Commit Graph

18207 Commits

Author SHA1 Message Date
Paul Durrant
8f25e75441 xen: create wrappers for all other uses of xc_hvm_XXX() functions
This patch creates inline wrapper functions in xen_common.h for all open
coded calls to xc_hvm_XXX() functions outside of xen_common.h so that use
of xen_xc can be made implicit. This again is in preparation for the move
to using libxendevicemodel.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Reviewed-by: Anthony Perard <anthony.perard@citrix.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
2017-03-22 11:47:39 -07:00
Paul Durrant
260cabed71 xen: make use of xen_xc implicit in xen_common.h inlines
Doing this will make the transition to using the new libxendevicemodel
interface less intrusive on the callers of these functions, since using
the new library will require a change of handle.

NOTE: The patch also moves the 'externs' for xen_xc and xen_fmem from
      xen_backend.h to xen_common.h, and the declarations from
      xen_backend.c to xen-common.c, which is where they belong.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Reviewed-by: Anthony Perard <anthony.perard@citrix.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
2017-03-22 11:47:39 -07:00
Peter Maydell
41a56822e3 This pull request fixes a potential QEMU hang in 9pfs and two issues
reported by Coverity.
 -----BEGIN PGP SIGNATURE-----
 
 iEYEABECAAYFAljQ+SYACgkQAvw66wEB28J8ZwCgku9iE4sYZdkMxGdtyo1vVZkV
 Fy4AnRDKY62QCJSewzHa6k0qX+UEKZP1
 =ARLp
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/gkurz/tags/for-upstream' into staging

This pull request fixes a potential QEMU hang in 9pfs and two issues
reported by Coverity.

# gpg: Signature made Tue 21 Mar 2017 09:57:58 GMT
# gpg:                using DSA key 0x02FC3AEB0101DBC2
# gpg: Good signature from "Greg Kurz <groug@kaod.org>"
# gpg:                 aka "Greg Kurz <groug@free.fr>"
# gpg:                 aka "Greg Kurz <gkurz@linux.vnet.ibm.com>"
# gpg:                 aka "Gregory Kurz (Groug) <groug@free.fr>"
# gpg:                 aka "[jpeg image of size 3330]"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 2BD4 3B44 535E C0A7 9894  DBA2 02FC 3AEB 0101 DBC2

* remotes/gkurz/tags/for-upstream:
  9pfs: proxy: assert if unmarshal fails
  9pfs: don't try to flush self and avoid QEMU hang on reset

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-03-21 14:32:51 +00:00
Gerd Hoffmann
cc720a5dc4 add opengl_cflags to QEMU_CFLAGS
... and drop OPENGL_CFLAGS from Makefiles.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1490079888-29029-1-git-send-email-kraxel@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-03-21 10:25:01 +00:00
Greg Kurz
262169abe7 9pfs: proxy: assert if unmarshal fails
Replies from the virtfs proxy are made up of a fixed-size header (8 bytes)
and a payload of variable size (maximum 64kb). When receiving a reply,
the proxy backend first reads the whole header and then unmarshals it.
If the header is okay, it then does the same operation with the payload.

Since the proxy backend uses a pre-allocated buffer which has enough room
for a header and the maximum payload size, marshalling should never fail
with fixed size arguments. Any error here is likely to result from a more
serious corruption in QEMU and we'd better dump core right away.

This patch adds error checks where they are missing and converts the
associated error paths into assertions.

This should also address Coverity's complaints CID 1348519 and CID 1348520,
about not always checking the return value of proxy_unmarshal().

Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2017-03-21 09:12:47 +01:00
Greg Kurz
d5f2af7b95 9pfs: don't try to flush self and avoid QEMU hang on reset
According to the 9P spec [*], when a client wants to cancel a pending I/O
request identified by a given tag (uint16), it must send a Tflush message
and wait for the server to respond with a Rflush message before reusing this
tag for another I/O. The server may still send a completion message for the
I/O if it wasn't actually cancelled but the Rflush message must arrive after
that.

QEMU hence waits for the flushed PDU to complete before sending the Rflush
message back to the client.

If a client sends 'Tflush tag oldtag' and tag == oldtag, QEMU will then
allocate a PDU identified by tag, find it in the PDU list and wait for
this same PDU to complete... i.e. wait for a completion that will never
happen. This causes a tag and ring slot leak in the guest, and a PDU
leak in QEMU, all of them limited by the maximal number of PDUs (128).
But, worse, this causes QEMU to hang on device reset since v9fs_reset()
wants to drain all pending I/O.

This insane behavior is likely to denote a bug in the client, and it would
deserve an Rerror message to be sent back. Unfortunately, the protocol
allows it and requires all flush requests to suceed (only a Tflush response
is expected).

The only option is to detect when we have to handle a self-referencing
flush request and report success to the client right away.

[*] http://man.cat-v.org/plan_9/5/flush

Reported-by: Al Viro <viro@ZenIV.linux.org.uk>
Signed-off-by: Greg Kurz <groug@kaod.org>
2017-03-21 09:12:47 +01:00
Peter Maydell
940a8ce075 fixes for 2.9-rc1, plus removal of -mno-cygwin references
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQExBAABCAAbBQJYz7wTFBxwYm9uemluaUByZWRoYXQuY29tAAoJEL/70l94x66D
 AYwH/ip/ZIxsAEKMpQnGfwgHiLgGvFD+10wJECXLChyzcQLqqs4KingQEHMh6o9f
 Y1DTMyJBDk65k5zSEVx7nqisI82SUlvwOZJpVqCfF2AbY/HR+a+tUOp9njuz6EDh
 ZVSAnvIDfZC1P2BcXOPzEySXBNCZcZG0iHO9U4eobGAxRGVUs/8a8qHTuRVc2Mwg
 bT7lxLzE4chgQ1jFu2D7TzjwkFvAYeUHWdj2rl+U3KwEF9pUm0hAEfvymEP4d6hE
 hPqcE2X9W42n8wbxL7edI0EVZnc+bltfakioy+BxgrkxEZFLgMmKsUtNOuQ7sUdT
 VvQ3Zbw2solv6ltOqCbexLWueM4=
 =Vli2
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

fixes for 2.9-rc1, plus removal of -mno-cygwin references

# gpg: Signature made Mon 20 Mar 2017 11:25:07 GMT
# gpg:                using RSA key 0xBFFBD25F78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream:
  hax: fix breakage in locking
  configure: remove Cygwin
  xen: do not build backends for targets that do not support xen
  qemu-ga: obey LISTEN_PID when using systemd socket activation

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-03-20 16:34:26 +00:00
Peter Maydell
e8b974f1ed MIPS patches 2017-03-20
Changes:
 * Fix clang warnings
 * Fix delay slot detection in gen_msa_branch()
 * Fix rc4030 interval timer
 * Fix rc4030 to tranlate memory accesses only when they occur
 * Fix 4c4030 a mixed declarations and code warning
 * Update MAINTAINERS file
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.5 (GNU/Linux)
 
 iQIVAwUAWM/PCSI464bV95fCAQKEpRAAk01ohpkYPoezmU2r9xzDeh3p6TwecSxy
 QjSAYsomfREZ/eK4NjHSTrZIFQXJJDUNupw5yLLiwjjqX4lz/VhqF1ELeUSJVw6i
 o2+h7eSft5uewSYTZPoffvxGywT9FbTOGOgoIcp+i0HKWoZIdovR2Cqt3GcfPAmP
 IyjMdOHWcBkLpC0MnbD1B6Ty5x9caRlUf+LceuC6/EP6P+Lun4qroLfc+65v64df
 +hxcYh/05IXtCE4HZIiHfD91BZkmjx4OiWN0+lPWks2kW55x+fQm6ZK8neb9SVv0
 6apDMMvygrYQ18ukakK+wZqJag2bvu4hXE6DPka6/0aeQwN7+Z4h7E3EsOD3TJzU
 K/PGI8BnJwghp4YZXt4F+e60+LyVM3zCXXjFtLQ1FWABIKffg0vyv+rmZRgF0h0C
 PShsmcNH8icBOfM0uvGNWTReLp7WSkN62gmM1JoKHmYJDt+NuanHTwKowoFvNxws
 TQGvSH0JrfYTLE6jbXlXoMgEy7ww9Fsx7M7eQwQbZhK9BLAEcL84xmL996/ZmXtb
 N1TZ/HQTI415vpfj6YtSa6L1MtwswmaNvprQYMdMFZDCfRy6CbumG9USFSiDSYMg
 2Gzfa0tDNqy1MSX1jPeybUqcP5Sqe4JOyxLAF7TBHgIy6vhVw4cPfvZK9QWK7Mph
 AsQ+Pb8sPe4=
 =jHgS
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/yongbok/tags/mips-20170320' into staging

MIPS patches 2017-03-20

Changes:
* Fix clang warnings
* Fix delay slot detection in gen_msa_branch()
* Fix rc4030 interval timer
* Fix rc4030 to tranlate memory accesses only when they occur
* Fix 4c4030 a mixed declarations and code warning
* Update MAINTAINERS file

# gpg: Signature made Mon 20 Mar 2017 12:46:01 GMT
# gpg:                using RSA key 0x2238EB86D5F797C2
# gpg: Good signature from "Yongbok Kim <yongbok.kim@imgtec.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 8600 4CF5 3415 A5D9 4CFA  2B5C 2238 EB86 D5F7 97C2

* remotes/yongbok/tags/mips-20170320:
  MAINTAINERS: update for MIPS devices
  dma/rc4030: fix a mixed declarations and code warning
  dma/rc4030: translate memory accesses only when they occur
  dma: rc4030: limit interval timer reload value
  target/mips: fix delay slot detection in gen_msa_branch()
  target-mips: replace few LOG_DISAS() with trace points
  target-mips: replace break by goto cp0_unimplemented
  target-mips: log bad coprocessor0 register accesses with LOG_UNIMP
  target-mips: remove old & unuseful comments
  target-mips: fix compiler warnings (clang 5)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-03-20 13:53:14 +00:00
Yongbok Kim
1b393b310f dma/rc4030: fix a mixed declarations and code warning
Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
Reviewed-by: Hervé Poussineau <hpoussin@reactos.org>
2017-03-20 11:20:35 +00:00
Hervé Poussineau
c627e7526a dma/rc4030: translate memory accesses only when they occur
This simplifies the code a lot, and this fixes big memory leaks
introduced in a3d586f704

Windows NT is now able to boot without using gigabytes of ram on the host.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Reviewed-by: Yongbok Kim <yongbok.kim@imgtec.com>
Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
2017-03-20 11:20:26 +00:00
Prasad J Pandit
c0a3172fa6 dma: rc4030: limit interval timer reload value
The JAZZ RC4030 chipset emulator has a periodic timer and
associated interval reload register. The reload value is used
as divider when computing timer's next tick value. If reload
value is large, it could lead to divide by zero error. Limit
the interval reload value to avoid it.

Reported-by: Huawei PSIRT <psirt@huawei.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Tested-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
2017-03-20 11:19:55 +00:00
Peter Maydell
00e7c07b06 One bugfix for device plug/unplug and migration in the
channel subsystem code.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJYz5bHAAoJEN7Pa5PG8C+vLP8QAJ8zkTWIOkx7WESsQEqXla8B
 BmiPtKkmszMWFCoIJ5EXVyBn84IBD02WdQWqxWUlNonTtleFY4y6nPFhEHOL35EO
 r5bV3dcn6SwhIpBPO4Z1cP+8W3DsB+8QXtNtnViX4NqAQrMRbnBcQzdYfpQtQ4ZC
 jTyPun+oJ1x0qPCd/Xa0Os3tXsyGat0V2pTDUVVfGWbLCytHfS4NXTlOlX/jUpNG
 uWoJnChf4UazzD2FHGvz5ysnX6ow1m6NOHIWwnAQwLKnCL6u6XLXEUE5hEssQEkP
 TROqPl+m0Wzbd5k6gcBOIKTrOt2DMOheFmU70mCXywbp47MVcZYxEfU9ouSsRbKB
 /cPNyakuem5a7j+hPFEPaJ+8D8wagK7QvkHh3N3dCawt9sQvoOquN7SMQnam5w//
 rP2b+vA3Ndj8lwuXicjgo5ZAnKQybMUy+xAlVs4DikBMEsVJPYvR8rMZCnOhuIcM
 jdU3vEZknZzoGcFcFbGS0VIIX8WSsP7tjI8tz+MKiHcdS07y4Bll5aLXmFZUZfej
 b7Dwm4oyydodnhz46+WVjRS5Qq6XXfWUa7o7UXWtK+IBsgcB1WSp/W/63YenCU0F
 Q/KWPieOMWgOs16SHza/BuaK5Y608aj7eeN7LvNuPJqBg3ZNEDWZMiBoxS+Rojz+
 /ulPBGrOBtX9nkfbN5Tq
 =hZP4
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20170320' into staging

One bugfix for device plug/unplug and migration in the
channel subsystem code.

# gpg: Signature made Mon 20 Mar 2017 08:45:59 GMT
# gpg:                using RSA key 0xDECF6B93C6F02FAF
# gpg: Good signature from "Cornelia Huck <huckc@linux.vnet.ibm.com>"
# gpg:                 aka "Cornelia Huck <cornelia.huck@de.ibm.com>"
# Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0  18CE DECF 6B93 C6F0 2FAF

* remotes/cohuck/tags/s390x-20170320:
  s390x/css: reassign subchannel if schid is changed after migration

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-03-20 10:51:30 +00:00
Peter Maydell
bedf13ecab fixes for 2.9: vnc, cirrus, tcg display updates.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJYz5hSAAoJEEy22O7T6HE41isP/0fM6wuwHppvPZf5wNf5ECmK
 sxcmgvQRUFjfrG1Al4ZXnfS9Q11Fg9zfMtpGDuyd47nD8P3u0CUWyv6OpZ7kU2D9
 RB5rDWpbhoKTUF7GO1X+4GRpEj2b57NuW4dV3+CYtCqfD+o95LZYDSfkSF/p2tMd
 spxPab2G44OglQ8grnumErzaDhMwcTkI4SeP1ejf+TJmL25grJPXn6lTb083iYoO
 n8nvnIuAW3EKr/nNv7rnGR/YZ+hCS6EvTVknC9fDq9lLi/jzXU3mi2ljGkpSNIk0
 DmsRYRJbpFMjsgw3/Y0mzWaGnna+o1lgf2sDeSirCK2J+MGlxAhNkBJMcuCTT7tG
 f+93jrUJLaT/Qm0JVDD0k0mOIkaELSYGS/jrS4WyVXeqRoi6RS+PwDdjblFsa/hq
 ExEteb1eBgiyx/tLXL+Y/rxEF4Az0BG5uaKrtCr6pkY061DVl3FS4S7gSg3oA4fE
 HpBFFOK3VloM9TWwPj4Uo2DWDBKpDj+lyCAnwu4kXP9kNoGsAv4qgBiIel/othb3
 k8NjXG+VlDTXCqbu7Q5LqjaWyQC14y3C1w9bQyz9vp1FG4knoHx52ubQF6Gy6xPg
 oc/4S/ZJslty+4czDGQMdjw3nCwaDqWAPaXjm0n0dndybLUgad7w2Q4nj2Tbm4z7
 j5oUux7ETA8/h8pFy0te
 =a6n8
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/pull-fixes-20170320-1' into staging

fixes for 2.9: vnc, cirrus, tcg display updates.

# gpg: Signature made Mon 20 Mar 2017 08:52:34 GMT
# gpg:                using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/pull-fixes-20170320-1:
  vnc: fix a qio-channel leak
  cirrus: fix off-by-one in cirrus_bitblt_rop_bkwd_transp_*_16
  ui/console: ensure graphic updates don't race with TCG vCPUs

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-03-20 10:05:45 +00:00
Dong Jia Shi
3c788ebc6f s390x/css: reassign subchannel if schid is changed after migration
The subchannel is a means to access a device. While the device number is
assigned by the administrator, the subchannel number is assigned by
the channel subsystem in an ascending order on cold and hot plug.
When doing unplug and replug operations, the same device may end up on
a different subchannel; for example

- We start with a device fe.1.2222, which ends up at subchannel
  fe.1.0000.
- Now we detach the device, attach a device fe.1.3333 (which would get
  the now-free subchannel fe.1.0000), re-attach fe.1.2222 (which ends
  up at subchannel fe.1.0001) and detach fe.1.3333.
- We now have the same device (fe.1.2222) available to the guest; it
  just shows up on a different subchannel.

In such a case, the subchannel numbers are different from what a
QEMU would create during cold plug when parsing the command line.

As this would cause a guest visible change on migration, we do restore
the source system's value of the subchannel number on load.

So we are now fine from the guest perspective. From the host
perspective this will cause an inconsistent state in our internal data
structures, though.

For example, the subchannel 0 might not be at array position 0. This will
lead to problems when we continue doing hot (un/re) plug operations.

Let's fix this by cleaning up our internal data structures.

Reported-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Dong Jia Shi <bjsdjshi@linux.vnet.ibm.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2017-03-20 09:22:57 +01:00
Stefano Stabellini
6b827cca9a xen: do not build backends for targets that do not support xen
Change Makefile.objs to use CONFIG_XEN instead of CONFIG_XEN_BACKEND, so
that the Xen backends are only built for targets that support Xen.

Set CONFIG_XEN in the toplevel Makefile to ensure that files that are
built only once pick up Xen support properly.

Signed-off-by: Stefano Stabellini <stefano@aporeto.com>
Tested-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Greg Kurz <groug@kaod.org>
CC: pbonzini@redhat.com
CC: peter.maydell@linaro.org
CC: rth@twiddle.net
CC: stefanha@redhat.com
Message-Id: <1489694518-16978-1-git-send-email-sstabellini@kernel.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-03-19 11:12:12 +01:00
Marek Vasut
ebedf0f9cd nios2: iic: Convert CPU prop to qom link
Add a const qom link between the CPU and the IIC instead
of passing the CPU link through a qom property.

Signed-off-by: Marek Vasut <marex@denx.de>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-id: 20170317210627.23532-1-marex@denx.de
Cc: Alexander Graf <agraf@suse.de>
Cc: Chris Wulff <crwulff@gmail.com>
Cc: Igor Mammedov <imammedo@redhat.com>
Cc: Jeff Da Silva <jdasilva@altera.com>
Cc: Ley Foon Tan <lftan@altera.com>
Cc: Markus Armbruster <armbru@redhat.com>
Cc: Richard Henderson <rth@twiddle.net>
Cc: Sandra Loosemore <sandra@codesourcery.com>
Cc: Yves Vandervennet <yvanderv@altera.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-03-18 18:22:54 +00:00
Peter Maydell
96dd9c89c1 target/xtensa fixes for 2.9:
- fix build failure when FDT support is not enabled;
 - correctly pass command line arguments to semihosting guests.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJYzCdpAAoJEFH5zJH4P6BEOvkP/3sVwQeNKj/eqSDWu5pdOKSL
 uyEDIp5yzzJZmwZ96QOP0NPR0J2KthvP4IfwPBy0IbsX1bvqJGT8fMT2cx7Fgx/A
 qstsxHZ+yDp4OjKSWMPI1KGO0HaSop22oNRMpM0ywYgGer69g4zlqzI5/7aDaXSK
 d9HcnDhHTpS+5sFPU8qf4Enlkw9pMDkaLKGWVc7E8AW5DAqs7vaXCca33ZE3DJ08
 c//TM2zcNTcyACsqBp1jny+BdiP9api7Qe6fgFvmXGMdR3zR4xcTEOTMVde0hy9i
 YIDLvacp2FA0JOvFmvdhmi/5WRZu/A8pOG+1d8QU91x5WBxjS9MtEGhrewE4T7m6
 YS5eeX5xnQ15g3YCqjHYiE4D1pDQ6a2vl8cy1S1tHb6k2tEOvHhNC8Yg4k8Kov1g
 tHw4WBhr/GSOU5M51qeOXwhU3FX6FqAUf691N7YngiSMkEGau84F11fKt0aRKR3A
 vMN4S3MdHSvuOc4sa+tBodkdc25v5esR+ga40cVdIVM45zno2Pmr1hCH9RNP4vWx
 W5d4vF2cO24qVFo7B9Tm8JlmWgFFYBJzcNjtf9Cd1ts7R4Mi7DmSBGT0by/sZhS9
 dSKTPf8jIwSpeLWJ19WaKvJdD1PacXFZaKMWdZ16BWCVMXtCMRezx40ffJ3yuJIc
 Q758ze1uizJKC+xJg6Hz
 =Pqza
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/xtensa/tags/20170317-xtensa' into staging

target/xtensa fixes for 2.9:

- fix build failure when FDT support is not enabled;
- correctly pass command line arguments to semihosting guests.

# gpg: Signature made Fri 17 Mar 2017 18:14:01 GMT
# gpg:                using RSA key 0x51F9CC91F83FA044
# gpg: Good signature from "Max Filippov <filippov@cadence.com>"
# gpg:                 aka "Max Filippov <max.filippov@cogentembedded.com>"
# gpg:                 aka "Max Filippov <jcmvbkbc@gmail.com>"
# Primary key fingerprint: 2B67 854B 98E5 327D CDEB  17D8 51F9 CC91 F83F A044

* remotes/xtensa/tags/20170317-xtensa:
  target/xtensa: fix semihosting argc/argv implementation
  target/xtensa: xtfpga: load DTB only when FDT support is enabled

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-03-18 17:24:49 +00:00
Gerd Hoffmann
f019722cbb cirrus: fix off-by-one in cirrus_bitblt_rop_bkwd_transp_*_16
The switch from pointers to addresses (commit
026aeffcb4 and
ffaf857778) added
a off-by-one bug to 16bit backward blits.  Fix.

Reported-by: 李强 <liqiang6-s@360.cn>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Li Qiang <liqiang6-s@360.cn>
Message-id: 1489735296-19047-1-git-send-email-kraxel@redhat.com
2017-03-17 10:23:44 +01:00
Peter Maydell
272d7dee59 cirrus: blitter fixes.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJYylVSAAoJEEy22O7T6HE4zzkQALxdIoO2Na1+iLqumzZHBl5y
 czfhtiu9jIZPYs2n7d04LJklnJxNA+3whvculwyVQprXmjwA/WCFPM7gPerI8AMC
 sNTqH5VhyIU+CljNUFV5nJXmrNpwd2os0rGwkIAohgyXgt7le5fyIpw4QcGr0b7m
 quFP3sVQXGp0LjPKwSwzHDrtXjHS4vvsxUFEdXbqoFIsCXjCmIRM4DK2g6XyQZMA
 ttFEWQTN0jRinR4s2aptbzLZp04GxUutw01EEWfavcwZg3MtWJtUuYOT5eObhd2T
 yustoBBakxBaAvIcWY+MIXQFHD7tHjnKgjJLOJTxa12psGTZYmpwavAq/SmXT1RL
 PggJpnsnEqodkeiX3VeNelMo0HDWOzrezpDbQLya5kNE/puS3r8tglVO4d6CVJYN
 0gzgkT5b4to5FbJkYfoSjZ0SFfAqFkXC5v5/xc9bHbc+EKTp+K7bkB0Z9X2c82Qh
 HTdwOdTL6mB+GqOwPAUHBGfiwcZ/uMPW1sedUBYzrWEGeOa76oXj5mDa3cx5po1g
 rzi0dlgTrzXIsmcOr6z2Q8Mk8FEGl6awvXmtAvF6SY1cRHBRYPUw9KMRvwCgkqr0
 ldn8kY03n/ZQMVLETQbsWq68/E3hea8id4QSFLu0OxC7zi6ruloGnDrUUeRYnjXX
 atBgO7G+482f/m5Jvt/G
 =iKnI
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/pull-cirrus-20170316-1' into staging

cirrus: blitter fixes.

# gpg: Signature made Thu 16 Mar 2017 09:05:22 GMT
# gpg:                using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/pull-cirrus-20170316-1:
  cirrus: stop passing around src pointers in the blitter
  cirrus: stop passing around dst pointers in the blitter
  cirrus: fix cirrus_invalidate_region
  cirrus: add option to disable blitter
  cirrus: switch to 4 MB video memory by default
  cirrus/vnc: zap bitblit support from console code.
  fix :cirrus_vga fix OOB read case qemu Segmentation fault

# Conflicts:
#	include/hw/compat.h

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-03-16 16:40:44 +00:00
Peter Maydell
3716fba3f5 virtio, pci: fixes
More fixes missed in the previous pull request.
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJYyfidAAoJECgfDbjSjVRp1yYIAKC52EwDVcJxL2CEGncCQTVT
 i9x04TYmzLOO+dERsO7Z+jphoB1cxpVxZVrvG5wfZo07gcGheNk524ABM2c9tNqa
 7OZFcdBmN/l5C9ynL6aCdgu/bns5sEMUXf3By3l8iWKupc1C8URWGrfMVypFDumZ
 AOSD/4bbvXxZlZjOENq5LsRHYU68KBK07C1fDRJA7b7ChXHS6qefeq6fbOvI9zJ7
 24MltJMsNS36l//namD2HFPnO1eD3HXc57yBn5QBTTn5FERIghxYSsluAY7irKMp
 UurF1D0pUL1sU2fjaLwFRBJL15tz6syjYOkna9cGmOT8m1D7CYnKjCRErxtqAmE=
 =4pMp
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

virtio, pci: fixes

More fixes missed in the previous pull request.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Thu 16 Mar 2017 02:29:49 GMT
# gpg:                using RSA key 0x281F0DB8D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17  0970 C350 3912 AFBE 8E67
#      Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA  8A0D 281F 0DB8 D28D 5469

* remotes/mst/tags/for_upstream:
  virtio-serial-bus: Delete timer from list before free it
  hw/virtio: fix Power Management Control Register for PCI Express virtio devices
  hw/virtio: fix Link Control Register for PCI Express virtio devices
  hw/virtio: fix error enabling flags in Device Control register
  hw/pcie: fix Extended Configuration Space for devices with no Extended Capabilities

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-03-16 11:05:47 +00:00
Gerd Hoffmann
ffaf857778 cirrus: stop passing around src pointers in the blitter
Does basically the same as "cirrus: stop passing around dst pointers in
the blitter", just for the src pointer instead of the dst pointer.

For the src we have to care about cputovideo blits though and fetch the
data from s->cirrus_bltbuf instead of vga memory.  The cirrus_src*()
helper functions handle that.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1489584487-3489-1-git-send-email-kraxel@redhat.com
2017-03-16 08:58:16 +01:00
Gerd Hoffmann
026aeffcb4 cirrus: stop passing around dst pointers in the blitter
Instead pass around the address (aka offset into vga memory).  Calculate
the pointer in the rop_* functions, after applying the mask to the
address, to make sure the address stays within the valid range.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1489574872-8679-1-git-send-email-kraxel@redhat.com
2017-03-16 08:58:15 +01:00
Gerd Hoffmann
e048dac616 cirrus: fix cirrus_invalidate_region
off_cur_end is exclusive, so off_cur_end == cirrus_addr_mask is valid.
Fix calculation to make sure to allow that, otherwise the assert added
by commit f153b563f8 can trigger for valid
blits.

Test case: boot windows nt 4.0

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1489579606-26020-1-git-send-email-kraxel@redhat.com
2017-03-16 08:58:15 +01:00
Gerd Hoffmann
827bd51726 cirrus: add option to disable blitter
Ok, we have this beast in the cirrus code which is not used at all by
modern guests, except when you try to find security holes in qemu.  So,
add an option to disable blitter altogether.  Guests released within
the last ten years should not show any rendering issues if you turn off
blitter support.

There are no known bugs in the cirrus blitter code.  But in the past we
hoped a few times already that we've finally nailed the last issue.  So
having some easy way to mitigate in case yet another blitter issue shows
up certainly makes me sleep a bit better at night.

For completeness:  The by far better way to mitigate is to switch away
from cirrus and use stdvga instead.  Or something more modern like
virtio-vga in case your guest has support for it.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1489494540-15745-1-git-send-email-kraxel@redhat.com
2017-03-16 08:58:15 +01:00
Gerd Hoffmann
73c148130b cirrus: switch to 4 MB video memory by default
Quoting cirrus source code:
   Follow real hardware, cirrus card emulated has 4 MB video memory.
   Also accept 8 MB/16 MB for backward compatibility.

So just use 4MB by default.  We decided to leave that at 8MB by default
a while ago, for live migration compatibility reasons.  But we have
compat properties to handle that, so that isn't a compeling reason.

This also removes some sanity check inconsistencies in the cirrus code.
Some places check against the allocated video memory, some places check
against the 4MB physical hardware has.  Guest code can trigger asserts
because of that.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1489494514-15606-1-git-send-email-kraxel@redhat.com
2017-03-16 08:58:15 +01:00
Gerd Hoffmann
50628d3479 cirrus/vnc: zap bitblit support from console code.
There is a special code path (dpy_gfx_copy) to allow graphic emulation
notify user interface code about bitblit operations carryed out by
guests.  It is supported by cirrus and vnc server.  The intended purpose
is to optimize display scrolls and just send over the scroll op instead
of a full display update.

This is rarely used these days though because modern guests simply don't
use the cirrus blitter any more.  Any linux guest using the cirrus drm
driver doesn't.  Any windows guest newer than winxp doesn't ship with a
cirrus driver any more and thus uses the cirrus as simple framebuffer.

So this code tends to bitrot and bugs can go unnoticed for a long time.
See for example commit "3e10c3e vnc: fix qemu crash because of SIGSEGV"
which fixes a bug lingering in the code for almost a year, added by
commit "c7628bf vnc: only alloc server surface with clients connected".

Also the vnc server will throttle the frame rate in case it figures the
network can't keep up (send buffers are full).  This doesn't work with
dpy_gfx_copy, for any copy operation sent to the vnc client we have to
send all outstanding updates beforehand, otherwise the vnc client might
run the client side blit on outdated data and thereby corrupt the
display.  So this dpy_gfx_copy "optimization" might even make things
worse on slow network links.

Lets kill it once for all.

Oh, and one more reason: Turns out (after writing the patch) we have a
security bug in that code path ...

Fixes: CVE-2016-9603
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1489494419-14340-1-git-send-email-kraxel@redhat.com
2017-03-16 08:58:15 +01:00
hangaohuai
215902d7b6 fix :cirrus_vga fix OOB read case qemu Segmentation fault
check the validity of parameters in cirrus_bitblt_rop_fwd_transp_xxx
and cirrus_bitblt_rop_fwd_xxx to avoid the OOB read which causes qemu Segmentation fault.

After the fix, we will touch the assert in
cirrus_invalidate_region:
assert(off_cur_end >= off_cur);

Signed-off-by: fangying <fangying1@huawei.com>
Signed-off-by: hangaohuai <hangaohuai@huawei.com>
Message-id: 20170314063919.16200-1-hangaohuai@huawei.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2017-03-16 08:58:15 +01:00
Li Qiang
d68f0f778e ide: ahci: call cleanup function in ahci unit
This can avoid memory leak when hotunplug the ahci device.

Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Message-id: 1488449293-80280-4-git-send-email-liqiang6-s@360.cn
Signed-off-by: John Snow <jsnow@redhat.com>
2017-03-15 20:50:14 -04:00
Li Qiang
c9f086418a ide: core: add cleanup function
As the pci ahci can be hotplug and unplug, in the ahci unrealize
function it should free all the resource once allocated in the
realized function. This patch add ide_exit to free the resource.

Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Message-id: 1488449293-80280-3-git-send-email-liqiang6-s@360.cn
Signed-off-by: John Snow <jsnow@redhat.com>
2017-03-15 20:50:14 -04:00
Li Qiang
44a109c1b3 ide: qdev: register ide bus unrealize function
we have an idebus unrealize function, but it was being
registered as the unrealize function for the IDE Device,
so it was not getting invoked on device teardown because
nothing is "unrealizing" the IDE devices themselves.

Suggested-by: John Snow <jsnow@redhat.com>
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 1488449293-80280-2-git-send-email-liqiang6-s@360.cn
Signed-off-by: John Snow <jsnow@redhat.com>
2017-03-15 20:50:14 -04:00
zhanghailiang
bdf4c4ec53 virtio-serial-bus: Delete timer from list before free it
Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Amit Shah <amit@kernel.org>
2017-03-16 01:46:42 +02:00
Marcel Apfelbaum
27ce0f3afc hw/virtio: fix Power Management Control Register for PCI Express virtio devices
Make Power Management State flag writable to conform
with the PCI Express spec.

Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2017-03-16 01:46:41 +02:00
Marcel Apfelbaum
d584f1b9ca hw/virtio: fix Link Control Register for PCI Express virtio devices
Make several Link Control Register flags writable to conform
with the PCI Express spec.

Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2017-03-16 01:46:41 +02:00
Marcel Apfelbaum
c2cabb3422 hw/virtio: fix error enabling flags in Device Control register
When the virtio devices are PCI Express, make error-enabling flags
writable to respect the PCIe spec.

Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2017-03-16 01:46:40 +02:00
Marcel Apfelbaum
f03d8ea330 hw/pcie: fix Extended Configuration Space for devices with no Extended Capabilities
Absence of any Extended Capabilities is required to be
indicated by an Extended Capability header with a Capability ID of
0000h, a Capability Version of 0h, and a Next Capability Offset of 000h.

Instead of inserting a 'NULL' capability is simpler to mark the start
of the Extended Configuration Space as read-only to achieve the same
behaviour.

Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2017-03-16 01:46:40 +02:00
Peter Maydell
1883ff34b5 virtio, pc: fixes
Some fixes to fallback from using virtio caching,
 pls a minor vm gen id fix.
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJYyYD9AAoJECgfDbjSjVRpVC0IAL50O94eD711A1LhbHYaf01j
 0d++IQM0FeyY+Vg3YfIhpil/sjJ9xVt4GiX3sr2yE7Et4f57N4nXKqemsjyNAeno
 RgfTrO/s3VOFSjmy0RpwJYdbLs5bIMd3fWh7Yc1auSfpWtxkGVZFDDGuXYmmQnJP
 4FgJSMmJGzSSlSxCl7R9AKnR9xfPuPkpLUlq1hcSZe/gjG/jNPkGa0ZxuiCWgKzB
 kQIrOl8q1lWAQ2AqdWKL+XPzicARrk5thFD2uhOPqHJo5i2oEB8P1vtxOSG3Qtw1
 X0P/B5WooCi9cjJHujNSQiG5mUCrGWrlftpKxBdO0BIz29WnXpcjTl7zZauKdsA=
 =RXnk
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

virtio, pc: fixes

Some fixes to fallback from using virtio caching,
pls a minor vm gen id fix.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Wed 15 Mar 2017 17:59:25 GMT
# gpg:                using RSA key 0x281F0DB8D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17  0970 C350 3912 AFBE 8E67
#      Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA  8A0D 281F 0DB8 D28D 5469

* remotes/mst/tags/for_upstream:
  virtio-pci: reset modern vq meta data
  Revert "virtio: unbreak virtio-pci with IOMMU after caching ring translations"
  pci: introduce a bus master container
  virtio: validate address space cache during init
  virtio: destroy region cache during reset
  virtio: guard against NULL pfn
  Bugfix: Handle error if VM Generation ID device not present

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-03-15 18:44:05 +00:00
Jason Wang
60a8d80234 virtio-pci: reset modern vq meta data
We don't reset proxy->vqs[].{num|desc[]|avail[]|used[]}. This means if
a driver enable the vq without setting vq address after reset. The old
addresses were leaked. Fixing this by resetting modern vq meta data
during device reset.

Cc: qemu-stable@nongnu.org
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2017-03-15 19:59:18 +02:00
Jason Wang
f0edf23978 Revert "virtio: unbreak virtio-pci with IOMMU after caching ring translations"
This reverts commit
96a8821d21. Previous patch is a better
solution which does not require a strict order between virtio and IOMMU.

CC: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2017-03-15 19:59:00 +02:00
Jason Wang
3716d5902d pci: introduce a bus master container
96a8821d21 ("virtio: unbreak virtio-pci with IOMMU after caching ring
translations") tries to make IOMMU works with virtio memory region
cache, but it requires IOMMU to be created before any virtio
devices. This is sub optimal, fixing this by introduce a bus master
container to make sure address space can be initialized during device
registering, and then we can safely set alias and make
bus_master_enable_region as its subregion during bus master
initialization.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2017-03-15 19:37:19 +02:00
Jason Wang
e45da65322 virtio: validate address space cache during init
We don't check the return value of address_space_cache_init(), this
may lead buggy driver use incorrect region caches. Instead of
triggering an assert, catch and warn this early in
virtio_init_region_cache().

Cc: Cornelia Huck <cornelia.huck@de.ibm.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2017-03-15 19:37:19 +02:00
Jason Wang
e0e2d64409 virtio: destroy region cache during reset
We don't destroy region cache during reset which can make the maps
of previous driver leaked to a buggy or malicious driver that don't
set vring address before starting to use the device. Fix this by
destroy the region cache during reset and validate it before trying to
see them.

Cc: Cornelia Huck <cornelia.huck@de.ibm.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2017-03-15 19:37:19 +02:00
Jason Wang
168e4af3c1 virtio: guard against NULL pfn
To avoid access stale memory region cache after reset, this patch
check the existence of virtqueue pfn for all exported virtqueue access
helpers before trying to use them.

Cc: Cornelia Huck <cornelia.huck@de.ibm.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2017-03-15 19:37:19 +02:00
Ben Warren
72d9196f1e Bugfix: Handle error if VM Generation ID device not present
This was crashing due to NULL-pointer dereference

QMP Test case:
==============

(QEMU) query-vm-generation-id
{"error": {"class": "GenericError", "desc": "VM Generation ID device not
found"}}

HMP Test case:
==============
virsh # qemu-monitor-command --hmp 3 info vm-generation-id
VM Generation ID device not found

Signed-off-by: Ben Warren <ben@skyportsystems.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2017-03-15 19:37:19 +02:00
Eduardo Habkost
0bcba41fe3 machine: Convert abstract typename on compat_props to subclass names
Original problem description by Greg Kurz:

> Since commit "9a4c0e220d8a hw/virtio-pci: fix virtio
> behaviour", passing -device virtio-blk-pci.disable-modern=off
> has no effect on 2.6 machine types because the internal
> virtio-pci.disable-modern=on compat property always prevail.

The same bug also affects other abstract type names mentioned on
compat_props by machine-types: apic-common, i386-cpu, pci-device,
powerpc64-cpu, s390-skeys, spapr-pci-host-bridge, usb-device,
virtio-pci, x86_64-cpu.

The right fix for this problem is to make sure compat_props and
-global options are always applied in the order they are
registered, instead of reordering them based on the type
hierarchy. But changing the ordering rules of -global is risky
and might break existing configurations, so we shouldn't do that
on a stable branch.

This is a temporary hack that will work around the bug when
registering compat_props properties: if we find an abstract class
on compat_props, register properties for all its non-abstract
subtypes instead. This will make sure -global won't be overridden
by compat_props, while keeping the existing ordering rules on
-global options.

Note that there's one case that won't be fixed by this hack:
"-global spapr-pci-vfio-host-bridge.<option>=<value>" won't be
able to override compat_props, because spapr-pci-host-bridge is
not an abstract class.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <1481575745-26120-1-git-send-email-ehabkost@redhat.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Halil Pasic <pasic@linux.vnet.ibm.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Tested-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2017-03-14 16:53:44 -03:00
Peter Maydell
64c358a33a * "x" monitor command fix for KVM (Christian)
* MemoryRegion name documentation (David)
 * mem-prealloc optimization (Jitendra)
 * -icount/MTTCG fixes (me)
 * "info mtree" niceness (Peter)
 * NBD drop_sync buffer overflow (Vladimir/Eric)
 * small cleanups and bugfixes (Li, Lin, Suramya, Thomas)
 * fix for "-device kvmclock" w/TCG (Eduardo)
 * debug output before crashing on KVM_{GET,SET}_MSRS (Eduardo)
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQExBAABCAAbBQJYx/MtFBxwYm9uemluaUByZWRoYXQuY29tAAoJEL/70l94x66D
 /C0IAJwQzC+pVyCDLtuuVyIxmPkJKoYTo2l5NpnkbE2yPD2GgfRS+uOoPBWaqy9I
 lYh1cAwsYV62zdI8DoaVfFvYoiZE36JYTQ9lEUaYLOrtuR1dBOB9f7BEmWkOxmEk
 SuyUKzJRhIlaTueX+HwJ/cxSR5XlqUt3Vx27rqmeNZedqRAmXF1iu5B0EKA5INvd
 jOLiTpQqUP9LqbjJ+cFNMT++JlaMND0T7hBFhiAFIzK3kRU1veqMUGpGye3jCBNN
 FKNnFYJCj/NdJu5NlfU7AR1a2iLQVRzltlMucm6e7DkYjHDA5zR+b5uosR2JiBRJ
 r6kMY17+aoI0Lyff53ZA4eWvD+E=
 =uv4K
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

* "x" monitor command fix for KVM (Christian)
* MemoryRegion name documentation (David)
* mem-prealloc optimization (Jitendra)
* -icount/MTTCG fixes (me)
* "info mtree" niceness (Peter)
* NBD drop_sync buffer overflow (Vladimir/Eric)
* small cleanups and bugfixes (Li, Lin, Suramya, Thomas)
* fix for "-device kvmclock" w/TCG (Eduardo)
* debug output before crashing on KVM_{GET,SET}_MSRS (Eduardo)

# gpg: Signature made Tue 14 Mar 2017 13:42:05 GMT
# gpg:                using RSA key 0xBFFBD25F78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream:
  nbd/client: fix drop_sync [CVE-2017-2630]
  memory: info mtree check mr range overflow
  icount: process QEMU_CLOCK_VIRTUAL timers in vCPU thread
  main-loop: remove now unnecessary optimization
  cpus: define QEMUTimerListNotifyCB for QEMU system emulation
  qemu-timer: do not include sysemu/cpus.h from util/qemu-timer.h
  qemu-timer: fix off-by-one
  target/nios2: take BQL around interrupt check
  scsi: mptsas: fix the wrong reading size in fetch request
  util: Removed unneeded header from path.c
  configure: add the missing help output for optional features
  scripts/dump-guest-memory.py: fix int128_get64 on recent gcc
  kvmclock: Don't crash QEMU if KVM is disabled
  kvm: Print MSR information if KVM_{GET,SET}_MSRS failed
  exec: add cpu_synchronize_state to cpu_memory_rw_debug
  mem-prealloc: reduce large guest start-up and migration time.
  docs: Add a note about mixing bootindex with "-boot order"
  memory_region: Fix name comments

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-03-14 16:52:17 +00:00
Peter Maydell
5e2fb7c598 hw/misc/imx6_src: Don't crash trying to reset missing CPUs
Commit 4881658a4b introduced a call to arm_get_cpu_by_id(),
and Coverity noticed that we weren't checking that it didn't
return NULL (CID 1371652).

Normally this won't happen (because all 4 CPUs are expected
to exist), but it's possible the user requested fewer CPUs
on the command line. Handle this possibility by silently
doing nothing, which is the same behaviour as before commit
4881658a4b and also how we handle the other CPU operations
(since we ignore the INVALID_PARAM returns from arm_set_cpu_on()
and friends).

There is a slight behavioural difference to the pre-4881658a4b
situation: the "reset this core" bit will remain set rather
than not being permitted to be set. The imx6 datasheet is
unclear about the behaviour in this odd corner case, so we
opt for the simpler code rather than complicated logic to
maintain identical behaviour.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1488542374-1256-1-git-send-email-peter.maydell@linaro.org
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
2017-03-14 16:13:22 +00:00
Paolo Bonzini
d2528bdc19 qemu-timer: do not include sysemu/cpus.h from util/qemu-timer.h
This dependency is the wrong way, and we will need util/qemu-timer.h from
sysemu/cpus.h in the next patch.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-03-14 13:28:18 +01:00
Li Qiang
b01a2d07c9 scsi: mptsas: fix the wrong reading size in fetch request
When fetching request, it should read sizeof(*hdr), not the
pointer hdr.

Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Message-Id: <1489488980-130668-1-git-send-email-liqiang6-s@360.cn>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-03-14 13:26:37 +01:00
Eduardo Habkost
ca2edcd35c kvmclock: Don't crash QEMU if KVM is disabled
Most machines don't allow sysbus devices like "kvmclock" to be
created from the command-line, but some of them do (the ones with
has_dynamic_sysbus=true). In those cases, it's possible to
manually create a kvmclock device without KVM being enabled,
making QEMU crash:

  $ qemu-system-x86_64 -machine q35,accel=tcg -device kvmclock
  Segmentation fault (core dumped)

This changes kvmclock's realize method to return an error if KVM
is disabled, to ensure it won't crash QEMU.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20170309185046.17555-1-ehabkost@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-03-14 13:26:36 +01:00
Peter Maydell
591bce29b1 -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
 
 iQEcBAABAgAGBQJYx6HVAAoJEO8Ells5jWIRAQgIAK4pR+SgHyrxy2BJKseN4t8Y
 /+4QAKHt4v/uWJqft7m5sk1YQS7V7GW4LXBcv/kshN3tX7hPeXT2D4+NBV/BbXgp
 ghHQt9o0/sNkKiyVY31heWaB/x5hioYzJ4S3SieeEZlkbn72gtp/8qWogCo36gPV
 7L7dTcUldKxZV/57hLGTXY8OJ/jMzOY3gLIoqg8tqvHPo0prYe/PAuaf0lEyZuXR
 /iPS9Q1/k7adsD989oUAM1mI+uks8X02ywv17HkxwdwAtI2o4aYRoQgUqd3TbSBd
 +HA0cWFutKK6/hpGfsaL1005q4XdW265WgqHpACimHXDQw6ZbwwajbSSpQChSHk=
 =PX31
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging

# gpg: Signature made Tue 14 Mar 2017 07:55:01 GMT
# gpg:                using RSA key 0xEF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F  3562 EF04 965B 398D 6211

* remotes/jasowang/tags/net-pull-request:
  hw/net: implement MIB counters in mcf_fec driver
  COLO-compare: Fix trace_event print bug
  e1000e: correctly tear down MSI-X memory regions

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-03-14 11:15:00 +00:00