Commit Graph

55182 Commits

Author SHA1 Message Date
Philippe Mathieu-Daudé
b208ac07ea docs: fix broken paths to docs/devel/atomics.txt
With the move of some docs/ to docs/devel/ on ac06724a71,
a couple of references were not updated.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31 13:12:47 +03:00
Philippe Mathieu-Daudé
b3125e73d4 docs: fix broken paths to docs/devel/qapi-code-gen.txt
With the move of some docs to docs/interop on ac06724a71,
a couple of references were not updated.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31 13:12:41 +03:00
Philippe Mathieu-Daudé
f3fdeb9c97 docs: fix broken paths to docs/interop/qcow2.txt
With the move of some docs to docs/interop on d59157ea05,
a reference path was not updated.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31 13:12:35 +03:00
Cleber Rosa
cfb41b8868 docs: fix broken paths to docs/interop dir
With the move of some docs to docs/interop on d59157e, a couple of
references were not updated.

Signed-off-by: Cleber Rosa <crosa@redhat.com>
[PMD: fixed a typo and another reference of docs/interop/qmp-spec.txt]
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31 13:06:52 +03:00
Philippe Mathieu-Daudé
a44af723b3 thunk: assert nb_fields is valid
thunk.c:91:32: warning: Call to 'malloc' has an allocation size of 0 bytes
        se->field_offsets[i] = malloc(nb_fields * sizeof(int));
                               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Reported-by: Clang Static Analyzer
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31 13:06:39 +03:00
Philippe Mathieu-Daudé
b929f7e56f syscall: check inotify() and eventfd() return value
linux-user/syscall.c:555:25: warning: Out of bound memory access (accessed memory precedes memory block)
    target_fd_trans[fd] = trans;
    ~~~~~~~~~~~~~~~~~~~~^~~~~~~

Reported-by: Clang Static Analyzer
Suggested-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31 13:06:39 +03:00
Philippe Mathieu-Daudé
6860710cc3 syscall: fix use of uninitialized values
linux-user/syscall.c:1627:35: warning: 1st function call argument is an uninitialized value
        target_saddr->sa_family = tswap16(addr->sa_family);
                                  ^~~~~~~~~~~~~~~~~~~~~~~~
linux-user/syscall.c:1629:25: warning: The left operand of '==' is a garbage value
    if (addr->sa_family == AF_NETLINK && len >= sizeof(struct sockaddr_nl)) {
        ~~~~~~~~~~~~~~~ ^

Reported-by: Clang Static Analyzer
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31 13:06:39 +03:00
Philippe Mathieu-Daudé
bc658e4a2e syscall: fix dereference of undefined pointer
linux-user/syscall.c:5581:9: warning: Dereference of undefined pointer value
    if (*host_rt_dev_ptr != 0) {
        ^~~~~~~~~~~~~~~~

Reported-by: Clang Static Analyzer
Suggested-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31 13:06:39 +03:00
Philippe Mathieu-Daudé
72cd500b72 linux-user/sh4: fix incorrect memory write
not hit since 2009! :)

linux-user/elfload.c:1102:20: warning: Out of bound memory access (access exceeds upper limit of memory block)
        (*regs[i]) = tswap32(env->gregs[i]);
        ~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~

Reported-by: Clang Static Analyzer
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31 13:06:39 +03:00
Philippe Mathieu-Daudé
4b5660e403 m68k/translate: fix incorrect copy/paste
db3d7945ae extended gen_cc_cond() for cond [6, 7, 9, 10] but misswrote [4, 5]

target/m68k/translate.c:1323:70: warning: identical expressions on both sides of logical operator
        if (op == CC_OP_ADDB || op == CC_OP_ADDW || op == CC_OP_ADDL ||
            op == CC_OP_ADDB || op == CC_OP_ADDW || op == CC_OP_ADDL) {
            ~~~~~~~~~~~~~~~~    ~~~~~~~~~~~~~~~~    ~~~~~~~~~~~~~~~~ ^

Reported-by: Clang Static Analyzer
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31 13:06:39 +03:00
Philippe Mathieu-Daudé
b2caa3b82e net/eth: fix incorrect check of iov_to_buf() return value
So we have sizeof(struct in6_address) != sizeof(uintptr_t)
and Clang > Coverity on this, see 4555ca6816 :)

net/eth.c:426:30: warning: The code calls sizeof() on a pointer type. This can produce an unexpected result
        return bytes_read == sizeof(dst_addr);
                             ^     ~~~~~~~~~~
net/eth.c:475:34: warning: The code calls sizeof() on a pointer type. This can produce an unexpected result
            return bytes_read == sizeof(src_addr);
                                 ^     ~~~~~~~~~~

Reported-by: Clang Static Analyzer
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Dmitry Fleytman <dmitry@daynix.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31 13:06:38 +03:00
Philippe Mathieu-Daudé
9f26f32525 ui/vnc: fix leak of SocketAddress **
Extract the (correct) cleaning code as a new function vnc_free_addresses() then
use it to remove the memory leaks.

Reported-by: Clang Static Analyzer
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31 13:06:38 +03:00
Philippe Mathieu-Daudé
f80ac75d0e qcow2: fix null pointer dereference
It seems this assert() was somehow misplaced.

block/qcow2-refcount.c:2193:42: warning: Array access (from variable 'on_disk_reftable') results in a null pointer dereference
        on_disk_reftable[refblock_index] = refblock_offset;
        ~~~~~~~~~~~~~~~~                 ^

Reported-by: Clang Static Analyzer
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31 13:06:38 +03:00
Philippe Mathieu-Daudé
b7b1e9dd6d ivshmem: fix incorrect error handling in ivshmem_recv_msg()
Screwed up in commit 3a55fc0f, v2.6.0.

If qemu_chr_fe_read_all() returns -EINTR the do {} statement continues and the
n accumulator used to complete reads upto sizeof(msg) is decremented by 4 (the
value of EINTR on Linux).
To avoid that, use simpler if() statements and continue if EINTR occured.

hw/misc/ivshmem.c:650:14: warning: Loss of sign in implicit conversion
    } while (n < sizeof(msg));
             ^

Reported-by: Clang Static Analyzer
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31 13:06:38 +03:00
Philippe Mathieu-Daudé
2a4e2e4919 loader: check get_image_size() return value
since a negative value means it errored.

hw/core/loader.c:149:9: warning: Loss of sign in implicit conversion
    if (size > max_sz) {
        ^~~~
hw/core/loader.c:171:9: warning: Loss of sign in implicit conversion
    if (size > memory_region_size(mr)) {
        ^~~~

Reported-by: Clang Static Analyzer
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31 13:06:38 +03:00
Philippe Mathieu-Daudé
b94b330e23 tests: add missing dependency to build QTEST_QEMU_BINARY
This allow a one liner from fresh repository clone, i.e.:

  ./configure && make -j check-qtest-aarch64

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31 13:06:38 +03:00
Eduardo Otubo
b190f477e2 qemu-system-tricore: segfault when entering "x 0" on the monitor
Starting Qemu with "qemu-system-tricore -nographic -M tricore_testboard -S"
and entering "x 0" at the monitor prompt leads to Segmentation fault.
This happens because tricore_cpu_get_phys_page_debug() is not implemented
yet, this is a temporary workaround to avoid the crash.

Signed-off-by: Eduardo Otubo <otubo@redhat.com>
Tested-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31 13:06:38 +03:00
Marc-André Lureau
7a0b7eba4b build-sys: there is no qemu-ga.c
It got moved in qga/main.c from commit 2870dc3456.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31 13:06:38 +03:00
Marc-André Lureau
d616c12b7d tests: test-netfilter && pxe-test require slirp
If slirp is disabled, it will fail with:

qemu-system-x86_64: -netdev user,id=qtest-bn0: Parameter 'type' expects a netdev backend type

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31 13:05:49 +03:00
Thomas Huth
1b61270be1 MAINTAINERS: Improve the NetBSD regex pattern
Currently get_maintainers.pl claims that the configure script is
maintained by Kamil:

 $ scripts/get_maintainer.pl -f configure
 Kamil Rytarowski <kamil@netbsd.org> (maintainer:NETBSD)
 qemu-devel@nongnu.org (open list:All patches CC here)

This happens because the regex pattern for the NETBSD entry triggers
on everything that contains the keyword "NetBSD". Ease the situation
a little bit by restricting this to "Subject:" lines only, like
we do it in the "trivial patches" section already.

Reported-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31 13:05:49 +03:00
Eduardo Otubo
36bed541ca fix qemu-system-unicore32 crashing when calling without -kernel
Starting qemu-system-unicore32 without the -kernel parameter results in
an assert() returns false and aborts qemu. This patch replaces it with a
proper error message followed by exit(1).

Signed-off-by: Eduardo Otubo <otubo@redhat.com>
Tested-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31 13:05:49 +03:00
Marc-André Lureau
80792eb925 tests: check-qom-proplist: fix leak
user_creatable_add_opts() returns a reference (the other reference is
for the root parent/child link).

Leak introduced in commit a1af255f06.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31 13:05:49 +03:00
Peter Maydell
0c26c080ee ppc patch queue 2017-07-31
This has a couple of last minute bugfixes for qemu 2.10.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEdfRlhq5hpmzETofcbDjKyiDZs5IFAll+sVIACgkQbDjKyiDZ
 s5IojhAApE2OJ5KCA35UP2pkvQ9nG7m1yRvUcb/mtGf3ERPPOOrtSIyey92qYXtR
 Bwh98/ByK88RULca3bDR0HQomuFaJ8LotYwRxT5Q6cRs9doLB9eO6dqLhADum6Vp
 y6xlhvTpl+FHBcg8FqO+DSn4+esKCMgAQJ+Saj1JI+g7VEFErGOLahriOz1lnUJE
 TWZYMDaZ5/FzDiW6xfnXQRpBDEeeIUTITXz0jHN/1siRUEQYkcUUBvxNC0tTCvOw
 JmEDo4mH0HYDxfLCXmQfSXCfe5aj7k5r1GzU03opwA8h62Q0UzxGfxpUoeHxtMYS
 QokTHZje/vpBQR43lRo7yBoSeVVehtZb8PiKJln+if9q8g2pFbQHMERQNqP7dTBT
 gaoW5yXQbQZ88e0s6y58X69pm7kpqW/Zbk8tQZzncX/12K49uALl2RPu6Qyn1tbL
 s7TkRaDWaoyNgc73IozUGuRqZLQlLGAWr+2WO9uEg0jGf42N3FXj+THP7Wb0ekhi
 Tj3O9BluNcFFeUXnTasqbjjkzwu9oHGJoAYnOa3nOTpwKq1zhHedmaxanfy9Gw+2
 CdPl/l/P7s1p96r8y2AhvzPSV0ZAItUSh5VvnPhg1J99M/uquzecC3LAwluep+jO
 35GqtifX3xjo9H5OCVB3Tzpa8no4xJVB7+1UE+5soBj+DR8vmqE=
 =AOf1
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.10-20170731' into staging

ppc patch queue 2017-07-31

This has a couple of last minute bugfixes for qemu 2.10.

# gpg: Signature made Mon 31 Jul 2017 05:25:54 BST
# gpg:                using RSA key 0x6C38CACA20D9B392
# gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>"
# gpg:                 aka "David Gibson (Red Hat) <dgibson@redhat.com>"
# gpg:                 aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>"
# gpg:                 aka "David Gibson (kernel.org) <dwg@kernel.org>"
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 B392

* remotes/dgibson/tags/ppc-for-2.10-20170731:
  Revert "spapr: populate device tree depending on XIVE_EXPLOIT option"
  spapr_drc: fix realize and unrealize

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-07-31 09:59:26 +01:00
David Gibson
fc7e0765fc Revert "spapr: populate device tree depending on XIVE_EXPLOIT option"
This reverts commit b87680427e.

I thought this was a harmless preliminary for XIVE enablement patches
we expect later on.  However, due to some subtle interactions between
qemu and SLOF (guest firmware) this breaks some things.  Revert it for
now, we'll work out how to fix it when the rest of the XIVE patches
are ready.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-07-29 16:22:14 +10:00
Greg Kurz
bf26ae32a9 spapr_drc: fix realize and unrealize
If object_property_add_alias() returns an error in realize(), we should
propagate it to the caller and certainly not unref the DRC.

Same thing goes for unrealize(). Since object_property_del() is the last
call, we can even get rid of the intermediate Error *.

And finally, unrealize() should undo all registrations performed by
realize().

Signed-off-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-07-29 16:22:14 +10:00
Peter Maydell
a588c4985e nbd patches for 2017-07-28
- Philippe Mathieu-Daudé - nbd: fix memory leak in nbd_opt_go()
 -----BEGIN PGP SIGNATURE-----
 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg
 
 iQEcBAABCAAGBQJZe217AAoJEKeha0olJ0NqbRUIAIdzEUgOfXKOrihdsENF17cB
 CkkqM4H0coRgBkk0w94kAFxew20UC7zJ4c098NRZi5M88VyUj5c87fkz6SKzexnZ
 E4jJSaTwT/xx8NCfdW4R0joWlLnVsK150WMlmJBUkBEhbTUlW2xTdL+IqJORhJyv
 1LcVKCYOS+7hyPnJkXmWM8SSbRHd3y2ejnUBlzhdZLwpiJ5hg4538D8z35qK3nHK
 qrF9JRPVzfCOTopiH2MfjluP1J7PrVFiM32gyj/8OxvTT4v3t0Q26JLbX2AJybnF
 jUHvLhutxvHCKL9+p1QpyNiIdI4IBtirUOVmdJWsAZ4Rr+U/jLc+S1HpO3eV65g=
 =3Dal
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2017-07-28' into staging

nbd patches for 2017-07-28

- Philippe Mathieu-Daudé - nbd: fix memory leak in nbd_opt_go()

# gpg: Signature made Fri 28 Jul 2017 17:59:39 BST
# gpg:                using RSA key 0xA7A16B4A2527436A
# gpg: Good signature from "Eric Blake <eblake@redhat.com>"
# gpg:                 aka "Eric Blake (Free Software Programmer) <ebb9@byu.net>"
# gpg:                 aka "[jpeg image of size 6874]"
# Primary key fingerprint: 71C2 CC22 B1C4 6029 27D2  F3AA A7A1 6B4A 2527 436A

* remotes/ericb/tags/pull-nbd-2017-07-28:
  nbd: fix memory leak in nbd_opt_go()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-07-28 18:17:44 +01:00
Philippe Mathieu-Daudé
158b9aa568 nbd: fix memory leak in nbd_opt_go()
nbd/client.c:385:12: warning: Potential leak of memory pointed to by 'buf'

Reported-by: Clang Static Analyzer
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20170727024224.22900-5-f4bug@amsat.org>
[introduced in commit 8ecaeae8]
Signed-off-by: Eric Blake <eblake@redhat.com>
2017-07-28 11:58:20 -05:00
Peter Maydell
3aabfec2c8 MIPS patches 2017-07-28
Changes:
 * Improve ths MIPS board kernel load error reporting
 * Revert unnecessary warning messages
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.5 (GNU/Linux)
 
 iQIVAwUAWXsyeCI464bV95fCAQJwLA//S/4pz25g3tGtrjZR+7GQnMUyY4jl7a70
 +ut7uGCU9/6KgbAL3XgCLVaxAAth5Swh7rrOb2Yp1TxyL4PC/M4o/dYaKY8+okWu
 /s4v2UFSwtZPkVCkzeZRMx/suM9jAdFuEkB9CzwPKVyqnC5ghZs68xWZMuSi8cyL
 VPj8ovPEo7G5Sw1icSRHq9jdmi5lOMI72U+AFC8hz6r6IWVI584vR7D7ozqharhV
 7JK5oY5gFFeq39Ip8sRiP+VXaclroOg5nC+NTVcArtRGgvTSxWz7SQhTusbSALX3
 Q/iCyecpEkK88AOesGVcRZPA3no5zkCBbnSbxU0E/Eq1wYQmOg1D25WFsirUNhS+
 JhspYVmAIWZ9S8mdaLtEJEkJW+3srMauB7HGLCSravgWH1ZKVEqI10Ewsew2mErb
 ncPvO3flH9y1QFqwMZy8879WMVBF5Z4dGDwnF+fShj9TDgFPwrtDK6aaIV9kC+iQ
 dh8rOSw7RQYigqj1VWIF356n1R2c1V0fvI0d8jJqau+SbNRQYFMJ4UaCFQtzD748
 FUPuP5rCOs+BxyYBYQnW5nSn7Jno19imQEwxDAfSATDDTTKM8moK97ZrisMzXT0S
 3UcgfBapcyL9RCXi4/Ums2Q5GIVXtxi2xsZ0HW1ZIezIs0UpmMqOfsMXiDfD+fFC
 hcpKCFsGCTo=
 =ci7G
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/yongbok/tags/mips-20170728' into staging

MIPS patches 2017-07-28

Changes:
* Improve ths MIPS board kernel load error reporting
* Revert unnecessary warning messages

# gpg: Signature made Fri 28 Jul 2017 13:47:52 BST
# gpg:                using RSA key 0x2238EB86D5F797C2
# gpg: Good signature from "Yongbok Kim <yongbok.kim@imgtec.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 8600 4CF5 3415 A5D9 4CFA  2B5C 2238 EB86 D5F7 97C2

* remotes/yongbok/tags/mips-20170728:
  Revert "elf-loader: warn about invalid endianness"
  hw/mips: load_elf_strerror to report kernel loading failure

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-07-28 15:32:44 +01:00
Peter Maydell
762971738c ui: more keymap fixes for 2.10
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJZezUVAAoJEEy22O7T6HE4ZPsP/1IG6CLs6x49ckjfKDIZnjIv
 NVjrI0kvj4okZApDT7ro/4B4NqTTP87pPCF7fEW5P3Qh+BbVkiyKRdDJHR0dk5kG
 EMQQOvZAvyq9xWoq0r+Mhh7fQmqLDXDUse88eFXk24fc73JQWsrIDRltpCJYMTLX
 F6mKCylgM86n3UBTxhDDylMX5Zui+qiToT88LJ+Eorj6HosD36Fu1cH4v3lB0YSb
 DbipMx1dbGydJNTjSaKl42etLAbHpqtlfNlAXkprksM3wnxhAQedgddQ2M2JNgUZ
 ep3LisR4iIA6mUBt/MnO7SWCPypOpiXAyR0MbEy4bk7SpaQ/sidE5ti+ckA0plBJ
 HgbvsWBLAfoQ1R4bUQm2He8z7GyKpJOowZm10y+feKvaF4GjIszlQF5r+Zihy8iF
 HjqlEIeLaqz34lHOMPfpa6MzCHpFXwY8yaHpTh2nUKyI4lgnuhO32uupiaVBnWQq
 JrGIr3wDOTJ0CTnOqu1WLRKnE6n+xI2skQ4dcJ0tOPVx7rPhtm8K5JBYRyb77ELQ
 HA3bV5kTJZLCGPjikl7At3Ekyx28sseGEBaGd4GeYBMCGKoeThAxNi0JDh/zRby8
 WxRKrxdiRj88qBuNSpneWHQ4EjyTG5hzbfNFC0yG7mq5hvG0tYxthe6msF0omwbz
 dMp3f5pwWpmQ0kiny3Pf
 =jdk3
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/ui-20170728-pull-request' into staging

ui: more keymap fixes for 2.10

# gpg: Signature made Fri 28 Jul 2017 13:59:01 BST
# gpg:                using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/ui-20170728-pull-request:
  ui: add pause key to linux_to_qcode
  ui: drop ac_search and ac_stop
  ui: correctly detect spice PAUSE scancode sequence

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-07-28 14:20:17 +01:00
Alexey Kardashevskiy
665df9010a Revert "elf-loader: warn about invalid endianness"
This reverts c8e1158cf6 "elf-loader: warn about invalid endianness"
as it produces a useless message every time an LE kernel image is
passed via -kernel on a ppc64-pseries machine. The pseries machine
already checks for ELF_LOAD_WRONG_ENDIAN and tries with big_endian=0.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
2017-07-28 13:32:32 +01:00
Aurelien Jarno
3ee3122c0d hw/mips: load_elf_strerror to report kernel loading failure
Emulated MIPS boards bail out with a simple "could not load kernel" when
a kernel could not be load, without specifying the underlying reason.
Fix that by calling load_elf_strerror.

At the same time use error_report to report the error instead of
fprintf.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
2017-07-28 13:32:32 +01:00
Gerd Hoffmann
ef58430d5d ui: add pause key to linux_to_qcode
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 20170728063432.27578-1-kraxel@redhat.com
2017-07-28 12:35:40 +02:00
Gerd Hoffmann
103dce8f75 ui: drop ac_search and ac_stop
Both keys exist already: "ac_search" is "find" and "ac_stop" is "stop".

Fixes: 37810e8055
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 20170728063415.27480-1-kraxel@redhat.com
2017-07-28 12:35:40 +02:00
Daniel P. Berrange
e92316ad30 ui: correctly detect spice PAUSE scancode sequence
The SPICE input code is currently detcting 0xe1 0x1d 0x45 as
the PAUSE key make sequence and 0xe1 0x9d 0xc5 as the break
sequence. This is incorrect, because all 6 scancodes together
are the make sequence, and there is no break sequence.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 20170727174640.30359-1-berrange@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2017-07-28 12:35:40 +02:00
Peter Maydell
871a0f7ad2 More s390x fixes: Correct ilen, and ccw checking.
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJZewBGAAoJEN7Pa5PG8C+v6EUP/1A5Gz/A06jfEqupyTrbWxRO
 CkOLIKQhcKaBHtfF+RpwOvSzcEoNN8Z5l6t6ymVo7/o493avZkhxtSwiWLm9ziAf
 XghEumAggVdjyaJVyvr1kZouJMtN8J8MZc4loBvY99l2DWRs5Rl8P4l9XISWyWmB
 1XgAodOB+DF7Syy2/PgAfxNoVaCSHh1UPNnqwMxj8X+kzJUCbWC4CjeVR1yeLz7j
 ULiiqmVwYSPW6MTf46BrlP+4zKwIIw/Euj0+KCqxfmRg6RPQ/l14whrwkxvF73dI
 tEOqWqc8t0oq1G0ak3c8VvM2w4j9fascvN+piz5/i+65+MoyuVMKJBzryLLEM69s
 ozYIMQ0hfG/KH7uMpccGV0RDzr750wZyU/cZKTgDYjfGOV/CfEQEhjyWISkAZCB7
 sV3daivO+DzMcsdWDwU/XG3cnG6/5Pc2p61wYTKw3KnXV3cLv1bwe2b9aFUpymwA
 VIHHSBW2qX0PK7CzeKGMyOckxYS6swTuUVQBGRPH4VUNR0HmjI59yJrv0iULCxQy
 4hDgkHgJcbOPm8d9gwQLJXmcu0Ub8PPI21jxqodhWVhRB9LLOuNLqJCq3Fh+QdZi
 L94++GMgqve5AIb+h3yAMCxiT+4RRUdlBiUEaPKZJj7dEsBIteIXaHLvxY6s+zPl
 0K1Jwdvtgmp25Qn8NAtP
 =CWHT
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20170728' into staging

More s390x fixes: Correct ilen, and ccw checking.

# gpg: Signature made Fri 28 Jul 2017 10:13:42 BST
# gpg:                using RSA key 0xDECF6B93C6F02FAF
# gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>"
# gpg:                 aka "Cornelia Huck <huckc@linux.vnet.ibm.com>"
# gpg:                 aka "Cornelia Huck <cornelia.huck@de.ibm.com>"
# gpg:                 aka "Cornelia Huck <cohuck@kernel.org>"
# Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0  18CE DECF 6B93 C6F0 2FAF

* remotes/cohuck/tags/s390x-20170728:
  s390x/css: fix bits must be zero check for TIC
  s390x/css: check ccw address validity
  target/s390x: fix pgm irq ilen in translate_pages()
  target/s390x: fix pgm irq ilen for stsi

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-07-28 10:35:02 +01:00
Halil Pasic
4add0da649 s390x/css: fix bits must be zero check for TIC
According to the PoP bit positions 0-3 and 8-32 of the format-1 CCW must
contain zeros.  Bits 0-3 are already covered by cmd_code validity
checking, and bit 32 is covered by the CCW address checking.

Bits 8-31 correspond to CCW1.flags and CCW1.count.  Currently we only
check for the absence of certain flags.  Let's fix this.

Signed-off-by: Halil Pasic <pasic@linux.vnet.ibm.com>
Message-Id: <20170725224442.13383-3-pasic@linux.vnet.ibm.com>
Reviewed-by: Dong Jia Shi <bjsdjshi@linux.vnet.ibm.com>
[CH: tweaked comment]
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-07-28 10:06:25 +02:00
Halil Pasic
198c0d1f9d s390x/css: check ccw address validity
According to the PoP channel command words (CCW) must be doubleword
aligned and 31 bit addressable for format 1 and 24 bit addressable for
format 0 CCWs.

If the channel subsystem encounters a ccw address which does not satisfy
this alignment requirement a program-check condition is recognised.

The situation with 31 bit addressable is a bit more complicated: both the
ORB and a format 1 CCW TIC hold the address of (the rest of) the channel
program, that is the address of the next CCW in a word, and the PoP
mandates that bit 0 of that word shall be zero -- or a program-check
condition is to be recognized -- and does not belong to the field holding
the ccw address.

Since in code the corresponding fields span across the whole word (unlike
in PoP where these are defined as 31 bit wide) we can check this by
applying a mask. The 24 addressable case isn't affecting TIC because the
address is composed of a halfword and a byte portion (no additional zero
bit requirements) and just slightly complicates the ORB case where also
bits 1-7 need to be zero.

The same requirements (especially n-bit addressability) apply to the
ccw addresses generated while chaining.

Let's make our CSS implementation follow the AR more closely.

Signed-off-by: Halil Pasic <pasic@linux.vnet.ibm.com>
Message-Id: <20170727154842.23427-1-pasic@linux.vnet.ibm.com>
Reviewed-by: Dong Jia Shi <bjsdjshi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-07-28 10:06:25 +02:00
David Hildenbrand
98987d30b6 target/s390x: fix pgm irq ilen in translate_pages()
0 is certainly wrong. Let's use ILEN_AUTO.

Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20170721125609.11117-3-david@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-07-28 10:06:25 +02:00
David Hildenbrand
031631c3cf target/s390x: fix pgm irq ilen for stsi
The instruction is 4 bytes long.

Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20170721125609.11117-2-david@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-07-28 10:06:25 +02:00
Peter Maydell
e01151de16 ui: keymap fixes for 2.10
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJZefHmAAoJEEy22O7T6HE4PR8P/ig/NaLdR0LeDKPPlwgJcYTi
 EOw7MXlO7gMKJfU7POJ87qE09vIfdRJN8wsnCZdxQ4q3YfWwFrWCHNzsVdvh5reO
 HiQ/QCjNJlI756UslPvbnD+agt2oTchlvDeT9WPlqqb2ByXZLTMNEUoxPR9Dm5SO
 Jal26X5Qy9452c2u0Ivqv8JSFB0jb11SSL7FemiG0yaPn+xbaLh25UhE9VXcd1Yx
 FsHlFJDaXZan7wl0WuY4gDIbp3/Z5a1SdBsJ4eb34Awke4zS7uRO05mBRU+uOjWG
 5OtSFQEpGxVQbZhPV0mqMC4LsWZZVqRFhBVqum2SFU/EB35Vinpn7a5kZAPqqlW2
 u60bPr7GBX7izlISaD0ZFbldsaGTmAnoNxVFZ1UuHNQdEnzB/WR2m+tnTYhzOLBu
 PQpmY/Bk+WQdwJdWWHKYsEc99lZN+7qzazafRauvXoZKbO33WeIV4e7WyokMkqbv
 nUXLi9r0cwNmUTRz8mD2hai74HUpHreJqf8hQOiD5BaDbmOf2e9+ru04kxU+r35a
 jZ1jvLKdO6iLIMfzuSAz+uRZDzVXhJw1Gv/P4ZhJx8SHlu0ker4VBUUUCYfCkZvN
 ySWQYQ5LY3iDe/ro9TpSXyVeIX1z3itGmQMJCHsAfK2SyVcoV+Zr8+joqwQCyCRE
 TiNEzQSq0DeDeDI2x7Rf
 =ek0x
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/ui-20170727-pull-request' into staging

ui: keymap fixes for 2.10

# gpg: Signature made Thu 27 Jul 2017 15:00:06 BST
# gpg:                using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/ui-20170727-pull-request:
  ps2: fix sending of PAUSE/BREAK scancodes
  ui: drop altgr and altgr_r QKeyCodes
  ps2: enable multimedia keys
  ui: add multimedia keys
  ui: update keymaps
  ui: move qemu_input_linux_to_qcode()
  ui: add next and prior keysyms

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-07-27 15:27:06 +01:00
Daniel P. Berrange
7c388dbd0b ps2: fix sending of PAUSE/BREAK scancodes
The processing of the scancodes for PAUSE/BREAK  has been broken since
the conversion to qcodes in:

  commit 8c10e0baf0
  Author: Hervé Poussineau <hpoussin@reactos.org>
  Date:   Thu Sep 15 22:06:26 2016 +0200

    ps2: use QEMU qcodes instead of scancodes

When using a VNC client, with the raw scancode extension, the client
will send a scancode of 0xc6 for both PAUSE and BREAK. There is mistakenly
no entry in the qcode_to_number table for this scancode, so
ps2_keyboard_event() just generates a log message and discards the
scancode

When using a SPICE client, it will also send 0xc6 for BREAK, but
will send 0xe1 0x1d 0x45 0xe1 0x9d 0xc5 for PAUSE. There is no
entry in the qcode_to_number table for the scancode 0xe1 because
it is a special XT keyboard prefix not mapping to any QKeyCode.
Again ps2_keyboard_event() just generates a log message and discards
the scancode. The following 0x1d, 0x45, 0x9d, 0xc5 scancodes get
handled correctly. Rather than trying to handle 3 byte sequences
of scancodes in the PS/2 driver, special case the SPICE input
code so that it captures the 3 byte pause sequence and turns it
into a Pause QKeyCode.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 20170727113243.23991-1-berrange@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2017-07-27 14:24:05 +02:00
Gerd Hoffmann
912092b8e4 ui: drop altgr and altgr_r QKeyCodes
The right alt key (alt_r aka KEY_RIGHTALT) is used for AltGr.
The altgr and altgr_r keys simply don't exist.  Drop them.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 20170727104720.30061-1-kraxel@redhat.com
2017-07-27 14:23:33 +02:00
Gerd Hoffmann
0500cb1d25 ps2: enable multimedia keys
Fixes: 8c10e0baf0
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 20170726152918.11995-6-kraxel@redhat.com
2017-07-27 14:23:10 +02:00
Gerd Hoffmann
37810e8055 ui: add multimedia keys
Add multimedia keys to QKeyCodes and to the keymaps.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 20170726152918.11995-5-kraxel@redhat.com
2017-07-27 14:23:10 +02:00
Gerd Hoffmann
9ade7759ed ui: update keymaps
Add recently added QKeyCodes to the keymaps.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 20170726152918.11995-4-kraxel@redhat.com
2017-07-27 14:23:09 +02:00
Gerd Hoffmann
606eb0c649 ui: move qemu_input_linux_to_qcode()
Move from input-linux.c to input-keymap.c and export it,
so the function is available elsewhere too.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 20170726152918.11995-3-kraxel@redhat.com
2017-07-27 14:23:09 +02:00
Gerd Hoffmann
d52a1a9102 ui: add next and prior keysyms
Page-up and Page-down were renamed.  Add the names to the keysym list
so we can parse both old and new names.  The keypad versions are already
present in the vnc map.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 20170726152918.11995-2-kraxel@redhat.com
2017-07-27 14:23:09 +02:00
Peter Maydell
6be37cc583 VFIO fixes 2017-07-26
- Error path use after free bug fixes (Philippe Mathieu-Daudé)
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.14 (GNU/Linux)
 
 iQIcBAABAgAGBQJZeNYMAAoJECObm247sIsi33UQAJyGyE/szH8Z2wJAuY1poK+6
 OLw65KtGpCNLKt9+DEt1y0aA5arK/rjrLmdn/7D+A1IHLHbQcb/C+PvMhv5Mo2s0
 SckwUmgL9hohgvpcJuybNpLs1IFbEUt2IekEkczwYoVrGZXh3DlNaxPh+PVz80kt
 P0Lp/EQ9lvKNxbvZq+D6jHDkt0ICheqI43nA641qxpDlZq7DfnQdkuNFJq0ZPe+k
 QKW0FkwfEG5mmofVhq6+xu0IyuVDJJmyqcrYB+rUCk2amKOMkzSpzxjOPPiEP4u2
 XBIvmNWjhZwptIBV6o42ASi2zwv7k7l+yCw94EY89nlCqDHGXH6OyXxF99Sua94D
 h5oV5mq0Bx/xK6wt22RCOgwt1xaHakjuoV2vFheyNA5K2C+s1sWv03TrarxHC8PI
 vuZFlRwBhiiFcAVc0/RMUvP6kqSpr0taEetnCEc7WS6zlXls98BtoH/Cc/YeZah9
 ybL1VZ75Hz5DpdsXyFQoeC2Hiap+AVEXpAqrPVwdVe2LkRpP5015u5qMATSfo3kV
 SmF1hCN7300omp24LReEqFvhlaRW7whkFlDF0UzF6cg2vXQXtxB0MauwcmXuZ+cZ
 laUcqyXkwZsy83fZwiQKXsHIzy8WiR8XP4yyihMYPSIP7WL41Al1gRROX5aSr5R+
 fGRdLrZ3AooByfFF7l8T
 =zmWF
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/awilliam/tags/vfio-fixes-20170726.0' into staging

VFIO fixes 2017-07-26

 - Error path use after free bug fixes (Philippe Mathieu-Daudé)

# gpg: Signature made Wed 26 Jul 2017 18:49:00 BST
# gpg:                using RSA key 0x239B9B6E3BB08B22
# gpg: Good signature from "Alex Williamson <alex.williamson@redhat.com>"
# gpg:                 aka "Alex Williamson <alex@shazbot.org>"
# gpg:                 aka "Alex Williamson <alwillia@redhat.com>"
# gpg:                 aka "Alex Williamson <alex.l.williamson@gmail.com>"
# Primary key fingerprint: 42F6 C04E 540B D1A9 9E7B  8A90 239B 9B6E 3BB0 8B22

* remotes/awilliam/tags/vfio-fixes-20170726.0:
  vfio/pci: fix use of freed memory
  vfio/platform: fix use of freed memory

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-07-27 10:49:05 +01:00
Peter Maydell
2dca6d9e7e x86 bug fix for -rc1
Fix for a bug in "-cpu max" that breaks libvirt usage of
 query-cpu-model-expansion.
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABCAAGBQJZeODwAAoJECgHk2+YTcWmSPsQALAiv1pAUfXmKbhionOX3NTA
 mrGzKItg1eyRQw2n83z/S9AzSWTgPEKban5e+7JvJvJMzHMgs6ug3xS/F3U02Z8b
 TvBX0qN/cZCuSrxcDs7H1dujfuYJKoBekUVeiiCifJRINuWR1Y2rgPLFnEkCTh+w
 dRqhm2x3PpdmSgdKeQQM3mCC3pFwYmzkPtC08bbnJ2kAzw8B8Pgu2gA4ttFqHaVK
 JbUXxdYA6qZdVAUa9OHlP54NVh34jzK8piptpTOBgHXK7dKuEMLLE32j9St5oy3r
 SdPu81pJ66i45rkm3cQuatbjYCupA7cVgg/LMUWSTMPbmbAw2dcmvkzQAK178jD3
 sASvhJn36hd2GHiC2mLfeQ75IN7SA7Zk/R397cl72fubVi/pW21QHNy3DBsnMVI9
 iclwpZm7/k/goBegsqIA3Tr8LzN/YdOkhkpzyA1OpVtMsjcdlHNzokZmFT55wfTA
 cCZu+OwQdhyFyJJvc5ZOWVDLm2ezwQkJ1CldBlFOHD2CCTYunp/M0u6TdRyI3lN/
 gdAdy1Ws5og5hVw6d7npDLPgqdszPAaMrQTxKr4SqDi66qy/MvLY/zWDn0PgRxur
 EyyXjnPCuDlzoWneh6yhNRUifGQcQ6v3bSf6kYCZLJRwIM82iSnH0cHljgp6LTND
 YMjnawcJNUJk4euBnAoy
 =41wG
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/ehabkost/tags/x86-pull-request' into staging

x86 bug fix for -rc1

Fix for a bug in "-cpu max" that breaks libvirt usage of
query-cpu-model-expansion.

# gpg: Signature made Wed 26 Jul 2017 19:35:28 BST
# gpg:                using RSA key 0x2807936F984DC5A6
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>"
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF  D1AA 2807 936F 984D C5A6

* remotes/ehabkost/tags/x86-pull-request:
  target/i386: Don't use x86_cpu_load_def() on "max" CPU model
  target/i386: Define CPUID_MODEL_ID_SZ macro
  target/i386: Use host_vendor_fms() in max_x86_cpu_initfn()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-07-27 10:15:11 +01:00
Eduardo Habkost
bd1820227e target/i386: Don't use x86_cpu_load_def() on "max" CPU model
When commit 0bacd8b304 ('i386: Don't set CPUClass::cpu_def on
"max" model') removed the CPUClass::cpu_def field, we kept using
the x86_cpu_load_def() helper directly in max_x86_cpu_initfn(),
emulating the previous behavior when CPUClass::cpu_def was set.

However, x86_cpu_load_def() is intended to help initialization of
CPU models from the builtin_x86_defs table, and does lots of
other steps that are not necessary for "max".

One of the things x86_cpu_load_def() do is to set the properties
listed at tcg_default_props/kvm_default_props.  We must not do
that on the "max" CPU model, otherwise under KVM we will
incorrectly report all KVM features as always available, and the
"svm" feature as always unavailable.  The latter caused the bug
reported at:

  https://bugzilla.redhat.com/show_bug.cgi?id=1467599
  ("Unable to start domain: the CPU is incompatible with host CPU:
  Host CPU does not provide required features: svm")

Replace x86_cpu_load_def() with simple object_property_set*()
calls.  In addition to fixing the above bug, this makes the KVM
branch in max_x86_cpu_initfn() very similar to the existing TCG
branch.

For reference, the full list of steps performed by
x86_cpu_load_def() is:

* Setting min-level and min-xlevel.  Already done by
  max_x86_cpu_initfn().
* Setting family/model/stepping/model-id.  Done by the code added
  to max_x86_cpu_initfn() in this patch.
* Copying def->features.  Wrong because "-cpu max" features need to
  be calculated at realize time.  This was not a problem in the
  current code because host_cpudef.features was all zeroes.
* x86_cpu_apply_props() calls.  This causes the bug above, and
  shouldn't be done.
* Setting CPUID_EXT_HYPERVISOR.  Not needed because it is already
  reported by x86_cpu_get_supported_feature_word(), and because
  "-cpu max" features need to be calculated at realize time.
* Setting CPU vendor to host CPU vendor if on KVM mode.
  Redundant, because max_x86_cpu_initfn() already sets it to the
  host CPU vendor.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20170712162058.10538-5-ehabkost@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2017-07-26 14:55:12 -03:00