The code in hw/cirrus_vga.c has changed a lot between CVE-2007-1320 has
been announced and the patch has been applied. As a consequence it has
wrongly applied and QEMU is still vulnerable to this bug if using VNC.
(noticed by Jan Niehusmann)
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5587 c046a42c-6fe2-441c-8c8c-71466251a162
This patch makes qemu keep track of the character devices in use and
implements a "info chardev" monitor command to print a list.
qemu_chr_open() sticks the devices into a linked list now. It got a new
argument (label), so there is a name for each device. It also assigns a
filename to each character device. By default it just copyes the
filename passed in. Individual drivers can fill in something else
though. qemu_chr_open_pty() sets the filename to name of the pseudo tty
allocated.
Output looks like this:
(qemu) info chardev
monitor: filename=unix:/tmp/run.sh-26827/monitor,server,nowait
serial0: filename=unix:/tmp/run.sh-26827/console,server
serial1: filename=pty:/dev/pts/5
parallel0: filename=vc:640x480
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5575 c046a42c-6fe2-441c-8c8c-71466251a162
The current DMA routines are driven by a call in main_loop_wait() after every
select.
This patch converts the DMA code to be driven by a constantly rescheduled
bottom half. The advantage of using a scheduled bottom half is that we can
stop scheduling the bottom half when there no DMA channels are runnable. This
means we can potentially detect this case and sleep longer in the main loop.
The only two architectures implementing DMA_run() are cris and i386. For cris,
I converted it to a simple repeating bottom half. I've only compile tested
this as cris does not seem to work on a 64-bit host. It should be functionally
identical to the previous implementation so I expect it to work.
For x86, I've made sure to only fire the DMA bottom half if there is a DMA
channel that is runnable. The effect of this is that unless you're using sb16
or a floppy disk, the DMA bottom half never fires.
You probably should test this malc. My own benchmarks actually show slight
improvement by it's possible the change in timing could affect your demos.
Since v1, I've changed the code to use a BH instead of a timer. cris at least
seems to depend on faster than 10ms polling.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5573 c046a42c-6fe2-441c-8c8c-71466251a162
For outgoing DMA channels, keep processing descriptors until hitting end
of list.
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5553 c046a42c-6fe2-441c-8c8c-71466251a162
This patch fixes migration so that it works on Win32. This requires using
socket specific calls since sockets cannot be treated like file descriptors
on win32.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5525 c046a42c-6fe2-441c-8c8c-71466251a162
Since revision 5228, we don't register the memory hole (0xa00000 to
0xfffff) anymore. As a consequence, we don't need to register it again
as unassigned.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5522 c046a42c-6fe2-441c-8c8c-71466251a162
* Drop DMA poll mode. Instead immediately push rx frames straight into the DMA
without waiting for DMA_run to poll them of the fifo.
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5520 c046a42c-6fe2-441c-8c8c-71466251a162
this patch allows to fully use a tape device connected to qemu through
the scsi-generic interface.
Previous patch introduced tape SCSI commands management, this one
improve error case management:
- the SCSI controller command completion must be called with the status
value, not the sense value. In the case of scsi-generic, the SCSI status
is given by the field status of sg_io_hdr_t (the value is left shifted
by one regarding status codes defined in /usr/include/scsi/scsi.h)
- when a read is aborted due to a mark/EOF/EOD/EOM, the len reported to
controller can be 0. LSI controller emulation doesn't know how to manage
this. A workaround found is to call the completion routine with
SCSI_REASON_DONE just after calling it with SCSI_REASON_DATA with len=0.
This patch also manages correctly the block size of the tape device.
This patch has been tested with a real tape device "HP C5683A", linux
guest (debian etch) and tools like "mt", "tar" and "btape".
Windows guest is not better supported than before...
Signed-off-by: Laurent Vivier <Laurent.Vivier@bull.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5497 c046a42c-6fe2-441c-8c8c-71466251a162
This patch allows QEMUFile's read and write operations to return
negative error codes. This is necessary to detect things like closed
streams during live migration.
It also removes unused code for QEMUFileFD write path. Finally, it
makes sure to avoid attempting to flush an output buffer if the file
is only being used for input. This was spotted by Uri Lublin.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5474 c046a42c-6fe2-441c-8c8c-71466251a162
The current flash emulation code advertises a write buffer size of 16
bytes (1 << 4, according to offset 0x2A of the CFI table). This is
very small compared to normal write buffer sizes, and makes the
process of writing to the flash very slow (at least from U-Boot).
This patch increases this size to 2048 bytes. Except the modification
of the CFI table, the only other required modification is to use
"value" instead of "cmd" to set pfl->counter, because cmd is truncated
to the 8 lower bits of value, while the number of bytes for a write
can now be greater than 255 bytes.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5454 c046a42c-6fe2-441c-8c8c-71466251a162
The DIAGNOSE command in the qemu IDE implementation has an error when
use dfor packet devices.
The status register value is dependant on the drive being a packet
device or not, this patch corrects the returned status.
From the ATA/PI specification (V6 draft):
"If the device implements the PACKET command feature set, the device
SHALL clear bits 6,5,4,3,2 and 0 in the Status register to zero."
A selection of physical devices have been checked and do conform to
the specifications behaviour.
Signed-off-by: Vincent Sanders <vince@simtec.co.uk>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5452 c046a42c-6fe2-441c-8c8c-71466251a162
Introduce a max_cpus per-machine variable, allowing individual boards
to limit it's number of CPUs. Check requested number of CPUs in setup
code and exit if it exceeds the supported number for the machine.
This also renders the static MAX_CPUS check obsolete, so remove this
from vl.c.
Signed-off-by: Jes Sorensen <jes@sgi.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5443 c046a42c-6fe2-441c-8c8c-71466251a162
Modify all the machine struct declarations to use C99 initializers.
This patch has no functional changes.
Signed-off-by: Jes Sorensen <jes@sgi.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5442 c046a42c-6fe2-441c-8c8c-71466251a162
The current savevm/loadvm protocol has some draw backs. It does not support
the ability to do progressive saving which means it cannot be used for live
checkpointing or migration. The sections sizes are 32-bit integers which
means that it will not function when using more than 4GB of memory for a guest.
It attempts to seek within the output file which means it cannot be streamed.
The current protocol also is pretty lax about how it supports forward
compatibility. If a saved section version is greater than what the restore
code support, the restore code generally treats the saved data as being in
whatever version it supports. This means that restoring a saved VM on an older
version of QEMU will likely result in silent guest failure.
This patch introduces a new version of the savevm protocol. It has the
following features:
* Support for progressive save of sections (for live checkpoint/migration)
* An asynchronous API for doing save
* Support for interleaving multiple progressive save sections
(for future support of memory hot-add/storage migration)
* Fully streaming format
* Strong section version checking
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5434 c046a42c-6fe2-441c-8c8c-71466251a162
This patches slightly improves the debugging messages in pflash_read()
and pflash_write().
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5410 c046a42c-6fe2-441c-8c8c-71466251a162
pfl->wcycle was set to 1 when the erase confirm command was set, which
lead to the next command being misinterpreted by Qemu:
pflash_write: Unimplemented flash cmd sequence (offset 00000000,
wcycle 0x1 cmd 0x20 value 0x70)
This patch fixes this issue by resetting pfl->wcycle to 0 on erase
confirm so that the next command is considered as a new one.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5409 c046a42c-6fe2-441c-8c8c-71466251a162
INIT IPI should reset CPU. Also non boot CPU should be halted. It will
be un-halted by SIPI.
Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5390 c046a42c-6fe2-441c-8c8c-71466251a162
taken from Xen 17267:f4a92f0db20f, original patch by Samuel Thibault.
Signed-off-by: Avi Kivity <avi@qumranet.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5385 c046a42c-6fe2-441c-8c8c-71466251a162
If it does not, abort the command immediately rather than dropping
it on the floor.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5369 c046a42c-6fe2-441c-8c8c-71466251a162
This patch makes the ide emulation actually take notice of
error returns from bdrv_write and bdrv_aio_{read,write}.
(Cherry picked from qemu-xen e0e7a0afe0e324a1f7d64c240f567b15dbe454cf,
first posted to qemu-devel Wed, 20 Feb 2008 15:26:41 +0000)
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5368 c046a42c-6fe2-441c-8c8c-71466251a162
To support live migration, we override QEMUFile so that instead of writing to
disk, the save/restore state happens over a network connection.
This patch makes QEMUFile read/write operations function pointers so that we
can override them for live migration.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5352 c046a42c-6fe2-441c-8c8c-71466251a162