Commit Graph

22367 Commits

Author SHA1 Message Date
Paolo Bonzini
b8994faf2a rtc: implement century byte
Implement the century byte in the RTC emulation, and test that it works.
This leads to some annoying compatibility code because we need to treat
a value of 2000 for the base_year property as "use the century byte
properly" (which would be a value of 0).

The century byte will now be always-zero, rather than always-20,
for the MIPS Magnum machine whose base_year is 1980.  Commit 42fc73a
(Support epoch of 1980 in RTC emulation for MIPS Magnum, 2009-01-24)
correctly said:

    With an epoch of 1980 and a year of 2009, one could argue that [the
    century byte] should hold either 0, 1, 19 or 20.  NT 3.50 on MIPS
    does not read the century byte.

so I picked the simplest and most sensible implementation which is to
return 0 for 1980-2079, 1 for 2080-2179 and so on.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-05 08:02:30 -05:00
Paolo Bonzini
e67edb943f rtc: map CMOS index 0x37 to 0x32 on read and writes
QEMU's attempt to implement the century byte cover two possible places
for the byte.  A common one on modern chipsets is 0x32, but QEMU also
stores the value in 0x37 (apparently for IBM PS/2 compatibility---it's
only been 25 years).  To simplify the implementation of the century
byte, store it only at 0x32 but remap transparently 0x37 to 0x32 when
reading and writing from CMOS.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-05 08:02:30 -05:00
Paolo Bonzini
b6db4aca20 rtc: fix overflow in mktimegm
When setting a date in 1980, Linux is actually disregarding the century
byte and setting the year to 2080.  This causes a year-2038 overflow
in mktimegm.  Fix this by doing the days-to-seconds computation in
64-bit math.

Reported-by: Lucas Meneghel Rodrigues <lookkas@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-05 08:02:30 -05:00
Paolo Bonzini
e0fea6b1e4 qtest: implement QTEST_STOP
It is quite difficult to debug qtest test cases without extra wrapper
scripts for QEMU or similar.  This patch adds a simple environment
variable-based trigger that sends a STOP signal to the QEMU instance
under test, before attempting to connect to its QMP session.

This will block execution of the testcase and give time to attach a
debugger to the stopped QEMU process.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-05 08:02:20 -05:00
Stefan Weil
610b823ef6 qemu-barrier: Fix compiler version check for future gcc versions
The current check will give a wrong result for gcc-5.x with x < 4.
Using QEMU_GNUC_PREREQ is simpler and fixes that issue.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-05 08:00:22 -05:00
Jim Meyering
9b9e3ec1b4 doc: update HACKING wrt strncpy/pstrcpy
Reword the section on strncpy: its NUL-filling is important
in some cases.  Mention that pstrcpy's signature is different.

Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-05 07:58:38 -05:00
Jim Meyering
9310b9be14 hw/r2d: add comment: this strncpy use is ok
Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-05 07:58:38 -05:00
Jim Meyering
00ea188125 qcow2: mark this file's sole strncpy use as justified
Acked-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-05 07:58:38 -05:00
Jim Meyering
3cda346269 acpi: remove strzcpy (strncpy-identical) function; just use strncpy
Adjust all uses s/strzcpy/strncpy/ and mark these uses
of strncpy as "ok".

Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-05 07:58:38 -05:00
Jim Meyering
2e679780ae libcacard/vcard_emul_nss: use pstrcpy in place of strncpy
Replace strncpy+NUL-terminate use with use of pstrcpy.
This requires linking with cutils.o (or else vssclient doesn't link),
so add that in the Makefile.

Acked-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-05 07:58:38 -05:00
Jim Meyering
1ab516ed9b qemu-ga: prefer pstrcpy: consistently NUL-terminate ifreq.ifr_name
NUL-termination of the .ifr_name field is not required, but is fine
(and preferable to using strncpy and leaving the reader to wonder),
since the first thing the linux kernel does is to clear the last byte.
Besides, using pstrcpy here makes this setting of ifr_name consistent
with the other code (e.g., net/tap-linux.c) that does the same thing.

Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-05 07:58:37 -05:00
Jim Meyering
9d055d8ac8 vscsi: avoid unwarranted strncpy
Don't use strncpy when the source string is known to fit
in the destination buffer.  Use equivalent memcpy.
We could even use strcpy, here, but some static analyzers
warn about that, so don't add new uses.

Acked-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-05 07:58:37 -05:00
Jim Meyering
9238c2099d virtio-9p: avoid unwarranted uses of strncpy
In all of these cases, the uses of strncpy were unnecessary, since
at each point of use we know that the NUL-terminated source bytes
fit in the destination buffer.  Use memcpy in place of strncpy.

Acked-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-05 07:58:37 -05:00
Jim Meyering
e5fda03839 bt: replace fragile snprintf use and unwarranted strncpy
In bt_hci_name_req a failed snprintf could return len larger than
sizeof(params.name), which means the following memset call would
have a "length" value of (size_t)-1, -2, etc...  Sounds scary.
But currently, one can deduce that there is no problem:
strlen(slave->lmp_name) is guaranteed to be smaller than
CHANGE_LOCAL_NAME_CP_SIZE, which is the same as sizeof(params.name),
so this cannot happen.  Regardless, there is no justification for
using snprintf+memset.  Use pstrcpy instead.

Also, in bt_hci_event_complete_read_local_name, use pstrcpy in place
of unwarranted strncpy.

Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-05 07:58:37 -05:00
Jim Meyering
5847d9e139 ui/vnc: simplify and avoid strncpy
Don't bother with strncpy.  There's no need for its zero-fill.
Use g_strndup in place of g_malloc+strncpy+NUL-terminate.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-05 07:58:37 -05:00
Jim Meyering
900cfbcac6 linux-user: remove two unchecked uses of strdup
Remove two uses of strdup (use g_path_get_basename instead),
and add a comment that this strncpy use is ok.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-05 07:58:37 -05:00
Jim Meyering
ae21506801 ppc: avoid buffer overrun: use pstrcpy, not strncpy
A terminal NUL is required by caller's use of strchr.
It's better not to use strncpy at all, since there is no need
to zero out hundreds of trailing bytes for each iteration.

Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-05 07:58:37 -05:00
Jim Meyering
3eadc68ebd os-posix: avoid buffer overrun
os_set_proc_name: Use pstrcpy, in place of strncpy and the
ineffectual preceding assignment: name[sizeof(name) - 1] = 0;

Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-05 07:58:37 -05:00
Jim Meyering
1044dc1118 lm32: avoid buffer overrun
Actually do what the comment says, using pstrcpy NUL-terminate:
strncpy does not always do that.

Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-05 07:58:37 -05:00
Jim Meyering
a79b5f8b80 hw/9pfs: avoid buffer overrun
v9fs_add_dir_node and qemu_v9fs_synth_add_file used strncpy
to form node->name, which requires NUL-termination, but
strncpy does not ensure NUL-termination.
Use pstrcpy, which does.

Acked-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-05 07:58:37 -05:00
Jim Meyering
d66f8e7bd3 vmdk: relative_path: use pstrcpy in place of strncpy
Avoid strncpy+manual-NUL-terminate.  Use pstrcpy instead.

Acked-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-05 07:58:36 -05:00
Jim Meyering
3178e2755e sheepdog: avoid a few buffer overruns
* parse_vdiname: Use pstrcpy, not strncpy, when the destination
buffer must be NUL-terminated.
* sd_open: Likewise, avoid buffer overrun.
* do_sd_create: Likewise.  Leave the preceding memset, since
pstrcpy does not NUL-fill, and filename needs that.
* sd_snapshot_create: Add a comment/question.
* find_vdi_name: Remove a useless memset.
* sd_snapshot_goto: Remove a useless memset.
Use pstrcpy to NUL-terminate, because find_vdi_name requires
that its vdi arg (filename parameter) be NUL-terminated.
It seems ok not to NUL-fill the buffer.
Do the same for snapid: remove useless memset-0 (instead,
zero tag[0]).  Use pstrcpy, not strncpy.
* sd_snapshot_list: Use pstrcpy, not strncpy to write
into the ->name member.  Each must be NUL-terminated.

Acked-by: Kevin Wolf <kwolf@redhat.com>
Acked-by: MORITA Kazutaka <morita.kazutaka@lab.ntt.co.jp>
Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-05 07:58:36 -05:00
Jim Meyering
c2cba3d931 block: avoid buffer overrun by using pstrcpy, not strncpy
Also, use PATH_MAX, rather than the arbitrary 1024.
Using PATH_MAX is more consistent with other filename-related
variables in this file, like backing_filename and tmp_filename.

Acked-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-05 07:58:36 -05:00
Jim Meyering
bfad67399b sparc: use g_strdup in place of unchecked strdup
This avoids a NULL-deref upon strdup failure.
Also update matching free to g_free.

Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-05 07:58:36 -05:00
Jim Meyering
a5cf8262e4 scsi, pci, qdev, isa-bus, sysbus: don't let *_get_fw_dev_path return NULL
Use g_strdup rather than strdup, because the sole caller
(qdev_get_fw_dev_path_helper) assumes it gets non-NULL, and dereferences
it.  Besides, in that caller, the allocated buffer is already freed with
g_free, so it's better to allocate with a matching g_strdup.

In one case, (scsi-bus.c) it was trivial, so I replaced an snprintf+
g_strdup combination with an equivalent g_strdup_printf use.

Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-05 07:58:36 -05:00
Stefan Weil
58455eb9f2 qemu-sockets: Fix compiler warning (regression for MinGW)
setsockopt needs a type cast for MinGW. That type cast is missing in
a recent commit which results in a compiler warning.

Like for other socket related functions which have the same problem,
we add a 'qemu_setsockopt' macro which provides that type cast where
needed and use the new macro to avoid the warning.

A 'qemu_getsockopt' is also added and can be used for future
modifications.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
2012-10-05 14:49:01 +02:00
Stefan Weil
d69eba2426 vnc: Fix spelling (hellmen -> hellman) in comment
The algorithm was named after Martin E. Hellman.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
2012-10-05 14:25:37 +02:00
Stefan Weil
30daca5f77 slirp: Fix spelling in comment (enought -> enough, insure -> ensure)
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
2012-10-05 14:24:37 +02:00
Peter Maydell
f97713ff19 tcg/arm: Use tcg_out_mov_reg rather than inline equivalent code
Use the recently introduced tcg_out_mov_reg() function rather than
the equivalent inline code.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
2012-10-05 14:12:36 +02:00
Stefan Weil
b2532d88c9 cpu: Add missing 'static' attribute to qemu_global_mutex
Contrary to its name, 'qemu_global_mutex' is only used locally
in cpus.c.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
2012-10-05 14:02:23 +02:00
Stefan Weil
afb63ebd0a configure: Support empty target list (--target-list=)
Specifying an empty target list with --target-list= is shorter
than specifying --disable-user --disable-system.

Both variants should give the same result: no targets at all.

This modification implements that feature.

It uses a trick which works with POSIX compliant shells to test whether
target_list is undefined (=> default targets) or empty (=> no targets).

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
2012-10-05 14:00:36 +02:00
Stefan Weil
7a608f562e hw: Fix return value check for bdrv_read, bdrv_write
Those functions return -errno in case of an error.
The old code would typically only detect EPERM (1) errors.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
2012-10-05 13:54:35 +02:00
Alexander Graf
ef8beb0e94 PPC: KVM: Fix BAT put
In the sregs API, upper and lower 32bit segments of the BAT registers
are swapped when doing a set. Since we need to support old kernels out
there, don't bother to fix it in the kernel, but instead work around
the problem in QEMU by swapping on put.

Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-05 04:38:46 +02:00
Anthony Liguori
a14c74928b Merge remote-tracking branch 'sstabellini/xen-2012-10-03' into staging
* sstabellini/xen-2012-10-03:
  xen: Set the vram dirty when an error occur.
  exec, memory: Call to xen_modified_memory.
  exec: Introduce helper to set dirty flags.
  xen: Introduce xen_modified_memory.
  QMP, Introduce xen-set-global-dirty-log command.
  qemu/xen: Add 64 bits big bar support on qemu
  xen: Fix, no unplug of pt device by platform device.
2012-10-04 19:56:26 -05:00
Anthony Liguori
05d4f2f2ca Merge remote-tracking branch 'kwolf/for-anthony' into staging
* kwolf/for-anthony: (30 commits)
  qemu-iotests: add tests for streaming error handling
  qemu-iotests: map underscore to dash in QMP argument names
  blkdebug: process all set_state rules in the old state
  stream: add on-error argument
  block: introduce block job error
  iostatus: reorganize io error code
  iostatus: change is_read to a bool
  iostatus: move BlockdevOnError declaration to QAPI
  iostatus: rename BlockErrorAction, BlockQMPEventAction
  qemu-iotests: add test for pausing a streaming operation
  qmp: add block-job-pause and block-job-resume
  block: add support for job pause/resume
  qmp: add 'busy' member to BlockJobInfo
  block: add block_job_query
  block: move job APIs to separate files
  block: fix documentation of block_job_cancel_sync
  qerror/block: introduce QERR_BLOCK_JOB_NOT_ACTIVE
  qemu-iotests: add initial tests for live block commit
  QAPI: add command for live block commit, 'block-commit'
  block: helper function, to find the base image of a chain
  ...
2012-10-04 19:53:50 -05:00
Anthony Liguori
97f3461555 Merge remote-tracking branch 'qmp/queue/qmp' into staging
* qmp/queue/qmp:
  block: live snapshot documentation tweaks
  input: index_from_key(): drop unused code
  qmp: qmp_send_key(): accept key codes in hex
  input: qmp_send_key(): simplify
  hmp: dump-guest-memory: hardcode protocol argument to "file:"
  qmp: dump-guest-memory: don't spin if non-blocking fd would block
  qmp: dump-guest-memory: improve schema doc (again)
  qapi: convert add_client
  monitor: add Error * argument to monitor_get_fd
  pci-assign: use monitor_handle_fd_param
  qapi: add "unix" to the set of reserved words
  qapi: do not protect enum values from namespace pollution
  Add qemu-ga-client script
  Support settimeout in QEMUMonitorProtocol
  Make negotiation optional in QEMUMonitorProtocol
2012-10-04 19:52:09 -05:00
Anthony Liguori
6929cf11bb Merge remote-tracking branch 'mst/tags/for_anthony' into staging
* mst/tags/for_anthony:
  virtio-serial-bus: let chardev know the exact number of bytes requested
  virtio: Introduce virtqueue_get_avail_bytes()
  virtio: use unsigned int for counting bytes in vq
  iov: add const annotation
  virtio-net: fix used len for tx
  virtio: don't mark unaccessed memory as dirty
2012-10-04 19:50:33 -05:00
Anthony Liguori
938406dfb1 Merge remote-tracking branch 'kraxel/usb.66' into staging
* kraxel/usb.66:
  usb: Fix usb_packet_map() in the presence of IOMMUs
  usb-redir: Adjust pkg-config check for usbredirparser .pc file rename (v2)
  ehci: Fix interrupt packet MULT handling
  xhci: create a memory region for each port
  xhci: route string & usb hub support
  xhci: tweak limits
  compat: turn off msi/msix on xhci for old machine types
  add pc-1.3 machine type

Conflicts:
	hw/pc_piix.c

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-04 19:49:15 -05:00
Avi Kivity
4be403c815 Make target_phys_addr_t 64 bits unconditionally
The hassle and compile time overhead of maintaining both 32-bit and 64-bit
capable source isn't worth the tiny performance advantage which is seen on
a minority of configurations.  Switch to compiling libhw only once, with
target_phys_addr_t unconditionally typedefed to uint64_t.

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-04 19:46:18 -05:00
Alexander Graf
fb37c3029c PPC: e500: Only expose even TLB sizes in initial TLB
When booting our e500 machine, we automatically generate a big TLB entry
in TLB1 that covers all of the code we need to run in there until the guest
can handle its TLB on its own.

However, e500v2 can only handle MAS1.0 sizes. However, we keep our TLB
information in MAS2.0 layout, which means we have twice as many TLB sizes
to choose from. That also means we can run into a situation where we try
to add a TLB size that could not fit into the MAS1.0 size bits.

Fix it by making sure we always have the lower bit set to 0. That way we
are always guaranteed to have MAS1.0 compatible TLB size information.

Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-05 02:35:11 +02:00
David Gibson
2b15811c8c ppc/pseries: Reset VPA registration on CPU reset
The ppc specific CPU state contains several variables which track the
VPA, SLB shadow and dispatch trace log.  These are structures shared
between OS and hypervisor that are used on the pseries machine to track
various per-CPU quantities.

The address of these structures needs to be registered by the guest on each
boot, however currently this registration is not cleared when we reset the
cpu.  This patch corrects this bug.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-05 02:35:11 +02:00
David Gibson
efcb9383b9 pseries: Don't test for MSR_PR for hypercalls under KVM
PAPR hypercalls should only be invoked from the guest kernel, not guest
user programs, that is, with MSR[PR]=0.  Currently we check this in
spapr_hypercall, returning H_PRIVILEGE if MSR[PR]=1.

However, under KVM the state of MSR[PR] is already checked by the host
kernel before passing the hypercall to qemu, making this check redundant.
Worse, however, we don't generally synchronize KVM and qemu state on the
hypercall path, meaning that qemu could incorrectly reject a hypercall
because it has a stale MSR value.

This patch fixes the problem by moving the privilege test exclusively to
the TCG hypercall path.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
CC: qemu-stable@nongnu.org
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-05 02:35:11 +02:00
Scott Wood
7e7ec2d290 PPC: e500: calculate initrd_base like dt_base
While investigating dtb pad issues, I noticed that initrd_base wasn't taking
loadaddr into account the way dt_base was.  This seems wrong.

Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-05 02:35:11 +02:00
Scott Wood
9dd5eba1bc PPC: e500: increase DTC_LOAD_PAD
An allowance of 5 MiB for BSS is not enough for Linux kernels with certain
debug options enabled (not sure exactly which one caused it, but I'd guess
lockdep).  The kernel I ran into this with had a BSS of around 6.4 MB.

Unfortunately, uImage does not give us enough information to determine the
actual BSS size.  Increase the allowance to 18 MiB to give us plenty of
room.  Eventually this should be more intelligent, possibly packing
initrd+dtb at the end of guest RAM.

Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-05 02:35:11 +02:00
Alexander Graf
6641b77254 device tree: simplify dumpdtb code
As per Peter's suggestion, we can use glib to write out a buffer in whole to
a file, simplifying the code dramatically.

Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-05 02:35:11 +02:00
Alexander Graf
711934334e fdt: move dumpdtb interpretation code to device_tree.c
The dumpdtb code can be useful in more places than just for e500. Move it
to a generic place.

Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-05 02:35:11 +02:00
David Gibson
011aba24ed target-ppc: Remove unused power_mode field from cpu state
CPUPPCState includes a variable 'power_mode' which is used nowhere.  This
patch removes it.  This includes saving a dummy zero in its place during
vmsave, to avoid breaking the save format.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-04 15:54:18 +02:00
David Gibson
382be75df7 pseries: Set hash table size based on RAM size
Currently the pseries machine code always attempts to set the size of the
guests's hash page table to 16MB.  However, because of the way the POWER
MMU works, a suitable hash page table size should really depend on memory
size.  16MB will be excessive for guests with <1GB and RAM, and may not be
enough for guests with >2GB of RAM (depending on guest page size and
other factors).

The usual given rule of thumb is that the hash table should be 1/64 of
the size of memory, but in fact the Linux guests we are aiming at don't
really need that much.  This patch, therefore, changes the hash table
allocation code to aim for 1/128 of the size of RAM (rounding up).  When
using KVM, this size may still be adjusted by the host kernel if it is
unable to allocate a suitable (contiguous) table.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-04 15:54:18 +02:00
David Gibson
35f9304d92 pseries: Remove unnecessary locking from PAPR hash table hcalls
In the paravirtualized environment provided by PAPR, there is a standard
locking scheme so that hypercalls updating the hash page table from
different guest threads don't corrupt the haah table state.  We implement
this HVLOCK bit in out page table hypercalls.  However, it is not necessary
in our case, since the hypercalls all run in the qemu environment under the
big qemu lock.

Therefore, this patch removes the locking code.  This has the additional
advantage of freeing up a hash PTE bit which will be useful for migration
support.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-04 15:54:18 +02:00
Stefan Weil
5a1972c847 ppc405_uc: Fix buffer overflow
Report from smatch:

ppc405_uc.c:209 dcr_read_pob(12) error: buffer overflow 'pob->besr' 2 <= 2
ppc405_uc.c:232 dcr_write_pob(12) error: buffer overflow 'pob->besr' 2 <= 2

The old code reads and writes besr[POB0_BESR1 - POB0_BESR0] or besr[2]
which is one too much.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-04 15:54:18 +02:00