Commit Graph

22349 Commits

Author SHA1 Message Date
Peter Maydell
1fa404b60f vga: enable virtio test, fix ddc oob read
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJcOKD0AAoJEEy22O7T6HE40JQP/RrwVqSvaFDu/13tbtkLcJPs
 v7BVCw0YmlOq5xagvtyoWhClxghHGkJNjQr+VGjLKhi03sgTIiE7BxcGz5qVXfwn
 KgZyrvgtgYHsGdRuC48UmsjRt0E0hR5exdaCVY73lpXyngxBJj5iMlr1E2sMePD7
 j03zsc5fsGVi+bQ1zsKd9LWQRrBQYzzAxnRuPWlXC9U4iTwUV2HltYQhT3bpsbLR
 Gc8YgQ0mikgGXFXXlSZ/4Wu1pIiCNVdLPhjOBiUlQrVmD1ukcMS6AQyZ8KeWf10B
 e+GBEd7O5rIDvsxYBg745CXZWTb+OMWRW63GybXNyLbmBSqOFRafYyZLJ5o5vjnf
 omrl1CJhfVl68wgwLBvcPIgFUZk9Gj5X25FW4vpjCkkaFELruCVxOUl6Gq6/jyPU
 XPRAmdpPsAm5qnHrzn1vKwen/bj4+872Qtj97g1DqRkMyXFBz8E8y7DAPRzRfGUh
 kZh4Z6AijG8sEpBY9O+WKaEU8D0nFXi88tahv3NsGYT+rsPGyNXqRwcFbV61H8Cn
 jtWT7iL0LzgykJcTP4WmkGBIApRRuLj0/YSNrVJSttVuRWq77p9f1X28MVta0zE/
 1kBDvPM6JJJBYxd4LJxQDymIaXTKdFFwHTUkXBKPrvRsWAZ8rCzaTts8oK/l+y+k
 XWkx59vOLH13fi/EoRfz
 =MxNk
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/vga-20190111-pull-request' into staging

vga: enable virtio test, fix ddc oob read

# gpg: Signature made Fri 11 Jan 2019 13:58:12 GMT
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/vga-20190111-pull-request:
  i2c-ddc: fix oob read
  tests/display-vga: Enable virtio-vga test

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-11 19:09:14 +00:00
Peter Maydell
15bede5541 * HAX support for Linux hosts (Alejandro)
* esp bugfixes (Guenter)
 * Windows build cleanup (Marc-André)
 * checkpatch logic improvements (Paolo)
 * coalesced range bugfix (Paolo)
 * switch testsuite to TAP (Paolo)
 * QTAILQ rewrite (Paolo)
 * block/iscsi.c cancellation fixes (Stefan)
 * improve selection of the default accelerator (Thomas)
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQEcBAABAgAGBQJcOKyMAAoJEL/70l94x66DxKEH/1ho2Xl8ezxCecA6q3HqTgMT
 NJ/ntdqQwVwekKOWzsywnM3/LkEDLH55MxbTeQ8M/Vb1seS8eROz24/gPTzvFrfR
 n/d11rDV1EJfWe0H7nGLLFiRv0MSjxLpG9c3dlOKWhwOYHm25tr48PsdfVFP9Slz
 BK3rwrMeDgArfptHAIsAXt2h1S0EzrG9pMwGDpErCDzziXxBhUESE0Iqfw8LsH1K
 VjMn6rn7Ts1XKlxxwsm+BzHlTJghbj3tWPIfk+6uK2isP4iM3gFCoav3SG9XVXof
 V9+vFyMxdtZKT/0HvajhUS4/1S/uGBNNchZRnCxXlpbueWc5ROtvarhM6Hb0eck=
 =i8E5
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

* HAX support for Linux hosts (Alejandro)
* esp bugfixes (Guenter)
* Windows build cleanup (Marc-André)
* checkpatch logic improvements (Paolo)
* coalesced range bugfix (Paolo)
* switch testsuite to TAP (Paolo)
* QTAILQ rewrite (Paolo)
* block/iscsi.c cancellation fixes (Stefan)
* improve selection of the default accelerator (Thomas)

# gpg: Signature made Fri 11 Jan 2019 14:47:40 GMT
# gpg:                using RSA key BFFBD25F78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream: (34 commits)
  avoid TABs in files that only contain a few
  remove space-tab sequences
  scripts: add script to convert multiline comments into 4-line format
  hw/watchdog/wdt_i6300esb: remove a unnecessary comment
  checkpatch: warn about qemu/queue.h head structs that are not typedef-ed
  qemu/queue.h: simplify reverse access to QTAILQ
  qemu/queue.h: reimplement QTAILQ without pointer-to-pointers
  qemu/queue.h: remove Q_TAILQ_{HEAD,ENTRY}
  qemu/queue.h: typedef QTAILQ heads
  qemu/queue.h: leave head structs anonymous unless necessary
  vfio: make vfio_address_spaces static
  qemu/queue.h: do not access tqe_prev directly
  test: replace gtester with a TAP driver
  test: execute g_test_run when tests are skipped
  qga: drop < Vista compatibility
  build-sys: build with Vista API by default
  build-sys: move windows defines in osdep.h header
  build-sys: don't include windows.h, osdep.h does it
  scsi: esp: Defer command completion until previous interrupts have been handled
  esp-pci: Fix status register write erase control
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-11 15:46:09 +00:00
Paolo Bonzini
7d37435bd5 avoid TABs in files that only contain a few
Most files that have TABs only contain a handful of them.  Change
them to spaces so that we don't confuse people.

disas, standard-headers, linux-headers and libdecnumber are imported
from other projects and probably should be exempted from the check.
Outside those, after this patch the following files still contain both
8-space and TAB sequences at the beginning of the line.  Many of them
have a majority of TABs, or were initially committed with all tabs.

    bsd-user/i386/target_syscall.h
    bsd-user/x86_64/target_syscall.h
    crypto/aes.c
    hw/audio/fmopl.c
    hw/audio/fmopl.h
    hw/block/tc58128.c
    hw/display/cirrus_vga.c
    hw/display/xenfb.c
    hw/dma/etraxfs_dma.c
    hw/intc/sh_intc.c
    hw/misc/mst_fpga.c
    hw/net/pcnet.c
    hw/sh4/sh7750.c
    hw/timer/m48t59.c
    hw/timer/sh_timer.c
    include/crypto/aes.h
    include/disas/bfd.h
    include/hw/sh4/sh.h
    libdecnumber/decNumber.c
    linux-headers/asm-generic/unistd.h
    linux-headers/linux/kvm.h
    linux-user/alpha/target_syscall.h
    linux-user/arm/nwfpe/double_cpdo.c
    linux-user/arm/nwfpe/fpa11_cpdt.c
    linux-user/arm/nwfpe/fpa11_cprt.c
    linux-user/arm/nwfpe/fpa11.h
    linux-user/flat.h
    linux-user/flatload.c
    linux-user/i386/target_syscall.h
    linux-user/ppc/target_syscall.h
    linux-user/sparc/target_syscall.h
    linux-user/syscall.c
    linux-user/syscall_defs.h
    linux-user/x86_64/target_syscall.h
    slirp/cksum.c
    slirp/if.c
    slirp/ip.h
    slirp/ip_icmp.c
    slirp/ip_icmp.h
    slirp/ip_input.c
    slirp/ip_output.c
    slirp/mbuf.c
    slirp/misc.c
    slirp/sbuf.c
    slirp/socket.c
    slirp/socket.h
    slirp/tcp_input.c
    slirp/tcpip.h
    slirp/tcp_output.c
    slirp/tcp_subr.c
    slirp/tcp_timer.c
    slirp/tftp.c
    slirp/udp.c
    slirp/udp.h
    target/cris/cpu.h
    target/cris/mmu.c
    target/cris/op_helper.c
    target/sh4/helper.c
    target/sh4/op_helper.c
    target/sh4/translate.c
    tcg/sparc/tcg-target.inc.c
    tests/tcg/cris/check_addo.c
    tests/tcg/cris/check_moveq.c
    tests/tcg/cris/check_swap.c
    tests/tcg/multiarch/test-mmap.c
    ui/vnc-enc-hextile-template.h
    ui/vnc-enc-zywrle.h
    util/envlist.c
    util/readline.c

The following have only TABs:

    bsd-user/i386/target_signal.h
    bsd-user/sparc64/target_signal.h
    bsd-user/sparc64/target_syscall.h
    bsd-user/sparc/target_signal.h
    bsd-user/sparc/target_syscall.h
    bsd-user/x86_64/target_signal.h
    crypto/desrfb.c
    hw/audio/intel-hda-defs.h
    hw/core/uboot_image.h
    hw/sh4/sh7750_regnames.c
    hw/sh4/sh7750_regs.h
    include/hw/cris/etraxfs_dma.h
    linux-user/alpha/termbits.h
    linux-user/arm/nwfpe/fpopcode.h
    linux-user/arm/nwfpe/fpsr.h
    linux-user/arm/syscall_nr.h
    linux-user/arm/target_signal.h
    linux-user/cris/target_signal.h
    linux-user/i386/target_signal.h
    linux-user/linux_loop.h
    linux-user/m68k/target_signal.h
    linux-user/microblaze/target_signal.h
    linux-user/mips64/target_signal.h
    linux-user/mips/target_signal.h
    linux-user/mips/target_syscall.h
    linux-user/mips/termbits.h
    linux-user/ppc/target_signal.h
    linux-user/sh4/target_signal.h
    linux-user/sh4/termbits.h
    linux-user/sparc64/target_syscall.h
    linux-user/sparc/target_signal.h
    linux-user/x86_64/target_signal.h
    linux-user/x86_64/termbits.h
    pc-bios/optionrom/optionrom.h
    slirp/mbuf.h
    slirp/misc.h
    slirp/sbuf.h
    slirp/tcp.h
    slirp/tcp_timer.h
    slirp/tcp_var.h
    target/i386/svm.h
    target/sparc/asi.h
    target/xtensa/core-dc232b/xtensa-modules.inc.c
    target/xtensa/core-dc233c/xtensa-modules.inc.c
    target/xtensa/core-de212/core-isa.h
    target/xtensa/core-de212/xtensa-modules.inc.c
    target/xtensa/core-fsf/xtensa-modules.inc.c
    target/xtensa/core-sample_controller/core-isa.h
    target/xtensa/core-sample_controller/xtensa-modules.inc.c
    target/xtensa/core-test_kc705_be/core-isa.h
    target/xtensa/core-test_kc705_be/xtensa-modules.inc.c
    tests/tcg/cris/check_abs.c
    tests/tcg/cris/check_addc.c
    tests/tcg/cris/check_addcm.c
    tests/tcg/cris/check_addoq.c
    tests/tcg/cris/check_bound.c
    tests/tcg/cris/check_ftag.c
    tests/tcg/cris/check_int64.c
    tests/tcg/cris/check_lz.c
    tests/tcg/cris/check_openpf5.c
    tests/tcg/cris/check_sigalrm.c
    tests/tcg/cris/crisutils.h
    tests/tcg/cris/sys.c
    tests/tcg/i386/test-i386-ssse3.c
    ui/vgafont.h

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20181213223737.11793-3-pbonzini@redhat.com>
Reviewed-by: Aleksandar Markovic <amarkovic@wavecomp.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Acked-by: Richard Henderson <richard.henderson@linaro.org>
Acked-by: Eric Blake <eblake@redhat.com>
Acked-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Stefan Markovic <smarkovic@wavecomp.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-01-11 15:46:56 +01:00
Paolo Bonzini
72e21db7ea remove space-tab sequences
There are not many, and they are all simple mistakes that ended up
being committed.  Remove them.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20181213223737.11793-2-pbonzini@redhat.com>
Reviewed-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Acked-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-01-11 15:46:55 +01:00
Peng Hao
7d2fcebbdc hw/watchdog/wdt_i6300esb: remove a unnecessary comment
The registered memory region of i6300esb is not suitable for coalesced
mmio, because a write for the region may trigger an immediate action
and can't be delayed.

Signed-off-by: Peng Hao <peng.hao2@zte.com.cn>
Message-Id: <1544253511-82742-1-git-send-email-peng.hao2@zte.com.cn>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-01-11 15:46:55 +01:00
Paolo Bonzini
eae3eb3e18 qemu/queue.h: simplify reverse access to QTAILQ
The new definition of QTAILQ does not require passing the headname,
remove it.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-01-11 15:46:55 +01:00
Paolo Bonzini
f481ee2d5e qemu/queue.h: typedef QTAILQ heads
This will be needed when we change the QTAILQ head and elem structs
to unions.  However, it is also consistent with the usage elsewhere
in QEMU for other list head structs (see for example FsMountList).

Note that most QTAILQs only need their name in order to do backwards
walks.  Those do not break with the struct->union change, and anyway
the change will also remove the need to name heads when doing backwards
walks, so those are not touched here.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-01-11 15:46:55 +01:00
Paolo Bonzini
b58deb344d qemu/queue.h: leave head structs anonymous unless necessary
Most list head structs need not be given a name.  In most cases the
name is given just in case one is going to use QTAILQ_LAST, QTAILQ_PREV
or reverse iteration, but this does not apply to lists of other kinds,
and even for QTAILQ in practice this is only rarely needed.  In addition,
we will soon reimplement those macros completely so that they do not
need a name for the head struct.  So clean up everything, not giving a
name except in the rare case where it is necessary.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-01-11 15:46:55 +01:00
Paolo Bonzini
10ca76b4d2 vfio: make vfio_address_spaces static
It is not used outside hw/vfio/common.c, so it does not need to
be extern.

Acked-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-01-11 15:46:54 +01:00
Peter Maydell
e53f7796fb Machine queue, 2019-01-10
* Simplify GlobalProperty array declarations (Eduardo Habkost)
 * Deprecate cpu-add commands (Kashyap Chamarthy)
 * range/memory-device cleanups (David Hildenbrand)
 * Fix -device scsi-hd,help regression (Marc-André Lureau)
 * Fix crash when -global generates multiple warnings (Eduardo
   Habkost)
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABCAAGBQJcN1aHAAoJECgHk2+YTcWmi20QALYlChpE/YNh/8RZvpKRRgt4
 4aj8/qOlFq+TeoKQPf6KNCrTy6awvVGWOhOZOLdGcalqNZ/l69ZmKmECU0dqTrEw
 2zo0FxD8bjqVdsBJifLFa925GbUBHFtw/Am87Qv/LO+PV0bqMMIVUyNo5hd0iMej
 AhwlaIKAJxIKlsUiZOXpc2n1siFBjciJWdNapsam+ia8b8Y5jZ5GlkfTCJ3Nve2m
 uHMTPTt6iQao3YmPZ11E2elQENV7F51wM21Ti93Eo90FRpmADzsGw+lnh4wp50Mr
 q2QvaDByxcNEfdhKWOTdjRV6pkVBUh6GZps9SJvFtSGc2vfxqPgpi+HvN6f79uIO
 QV3rbkM0dyR+xveKrBVHA7MjCNEdVdpz5GRsYHDC3kjZC/dpEN/nV5g4TKSMzd6A
 hHQi6sRBi1qiKytsRB8sTElDDJxmoE8t5X1QeW+Wws0hBKVnrlr/BY0u09ip2j4x
 qoR4QG1nrmAXHIKVwsIdn8tiPqX2iq+OPu/Tp8FHlRI/90+3jazSbderT6I/9oCd
 AqnxSGXRoPhK0l0n/57mcPeY478ENtRqdeUkUVDVFSoTG9ys8aYqYzS19CdrRExo
 QsJ1M+NGWqzCal4VxNrdbUHAQoG4b1tVnQJMiFBc9LxS/88Da7huoiXRwAQkwOCd
 Um3orC2vlv78QXTwTho6
 =LNk6
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/ehabkost/tags/machine-next-pull-request' into staging

Machine queue, 2019-01-10

* Simplify GlobalProperty array declarations (Eduardo Habkost)
* Deprecate cpu-add commands (Kashyap Chamarthy)
* range/memory-device cleanups (David Hildenbrand)
* Fix -device scsi-hd,help regression (Marc-André Lureau)
* Fix crash when -global generates multiple warnings (Eduardo
  Habkost)

# gpg: Signature made Thu 10 Jan 2019 14:28:23 GMT
# gpg:                using RSA key 2807936F984DC5A6
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>"
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF  D1AA 2807 936F 984D C5A6

* remotes/ehabkost/tags/machine-next-pull-request:
  qom: Don't keep error value between object_property_parse() calls
  qdev: fix -device scsi-hd,help regression
  machine: Use shorter format for GlobalProperty arrays
  machine: Eliminate unnecessary stringify() usage
  spapr: Eliminate SPAPR_PCI_2_7_MMIO_WIN_SIZE macro
  memory-device: rewrite address assignment using ranges
  range: add some more functions
  Mention that QMP 'cpu-add' will be deprecated
  Update that HMP 'cpu-add' is deprecated in 4.0
  qemu-deprecated.texi: Rename the HMP section

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-11 13:35:48 +00:00
Guenter Roeck
ea84a44250 scsi: esp: Defer command completion until previous interrupts have been handled
The guest OS reads RSTAT, RSEQ, and RINTR, and expects those registers
to reflect a consistent state. However, it is possible that the registers
can change after RSTAT was read, but before RINTR is read, when
esp_command_complete() is called.

Guest OS		qemu
--------		----
[handle interrupt]
Read RSTAT
			esp_command_complete()
			 RSTAT = STAT_ST
			 esp_dma_done()
			  RSTAT |= STAT_TC
			  RSEQ = 0
			  RINTR = INTR_BS

Read RSEQ
Read RINTR		RINTR = 0
			RSTAT &= ~STAT_TC
			RSEQ = SEQ_CD

The guest OS would then try to handle INTR_BS combined with an old
value of RSTAT. This sometimes resulted in lost events, spurious
interrupts, guest OS confusion, and stalled SCSI operations.
A typical guest error log (observed with various versions of Linux)
looks as follows.

scsi host1: Spurious irq, sreg=13.
...
scsi host1: Aborting command [84531f10:2a]
scsi host1: Current command [f882eea8:35]
scsi host1: Queued command [84531f10:2a]
scsi host1:  Active command [f882eea8:35]
scsi host1: Dumping command log
scsi host1: ent[15] CMD val[44] sreg[90] seqreg[00] sreg2[00] ireg[20] ss[00] event[0c]
scsi host1: ent[16] CMD val[01] sreg[90] seqreg[00] sreg2[00] ireg[20] ss[02] event[0c]
scsi host1: ent[17] CMD val[43] sreg[90] seqreg[00] sreg2[00] ireg[20] ss[02] event[0c]
scsi host1: ent[18] EVENT val[0d] sreg[92] seqreg[04] sreg2[00] ireg[18] ss[00] event[0c]
...

Defer handling command completion until previous interrupts have been
handled to fix the problem.

Signed-off-by: Guenter Roeck <linux@roeck-us.net>
2019-01-11 13:57:24 +01:00
Guenter Roeck
c2d6eeda01 esp-pci: Fix status register write erase control
Per AM53C974 datasheet, definition of "SCSI Bus and Control (SBAC)"
register:

Bit 24 'STATUS' Write Erase Control

This bit controls the Write Erase feature on bits 3:1 and bit 6 of the DMA
Status Register ((B)+54h). When this bit is programmed to '1', the state
of bits 3:1 are preserved when read. Bits 3:1 are only cleared when a '1'
is written to the corresponding bit location. For example, to clear bit 1,
the value of '0000_0010b' should be written to the register. When the DMA
Status Preserve bit is '0', bits 3:1 are cleared when read.

The status register is currently defined to bit 12, not bit 24.
Also, its implementation is reversed: The status is auto-cleared if
the bit is set to 1, and must be cleared explicitly when the bit is
set to 0. This results in spurious interrupts reported by the Linux
kernel, and in some cases even results in stalled SCSI operations.

Set SBAC_STATUS to bit 24 and reverse the logic to fix the problem.

Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Message-Id: <1543442171-24863-1-git-send-email-linux@roeck-us.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-01-11 13:57:24 +01:00
Paolo Bonzini
4ec37f9048 pam: wrap MemoryRegion initialization in a transaction
This avoids a few re-rendering of the memory AddressSpace.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-01-11 13:57:23 +01:00
Gerd Hoffmann
b05b267840 i2c-ddc: fix oob read
Suggested-by: Michael Hanselmann <public@hansmi.ch>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Michael Hanselmann <public@hansmi.ch>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190108102301.1957-1-kraxel@redhat.com
2019-01-11 11:45:00 +01:00
Peter Maydell
291741033f audio: two fixes.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJcNw8MAAoJEEy22O7T6HE4cYwP/1tgDp80mGhQeu2ZXb/2a+iV
 rX7ueEofG19rlXeSqpgwrCso2LM4SgY1wSzcPoHTV+ipCVWCQUT1HjPZamIXOq5x
 vt81scPZl+SBwBJRMS8CrArddMcmOh/288upbQy4xXZmwW2M6r9j5O5bRCfgExF6
 khQM7QOqopalmmEB0pbsdyQMbeszvfKXqAL+cch+VZSyULiVB4yFP9J6xroEtqz/
 ka8cVZcFLPwUY2CpXy9GUwQgCMwgYVviPyHU3E8bl3qcdQMqr9AR2QuI89s+kt1M
 9/7KVkmIAK7grim3SkWasHns8cXo8uxaWebmXZsk4yDofEKL5FfsrGrfng9W/OyS
 Ixg9JHwC7OfNq5YY4T/ghA56EVHzhu8eg1iGsnmA8ReoSyRR3/TFf0+oQypgONK3
 BbfMEBr2kr9XyWpThck26NLg0KXsGXgWk/KUPqGDg+QA1LbRw98vyXrPy/stkfbt
 77JwJgIOXviH6rEUA0U8REcg5KrI+tcq/JURiq9NVU+hew46OcGPXNWWlWxLcNJt
 olwnB0hOrXsddrIKSLTwav8FjVsLOT7LJSYmE7S70pWaEyQ6v8ctWc9LICptrLXD
 joVyN4Ktdyrx/zBi38XyPXuQuC7jCTFbuAEfe9rcTz0PjlKz0cN4SGvWPLQdaN3C
 f3AaRAlQj5RPqGPgazTN
 =UooZ
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/audio-20190110-pull-request' into staging

audio: two fixes.

# gpg: Signature made Thu 10 Jan 2019 09:23:24 GMT
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/audio-20190110-pull-request:
  usb-audio: ignore usb packages with wrong size
  hw/audio/marvell: Don't include unnecessary i2c.h header file

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-10 18:45:23 +00:00
Peter Maydell
823dcd58ea ui: bugfixes, drop keymap include support, drop dead code.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJcNwaOAAoJEEy22O7T6HE4usIQAKMdl63407uCPDP+k9ySKL2l
 W4O3uRZ0sj+RB7hk8evUJIT/oxGcfD2a4CHQPX6UDn5c5XgZoAuHe/gIzQe4v2QS
 o/Ot7qEbES4QitTSqhkiEuKl6iCp2mY+gchsVRMxfjOFvusU0B/nOl9BZCe57EFc
 jJQyI5sKJb/s6ygDp7yMwA5/qfglIv+wHAbX1GDBAiO6Vuwdk1OOXF/mhI/O1TA3
 T8d71v8cFiC1hWl7vLFecejN5lcXAO/1jVkyuEU9bQfMe1qoZ+BhzJvgzet8XzW+
 j1HrcybNjClvr1Iv0SFkwoRC6w8c2tMOtT10LHtiWF38r/1v8gWcQk36Jeim2Kq3
 RcV9IX56PJWSRTa9Roqvemc3hn3e7WcUkmyQX0PMbNq8obJhjNFuyEFunS1Wo4/G
 ldJ+NSK1n3l90s3ZFRLWiL4DADpYeQy34U3iG4VlC6AYXmKWMjbZCiCyyJCRtawP
 aYLbVQ/+6NsVQol4LaOqlP7uukmOBRiHZIdFTQn9xG3tymJZcEGVM3YSkfuK6InQ
 qTmmRFCUhGi0YPkYupk4BfUyHlSpnecoRGTh4jtetr2CctrhotRCC1L4z45KbzMM
 kWQGaqzCqLGuG7eDSNmwPdrjUKgoqTLWgTikCJhCS+QTFRWR23RigD8PrAq62kGc
 oFNGlDkpqizbdoEAfWOp
 =TcEc
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/ui-20190110-pull-request' into staging

ui: bugfixes, drop keymap include support, drop dead code.

# gpg: Signature made Thu 10 Jan 2019 08:47:10 GMT
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/ui-20190110-pull-request:
  spice: Remove unused include
  keymaps: drop support for include files
  keymaps: remove common include
  keymaps: drop nl-be map
  keymaps: remove modifiers include
  ui/console: Remove qemu_create_display_surface_guestmem()
  configure: bump spice-server required version to 0.12.5
  egl-headless: add egl_create_context

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-10 16:29:02 +00:00
Peter Maydell
d246ff5d39 Trivial patches for 4.0 (2019-01-09)
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJcNfHyAAoJEPMMOL0/L748NakQAKzjmZjQ9Qz2fVS/AUuk1weW
 0ySDiWU/cm+oGRW2E40+OggaoJnfitWrYY8cDSkOKKWlK+kFM2Dlfv8M50pg+JsK
 IhcFWUcOUHEbJjjyMbkKkl2Yl/RIvr9/IJHDt6wB28jpvqN9nlkBaiXeC7yuiLYN
 XAxf4TbuHstKqHEnDBXjFzY+IiaGMn1ffmOoHdItslFhiYeut6ucs8786D+CKWBx
 jcesXidhxGsuu+8zNZy1y7m29ccHgsb7LCZN0Hs6mV8tYD0vQv1UVDTx0jPWzON9
 1+LzdaeLlpk7LZTDa4wCnhoAb0usESQ5mjo3+q4Tq2pjZlYBCzDmFK43BNSlmfUC
 s//XVGUZBB7reeItwwInIoedoiQTubxDNBzTKZIKzKr0y8JhtMJn6nZVQPbRrh9v
 TBzPmU1P+GBB1WAjDXrID6ipffTt0gGOqCFmdHtXeun3Jiy+En2XSX4NTcpkbH7s
 Lyi8DBxCCjq9y242ZuC7f7bseH/0Rle7CUXktbTtjemyAVzo5iVkZi//zb0iGtck
 e9r7hqoUN5mAAkgqKdeCzwfa0/1FCKPrYbnPGHKtpg5FKkd2axDwH6mB4LLbfITh
 APSaNevBPfyeid7cyo/XXldE1WJ2D/Sqaz49ZASDTb338tSQZbr/MIQV2ERb7xGM
 WBYh4N7BLcO46CPkb7yB
 =dgV0
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/vivier2/tags/trivial-patches-pull-request' into staging

Trivial patches for 4.0 (2019-01-09)

# gpg: Signature made Wed 09 Jan 2019 13:06:58 GMT
# gpg:                using RSA key F30C38BD3F2FBE3C
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>"
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>"
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>"
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F  5173 F30C 38BD 3F2F BE3C

* remotes/vivier2/tags/trivial-patches-pull-request:
  ioapic: use TYPE_FOO MACRO than constant string
  trivial: Don't include isa.h if it is not really necessary
  hw/audio/marvell: Don't include unnecessary i2c.h header file
  qom: Include qemu/fprintf-fn.h in cpu.h
  hw/core: fix whitespace in a sentence
  typedefs: (Re-)sort entries alphabetically

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-10 15:33:28 +00:00
Gerd Hoffmann
a7fde1c170 usb-audio: ignore usb packages with wrong size
usb packets with no payload (zero length) seem to happen in practice for
whatever reason.  Add a check and skip the packet then, otherwise we'll
trigger an assert.

Reported-by: Leonardo Soares Müller <leozinho29_eu@hotmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20181211072649.20700-1-kraxel@redhat.com
2019-01-10 09:56:19 +01:00
Thomas Huth
95a38c395d hw/audio/marvell: Don't include unnecessary i2c.h header file
This device does not use I2C, so no need to include the header file here.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <1546614146-10525-1-git-send-email-thuth@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-01-10 09:51:42 +01:00
Marc-André Lureau
1b63665c2c configure: bump spice-server required version to 0.12.5
Looking at chardev/spice.c code, I realize compilation was broken for
a while with spice-server < 0.12.3. Let's bump required version
to 0.12.5, released May 19 2014, instead of adding more #ifdef.

(this patch combines changes from an early version and some of
Frediano "[PATCH 2/2] spice: Bump required spice-server version to
0.12.6")

According to repology, all the distros that are build target platforms
for QEMU include it:

      RHEL-7: 0.14.0
      Debian (Stretch): 0.12.8
      Debian (Jessie): 0.12.5
      FreeBSD (ports): 0.14.0
      OpenSUSE Leap 15: 0.14.0
      Ubuntu (Xenial): 0.12.6

Note that a previous version of this patch was bumping version to
0.12.6. Unfortunately, Debian Jessie (oldstable) is stuck with spice
server 0.12.5, and QEMU should keep building until after 2y of current
stable (Stretch), which will be around June 17th 2019. Qemu 4.1
should thus be free of bumping to spice-server 0.12.6 during 4.1
development cycle.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 20181128155932.16171-1-marcandre.lureau@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-01-10 08:55:13 +01:00
Marc-André Lureau
ab94c6b42f qdev: fix -device scsi-hd,help regression
Since commit ea9ce8934, device_post_init() applies globals directly
from machines and accelerator classes.

There are cases, such as -device scsi-hd,help, where the machine is
setup but there in no accelerator.

Let's skip accelerator globals in this case.

Fixes SEGV:
 #0  0x0000555558ea04ff in object_get_class (obj=0x0) at /home/elmarco/src/qemu/build/../qom/object.c:857
 #1  0x000055555854c797 in object_apply_compat_props (obj=0x616000078980) at /home/elmarco/src/qemu/build/../hw/core/qdev.c:978
 #2  0x000055555854c797 in object_apply_compat_props (obj=0x616000078980) at /home/elmarco/src/qemu/build/../hw/core/qdev.c:973
 #3  0x000055555854c959 in device_post_init (obj=0x616000078980) at /home/elmarco/src/qemu/build/../hw/core/qdev.c:989
 #4  0x0000555558e9e250 in object_post_init_with_type (ti=<optimized out>, obj=0x616000078980) at /home/elmarco/src/qemu/build/../qom/object.c:365
 #5  0x0000555558e9e250 in object_initialize_with_type (data=0x616000078980, size=616, type=<optimized out>) at /home/elmarco/src/qemu/build/../qom/object.c:425
 #6  0x0000555558e9e571 in object_new_with_type (type=0x613000031900) at /home/elmarco/src/qemu/build/../qom/object.c:588
 #7  0x000055555830c048 in qmp_device_list_properties (typename=typename@entry=0x60200000c2d0 "scsi-hd", errp=errp@entry=0x7fffffffc540) at /home/elmarco/src/qemu/qmp.c:519
 #8  0x00005555582c4027 in qdev_device_help (opts=<optimized out>) at /home/elmarco/src/qemu/qdev-monitor.c:283
 #9  0x0000555559378fa2 in qemu_opts_foreach (list=<optimized out>, func=func@entry=0x5555582cfca0 <device_help_func>, opaque=opaque@entry=0x0, errp=errp@entry=0x0) at /home/elmarco/src/qemu/util/qemu-option.c:1171

https://bugzilla.redhat.com/show_bug.cgi?id=1664364

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20190109102311.7635-1-marcandre.lureau@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Lukáš Doktor <ldoktor@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2019-01-09 22:10:17 -02:00
Eduardo Habkost
6c36bddf53 machine: Use shorter format for GlobalProperty arrays
Instead of verbose arrays with 4 lines for each entry, make each
entry take only one line.  This makes long arrays that couldn't
fit in the screen become short and readable.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20190107193020.21744-4-ehabkost@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2019-01-09 22:10:00 -02:00
Eduardo Habkost
e0985450e1 machine: Eliminate unnecessary stringify() usage
stringify() is useful when we need to use macros in compat_props
(like when we set virtio-baloon-pci.class=PCI_CLASS_MEMORY_RAM at
pc_i440fx_1_0_machine_options()), but it is pointless when we are
already providing a number literal.

Replace stringify() with string literals when appropriate.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20190107193020.21744-3-ehabkost@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2019-01-09 22:10:00 -02:00
Eduardo Habkost
b3bcb3cedf spapr: Eliminate SPAPR_PCI_2_7_MMIO_WIN_SIZE macro
The macro is only used in one place, where the purpose of the
value is obvious.  Eliminate the macro so we don't need to rely
on stringify().

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20190107193020.21744-2-ehabkost@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Acked-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2019-01-09 22:10:00 -02:00
David Hildenbrand
e3213eb5ec memory-device: rewrite address assignment using ranges
Let's rewrite it properly using ranges. This fixes certain overflows that
are right now possible. E.g.

qemu-system-x86_64 -m 4G,slots=20,maxmem=40G -M pc \
    -object memory-backend-file,id=mem1,share,mem-path=/dev/zero,size=2G
    -device pc-dimm,memdev=mem1,id=dimm1,addr=-0x40000000

Now properly errors out instead of succeeding. (Note that qapi
parsing of huge uint64_t values is broken and fixes are on the way)

"can't add memory device [0xffffffffa0000000:0x80000000], usable range for
memory devices [0x140000000:0xe00000000]"

Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20181214131043.25071-3-david@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2019-01-09 22:09:31 -02:00
Li Qiang
34bec7a8d0 ioapic: use TYPE_FOO MACRO than constant string
Make them more QOMConventional.
Cc:qemu-trivial@nongnu.org

Signed-off-by: Li Qiang <liq3ea@163.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20190105023831.66910-1-liq3ea@163.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2019-01-09 11:33:47 +01:00
Thomas Huth
0cd0589ecf trivial: Don't include isa.h if it is not really necessary
These files don't seem to do anything related to ISA directly, so
there is no need to include isa.h here.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <1546615943-16274-1-git-send-email-thuth@redhat.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2019-01-09 11:24:35 +01:00
Thomas Huth
29bc0a6072 hw/audio/marvell: Don't include unnecessary i2c.h header file
This device does not use I2C, so no need to include the header file here.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <1546614146-10525-1-git-send-email-thuth@redhat.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2019-01-09 11:18:06 +01:00
Wainer dos Santos Moschetta
097f699ce9 hw/core: fix whitespace in a sentence
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20181224154922.3338-1-wainersm@redhat.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2019-01-09 11:09:31 +01:00
Cédric Le Goater
3a8eb78e6c spapr: enable XIVE MMIOs at reset
Depending on the interrupt mode of the machine, enable or disable the
XIVE MMIOs.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-01-09 09:28:14 +11:00
Cédric Le Goater
13db0cd9b8 spapr: introduce a new sPAPR IRQ backend supporting XIVE and XICS
The 'dual' sPAPR IRQ backend supports both interrupt mode, XIVE
exploitation mode and the legacy compatibility mode (XICS). both modes
are not supported at the same time.

The machine starts with the legacy mode and a new interrupt mode can
then be negotiated by the CAS process. In this case, the new mode is
activated after a reset to take into account the required changes in
the machine. These impact the device tree layout, the interrupt
presenter object and the exposed MMIO regions in the case of XIVE.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-01-09 09:28:14 +11:00
Cédric Le Goater
872ff3dea3 spapr: move the qemu_irq array under the machine
The qemu_irq array is now allocated at the machine level using a sPAPR
IRQ set_irq handler depending on the chosen interrupt mode. The use of
this handler is slightly inefficient today but it will become necessary
when the 'dual' interrupt mode is introduced.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-01-09 09:28:14 +11:00
Cédric Le Goater
f8df900316 pnv/psi: move the ICSState qemu_irq array under the PSI device model
Future changes of the ICSState object will remove the qemu_irq array
from under the interrupt controller model. Prepare ground for the PSI
interrupt sources and introduce a new one directly under the PSI
device model.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-01-09 09:28:14 +11:00
Cédric Le Goater
734d9c8905 ppc: export the XICS and XIVE set_irq handlers
To support the 'dual' interrupt mode, XICS and XIVE, we plan to move
the qemu_irq array of each interrupt controller under the machine and
do the allocation under the sPAPR IRQ init method.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-01-09 09:28:14 +11:00
Cédric Le Goater
e502202c9b spapr: return from post_load method when RTC import fails
The error value can be squashed by the section handling radix migration.
Simply bail out if an error occurs when the RTC offset is imported.

This fixes the Coverity issue CID 1398591.

Fixes: d39c90f5f3 ("spapr: Fix migration of Radix guests")
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-01-09 09:28:14 +11:00
Cédric Le Goater
3ff73aa241 ppc: replace the 'Object *intc' by a 'ICPState *icp' pointer under the CPU
Now that the 'intc' pointer is only used by the XICS interrupt mode,
let's make things clear and use a XICS type and name.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-01-09 09:28:14 +11:00
Cédric Le Goater
129dbe6926 ppc/xive: introduce a XiveTCTX pointer under PowerPCCPU
which will be used by the machine only when the XIVE interrupt mode is
in use.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-01-09 09:28:14 +11:00
Cédric Le Goater
8fa1f4ef38 spapr: modify the prototype of the cpu_intc_create() method
Today, the interrupt presenter is linked to a CPU using the
cpu_intc_create() method of the sPAPR IRQ backend. The resulting
object is assigned to the PowerPCCPU 'intc' pointer whatever the
interrupt mode, XICS or XIVE.

To support the 'dual' interrupt mode, we will need to distinguish
between the two presenter objects and for that, we plan to introduce a
second interrupt presenter object pointer under the PowerPCCPU. The
modifications below move the assignment of the presenter object under
the cpu_intc_create() method to prepare ground for the future changes.

Both sPAPR and PowerNV machines are impacted.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-01-09 09:28:14 +11:00
Cédric Le Goater
a0c493ae67 spapr/xive: simplify the sPAPR IRQ qirq method for XIVE
The qirq routines of the XiveSource and the sPAPRXive model are only
used under the sPAPR IRQ backend. Simplify the overall call stack and
gather all the code under spapr_qirq_xive(). It will ease future
changes.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-01-09 09:28:14 +11:00
Greg Kurz
1da85c2ae6 spapr_pci: Define SPAPR_MAX_PHBS in hw/pci-host/spapr.h
PHB hotplug will bring more users for it. Let's define it along with
the PHB defines from which it is derived for simplicity.

While here fix a misleading comment about manual placement, which was
abandoned with 30b3bc5aa9.

Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-01-09 09:28:14 +11:00
Michael Roth
c13ee16911 pci: allow cleanup/unregistration of PCI root buses
This adds cleanup counterparts to pci_register_root_bus(),
pci_root_bus_new(), and pci_bus_irqs().

These cleanup routines are needed in the case of hotpluggable
PCIHostBridge implementations. Currently we can rely on the
object_unparent()'ing of the PCIHostState recursively unparenting
and cleaning up it's child buses, but we need explicit calls
to also:

  1) remove the PCIHostState from pci_host_bridges global list.
     otherwise, we risk accessing freed memory when we access
     the list later
  2) clean up memory allocated in pci_bus_irqs()

Both are handled outside the context of any particular bus or
host bridge's init/realize functions, making it difficult to
avoid the need for explicit cleanup functions without remodeling
how PCIHostBridges are created. So keep it simple and just add
them for now.

Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-01-09 09:28:14 +11:00
Greg Kurz
999c9caf2e spapr: move spapr_create_phb() to core machine code
This function is only used when creating the default PHB. Let's rename
it and move it to the core machine code for clarity.

Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-01-09 09:28:14 +11:00
BALATON Zoltan
a0557225fe ppc4xx: Disable debug logging by default
Debug logs were left enabled in ppc4xx_devs.c whereas in other files
these are normally not enabled. Disable it here as well.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-01-09 09:28:13 +11:00
Alexey Kardashevskiy
fea35ca4b8 ppc/spapr: Receive and store device tree blob from SLOF
SLOF receives a device tree and updates it with various properties
before switching to the guest kernel and QEMU is not aware of any changes
made by SLOF. Since there is no real RTAS (QEMU implements it), it makes
sense to pass the SLOF final device tree to QEMU to let it implement
RTAS related tasks better, such as PCI host bus adapter hotplug.

Specifially, now QEMU can find out the actual XICS phandle (for PHB
hotplug) and the RTAS linux,rtas-entry/base properties (for firmware
assisted NMI - FWNMI).

This stores the initial DT blob in the sPAPR machine and replaces it
in the KVMPPC_H_UPDATE_DT (new private hypercall) handler.

This adds an @update_dt_enabled machine property to allow backward
migration.

SLOF already has a hypercall since
https://github.com/aik/SLOF/commit/e6fc84652c9c0073f9183

This makes use of the new fdt_check_full() helper. In order to allow
the configure script to pick the correct DTC version, this adjusts
the DTC presense test.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-01-09 09:28:13 +11:00
Laurent Vivier
c24ba3d0a3 spapr: Add H-Call H_HOME_NODE_ASSOCIATIVITY
H_HOME_NODE_ASSOCIATIVITY H-Call returns the associativity domain
designation associated with the identifier input parameter

This fixes a crash when we try to hotplug a CPU in memory-less and
CPU-less numa node. In this case, the kernel tries to online the
node, but without the information provided by this h-call, the node id,
it cannot and the CPU is started while the node is not onlined.

It also removes the warning message from the kernel:
  VPHN is not supported. Disabling polling..

Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-01-09 09:28:13 +11:00
Peter Maydell
147923b1a9 usb: generic sysbus ehci, bugfixes.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJcNMeBAAoJEEy22O7T6HE4W48QAMi3iyjY4OUDSHyYwGD80wZ5
 A9vl8RYPQQYXZANGwMhr/uHZUBpH1V55WGd5CfKJ2IrVNwi4Q1T+3rmbB+V2ROaq
 MPWjHP7aJHyderdUycaVK7PmlrSJKdAC096+azYsMmxT+A5yhwlqr33EdHDSmOYz
 CQ/Fpn1waWXxG/Q9jnVIUqT6NP25j3CxgMU3jqUa+NauseIFr/6ZFPxukjbPQ4Yu
 bpcPoc+W/iL8ijhrCru+n4XqM8hU6JDavRKWzUQ+ljn8hhhh2aIbWqlVdHP9szpz
 wo2DtdzpbFdspVnXFCf7YPDrNZsZ31+bnfJHGFjSOghNq5jnvMOx5bvqux2WiZQj
 WcgN/Ej59aQzDkIuFASkC/E2KVl30Qw2u3WT11zG1VO6aIHe1oa8FMbL/ys0Xj4Q
 XW+TRhWXxK5GlR0WEaEUXPxrK+zsJmrjSj70XH9BaWj/A12FRwLYG5VSQC0PsuAB
 IoDzc4rgDNsm1Mig58Oklu8PJAenxJH573VM27+XMMfkj5/hpCvDQ6P5gi1TWffE
 L4ICP7CDy1eBj4L8IDcdPXcOWcrWGti4A+zBcIoshHzA5KWA6mg5QxlKCO3VDQ3R
 3bpWjxcHdelHLDaJ7qyemspvBdukfyOCJfieagtdCuwfw2GU5Uvx1wbu1G7vIhSh
 nL/gyaGei/buOhd45751
 =K5K4
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/usb-20190108-pull-request' into staging

usb: generic sysbus ehci, bugfixes.

# gpg: Signature made Tue 08 Jan 2019 15:53:37 GMT
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/usb-20190108-pull-request:
  usb: move ehci_create_ich9_with_companions to hw/i386
  hw/usb: Add generic sys-bus EHCI controller
  usb: dev-mtp: fix memory leak in error path
  usb: drop unnecessary usb_device_post_load checks
  hw/usb: fix mistaken de-initialization of CCID state

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-08 16:07:32 +00:00
Paolo Bonzini
efce3175fd usb: move ehci_create_ich9_with_companions to hw/i386
This function is only needed when Q35 is in use.  Moving it to
the same file that uses it lets you disable the entire USB
subsystem in x86_64-softmmu.mak; of course doing that will
cause -usb to break horribly, but one thing at a time.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1545064358-4601-1-git-send-email-pbonzini@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-01-08 12:43:41 +01:00
Hongbo Zhang
114529f79e hw/usb: Add generic sys-bus EHCI controller
This patch introduces a new system bus generic EHCI controller.
For the system bus EHCI controller, we've already had "xlnx",
"exynos4210", "tegra2", "ppc4xx" and "fusbh200", they are specific and
only suitable for their own platforms, platforms such as an Arm server,
may need a generic system bus EHCI controller, this patch creates it,
and the kernel driver ehci_platform.c works well on it.

Signed-off-by: Hongbo Zhang <hongbo.zhang@linaro.org>
Message-id: 1546077657-22637-1-git-send-email-hongbo.zhang@linaro.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-01-08 12:41:32 +01:00
Li Qiang
8e3759ef04 usb: dev-mtp: fix memory leak in error path
Spotted by Coverity: CID 1397074

Fixes: c52d46e041
Signed-off-by: Li Qiang <liq3ea@163.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190103132605.49476-1-liq3ea@163.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-01-08 12:40:35 +01:00
Jonathan Davies
f30815390a usb: drop unnecessary usb_device_post_load checks
In usb_device_post_load, certain values of dev->setup_len or
dev->setup_index can cause -EINVAL to be returned. One example is when
setup_len exceeds 4096, the hard-coded value of sizeof(dev->data_buf).
This can happen through legitimate guest activity and will cause all
subsequent attempts to migrate the guest to fail in vmstate_load_state.

The values of these variables can be set by USB packets originating in
the guest. There are two ways in which they can be set: in
do_token_setup and in do_parameter in hw/usb/core.c.

It is easy to craft a USB packet in a guest that causes do_token_setup
to set setup_len to a value larger than 4096. When this has been done
once, all subsequent attempts to migrate the VM will fail in
usb_device_post_load until the VM is next power-cycled or a
smaller-sized USB packet is sent to the device.

Sample code for achieving this in a VM started with "-device usb-tablet"
running Linux with CONFIG_HIDRAW=y and HID_MAX_BUFFER_SIZE > 4096:

  #include <sys/types.h>
  #include <sys/stat.h>
  #include <fcntl.h>
  #include <unistd.h>

  int main() {
           char buf[4097];
           int fd = open("/dev/hidraw0", O_RDWR|O_NONBLOCK);

           buf[0] = 0x1;
           write(fd, buf, 4097);

           return 0;
  }

When this code is run in the VM, qemu will output:

  usb_generic_handle_packet: ctrl buffer too small (4097 > 4096)

A subsequent attempt to migrate the VM will fail and output the
following on the destination host:

  qemu-kvm: error while loading state for instance 0x0 of device '0000:00:06.7/1/usb-ptr'
  qemu-kvm: load of migration failed: Invalid argument

The idea behind checking the values of setup_len and setup_index before
they are used is correct, but doing it in usb_device_post_load feels
arbitrary, and will cause unnecessary migration failures. Indeed, none
of the commit messages for c60174e8, 9f8e9895 and 719ffe1f justify why
post_load is the right place to do these checks. They correctly point
out that the important thing to protect is the usb_packet_copy.

Instead, the right place to do the checks is in do_token_setup and
do_parameter. Indeed, there are already some checks here. We can examine
each of the disjuncts currently tested in usb_device_post_load to see
whether any need adding to do_token_setup or do_parameter to improve
safety there:

  * dev->setup_index < 0
     - This test is not needed because setup_index is explicitly set to
0 in do_token_setup and do_parameter.

  * dev->setup_len < 0
     - In both do_token_setup and do_parameter, the value of setup_len
is computed by (s->setup_buf[7] << 8) | s->setup_buf[6]. Since
s->setup_buf is a byte array and setup_len is an int32_t, it's
impossible for this arithmetic to set setup_len's top bit, so it can
never be negative.

  * dev->setup_index > dev->setup_len
     - Since setup_index is 0, this is equivalent to the previous test,
so is redundant.

  * dev->setup_len > sizeof(dev->data_buf)
     - This condition is already explicitly checked in both
do_token_setup and do_parameter.

Hence there is no need to bolster the existing checks in do_token_setup
or do_parameter, and we can safely remove these checks from
usb_device_post_load without reducing safety but allowing migrations to
proceed regardless of what USB packets have been generated by the guest.

Signed-off-by: Jonathan Davies <jonathan.davies@nutanix.com>
Message-Id: <20190107175117.23769-1-jonathan.davies@nutanix.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-01-08 12:37:52 +01:00