Warning from the Sparse static analysis tool:
hw/display/vga.c:2012:26: warning:
symbol 'vmstate_vga_endian' was not declared. Should it be static?
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
This allows VGA to decide whether to use a shared surface based on
whether the UI backend supports the format or not. Backends that
don't provide the new callback fallback to native 32 bpp which
is equivalent to what was supported before.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
[ kraxel: fix console check, allow only 32 bpp as fallback ]
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
There is nothing that is used by this ARM-specific device.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
set secondary-vga category.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAABAgAGBQJUkEU5AAoJEEy22O7T6HE4zzYQAMcwGnfwzLzWRXtSqPAkwJpP
2SWLZfrSJE2x4Jh19sVX1T8vQa2bPm5Rye2C3/LpqsK5lcBozXkzXBxr9b7Ps/lc
1E4SJxekNmKpqSN6xwboXwrXo1du0ekOyOLDlMOTAIcUmUPTTn4qLhlCEdMaXwyB
IAU9+3ZkjciPZ4bZLC9nz3kyZrRAXOkQ7XE3QcXIEAIxC6xVtkEu6ktEBiAEE09o
+NLIgyZ0dwZeRQCueIhrvpaDfQXAFfR8HbvNNE3QQGZm+4424snt4JNFSOwuQ3Ny
0cVQ02VaAmrUGO3l7GukKZwkXV9JCZBQL0cLUG74bOxQCnt/QAI+MyjZbtjF0FAR
YzTgE05yIFRa6KNRujjrfBheq9xfz6BBQQaZPECy6XNd//NDGbm/nqk2JXGHxiYr
Z2oSsxhXLVgV2Wznl95OasxrPzgTfSTMSYHsGAZEPCpJhfHIWqGTZnqpVcpyvsU7
yHJtbzbv3n7EpD13LHPXkXBtH/ls23I+OQOfQWOLNDQ3OUOGxCMjuxIQbkNwnjVc
RTI/qOKHuGvAIzZgZHNsBS6+5VMu20nhcbo6xT8OxFhEPb+hNfJEgOXppcU2baYA
mpYvibnADjiWrR+/8Pf6Zn4PMRe6lV3wWRbBwzyK0DpnTFdQ2d/vqHaCz1f9YHME
PsekZP7WAQxSg/pK9d9a
=/o3d
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/kraxel/tags/pull-vga-20141216-1' into staging
cirrus hwcursor fixes.
set secondary-vga category.
# gpg: Signature made Tue 16 Dec 2014 14:44:09 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
* remotes/kraxel/tags/pull-vga-20141216-1:
vga: set catagory bit for secondary vga device
move hw cursor pos from cirrus to vga
cirrus: Force use of shadow pixmap when HW cursor is enabled
vga: Add mechanism to force the use of a shadow surface
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The HW cursor cannot be painted on a shared surface. This fixes HW
cursor display in Windows NT 4.0 and Windows 98.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This prevents surface sharing which will be necessary to
fix cirrus HW cursor support.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Now that cursor updates are out of the way qxl needs the refresh timer
only when when running in vga mode, for dirty bitmap checking. In
native qxl mode the guest will notify us, so we don't need to poll and
can use the idle interval (one refresh wakeup every few seconds).
Cc: Marc-André Lureau <marcandre.lureau@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Calling directly doesn't work due to the qxl-render code running in
spice server thread context. Meanwhile bottom half scheduling is
thread-safe though, so we can use that to kick a cursor update in
main i/o thread context.
Cc: Marc-André Lureau <marcandre.lureau@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Issues:
* Doesn't check pitches correctly in case it is negative.
* Doesn't check width at all.
Turn macro into functions while being at it, also factor out the check
for one region which we then can simply call twice for src + dst.
This is CVE-2014-8106.
Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Switch vmsvga_update_rect over to use vmsvga_verify_rect. Slight change
in behavior: We don't try to automatically fixup rectangles any more.
In case we find invalid update requests we'll do a full-screen update
instead.
Cc: qemu-stable@nongnu.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Don Koch <dkoch@verizon.com>
Add verification function for rectangles, returning
true if verification passes and false otherwise.
Cc: qemu-stable@nongnu.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Don Koch <dkoch@verizon.com>
Quick & easy stopgap for CVE-2014-3689: We just compile out the
hardware acceleration functions which lack sanity checks. Thankfully
we have capability bits for them (SVGA_CAP_RECT_COPY and
SVGA_CAP_RECT_FILL), so guests should deal just fine, in theory.
Subsequent patches will add the missing checks and re-enable the
hardware acceleration emulation.
Cc: qemu-stable@nongnu.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Don Koch <dkoch@verizon.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAABAgAGBQJURPo5AAoJEH8JsnLIjy/WK1gP/2PhKD4lsjQ0O9TYlwu2aWCc
eej/z2wp47996KAkhRgS4mf/E0FnPSh80cHV1wobPJfRSTPPNuGgrmhX+HLcjlPz
fWb3qN6Ikneou1TYCO/r1wMwhPpE1GKjZmuHQcH3B27GW5cqx/s1sPCxqwDJJnYq
oBbbcIGZGNYLHlyJvl88gBTkIHBs5/nxhzVnPnpQi6JqtGz8CAbo6e36A5RQCqyV
RoYEe5Lif81lZpaTpYFsoUhOcH9YtQnKoUSdAnqtXtLO9fOHsn7/75hnmT4bs5CR
p6UAiutN+jiUcRrlF//TK5TNlS7KvOAf+LirEURAY0j5IJNXh30/5x8hXzHJxb60
eY6ePrhnbkPeLfg1Qh/7LJyi/W0cl2YN6I2oslnMUfcumu9Ns1FfsFrFpKtgT/yM
fkjQEo7w9khKT+iZaOm1XaNDliUKZiG2wLhni6KYAGM2edmE8W7VCkjSTFcz/4eQ
vn7G3T1OnglW1cSt0onTAKNWn2swh0lXOXv7iBupmiNoy+hafNwTa1eHw+jjvXeF
3WdfMxT6fRKAQUC/hwVlvyeJcZyBMG11BuovX9gNgdx5/UpWJFjxHsEmbiP9TtkO
CJ5dGi+PgM/fxLJj4IW0zSVSL+mnhQmQdtzksU+l4GBHuErXdkt9W61sOHHQJGTf
NGIkh6DwV4VfFZd6bzf0
=8BaC
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
Block patches
# gpg: Signature made Mon 20 Oct 2014 13:04:09 BST using RSA key ID C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"
* remotes/kevin/tags/for-upstream: (28 commits)
block: Make device model's references to BlockBackend strong
block: Lift device model API into BlockBackend
blockdev: Convert qmp_eject(), qmp_change_blockdev() to BlockBackend
block/qapi: Convert qmp_query_block() to BlockBackend
blockdev: Fix blockdev-add not to create DriveInfo
blockdev: Drop superfluous DriveInfo member id
pc87312: Drop unused members of PC87312State
ide: Complete conversion from BlockDriverState to BlockBackend
hw: Convert from BlockDriverState to BlockBackend, mostly
virtio-blk: Rename VirtIOBlkConf variables to conf
virtio-blk: Drop redundant VirtIOBlock member conf
block: Rename BlockDriverCompletionFunc to BlockCompletionFunc
block: Rename BlockDriverAIOCB* to BlockAIOCB*
block: Eliminate DriveInfo member bdrv, use blk_by_legacy_dinfo()
block: Merge BlockBackend and BlockDriverState name spaces
block: Eliminate BlockDriverState member device_name[]
block: Eliminate bdrv_iterate(), use bdrv_next()
blockdev: Eliminate drive_del()
block: Make BlockBackend own its BlockDriverState
block: Code motion to get rid of stubs/blockdev.c
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Device models should access their block backends only through the
block-backend.h API. Convert them, and drop direct includes of
inappropriate headers.
Just four uses of BlockDriverState are left:
* The Xen paravirtual block device backend (xen_disk.c) opens images
itself when set up via xenbus, bypassing blockdev.c. I figure it
should go through qmp_blockdev_add() instead.
* Device model "usb-storage" prompts for keys. No other device model
does, and this one probably shouldn't do it, either.
* ide_issue_trim_cb() uses bdrv_aio_discard() instead of
blk_aio_discard() because it fishes its backend out of a BlockAIOCB,
which has only the BlockDriverState.
* PC87312State has an unused BlockDriverState[] member.
The next two commits take care of the latter two.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The patch is big, but all it really does is replacing
dinfo->bdrv
by
blk_bs(blk_by_legacy_dinfo(dinfo))
The replacement is repetitive, but the conversion of device models to
BlockBackend is imminent, and will shorten it to just
blk_legacy_dinfo(dinfo).
Line wrapping muddies the waters a bit. I also omit tests whether
dinfo->bdrv is null, because it never is.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Benoît Canet <benoit.canet@nodalink.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Following cleanup of the vga device code in commit d2e043a804,
the arrays dmask4 and dmask16 are now unused. gcc doesn't warn
about this, but clang does; remove them.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add a qemu extented register range to the standard vga mmio bar.
Right nowe there are two registers: One readonly register returning the
size of the region (so we can easily add more registers there if needed)
and one endian control register, so guests (especially ppc) can flip
the framebuffer endianness as they need it.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Xorg server hangs when using xfig and typing a text with space:
#0 qxl_wait_for_io_command (qxl=<value optimized out>) at qxl_io.c:47
#1 0x00007f826a49a299 in qxl_download_box (surface=0x221d030, x1=231, y1=259,
x2=<value optimized out>, y2=<value optimized out>) at qxl_surface.c:143
while (!(ram_header->int_pending & QXL_INTERRUPT_IO_CMD))
usleep (1);
The QXL driver is calling QXL_IO_UPDATE_AREA with an empty area. This
is a guest bug. The call is async and no ack is sent back on guest
bug, so the X server will hang. The driver should be improved to avoid
this situation and also to abort on QXL_INTERRUPT_ERROR. This will be
a different patch series for the driver. However, it is simple enough
to keep qemu running on empty areas update, which is what this patch
provides.
https://bugzilla.redhat.com/show_bug.cgi?id=1151363
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Include the endian state in the migration stream as an optional
subsection which we only include when the endian isn't the default,
thus enabling backward compatibility of the common case.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Changes by kraxel:
* Remove bochs dispi interface changes. We'll do that in
a different way to make sure we don't conflict with
possible future bochs dispi interface changes.
* keep live migration bits.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
And initialize it based on target endian
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
It's no longer a template, we only instanciate the file once.
Keep it a #included file so the functions remain static.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Not all platforms have a VGA BIOS, powerpc typically relies on
using the DISPI interface to initialize the card.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
We only draw cursor on non-shared surfaces (so it seems...) and
these are always 32bpp
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
The test for surface_bits_per_pixel() isn't necessary anymore,
the 8bpp case never happens.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
We always use rgb_to_pixel32 nowadays.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Provide different functions for converting from an LE vs a BE
framebuffer. We cannot rely on the simple cases always being
shared surfaces since cirrus will need to always shadow for
cursor emulation, so we need the full set of functions to
be able to later handle runtime switching.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>\
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
All the macros used to generate different versions of vga_template.h
are now unnecessary, take them all out and remove the _32 suffix from
most functions.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Nowadays, we either share a surface with the host, or we create
a 32bpp ARGB console surface.
So we only need to draw/convert to 32bpp, enabling us to remove
all but one instance of vga_template.h inclusion (to be further
cleaned up), rgb_to_pixel_* etc...
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
* more EL2/EL3 preparation work
* don't handle c15_cpar changes via tb_flush()
* fix some unused function warnings in ARM devices
* build the GDB XML for 32 bit CPUs into qemu-*-aarch64
* implement guest breakpoint support
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABCAAGBQJUKaQhAAoJEDwlJe0UNgzeDcQQAKwLgp/Z3G+uZ8r3eh/J1iJ7
RRfkiM9WqM92sZ6VvS6bJ48Q8ESiSF1csk2PKW1tuDx2pbpAG6MDJvFs//YLZWx2
gsSGZJ8grlvEZ/Tv10iJ5ttU1vOWicbw5FgvIrdel/94wr/gChvu64p2DIrXDslD
GPbr5wVNb/XXa3HuUNX66L2soxpf+YJc2fGunycp0aRRbBL8G+4dnPAt89iVFN2R
PGo/VL2qSGmyTpUk7JSQK12YBE/4BFNu+8KUgiUqVS1rIan8NkVU97VVKRlcd6e9
wl5s0Bb1sAow6hZMoNpnXPnDD8LF3w1SCXPM3mLUq4/iO8t2uuITq89UCNsjFrYy
QRkSq6PC0MLry+31Bfw9loDbEHMxs2fMwCQCJEdtVfZgHY/bRXAPLU/0luwvnPRU
gofqBtypakRzJpaDjA/y0KapaMtJr0KOrlcbntNztPFOf4X9QtGZaQ2fzrAfxtSR
7VbHdXKAwmWN2Q4r4GE0ixA0eCZWS9ji87LHv380pPkuOaYnoRq+A1KQlypkRnNr
ifR/Iz6QXB1GPFpbUiyh9WIltIIS4mwsOi/Y0rS7dGc40okItceb+ezulCNDPKNZ
IX+XDR5YFEKxWzoklMgLLZPFPjxSRKMNG6Grpowl+PH+fFsBz4hObkFMn2zajn8g
zp0lcq++iyjIE/GNkBXw
=LA6N
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20140929' into staging
target-arm:
* more EL2/EL3 preparation work
* don't handle c15_cpar changes via tb_flush()
* fix some unused function warnings in ARM devices
* build the GDB XML for 32 bit CPUs into qemu-*-aarch64
* implement guest breakpoint support
# gpg: Signature made Mon 29 Sep 2014 19:25:37 BST using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
* remotes/pmaydell/tags/pull-target-arm-20140929:
target-arm: Add support for VIRQ and VFIQ
target-arm: Add IRQ and FIQ routing to EL2 and 3
target-arm: A64: Emulate the SMC insn
target-arm: Add a Hypervisor Trap exception type
target-arm: A64: Emulate the HVC insn
target-arm: A64: Correct updates to FAR and ESR on exceptions
target-arm: Don't take interrupts targeting lower ELs
target-arm: Break out exception masking to a separate func
target-arm: A64: Refactor aarch64_cpu_do_interrupt
target-arm: Add SCR_EL3
target-arm: Add HCR_EL2
target-arm: Don't handle c15_cpar changes via tb_flush()
hw/input/tsc210x.c: Delete unused array tsc2101_rates
hw/display/pxa2xx_lcd.c: Remove unused function pxa2xx_dma_rdst_set
hw/intc/imx_avic.c: Remove unused function imx_avic_set_prio()
hw/display/blizzard.c: Delete unused function blizzard_rgb2yuv
configure: Build GDB XML for 32 bit ARM CPUs into qemu aarch64 binaries
target-arm: Implement handling of breakpoint firing
target-arm: Implement setting guest breakpoints
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Simply switch function pointers when entering/leaving vga mode.
Allows to remove wrapper functions which do nothing but dispatch
calls depending on the current qxl mode.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The S24/TCX framebuffer is a mildly accelerated video card with
blitter, stippler and hardware cursor.
* Solaris and NetBSD 6.x use all the hardware acceleration features
* The Xorg driver (used by Linux) can use the hardware cursor only
This patch implements hardware acceleration in both 8 bit and 24 bit
modes. It is based on the NetBSD driver sources and from tests with
Solaris.
Signed-off-by: Olivier Danet <odanet@caramail.com>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
- Build: fixing block/iscsi.so and ranlib warnings on Mac OS X
- Migration fixes for x86
- The odd KVM patch.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABAgAGBQJUEXeWAAoJEBvWZb6bTYby4AwP/0Hh55A7QzkkzZ66y65zM+G5
dsgRcLjufHSRQHoNQqm6LOcicV3Ygc/X644EY6jnZCZxFh/fsWuTPqUDGxLAnxEc
2V0PkLRIScAMOPezzxvRy6/9hkG+UYM3ZOL5D9yxA9pGuBtttw7tkts19Vqf9WZc
NYG5TBDuEGM1c596Zpo7t10m+Oiw+Jyi5luLXsb4lh5ikdFPDrtJaf0AnFvR+ym0
HXlj2K/0vHNowUeLoo+oWnZsW8mLE6OyJhgfo1tJtsH1BR+lQJnBnQ4moq4Sl/Wz
+iht/4gtz34XwLILokFR6yiNrPe+MIryyv+FYxOD5loIdGVDtKMx30UkIE2/D933
6/n5i3GBLi9JapeT9gkKTxk/UVRPzJ1PK07RWevgNZNQyTGKAUGp+p48nSzMYX7V
7GFSy3Q8uqOR8g9n+t+RURxkoMNbhhw7v53Z3PPXPCALCMDzg9RARlW/nkfiExcZ
oThUjE/8xfMTQlN1SO5HTyQXEkYjtknZhfC7/KFvkWYMbCG0KBTf212Md0zlTNkj
+C6r8Gq4ZWVIc07QyKkoCMxB+a9Uhvy4T1PKuSlm6iu94zUgZRhdf/PlOXimhFqH
9GL67Tv15kpj05xCS6jDXjeMZ416/UKw91OcsiT1UUHcq7/rc+GBycd0ngV1UgnQ
di5V12IVt8JwdzFxMeCT
=GIKW
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
- Memory: improve error reporting and avoid crashes on hotplug
- Build: fixing block/iscsi.so and ranlib warnings on Mac OS X
- Migration fixes for x86
- The odd KVM patch.
# gpg: Signature made Thu 11 Sep 2014 11:21:10 BST using RSA key ID 9B4D86F2
# gpg: Good signature from "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: aka "Paolo Bonzini <bonzini@gnu.org>"
* remotes/bonzini/tags/for-upstream: (21 commits)
gdbstub: init mon_chr through qemu_chr_alloc
pckbd: adding new fields to vmstate
mc146818rtc: add missed field to vmstate
piix: do not set irq while loading vmstate
serial: fixing vmstate for save/restore
parallel: adding vmstate for save/restore
fdc: adding vmstate for save/restore
cpu: init vmstate for ticks and clock offset
apic_common: vapic_paddr synchronization fix
vl: use QLIST_FOREACH_SAFE to visit change state handlers
exec: add parameter errp to gethugepagesize
exec: report error when memory < hpagesize
hostmem-ram: don't exit qemu if size of memory-backend-ram is way too big
memory: add parameter errp to memory_region_init_rom_device
memory: add parameter errp to memory_region_init_ram
exec: add parameter errp to qemu_ram_alloc and qemu_ram_alloc_from_ptr
rules.mak: Fix DSO build by pulling in archive symbols
util: Don't link host-utils.o if it's empty
util: Move general qemu_getauxval to util/getauxval.c
trace: Only link generated-tracers.o with "simple" backend
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Add parameter errp to memory_region_init_ram and update all call sites
to pass in &error_abort.
Signed-off-by: Hu Tao <hutao@cn.fujitsu.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
With this patch the qemu console core stops using PixelFormat and pixman
format codes side-by-side, pixman format code is the primary way to
specify the DisplaySurface format:
* DisplaySurface stops carrying a PixelFormat field.
* qemu_create_displaysurface_from() expects a pixman format now.
Functions to convert PixelFormat to pixman_format_code_t (and back)
exist for those who still use PixelFormat. As PixelFormat allows
easy access to masks and shifts it will probably continue to exist.
[ xenfb added by Benjamin Herrenschmidt ]
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Plug a bunch of holes in the bochs dispi interface parameter checking.
Add a function doing verification on all registers. Call that
unconditionally on every register write. That way we should catch
everything, even changing one register affecting the valid range of
another register.
Some of the holes have been added by commit
e9c6149f6a. Before that commit the
maximum possible framebuffer (VBE_DISPI_MAX_XRES * VBE_DISPI_MAX_YRES *
32 bpp) has been smaller than the qemu vga memory (8MB) and the checking
for VBE_DISPI_MAX_XRES + VBE_DISPI_MAX_YRES + VBE_DISPI_MAX_BPP was ok.
Some of the holes have been there forever, such as
VBE_DISPI_INDEX_X_OFFSET and VBE_DISPI_INDEX_Y_OFFSET register writes
lacking any verification.
Security impact:
(1) Guest can make the ui (gtk/vnc/...) use memory rages outside the vga
frame buffer as source -> host memory leak. Memory isn't leaked to
the guest but to the vnc client though.
(2) Qemu will segfault in case the memory range happens to include
unmapped areas -> Guest can DoS itself.
The guest can not modify host memory, so I don't think this can be used
by the guest to escape.
CVE-2014-3615
Cc: qemu-stable@nongnu.org
Cc: secalert@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
VgaState->vram_size is the size of the pci bar. In case of qxl not the
whole pci bar can be used as vga framebuffer. Add a new variable
vbe_size to handle that case. By default (if unset) it equals
vram_size, but qxl can set vbe_size to something else.
This makes sure VBE_DISPI_INDEX_VIDEO_MEMORY_64K returns correct results
and sanity checks are done with the correct size too.
Cc: qemu-stable@nongnu.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Damn, the dirty rectangle values are signed integers. So the checks
added by commit 788fbf042f are not good
enough, we also have to make sure they are not negative.
[ Note: There must be something broken in spice-server so we get
negative values in the first place. Bug opened:
https://bugzilla.redhat.com/show_bug.cgi?id=1135372 ]
Cc: qemu-stable@nongnu.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Explicitly call object_unparent in the few places where we
will re-create the memory region. If the memory region is
simply being destroyed as part of device teardown, let QOM
handle it.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Instead, add a boolean variable to indicate the presence of the region.
This avoids a repeated malloc/free (later we can also avoid the
add_child/unparent by changing the offset/size of the alias).
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit b2eb849d4b
"CVE-2007-1320 - Cirrus LGD-54XX "bitblt" heap overflow" broke
cpu to video blits.
When the ROP function is called from cirrus_bitblt_cputovideo_next(),
we pass 0 for the pitch but only operate on one line at a time. The
added test was tripping because after the initial substraction, the
pitch becomes negative. Make the test only trip when the height is
larger than one (ie. the pitch is actually used).
This fixes HW cursor support in Windows NT4.0 (which otherwise was
a white rectangle) and general display of icons in that OS when using
8bpp mode.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
when configure a invalid vram size for cirrus card, such as less
2 MB, which will crash qemu. Follow the real hardware, the cirrus
card has 4 MB video memory. Also for backward compatibility, accept
8 MB and 16 MB vram size.
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Collection of fixes to build QEMU with Xen support on ARM:
- use xenstore_read_fe_uint64 to retrieve the page-ref (xenfb);
- use xen_pfn_t instead of unsigned long in xenfb;
- unsigned long/xenpfn_t in xen_remove_from_physmap;
- in xen-mapcache.c use HOST_LONG_BITS to check for QEMU's address space
size.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
After previous Peter patch, they are redundant. This way we don't
assign them except when needed. Once there, there were lots of case
where the ".fields" indentation was wrong:
.fields = (VMStateField []) {
and
.fields = (VMStateField []) {
Change all the combinations to:
.fields = (VMStateField[]){
The biggest problem (appart from aesthetics) was that checkpatch complained
when we copy&pasted the code from one place to another.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Acked-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
So you'll have a mouse pointer when running non-qxl gfx cards with
mouse pointer support (virtio-gpu, IIRC vmware too).
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
hello qemu-*@nongnu.org, this is my first contribution. apologies if
something is incorrect.
this patch fixes vmware_vga.c so that it actually returns the cursory
register when asked for, instead of cursorx.
Signed-off-by: Nicolas Owens <mischief@offblast.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
* remotes/mcayland/qemu-sparc:
apb: implement IOMMU translation for PCI host bridge
apb: handle reading/writing of IOMMU control registers
apb: fix IOMMU register sizes
apb: Move IOMMU registers into a separate IOMMUState struct
tcx: move initialisation from realizefn to initfn
tcx: move initialisation from SysBusDevice class to TCX class realizefn
cg3: add extra check to prevent CG3 register array overflow
cg3: move initialisation from realizefn to initfn
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This is an intermediate step to bring TCX in line with CG3.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
CC: Andreas Färber <afaerber@suse.de>
The case statements in the CG3 read and write register routines have a maximum
value of CG3_REG_SIZE, so if a value were written to this offset then it
would overflow the register array.
Currently this cannot be exploited since the MemoryRegion restricts accesses
to the range 0 ... CG3_REG_SIZE - 1, but it seems worth clarifying this for
future review and/or static analysis.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
CC: Paolo Bonzini <pbonzini@redhat.com>
The ld_raw and st_raw definitions are only needed in code that
must compile for both user-mode and softmmu emulation. Device
models can use the equivalent ld_p/st_p which are simple
pointer accessors.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* Preliminary restructuring for EL2/EL3 support
* improve CPACR handling
* fix pxa2xx_lcd palette formats
* update highbank/midway maintainer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCAAGBQJThLyzAAoJEDwlJe0UNgze9JMP/3Lh+Y9nv78cBgyJJkvv2i/q
H536WftDQarcBEHFf7aFqIMWWkDiDPAwMrB8SCn7zpLW/yBEAulo5e2mO4QLOUm6
JZMflGqDM1l0nz2XgJPW8y9ySPjxbmZISA+DB1QrNeG6n1HMRiBPCnnYTWIh9ju7
QiBRUW50GWQpWzWUyVQl4cWfHmHfjZCt+1GBUX2znsZplTzK7CvMot2qIxata+jn
8PaXbkE/GQp+0tmPgQ8lF4j2OEhVqRbIqzCM0R23aQVl9SLi4ZyudPsBFEtStj82
gezCF3Xv9zHvCy72+h+u///Wu+uh/PtMCxPUlTATLDF0W8jjJvFf/6n1G09Qo6Qa
qIsFm9gJ1aW9iqE/H96HzGKK3f1k8dOTw1XDHyC7Xr4E8RAVeBOQVKC41PjZ/GKE
BTDNeD6jJkyBvZsePIz8C+Km3XZYkndn6EAR13itwOls1yKHzV0IzG/NLHAQNxoj
4UbsvaED4H9Hn925y8DrQqhfrkj0+KjwF+Ggi0AT8rOJnmDKJCEc3oz6+A1yiIEt
BcHW4HJ13uyKz8bbOk4ikxNUysiMwLfXwxFLw3kpbjtS33QmYauO56Q/ju/vogC+
Aali9VtrUmirpVVJi3ZmSjj4y8LyoaHOzzbsVFjuzajstxK1fy51SmNg4NIBcMnK
1DUOZBmoktKhaobawWtA
=oYff
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20140527' into staging
target-arm:
* Preliminary restructuring for EL2/EL3 support
* improve CPACR handling
* fix pxa2xx_lcd palette formats
* update highbank/midway maintainer
# gpg: Signature made Tue 27 May 2014 17:26:27 BST using RSA key ID 14360CDE
# gpg: Can't check signature: public key not found
* remotes/pmaydell/tags/pull-target-arm-20140527: (26 commits)
target-arm: A64: Register VBAR_EL3
target-arm: A64: Register VBAR_EL2
target-arm: Make vbar_write writeback to any CPREG
target-arm: A64: Generalize update_spsel for the various ELs
target-arm: A64: Generalize ERET to various ELs
target-arm: A64: Trap ERET from EL0 at translation time
target-arm: A64: Forbid ERET to higher or unimplemented ELs
target-arm: Register EL3 versions of ELR and SPSR
target-arm: Register EL2 versions of ELR and SPSR
target-arm: Add a feature flag for EL3
target-arm: Add a feature flag for EL2
target-arm: A64: Introduce aarch64_banked_spsr_index()
target-arm: Add SPSR entries for EL2/HYP and EL3/MON
target-arm: A64: Add ELR entries for EL2 and 3
target-arm: A64: Add SP entries for EL2 and 3
target-arm: c12_vbar -> vbar_el[]
target-arm: Make esr_el1 an array
target-arm: Make elr_el1 an array
target-arm: Use a 1:1 mapping between EL and MMU index
target-arm: A32: Use get_mem_index for load/stores
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The pxa2xx palette entry "16bpp plus transparency" format is
xxxxxxxTRRRRR000GGGGGG00BBBBB000, and "18bpp plus transparency" is
xxxxxxxTRRRRRR00GGGGGG00BBBBBB00.
Correct errors in the code for reading these and converting
them to the internal format. In particular, the buggy code
was attempting to mask out bit 24 of a uint16_t, which
Coverity spotted as an error.
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1400233901-31785-1-git-send-email-peter.maydell@linaro.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABCAAGBQJTdBkpAAoJEPSH7xhYctcj5jAQAJKiJ/43TBk0S0wlpoPjw1yA
WSC/oJ2yvf+i6EndJPdnxIA/3K3s7suRFBJVYwLVnGJTUZ6gwGcI7cc/EX/iK0vf
1Ffv/RAuh3nkohFw1ZMLQGqACFskSer0K1wZgQg+YjiJRPzzpVOpaAVm3+c04LRN
AjO9LTqudi2pFaDHfGQMFES3j/5+h2srdad7YLMu4h/17SLtcowO7Yf7GT+GHRyD
c3OHcL6vNoCKkIJQULC8X5czh6zapQZG3SRZ/nLt58yjEyVuq4L2cNRA/614K+5b
1YLz4dX6slj8y17tg8On60emU0Sdu4mOws9HtYSytfmEu045iuF+Wr4kNjO74UGd
NnnjD1pdnuF7356pz87PiVBf7qer5yrv+Bog1KRUwn3ETFqpSOMiKJo0JAGBMKdN
w6Mbkg9C7IR62OfmM5157Mj2Xd681GImNiYzerBMfuFAWk5XsMxuz9Xh03I7WpzS
ASow6SCBIr7bsiKENV7twuz1mIQclsYWXaVt8ldH8bMsTCqiefVeDs4o6A3Na+WC
LztUHzlhVLZU92uJDiIsyQnwmsw032RjhKY9sV/NMa5HLAhF/zZLcn1OfXshrv8t
mVnWngGbY185kml0GmLu9TSnSCBSD8lcwZlRA9JVyxfusxElJUOrQzKzvu69Rn6U
XBWPBwppnDQ0MjOgSZD+
=gg8m
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/juanquintela/tags/migration/20140515' into staging
migration/next for 20140515
# gpg: Signature made Thu 15 May 2014 02:32:25 BST using RSA key ID 5872D723
# gpg: Can't check signature: public key not found
* remotes/juanquintela/tags/migration/20140515:
usb: fix up post load checks
migration: show average throughput when migration finishes
savevm: Remove all the unneeded version_minimum_id_old (rest)
savevm: Remove all the unneeded version_minimum_id_old (usb)
Split ram_save_block
arch_init: Simplify code for load_xbzrle()
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
After previous Peter patch, they are redundant. This way we don't
assign them except when needed. Once there, there were lots of case
where the ".fields" indentation was wrong:
.fields = (VMStateField []) {
and
.fields = (VMStateField []) {
Change all the combinations to:
.fields = (VMStateField[]){
The biggest problem (appart from aesthetics) was that checkpatch complained
when we copy&pasted the code from one place to another.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
After commit 767adce2d, they are redundant. This way we don't assign them
except when needed. Once there, there were lots of cases where the ".fields"
indentation was wrong:
.fields = (VMStateField []) {
and
.fields = (VMStateField []) {
Change all the combinations to:
.fields = (VMStateField[]){
The biggest problem (apart from aesthetics) was that checkpatch complained
when we copy&pasted the code from one place to another.
Signed-off-by: Juan Quintela <quintela@redhat.com>
[PMM: fixed minor conflict, corrected commit message typos]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABCAAGBQJTZ/QsAAoJEPSH7xhYctcjJ4wP/31lNMpPLxdRpxpUoTPK39L0
zEoBTUH5dzG2FG34p8/znNH0Lbmc3GALqP9UzyM0sL3QU0EDwqAP0idLJ/8zHrYN
ZNJnNH6wexlpEypAsyQiayAFYAq6bc3hYtnEurN56dQgPVgb6jCicuOAt26JafLg
xuGIuencgaEFZaIb8iobxloqDX9raoq0+JfnoV8r02+ES+PG+HHfZsAlbDiWpj/Z
o06WBq9Xvf8X/zvuGHb9PCLGK36+kxPJ2G2531TJGZ6BjjewDExF2xlQH+PQ8pQB
d2OKCP0In66JfyLu6JBz21APrks7DJxsuenvoqPhxhtlIcBSm+grZElNLbccDMLQ
3fteWOCcri5WSwKNAkZ138D5SzIArZFBlqD9qW0GQsiaj3tCxfy162JAmzRPa94i
R5OJCTDclwjCH6JvRsOs8NrQyYcXHcEl2rfeymfr68YOH5XBMeRPhcR91tVr03ow
ZVgvwC/TJHntKnW+qtGIOa9Wfq4KghjddD37ayPAqKM/GQ0TV2sAPEr2htDaBZ0l
5O/YGsAZPKax72OnMR2ObqoIMokympeanQLxG3Q8VKQSU2c+aU3rGVQrG1juiVYw
NiC/nzarFzFWU8UYToXIu2QBDTde2vuRLX/myzL7L4OLavOcv8EXZBp60DP/bktE
Pd+jdeLMh9kWu1tFrE8F
=VoYL
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/juanquintela/tags/migration/20140505' into staging
migration/next for 20140505
# gpg: Signature made Mon 05 May 2014 21:27:24 BST using RSA key ID 5872D723
# gpg: Can't check signature: public key not found
* remotes/juanquintela/tags/migration/20140505: (36 commits)
migration: expose xbzrle cache miss rate
migration: expose the bitmap_sync_count to the end
migration: Add counts of updating the dirty bitmap
XBZRLE: Fix one XBZRLE corruption issues
migration: remove duplicate code
Coverity: Fix failure path for qemu_accept in migration
Init the XBZRLE.lock in ram_mig_init
Provide init function for ram migration
Count used RAMBlock pages for migration_dirty_pages
Make qemu_peek_buffer loop until it gets it's data
Disallow outward migration while awaiting incoming migration
virtio: validate config_len on load
virtio-net: out-of-bounds buffer write on load
openpic: avoid buffer overrun on incoming migration
ssi-sd: fix buffer overrun on invalid state load
savevm: Ignore minimum_version_id_old if there is no load_state_old
usb: sanity check setup_index+setup_len in post_load
vmstate: s/VMSTATE_INT32_LE/VMSTATE_INT32_POSITIVE_LE/
virtio-scsi: fix buffer overrun on invalid state load
zaurus: fix buffer overrun on invalid state load
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
CVE-2013-4538
s->cmd_len used as index in ssd0323_transfer() to store 32-bit field.
Possible this field might then be supplied by guest to overwrite a
return addr somewhere. Same for row/col fields, which are indicies into
framebuffer array.
To fix validate after load.
Additionally, validate that the row/col_start/end are within bounds;
otherwise the guest can provoke an overrun by either setting the _end
field so large that the row++ increments just walk off the end of the
array, or by setting the _start value to something bogus and then
letting the "we hit end of row" logic reset row to row_start.
For completeness, validate mode as well.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Juan Quintela <quintela@redhat.com>
PortioList is an abstraction used for construction of MemoryRegionPortioList
from MemoryRegionPortio. It can be used later to unmap created memory regions.
It also requires proper cleanup because some of the memory inside is allocated
dynamically.
By moving PortioList ot device state we make it possible to cleanup later and
avoid leaking memory.
This change spans several target platforms. The following testcases cover all
changed lines:
qemu-system-ppc -M prep
qemu-system-i386 -vga qxl
qemu-system-i386 -M isapc -soundhw adlib -device ib700,id=watchdog0,bus=isa.0
Signed-off-by: Kirill Batuzov <batuzovk@ispras.ru>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Add a standard vga variant which doesn't occupy any legacy
resources and thus can easily be used as secondary (or legacy-free)
graphics adapter. Programming must be done using the MMIO bar.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Need a way to opt-out from vga.vram being global vmstate, for
secondary vga cards. Add a bool parameter to vga_common_init
to support this.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
this fixes invalid rectangle updates observed after commit 12b316d
with the vmware VGA driver. The issues occured because the server
and client surface update seems to be out of sync at some points
and the max width of the surface is not dividable by
VNC_DIRTY_BITS_PER_PIXEL (16).
Reported-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Convert legacy ->qdev style casts from TYPE_SSI_SLAVE to TYPE_DEVICE.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
[AF: Introduce local DeviceState variable for transition to QOM realize]
Signed-off-by: Andreas Färber <afaerber@suse.de>
In commit 5643706a09 (console: add head
to index to qemu consoles.) graphic_console_init() was extended to take
an additional argument, but xenfb was not updated accordingly. Fix it.
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Don Slutz <dslutz@verizon.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1394228528-31625-1-git-send-email-afaerber@suse.de
The CG3 framebuffer is a simple 8-bit framebuffer for use with operating
systems such as early Solaris that do not have drivers for TCX.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
CC: Blue Swirl <blauwirbel@gmail.com>
CC: Anthony Liguori <aliguori@amazon.com>
CC: Peter Maydell <peter.maydell@linaro.org>
CC: Bob Breuer <breuerr@mc.net>
CC: Artyom Tarasenko <atar4qemu@gmail.com>
* QTest cleanups and test cases for PCI NICs
* NAND fix for "info qtree"
* Cleanup and extension of QOM machine tests
* IndustryPack test cases and conversion to QOM realize
* I2C cleanups
* Cleanups of legacy qdev properties
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAABAgAGBQJTAooJAAoJEPou0S0+fgE/SuQQALW3zvra4ZLRAQV0e8kFoyj1
vVtmLkDhnCe4cYfxxfOX91NA0rH1ts2EO1+UcnaCHJlptNWfA+8qJW69XgYpHE3c
DKQlKPL/9pV5ywY5uUw/t1UJHg2BfrLBDDM4lP+vrpwiQYq4kp24JffnhfY3l9MA
9qdkXu1HrlWoLRVGnMyGDXI8cb+5bTL+FEc6UuHl3P89/gj5BV+LDWn0QOFbAkxq
4wk+Xh6sHKcfOdq6vMCNGlTjlJnpbY43D1a8+q6hFGG8JBlpne7Oer7bse9k4uTK
q/CzyNzC0lnjjcULpa4ptRlycH0ruD9DPY7Lco9XqYd3l/c9742PmTEqN5TZseKD
XD7+hwT1tk7W8rihm8KETCP6sKlXz4w8tJiWe6IT3zwRzvXIolxxK93heQuaX73Z
HFDmvTPVLUiWF8ftKTyWZM3w+jsbSH0QSrMCIHKJrPTRWTKphx0DUP74lWjNsvGs
FFBjpAgrflLihxiuRrcLmekGn0xCTjhQWIo2GoiWTgLSEHNQQQUNO+15/kcU/vlI
hh3DJpiBKeSnUapHHL0OEK6ryeHoG95akiRjImwWVthNLk4KEuWtlhFPYBtulO5A
PA02trE4Ah769effX0ZYdNl23KbW4VxpZ8VZv+kp7RTrDKxw551HoEFJ5ja0nkvB
O1CfsE7x0GH/Rbi/Hxhu
=KRcc
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/afaerber/tags/qom-devices-for-peter' into staging
QOM infrastructure fixes and device conversions
* QTest cleanups and test cases for PCI NICs
* NAND fix for "info qtree"
* Cleanup and extension of QOM machine tests
* IndustryPack test cases and conversion to QOM realize
* I2C cleanups
* Cleanups of legacy qdev properties
# gpg: Signature made Mon 17 Feb 2014 22:15:37 GMT using RSA key ID 3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg: aka "Andreas Färber <afaerber@suse.com>"
* remotes/afaerber/tags/qom-devices-for-peter: (49 commits)
qtest: Include system headers before user headers
qapi: Refine human printing of sizes
qdev: Use QAPI type names for properties
qdev: Add enum property types to QAPI schema
block: Handle "rechs" and "large" translation options
qdev: Remove hex8/32/64 property types
qdev: Remove most legacy printers
qdev: Use human mode in "info qtree"
qapi: Add human mode to StringOutputVisitor
qdev: Inline qdev_prop_parse()
qdev: Legacy properties are just strings
qdev: Legacy properties are now read-only
qdev: Remove legacy parsers for hex8/32/64
qdev: Sizes are now parsed by StringInputVisitor
qapi: Add size parser to StringInputVisitor
qtest: Don't segfault with invalid -qtest option
ipack: Move IndustryPack out of hw/char/
ipoctal232: QOM parent field cleanup
ipack: QOM parent field cleanup for IPackDevice
ipack: QOM parent field cleanup for IPackBus
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Replace them with uint8/32/64.
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Replace usages of FROM_I2C_SLAVE() with QOM cast macro.
Rename parent field.
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Most changes here are hotplug related:
This merges hotplug infrastructure changes by Igor,
some acpi related fixes, and PC fixes.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJS+Jg2AAoJECgfDbjSjVRp2hIH/3PezOqYAJlp1LzHPYgTII5R
ZWdlHWJODB5QKGuDnJ0rKTZn+9n4f27Q7ynwqrodrLNtzglfmPUwtjTb52vbd1yh
qJ7BtvGIewUEjTPVs2feipb75jFZFhvIU46F1jPJAiaNKG0nl6zwVHn5XfFqesv2
4TlHAoqYvpUUuFcG7Qu+hREUrjb/tdxwP8EYM4qDPOSxguS2R2+3/17BVlPDQGia
bKl6j5EmnmmbQ0h8Sepy3YKh9d1rZnKFsolMFrL8ITjzEzzyKjpE284GNe/5eY25
HR25dY5eYTb0d3QPeH2O5sOrZgOFpTZc8WOo9Kxi0OTjWxFoZstZ1AOM3A2DAoY=
=EtLZ
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
acpi,pc,pci fixes and enhancements
Most changes here are hotplug related:
This merges hotplug infrastructure changes by Igor,
some acpi related fixes, and PC fixes.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Mon 10 Feb 2014 09:13:26 GMT using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67
# Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469
* remotes/mst/tags/for_upstream:
ACPI: Remove commented-out code from HPET._CRS
hw/pci: switch to a generic hotplug handling for PCIDevice
pci/pcie: convert PCIE hotplug to use hotplug-handler API
pci/shpc: convert SHPC hotplug to use hotplug-handler API
acpi/piix4pm: convert ACPI PCI hotplug to use hotplug-handler API
qdev:pci: refactor PCIDevice to use generic "hotpluggable" property
hw/acpi: move typeinfo to the file end
qdev: add "hotpluggable" property to Device
qdev: add to BusState "hotplug-handler" link
define hotplug interface
loader: document that errno is set
pc.c: better error message on initrd sizing failure
pc_piix: enable legacy hotplug for Xen
qtest: don't report signals if qtest driver enabled
hw:piix4:acpi: reuse pcihp code for legacy PCI hotplug
pcihp: remove unused AcpiPciHpPciStatus.device_present field
pcihp: make pci_read() mmio calback compatible with legacy ACPI hotplug
pcihp: make PCI hotplug mmio handlers indifferent to PCI_HOTPLUG_ADDR
pcihp: replace enable|disable_device() with oneliners
pcihp: reduce number of device check events
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Get rid of PCIDevice specific PCIDeviceClass.no_hotplug and use
generic DeviceClass.hotpluggable field instead.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEABECAAYFAlLxNdwACgkQEdFA3D+Yo3h0MQCgkqd4o4LdamOYxQqP0CgD+ET8
QFgAn19l7zj69bPiYEsl1kPxinIduZnd
=ff/s
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/mwalle/tags/lm32-fixes/20140204' into staging
target-lm32: fixes
# gpg: Signature made Tue 04 Feb 2014 18:47:56 GMT using DSA key ID 3F98A378
# gpg: Can't check signature: public key not found
* remotes/mwalle/tags/lm32-fixes/20140204:
hw/lm32: print error if cpu model is not found
target-lm32: stop VM on illegal or unknown instruction
lm32_sys: dump cpu state if test case fails
lm32_sys: print test result on stderr
target-lm32: add breakpoint/watchpoint support
target-lm32: move model features to LM32CPU
target-lm32: kill cpu_abort() calls
milkymist-vgafb: swap pixel data in source buffer
lm32_uart/lm32_juart: use qemu_chr_fe_write_all()
milkymist-uart: use qemu_chr_fe_write_all() instead of qemu_chr_fe_write()
tests: lm32: new rule for single test cases
lm32_sys: increase test case name length limit
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
In commit fc97bb5ba3 the lduw_raw() call was
eliminated. But we are reading from the target buffer a 16-bit value, which
is in big-endian format. Therefore, use lduw_be_p() to read the value.
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Michael Walle <michael@walle.cc>
Several small signedness / overflow corrections to qxl_create_guest_primary:
1. use 64 bit unsigned for size to avoid overflow possible from two 32
bit multiplicants.
2. correct sign for requested_height
3. add a more verbose error message when setting guest bug state (which
causes a complete guess blackout until reset, so it helps if it is
verbose).
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Without this we occasionally trigger an assert at
hw/pci/pci.c:pcibus_reset that asserts the irq_count is zero on reset.
This has become a problem with the new drm driver for linux, since doing
a reboot from console causes a race between console updates that set the
irq and the reset assertion that the irq is clear.
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
For blizzard, pl110 and tc6393xb this is harmless, but for pxa2xx
Coverity noticed that it is used inside an "if" statement.
Fix it because it's the file with the highest number of defects
in the whole QEMU tree! Use "do...while (0)", or just remove the
semicolon if there's a single statement in the macro.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The framebuffer is needlessly mapped (PROT_READ | PROT_WRITE), map it
PROT_READ instead.
The framebuffer is unmapped by replacing the framebuffer pages with
anonymous shared memory, calling mmap. Check for return errors and print
a warning.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
device_add plugs devices into suitable bus. For "real" buses, that
actually connects the device. For sysbus, the connections need to be
made separately, and device_add can't do that. The device would be
left unconnected, and could not possibly work.
Quite a few, but not all sysbus devices already set
cannot_instantiate_with_device_add_yet in their class init function.
Set it in their abstract base's class init function
sysbus_device_class_init(), and remove the now redundant assignments
from device class init functions.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel.a@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
In an ideal world, machines can be built by wiring devices together
with configuration, not code. Unfortunately, that's not the world we
live in right now. We still have quite a few devices that need to be
wired up by code. If you try to device_add such a device, it'll fail
in sometimes mysterious ways. If you're lucky, you get an
unmysterious immediate crash.
To protect users from such badness, DeviceClass member no_user used to
make device models unavailable with -device / device_add, but that
regressed in commit 18b6dad. The device model is still omitted from
help, but is available anyway.
Attempts to fix the regression have been rejected with the argument
that the purpose of no_user isn't clear, and it's prone to misuse.
This commit clarifies no_user's purpose. Anthony suggested to rename
it cannot_instantiate_with_device_add_yet_due_to_internal_bugs, which
I shorten somewhat to keep checkpatch happy. While there, make it
bool.
Every use of cannot_instantiate_with_device_add_yet gets a FIXME
comment asking for rationale. The next few commits will clean them
all up, either by providing a rationale, or by getting rid of the use.
With that done, the regression fix is hopefully acceptable.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel.a@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Hard reset can happen at any time. We should be able to put qxl into a
known-good state no matter what. Stop spice server thread for reset so
it can't be confused by fetching stale commands lingering around in the
rings while we reset is ongoing.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit ac86048bcd removed trace.h from
console.h and ignored the fact that qxl-render.c needs this file
(it includes qxl.h which includes console.h which included trace.h).
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
This reduces the dependencies on trace.h.
Only two source files which need console.h also need trace.h.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Upstream OpenBIOS now implements SBus probing in order to determine the
contents of a physical bus slot, which is required to allow OpenBIOS to
identify the framebuffer without help from the fw_cfg interface.
SBus probing works by detecting the presence of an FCode program
(effectively tokenised Forth) at the base address of each slot, and if
present executes it so that it creates its own device node in the
OpenBIOS device tree.
The FCode ROM is generated as part of the OpenBIOS build and should
generally be updated at the same time.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
CC: Blue Swirl <blauwirbel@gmail.com>
CC: Bob Breuer <breuerr@mc.net>
CC: Artyom Tarasenko <atar4qemu@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
After calling dpy_gfx_replace_surface(s->con, surface), the outer
surface is invalid.
==5370== Invalid read of size 4
==5370== at 0x460229: surface_bits_per_pixel (console.h:250)
==5370== by 0x466A81: get_depth_index (vga.c:1173)
==5370== by 0x467EC2: vga_draw_graphic (vga.c:1718)
==5370== by 0x4687A5: vga_update_display (vga.c:1914)
==5370== by 0x2A782E: qxl_hw_update (qxl.c:1766)
==5370== by 0x3EB83B: graphic_hw_update (console.c:254)
==5370== by 0x3FBE31: qemu_spice_display_refresh (spice-display.c:418)
==5370== by 0x2A7D01: display_refresh (qxl.c:1886)
==5370== by 0x3EEE1C: dpy_refresh (console.c:1436)
==5370== by 0x3EB543: gui_update (console.c:192)
==5370== by 0x3C43B3: timerlist_run_timers (qemu-timer.c:488)
==5370== by 0x3C4416: qemu_clock_run_timers (qemu-timer.c:499)
==5370== Address 0x22ffb1e0 is 0 bytes inside a block of size 56 free'd
==5370== at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==5370== by 0x4245FC: free_and_trace (vl.c:2771)
==5370== by 0x50899AE: g_free (gmem.c:252)
==5370== by 0x3EE8D3: qemu_free_displaysurface (console.c:1332)
==5370== by 0x3EEDB7: dpy_gfx_replace_surface (console.c:1427)
==5370== by 0x467EB6: vga_draw_graphic (vga.c:1714)
==5370== by 0x4687A5: vga_update_display (vga.c:1914)
==5370== by 0x2A782E: qxl_hw_update (qxl.c:1766)
==5370== by 0x3EB83B: graphic_hw_update (console.c:254)
==5370== by 0x3FBE31: qemu_spice_display_refresh (spice-display.c:418)
==5370== by 0x2A7D01: display_refresh (qxl.c:1886)
==5370== by 0x3EEE1C: dpy_refresh (console.c:1436)
Signed-off-by: Marc-André Lureau <marcandre.lureau@gmail.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1383664554-15248-1-git-send-email-marcandre.lureau@gmail.com
Signed-off-by: Anthony Liguori <aliguori@amazon.com>
