Commit Graph

6381 Commits

Author SHA1 Message Date
Amit Shah
a87f3e8b08 qdev: Add a 'free' method to disassociate chardev from qdev device
When a device is removed, remove the association with a chardev, if any,
so that the chardev can be re-used later for other devices.

Reported-by: Qunfang Zhang <qzhang@redhat.com>
Fix-suggested-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-13 10:21:03 -06:00
Paolo Bonzini
1ba1f2e319 virtio-blk: refuse SG_IO requests with scsi=off
QEMU does have a "scsi" option (to be used like -device
virtio-blk-pci,drive=foo,scsi=off).  However, it only
masks the feature bit, and does not reject the command
if a malicious guest disregards the feature bits and
issues a request.

Without this patch, using scsi=off does not protect you
from CVE-2011-4127.

Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-13 10:20:51 -06:00
Paolo Bonzini
701a8f76aa vmstate: extract declarations out of hw/hw.h
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-13 10:20:51 -06:00
Paolo Bonzini
49d4d9b63e ptimer: move declarations to ptimer.h
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-13 10:20:50 -06:00
Paolo Bonzini
fbc15e27f7 rtc: clear non-PF bits when reinjecting on ack
When an rtc interrupt is reinjected immediately after being acked,
other interrupts should not be reinjected, so do clear their bits.

Also, if the periodic interrupts have been disabled before acking,
do not reinject, as the guest might get very confused!

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-13 10:20:50 -06:00
Paolo Bonzini
663447d4ea rtc: raise PF bit when the periodic timer triggers but PIE=0
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-13 10:20:49 -06:00
Paolo Bonzini
eea8667360 rtc: raise AF bit when the alarm is encountered but AIE=0
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-13 10:20:49 -06:00
Paolo Bonzini
3b89eb43b6 rtc: fix 12-hour mode
Hours in 12-hour mode are in the 1-12 range, not 0-11.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-13 10:20:49 -06:00
Anthony Liguori
024a6fbdb9 qdev: fix device_del by refactoring reference counting
Commit 8eb0283 broken device_del by having too overzealous reference counting
checks.  Move the reference count checks to qdev_free(), make sure to remove
the parent link on free, and decrement the reference count on property removal.

Reported-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-13 10:20:49 -06:00
Stefan Weil
0b0404bf84 Add 'fall through' comments to case statements without break
These comments are used by static code analysis tools and in code reviews
to avoid false warnings because of missing break statements.

The case statements handled here were reported by coverity.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2012-01-13 10:36:59 +00:00
Stefan Hajnoczi
3c8359d11a omap_dss: correct chip[1] index in RFBI_READ/RFBI_STATUS
The RFBI_READ/RFBI_STATUS code incorrectly uses chip[0] when it should
be using chip[1].  Andrzej Zaborowski <balrog@zabor.org> confirmed this
bug since I don't know this code well.

Reported-by: Dr David Alan Gilbert <davidagilbert@uk.ibm.com>
Reviewed-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2012-01-13 10:36:59 +00:00
Avi Kivity
a0f426109e vga: optimize ppm_save() divisions
ppm_save() spends upwards of 50% of its time doing divisions. Replace them
with shifts.

Reviewed-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-12 10:03:28 -06:00
Lars Persson
73a511decc etraxfs-dma: Model metadata and eop
- Send EOP flags to the out channels.
- Send data descriptor metadata to the out channels.

Signed-off-by: Lars Persson <larper@axis.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2012-01-12 13:54:17 +01:00
Stefan Weil
9841aee16f wm8750: Fix calculation of number of array elements
Coverity says that the division by sizeof(*s->rate) might be wrong.
I think that coverity is right.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
2012-01-10 18:47:06 +01:00
Stefan Weil
c7c530cd3e elf: Improve symbol lookup (optimize, fix for bsd-user)
Coverity complained about local variable key which was only partially
initiated. Only key.st_value was set. As this was also the only part
of key which was used in function symfind, the code could be optimized
by directly passing a pointer to orig_addr.

In bsd-user/elfload.c, fix ec822001a2
was missing. This was a simple replacement of > by >= in symfind, so
I fixed it here without creating an additional patch.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
2012-01-10 18:40:09 +01:00
Peter Maydell
563c2bf35c hw/integratorcp: Simplify flash remap code
Use the new memory mutator API to simplify the flash remap code;
this allows us to drop the flash_mapped flag.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
2012-01-10 18:40:01 +01:00
Peter Maydell
4753dea8c1 hw/integratorcp: Fix sense of REMAP bit
Fix the sense of the REMAP bit: 0 should mean "map flash",
1 should mean "map RAM".

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
2012-01-10 18:39:57 +01:00
Aurelien Jarno
14763ec873 Merge branch 's390-next' of git://repo.or.cz/qemu/agraf
* 's390-next' of git://repo.or.cz/qemu/agraf:
  s390: fix cpu hotplug / cpu activity on interrupts
  s390x: add TR function for EXECUTE
  Expose drive_add on all architectures
  Add generic drive hotplugging
  Compile device-hotplug on all targets
  [S390] Add hotplug support
2012-01-10 18:24:11 +01:00
Avi Kivity
c49450b98f vhost: improve region filtering
vhost memory management doesn't care about non-memory (e.g. PIO) or non-RAM
regions.  Adjust the filtering to reflect that, and move it earlier so it
applies to mem_sections too.

Signed-off-by: Avi Kivity <avi@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
2012-01-09 14:01:39 +02:00
Avi Kivity
637f7a6a01 vhost: fix mem_sections memory corruption
A memset() used to delete an entry in an array did not take into account
the array element's size.

Signed-off-by: Avi Kivity <avi@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
2012-01-09 13:59:50 +02:00
Avi Kivity
d743c38286 vhost: fix incorrect userspace address
MemoryListener::region_add() gives us a slice of a MemoryRegion, not a
region.  Adjust the userspace address to reflect that.

Signed-off-by: Avi Kivity <avi@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
2012-01-09 13:09:40 +02:00
Aurelien Jarno
15f43ccda1 Merge branch 'ppc-next' of git://repo.or.cz/qemu/agraf
* 'ppc-next' of git://repo.or.cz/qemu/agraf:
  PPC: Add description for the Freescale e500mc core.
  pseries: Check for duplicate addresses on the spapr-vio bus
  pseries: Populate "/chosen/linux,stdout-path" in the FDT
  pseries: Add a routine to find a stable "default" vty and use it
  pseries: Emit device tree nodes in reg order
  pseries: FDT NUMA extensions to support multi-node guests
  pseries: Remove hcalls callback
  kvm-ppc: halt secondary cpus when guest reset
  console: Fix segfault on screendump without VGA adapter
  PPC: monitor: add ability to dump SLB entries
2012-01-07 22:01:57 +01:00
Stefan Weil
c27808657b sm501: Fix size of color_reg
color_reg is expected to hold 32 bit values, so it was too small.

This bug was reported by coverity:

hw/sm501.c:624:
result_independent_of_operands:
color_reg >> 16 is 0 regardless of the values of its operands.
This occurs as the bitwise first operand of '&'.

Cc: Shin-ichiro Kawasaki <kawasaki@juno.dti.ne.jp>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2012-01-07 21:29:26 +01:00
Stefan Weil
e9b40fd34c malta: Fix regression (i8259 interrupts did not work)
Commit 5632ae46d5 passes the address
of i8259 to qemu_irq_proxy. i8259 is an auto variable with undefined
value outside of mips_malta_init.

This made the interrupt proxy unusable: either QEMU crashes, or
the interrupt handler was not called.

Ethernet for example no longer worked with MIPS Malta.

v2:
While v1 used a static variable for i8259, this patch introduces
a qdev for the malta machine. i8259 is now part of the device status.
This is a minimal qdev implementation to keep the patch small.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2012-01-07 18:16:24 +01:00
Anthony Liguori
a2e4d53ec5 Merge remote-tracking branch 'stefanha/trivial-patches' into staging
* stefanha/trivial-patches:
  qemu-nbd: drop loop which can never loop
  Make python mandatory
  net/socket.c: Fix fd leak in net_socket_listen_init() error paths
  gdbstub: Fix fd leak in gdbserver_open() error path
  configure: Fix test for supported host CPU type
  configure: CONFIG_QEMU_INTERP_PREFIX only for user mode
  scsi virtio-blk usb-msd: Clean up device init error messages
  Strip trailing '\n' from error_report()'s first argument (again)
  qemu-options.hx: fix tls-channel help text
2012-01-06 12:51:21 -06:00
Peter Maydell
2afee49fc4 virtio-9p-proxy: Fix typo causing compile failure on 32 bit hosts
Fix a compile failure on 32 bit hosts (integer constant is too large
for 'unsigned long' type) by correcting a typo where the mask used
for filling in the second f_fsid word had too many 'F's in it.
Also drop the 'L' suffix that allowed this typo to go undetected on
64 bit hosts.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-06 12:50:44 -06:00
Markus Armbruster
6a84cb1f28 scsi virtio-blk usb-msd: Clean up device init error messages
Replace

    error_report("DEVICE-NAME: MESSAGE");

by just

    error_report("MESSAGE");

in block device init functions.

DEVICE-NAME is bogus in some cases: it's "scsi-disk" for device
scsi-hd and scsi-cd, "virtio-blk-pci" for virtio-blk-s390, and
"usb-msd" for usb-storage.

There is no real need to put a device name in the message, because
error_report() points to the offending command line option already:

$ qemu-system-x86_64 --nodefaults --enable-kvm -vnc :0 -S -monitor stdio -usb -device virtio-blk-pci
upstream-qemu: -device virtio-blk-pci: virtio-blk-pci: drive property not set
upstream-qemu: -device virtio-blk-pci: Device 'virtio-blk-pci' could not be initialized

And for a monitor command, it's obvious anyway:

$ qemu-system-x86_64 --nodefaults --enable-kvm -vnc :0 -S -monitor stdio -usb
(qemu) device_add virtio-blk-pci
virtio-blk-pci: drive property not set
Device 'virtio-blk-pci' could not be initialized

Reported-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2012-01-06 15:07:00 +00:00
Markus Armbruster
be62a2ebab Strip trailing '\n' from error_report()'s first argument (again)
Commit 6daf194d got rid of them, but Hans and Gerd added some more
lately.  Tracked down with this Coccinelle semantic patch:

@r@
    expression fmt;
    position p;
@@
    error_report(fmt, ...)@p
@script:python@
    fmt << r.fmt;
    p << r.p;
@@
if "\\n" in str(fmt):
    print "%s:%s:%s:%s" % (p[0].file, p[0].line, p[0].column, fmt)

Signed-off-by: Markus Armbruster <armbru@redhat.com>
2012-01-06 15:07:00 +00:00
Anthony Liguori
f40b7d113d Merge remote-tracking branch 'amit/master' into staging
* amit/master:
  virtio-console: Fix failure on unconnected pty
2012-01-06 08:15:39 -06:00
Anthony Liguori
74b728e4f3 Merge remote-tracking branch 'aneesh/for-upstream' into staging
* aneesh/for-upstream:
  hw/9pfs: Add support to use named socket for proxy FS
  hw/9pfs: man page for proxy helper
  hw/9pfs: Documentation changes related to proxy fs
  hw/9pfs: Proxy getversion
  hw/9pfs: xattr interfaces in proxy filesystem driver
  hw/9pfs: File ownership and others
  hw/9pfs: Add stat/readlink/statfs for proxy FS
  hw/9pfs: Create other filesystem objects
  hw/9pfs: Open and create files
  hw/9pfs: File system helper process for qemu 9p proxy FS
  hw/9pfs: Add new proxy filesystem driver
  hw/9pfs: Add validation to {un}marshal code
  hw/9pfs: Move pdu_marshal/unmarshal code to a seperate file
  hw/9pfs: Move opt validation to FsDriver callback
2012-01-06 08:14:28 -06:00
Anthony Liguori
f3e8275f49 Merge remote-tracking branch 'kraxel/usb.33' into staging
* kraxel/usb.33:
  usb-ohci: td.cbp incorrectly updated near page end
  usb-host: properly release port on unplug & exit
  usb-storage: cancel I/O on reset
  Fix parse of usb device description with multiple configurations
2012-01-06 08:11:41 -06:00
Andriy Gapon
fd891c9318 usb-ohci: td.cbp incorrectly updated near page end
The current code that updates the cbp value after a transfer looks like this:
td.cbp += ret;
if ((td.cbp & 0xfff) + ret > 0xfff) {
	<handle page overflow>
because the 'ret' value is effectively added twice the check may fire too early
when the overflow hasn't happened yet.

Below is one of the possible changes that correct the behavior:

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-01-06 12:36:14 +01:00
Gerd Hoffmann
24a5bbe1c8 usb-storage: cancel I/O on reset
When resetting the usb-storage device we'll have to carefully cancel
and clear any requests which might be in flight, otherwise we'll confuse
the state machine.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-01-06 12:36:14 +01:00
Anthony Liguori
c47f322365 Merge remote-tracking branch 'pmaydell/arm-devs.for-upstream' into staging
* pmaydell/arm-devs.for-upstream:
  add L2x0/PL310 cache controller device
  arm: add dummy gic security registers
  arm: Set frequencies for arm_timer
  arm: add missing scu registers
  hw/omap_gpmc: Fix region map/unmap when configuring prefetch engine
  hw/omap1.c: Drop unused includes
  hw/omap1.c: Separate dpll_ctl from omap_mpu_state
  hw/omap1.c: Separate PWT from omap_mpu_state
  hw/omap1.c: Separate PWL from omap_mpu_state
  hw/omap1.c: omap_mpuio_init() need not be public
  hw/pl110.c: Add post-load hook to invalidate display
  hw/pl181.c: Add save/load support
2012-01-04 10:06:25 -06:00
M. Mohan Kumar
84a87cc4cc hw/9pfs: Add support to use named socket for proxy FS
Add option to use named socket for communicating between proxy helper
and qemu proxy FS. Access to socket can be given by using command line
options -u and -g.

Signed-off-by: M. Mohan Kumar <mohan@in.ibm.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
2012-01-04 21:23:55 +05:30
M. Mohan Kumar
d090e452d4 hw/9pfs: Proxy getversion
Add proxy getversion to get generation number

Signed-off-by: M. Mohan Kumar <mohan@in.ibm.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
2012-01-04 20:20:55 +05:30
M. Mohan Kumar
d52b09e475 hw/9pfs: xattr interfaces in proxy filesystem driver
Add xattr support for proxy FS

Signed-off-by: M. Mohan Kumar <mohan@in.ibm.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
2012-01-04 20:20:46 +05:30
M. Mohan Kumar
ea75fc4ec5 hw/9pfs: File ownership and others
Add file ownership interfaces like chmod/chown, utime update, rename,
remove and truncating files for proxy FS

Signed-off-by: M. Mohan Kumar <mohan@in.ibm.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
2012-01-04 20:19:48 +05:30
M. Mohan Kumar
b178adc3e7 hw/9pfs: Add stat/readlink/statfs for proxy FS
Signed-off-by: M. Mohan Kumar <mohan@in.ibm.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
2012-01-04 20:19:39 +05:30
M. Mohan Kumar
39f8c32c3f hw/9pfs: Create other filesystem objects
Add interfaces to create filesystem objects like directory,
device nodes, symbolic links, links for proxy filesytem driver

Signed-off-by: M. Mohan Kumar <mohan@in.ibm.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
2012-01-04 20:18:09 +05:30
M. Mohan Kumar
daf0b9aca9 hw/9pfs: Open and create files
Add interfaces to open and create files for proxy file system driver.

Signed-off-by: M. Mohan Kumar <mohan@in.ibm.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
2012-01-04 20:14:28 +05:30
M. Mohan Kumar
17bff52b62 hw/9pfs: File system helper process for qemu 9p proxy FS
Provide root privilege access to QEMU 9p proxy filesystem using socket
communication.

Proxy helper is started by root user as:
~ # virtfs-proxy-helper -f|--fd <socket descriptor> -p|--path <path-to-share>

Signed-off-by: M. Mohan Kumar <mohan@in.ibm.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
2012-01-04 20:14:02 +05:30
M. Mohan Kumar
4c793dda22 hw/9pfs: Add new proxy filesystem driver
Add new proxy filesystem driver to add root privilege to qemu process.
It needs a helper process to be started by root user.

Following command line can be used to utilize proxy filesystem driver
-virtfs proxy,id=<id>,mount_tag=<tag>,socket_fd=<socket-fd>

Signed-off-by: M. Mohan Kumar <mohan@in.ibm.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
2012-01-04 20:13:39 +05:30
M. Mohan Kumar
ddca7f86ac hw/9pfs: Add validation to {un}marshal code
Signed-off-by: M. Mohan Kumar <mohan@in.ibm.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
2012-01-04 19:53:22 +05:30
M. Mohan Kumar
10925bf089 hw/9pfs: Move pdu_marshal/unmarshal code to a seperate file
Move p9 marshaling/unmarshaling code to a separate file so that
proxy filesytem driver can use these calls. Also made marshaling
code generic to accept "struct iovec" instead of V9fsPDU.

Signed-off-by: M. Mohan Kumar <mohan@in.ibm.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
2012-01-04 19:51:28 +05:30
Aneesh Kumar K.V
99519f0a77 hw/9pfs: Move opt validation to FsDriver callback
This remove all conditional code from common code path and
make opt validation a FSDriver callback.

Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
2012-01-04 19:51:28 +05:30
Rob Herring
b2123a4856 add L2x0/PL310 cache controller device
This is just a dummy device for ARM L2 cache controllers, based on the
pl310. The cache type parameter can be defined by a property value
and has a meaningful default.

Signed-off-by: Rob Herring <rob.herring@calxeda.com>
Signed-off-by: Mark Langsdorf <mark.langsdorf@calxeda.com>
[Peter Maydell: removed stray blank line at end]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-01-04 13:41:42 +00:00
Rob Herring
b79f22656f arm: add dummy gic security registers
Implement handling for the RAZ/WI gic security registers.

Signed-off-by: Rob Herring <rob.herring@calxeda.com>
Signed-off-by: Mark Langsdorf <mark.langsdorf@calxeda.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-01-04 13:41:42 +00:00
Mark Langsdorf
104a26a236 arm: Set frequencies for arm_timer
Use qdev properties to allow board modelers to set the frequencies
for the sp804 timer. Each of the sp804's timers can have an
individual frequency. The timers default to 1MHz.

Signed-off-by: Mark Langsdorf <mark.langsdorf@calxeda.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-01-04 13:41:42 +00:00
Rob Herring
78aca8a712 arm: add missing scu registers
Add power control register to a9mpcore

Signed-off-by: Rob Herring <rob.herring@calxeda.com>
Signed-off-by: Mark Langsdorf <mark.langsdorf@calxeda.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-01-04 13:41:42 +00:00