Commit Graph

32084 Commits

Author SHA1 Message Date
Tom Musta
80189035de target-ppc: Define Endian-Correct Accessors for VSR Field Access
This change defines accessors for VSR doubleword and word fields that
are correct from a host Endian perspective.  This allows code to
use the Power ISA indexing numbers in code.

For example, the xscvdpsxws instruction has a target VSR that looks
like this:

  0           32       64                    127
  +-----------+--------+-----------+-----------+
  | undefined | SW     | undefined | undefined |
  +-----------+--------+-----------+-----------+

VSX helper code will use VsrW(1) to access this field.

Signed-off-by: Tom Musta <tommusta@gmail.com>
Tested-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-04-08 11:20:01 +02:00
Tom Musta
0453099b7d target-ppc: Bug: VSX Convert to Integer Should Truncate
The various VSX Convert to Integer instructions should truncate the
floating point number to an integer value, which is equivalent to
a round-to-zero rounding mode.  The existing VSX floating point to
integer conversion helpers are erroneously using the rounding mode set
int the PowerPC Floating Point Status and Control Register (FPSCR).
This change corrects this defect by using the appropriate
float*_to_*_round_to_zero() routines fro the softfloat library.

Signed-off-by: Tom Musta <tommusta@gmail.com>
Tested-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-04-08 11:20:01 +02:00
Tom Musta
a13d448968 softfloat: Introduce float32_to_uint64_round_to_zero
This change adds the float32_to_uint64_round_to_zero function to the softfloat
library.  This function fills out the complement of float32 to INT round-to-zero
conversion rountines, where INT is {int32_t, uint32_t, int64_t, uint64_t}.

This contribution can be licensed under either the softfloat-2a or -2b
license.

Signed-off-by: Tom Musta <tommusta@gmail.com>
Tested-by: Tom Musta <tommusta@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-04-08 11:20:00 +02:00
Alexey Kardashevskiy
3636226ae4 pseries: Update SLOF firmware image to qemu-slof-20140404
The change log is:
  > Isolate sc 1 detection logic
  > build: auto-detect ppc64 architecture
  > cas: increase hcall buffer size to accomodate 256 cpus
  > usb: change device tree naming
  > usb-core: adjust port numbers in set_address
  > virtio-scsi: correct srplun comment
  > Fix kernel loading
  > Workaround to make grub2 assign server ip from dhcp ack packet only
  > ELF: Enter LE binary in LE mode
  > ELF loading should fail for virt != phys

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
2014-04-08 11:20:00 +02:00
Alexander Graf
6a450df9b8 PPC: E500: Set PIR default reset value rather than SPR value
We now reset SPRs to their reset values on CPU reset. So if we want
to have an SPR persistently changed, we need to change its default
reset value rather than the value itself manually.

Do this for SPR_BOOKE_PIR, fixing e500v2 SMP boot.

Reported-by: Frederic Konrad <fred.konrad@greensocs.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Tested-by: KONRAD Frederic <fred.konrad@greensocs.com>
2014-04-08 11:19:59 +02:00
Peter Maydell
55519a4b24 QOM/QTest infrastructure fixes
* Relicensing of FWPathProvider interface
 * Clean up all targets' qtests
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJTQtitAAoJEPou0S0+fgE/YgAP/iQSMEu+Y/fIhtBOgIjuP/Qr
 6NxNkiwIhT8T2eZmFBQ3qsuo3IrBFOmD2kXuQcywAhtvlfjcb36OF11dwPYRt/vy
 dqJge7s9CighNI34YHLpNbnu4XfqrwiMw8qwIEziNQ5GeBhM8azFwamcOAoiV3uw
 KzyclrJOj8Mvmx2Zd7nMhY8KLbEaZUsqm5ycFaPOhTTtSw4tHLsBRblwz5cBZUe7
 YaM3Da0j6qn0pYai98oG4b0TzMgn4ZH0PH0Rv9QyG66TH65PbwLNbrbHOb1ZQx40
 Eemirlm7um4rPFFayW/WKl/iyGHjKgyflm/2LvuV6pUCny+vU/qOp5eKLzuLqp7w
 S5OhLWxlwPXjFwTJUmG0+QYWlWbZJuh6S4/0K7+6vIHDuJtoIrpMkEqlc+KW3825
 vBNpBtybwOK+mDezzXIylF+sEYV37tWH3+3tagG/CEaFFj150xxyDQRpFhiurIpX
 JsqOKciWK4xW60y2lhQ4s5i4t3POsE+OChuzasqZm3vExNNee1QNLcWdFUOlJiqd
 pD8YBd6FoJhLewZMOo/0hiPa39o7NAVllDS2HloUVIy86LmBePgaTt5Eqn2dD03L
 so4rAkW+kMRqO8MwIE+pQeKLl1Iab0/UojcPI4EQr9cbJkNNaVVcmWpKjVO2CbI7
 FM7PqgvCf8+F1iwmDZMU
 =1t/E
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/afaerber/tags/qom-devices-for-2.0' into staging

QOM/QTest infrastructure fixes

* Relicensing of FWPathProvider interface
* Clean up all targets' qtests

# gpg: Signature made Mon 07 Apr 2014 17:56:13 BST using RSA key ID 3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg:                 aka "Andreas Färber <afaerber@suse.com>"

* remotes/afaerber/tags/qom-devices-for-2.0:
  tests: Update check-clean rule
  fw-path-provider: Change GPL version to 2+

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-07 17:57:23 +01:00
Andreas Färber
f85e3457ce tests: Update check-clean rule
Only i386, x86_64, sparc and sparc64 qtests were cleaned up.
Make this more generic to not miss any newly tested targets.

Reported-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-04-07 18:33:22 +02:00
Michael Tokarev
9c269f6d7b Makefile: remove bashism
When installing modules (when --enable-modules is specified for
./configure), Makefile uses the following construct to replace all
slashes with dashes in module name:

 ${s//\//-}

This is a bash-specific substitution mechanism.  POSIX does not
have it, and some operating systems (for example Debian) does not
implement this construct in default shell (for example dash).

Use more traditional way to perform the substitution: use `tr' tool.

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Message-id: 1396707946-21351-1-git-send-email-mjt@msgid.tls.msk.ru
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-07 15:19:16 +01:00
Don Slutz
dffacd4654 char/serial: Fix emptyness handling
The commit 88c1ee73d3
char/serial: Fix emptyness check

Still causes extra NULL byte(s) to be sent.

So if the fifo is empty, do not send an extra NULL byte.

Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Don Slutz <dslutz@verizon.com>
Message-id: 1395160174-16006-1-git-send-email-dslutz@verizon.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-07 14:51:32 +01:00
Alexey Kardashevskiy
20c50a955f fw-path-provider: Change GPL version to 2+
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-04-07 15:36:07 +02:00
Peter Maydell
bd7ce902ab spice: monitors_config: check pointer before dereferencing
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJTQnunAAoJEEy22O7T6HE4li8QAL2Exsa64zpw2rUrgLIQLWRR
 28Ey0+og7Q1oFRSKkSWpTZnve29BAl/3E8x2y08RmgeBJrHdL4ASiYBVgfVZaZJF
 KgWY3e58yART4w/DBSMTix6Wq3ZD2EL00WgJWJRzmxUonIQF+WCn+bAIuXlsbdEV
 TycYsvLzP18byvd7MLUS2aErmxOoWOz8Jdta1zGyw4zdzX6L+aQG61jlxWXXpsau
 J0vzz07JnZdYsIRpQPnlsyIXrPfPRKGZ0VzB31AElgBTZ64EYu5aaLf3yQ3guyN0
 SB1smoX4exxTI078P91EhIMGsBwRI96IiuvURWvRbR/JTmfiiIJe3LVdPa1MhMC5
 pMxk3DJ4wXx+pJyZGr8eJY511oj+5jZ96cChHkTDVulpN05xxu1KNfLajukkpMIu
 BtRIDlZRYOy0Xbmv4dBh4TB8AIjLFY30gmqbNckc9LK4RIaxPSpeZq9Un19yVqMv
 SMyCu+4Z4QfYFO+zkOxf/q7fPS++WXl4ouGGm98Ax084W7YuCs5xwEV1s8+l4TcE
 EU+LOSSIuBRDhuSkoX6y0hRQLF8Mp/Q/wwMvoldzHS6aweQEIKVVfUmvH0LlS0nP
 PxWmxQ5wX0LtctGgQzRTRKuZSJEjpxKWcSmK1cVA2QUpPPQOJpW0H51FAwgVIEks
 FuqnjSm+0OLEHZoAaMD0
 =YohG
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/spice/tags/pull-spice-6' into staging

spice: monitors_config: check pointer before dereferencing

# gpg: Signature made Mon 07 Apr 2014 11:19:19 BST using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/spice/tags/pull-spice-6:
  spice: monitors_config: check pointer before dereferencing

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-07 12:48:34 +01:00
Peter Maydell
e20c016e32 gtk: pointer fixes from Takashi Iwai.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJTQmcoAAoJEEy22O7T6HE42vQP/ROH/ifmjMPB5ungvZCuyrNK
 2vNuGblzFuJRDy7AQTC/KJvzNkePqKoRVnax/GNcEX4EUrECX+Fhnlzq5NTA3kgS
 GMb1Sov8UF+ceWye3ZIGhAk2AyYhdF9CrMjjdbjky8FCuRXyHFdWVgycyu9HEX9b
 Dq7klIH+WatU1ozfvOcY80YJ0QiBModrPnlIAwLZ7TdlI8i2PV2uqug58JDOVr+/
 RJK5YhHVochBtPKfkBBeCGrF0H1bP1W+ufXoApfuyarIMz/t1BNQbdcs1bkcJNl4
 erxcvEnZ6mkO8w4efI1QKB+OshDGwHZ5xj9+g+8WUjqtFRq9vnr0Ar8c8J4PvC7N
 +3bWkIA5aC9EDZRn9VFjLbWutINW2Oi+FawMg/1v5vMTJESEdzfFrSlc7U5ogvzR
 yhPP8+56im/nZGszSnzhTnFBAmFXIzurGRVBcWNrP3xR0b3FG4XAbyJqoa7m6v2a
 U8tZ2O3aEBzsquRrALEaMAvjBn25S1pLBsKR/vJj/VPL0EYkBXDLZsgl9OO5dyV+
 XVqMlUVuc2dFumEveUzvAkXMSeR7vEmVlVO9gPf8QhdlRpfWSv+Yy0EaKulrwgoq
 5kiTsj0WZPYhnACLWtxALDmXviVjgiKBTUwae55Qi1G+ULYRZTrctdV2Z3Cjr7KZ
 YvG9diPNVe/XmNOfILar
 =n2Yg
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/pull-gtk-4' into staging

gtk: pointer fixes from Takashi Iwai.

# gpg: Signature made Mon 07 Apr 2014 09:51:52 BST using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-gtk-4:
  ui: Update MAINTAINERS entry.
  gtk: Remember the last grabbed pointer position
  gtk: Fix the relative pointer tracking mode
  gtk: Use gtk generic event signal instead of motion-notify-event

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-07 12:27:10 +01:00
Gerd Hoffmann
dc491cfc14 spice: monitors_config: check pointer before dereferencing
Reported-by: Fabio Fantoni <fabio.fantoni@m2r.biz>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-04-07 12:18:43 +02:00
Gerd Hoffmann
25eccc37ff ui: Update MAINTAINERS entry.
With Amazon eating Anthonys time status "Maintained" certainly isn't
true any more.  Update entry accordingly.

Also add myself, so scripts/get_maintainer.pl will Cc: me, to reduce
the chance ui patches fall through the cracks on our pretty loaded
qemu-devel mailing list.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-04-07 10:50:30 +02:00
Takashi Iwai
ecce1929bc gtk: Remember the last grabbed pointer position
It's pretty annoying that the pointer reappears at a random place once
after grabbing and ungrabbing the input.  Better to restore to the
original position where the pointer was grabbed.

Reference: https://bugzilla.novell.com/show_bug.cgi?id=849587
Tested-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
Tested-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-04-07 10:10:16 +02:00
Takashi Iwai
e61031cdd8 gtk: Fix the relative pointer tracking mode
The relative pointer tracking mode was still buggy even after the
previous fix of the motion-notify-event since the events are filtered
out when the pointer moves outside the drawing window due to the
boundary check for the absolute mode.

This patch fixes the issue by moving the unnecessary boundary check
into the if block of absolute mode, and keep the coordinate in the
relative mode even if it's outside the drawing area.  But this makes
the coordinate (last_x, last_y) possibly pointing to (-1,-1),
introduce a new flag to indicate the last coordinate has been
updated.

Reference: https://bugzilla.novell.com/show_bug.cgi?id=849587
Tested-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
Tested-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-04-07 10:10:10 +02:00
Takashi Iwai
0d0e044dee gtk: Use gtk generic event signal instead of motion-notify-event
The GDK motion-notify-event isn't generated when the pointer goes out
of the target window even if the pointer is grabbed, which essentially
means to lose the pointer tracking in gtk-ui.

Meanwhile the generic "event" signal is sent when the pointer is
grabbed, so we can use this and pick the motion notify events manually
there instead.

Reference: https://bugzilla.novell.com/show_bug.cgi?id=849587
Tested-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
Tested-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-04-07 10:09:51 +02:00
Paolo Bonzini
466e6e9d13 target-i386: reorder fields in cpu/msr_hyperv_hypercall subsection
The subsection already exists in one well-known enterprise Linux
distribution, but for some strange reason the fields were swapped
when forward-porting the patch to upstream.

Limit headaches for said enterprise Linux distributor when the
time will come to rebase their version of QEMU.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1396452782-21473-1-git-send-email-pbonzini@redhat.com
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-05 10:49:05 +01:00
Peter Maydell
8ae60ee85c Block patches for 2.0.0
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJTPwcUAAoJEH8JsnLIjy/WDAkQAJAmVsEo27MpbZKclyMDXhMC
 ZB0QZ3rFQSfSX9wPbSsacnkDnyKjXYfC1g4aCxPkAFFJj/jSTqmqcgJMMDGtEgG5
 Pv1qMZVb2oFnVMIEF7EGHBLRmhjbFdGTsAPJG6ZZkmoOaE9W5rOZ7e07+PwBRadJ
 Gq29YVgwOmclgtCyhwZZbBxV26IdQ08L5fXmrfo1mj9gp9/Gy7Py5KsEtoYt3zPN
 dhBSSFeZP1JqioP9Q2X8DaRGQHwGXX52s8VMUFJIB95dLWP1W6Kcu2hrsGVE0XWW
 Guw9rAyX8OUP0qr3KFR9r2KXPwX9cM6ii8frK4CbBUdUQ17Eo7wYzwTLSn0+2CkM
 PdWick6kaAV42F7I2JTCwZAljHbHOmI7jY0ErOXvV1kw1UrMLODOrgc57/Rf8ke8
 DpatiM8UEoEqakZgJz3XeUws1/K1beDdG3tqYyGTts2V3eA3nWkzzbtksDPZZUUc
 A2Q5nrcbYsxLaNhP6bNT0BlqxvsxSJdG9O7tUU04shbITa8fs3ef1hbCbcgnQX++
 uq9KPH9rmeRtx9yCbV75WqlTbUNx8g+kmXEW6r1Zc0B9lrXyGfst4UQMbULtwwSv
 FgzORPqf8KYZBFH9Xs94WV/j+71/w7U0wUPD8+/fXO6vnc+N8+UtSWisiFUXLPdZ
 NHCYV6vpNJaAMNpaDUs/
 =SD02
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Block patches for 2.0.0

# gpg: Signature made Fri 04 Apr 2014 20:25:08 BST using RSA key ID C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"

* remotes/kevin/tags/for-upstream:
  dataplane: replace iothread object_add() with embedded instance
  iothread: make IOThread struct definition public
  dma-helpers: Initialize DMAAIOCB in_cancel flag
  block: Check bdrv_getlength() return value in bdrv_append_temp_snapshot()
  block: Fix snapshot=on for protocol parsed from filename
  qemu-iotests: Remove CR line endings in reference output
  block: Don't parse 'filename' option
  qcow2: Put cache reference in error case
  qcow2: Flush metadata during read-only reopen
  iscsi: Don't set error if already set in iscsi_do_inquiry

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-05 00:18:19 +01:00
Stefan Hajnoczi
54bee5c2b4 dataplane: replace iothread object_add() with embedded instance
Before IOThread was its own object, each virtio-blk device would create
its own internal thread.  We need to preserve this behavior for
backwards compatibility when users do not specify -device
virtio-blk-pci,iothread=<id>.

This patch changes how the internal IOThread object is created.
Previously we used the monitor object_add() function, which is really a
layering violation.  The problem is that this needs to assign a name but
we don't have a name for this internal object.

Generating names for internal objects is a pain but even worse is that
they may collide with user-defined names.

Paolo Bonzini <pbonzini@redhat.com> suggested that the internal IOThread
object should not be named.  This way the conflict cannot happen and we
no longer need object_add().

One gotcha is that internal IOThread objects will not be listed by the
query-iothreads command since they are not named.  This is okay though
because query-iothreads is new and the internal IOThread is just for
backwards compatibility.  New users should explicitly define IOThread
objects.

Reported-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Tested-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-04-04 20:48:13 +02:00
Stefan Hajnoczi
8c2664d869 iothread: make IOThread struct definition public
Make the IOThread struct definition public so objects can be embedded in
parent structs.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Tested-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-04-04 20:48:02 +02:00
Peter Maydell
4d1cb6e6f5 dma-helpers: Initialize DMAAIOCB in_cancel flag
Initialize the dbs->in_cancel flag in dma_bdrv_io(), since qemu_aio_get()
does not return zero-initialized memory. Spotted by the clang sanitizer
(which complained when the value loaded in dma_complete() was not valid
for a bool type); this might have resulted in leaking the AIO block.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-04-04 19:36:39 +02:00
Kevin Wolf
f187743acd block: Check bdrv_getlength() return value in bdrv_append_temp_snapshot()
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
2014-04-04 19:35:52 +02:00
Kevin Wolf
b998875dcf block: Fix snapshot=on for protocol parsed from filename
Since commit 9fd3171a, BDRV_O_SNAPSHOT uses an option QDict to specify
the originally requested image as the backing file of the newly created
temporary snapshot. This means that the filename is stored in
"file.filename", which is an option that is not parsed for protocol
names. Therefore things like -drive file=nbd:localhost:10809 were
broken because it looked for a local file with the literal name
'nbd:localhost:10809'.

This patch changes the way BDRV_O_SNAPSHOT works once again. We now open
the originally requested image as normal, and then do a similar
operation as for live snapshots to put the temporary snapshot on top.
This way, both driver specific options and parsed filenames work.

As a nice side effect, this results in code movement to factor
bdrv_append_temp_snapshot() out. This is a good preparation for moving
its call to drive_init() and friends eventually.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
2014-04-04 19:35:51 +02:00
Peter Maydell
bae2c27090 cpu-exec: Unlock tb_lock if we longjmp out of code generation
If the guest attempts to execute from unreadable memory, this will
cause us to longjmp back to the main loop from inside the
target frontend decoder. For linux-user mode, this means we will
still hold the tb_ctx.tb_lock, and will deadlock when we try to
start executing code again. Unlock the lock in the return-from-longjmp
code path to avoid this.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Andrei Warkentin <andrey.warkentin@gmail.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
2014-04-04 18:29:25 +01:00
Andrei Warkentin
cd7ccc8351 page_check_range: don't bail out early after unprotecting page
When checking a page range, if we found that a page was
made read-only by QEMU because it contained translated code,
we were incorrectly returning immediately after unprotecting
that page, rather than continuing to check the entire range,
so we might fail to unprotect pages later in the range, or
might incorrectly return a "success" result even if later
pages were not writable.

In particular, this could cause segfaults in a case where
signals are delivered back to back on a target architecture
which uses trampoline code in the stack frame (as AArch64
currently does). The second signal causes a segfault because
the frame cannot be written to (it was protected because
we translated and executed the restorer trampoline, and the
unprotect logic did not unprotect the whole range).

Signed-off-by: Andrei Warkentin <andrey.warkentin@gmail.com
[PMM: expanded commit message a bit]
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-04 18:16:03 +01:00
Peter Maydell
d097696eba hw/arm/vexpress, hw/arm/highbank: Don't insist that CPU has reset-cbar property
For the machine models which can have a Cortex-A15 CPU (vexpress-a15 and
midway), silently continue if the CPU object has no reset-cbar property
rather than failing. This allows these boards to be used under KVM with
the "-cpu host" option, since the 'host' CPU object has no reset-cbar
property.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Rob Herring <rob.herring@linaro.org>
2014-04-04 18:01:09 +01:00
Peter Maydell
3b418d0c45 hw/arm/highbank: Don't segfault on unknown CPU names
If the user passes an unknown CPU name via the '-cpu' option, exit
with an error message rather than segfaulting.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Rob Herring <rob.herring@linaro.org>
2014-04-04 17:46:11 +01:00
Kevin Wolf
cd40890816 qemu-iotests: Remove CR line endings in reference output
qemu doesn't print these CRs any more. The test still didn't fail
because the output comparison ignores line endings, but the change turns
up each time when you want to update the output.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
2014-04-04 17:10:32 +02:00
Kevin Wolf
e3fa4bfa72 block: Don't parse 'filename' option
When using the QDict option 'filename', it is supposed to be interpreted
literally. The code did correctly avoid guessing the protocol from any
string before the first colon, but it still called bdrv_parse_filename()
which would, for example, incorrectly remove a 'file:' prefix in the
raw-posix driver.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
2014-04-04 17:10:25 +02:00
Kevin Wolf
8885eadedd qcow2: Put cache reference in error case
When qcow2_get_cluster_offset() sees a zero cluster in a version 2
image, it (rightfully) returns an error. But in doing so it shouldn't
leak an L2 table cache reference.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
2014-04-04 17:10:08 +02:00
Kevin Wolf
4c2e5f8f46 qcow2: Flush metadata during read-only reopen
If lazy refcounts are enabled for a backing file, committing to this
backing file may leave it in a dirty state even if the commit succeeds.
The reason is that the bdrv_flush() call in bdrv_commit() doesn't flush
refcount updates with lazy refcounts enabled, and qcow2_reopen_prepare()
doesn't take care to flush metadata.

In order to fix this, this patch also fixes qcow2_mark_clean(), which
contains another ineffective bdrv_flush() call beause lazy refcounts are
disabled only afterwards. All existing callers of qcow2_mark_clean()
either don't modify refcounts or already flush manually, so that this
fixes only a latent, but not yet actually triggerable bug.

Another instance of the same problem is live snapshots. Again, a real
corruption is prevented by an explicit flush for non-read-only images in
external_snapshot_prepare(), but images using lazy refcounts stay dirty.

Cc: qemu-stable@nongnu.org
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-04-04 14:12:26 +02:00
Fam Zheng
cbee81f6de iscsi: Don't set error if already set in iscsi_do_inquiry
This eliminates the possible assertion failure in error_setg().

Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-04-04 14:11:34 +02:00
Peter Maydell
5913815a17 Update version for v2.0.0-rc1 release
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-03 15:51:01 +01:00
Peter Maydell
888157fe96 Merge remote-tracking branch 'remotes/riku/for-2.0' into staging
* remotes/riku/for-2.0:
  linux-user: pass correct host flags to accept4()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-03 14:31:20 +01:00
Andreas Färber
de03c3164a bswap: Fix build on FreeBSD 10.0
FreeBSD 10.0-RELEASE has bswap16() etc. macros defined in sys/endian.h,
which leads to a conflict with our static inline definitions.

Force using the system version of the macros.

Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Tested-by: Ed Maste <emaste@freebsd.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-03 13:44:25 +01:00
Alexander Graf
87d8354de3 PPC: openpic_kvm: Filter memory events properly
Commit 6f1834a2b exposed a bug in openpic_kvm where we don't filter
for memory events that only happen to the region we want to know
events about.

Add proper filtering, fixing the e500plat target with KVM.

Signed-off-by: Alexander Graf <agraf@suse.de>
Message-id: 1396431718-14908-1-git-send-email-agraf@suse.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-03 12:43:17 +01:00
Peter Maydell
784a5592c9 Merge remote-tracking branch 'remotes/bonzini/scsi-next' into staging
* remotes/bonzini/scsi-next:
  iscsi: always query max WRITE SAME length
  iscsi: ignore flushes on scsi-generic devices
  iscsi: recognize "invalid field" ASCQ from WRITE SAME command
  scsi-bus: remove bogus assertion

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-03 12:24:35 +01:00
Peter Crosthwaite
97891afab8 MAINTAINERS: Update Peter Crosthwaite's email
Change over to my proper Xilinx email. s/petalogix.com/xilinx.com.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: cdff0c388c70df06217c467dcfb89267b7911feb.1396506607.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-03 12:23:27 +01:00
Paolo Bonzini
c97ca29db0 iscsi: always query max WRITE SAME length
Max WRITE SAME length is also used when the UNMAP bit is zero, so it
should be queried even if LBPWS=0.  Same for the optimal transfer
length.

However, the write_zeroes_alignment only matters for UNMAP=1 so we
still restrict it to LBPWS=1.

Reviewed-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-04-03 13:10:53 +02:00
Paolo Bonzini
b2f9c08a4f iscsi: ignore flushes on scsi-generic devices
Non-block SCSI devices do not support flushing, but we may still send
them requests via bdrv_flush_all.  Just ignore them.

Reviewed-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-04-03 13:10:45 +02:00
Paolo Bonzini
27898a5daa iscsi: recognize "invalid field" ASCQ from WRITE SAME command
Some targets may return "invalid field" as the ASCQ from WRITE SAME
if they support the command only without the UNMAP field.  Recognize
that, and return ENOTSUP just like for "invalid operation code".

Reviewed-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-04-03 13:10:32 +02:00
Paolo Bonzini
d581eb7ca4 scsi-bus: remove bogus assertion
This assertion is invalid, because get_sg_list can return an
empty sg-list even for commands that transfer no data (such
as SYNCHRONIZE CACHE).

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-04-02 13:24:23 +02:00
Peter Maydell
82c6f51373 Tracing pull request
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJTOwCwAAoJEJykq7OBq3PIhugIAIIUqFqLsUGYSLt5higk+PZv
 Lzt7/KIxAdJYQL20KhXVSjoBI45hco7yxcRU0YVFo10KShQd0kIHefkUfo/QYTpB
 LUFx+/0odIFQoyawc/mDmLYWkt9/Zrgk9S08Edg6Xnzl33rd7dL9ouJHE7jYBTVX
 DilLgJYJz3PCCnJ0UohKDvDthZtJPKvZOlTCqZ5zQFj/RQm5scLrdOHOAf9xdYaj
 BC+PmrCXLP0XFOo0T+/b4IgyrZ3v9qoJG6h5P7+s1WsMNV2pM6/Y87tMqwoNmelT
 popknGD+e8u0/tDtaqB9PXtL7PrLRYom3JpS173O3L6BwMWkGtvW0UlPdACaR5M=
 =ZyB2
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/stefanha/tags/tracing-pull-request' into staging

Tracing pull request

# gpg: Signature made Tue 01 Apr 2014 19:08:48 BST using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"

* remotes/stefanha/tags/tracing-pull-request:
  trace: add workaround for SystemTap PR13296

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-01 20:45:43 +01:00
Frank Ch. Eigler
9bcec938aa trace: add workaround for SystemTap PR13296
SystemTap sdt.h sometimes results in compiled probes without sufficient
information to extract arguments.  This can be solved in a slightly
hacky way by encouraging the compiler to place arguments into registers.

This patch fixes the apic_reset_irq_delivered() trace event on Fedora 20
with gcc-4.8.2-7.fc20 and systemtap-sdt-devel-2.4-2.fc20 on x86_64.

Signed-off-by: Frank Ch. Eigler <fche@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-04-01 20:08:25 +02:00
Peter Maydell
53e11bd384 Block pull request
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJTOvM0AAoJEJykq7OBq3PIx0sH/0TKpaRIVq+CLpT783tEExuz
 QWTUIc69CQn/+E4kb0p7m76i9E7FPd0Ye9JhC5u6lLVdkkFIvAavCpCf4OyCQfqi
 Q+y7DxPYfWKbg3PnQuzezLFu/euucAU217nW/4B2S1lx3ceVDiSPcAN2Ar/9UcJ1
 9YXKpST3dTwZmCJdAfQ/fsbqJybtfC76uGsO2nHkqr6FOWMdB+tMyEkNh1lNnFsn
 HEBJRk71e/d5RyWiWXNVS77gNtjvSfGoJvD/+WZsqmeNNRslgtMlY2nhc38tpM38
 +au6Arbi6lv8+dE7hZcrgF7QEy/sBlM8MLhdW2hCRmqeGXhx1lw3Yen1+tVc9Bk=
 =NGXr
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging

Block pull request

# gpg: Signature made Tue 01 Apr 2014 18:11:16 BST using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"

* remotes/stefanha/tags/block-pull-request: (51 commits)
  qcow2: link all L2 meta updates in preallocate()
  parallels: Sanity check for s->tracks (CVE-2014-0142)
  parallels: Fix catalog size integer overflow (CVE-2014-0143)
  qcow2: Limit snapshot table size
  qcow2: Check maximum L1 size in qcow2_snapshot_load_tmp() (CVE-2014-0143)
  qcow2: Fix L1 allocation size in qcow2_snapshot_load_tmp() (CVE-2014-0145)
  qcow2: Fix NULL dereference in qcow2_open() error path (CVE-2014-0146)
  qcow2: Fix copy_sectors() with VM state
  block: Limit request size (CVE-2014-0143)
  block: vdi bounds check qemu-io tests
  dmg: prevent chunk buffer overflow (CVE-2014-0145)
  dmg: use uint64_t consistently for sectors and lengths
  dmg: sanitize chunk length and sectorcount (CVE-2014-0145)
  dmg: use appropriate types when reading chunks
  dmg: drop broken bdrv_pread() loop
  dmg: prevent out-of-bounds array access on terminator
  dmg: coding style and indentation cleanup
  qcow2: Fix new L1 table size check (CVE-2014-0143)
  qcow2: Protect against some integer overflows in bdrv_check
  qcow2: Fix types in qcow2_alloc_clusters and alloc_clusters_noref
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-01 18:23:28 +01:00
Peter Maydell
507979a8bd input bugfixes for 2.0
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJTOoP7AAoJEEy22O7T6HE43/cQAL137RodyAnxFdAqgTMJijdK
 nijcm5liqzZ7VHfAFRlaTQZBCO3iPVddDMxqgnFgo33bL2uJryKFeThmOlOScKWR
 J3oIH8VF0B8BUFpfAfN9UZ/Zso6ZImG4moAyypWtKMHjaWdjyE+B4pnKeNTuATyO
 xfbSHRvoTuaxhc7FoJNSwLbgd6D9eYswp7l6TkhUl1X1q+yB4wVcefzXDOgTweb2
 8kmJ6HGIu+A55KHz23qtgVrJlPP1bOtz3gqm/mdNoGtgmnw+NxRrqEuE6BK4ZSqu
 NegI31PSEjdA80XvnH5ebMSsvdFbuO9N81li0Jl4v83gC4Kod/Llg4CPnCRSnvu6
 stkB8nh+ahMdokVF7hH72DQM9Sim3zpMlJtq2afBj/+WmtA1xMw+B4Z85tCjMWjS
 rezgedmUDrI2F1NUlzRApkR9l12R0E0uQUTNa9WYm9FCjR26uUJD6mekWZcNi7Mn
 VbUgg/52zHcqxOmftA2kqhMtjPgWtr4CxZ7UqPtDN1zJqmJCGridSWrTFr6xog3U
 h4ZyD/jjpYr4d8PFv4CU9veuxVK0KGY6iHM8iE51c5ohnrLL6HXdccZu8Bzl9GDZ
 tT166lOlexyvu9/R3hg493UMyT0+MSh4PT96w50SnJAxg3AU89JOvcAfnaeSjy/8
 XrlM45uR9sD8T78cfgP2
 =4rVw
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/pull-input-7' into staging

input bugfixes for 2.0

# gpg: Signature made Tue 01 Apr 2014 10:16:43 BST using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-input-7:
  input: add sanity check
  input: mouse_set should check input device type.
  input: fix input_event_key_number trace event

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-01 16:58:04 +01:00
Stefan Hajnoczi
c792707f54 qcow2: link all L2 meta updates in preallocate()
preallocate() only links the first QCowL2Meta's data clusters into the
L2 table and ignores any chained QCowL2Metas in the linked list.

Chains of QCowL2Meta structs are built up when contiguous clusters span
L2 tables.  Each QCowL2Meta describes one L2 table update.  This is a
rare case in preallocate() but can happen.

This patch fixes preallocate() by iterating over the whole list of
QCowL2Metas.  Compare with the qcow2_co_writev() function's
implementation, which is similar but also also handles request
dependencies.  preallocate() only performs one allocation at a time so
there can be no dependencies.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-04-01 15:22:35 +02:00
Kevin Wolf
9302e863aa parallels: Sanity check for s->tracks (CVE-2014-0142)
This avoids a possible division by zero.

Convert s->tracks to unsigned as well because it feels better than
surviving just because the results of calculations with s->tracks are
converted to unsigned anyway.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-04-01 15:22:35 +02:00
Kevin Wolf
afbcc40bee parallels: Fix catalog size integer overflow (CVE-2014-0143)
The first test case would cause a huge memory allocation, leading to a
qemu abort; the second one to a too small malloc() for the catalog
(smaller than s->catalog_size), which causes a read-only out-of-bounds
array access and on big endian hosts an endianess conversion for an
undefined memory area.

The sample image used here is not an original Parallels image. It was
created using an hexeditor on the basis of the struct that qemu uses.
Good enough for trying to crash the driver, but not for ensuring
compatibility.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-04-01 15:22:35 +02:00