Code grew a bit, had to disable CONFIG_USB_UAS to make the
bios for the old machine types continue top fit into 128k.
git shortlog since 1.7.4:
Eric Northup (2):
init_virtio_blk, init_virtio_scsi: reset HBA on error
vp_init_simple: enable PCI bus-mastering before relying on DMA.
Gabriel L. Somlo (1):
SMBIOS: Check for aggregate tables & entry point in fw_cfg
Gerd Hoffmann (4):
smbios: catch zero-length strings
pci: improve io address space allocation
xhci: allocate scratch pad buffers
vga: rework bar detection, add virtio-vga
Johannes Krampf (5):
build: Remove unneccesary semicolons from acpi_extract scripts.
build: Make print statements in scripts python3 compatible.
build: Be explicit that we want integers when dividing for python3 compat.
build: Avoid sort() on unordered classes for python3 compatibility.
build: Be careful with unicode and byte strings for python3 compatibility.
Kevin O'Connor (79):
build: Don't trash the .config file when src/Kconfig changes.
Remove the pmm handle argument from _malloc().
Clear the total block transfer count on error.
Remove unnecesary updates of the disk op->count field.
Always perform thread cleanup on MainThread stack.
pvscsi: Don't store reference to struct pci_device.
pvscsi: Always run entirely in 32bit mode.
pvscsi: Remove use of LOWFLAT and GLOBALFLAT macros.
usb: Replace EHCI to UHCI/OHCI synchronization with new scheme.
Minor - pciinit.c - order header files and use static on local functions.
Minor - fix misspelling in romfile.c comment.
ehci: memset the qTD structures in ehci_alloc_intr_pipe
build: Update kconfig to version in Linux 3.13.
scripts: Allow encodeint.py to take integers in hex notation.
coreboot: Support alternative locations for CBFS.
debug: Add runtime option to not report the debug serial port to the OS.
debug: Only call serial_debug_preinit() at startup.
debug: Unify the SeaBIOS debug version banner.
xhci: Use 64bit writes to ERDP register.
xhci: Fix incorrect direction setting on status transmissions.
xhci: Set the interval parameter on interrupt pipes.
xhci: Verify PAGESIZE register before initializing driver.
xhci: Allocate and free the xhci inctx structure on each use.
xhci: Move set_address code from xhci_control to xhci_alloc_pipe.
xhci: Eliminate 'struct xhci_device'.
xhci: Support xhci controllers with 64 byte contexts.
xhci: Allow the XHCI USB controller to be enabled for coreboot.
xhci: Don't use a dummy endpoint count in configure command.
xhci: Report the "protocol defined" and PSIC bits of extended capabilities.
xhci: Support USB hubs on xhci controllers.
Add call32_params() helper function.
Add space between DTYPE_* definitions.
xhci: Run the XHCI driver entirely in 32bit mode.
Remove pci_writel() and pci_readl() functions.
xhci: Check if scratch pad allocation fails.
Increase maximum size of permanent high memory area.
usb: USB 3 devices encode bMaxPacketSize0 field.
usb: Move default pipe max packet size code from xhci to main code.
xhci: Use the same endpoint initialization code in xhci_alloc_pipe()
xhci: Add copyright notice to usb-xhci.c
vgabios: Make sure exported structs use PACKED.
vgabios: Simplify the bios save state area.
vgabios: Simplify save/restore mechanism.
vgabios: Attempt to detect old x86emu and force a fault.
vgabios: Don't interpret TAB character.
vgabios: Refactor write_teletype and write_chars.
vgabios: Make sure stdvga_list_modes() doesn't overrun the buffer.
coreboot: Add support for a "links" file to have aliases in CBFS.
Enhance nullTrailingSpace() so that it can also skip leading spaces.
coreboot: Move links file processing to its own function.
vgabios: Fix PMM allocation request size.
smbios: Default all values to zero.
usb: Only disable HID devices if both USB_MOUSE and USB_KEYBOARD are off.
Minor - fix some typos in comments.
Replace CONFIG_THREAD_OPTIONROMS with a runtime config setting.
acpi: Move acpi parsing logic from acpi.c to biostables.c / paravirt.c.
smbios: Move smbios parsing logic from smbios.c to biostables.c.
Move PirAddr definition from pirtable.c to biostables.c.
Use biostables.c for copying bios tables even when generating them.
Document no new changes to pirtable.c, mptable.c, acpi.c, and smbios.c.
apm: Remove old Bochs mechanism for shutdown/suspend/standby.
Minor - remove unused includes from pci.c.
vgabios: Add option to control use of standard VGA IO ports.
vgabios: Split vgafb_scroll() into separate move and clear functions.
vgabios: Rewrite vgafb.c graphics operations to set of 4 standard operators.
vgabios: Introduce text_address().
vgabios: Add support for manipulating framebuffers in high memory.
Set the color attribute when calling vgabios print character.
vgabios: PMM scan was incorrectly depending on a zero %ds segment.
coreboot: Make coreboot table searching available to other code.
vgabios: Initial support for coreboot native vga vgabios.
Minor - replace some tab characters that slipped into the code.
Factor out smbios table walking from display_uuid to smbios_next().
vgabios: Define PlatformRunningOn to make compile happy.
If an int 1587 call is made from an option rom, stay in bigreal mode.
xhci: Use msleep() instead of mdelay() for port status delay.
build: Make sure romlayout.o is recompiled on Kconfig change.
Fix int 1589 calls when CONFIG_ENTRY_EXTRASTACK is enabled.
acpi: Fix acpi dsdt compile warning.
Laszlo Ersek (1):
init_virtio_scsi(): reset the HBA before freeing its virtio ring
Marcel Apfelbaum (3):
resume: restore piix pm config registers after resume
hw/pci: reserve IO and mem for pci-2-pci bridges with no devices attached
hw/pci: check if pci2pci bridges implement optional limit registers
Roger Pau Monne (1):
ld: don't hardcode "-melf_i386"
Sander Eikelenboom (1):
Prevent build failure by not splitting line in the middle of arguments to checkrom.py script
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
There are a variety of common cases for which we can use carry tricks to
avoid a conditional branch. On very new hardware, use LOAD ON CONDITION
instead of a conditional branch.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Elides two insns from the sequence. The resulting tlb compare
sequence is satisfyingly minimal:
risbg %r2,%r8,51,186,56
risbg %r3,%r8,61,178,0
cg %r3,904(%r10,%r2)
lg %r2,920(%r10,%r2)
jlh tlb_miss
Signed-off-by: Richard Henderson <rth@twiddle.net>
Commit af3cbfbe80 hoisted some "common"
loads of the temporary type, forgetting that the types could differ
during truncating moves. This affects the correctness of the memory
offset on big-endian hosts.
Tested-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Correct post load checks:
1. dev->setup_len == sizeof(dev->data_buf)
seems fine, no need to fail migration
2. When state is DATA, passing index > len
will cause memcpy with negative length,
resulting in heap overflow
First of the issues was reported by dgilbert.
Reported-by: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
currently the value of the throughput field contains whatever
was the last calculated throughput shortly before the migration
finished.
This patch updates the post migration contents of the field to
the average throughput.
Signed-off-by: Peter Lieven <pl@kamp.de>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
After previous Peter patch, they are redundant. This way we don't
assign them except when needed. Once there, there were lots of case
where the ".fields" indentation was wrong:
.fields = (VMStateField []) {
and
.fields = (VMStateField []) {
Change all the combinations to:
.fields = (VMStateField[]){
The biggest problem (appart from aesthetics) was that checkpatch complained
when we copy&pasted the code from one place to another.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
After previous Peter patch, they are redundant. This way we don't
assign them except when needed. Once there, there were lots of case
where the ".fields" indentation was wrong:
.fields = (VMStateField []) {
and
.fields = (VMStateField []) {
Change all the combinations to:
.fields = (VMStateField[]){
The biggest problem (appart from aesthetics) was that checkpatch complained
when we copy&pasted the code from one place to another.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
ram_save_block is getting a bit too complicated, and does two separate
things:
1) Finds a page to send
2) Sends the page (dealing with compression etc)
Split into 'ram_save_page' to send the page and deal with compression (2)
Rename remaining function to 'ram_find_and_save_block'
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
For xbzrle_decode_buffer(), when decoding contents will exceed writing
buffer, it will return -1, so need not check the return value whether
large than writing buffer.
And when failure occurs within load_xbzrle(), it always return -1
without any resources which need release.
So can remove the related checking statements, and also can remove 'rc'
and 'ret' local variables,
Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
We got the wrong version of stl_p, the one that bswaps as appropriate
for the target. Since x86 is always little-endian, the "_le_" routine
will resolve to what we want.
Signed-off-by: Richard Henderson <rth@twiddle.net>
In fill_prefetch_fifo(), if the device we are reading from is 16 bit,
then we must not try to transfer an odd number of bytes into the FIFO.
This could otherwise have resulted in our overrunning the prefetch.fifo
array by one byte.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
We don't implement very much of the GPTM TAR register, and what we
do is wrong. The "are we in RT mode?" field is in s->config, not
s->control. Correct this, use LOG_UNIMP rather than hw_error()
for the cases we don't support, and avoid an unlabelled fallthrough
that makes Coverity complain.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Add casts to avoid potentially overflowing the multiplications
of 32 bit quantities in exynos4210_ltick_recalc_count().
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Add missing (uint32_t) casts in cases where we're trying to
put a uint16_t value into the top half of a 32-bit field.
These were already present in some but not all places.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
When writing to the YEARS_REG register, if the year value is
99 then the multiplication by 31536000 will overflow into
the sign bit of a 32 bit value and then be erroneously
sign-extended if time_t is 64 bits. Add a cast to avoid this.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Commit 191946c moved the code to handle padding to minimum
length from after the handling of the CRC to before it.
This means that the CRC code doesn't need to cope with the
possibility that the size is less than 60; remove this
dead code.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Add missing 'break' after handling of AW_A10_PIC_BASE_ADDR write.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Linux makes a habit of writing the same value to the SCTLR that it
already holds. In a sample boot of the kernel to a shell prompt
it wrote the SCTLR with the value it already held 325465 times,
and wrote different values just 3 times.
Skip flushing the TLB if the SCTLR value isn't actually being changed;
this speeds up my sample boot by 3-5%.
Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1399560029-19007-1-git-send-email-peter.maydell@linaro.org
Convert this device to use vmstate for its save/load, including
providing a post_load function that sanitizes inbound data to
avoid possible buffer overflows if it is malicious.
The sanitizing fixes CVE-2013-4532 (though nobody should be
relying on the security properties of most of the unmaintained
ARM board models anyway, and migration doesn't actually
work on this board due to issues in other device models).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
The rx_fifo pointer is awkward to migrate, and is actually
redundant since it is always possible to determine it from
the current rx[].len/.data and rx_fifo_len. Remove both
rx_fifo and rx_fifo_len from the state, replacing them with
a simple rx_fifo_offset which points at the current location
in the RX fifo.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Fix various debug format strings which were incorrect for the
data type, so that building with debug enabled is possible.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Packet transmission for the stellaris ethernet controller can be triggered
in one of two ways:
* by setting a threshold value in the THR register; when the FIFO
fill level reaches the threshold, the h/w starts transmitting.
Software has to finish filling the FIFO before the transmit
process completes to avoid a (silent) underrun
* by software writing to the TR register to explicitly trigger
transmission
Since QEMU transmits packets instantaneously (from the guest's
point of view), implement "transmit based on threshold" with
our existing mechanism of "transmit as soon as we have the whole
packet", with the additional wrinkle that we don't transmit if
the packet size is below the specified threshold, and implement
"transmit by specific request" properly.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
The datasheet is clear that the frame length written to the DATA
register is actually stored in the TX FIFO; this means we don't
need to keep both tx_frame_len and tx_fifo_len state separately.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
The PADEN bit in the transmit control register enables padding of short
data packets out to the required minimum length. However a typo here
meant we were adjusting tx_fifo_len rather than tx_frame_len, so the
padding didn't actually happen. Fix this bug.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Cc: qemu-stable@nongnu.org
The current tx_fifo code has a corner case where the guest can overrun
the fifo buffer: if automatic CRCs are disabled we allow the guest to write
the CRC word even if there isn't actually space for it in the FIFO.
The datasheet is unclear about exactly how the hardware deals with this
situation; the most plausible answer seems to be that the CRC word is
just lost.
Implement this fix by separating the "can we stuff another word in the
FIFO" logic from the "should we transmit the packet now" check. This
also moves us closer to the real hardware, which has a number of ways
it can be configured to trigger sending the packet, some of which we
don't implement.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Cc: qemu-stable@nongnu.org
After commit 767adce2d, they are redundant. This way we don't assign them
except when needed. Once there, there were lots of cases where the ".fields"
indentation was wrong:
.fields = (VMStateField []) {
and
.fields = (VMStateField []) {
Change all the combinations to:
.fields = (VMStateField[]){
The biggest problem (apart from aesthetics) was that checkpatch complained
when we copy&pasted the code from one place to another.
Signed-off-by: Juan Quintela <quintela@redhat.com>
[PMM: fixed minor conflict, corrected commit message typos]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Update our copy of libvixl to upstream's 1.4 release.
Note that we no longer need any local fixes for compilation
on 32 bit hosts -- they have all been integrated upstream.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1399040419-9227-1-git-send-email-peter.maydell@linaro.org
Acked-by: Richard Henderson <rth@twiddle.net>
Commit e586822a5 broke the bsd-user build when it removed the
CONFIG_UNAME_RELEASE define but forgot to remove the use of it
in bsd-user. Fix this in the simplest possible way (bsd-user
doesn't make any use at all of the qemu_uname_release variable
except to allow it to be pointlessly set by the user, so this
is all we need to do.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1399648001-20980-1-git-send-email-peter.maydell@linaro.org
The PIIX datasheet says that "before another INIT pulse can be
generated via [port 92h], [bit 0] must be written back to a
zero.
This bug is masked right now because a full reset will clear the
value of port 92h. But once we implement soft reset correctly,
the next attempt to enable the A20 line by setting bit 1 (and
leaving the others untouched) will cause another reset.
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
On the x86, some devices need access to the CPU reset pin (INIT#).
Provide a generic service to do this, using one of the internal
cpu_interrupt targets. Generalize the PPC-specific code for
CPU_INTERRUPT_RESET to other targets.
Since PPC does not support migration across QEMU versions (its
machine types are not versioned yet), I picked the value that
is used on x86, CPU_INTERRUPT_TGT_INT_1. Consequently, TGT_INT_2
and TGT_INT_3 are shifted down by one while keeping their value.
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
SIPI interrupts are ignored on the bootstrap. Never accept one.
Cc: Andreas Faerber <afaerber@suse.de>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Most MSRs, plus the FPU, MMX, MXCSR, XMM and YMM registers should not
be zeroed on INIT (Table 9-1 in the Intel SDM). Copy them out of
CPUX86State and back in, instead of special casing env->pat.
The relevant fields are already consecutive except PAT and SMBASE.
However:
- KVM and Hyper-V MSRs should be reset because they include memory
locations written by the hypervisor. These MSRs are moved together
at the end of the preserved area.
- SVM state can be moved out of the way since it is written by VMRUN.
Cc: Andreas Faerber <afaerber@suse.de>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
BND0-3, BNDCFGU, BNDCFGS, BNDSTATUS were not zeroed on reset, but they
should be (Intel Instruction Set Extensions Programming Reference
319433-015, pages 9-4 and 9-6). Same for YMM.
XCR0 should be reset to 1.
TSC and TSC_RESET were zeroed already by the memset, remove the explicit
assignments.
Cc: Andreas Faerber <afaerber@suse.de>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Now that we have a CPU object with a reset method, it is better to
keep the KVM reset close to the CPU reset. Using qemu_register_reset
as we do now keeps them far apart.
With this patch, PPC no longer calls the kvm_arch_ function, so
it can get removed there. Other arches call it from their CPU
reset handler, and the function gets an ARMCPU/X86CPU/S390CPU.
Note that ARM- and s390-specific functions are called kvm_arm_*
and kvm_s390_*, while x86-specific functions are called kvm_arch_*.
That follows the convention used by the different architectures.
Changing that is the topic of a separate patch.
Reviewed-by: Gleb Natapov <gnatapov@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Instead of manually calling cpu_x86_set_cpl() when the CPL changes,
check for CPL changes on calls to cpu_x86_load_seg_cache(R_CS). Every
location that called cpu_x86_set_cpl() also called
cpu_x86_load_seg_cache(R_CS), so cpu_x86_set_cpl() is no longer
required.
This fixes the SMM handler code as it was not setting/restoring the
CPL level manually.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The cpu_x86_load_seg_cache() function inspects eflags, so make sure
all changes to eflags are done prior to loading the segment caches.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The cpu_x86_load_seg_cache() function inspects cr0 and eflags, so make
sure all changes to eflags and cr0 are done prior to loading the
segment caches.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The svm_load_seg_cache() function calls cpu_x86_load_seg_cache() which
inspects env->eflags. So, make sure all changes to eflags are done
prior to loading the segment cache.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
KVM only supports MSIX table size up to 256 vectors,
but some assigned devices support more vectors,
at the moment attempts to assign them fail with EINVAL.
Tweak the MSIX capability exposed to guest to limit table size
to a supported value.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Gonglei <arei.gonglei@huawei.com>
Cc: qemu-stable@nongnu.org
Acked-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
