This is an intermediate step to bring TCX in line with CG3.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
CC: Andreas Färber <afaerber@suse.de>
The case statements in the CG3 read and write register routines have a maximum
value of CG3_REG_SIZE, so if a value were written to this offset then it
would overflow the register array.
Currently this cannot be exploited since the MemoryRegion restricts accesses
to the range 0 ... CG3_REG_SIZE - 1, but it seems worth clarifying this for
future review and/or static analysis.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
CC: Paolo Bonzini <pbonzini@redhat.com>
* remotes/rth/tcg-next:
TCG: Fix tcg_gen_extr_i64_tl for 32bit
tcg: Remove TCG_TARGET_HAS_new_ldst
tci: Convert to new ldst opcodes
tcg-i386: Fix win64 qemu store
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* remotes/kvm/uq/master:
kvm: Fix eax for cpuid leaf 0x40000000
kvmclock: Ensure proper env->tsc value for kvmclock_current_nsec calculation
kvm: Enable -cpu option to hide KVM
kvm: Ensure negative return value on kvm_init() error handling path
target-i386: set CC_OP to CC_OP_EFLAGS in cpu_load_eflags
target-i386: get CPL from SS.DPL
target-i386: rework CPL checks during task switch, preparing for next patch
target-i386: fix segment flags for SMM and VM86 mode
target-i386: Fix vm86 mode regression introduced in fd460606fd.
kvm_stat: allow choosing between tracepoints and old stats
kvmclock: Ensure time in migration never goes backward
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
input: add support for kbd delays
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAABAgAGBQJTjsk/AAoJEEy22O7T6HE4llkP/Akl8GAwrjs+sUVB/I5iUthm
vdgGBoH3R8VsuNt2LZIEWF+Cx1Nu4Bnrgmzd8K/TmGyWQp0r0Tb+BDyr7D/fMwBQ
IwuBu7Hm1xolm9XTzgKZ6yaapAQzRdz5Ycsv9gKH+QCnrWrWc1dAz3/yUf2clpBS
lOxwpfbvBC9eYDJIadse4DXJHdpXELw5B5BZDgC/BJu8qHMfApmdbc6WAxYIhV2w
2WemqFxFkg61I0Wh9/ngVxC9hpi6C0/u5TpjUiB+U6S6gypBvV8DQ45WLWvT3ZUO
lpA4K79CifOg1XGLG45+EOGlInRWXuMI8A4qJw8SsOKWveaZdyALzImC1Xai++a3
ICCrrzcgtOWVScLApHc+n8txQJ5qrKBe46++T5tovMf7kE12NEzJT5jqPHrLg84j
ZSyaKzjyZ9E+/b4fkA9Tk1obQ1FMs0OX2MKrBtxbI7sBsD3eCY3ZQ7X/exEyykMs
+BTG4t9koOtlSt5YAmQ1OQgHuat9c5zeIQT5eRjU3Ti61UUdvreZeQa7opEv6Gs8
YN842oT7e8Paef5Wi8yKtbH7A/6ZG6YrJE5/8RrDLWGdEIxGpTdyrvUujIwP8aEr
5tlK0bG7avv5A9sKoowj6dLdL+JUyL8IoWQambKhuQ1rZhPhZHXPBZLQ2Gq89/Gp
1VR5P454ThZjOc6kBG9V
=iNvW
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/kraxel/tags/pull-input-10' into staging
updates for docs/multiseat.txt
input: add support for kbd delays
# gpg: Signature made Wed 04 Jun 2014 08:22:39 BST using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
* remotes/kraxel/tags/pull-input-10:
docs/multiseat.txt: add note about spice
docs/multiseat.txt: gtk joined the party
docs/multiseat.txt: use autoseat
input/vnc: use kbd delays in press_key
input/curses: add kbd delay between keydown and keyup events
input: use kbd delays for send_key monitor command
input: add support for kbd delays
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This will generate a warning from "make check":
...
GTESTER tests/test-qdev-global-props
Warning: "-global dynamic-prop-type-bad.prop3=103" not used
GTESTER tests/check-qom-interface
...
If the warning is not generated, the test will fail.
Signed-off-by: Don Slutz <dslutz@verizon.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
This can help a user understand why -global was ignored.
For example: with "-vga cirrus"; "-global vga.vgamem_mb=16" is just
ignored when "-global cirrus-vga.vgamem_mb=16" is not.
This is currently clear when the wrong property is provided:
out/x86_64-softmmu/qemu-system-x86_64 -global cirrus-vga.vram_size_mb=16 -monitor pty -vga cirrus
char device redirected to /dev/pts/20 (label compat_monitor0)
qemu-system-x86_64: Property '.vram_size_mb' not found
Aborted (core dumped)
vs
out/x86_64-softmmu/qemu-system-x86_64 -global vga.vram_size_mb=16 -monitor pty -vga cirrus
char device redirected to /dev/pts/20 (label compat_monitor0)
VNC server running on `::1:5900'
^Cqemu: terminating on signal 2
Signed-off-by: Don Slutz <dslutz@verizon.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
User pages must be marked as non-executable when running under SMEP;
otherwise, fetching the page first and then calling it will fail.
With this patch, all SMEP testcases in kvm-unit-tests now pass.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
4MB pages can use 40-bit addresses by putting the higher 8 bits in bits
20-13 of the PDE. Bit 21 is reserved.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Remove the tail of the PAE case, so that we can use "goto" in the
next patch to jump to the protection checks.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Do not use this MMU index at all if CR4.SMAP is false, and drop
the SMAP check from x86_cpu_handle_mmu_fault.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
With SMAP, implicit kernel accesses from user mode always behave as
if AC=0. To do this, kernel mode is not anymore a separate MMU mode.
Instead, KERNEL_IDX is renamed to KSMAP_IDX and the kernel mode accessors
wrap KSMAP_IDX and KNOSMAP_IDX.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Unify pieces of cpu-all.h, exec-all.h, softmmu_exec.h and tcg/tcg.h
into a single new header file with all helpers.
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This will collect all load and store helpers soon. For now
it is just a replacement for softmmu_exec.h, which this patch
stops including directly, but we also include it where this will
be necessary in order to simplify the next patch.
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
These will soon require cpu_ldst.h, so move them out of cpu.h.
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
They do not need to be in op_helper.c. Because cputlb.c now includes
softmmu_template.h twice for each size, io_readX must be elided the
second time through.
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Prepare for moving softmmu_header.h inclusion out of .c files
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
We will reference it from more files in the next patch. To avoid
ruining the small steps we're making towards multi-target, make
it a method of CPU rather than just a global.
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This preprocessor symbol is already used in softmmu_template.h. We
will use it to distinguish the two "fake" ACCESS_TYPEs
NB_MMU_MODES and NB_MMU_MODES + 1.
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The ld_raw and st_raw definitions are only needed in code that
must compile for both user-mode and softmmu emulation. Device
models can use the equivalent ld_p/st_p which are simple
pointer accessors.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit 0f842f8a24 replaced GETPC_EXT() which
was derived from GETPC() by GETRA_EXT() without fixing cputlb.c. A later
patch replaced GETRA_EXT() by GETRA() in exec/softmmu_template.h which
is included in cputlb.c.
The TCG interpreter failed because the values returned by GETRA() were no
longer explicitly set to 0. The redefinition of GETRA() introduced here
fixes this.
In addition, GETPC_ADJ which is also used in exec/softmmu_template.h is
set to 0. Both changes reduce the compiled code size for cputlb.c by more
than 100 bytes, so the normal TCG without interpreter also profits from
the reduced code size and slightly faster code.
Cc: qemu-stable@nongnu.org
Reported-by: Giovanni Mascellani <gio@debian.org>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
We expose a generic helper "tcg_gen_extr_i64_tl" for 64bit targets, but the
same function for 32bit targets is a misnomer and refers to an invalid function
name.
Fix up the definition to point to the correct internal helper names instead.
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Since all backends have been converted, remove the compatibility code.
Acked-by: Claudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
The first non-register argument isn't placed at offset 0.
Cc: qemu-stable@nongnu.org
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Richard Henderson <rth@twiddle.net>
The exit code 63 (check not supported by image format) was not even
documented in the comment above the check command in the source code;
add it, as it does indeed seem useful.
Also, document all of check's exit codes in the manpage.
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reported-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Benoit Canet <benoit@irqsave.net>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The function init_blk_migration is better to be called before
set_dirty_tracking as the reasons below.
If we want to track dirty blocks via dirty_maps on a BlockDriverState
when doing live block-migration, its correspoding 'BlkMigDevState' should be
added to block_mig_state.bmds_list first for subsequent processing.
Otherwise set_dirty_tracking will do nothing on an empty list than allocating
dirty_bitmaps for them. And bdrv_get_dirty_count will access the
bmds->dirty_maps directly, then there would be a segfault triggered.
If the set_dirty_tracking fails, qemu_savevm_state_cancel will handle
the cleanup of init_blk_migration automatically.
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: chai wen <chaiw.fnst@cn.fujitsu.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The block_set_io_throttle QMP and HMP commands modify I/O throttling
limits for block devices.
Acquire the BlockDriverState's AioContext to protect against race
conditions with an IOThread that is running I/O for this device.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Benoit Canet <benoit@irqsave.net>