Commit Graph

55123 Commits

Author SHA1 Message Date
Alexey G
7fb394ad8a xen-mapcache: Fix the bug when overlapping emulated DMA operations may cause inconsistency in guest memory mappings
Under certain circumstances normal xen-mapcache functioning may be broken
by guest's actions. This may lead to either QEMU performing exit() due to
a caught bad pointer (and with QEMU process gone the guest domain simply
appears hung afterwards) or actual use of the incorrect pointer inside
QEMU address space -- a write to unmapped memory is possible. The bug is
hard to reproduce on a i440 machine as multiple DMA sources are required
(though it's possible in theory, using multiple emulated devices), but can
be reproduced somewhat easily on a Q35 machine using an emulated AHCI
controller -- each NCQ queue command slot may be used as an independent
DMA source ex. using READ FPDMA QUEUED command, so a single storage
device on the AHCI controller port will be enough to produce multiple DMAs
(up to 32). The detailed description of the issue follows.

Xen-mapcache provides an ability to map parts of a guest memory into
QEMU's own address space to work with.

There are two types of cache lookups:
 - translating a guest physical address into a pointer in QEMU's address
   space, mapping a part of guest domain memory if necessary (while trying
   to reduce a number of such (re)mappings to a minimum)
 - translating a QEMU's pointer back to its physical address in guest RAM

These lookups are managed via two linked-lists of structures.
MapCacheEntry is used for forward cache lookups, while MapCacheRev -- for
reverse lookups.

Every guest physical address is broken down into 2 parts:
    address_index  = phys_addr >> MCACHE_BUCKET_SHIFT;
    address_offset = phys_addr & (MCACHE_BUCKET_SIZE - 1);

MCACHE_BUCKET_SHIFT depends on a system (32/64) and is equal to 20 for
a 64-bit system (which assumed for the further description). Basically,
this means that we deal with 1 MB chunks and offsets within those 1 MB
chunks. All mappings are created with 1MB-granularity, i.e. 1MB/2MB/3MB
etc. Most DMA transfers typically are less than 1MB, however, if the
transfer crosses any 1MB border(s) - than a nearest larger mapping size
will be used, so ex. a 512-byte DMA transfer with the start address
700FFF80h will actually require a 2MB range.

Current implementation assumes that MapCacheEntries are unique for a given
address_index and size pair and that a single MapCacheEntry may be reused
by multiple requests -- in this case the 'lock' field will be larger than
1. On other hand, each requested guest physical address (with 'lock' flag)
is described by each own MapCacheRev. So there may be multiple MapCacheRev
entries corresponding to a single MapCacheEntry. The xen-mapcache code
uses MapCacheRev entries to retrieve the address_index & size pair which
in turn used to find a related MapCacheEntry. The 'lock' field within
a MapCacheEntry structure is actually a reference counter which shows
a number of corresponding MapCacheRev entries.

The bug lies in ability for the guest to indirectly manipulate with the
xen-mapcache MapCacheEntries list via a special sequence of DMA
operations, typically for storage devices. In order to trigger the bug,
guest needs to issue DMA operations in specific order and timing.
Although xen-mapcache is protected by the mutex lock -- this doesn't help
in this case, as the bug is not due to a race condition.

Suppose we have 3 DMA transfers, namely A, B and C, where
- transfer A crosses 1MB border and thus uses a 2MB mapping
- transfers B and C are normal transfers within 1MB range
- and all 3 transfers belong to the same address_index

In this case, if all these transfers are to be executed one-by-one
(without overlaps), no special treatment necessary -- each transfer's
mapping lock will be set and then cleared on unmap before starting
the next transfer.
The situation changes when DMA transfers overlap in time, ex. like this:

  |===== transfer A (2MB) =====|

              |===== transfer B (1MB) =====|

                          |===== transfer C (1MB) =====|
 time --->

In this situation the following sequence of actions happens:

1. transfer A creates a mapping to 2MB area (lock=1)
2. transfer B (1MB) tries to find available mapping but cannot find one
   because transfer A is still in progress, and it has 2MB size + non-zero
   lock. So transfer B creates another mapping -- same address_index,
   but 1MB size.
3. transfer A completes, making 1st mapping entry available by setting its
   lock to 0
4. transfer C starts and tries to find available mapping entry and sees
   that 1st entry has lock=0, so it uses this entry but remaps the mapping
   to a 1MB size
5. transfer B completes and by this time
  - there are two locked entries in the MapCacheEntry list with the SAME
    values for both address_index and size
  - the entry for transfer B actually resides farther in list while
    transfer C's entry is first
6. xen_ram_addr_from_mapcache() for transfer B gets correct address_index
   and size pair from corresponding MapCacheRev entry, but then it starts
   looking for MapCacheEntry with these values and finds the first entry
   -- which belongs to transfer C.

At this point there may be following possible (bad) consequences:

1. xen_ram_addr_from_mapcache() will use a wrong entry->vaddr_base value
   in this statement:

   raddr = (reventry->paddr_index << MCACHE_BUCKET_SHIFT) +
       ((unsigned long) ptr - (unsigned long) entry->vaddr_base);

resulting in an incorrent raddr value returned from the function. The
(ptr - entry->vaddr_base) expression may produce both positive and negative
numbers and its actual value may differ greatly as there are many
map/unmap operations take place. If the value will be beyond guest RAM
limits then a "Bad RAM offset" error will be triggered and logged,
followed by exit() in QEMU.

2. If raddr value won't exceed guest RAM boundaries, the same sequence
of actions will be performed for xen_invalidate_map_cache_entry() on DMA
unmap, resulting in a wrong MapCacheEntry being unmapped while DMA
operation which uses it is still active. The above example must
be extended by one more DMA transfer in order to allow unmapping as the
first mapping in the list is sort of resident.

The patch modifies the behavior in which MapCacheEntry's are added to the
list, avoiding duplicates.

Signed-off-by: Alexey Gerasimenko <x1917x@gmail.com>
Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>
2017-07-21 17:37:06 -07:00
Igor Druzhinin
9e6bdb92c8 xen: fix compilation on 32-bit hosts
Signed-off-by: Igor Druzhinin <igor.druzhinin@citrix.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
2017-07-21 17:32:56 -07:00
Peter Maydell
91939262ff configure: Drop ancient Solaris 9 and earlier support
Solaris 9 was released in 2002, its successor Solaris 10 was
released in 2005, and Solaris 9 was end-of-lifed in 2014.
Nobody has stepped forward to express interest in supporting
Solaris of any flavour, so removing support for the ancient
versions seems uncontroversial.

In particular, this allows us to remove a use of 'uname'
in configure that won't work if you're cross-compiling.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 1499955697-28045-1-git-send-email-peter.maydell@linaro.org
2017-07-21 15:04:05 +01:00
Peter Maydell
951fedfcee configure: Never use 'uname' to identify target OS
For a very long time we have used 'uname -s' as our fallback if
we don't identify the target OS using a compiler #define. This
obviously doesn't work for cross-compilation, and we've had
a comment suggesting we fix this in configure for a long time.
Since we now have an exhaustive list of which OSes we can run
on (thanks to commit 898be3e041 making an unrecognized OS
be a fatal error), we know which ones we're missing.

Add check_define tests for the remaining OSes we support.  The
defines checked are based on ones we already use in the codebase for
identifying the host OS (with the exception of GNU/kFreeBSD).
We can now set bogus_os immediately rather than doing it later.

We leave the comment about uname being bad untouched, since
there is still a use of it for the fallback for unrecognized
host CPU type.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 1499958932-23839-1-git-send-email-peter.maydell@linaro.org
2017-07-21 15:02:51 +01:00
Peter Maydell
e4335180d2 bsd-user/main.c: Fix unused variable warning
On OpenBSD the compiler warns:
bsd-user/main.c:622:21: warning: variable 'sig' set but not used [-Wunused-but-set-variable]

This is because a lot of the signal delivery code is #if-0'd
out as unused. Reshuffle #ifdefs a bit to silence the warning.

(We make the minimum change here rather than removing all the
bsd-user patchset which should make this all work correctly and
there's no point giving them an awkward rebase task.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1500395194-21455-5-git-send-email-peter.maydell@linaro.org
2017-07-21 15:01:09 +01:00
Peter Maydell
4a65a86af6 bsd-user/bsdload.c: Remove write-only id_change variable
On OpenBSD the compiler complains:
bsd-user/bsdload.c:54:17: warning: variable 'id_change' set but not used [-Wunused-but-set-variable]

This is dead code that was originally copied from linux-user.
We fixed this in linux-user in commit 331c23b5ca in 2011;
delete the useless code from bsd-user too.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-id: 1500395194-21455-4-git-send-email-peter.maydell@linaro.org
2017-07-21 15:00:43 +01:00
Mark Cave-Ayland
c8115f8eb8 block/vpc: fix uninitialised variable compiler warning
Since commit cfc87e00 "block/vpc.c: Handle write failures in
get_image_offset()" older versions of gcc (in this case 4.7) incorrectly
warn that "ret" can be used uninitialised in vpc_co_pwritev().

Setting ret to 0 at the start of vpc_co_pwritev() prevents the warning
in gcc 4.7 and enables compilation with -Werror to succeed.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1500625265-23844-1-git-send-email-mark.cave-ayland@ilande.co.uk
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-07-21 15:00:07 +01:00
Peter Maydell
ff9b547502 MIPS patches 2017-07-21
Changes:
 * Add Enhanced Virtual Addressing (EVA) support
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.5 (GNU/Linux)
 
 iQIVAwUAWXFmCyI464bV95fCAQJHpA//QvuBgHmN2z7Idp27IW84K0WL1IIz52hA
 K98ZS/31CAHRNKN/4TqpZyFERYvmAvOrMTR3TEJISrl8M28dXNEaANjRu+RNJ+nk
 Q410VG3Hr//C9GHVqMQ5SRMY8MgGGnBFpkwSW7O1Qn1cQiEB1PvFV5wZVpCEgJoO
 x2KZvzMJNSYsWrmvFc79CvE0m/K5frO4L/XMKoSdu51cVy4zQdI5NS/G6JugTN1j
 1p5x724Ic6duSlUZD91EvwUZEk88aeXGCaauMgiHYCkWNbY6he39GKRmRnhGYcIa
 9olFHW1axKaE1F+1J99eggz3XDLNfr4zsiBnmzMmi+ajJDAVO1vWcQWLUXH7cd1y
 ToxOnKel83EdDFfl+yaAGH4Ig/RRqUFaB7Qq3QOjEHlM5sCJ8vsLUuplCyBIdV6d
 /BaS0v99FNt4qSSYpwRd/cPbPmYl0DbQatfcgsX2g4WSH3SyjZBg3L7NyFWmOAAg
 fscLFafA5ic6XHmSKwsqmzPbOJcUXYrNnxLHw+Smg60hiqoWgF+4j34lDLEMsY1T
 rIptlpU4GeXs05d+Q/ABEH7wcPJHPjoWTEkPzaFjXjuL+c9ZnQqnrI4j9gXsqY6u
 Km8SoTPfqdwj5AW7KS4RrNz6g2f+GnXS4t8p9JK2krciH+gPVVBQEmf4t3qQAwPC
 y2uVsoHtC2E=
 =qlJH
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/yongbok/tags/mips-20170721' into staging

MIPS patches 2017-07-21

Changes:
* Add Enhanced Virtual Addressing (EVA) support

# gpg: Signature made Fri 21 Jul 2017 03:25:15 BST
# gpg:                using RSA key 0x2238EB86D5F797C2
# gpg: Good signature from "Yongbok Kim <yongbok.kim@imgtec.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 8600 4CF5 3415 A5D9 4CFA  2B5C 2238 EB86 D5F7 97C2

* remotes/yongbok/tags/mips-20170721:
  target/mips: Enable CP0_EBase.WG on MIPS64 CPUs
  target/mips: Add EVA support to P5600
  target/mips: Implement segmentation control
  target/mips: Add segmentation control registers
  target/mips: Add an MMU mode for ERL
  target/mips: Abstract mmu_idx from hflags
  target/mips: Check memory permissions with mem_idx
  target/mips: Decode microMIPS EVA load & store instructions
  target/mips: Decode MIPS32 EVA load & store instructions
  target/mips: Prepare loads/stores for EVA
  target/mips: Add CP0_Ebase.WG (write gate) support
  target/mips: Weaken TLB flush on UX,SX,KX,ASID changes
  target/mips: Fix TLBWI shadow flush for EHINV,XI,RI
  target/mips: Fix MIPS64 MFC0 UserLocal on BE host

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-07-21 13:28:51 +01:00
Peter Maydell
14e167530a Final CI updates for soft-freeze
Tweaks from Paolo for J=x Travis compiles
 Bunch of updated cross-compile targets from Philippe
 Additional debug tools in travis image from Me
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJZbdw6AAoJEPvQ2wlanipEd3UH/0z2oPZanlGonjPtmS2DjLmU
 xvf5EgCNYE0VwBYqycSeXd5pVSVtfkAXi9EBIBzF64FjySV131k3T9iUGVnMHC8w
 RzwSk/6FDldUhJWIeXRsMC1zwJuOyhe2PTZ228zmeCr+gMJ8v5znfWFG7bt7xPxm
 ACfDxA+bWfwyfObmWWBGiqemTAnPYK9eZLoTFWKp7fjSlnhR+Vwl4nksdAs0P/sm
 BOZ2QO8AqRd8z8vV7r+DKYmxLltLHGds8Bq1UOfPcoCqGlEcX8enWUG7lLPS530c
 41RRGlWPEiTgat0PBAembxShCHHltY8jPr7C7hcwo42GIWIL97LxApM6K4FXcAQ=
 =Pk5d
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/stsquad/tags/pull-ci-updates-for-softfreeze-180717-2' into staging

Final CI updates for soft-freeze

Tweaks from Paolo for J=x Travis compiles
Bunch of updated cross-compile targets from Philippe
Additional debug tools in travis image from Me

# gpg: Signature made Tue 18 Jul 2017 11:00:26 BST
# gpg:                using RSA key 0xFBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>"
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8  DF35 FBD0 DB09 5A9E 2A44

* remotes/stsquad/tags/pull-ci-updates-for-softfreeze-180717-2: (32 commits)
  docker: install clang since Shippable setup_ve() verify it is available
  docker: warn users to use newer debian8/debian9 base image
  docker: add debian Ports base image
  shippable: add win32/64 targets
  docker: add MXE (M cross environment) base image for MinGW-w64
  shippable: add mips64el targets
  docker: add debian/mips64el image
  shippable: use debian/mips[eb] targets
  docker: add debian/mips[eb] images
  shippable: add powerpc target
  docker: add debian/powerpc based on Jessie
  docker: add 'apt-fake' script which generate fake debian packages
  docker: add qemu:debian-jessie based on outdated jessie release
  shippable: add x86_64 targets
  shippable: add ppc64el targets
  shippable: add armel targets
  docker: enable nettle to extend code coverage on arm64
  docker: enable gcrypt to extend code coverage on amd64
  docker: enable netmap to extend code coverage on amd64
  docker: enable virgl to extend code coverage on amd64
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-07-21 11:44:53 +01:00
Peter Maydell
710259565b bsd-user/elfload.c: Fix set-but-not-used warnings
Fix various warnings about set-but-not-used variables on OpenBSD:

bsd-user/elfload.c:1158:15: warning: variable 'mapped_addr' set but not used [-Wunused-but-set-variable]
bsd-user/elfload.c:1165:9: warning: variable 'status' set but not used [-Wunused-but-set-variable]
bsd-user/elfload.c:1168:15: warning: variable 'elf_stack' set but not used [-Wunused-but-set-variable]

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 1500395194-21455-3-git-send-email-peter.maydell@linaro.org
2017-07-21 10:34:40 +01:00
Peter Maydell
06943a6269 bsd-user/mmap.c: Move __thread attribute to right place
Avoid a compiler warning on OpenBSD:
bsd-user/mmap.c:28:1: warning: '__thread' is not at beginning of declaration [-Wold-style-declaration]
by moving the __thread attribute to its proper place.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 1500395194-21455-2-git-send-email-peter.maydell@linaro.org
2017-07-21 10:34:40 +01:00
Peter Maydell
95a5befc2f Use qemu_tolower() and qemu_toupper(), not tolower() and toupper()
On NetBSD, where tolower() and toupper() are implemented using an
array lookup, the compiler warns if you pass a plain 'char'
to these functions:

gdbstub.c:914:13: warning: array subscript has type 'char'

This reflects the fact that toupper() and tolower() give
undefined behaviour if they are passed a value that isn't
a valid 'unsigned char' or EOF.

We have qemu_tolower() and qemu_toupper() to avoid this problem;
use them.

(The use in scsi-generic.c does not trigger the warning because
it passes a uint8_t; we switch it anyway, for consistency.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com> for the s390 part.
Acked-by: David Gibson <david@gibson.dropbear.id.au>
Message-id: 1500568290-7966-1-git-send-email-peter.maydell@linaro.org
2017-07-21 10:32:41 +01:00
Peter Maydell
02ffa034fb util/oslib-posix.c: Avoid warning on NetBSD
On NetBSD the compiler warns:
util/oslib-posix.c: In function 'sigaction_invoke':
util/oslib-posix.c:589:5: warning: missing braces around initializer [-Wmissing-braces]
     siginfo_t si = { 0 };
     ^
util/oslib-posix.c:589:5: warning: (near initialization for 'si.si_pad') [-Wmissing-braces]

because on this platform siginfo_t is defined as
  typedef union siginfo {
          char    si_pad[128];    /* Total size; for future expansion */
          struct _ksiginfo _info;
  } siginfo_t;

Avoid this warning by initializing the struct with {} instead;
this is a GCC extension but we use it all over the codebase already.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1500568341-8389-1-git-send-email-peter.maydell@linaro.org
2017-07-21 10:32:19 +01:00
James Hogan
bad63a8008 target/mips: Enable CP0_EBase.WG on MIPS64 CPUs
Enable the CP0_EBase.WG (write gate) on the I6400 and MIPS64R2-generic
CPUs. This allows 64-bit guests to run KVM itself, which uses
CP0_EBase.WG to point CP0_EBase at XKPhys.

Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Yongbok Kim <yongbok.kim@imgtec.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Yongbok Kim <yongbok.kim@imgtec.com>
Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
2017-07-21 03:23:44 +01:00
James Hogan
574da58e46 target/mips: Add EVA support to P5600
Add the Enhanced Virtual Addressing (EVA) feature to the P5600 core
configuration, along with the related Segmentation Control (SC) feature
and writable CP0_EBase.WG bit.

This allows it to run Malta EVA kernels.

Signed-off-by: James Hogan <james.hogan@imgtec.com>
Reviewed-by: Yongbok Kim <yongbok.kim@imgtec.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
2017-07-21 03:23:36 +01:00
James Hogan
480e79aedd target/mips: Implement segmentation control
Implement the optional segmentation control feature in the virtual to
physical address translation code.

The fixed legacy segment and xkphys handling is replaced with a dynamic
layout based on the segmentation control registers (which should be set
up even when the feature is not exposed to the guest).

Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Yongbok Kim <yongbok.kim@imgtec.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Yongbok Kim <yongbok.kim@imgtec.com>
[yongbok.kim@imgtec.com:
  cosmetic changes]
Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
2017-07-20 22:42:26 +01:00
James Hogan
cec56a733d target/mips: Add segmentation control registers
The optional segmentation control registers CP0_SegCtl0, CP0_SegCtl1 &
CP0_SegCtl2 control the behaviour and required privilege of the legacy
virtual memory segments.

Add them to the CP0 interface so they can be read and written when
CP0_Config3.SC=1, and initialise them to describe the standard legacy
layout so they can be used in future patches regardless of whether they
are exposed to the guest.

Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Yongbok Kim <yongbok.kim@imgtec.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Yongbok Kim <yongbok.kim@imgtec.com>
Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
2017-07-20 22:42:26 +01:00
James Hogan
42c86612d5 target/mips: Add an MMU mode for ERL
The segmentation control feature allows a legacy memory segment to
become unmapped uncached at error level (according to CP0_Status.ERL),
and in fact the user segment is already treated in this way by QEMU.

Add a new MMU mode for this state so that QEMU's mappings don't persist
between ERL=0 and ERL=1.

Signed-off-by: James Hogan <james.hogan@imgtec.com>
Reviewed-by: Yongbok Kim <yongbok.kim@imgtec.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
[yongbok.kim@imgtec.com:
  cosmetic changes]
Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
2017-07-20 22:42:26 +01:00
James Hogan
b0fc600322 target/mips: Abstract mmu_idx from hflags
The MIPS mmu_idx is sometimes calculated from hflags without an env
pointer available as cpu_mmu_index() requires.

Create a common hflags_mmu_index() for the purpose of this calculation
which can operate on any hflags, not just with an env pointer, and
update cpu_mmu_index() itself and gen_intermediate_code() to use it.

Also update debug_post_eret() and helper_mtc0_status() to log the MMU
mode with the status change (SM, UM, or nothing for kernel mode) based
on cpu_mmu_index() rather than directly testing hflags.

This will also allow the logic to be more easily updated when a new MMU
mode is added.

Signed-off-by: James Hogan <james.hogan@imgtec.com>
Reviewed-by: Yongbok Kim <yongbok.kim@imgtec.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
2017-07-20 22:42:26 +01:00
James Hogan
9fbf4a58c9 target/mips: Check memory permissions with mem_idx
When performing virtual to physical address translation, check the
required privilege level based on the mem_idx rather than the mode in
the hflags. This will allow EVA loads & stores to operate safely only on
user memory from kernel mode.

For the cases where the mmu_idx doesn't need to be overridden
(mips_cpu_get_phys_page_debug() and cpu_mips_translate_address()), we
calculate the required mmu_idx using cpu_mmu_index(). Note that this
only tests the MIPS_HFLAG_KSU bits rather than MIPS_HFLAG_MODE, so we
don't test the debug mode hflag MIPS_HFLAG_DM any longer. This should be
fine as get_physical_address() only compares against MIPS_HFLAG_UM and
MIPS_HFLAG_SM, neither of which should get set by compute_hflags() when
MIPS_HFLAG_DM is set.

Signed-off-by: James Hogan <james.hogan@imgtec.com>
Reviewed-by: Yongbok Kim <yongbok.kim@imgtec.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
2017-07-20 22:42:26 +01:00
James Hogan
8fffc64696 target/mips: Decode microMIPS EVA load & store instructions
Implement decoding of microMIPS EVA load and store instruction groups in
the POOL31C pool. These use the same gen_ld(), gen_st(), gen_st_cond()
helpers as the MIPS32 decoding, passing the equivalent MIPS32 opcodes as
opc.

Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Yongbok Kim <yongbok.kim@imgtec.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Yongbok Kim <yongbok.kim@imgtec.com>
Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
2017-07-20 22:42:26 +01:00
James Hogan
7696414729 target/mips: Decode MIPS32 EVA load & store instructions
Implement decoding of MIPS32 EVA loads and stores. These access the user
address space from kernel mode when implemented, so for each instruction
we need to check that EVA is available from Config5.EVA & check for
sufficient COP0 privilege (with the new check_eva()), and then override
the mem_idx used for the operation.

Unfortunately some Loongson 2E instructions use overlapping encodings,
so we must be careful not to prevent those from being decoded when EVA
is absent.

Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Yongbok Kim <yongbok.kim@imgtec.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Yongbok Kim <yongbok.kim@imgtec.com>
Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
2017-07-20 22:42:26 +01:00
James Hogan
dd4096cd2c target/mips: Prepare loads/stores for EVA
EVA load and store instructions access the user mode address map, so
they need to use mem_idx of MIPS_HFLAG_UM. Update the various utility
functions to allow mem_idx to be more easily overridden from the
decoding logic.

Specifically we add a mem_idx argument to the op_ld/st_* helpers used
for atomics, and a mem_idx local variable to gen_ld(), gen_st(), and
gen_st_cond().

Signed-off-by: James Hogan <james.hogan@imgtec.com>
Reviewed-by: Yongbok Kim <yongbok.kim@imgtec.com>
Cc: Yongbok Kim <yongbok.kim@imgtec.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
2017-07-20 22:42:26 +01:00
James Hogan
74dbf824a1 target/mips: Add CP0_Ebase.WG (write gate) support
Add support for the CP0_EBase.WG bit, which allows upper bits to be
written (bits 31:30 on MIPS32, or bits 63:30 on MIPS64), along with the
CP0_Config5.CV bit to control whether the exception vector for Cache
Error exceptions is forced into KSeg1.

This is necessary on MIPS32 to support Segmentation Control and Enhanced
Virtual Addressing (EVA) extensions (where KSeg1 addresses may not
represent an unmapped uncached segment).

It is also useful on MIPS64 to allow the exception base to reside in
XKPhys, and possibly out of range of KSEG0 and KSEG1.

Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Yongbok Kim <yongbok.kim@imgtec.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Yongbok Kim <yongbok.kim@imgtec.com>
[yongbok.kim@imgtec.com:
  minor changes]
Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
2017-07-20 22:42:26 +01:00
James Hogan
9658e4c342 target/mips: Weaken TLB flush on UX,SX,KX,ASID changes
There is no need to invalidate any shadow TLB entries when the ASID
changes or when access to one of the 64-bit segments has been disabled,
since doing so doesn't reveal to software whether any TLB entries have
been evicted into the shadow half of the TLB.

Therefore weaken the tlb flushes in these cases to only flush the QEMU
TLB.

Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Yongbok Kim <yongbok.kim@imgtec.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Tested-by: Yongbok Kim <yongbok.kim@imgtec.com>
Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
2017-07-20 22:42:26 +01:00
James Hogan
eff6ff9431 target/mips: Fix TLBWI shadow flush for EHINV,XI,RI
Writing specific TLB entries with TLBWI flushes shadow TLB entries
unless an existing entry is having its access permissions upgraded. This
is necessary as software would from then on expect the previous mapping
in that entry to no longer be in effect (even if QEMU has quietly
evicted it to the shadow TLB on a TLBWR).

However it won't do this if only EHINV, XI, or RI bits have been set,
even if that results in a reduction of permissions, so add the necessary
checks to invoke the flush when these bits are set.

Fixes: 2fb58b7374 ("target-mips: add RI and XI fields to TLB entry")
Fixes: 9456c2fbcd ("target-mips: add TLBINV support")
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Yongbok Kim <yongbok.kim@imgtec.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Tested-by: Yongbok Kim <yongbok.kim@imgtec.com>
[yongbok.kim@imgtec.com:
  cosmetic changes]
Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
2017-07-20 22:42:26 +01:00
James Hogan
e40df9a80b target/mips: Fix MIPS64 MFC0 UserLocal on BE host
Using MFC0 to read CP0_UserLocal uses tcg_gen_ld32s_tl, however
CP0_UserLocal is a target_ulong. On a big endian host with a MIPS64
target this reads and sign extends the more significant half of the
64-bit register.

Fix this by using ld_tl to load the whole target_ulong and ext32s_tl to
sign extend it, as done for various other target_ulong COP0 registers.

Fixes: d279279e2b ("target-mips: implement UserLocal Register")
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Yongbok Kim <yongbok.kim@imgtec.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Cc: Petar Jovanovic <petar.jovanovic@imgtec.com>
Reviewed-by: Yongbok Kim <yongbok.kim@imgtec.com>
Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
2017-07-20 22:42:26 +01:00
Peter Maydell
4439e1f156 usb: Fix build with newer gcc
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJZcG2HAAoJEEy22O7T6HE42ncP/0fyFYSYioElUh7gCfVV68dq
 yOmPYdZLZv9v4p7rFpn1/hFMt3RMUHELXL1OTkj0af4FmKyH8Q9RQ/3wRKCIVxaH
 9GMkldWiTkfdD5nFAmz87P5oTA8ztrt6iAMc7gm0zZ0kES7wl1CvSGQTJRMh5A4q
 eDM6kkXUp9PzbUuJ3XPXP4wy81CGsu4ViOanjh+kvGbQJZicZKa4ai+K8aHVAUBC
 CZOjmeMp6LV/RVJLnmbmJgFi+1HQ0EukQHioUBcIzeiab037VD7MwqDZSNPAZnqD
 94nW3CU1xD8MDYR3Hg3Dvu6PQ+emvZS+fzc6T6wcbMED6e4/TjNXkskFqh4m1zUi
 eZtaQKrsvpBoEXtrytXZ+y3OX6ppHogF5V2jobMmidrQcPPVhz0wzoWzkj6V28TL
 z9txMEWiOCZ1qAZEaMt1aIGcR9jXprEKhpf/OB0b4Xx9m0e0ewnU2AKKph/lDX7d
 r5sxiWc6Ta8WlkQTU4hD4nESblJk1N1/bosHpBsOGPuNAQcPAqguZoBZ6Fuv1LI5
 3FC7ukg9lOX5xfzfoI5pzEKzIeozpjwqOEDpJly8U9J/VCEh06m8yCNTHqGZOVYr
 GhBULY8VQqDRuvccI4lIB2SfavXbk5j3bHba2AnPiieGRPZQ28btsZ/gyhpjGccm
 dt8pW7pZf2/gsaUtldMK
 =In3i
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/usb-20170720-pull-request' into staging

usb: Fix build with newer gcc

# gpg: Signature made Thu 20 Jul 2017 09:44:55 BST
# gpg:                using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/usb-20170720-pull-request:
  usb: Fix build with newer gcc

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-07-20 17:52:48 +01:00
Peter Maydell
25d0233c1a ui fixes (vnc docs, keymaps) for 2.10
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJZcGGxAAoJEEy22O7T6HE4IAUQAMuFyfDYbNYiyTW3tj64T07b
 /Kxnry9VY7vVVxAbOBbRMBuUd/4alpH0cf0XPI4bizE4CSuwLAyA84Vk2Tv3oGLF
 0kwOpQjTm1guc4pP7G6lfOTV2p6Kpn1a5CLN0F4gyDxYMnZz7iY7XwEVXJMZTL/5
 kyqNm9igSrlRp36lkmU9k84tYNaJ0r2smlaCZiQ4Qtxb4sfayNqpvJlnrInkkq6F
 k3Q34Pp2NIp3m5Sn4T369UsS0fWuek2fvqRHa5pW/ohf3DFK62qtmf/s4wyRG9qy
 9CuQC1caYV4TtAqCpcxE7eZ6CFCxzbHgoGseBuCkxT6qLze+l4LFnPppAYZ3v3J6
 hmI2ZAOGGUkZOiAfeccm0urUH/I5eGCeak8pJ85cQuJb8MFkLlm7udwtwiCCP4y5
 IjcMhQZNL81JGox3c5CzTjuYSgQRZNeR/Htq6qo+zkq0PsmP7iLaWilxZu0stPKK
 0O9k00KQVw4V8z1Yrd/SwQhqgDhg5A16C2j91kIKNtGx4gf+dOgOM+o/wp5QLTYj
 7Ykm/EFNw2Fh+R/tagLpU152MD6h5Nq5dyNsVqdR05GIqvYsmyEcz3z04m0c6Jke
 h7sB58NiKfFgeYP75Dmfpc4q3XN6baeIg0auoRH91nqxNQX3gM6/SqNl1BqEWRTZ
 fHqup1t2hIEIR4IqTpOJ
 =hhU5
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/ui-20170720-pull-request' into staging

ui fixes (vnc docs, keymaps) for 2.10

# gpg: Signature made Thu 20 Jul 2017 08:54:25 BST
# gpg:                using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/ui-20170720-pull-request:
  keymaps: fr-ca: more fixups
  vnc: Clarify documentation of QMP command change

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-07-20 16:40:01 +01:00
Peter Maydell
64f871e3c9 tests: Handle $RANDOM not being supported by the shell
In various places in our test makefiles and scripts we use the
shell $RANDOM to create a random number. This is a bash
specific extension, and doesn't work on other shells.
With dash the shell doesn't complain, it just effectively
always evaluates $RANDOM to 0:
  echo $((RANDOM + 32768))     => 32768

However, on NetBSD the shell will complain:
  "-sh: arith: syntax error: "RANDOM + 32768"

which means that "make check" fails.

Switch to using "${RANDOM:-0}" instead of $RANDOM,
which will portably either give us a random number or zero.
This means that on non-bash shells we don't get such
good test coverage via the MALLOC_PERTURB_ setting, but
we were already in that situation for non-bash shells.

Our only other uses of $RANDOM (in tests/qemu-iotests/check
and tests/qemu-iotests/162) are in shell scripts which use
a #!/bin/bash line so they are always run under bash.

Suggested-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Kamil Rytarowski <n54@gmx.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1500029117-6387-1-git-send-email-peter.maydell@linaro.org
2017-07-20 15:00:00 +01:00
Kamil Rytarowski
b1449edb79 configure: Don't build ivshmem tools unless CONFIG_IVSHMEM is set
Don't try to build the ivshmem-server and ivshmem-client tools unless
CONFIG_IVSHMEM is set.

This fixes in passing a build bug on NetBSD, which fails to build the
ivshmem tools because they use shm_open() and on NetBSD that requires
linking against -lrt.

Signed-off-by: Kamil Rytarowski <n54@gmx.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1500021225-4118-4-git-send-email-peter.maydell@linaro.org
[PMM: moved some code into earlier patches; minor bugfixes;
 added commit message]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-07-20 14:58:19 +01:00
Kamil Rytarowski
e0580342b3 configure: Use an explicit CONFIG_IVSHMEM rather than CONFIG_EVENTFD
Rather than relying on everywhere that cares about whether the host
supports ivshmem using CONFIG_EVENTFD, make configure set an explicit
CONFIG_IVSHMEM.

Signed-off-by: Kamil Rytarowski <n54@gmx.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1500021225-4118-3-git-send-email-peter.maydell@linaro.org
[PMM: split out from another patch, add commit message]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-07-20 14:58:19 +01:00
Peter Maydell
ab7a75b553 configure: Rename CONFIG_IVSHMEM to CONFIG_IVSHMEM_DEVICE
The current CONFIG_IVSHMEM is confusing, because it looks like it's a
flag for "do we have ivshmem support?", but actually it's a flag for
"is the ivshmem PCI device being compiled?" (and implicitly "do we
have ivshmem support?" is tested with CONFIG_EVENTFD).

Rename it to CONFIG_IVSHMEM_DEVICE to clear this confusion up;
shortly we will add a new CONFIG_IVSHMEM which really does indicate
whether the host can support ivshmem.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1500021225-4118-2-git-send-email-peter.maydell@linaro.org
2017-07-20 14:56:20 +01:00
Peter Maydell
8dbcd0e5e7 git orderfile and editorconfig for 2.10
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJZcGMBAAoJEEy22O7T6HE4m04P/R6jcGx43WgNpucnCVvAQLZ6
 0MN9oM2VCrZnBKHWPSmExEDmsjfJ2FD8HR1vDc2NXC2yIACtC1iEcFhu+qqeGQO6
 c4le4FyC0Luv4Pmpm6T9yfXjwNBRzlHSMpiOnNbEh4AdqKuNnt7Jh7I/sby+WoaF
 fxISqKT4v8pL6VhRLmkzvoPfF3ZmGG/iXTWj4uSmfXjTsA/mBDjkCeMxmPxFttdA
 syIS2k9bjI3IM4cIlhP9GXk3sFm+L0wuZuTG3cuc6I6VsNbWWFJ/FwAQosq0UfDx
 bfvjwykw8fCnO5djxdcLe0Bal5izYixY4XUS/5Ar3R3gY+uWG3e07s3rtELf0aZf
 dF2dAFgUvzWo9dRU+eFlgnB0E58ymzkRA+nlab0OLI8SDYGSLxtUczlSzPu0wyau
 +CIgueNDAq8JJLwGh653qSUo36hIaDCBjD3Ew98F8CNhL0KJeGGid9N5tibWqYg1
 FHeLFgxq9gfOFWrBp68G2m7mpMSWcNoDvqBugpYFqkWoSHA3RyR54W/wBX7qYeTv
 DENrD8Z+kesnadaYpL8rqTJRRi3u4nX9svCsaDCInDmti0xrpaA/Xady0jD8usj9
 F9a1cXE6i4aVy4O+B9NztouMkTyaJFFHp2vNzyu7vtdGSswaouAna+tP3+1zyT+T
 Klk3YZ8keWwrR9SkwH6t
 =GRXJ
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/misc-20170720-pull-request' into staging

git orderfile and editorconfig for 2.10

# gpg: Signature made Thu 20 Jul 2017 09:00:01 BST
# gpg:                using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/misc-20170720-pull-request:
  add editorconfig
  add scripts/git.orderfile

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-07-20 12:04:05 +01:00
Peter Maydell
87a60ee84f Queued tcg and tcg code gen related cleanups
-----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJZb+vwAAoJEK0ScMxN0CebpsAH/jiusIP7aYhX1KR2Z6UuChhw
 5CIyP711/xhwXM/AKI+36NES5dYm8SK7kOOWZh445Po7PneLuWhzEpfbBVxkZ2f1
 8DBs63oNaEx8ZqJGRNqzsDcsjbBYio8MU4cA3Hj3WZuBDczMO9+M9twiZwOuxHE/
 KGPSK9mAATO1PRngRmX83M+ttu/thL2tn6jVOvp3ZRlEjobmxaALyTFkO454tdBW
 iAwasq1fypmgcBB5AUgyGbsx7554RsTdtrLKgad0g5ymbkjVoch3HrhHBoLIazPS
 wMmkIHs3gEhM8DjlpquZmJPjhpPABIMSdFRT7pj0GohJMJn571j5/36saRMD6lI=
 =kFUH
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20170719' into staging

Queued tcg and tcg code gen related cleanups

# gpg: Signature made Thu 20 Jul 2017 00:32:00 BST
# gpg:                using RSA key 0xAD1270CC4DD0279B
# gpg: Good signature from "Richard Henderson <rth7680@gmail.com>"
# gpg:                 aka "Richard Henderson <rth@redhat.com>"
# gpg:                 aka "Richard Henderson <rth@twiddle.net>"
# Primary key fingerprint: 9CB1 8DDA F8E8 49AD 2AFC  16A4 AD12 70CC 4DD0 279B

* remotes/rth/tags/pull-tcg-20170719:
  tcg: Pass generic CPUState to gen_intermediate_code()
  tcg/tci: enable bswap16_i64
  target/alpha: optimize gen_cvtlq() using deposit op
  target/sparc: optimize gen_op_mulscc() using deposit op
  target/sparc: optimize various functions using extract op
  target/ppc: optimize various functions using extract op
  target/m68k: optimize bcd_flags() using extract op
  target/arm: optimize aarch32 rev16
  target/arm: Optimize aarch64 rev16
  coccinelle: add a script to optimize tcg op using tcg_gen_extract()
  coccinelle: ignore ASTs pre-parsed cached C files
  tcg: Expand glue macros before stringifying helper names
  util/cacheinfo: Add missing include for ppc linux
  tcg/mips: reserve a register for the guest_base.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-07-20 11:00:10 +01:00
Khem Raj
04b33e2186 Replace 'struct ucontext' with 'ucontext_t' type
glibc used to have:

   typedef struct ucontext { ... } ucontext_t;

glibc now has:

   typedef struct ucontext_t { ... } ucontext_t;

(See https://sourceware.org/bugzilla/show_bug.cgi?id=21457
 for detail and rationale for the glibc change)

However, QEMU used "struct ucontext" in declarations. This is a
private name and compatibility cannot be guaranteed. Switch to
only using the standardized type name.

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Message-id: 20170628204452.41230-1-raj.khem@gmail.com
Cc: Kamil Rytarowski <kamil@netbsd.org>
Cc: Riku Voipio <riku.voipio@iki.fi>
Cc: Laurent Vivier <laurent@vivier.eu>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
[PMM: Rewrote commit message, based mostly on the one from
 Nathaniel McCallum]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-07-20 10:10:28 +01:00
Eric Blake
121829cb21 usb: Fix build with newer gcc
gcc 7 is pickier about our sources:

hw/usb/bus.c: In function ‘usb_port_location’:
hw/usb/bus.c:410:66: error: ‘%d’ directive output may be truncated writing between 1 and 11 bytes into a region of size between 0 and 15 [-Werror=format-truncation=]
         snprintf(downstream->path, sizeof(downstream->path), "%s.%d",
                                                                  ^~
hw/usb/bus.c:410:9: note: ‘snprintf’ output between 3 and 28 bytes into a destination of size 16
         snprintf(downstream->path, sizeof(downstream->path), "%s.%d",
         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                  upstream->path, portnr);
                  ~~~~~~~~~~~~~~~~~~~~~~~

But we know that there are at most 5 levels of USB hubs, with at
most two digits per level; that plus the separating dots means we
use at most 15 bytes (including trailing NUL) of our 16-byte field.
Adding an assertion to show gcc that we checked for truncation is
enough to shut up the false-positive warning.

Inspired by an idea by Dr. David Alan Gilbert <dgilbert@redhat.com>.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20170717151334.17954-1-eblake@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2017-07-20 10:02:11 +02:00
Gerd Hoffmann
a62e20f6f8 add editorconfig
Add a .editorconfig file for qemu.  Specifies the indent and tab style
for various files (C code and Makefiles for starters).  Most popular
editors support this either natively or via plugin.

Check http://editorconfig.org/ for details.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20170717101547.22295-1-kraxel@redhat.com
2017-07-20 09:56:56 +02:00
Gerd Hoffmann
3b6bb28a6c add scripts/git.orderfile
Based on a old patch by Laszlo.
Time to get this in ...

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Emilio G. Cota <cota@braap.org>
Message-id: 20170717101632.23247-1-kraxel@redhat.com
2017-07-20 09:56:41 +02:00
Gerd Hoffmann
b02cf99b9d keymaps: fr-ca: more fixups
Fixes: https://bugs.launchpad.net/qemu/+bug/533613
Cc: Thomas Huth <thuth@redhat.com>
Suggested-by: Jérôme Poulin <jeromepoulin@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20170717133444.16743-1-kraxel@redhat.com
2017-07-20 09:25:44 +02:00
Markus Armbruster
6dfe8eabe2 vnc: Clarify documentation of QMP command change
QMP command

    { "execute": "change",
      "arguments": { "device": "vnc", "target": "password", "arg": PWD } }

behaves just like

    { "execute": "change-vnc-password",
      "arguments": { "password", "arg": PWD } }

Their documentation differs, however.  According to
change-vnc-password's documentation, "an empty password [...] will set
the password to the empty string", while change's documentation claims
"no future logins will be allowed".  The former is actually correct.
Replace the incorrect claim by a reference to change-vnc-password.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 1500448182-21376-1-git-send-email-armbru@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2017-07-20 09:25:06 +02:00
Lluís Vilanova
9c489ea6be tcg: Pass generic CPUState to gen_intermediate_code()
Needed to implement a target-agnostic gen_intermediate_code()
in the future.

Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Alex Benneé <alex.benee@linaro.org>
Reviewed-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Lluís Vilanova <vilanova@ac.upc.edu>
Message-Id: <150002025498.22386.18051908483085660588.stgit@frigg.lan>
Signed-off-by: Richard Henderson <rth@twiddle.net>
2017-07-19 14:45:16 -07:00
Philippe Mathieu-Daudé
797ed66d29 tcg/tci: enable bswap16_i64
Altough correctly implemented, bswap16_i64() never got tested/executed so the
safety TODO() statement was never removed.

Since it got now tested the TODO() can be removed.

while running Alex Bennée's image aarch64-linux-3.15rc2-buildroot.img:

Trace 0x7fa1904b0890 [0: ffffffc00036cd04]
----------------
IN:
0xffffffc00036cd24:  5ac00694      rev16 w20, w20

OP:
 ---- ffffffc00036cd24 0000000000000000 0000000000000000
 ext32u_i64 tmp3,x20
 ext16u_i64 tmp2,tmp3
 bswap16_i64 x20,tmp2
 movi_i64 tmp4,$0x10
 shr_i64 tmp2,tmp3,tmp4
 ext16u_i64 tmp2,tmp2
 bswap16_i64 tmp2,tmp2
 deposit_i64 x20,x20,tmp2,$0x10,$0x10

Linking TBs 0x7fa1904b0890 [ffffffc00036cd04] index 0 -> 0x7fa1904b0aa0 [ffffffc00036cd24]
Trace 0x7fa1904b0aa0 [0: ffffffc00036cd24]
TODO qemu/tci.c:1049: tcg_qemu_tb_exec()
qemu/tci.c:1049: tcg fatal error
Aborted

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Jaroslaw Pelczar <j.pelczar@samsung.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Message-Id: <20170718045540.16322-11-f4bug@amsat.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
2017-07-19 14:45:16 -07:00
Philippe Mathieu-Daudé
729028a6e2 target/alpha: optimize gen_cvtlq() using deposit op
Suggested-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20170718045540.16322-10-f4bug@amsat.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
2017-07-19 14:45:16 -07:00
Philippe Mathieu-Daudé
08d64e0db0 target/sparc: optimize gen_op_mulscc() using deposit op
Suggested-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20170718045540.16322-9-f4bug@amsat.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
2017-07-19 14:45:16 -07:00
Philippe Mathieu-Daudé
0b1183e315 target/sparc: optimize various functions using extract op
Done with the Coccinelle semantic patch
scripts/coccinelle/tcg_gen_extract.cocci.

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
2017-07-19 14:45:16 -07:00
Philippe Mathieu-Daudé
e2622073e0 target/ppc: optimize various functions using extract op
Done with the Coccinelle semantic patch
scripts/coccinelle/tcg_gen_extract.cocci.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Acked-by: David Gibson <david@gibson.dropbear.id.au>
Message-Id: <20170718045540.16322-6-f4bug@amsat.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
2017-07-19 14:45:16 -07:00
Philippe Mathieu-Daudé
0d9acef240 target/m68k: optimize bcd_flags() using extract op
Done with the Coccinelle semantic patch
scripts/coccinelle/tcg_gen_extract.cocci.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Acked-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-Id: <20170718045540.16322-5-f4bug@amsat.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
2017-07-19 14:45:15 -07:00
Aurelien Jarno
68cedf733a target/arm: optimize aarch32 rev16
Use the same mask to avoid having to load two different constants, as
suggested by Richard Henderson.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-Id: <20170516230159.4195-2-aurelien@aurel32.net>
Signed-off-by: Richard Henderson <rth@twiddle.net>
2017-07-19 14:45:15 -07:00
Richard Henderson
abb1066df3 target/arm: Optimize aarch64 rev16
It is much shorter to reverse all 4 half-words in parallel
than extract, reverse, and deposit each in turn.

Suggested-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Richard Henderson <rth@twiddle.net>
2017-07-19 14:45:15 -07:00