g/s51xHCTmAyvFZxROceEgUbGyWYNh1Aj55LMT7k+t4TTEYkizqTYj
n0AUDzV65Pm67OWRf22siqb74BPt72gf/048LmhqE7o4NZvLqJ7Kff6pFDYOF0Q=
=9hkg
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/stefanha/tags/rtl8139-cplus-tx-input-validation-pull-request' into staging
Pull request
# gpg: Signature made Mon Aug 3 13:08:25 2015 BST using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>"
* remotes/stefanha/tags/rtl8139-cplus-tx-input-validation-pull-request:
rtl8139: check TCP Data Offset field (CVE-2015-5165)
rtl8139: skip offload on short TCP header (CVE-2015-5165)
rtl8139: check IP Total Length field (CVE-2015-5165)
rtl8139: check IP Header Length field (CVE-2015-5165)
rtl8139: skip offload on short Ethernet/IP header (CVE-2015-5165)
rtl8139: drop tautologous if (ip) {...} statement (CVE-2015-5165)
rtl8139: avoid nested ifs in IP header parsing (CVE-2015-5165)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The TCP Data Offset field contains the length of the header. Make sure
it is valid and does not exceed the IP data length.
Reported-by: 朱东海(启路) <donghai.zdh@alibaba-inc.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
TCP Large Segment Offload accesses the TCP header in the packet. If the
packet is too short we must not attempt to access header fields:
tcp_header *p_tcp_hdr = (tcp_header*)(eth_payload_data + hlen);
int tcp_hlen = TCP_HEADER_DATA_OFFSET(p_tcp_hdr);
Reported-by: 朱东海(启路) <donghai.zdh@alibaba-inc.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The IP Total Length field includes the IP header and data. Make sure it
is valid and does not exceed the Ethernet payload size.
Reported-by: 朱东海(启路) <donghai.zdh@alibaba-inc.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The IP Header Length field was only checked in the IP checksum case, but
is used in other cases too.
Reported-by: 朱东海(启路) <donghai.zdh@alibaba-inc.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Transmit offload features access Ethernet and IP headers the packet. If
the packet is too short we must not attempt to access header fields:
int proto = be16_to_cpu(*(uint16_t *)(saved_buffer + 12));
...
eth_payload_data = saved_buffer + ETH_HLEN;
...
ip = (ip_header*)eth_payload_data;
if (IP_HEADER_VERSION(ip) != IP_HEADER_VERSION_4) {
Reported-by: 朱东海(启路) <donghai.zdh@alibaba-inc.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The previous patch stopped using the ip pointer as an indicator that the
IP header is present. When we reach the if (ip) {...} statement we know
ip is always non-NULL.
Remove the if statement to reduce nesting.
Reported-by: 朱东海(启路) <donghai.zdh@alibaba-inc.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Transmit offload needs to parse packet headers. If header fields have
unexpected values the offload processing is skipped.
The code currently uses nested ifs because there is relatively little
input validation. The next patches will add missing input validation
and a goto label is more appropriate to avoid deep if statement nesting.
Reported-by: 朱东海(启路) <donghai.zdh@alibaba-inc.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The add2 code in the tcg_out_addsub2 function doesn't take into account
the case where rl == al == bl. In that case we can't compute the carry
after the addition. As it corresponds to a multiplication by 2, the
carry bit is the bit 31.
While this is a corner case, this prevents x86-64 guests to boot on a
MIPS host.
Cc: qemu-stable@nongnu.org
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Commit 2b7ec66f fixed TCGMemOp masking following the MO_AMASK addition,
but two cases were forgotten in the TCG S390 backend.
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>