Commit Graph

13383 Commits

Author SHA1 Message Date
Paolo Bonzini
d07063e460 m25p80: add missing blk_attach_dev_nofail
Of the block devices that poked into -drive options via drive_get_next,
m25p80 was the only one who also did not attach itself to the BlockBackend.

Since sd does it, and all other devices go through a "drive" property,
with this change all block backends attached to the guest will have a
non-NULL result for blk_get_attached_dev().

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 1429025387-11077-1-git-send-email-pbonzini@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-04-28 15:36:09 +02:00
Paolo Bonzini
41074f3d3f omap_intc: convert ffs(3) to ctz32() in omap_inth_sir_update()
Rewrite the loop using level &= level - 1 to clear the least significant
bit after each iteration.  This simplifies the loop and makes it easy to
replace ffs(3) with ctz32().

Cc: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1427124571-28598-8-git-send-email-stefanha@redhat.com
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-04-28 15:36:08 +02:00
Stefan Hajnoczi
c9d9331851 sd: convert sd_normal_command() ffs(3) call to ctz32()
ffs() cannot be replaced with ctz32() when the argument might be zero,
because ffs(0) returns 0 while ctz32(0) returns 32.

The ffs(3) call in sd_normal_command() is a special case though.  It can
be converted to ctz32() + 1 because the argument is never zero:

  if (!(req.arg >> 8) || (req.arg >> (ctz32(req.arg & ~0xff) + 1))) {
      ~~~~~~~~~~~~~~~
            ^--------------- req.arg cannot be zero

Cc: Markus Armbruster <armbru@redhat.com>
Cc: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1427124571-28598-7-git-send-email-stefanha@redhat.com
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-04-28 15:36:08 +02:00
Stefan Hajnoczi
bd2a88840e Convert ffs() != 0 callers to ctz32()
There are a number of ffs(3) callers that do roughly:

  bit = ffs(val);
  if (bit) {
      do_something(bit - 1);
  }

This pattern can be converted to ctz32() like this:

  zeroes = ctz32(val);
  if (zeroes != 32) {
      do_something(zeroes);
  }

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1427124571-28598-6-git-send-email-stefanha@redhat.com
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-04-28 15:36:08 +02:00
Stefan Hajnoczi
786a4ea82e Convert (ffs(val) - 1) to ctz32(val)
This commit was generated mechanically by coccinelle from the following
semantic patch:

@@
expression val;
@@
- (ffs(val) - 1)
+ ctz32(val)

The call sites have been audited to ensure the ffs(0) - 1 == -1 case
never occurs (due to input validation, asserts, etc).  Therefore we
don't need to worry about the fact that ctz32(0) == 32.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1427124571-28598-5-git-send-email-stefanha@redhat.com
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-04-28 15:36:08 +02:00
Stefan Hajnoczi
5863d374a3 uninorth: convert ffs(3) to ctz32()
It is not clear from the code how a 0 parameter should be handled by the
hardware.  Keep the same behavior as ffs(0) - 1 == -1.

Cc: Alexander Graf <agraf@suse.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1427124571-28598-4-git-send-email-stefanha@redhat.com
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-04-28 15:36:08 +02:00
Stefan Hajnoczi
ad5f5fdca8 hw/arm/nseries: convert ffs(3) to ctz32()
It is not clear from the code how a 0 parameter should be handled by the
hardware.  Keep the same behavior as ffs(0) - 1 == -1.

Cc: Andrzej Zaborowski <balrog@zabor.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1427124571-28598-3-git-send-email-stefanha@redhat.com
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-04-28 15:36:08 +02:00
Stefan Hajnoczi
588ef9d411 bt-sdp: fix broken uuids power-of-2 calculation
The binary search in sdp_uuid_match() only works when the number of
elements to search is a power of two.

  lo = record->uuid;
  hi = record->uuids;
  while (hi >>= 1)
      if (lo[hi] <= val)
          lo += hi;

  return *lo == val;

I noticed that the record->uuids calculation in
sdp_service_record_build() was suspect:

  record->uuids = 1 << ffs(record->uuids - 1);

Unlike most ffs(val) - 1 users, the expression is ffs(val - 1)!

Actually ffs() is the wrong function to use for power-of-2.  Use
pow2ceil() to achieve the correct effect.  Now the record->uuid[] array
is sized correctly and the binary search in sdp_uuid_match() should
work.

I'm not sure how to run/test this code.

Cc: Andrzej Zaborowski <balrog@zabor.org>
Cc: qemu-stable@nongnu.org
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1427124571-28598-2-git-send-email-stefanha@redhat.com
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-04-28 15:36:08 +02:00
Peter Maydell
da378d014d target-arm queue:
* memory system updates to support transaction attributes
  * set user-mode and secure attributes for accesses made by ARM CPUs
  * rename c1_coproc to cpacr_el1
  * adjust id_aa64pfr0 when has_el3 CPU property disabled
  * allow ARMv8 SCR.SMD updates
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCAAGBQJVPlJWAAoJEDwlJe0UNgzeX6wP/3VRL+vFcgTugqLtG5MNpWl1
 FOjWikAKY6NNjddduK4e7gusy3a9NVnLJnqEfBL+9PYsWyMkDPJKgVzy+4gBl6Yy
 M5kGlemzLF1Fnx0ORXRLN4MHXDnrr7JIKtscKVMIZHG4YyqkWpd/iVWu+IlB+F2e
 S10QT+Djv3eAR/hu64CbdgQ+d2EzP5z84t+qIB/BMSklZ+wv/MFctotUb2LY+6xT
 9Sj1s1820BJGK1prFg9yb4NKsGcmwbn490bVb5Q6t5otqwns4O1LHlVLRpN5HAXB
 XReCuyaTBif1sD/iRlBTZGBdbM9p4UEPFwFDA8CEToZlRQemm7y+YZxkNgVLSVX3
 SeCUuYz81kklRmC4egKeMs1l4jKmNCKvHhoO/XpEVAwlIcf/Aap/Bm31G1hB5moI
 Ao0yEd9PXOinOxUSNUtmdM0CfVx7Rmja98Li4/7+GcgsyqOVO2M+dOp5dR5JUumf
 YbnYxegoxAGCSvXtmGqwPOnFcIpXJ/0a4mjVx40govnYC1KEc97KA+//pFQIy8s8
 cDKFYSVdpZ6VJ5M1V2fr4uUPa7phTZQDw8k7UoxzcjfL/ABQErkQG7ABcx+Q1txZ
 K7pA8LtCxInn+Ah03VPya2BRpb1eC+7ycr7ezb0Vlc7XtxgRqWGesvcWAr9z+Jtm
 eyr8k+QtnO9ic7Pgpt8M
 =hDRI
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20150427' into staging

target-arm queue:
 * memory system updates to support transaction attributes
 * set user-mode and secure attributes for accesses made by ARM CPUs
 * rename c1_coproc to cpacr_el1
 * adjust id_aa64pfr0 when has_el3 CPU property disabled
 * allow ARMv8 SCR.SMD updates

# gpg: Signature made Mon Apr 27 16:14:30 2015 BST using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"

* remotes/pmaydell/tags/pull-target-arm-20150427:
  Allow ARMv8 SCR.SMD updates
  target-arm: Adjust id_aa64pfr0 when has_el3 CPU property disabled
  target-arm: rename c1_coproc to cpacr_el1
  target-arm: Check watchpoints against CPU security state
  target-arm: Use attribute info to handle user-only watchpoints
  target-arm: Add user-mode transaction attribute
  target-arm: Use correct memory attributes for page table walks
  target-arm: Honour NS bits in page tables
  Switch non-CPU callers from ld/st*_phys to address_space_ld/st*
  exec.c: Capture the memory attributes for a watchpoint hit
  exec.c: Add new address_space_ld*/st* functions
  exec.c: Make address_space_rw take transaction attributes
  exec.c: Convert subpage memory ops to _with_attrs
  Add MemTxAttrs to the IOTLB
  Make CPU iotlb a structure rather than a plain hwaddr
  memory: Replace io_mem_read/write with memory_region_dispatch_read/write
  memory: Define API for MemoryRegionOps to take attrs and return status

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-04-28 10:31:03 +01:00
Sergey Fedorov
7ebd5f2e03 target-arm: rename c1_coproc to cpacr_el1
Rename the field holding CPACR_EL1 system register state in AArch64
naming style.

Signed-off-by: Sergey Fedorov <serge.fdrv@gmail.com>
[PMM: also fixed a couple of missed occurrences in cpu.c]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-04-26 16:49:25 +01:00
Peter Maydell
42874d3a8c Switch non-CPU callers from ld/st*_phys to address_space_ld/st*
Switch all the uses of ld/st*_phys to address_space_ld/st*,
except for those cases where the address space is the CPU's
(ie cs->as). This was done with the following script which
generates a Coccinelle patch.

A few over-80-columns lines in the result were rewrapped by
hand where Coccinelle failed to do the wrapping automatically,
as well as one location where it didn't put a line-continuation
'\' when wrapping lines on a change made to a match inside
a macro definition.

===begin===
#!/bin/sh -e
# Usage:
# ./ldst-phys.spatch.sh > ldst-phys.spatch
# spatch -sp_file ldst-phys.spatch -dir . | sed -e '/^+/s/\t/        /g' > out.patch
# patch -p1 < out.patch

for FN in ub uw_le uw_be l_le l_be q_le q_be uw l q; do
cat <<EOF
@ cpu_matches_ld_${FN} @
expression E1,E2;
identifier as;
@@

ld${FN}_phys(E1->as,E2)

@ other_matches_ld_${FN} depends on !cpu_matches_ld_${FN} @
expression E1,E2;
@@

-ld${FN}_phys(E1,E2)
+address_space_ld${FN}(E1,E2, MEMTXATTRS_UNSPECIFIED, NULL)

EOF

done

for FN in b w_le w_be l_le l_be q_le q_be w l q; do
cat <<EOF
@ cpu_matches_st_${FN} @
expression E1,E2,E3;
identifier as;
@@

st${FN}_phys(E1->as,E2,E3)

@ other_matches_st_${FN} depends on !cpu_matches_st_${FN} @
expression E1,E2,E3;
@@

-st${FN}_phys(E1,E2,E3)
+address_space_st${FN}(E1,E2,E3, MEMTXATTRS_UNSPECIFIED, NULL)

EOF

done
===endit===

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
2015-04-26 16:49:24 +01:00
Peter Maydell
5c9eb0286c exec.c: Make address_space_rw take transaction attributes
Make address_space_rw take transaction attributes, rather
than always using the 'unspecified' attributes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
2015-04-26 16:49:24 +01:00
Peter Maydell
3b64349539 memory: Replace io_mem_read/write with memory_region_dispatch_read/write
Rather than retaining io_mem_read/write as simple wrappers around
the memory_region_dispatch_read/write functions, make the latter
public and change all the callers to use them, since we need to
touch all the callsites anyway to add MemTxAttrs and MemTxResult
support. Delete io_mem_read and io_mem_write entirely.

(All the callers currently pass MEMTXATTRS_UNSPECIFIED
and convert the return value back to bool or ignore it.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
2015-04-26 16:49:23 +01:00
Luiz Capitulino
46abb81240 balloon: improve error msg when adding second device
A VM supports only one balloon device, but due to several changes
in infrastructure the error message got messed up when trying
to add a second device. Fix it.

Before this fix

Command-line:

qemu-qmp: -device virtio-balloon-pci,id=balloon0: Another balloon device already registered
qemu-qmp: -device virtio-balloon-pci,id=balloon0: Adding balloon handler failed
qemu-qmp: -device virtio-balloon-pci,id=balloon0: Device 'virtio-balloon-pci' could not be initialized

HMP:

Another balloon device already registered
Adding balloon handler failed
Device 'virtio-balloon-pci' could not be initialized

QMP:

{ "execute": "device_add", "arguments": { "driver": "virtio-balloon-pci", "id": "balloon0" } }
{
	"error": {
		"class": "GenericError",
		"desc": "Adding balloon handler failed"
	}
}

After this fix

Command-line:

qemu-qmp: -device virtio-balloon-pci,id=balloon0: Only one balloon device is supported
qemu-qmp: -device virtio-balloon-pci,id=balloon0: Device 'virtio-balloon-pci' could not be initialized

HMP:

(qemu) device_add virtio-balloon-pci,id=balloon0
Only one balloon device is supported
Device 'virtio-balloon-pci' could not be initialized
(qemu)

QMP:

{ "execute": "device_add",
          "arguments": { "driver": "virtio-balloon-pci", "id": "balloon0" } }
{
    "error": {
        "class": "GenericError",
        "desc": "Only one balloon device is supported"
    }
}

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2015-04-24 14:18:05 -04:00
Michael S. Tsirkin
e05ca82002 vhost: fix log base address
VHOST_SET_LOG_BASE got an incorrect address, causing
migration errors and potentially even memory corruption.

Reported-by: Wen Congyang <wency@cn.fujitsu.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Amos Kong <akong@redhat.com>
Message-id: 1429283565-32265-1-git-send-email-mst@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-04-20 09:27:01 +01:00
Paolo Bonzini
0ca4f94195 mips: fix broken fulong2e machine
After commit 5312bd8 the bonito_readl() and bonito_writel() have been
accessing incorrect addresses. Consequently QEMU is crashing when trying
to boot Linux kernel on fulong2e machine.

Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2015-04-17 12:11:48 +01:00
Thomas Huth
4d0ecde44a pci: Fix crash with illegal "-net nic, model=xxx" option
Current QEMU crashes when specifying an illegal model with the
"-net nic,model=xxx" option, e.g.:

 $ qemu-system-x86_64 -net nic,model=n/a
 qemu-system-x86_64: Unsupported NIC model: n/a

 Program received signal SIGSEGV, Segmentation fault.

The gdb backtrace looks like this:

0x0000555555965fe0 in error_get_pretty (err=0x0) at util/error.c:152
152	    return err->msg;
(gdb) bt
 0  0x0000555555965fe0 in error_get_pretty (err=0x0) at util/error.c:152
 1  0x0000555555965ffd in error_report_err (err=0x0) at util/error.c:157
 2  0x0000555555809c90 in pci_nic_init_nofail (nd=0x555555e49860 <nd_table>, rootbus=0x5555564409b0,
    default_model=0x55555598c37b "e1000", default_devaddr=0x0) at hw/pci/pci.c:1663
 3  0x0000555555691e42 in pc_nic_init (isa_bus=0x555556f71900, pci_bus=0x5555564409b0)
    at hw/i386/pc.c:1506
 4  0x000055555569396b in pc_init1 (machine=0x5555562abbf0, pci_enabled=1, kvmclock_enabled=1)
    at hw/i386/pc_piix.c:248
 5  0x0000555555693d27 in pc_init_pci (machine=0x5555562abbf0) at hw/i386/pc_piix.c:310
 6  0x000055555572ddf5 in main (argc=3, argv=0x7fffffffe018, envp=0x7fffffffe038) at vl.c:4226

The problem is that pci_nic_init_nofail() does not check whether the err
parameter from pci_nic_init has been set up and thus passes a NULL pointer
to error_report_err(). Fix it by correctly checking the err parameter.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-04-13 12:11:44 +01:00
Dirk Müller
c0c8584142 cris: memory: Replace memory_region_init_ram with memory_region_allocate_system_memory
Commit 0b183fc871:"memory: move mem_path handling to
memory_region_allocate_system_memory" split memory_region_init_ram and
memory_region_init_ram_from_file. Also it moved mem-path handling a step
up from memory_region_init_ram to memory_region_allocate_system_memory.

Therefore for any board that uses memory_region_init_ram directly,
-mem-path is not supported.

Fix this by replacing memory_region_init_ram with
memory_region_allocate_system_memory.

Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Cc: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Signed-off-by: Dirk Mueller <dmueller@suse.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
2015-04-11 20:03:57 +10:00
Dirk Müller
58c24a4775 alpha: memory: Replace memory_region_init_ram with memory_region_allocate_system_memory
Commit 0b183fc871:"memory: move mem_path handling to
memory_region_allocate_system_memory" split memory_region_init_ram and
memory_region_init_ram_from_file. Also it moved mem-path handling a step
up from memory_region_init_ram to memory_region_allocate_system_memory.

Therefore for any board that uses memory_region_init_ram directly,
-mem-path is not supported.

Fix this by replacing memory_region_init_ram with
memory_region_allocate_system_memory.

Cc: Richard Henderson <rth@twiddle.net>
Signed-off-by: Dirk Mueller <dmueller@suse.com>
Acked-by: Richard Henderson <rth@twiddle.net>
Message-id: CAL5wTH64_ykF17cw2T1Axq8P3vCWm=6WbUJ3qJrLF-u+-MmzUw@mail.gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-04-10 14:15:18 +01:00
Dirk Müller
b7ccb83f44 lm32: memory: Replace memory_region_init_ram with memory_region_allocate_system_memory
Commit 0b183fc871:"memory: move mem_path handling to
memory_region_allocate_system_memory" split memory_region_init_ram and
memory_region_init_ram_from_file. Also it moved mem-path handling a step
up from memory_region_init_ram to memory_region_allocate_system_memory.

Therefore for any board that uses memory_region_init_ram directly,
-mem-path is not supported.

Fix this by replacing memory_region_init_ram with
memory_region_allocate_system_memory.

Cc: Michael Walle <michael@walle.cc>
Signed-off-by: Dirk Mueller <dmueller@suse.com>
Acked-by: Michael Walle <michael@walle.cc>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-04-10 14:12:20 +01:00
Jan Beulich
81b23ef82c xen: limit guest control of PCI command register
Otherwise the guest can abuse that control to cause e.g. PCIe
Unsupported Request responses (by disabling memory and/or I/O decoding
and subsequently causing [CPU side] accesses to the respective address
ranges), which (depending on system configuration) may be fatal to the
host.

This is CVE-2015-2756 / XSA-126.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Message-id: alpine.DEB.2.02.1503311510300.7690@kaball.uk.xensource.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-04-09 23:37:21 +01:00
Peter Maydell
a6f2cb037a -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
 
 iQEcBAABAgAGBQJVJkx/AAoJEJykq7OBq3PIGtQIAJ871JaHxAxNjApMKE1TrAoI
 rYbioek/QNtyJbVEOH4F1huR0b4kQ4K/+79gaYBJnUqyXkO6/BnQS2ZuxaAIrzvM
 xjgKW9gkRRvKSCggE8n2wGkkl+0tJQm19jhOr9UX+qlLdeLXU5JcJ1uKeGlKDxi+
 JpxPPcXLSNCeBH8nyED12kpOu7h7YjsH4QJn4FO385ZwODbVREn5XeFW0+Ngj/cb
 FpsJVXNtb9A4wvx9lJQUL1/eOCt54hFJw+P4CHI1fQiDVOdX9gAHVagWiC8MCK9r
 KnGb7ho32/VY9UmHbqogPbJerJjzj0InWfenhjYtbYMEB1rLEcdigcjkbBpLS2Y=
 =bvIr
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging

# gpg: Signature made Thu Apr  9 10:55:11 2015 BST using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"

* remotes/stefanha/tags/block-pull-request:
  block/iscsi: handle zero events from iscsi_which_events
  aio: strengthen memory barriers for bottom half scheduling
  virtio-blk: correctly dirty guest memory
  qcow2: Fix header update with overridden backing file

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-04-09 12:05:00 +01:00
Dirk Müller
c8623c0215 arm: memory: Replace memory_region_init_ram with memory_region_allocate_system_memory
Commit 0b183fc871:"memory: move mem_path handling to
memory_region_allocate_system_memory" split memory_region_init_ram and
memory_region_init_ram_from_file. Also it moved mem-path handling a step
up from memory_region_init_ram to memory_region_allocate_system_memory.

Therefore for any board that uses memory_region_init_ram directly,
-mem-path is not supported.

Fix this by replacing memory_region_init_ram with
memory_region_allocate_system_memory.

Signed-off-by: Dirk Mueller <dmueller@suse.com>
Message-id: CAL5wTH4UHYKpJF=dLJfFzxpufjY189chnCow47-ySuLf8GLbug@mail.gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-04-08 17:30:36 +01:00
Paolo Bonzini
2a6cdd6d35 virtio-blk: correctly dirty guest memory
After qemu_iovec_destroy, the QEMUIOVector's size is zeroed and
the zero size ultimately is used to compute virtqueue_push's len
argument.  Therefore, reads from virtio-blk devices did not
migrate their results correctly.  (Writes were okay).

Save the size in virtio_blk_handle_request, and use it when the request
is completed.

Based on a patch by Wen Congyang.

Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Tested-by: Li Zhijian <lizhijian@cn.fujitsu.com>
Message-id: 1427997044-392-1-git-send-email-pbonzini@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-04-08 10:39:18 +01:00
Jan Kiszka
ecf2e5a46d pcspk: Fix I/O port name
Probably a copy&paste bug. Fixing it helps identifying the device model
behind port 0x61.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-04-04 09:45:59 +03:00
Peter Maydell
a8a7ef145d Another round of small fixes. I am not including the
virtio-blk fix, because Wen only posted a prototype and the changes
 I made were pretty large.  It definitely needs another pair of eyes
 (but it is a 2.3 regression and a blocker).
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQEcBAABCAAGBQJVHUtcAAoJEL/70l94x66Dr1IIAIq+2i+79CoOW1VgoqdN9hBM
 co7s8MzVwPzSPxMzicv94nAMBcPWfmoGzi8JJebxUmQDmZ7L33bOa64cbVgmQ5wU
 gfJ+yea8TRkyDH/psv8jcvesdEgwRUnpOTCrEv4GD+haTHWZB4t6HW4KpolxbclJ
 igs5MUxcH/cM//L+nyadr/ZuJvPy4sakquvnMqr5Zzr/xjwLwzbJIksoZthMdxW5
 oZAY1g0T2f5sSpt0kl8lYid1njbTBX9z8ZkoftQSjRJFZ253vl+CxXFuJevke1hE
 ayRhRKg5VfAyPY4txEK0+27E/Jo4X51y+6Et0N5yzrQsSZ1FeBtxzngm14gEQZA=
 =CfCj
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

Another round of small fixes.  I am not including the
virtio-blk fix, because Wen only posted a prototype and the changes
I made were pretty large.  It definitely needs another pair of eyes
(but it is a 2.3 regression and a blocker).

# gpg: Signature made Thu Apr  2 14:59:56 2015 BST using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream:
  Use $(MAKE) for recursive make
  kvm-all: Sync dirty-bitmap from kvm before kvm destroy the corresponding dirty_bitmap
  util/qemu-config: fix regression of qmp_query_command_line_options
  target-i386: clear bsp bit when designating bsp
  qga: fitering out -fstack-protector-strong
  target-i386: save 64-bit CR3 in 64-bit SMM state save area

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-04-02 15:53:16 +01:00
Nadav Amit
9cb11fd753 target-i386: clear bsp bit when designating bsp
Since the BSP bit is writable on real hardware, during reset all the CPUs which
were not chosen to be the BSP should have their BSP bit cleared. This fix is
required for KVM to work correctly when it changes the BSP bit.

An additional fix is required for QEMU tcg to allow software to change the BSP
bit.

Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Message-Id: <1427932716-11800-1-git-send-email-namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-04-02 15:57:27 +02:00
Peter Maydell
913fbe9a6a hw: Contain drive, serial, parallel, net misuse
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJVHUTQAAoJEDhwtADrkYZTPtsP/0Ua+QZAOuTVo5EJTBZWFlcW
 WpUu91af7Lgsx9RQ/PwOA3wR/X+Kkr6ZpzgSOKV0F4EKGaxlVIXvAAKd6IVoVSuK
 8RFY9YH2LsI/qLVsjUD501Gc4NRuqycNVZOSklG9fWbqYvyWpVWcaMVlqx6aPV8g
 NNhWMgLIFXtpzWpIMYrt+7U+G8ufBWPTAhhs9fAZp6EQwutvx04BcoUUv5mi1YsK
 rVmM+0YHwQpi1NjzSBoxHotYN/YfHpecMgWaRy5NbpYCGgntkABP8MsuWOMl2wqe
 lvdZrSLyob7LqX84jHP9mreku4rRehtwz81Yp5hUFNIsuFV19pZf4gG8FZbwzJjs
 t4vJb/5aUDxCxI6SlYTHgTFKPFXHLP9lM0fbGfsbmi7nVd2xq02S7U9UWIoejxrR
 bLrRnWajHkywjdVnOsnimZKj0H0JU+hCtZdbl89VMPj3mNGdvlRXHYfxBH8p9a4+
 Dm+OCo7KTWgZpCW7DBUJerD5utR36+ulH695Gita57yxQDpRP0qYSYENjwON4syE
 9KSxoI/FAY/RPjtHHjSv0fCxMNSp5fAOT1sM/a3pNrutJmxd/OUfUXS5f1H1CWVV
 qt8o8rVMqsrsgE2xxXnu7Q4gbVKpJSLgB+Bg7O3V0sS4kwtlgjIsfazs1MPlJBKR
 HbM4oDOWp+olONw2awDX
 =Iwrz
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/armbru/tags/pull-hw-2015-04-02' into staging

hw: Contain drive, serial, parallel, net misuse

# gpg: Signature made Thu Apr  2 14:32:00 2015 BST using RSA key ID EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>"

* remotes/armbru/tags/pull-hw-2015-04-02:
  sysbus: Make devices picking up backends unavailable with -device
  sdhci: Make device "sdhci-pci" unavailable with -device
  hw: Mark device misusing nd_table[] FIXME
  hw: Mark devices picking up char backends actively FIXME
  hw: Mark devices picking up block backends actively FIXME

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-04-02 14:36:57 +01:00
Markus Armbruster
9f9bdf43ca sysbus: Make devices picking up backends unavailable with -device
Device models aren't supposed to go on fishing expeditions for
backends.  They should expose suitable properties for the user to set.
For onboard devices, board code sets them.

A number of sysbus devices pick up block backends in their init() /
instance_init() methods with drive_get_next() instead: sl-nand,
milkymist-memcard, pl181, generic-sdhci.

Likewise, a number of sysbus devices pick up character backends in
their init() / realize() methods with qemu_char_get_next_serial():
cadence_uart, digic-uart, etraxfs,serial, lm32-juart, lm32-uart,
milkymist-uart, pl011, stm32f2xx-usart, xlnx.xps-uartlite.

All these mistakes are already marked FIXME.  See the commit that
added these FIXMEs for a more detailed explanation of what's wrong.

Fortunately, only machines ppce500 and pseries-* support -device with
sysbus devices, and none of the devices above is supported with these
machines.

Set cannot_instantiate_with_device_add_yet to preserve our luck.

Cc: Andrzej Zaborowski <balrogg@gmail.com>
Cc: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Cc: Antony Pavlov <antonynpavlov@gmail.com>
Cc: "Edgar E. Iglesias" <edgar.iglesias@gmail.com>
Cc: Michael Walle <michael@walle.cc>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-04-02 15:30:44 +02:00
Markus Armbruster
19109131ca sdhci: Make device "sdhci-pci" unavailable with -device
Device models aren't supposed to go on fishing expeditions for
backends.  They should expose suitable properties for the user to set.
For onboard devices, board code sets them.

"sdhci-pci" picks up its block backend in its realize() method with
drive_get_next() instead.  Already marked FIXME.  See the commit that
added the FIXME for a more detailed explanation of what's wrong.

We can't fix this in time for the release, but since the device is new
in 2.3, we can set cannot_instantiate_with_device_add_yet to disable
it before this mistake becomes ABI, and we have to support command
lines like

    $ qemu -drive if=sd -drive if=sd,file=sd.img -device sdhci-pci -device sdhci-pci

forever.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-04-02 15:30:39 +02:00
Markus Armbruster
19f33f1689 hw: Mark device misusing nd_table[] FIXME
NICs defined with -net nic are for board initialization to wire up.
Board code examines nd_table[] to find them, and creates devices with
their qdev NIC properties set accordingly.

Except "allwinner-a10" goes on a fishing expedition for NIC
configuration instead of exposing the usual NIC properties for board
code to set: it uses nd_table[0] in its instance_init() method.

Picking up the first -net nic option's configuration that way works
when the device is created by board code.  But it's inappropriate for
-device and device_add.  Not only is it inconsistent with how the
other block device models work (they get their configuration from
properties "mac", "vlan", "netdev"), it breaks when nd_table[0] has
been picked up by the board or a previous -device / device_add
already.

Example:

    $ qemu-system-arm -S -M cubieboard -device allwinner-a10
    qemu-system-arm: -device allwinner-a10: Property 'allwinner-emac.netdev' can't take value 'hub0port0', it's in use
    Aborted (core dumped)

It also breaks in other entertaining ways:

    $ qemu-system-arm -M highbank -device allwinner-a10
    qemu-system-arm: -device allwinner-a10: Unsupported NIC model: xgmac
    $ qemu-system-arm -M highbank -net nic,model=allwinner-emac -device allwinner-a10
    qemu-system-arm: Unsupported NIC model: allwinner-emac

Mark the mistake with a FIXME comment.

Cc: Li Guang <lig.fnst@cn.fujitsu.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-04-02 15:30:32 +02:00
Markus Armbruster
d71b22bb6a hw: Mark devices picking up char backends actively FIXME
Character devices defined with -serial and -parallel are for board
initialization to wire up.  Board code examines serial_hds[] and
parallel_hds[] to find them, and creates devices with their qdev
chardev properties set accordingly.

Except a few devices go on a fishing expedition for a suitable backend
instead of exposing a chardev property for board code to set: they use
serial_hds[] (often via qemu_char_get_next_serial()) or parallel_hds[]
in their realize() or init() method to connect to a backend.

Picking up backends that way works when the devices are created by
board code.  But it's inappropriate for -device or device_add.  Not
only is it inconsistent with how the other characrer device models
work (they connect to a backend explicitly identified by a "chardev"
property), it breaks when the backend has been picked up by the board
or a previous -device / device_add already.

Example:

    $ qemu-system-ppc64 -M bamboo -S -device i82378 -device pc87312 -device pc87312
    qemu-system-ppc64: -device pc87312: Property 'isa-parallel.chardev' can't take value 'parallel0', it's in use

Mark them with suitable FIXME comments.

Cc: Li Guang <lig.fnst@cn.fujitsu.com>
Cc: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Cc: Antony Pavlov <antonynpavlov@gmail.com>
Cc: "Edgar E. Iglesias" <edgar.iglesias@gmail.com>
Cc: Michael Walle <michael@walle.cc>
Cc: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Cc: "Andreas Färber" <andreas.faerber@web.de>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-04-02 15:30:28 +02:00
Markus Armbruster
af9e40aa8f hw: Mark devices picking up block backends actively FIXME
Drives defined with if!=none are for board initialization to wire up.
Board code calls drive_get() or similar to find them, and creates
devices with their qdev drive properties set accordingly.

Except a few devices go on a fishing expedition for a suitable backend
instead of exposing a drive property for board code to set: they call
driver_get() or drive_get_next() in their realize() or init() method
to implicitly connect to the "next" backend with a certain interface
type.

Picking up backends that way works when the devices are created by
board code.  But it's inappropriate for -device or device_add.  Not
only is this inconsistent with how the other block device models work
(they connect to a backend explicitly identified by a "drive"
property), it breaks when the "next" backend has been picked up by the
board already.

Example:

    $ qemu-system-arm -S -M connex -pflash flash.img -device ssi-sd
    Aborted (core dumped)

Mark them with suitable FIXME comments.

Cc: Andrzej Zaborowski <balrogg@gmail.com>
Cc: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Cc: "Andreas Färber" <andreas.faerber@web.de>
Cc: Michael Walle <michael@walle.cc>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-04-02 15:26:27 +02:00
Peter Maydell
11f10cf805 hw/arm/vexpress: Don't double-free flash filename
Commits 6e05a12f8f and db25a1581 both attempt to fix the
same "failed to free memory containing flash filename" bug,
with the effect that when they were both applied we ended
up freeing the memory twice. Delete the spurious extra free.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Message-id: 1427968334-14527-1-git-send-email-peter.maydell@linaro.org
2015-04-02 12:11:07 +01:00
Shannon Zhao
c408d27a42 hw/arm/virt: Fix corruption due to double free
As 4de9a88(hw/arm/virt: Fix memory leak reported by Coverity)
and 6e05a12(arm: fix memory leak) both handle the memory leak
reported by Coverity, this cause qemu corruption due to
double free.

Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Message-id: 1427944026-8968-1-git-send-email-zhaoshenglong@huawei.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-04-02 12:10:36 +01:00
Alex Bennée
74fdb781c1 hw/intc: arm_gic_kvm.c restore config first
As there is logic to deal with the difference between edge and level
triggered interrupts in the kernel we must ensure it knows the
configuration of the IRQs before we restore the pending state.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Acked-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-04-01 17:57:30 +01:00
Stefan Weil
4de9a883be hw/arm/virt: Fix memory leak reported by Coverity
As the conditional statement had to be split anyway, we can also
add a better error report message.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Message-id: 1426877982-3603-1-git-send-email-sw@weilnetz.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-04-01 17:57:29 +01:00
Stefan Weil
db25a15817 hw/arm/vexpress: Fix memory leak reported by Coverity
As the conditional statement had to be split anyway, we can also
add a better error report message.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Message-id: 1426877963-3556-1-git-send-email-sw@weilnetz.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-04-01 17:57:29 +01:00
Stefan Weil
60ff4e63e2 hw/arm/highbank: Fix resource leak and wrong image loading
Coverity reports a resource leak for sysboot_filename which is allocated
by qemu_find_file.

In addition, that name is used to get the size of the image, but a
different image name was used to load it.

In addition, instead of passing the maximum allowed image size the actual
image size was passed to load_image_targphys.

Fix all three issues.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Message-id: 1426326781-2488-1-git-send-email-sw@weilnetz.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-04-01 17:57:29 +01:00
Igor Mammedov
e65bef6954 pc: acpi: fix pvpanic regression
Commit cd61cb2  pc: acpi-build: generate pvpanic device description dynamically

introduced regression changing pvpanic device HID from
QEMU0001 to QEMU0002.
Fix AML generated code so that pvpanic device
would keep its original HID. i.e. QEMU0001

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reported-by: Gal Hammer <ghammer@redhat.com>
Message-Id: <1427717907-25027-1-git-send-email-imammedo@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-04-01 10:06:38 +02:00
Cornelia Huck
fa92e218df s390x/ipl: avoid sign extension
Make s390_update_iplstate() return uint32_t to avoid sign extensions
for cssids > 127. While this doesn't matter in practice yet (as
nobody supports MCSS-E and thus won't see the real cssid), play safe.

Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Jason J. Herne <jjherne@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2015-03-30 09:25:17 +02:00
Paolo Bonzini
f65025caab s390x: do not include ram_addr.h
ram_addr.h is an internal interface and it is not needed anyway by
hw/s390x/ipl.c.

Cc: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Thomas Huth <huth@tuxfamily.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <1427295389-5054-1-git-send-email-pbonzini@redhat.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2015-03-30 09:25:17 +02:00
Cornelia Huck
d03a363054 virtio-ccw: range check in READ_VQ_CONF
Processing for READ_VQ_CONF needs to check whether the requested queue
value is actually in the supported range and post a channel program
check if not.

Cc: qemu-stable@nongnu.org
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2015-03-30 09:25:17 +02:00
Cornelia Huck
590fe5722b virtio-ccw: fix range check for SET_VQ
VIRTIO_PCI_QUEUE_MAX is already too big; a malicious guest would be
able to trigger a write beyond the VirtQueue structure.

Cc: qemu-stable@nongnu.org
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2015-03-30 09:25:17 +02:00
John Snow
fc3d8e1138 AHCI: Protect cmd register
Many bits in the CMD register are supposed to be strictly read-only.
We should not be deleting them on every write.

As a side-effect: pay explicit attention to when a guest marks off
the FIS Receive or Start bits, and disable the status bits ourselves,
instead of letting them implicitly fall off.

Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1426283454-15590-3-git-send-email-jsnow@redhat.com
2015-03-27 15:48:11 -04:00
John Snow
a13ab5a35b AHCI: Do not (re)map FB/CLB buffers while not running
The FIS Receive Buffer and Command List Buffer pointers
should not be edited while the FIS receive engine or
Command Receive engines are running.

Currently, we attempt to re-map the buffers every time they
are adjusted, but while the AHCI engines are off, these registers
may contain stale values, so we should not attempt to re-map these
values until the engines are reactivated.

Reported-by: Jordan Hargrave <jharg93@gmail.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1426283454-15590-2-git-send-email-jsnow@redhat.com
2015-03-27 15:48:11 -04:00
Peter Maydell
b27e767e8c -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
 
 iQEcBAABAgAGBQJVFUYtAAoJEJykq7OBq3PIVMoH/3wEtwjopwb6Di8OrErQCAoL
 fH2mnKNwW2zIiRDFcALmdOaioi0qXdURkdbLXJSWZ1FwtUg8IKPvGnbJ/vES+k78
 dtRtj0RyVVok8yRNd9Z2xuN3zSwjD8r5E1ccZIPdGeHePe9I11F0gOL/kc8yNzYQ
 /GGkFbriSg1k8Ej/0bZrGguWRF5uiWywIRs6XuwqfrDkXi95fK2d4JYRAMwkC1An
 YXTHkcCfOwKTfIaTvWlwLkfFUXp9B5t13oNVY2NNhyv70+KZzp/AZinfQFum5PKf
 Y6LGihXvi7ws02Ko0/opzjHc8us1HaPSFLnC1RAIksZDeK/D6ps5O9a85S+kkDw=
 =rUqQ
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/stefanha/tags/net-pull-request' into staging

# gpg: Signature made Fri Mar 27 11:59:41 2015 GMT using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"

* remotes/stefanha/tags/net-pull-request:
  hw/net/e1000: fix integer endianness

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-03-27 12:12:27 +00:00
Shannon Zhao
4e60a250d3 hw/net/e1000: fix integer endianness
It's detected by coverity.In is_vlan_packet s->mac_reg[VET] is
unsigned int but is dereferenced as a narrower unsigned short.
This may lead to unexpected results depending on machine
endianness.

Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Message-id: 1426224119-8352-1-git-send-email-zhaoshenglong@huawei.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-03-27 10:23:50 +00:00
Stefan Weil
2115f2a1d8 nvme: Fix unintentional integer overflow (OVERFLOW_BEFORE_WIDEN)
The shift operation on nlb gives a 32 bit result if no type cast is
applied. This bug was reported by Coverity.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Message-id: 1426348844-8793-1-git-send-email-sw@weilnetz.de
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-03-27 10:01:12 +00:00
Peter Maydell
f75d4f8295 Bugfixes and making SCSI adapters IOMMU-friendly.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQEcBAABCAAGBQJVFAh1AAoJEL/70l94x66D8wEH/jOWcJ04YbRN9yIDXbtrWRtS
 XMz9GQcKrpo+QJYB466r8dP+2mRuKajkuSm6++MPXcJs1I0O1AzbSKCDTi5kG01/
 XZYOYNLc6lEjMJBZ6AbydjnsSCZjFglrFttQqIicX5l3oBZI6jtvC5FyUTUZbmp2
 FXwapzadeqf8n3C66RHSO1jTGuh7ROwW1inENsxhz34ZnQ5WhWrEiFYeTwo5mMqc
 sMQk3Fw4d9uRpJSVbfnQ44LrQ3GJX90U4rqBjhfIIvhkzQlziARBSR+3DdUZKVpI
 uniOtvNkWmy8ST1OBf3c1ALCHTb/uUS/9bz+FQz6dbjp5COXP2NCpvCShLswBU0=
 =TVSA
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

Bugfixes and making SCSI adapters IOMMU-friendly.

# gpg: Signature made Thu Mar 26 13:24:05 2015 GMT using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream:
  virtio-scsi-dataplane: fix memory leak for VirtIOSCSIVring
  misc: fix typos in copyright declaration
  exec: avoid possible overwriting of mmaped area in qemu_ram_remap
  sparc: memory: Replace memory_region_init_ram with memory_region_allocate_system_memory
  mips: memory: Replace memory_region_init_ram with memory_region_allocate_system_memory
  m68k: memory: Replace memory_region_init_ram with memory_region_allocate_system_memory
  nbd: Fix up comment after commit e140177
  vmw_pvscsi: use PCI DMA APIs
  megasas: use PCI DMA APIs
  cpus: Don't kick un-realized cpus.
  i6300esb: Fix signed integer overflow
  i6300esb: Correct endiannness
  fw_cfg: factor out initialization of FW_CFG_ID (rev. number)
  rcu tests: fix compilation on 32-bit ppc

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-03-26 17:33:35 +00:00