Commit Graph

38705 Commits

Author SHA1 Message Date
Richard Henderson
2517def6f8 target-alpha: Implement WH64EN
Backward compatible cache insn introduced for EV7.

Reported-by: Al Viro <viro@ZenIV.linux.org.uk>
Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-05-18 13:03:47 -07:00
Richard Henderson
4d1628e832 target-alpha: Fix integer overflow checking insns
We need to write the result to the destination register before
raising any exception.  Thus inline the code for each insn, and
check for any exception after we're done.

Reported-by: Al Viro <viro@ZenIV.linux.org.uk>
Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-05-18 13:03:47 -07:00
Richard Henderson
7b4dde839e target-alpha: Fix cvttq vs inf
We should raise INV for infinities as well, not OVR+INE.

Reported-by: Al Viro <viro@ZenIV.linux.org.uk>
Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-05-18 13:03:46 -07:00
Richard Henderson
7f2e40020c target-alpha: Fix cvttq vs large integers
The range +- 2**63 - 2**64 was returning the wrong truncated
result.  We also incorrectly signaled overflow for -2**63.

Reported-by: Al Viro <viro@ZenIV.linux.org.uk>
Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-05-18 13:03:46 -07:00
Richard Henderson
c24a8a0b6d target-alpha: Raise IOV from CVTTQ
Floating-point overflow is a different bit from integer overflow.

Reported-by: Al Viro <viro@ZenIV.linux.org.uk>
Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-05-18 13:03:46 -07:00
Richard Henderson
f6b6b7b8a7 target-alpha: Set EXC_M_SWC for exceptions from /S insns
Previously forgotten, the kernel needs the software completion bit to
know that it needs to emulate software completion qualified insns.

Reported-by: Al Viro <viro@ZenIV.linux.org.uk>
Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-05-18 13:03:46 -07:00
Richard Henderson
471d493047 target-alpha: Set fpcr_exc_status even for disabled exceptions
The qualifiers can suppress the raising of exceptions, but real
hardware still records that the exceptions occurred.

Reported-by: Al Viro <viro@ZenIV.linux.org.uk>
Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-05-18 13:03:46 -07:00
Richard Henderson
f3d3aad4a9 target-alpha: Tidy FPCR representation
Store the fpcr as the hardware represents it.  Convert the softfpu
representation of exceptions into the fpcr representation.

Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-05-18 13:03:46 -07:00
Richard Henderson
ba9c5de5f2 target-alpha: Set PC correctly for floating-point exceptions
PC should be one past the faulting insn.  Add better commentary
for the machine-check exception path.

Reported-by: Al Viro <viro@ZenIV.linux.org.uk>
Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-05-18 13:03:46 -07:00
Richard Henderson
9d5a626b2c target-alpha: Forget installed round mode after MT_FPCR
When we use QUAL_RM_D, we copy fpcr_dyn_round to float_status.
When we install a new FPCR value, we update fpcr_dyn_round.
Reset the status of the cache so that we re-copy for the next
fp insn that requires dynamic rounding.

Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-05-18 13:03:46 -07:00
Richard Henderson
3da653fa05 target-alpha: Rename floating-point subroutines
... to match the instructions, which have no leading "f".

Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-05-18 13:03:46 -07:00
Richard Henderson
9354452c39 target-alpha: Move VAX helpers to a new file
Keep the IEEE and VAX floating point emulation separate.

Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-05-18 13:03:46 -07:00
Peter Maydell
385057cbec qapi: Fix qapi mangling of downstream names, and more
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJVViG7AAoJEDhwtADrkYZTqu0QAJCtZI2V3JZ3RmUfj/ISpekZ
 9gery42k6mc9dnMp+YOEdfbYYkjtcb3NqSPQi1iJUtBS1GjYGgvC2dqYDs6Eemow
 OEMyat7pwzPL7oOgoXC2F3fd/LMkpGU+qNIcj9ofqrd0I46MXYCTuwS6f8j1geDQ
 QtG+P57g6VFNzoy6I2H7NV3u3kLw1uwUTGaIEuuoCPUmSSWJrCxmoN2pFmHK1Rwk
 8rjuN5ZBLt2Vonqkj59qv/MA7/VmpasIVdbfsbnt36Jih7IyojDxpcNB80xTMlnh
 2AmVXSTsP62f7xhG2xWJf9+aOu4MWqfKCmv2f4wxuLV78eHRqjBz9zvMZTzSIE3j
 ca71KBl5qXIPB0YdCXZrI6k6UnsXzkO8V51IfrclWqzGKX23JBaNltaKyFnAeFEU
 mkVZFX2STFqE1sv9rpYlXcwnXf0OzERtoSK0yeQOFCUVRdFuZkUBHMoCcb06cZMt
 kfP+gLt5d3hM9u1nv4rd2pfIq09HME+L6yyyG6x38EF1gvY7Up+ckqYSTaeioVWZ
 S4lv1Wus/QFll5EZ5RIQNmA9PW58CJ7v5E3M2II82WNcqoWjhvcnjFtmaorvJ8N1
 PFqIbODjbG3WOUTe5jZnJemzSoXKeX1QhQ4nwhAPMQQpvWiheOWlgE1sAj3vnK+l
 7PUF4BnOPk0pH6nCeWY6
 =wbUI
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2015-05-15' into staging

qapi: Fix qapi mangling of downstream names, and more

# gpg: Signature made Fri May 15 17:41:31 2015 BST using RSA key ID EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>"

* remotes/armbru/tags/pull-qapi-2015-05-15: (26 commits)
  qapi: Inline gen_command_decl_prologue(), gen_command_def_prologue()
  qapi: Drop pointless flush() before close()
  qapi: Factor open_output(), close_output() out of generators
  qapi: Turn generators' mandatory option -i into an argument
  qapi: Fix generators to report command line errors decently
  qapi: Factor parse_command_line() out of the generators
  qapi: qapi-commands.py option --type is unused, drop it
  qapi: qapi-event.py option -b does nothing, drop it
  tests: Add missing dependencies on $(qapi-py)
  qapi: Support downstream events and commands
  qapi: Support downstream alternates
  qapi: Support downstream flat unions
  qapi: Support downstream simple unions
  qapi: Support downstream structs
  qapi: Support downstream enums
  qapi: Make c_type() consistently convert qapi names
  qapi: Tidy c_type() logic
  qapi: Move camel_to_upper(), c_enum_const() to closely related code
  qapi: Use c_enum_const() in generate_alternate_qtypes()
  qapi: Simplify c_enum_const()
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-05-15 17:51:20 +01:00
Peter Maydell
99e7627a70 Per-memop alignment
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJVVPTHAAoJEK0ScMxN0Cebt0gH/i67aFKsjweF4LRsSlCm+0NO
 SFUVooPB08bw2jRIXL+znLy/N4T/anUCJSRKEV2Wp6ihXbF9mcLk2ze6pImK3Gqd
 ImvZ8tuzQ11G2evkdN+CEYtjGWJ4HEM3qAd+6Cv1Lmk3Kw1mtaebi1AXOOGi5eCB
 5sK5L4ov6++kn1UDhuDyL0vRb3gHYRMhPxTv8RayK2LjcNw5LS9mN2FT7op5ATmM
 REf2uH4+c/7kKj25n1UR5Pg+j13jgd4bTiD8iMlUBvQTMftw7Oo7ggGz/eEZRguY
 Xe1lL3s/RgZushp86H74ohjwm/TPTcOLuZ3HrVCsge34xlsl4WjDxbxN+vIw0SQ=
 =oWEZ
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20150514' into staging

Per-memop alignment

# gpg: Signature made Thu May 14 20:17:27 2015 BST using RSA key ID 4DD0279B
# gpg: Good signature from "Richard Henderson <rth7680@gmail.com>"
# gpg:                 aka "Richard Henderson <rth@redhat.com>"
# gpg:                 aka "Richard Henderson <rth@twiddle.net>"

* remotes/rth/tags/pull-tcg-20150514:
  tcg: Add MO_ALIGN, MO_UNALN
  tcg: Push merged memop+mmu_idx parameter to softmmu routines
  tcg: Merge memop and mmu_idx parameters to qemu_ld/st

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-05-15 16:02:08 +01:00
Richard Henderson
dfb3630562 tcg: Add MO_ALIGN, MO_UNALN
These modifiers control, on a per-memory-op basis, whether
unaligned memory accesses are allowed.  The default setting
reflects the target's definition of ALIGNED_ONLY.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-05-14 12:15:18 -07:00
Richard Henderson
3972ef6f83 tcg: Push merged memop+mmu_idx parameter to softmmu routines
The extra information is not yet used but it is now available.
This requires minor changes through all of the tcg backends.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-05-14 12:15:14 -07:00
Richard Henderson
59227d5d45 tcg: Merge memop and mmu_idx parameters to qemu_ld/st
At the tcg opcode level, not at the tcg-op.h generator level.
This requires minor changes through all of the tcg backends,
but none of the cpu translators.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-05-14 12:14:55 -07:00
Markus Armbruster
4180978c92 qapi: Inline gen_command_decl_prologue(), gen_command_def_prologue()
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2015-05-14 18:41:33 +02:00
Markus Armbruster
09896d3f48 qapi: Drop pointless flush() before close()
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2015-05-14 18:41:32 +02:00
Markus Armbruster
12f8e1b9ff qapi: Factor open_output(), close_output() out of generators
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2015-05-14 18:41:32 +02:00
Markus Armbruster
16d80f6181 qapi: Turn generators' mandatory option -i into an argument
Mandatory option is silly, and the error handling is missing: the
programs crash when -i isn't supplied.  Make it an argument, and check
it properly.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2015-05-14 18:41:23 +02:00
Markus Armbruster
b45409683e qapi: Fix generators to report command line errors decently
Report to stderr, prefix with the program name.  Also reject
extra arguments.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2015-05-14 18:39:34 +02:00
Markus Armbruster
2114f5a98d qapi: Factor parse_command_line() out of the generators
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2015-05-14 18:37:14 +02:00
Markus Armbruster
72aaa73a4a qapi: qapi-commands.py option --type is unused, drop it
Anything but --type sync (which is the default) suppresses output
entirely, which makes no sense.

Dates back to the initial commit c17d990.  Commit message says
"Currently only generators for synchronous qapi/qmp functions are
supported", so maybe output other than "synchronous qapi/qmp" was
planned at the time, to be selected with --type.

Should other kinds of output ever materialize, we can put the option
back.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2015-05-14 18:37:14 +02:00
Markus Armbruster
c70cef5bd4 qapi: qapi-event.py option -b does nothing, drop it
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2015-05-14 18:37:14 +02:00
Markus Armbruster
df3e21a0e0 tests: Add missing dependencies on $(qapi-py)
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2015-05-14 18:37:14 +02:00
Eric Blake
e3c4c3d796 qapi: Support downstream events and commands
Enhance the testsuite to cover downstream events and commands.
Events worked without more tweaks, but commands needed a few final
updates in the generator to mangle names in the appropriate places.
In making those tweaks, it was easier to drop type_visitor() and
inline its actions instead.

Signed-off-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-05-14 18:21:27 +02:00
Eric Blake
d1f07c86c0 qapi: Support downstream alternates
Enhance the testsuite to cover downstream alternates, including
whether the branch name or type is downstream.  Update the
generator to mangle alternate names in the appropriate places.

Signed-off-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-05-14 18:21:24 +02:00
Eric Blake
857af5f06c qapi: Support downstream flat unions
Enhance the testsuite to cover downstream flat unions, including
the base type, discriminator name and type, and branch name and
type.  Update the generator to mangle the union names in the
appropriate places.

Signed-off-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-05-14 18:21:21 +02:00
Eric Blake
bb33729043 qapi: Support downstream simple unions
Enhance the testsuite to cover downstream simple unions, including
when a union branch is a downstream name.  Update the generator to
mangle the union names in the appropriate places.

Signed-off-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-05-14 18:21:17 +02:00
Eric Blake
83a02706bb qapi: Support downstream structs
Enhance the testsuite to cover downstream structs, including struct
members and base structs.  Update the generator to mangle the
struct names in the appropriate places.

Signed-off-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-05-14 18:21:13 +02:00
Eric Blake
fce384b8e5 qapi: Support downstream enums
Enhance the testsuite to cover a downstream enum type and enum
string.  Update the generator to mangle the enum name in the
appropriate places.

Signed-off-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-05-14 18:21:09 +02:00
Eric Blake
c6405b54b7 qapi: Make c_type() consistently convert qapi names
Continuing the string of cleanups for supporting downstream names
containing '.', this patch focuses on ensuring c_type() can
handle a downstream name.  This patch alone does not fix the
places where generator output should be calling this function
but was open-coding things instead, but it gets us a step closer.

In particular, the changes to c_list_type() and type_name() mean
that type_name(FOO) now handles the case when FOO contains '.',
'-', or is a ticklish identifier other than a builtin (builtins
are exempted because ['int'] must remain mapped to 'intList' and
not 'q_intList').  Meanwhile, ['unix'] now maps to 'q_unixList'
rather than 'unixList', to match the fact that 'unix' is ticklish;
however, our naming conventions state that complex types should
start with a capital, so no type name following conventions will
ever have the 'q_' prepended.

Likewise, changes to c_type() mean that c_type(FOO) properly
handles an enum or complex type FOO with '.' or '-' in the
name, or is a ticklish identifier (again, a ticklish identifier
as a type name violates conventions).

Signed-off-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-05-14 18:21:07 +02:00
Eric Blake
d557344628 qapi: Tidy c_type() logic
c_type() is designed to be called on both string names and on
array designations, so 'name' is a bit misleading because it
operates on more than strings.  Also, no caller ever passes
an empty string.  Finally, + notation is a bit nicer to read
than '%s' % value for string concatenation.

Signed-off-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-05-14 18:21:03 +02:00
Markus Armbruster
849bc5382e qapi: Move camel_to_upper(), c_enum_const() to closely related code
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2015-05-14 18:21:00 +02:00
Markus Armbruster
b42e91484d qapi: Use c_enum_const() in generate_alternate_qtypes()
Missed in commit b0b5819.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2015-05-14 18:20:57 +02:00
Markus Armbruster
02e20c7e59 qapi: Simplify c_enum_const()
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2015-05-14 18:20:54 +02:00
Markus Armbruster
7c81c61f9c qapi: Rename generate_enum_full_value() to c_enum_const()
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2015-05-14 18:20:51 +02:00
Markus Armbruster
fa6068a1e8 qapi: Rename _generate_enum_string() to camel_to_upper()
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2015-05-14 18:20:48 +02:00
Eric Blake
18df515ebb qapi: Rename identical c_fun()/c_var() into c_name()
Now that the two functions are identical, we only need one of them,
and we might as well give it a more descriptive name.  Basically,
the function serves as the translation from a QAPI name into a
(portion of a) C identifier, without regards to whether it is a
variable or function name.

Signed-off-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-05-14 18:20:42 +02:00
Markus Armbruster
47299262de qapi: Fix C identifiers generated for names containing '.'
c_fun() maps '.' to '_', c_var() doesn't.  Nothing prevents '.' in
QAPI names that get passed to c_var().

Which QAPI names get passed to c_fun(), to c_var(), or to both is not
obvious.  Names of command parameters and struct type members get
passed to c_var().

c_var() strips a leading '*', but this cannot happen.  c_fun()
doesn't.

Fix c_var() to work exactly like c_fun().

Perhaps they should be replaced by a single mapping function.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
[add 'import string']
Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
2015-05-14 18:20:29 +02:00
Michael S. Tsirkin
777abdfe7b doc: fix qmp event type
Event name for hot unplug errors was wrong.
Make doc match code.

Cc: Zhu Guihua <zhugh.fnst@cn.fujitsu.com>
Reported-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-05-14 17:25:46 +02:00
Eduardo Habkost
58f88d4b7e qmp: Add qom_path field to query-cpus command
This will allow clients to query additional information directly using
qom-get on the CPU objects.

Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-05-14 17:25:46 +02:00
Peter Maydell
1eeace9c23 Patch queue for s390 - 2015-05-13
A few TCG fixes for the s390x target. Nothing special, but with these
 applied I can run most of the SLE12 binaries in Linux-user emulation.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.9 (GNU/Linux)
 
 iQIcBAABAgAGBQJVU0hVAAoJECszeR4D/txgMdMQAKB9mN26EYtzFSCmKWiud4PF
 IHMpTWcuLTWCJOL2dtRLHTzN3QJdFk/Kg8snwJSulF26mcV+poYXLG/a8kbECFL/
 iwoodw3lb4m3yU0QaXZcMDazWk1U1muXWMyjtuiutDePEqVf6YfP4iX2r6GKKVxq
 OQ0Nm5iirOCaP7CZMyseUmNNljTutOrx0xMwif8OKWrw8SPjIIgMSkVowAp5sBb7
 c/DHYt1TNYfapOoFSVC06UU5GA5gsIyrNGj4EBMs+IpKmRVMiRTRa817liLE7Cjl
 p4lIqBPoBL3ccPamNASKqw+9CNEIWu6pIQw/uUhxlK6IwBwJZLMY6c0s47mAGBn4
 ABeB5SODBy9LoQLcGJAFAKHLk1BUys2+AckXZXrkb0+T8tyuiugAsb72ynSqxkHo
 OfGh9OYGVIrm2+JSFdBkpbvYSdqbkj8fVUNHSTKpJVUNEJZzcFPFKOia9N6NKUEE
 HdA/D78GuYnQr+5hGvG9Mg3LPSl7OjeoMHKDFUMsBC/XYQOLQzURDxj709dO6ZkH
 vRTMVHyJ5LDHOzA4fk0TNRI6k/HUmYnAxK0rBHt25Q4TIMWBaARIMC5TPdl7DoIH
 ngG0wtHh8EJmJJi5afHjlsBnSGCMD06xNwrxha3jE8I7OwvmCwvIC7J4DMLgNPzi
 oUNYyBdQ6gNoJ7zSQrBZ
 =hVj1
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/agraf/tags/signed-s390-for-upstream' into staging

Patch queue for s390 - 2015-05-13

A few TCG fixes for the s390x target. Nothing special, but with these
applied I can run most of the SLE12 binaries in Linux-user emulation.

# gpg: Signature made Wed May 13 13:49:25 2015 BST using RSA key ID 03FEDC60
# gpg: Good signature from "Alexander Graf <agraf@suse.de>"
# gpg:                 aka "Alexander Graf <alex@csgraf.de>"

* remotes/agraf/tags/signed-s390-for-upstream:
  s390x: Add interlocked access facility 1 instructions
  s390x: Add some documentation in opcode list
  s390x: Fix stoc direction

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-05-13 16:06:07 +01:00
Peter Maydell
4d2d2d8b21 -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
 
 iQIcBAABAgAGBQJVUzrzAAoJEH3vgQaq/DkOXS8QALd0l54nibDK8CA8ApUZeUns
 frOmGf4bsP88YrJww0alYEiu3ERT4hmjqKkltcyioVFY2t/CuVwCkoayAKac4ga0
 sg1pfAMwBG5mGfQ67N/9h+rivJkCboChK0tIaVKD78+G9ez564rVkt5Px8MD3PKP
 SpatJSrfmOe5DjNVdlbgsNxuMEYZsI/req+G6kRJEddoHSIrQ6Ow/bk8Y5OLr1YV
 GLCCb2n/G4tAkSb1akmVXBx+WqIWrtXyQVz//jWV1g4zMS773vco2jHZMDfPt1we
 NvMoEo7uac8txlTYTXrHBFI19h+rW5jXs7+eYyM2bI04xZntEdxJzM1AIKoqzQUk
 EtGmnGLNsrKg7hrIxcjHwJ09sBl3VkIj62PYUiyhXRB1t7b2bg5IOaRUESCZDnhQ
 XV6ygdi6uGYoAiaM7JJ7FCt3k/xBFTPEHmyNTC+5Pza3mP5GXifNpDgLRPWP0ufG
 EBnUdWDiWIYY6FNa/Z4A5BX5gu41vVQkGNMVjOc8rbZ7iuaGJxay1epVQyuH9vll
 vZ8mUtFowvzWfGZGK/hjXVN7a3NK1N+JzVse1zVwqrf6z3nJXDd/Unn1ZfTcjHZb
 0nBfe1WJRfsDOEgwYescjqckIwfcsLn1w+Q5MG76dQ6w2PeZcqaRf1LEl4sbiMSO
 G+1YypZjZ2hJIwwBUam9
 =D51H
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/jnsnow/tags/ide-cve-pull-request' into staging

# gpg: Signature made Wed May 13 12:52:19 2015 BST using RSA key ID AAFC390E
# gpg: Good signature from "John Snow (John Huston) <jsnow@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: FAEB 9711 A12C F475 812F  18F2 88A9 064D 1835 61EB
#      Subkey fingerprint: F9B7 ABDB BCAC DF95 BE76  CBD0 7DEF 8106 AAFC 390E

* remotes/jnsnow/tags/ide-cve-pull-request:
  fdc: force the fifo access to be in bounds of the allocated buffer

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-05-13 13:57:44 +01:00
Alexander Graf
57af7289f2 s390x: Add interlocked access facility 1 instructions
We're currently missing all instructions defined by the "interlocked-access
facility 1" which is part of zEC12. This patch implements all of them except
for LPD and LPDG.

Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
2015-05-13 14:48:54 +02:00
Alexander Graf
13f67dd582 s390x: Add some documentation in opcode list
I find it really hard to grasp what each field in the opcode list means.
Slowly walking through its semantics myself, I figured I'd write a small
summary at the top of the file to make life easier for me and whoever
looks at the file next.

Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
2015-05-13 14:48:54 +02:00
Alexander Graf
c095ed731c s390x: Fix stoc direction
The store conditional instruction wants to store when the condition
is fulfilled, so we should branch out when it's not true.

The code today branches out when the condition is true, clearly
reversing the logic. Fix it up by negating the condition.

Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
2015-05-13 14:48:54 +02:00
Petr Matousek
e907746266 fdc: force the fifo access to be in bounds of the allocated buffer
During processing of certain commands such as FD_CMD_READ_ID and
FD_CMD_DRIVE_SPECIFICATION_COMMAND the fifo memory access could
get out of bounds leading to memory corruption with values coming
from the guest.

Fix this by making sure that the index is always bounded by the
allocated memory.

This is CVE-2015-3456.

Signed-off-by: Petr Matousek <pmatouse@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
2015-05-12 18:52:57 -04:00
Peter Maydell
968bb75c34 target-arm queue:
* Support TZ and grouping in the GIC
  * hw/sd: sd_reset cleanup
  * armv7m_nvic: fix bug in systick device
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCAAGBQJVUd3CAAoJEDwlJe0UNgzeJnkP/2xbFBu/EYAGSjFnxzQsi1/V
 jPUBDHM3JS6lsWOoy+Laxy62pTkUNkmarq8hNjZh6x7zgGwnaKnGtKwACZylTvOc
 y99zwMG44dzibfhTQX3FEePipVXDRxfVWVErwd0eQvZ4JTjYKPWQvKKlAAmSE0A0
 wKX4MstAzV13h+0z2cSBX5xsVy/NuB6rPFU8FLvmjZwVvHT4ivCeAENAcXoM3VZx
 PprtHcxlJIXhsAauTPbZvlSMyKOVMQFVHEMR4qQGXjvVLdZfA26t5ptXiWQJCGe+
 c35QBj5BbKm3k4bI5EMUtYT/Y4UcVfH1BMFIQhL9Z+HhyNcp8IuEZ2vtXrxHXmqS
 QaxKYCYZ+CC1P9YHosKjz9JZfEiufKlnlznIhX5c33/J3oUOb6OwspEHzh4L793k
 e7x0VyqTLWBeabZLyr45ghKBRn3BcVJaVDwJhaomju4XO0Ppx8RYpmrnoq4+TBNJ
 sS7sLyU2WuEzmfTRcq16+AkWCEotZtXlVjisKg1Zy5ZPP1kRH7jl3Th5hhByzE/O
 U4HQUfm6PiTR7D//52NcOuN2B8OGFdRtGFXDrgYL8RyExnF1yXLoWPAN/AKVaLpf
 YbHv/1BCQPWyaV3UE+olXDo+ZVtD4EkIDPnetGDgKHg+CyuBwnpRLfyWBxzUcQtC
 wH+FVWqZl4t8DZIugUyK
 =st51
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20150512' into staging

target-arm queue:
 * Support TZ and grouping in the GIC
 * hw/sd: sd_reset cleanup
 * armv7m_nvic: fix bug in systick device

# gpg: Signature made Tue May 12 12:02:26 2015 BST using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"

* remotes/pmaydell/tags/pull-target-arm-20150512:
  hw/arm/highbank.c: Wire FIQ between CPU <> GIC
  hw/arm/vexpress.c: Wire FIQ between CPU <> GIC
  hw/arm/virt.c: Wire FIQ between CPU <> GIC
  hw/intc/arm_gic: Add grouping support to gic_update()
  hw/intc/arm_gic: Change behavior of IAR writes
  hw/intc/arm_gic: Change behavior of EOIR writes
  hw/intc/arm_gic: Handle grouping for GICC_HPPIR
  hw/intc/arm_gic: Restrict priority view
  hw/intc/arm_gic: Implement Non-secure view of RPR
  hw/intc/arm_gic: Make ICCICR/GICC_CTLR banked
  hw/intc/arm_gic: Make ICCBPR/GICC_BPR banked
  hw/intc/arm_gic: Make ICDDCR/GICD_CTLR banked
  hw/intc/arm_gic_kvm.c: Save and restore GICD_IGROUPRn state
  hw/intc/arm_gic: Add Interrupt Group Registers
  hw/intc/arm_gic: Switch to read/write callbacks with tx attributes
  hw/intc/arm_gic: Add Security Extensions property
  hw/intc/arm_gic: Create outbound FIQ lines
  hw/sd: Don't pass BlockBackend to sd_reset()
  armv7m_nvic: systick: Reload the RELOAD value and count down only if ENABLE bit is set

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-05-12 12:11:32 +01:00