Commit Graph

66551 Commits

Author SHA1 Message Date
Richard Henderson
93f332a503 tcg/aarch64: Implement vector minmax arithmetic
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2019-01-28 07:03:34 -08:00
Richard Henderson
d32648d445 tcg/aarch64: Implement vector saturating arithmetic
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2019-01-28 07:03:34 -08:00
Richard Henderson
bc37faf4cb tcg/i386: Implement vector minmax arithmetic
The avx instruction set does not directly provide MO_64.
We can still implement 64-bit with comparison and vpblendvb.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2019-01-28 07:03:34 -08:00
Richard Henderson
8ffafbcec2 tcg/i386: Implement vector saturating arithmetic
Only MO_8 and MO_16 are implemented, since that's all the
instruction set provides.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2019-01-28 07:03:34 -08:00
Richard Henderson
44f1441dbe tcg/i386: Split subroutines out of tcg_expand_vec_op
This routine was becoming too large.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2019-01-28 07:03:34 -08:00
Richard Henderson
dd0a0fcdd8 tcg: Add opcodes for vector minmax arithmetic
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2019-01-28 07:03:34 -08:00
Richard Henderson
8afaf05066 tcg: Add opcodes for vector saturated arithmetic
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2019-01-28 07:03:34 -08:00
Richard Henderson
5d6acdd4a4 tcg: Add write_aofs to GVecGen4
This allows writing 2 output, 3 input operations.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2019-01-28 07:03:34 -08:00
Richard Henderson
f550805d83 tcg: Add gvec expanders for nand, nor, eqv
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2019-01-28 07:03:34 -08:00
Richard Henderson
9a9eda78e4 tcg: Add logical simplifications during gvec expand
We handle many of these during integer expansion, and the
rest of them during integer optimization.

Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2019-01-28 07:03:34 -08:00
Peter Maydell
5f39a91dbd Pull request
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJcS4hQAAoJEH3vgQaq/DkOMEYQAK1q58YzaGGKyOVHaW9FKMJh
 cRKJuwcfamuL5svhbpBoaLXlx07z8x9JLu31Eqq933PFI4kAyN3Tq1QkdvvmfM6s
 EtL1afhbD5JcrSxOvYvjpbMQZjkbKSXzeu2sun6ZE7ems26C4yMe/upGWXoot92V
 QYONOpsZpT2n9vIJhJKIOIHXKKcV1btwZjE1L4BqbOHxMI5H1RJ+Z8b1SX3KNd79
 59y/svRCIf5kPnI1rAKLP+IeL+z6rwvqI37N50xEWNIf7boejE6O9mxhVEyI0taq
 5/vMdxxE6QfzbgC5WaLHVrnl+cpblfm/Vfpvw+gbe4xcAw6KgQ/pVpGs4tTuMWx1
 YehpUbiX9Sl8ZHHBZ20WL5LXq111Y1w7riXIxvwnehwWFOFkQ48vu6Na0vQ1hNzr
 eY+IzrI3y2Vyh5AYCV+D23pfYEvyP+soksVlZfEPSGg2DIlCu7DRsdhHqiEao/I/
 YuqFIn3PUbHy+2nX02lZ5ABVsga5/XIu+OuQE9/spfoE1+6RgjZGWpMPgTMQiiNz
 ZO6MQLsi57CI6wyJvGC47Xa5TCqhxg1V77G1xPbCez2TWdvxWg+FBJGM6TTtKXBa
 6JUr4JmcjAhDL4/qVtullsRpu+EACDMo2IsyQ40hPlmp9fNp5nKm6vOY6fZDBARQ
 md1WQS7Ff8urHehs3+e9
 =j/DC
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/jnsnow/tags/ide-pull-request' into staging

Pull request

# gpg: Signature made Fri 25 Jan 2019 22:06:08 GMT
# gpg:                using RSA key 7DEF8106AAFC390E
# gpg: Good signature from "John Snow (John Huston) <jsnow@redhat.com>" [full]
# Primary key fingerprint: FAEB 9711 A12C F475 812F  18F2 88A9 064D 1835 61EB
#      Subkey fingerprint: F9B7 ABDB BCAC DF95 BE76  CBD0 7DEF 8106 AAFC 390E

* remotes/jnsnow/tags/ide-pull-request:
  ide/via: Implement and use native PCI IDE mode
  ide/via: Rename functions to match device name
  ide/via: Remove vt82c686b_init_ports() function
  sii3112: Remove duplicated code and use PCI IDE ops instead
  ide: Get rid of CMD646BAR struct
  cmd646: Move PCI IDE specific functions to ide/pci.c
  cmd646: Remove IDEBus from CMD646BAR
  cmd646: Remove unused variable

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-28 12:54:06 +00:00
BALATON Zoltan
4ea98d317e ide/via: Implement and use native PCI IDE mode
This device only implemented ISA compatibility mode and native PCI IDE
mode was missing but no clients actually need ISA mode but to the
contrary, they usually want to switch to and use device in native
PCI IDE mode. Therefore implement native PCI mode and switch default
to that.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-id: c323f08c59b9931310c5d92503d370f77ce3a557.1548160772.git.balaton@eik.bme.hu
Signed-off-by: John Snow <jsnow@redhat.com>
2019-01-25 14:52:12 -05:00
BALATON Zoltan
7dd687ba1b ide/via: Rename functions to match device name
The device is called via-ide and the modelled IDE controller is not
specific to 82C686B but is also usable independently. Therefore, change
function name prefixes accordingly to match device name.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-id: 2905ced862c8d2ad509d73152171ce2472d72605.1548160772.git.balaton@eik.bme.hu
Signed-off-by: John Snow <jsnow@redhat.com>
2019-01-25 14:52:12 -05:00
BALATON Zoltan
0252e66c5a ide/via: Remove vt82c686b_init_ports() function
This function is only called once from vt82c686b_ide_realize() and its
content is simple enough to not need a separate function but be
included in realize directly (as done in other IDE models except PIIX
currently).

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-id: 47d854e0fa41dad6861107eac61327c247965566.1548160772.git.balaton@eik.bme.hu
Signed-off-by: John Snow <jsnow@redhat.com>
2019-01-25 14:52:11 -05:00
BALATON Zoltan
4eefdf7c1b sii3112: Remove duplicated code and use PCI IDE ops instead
Parts of the SiI3112 mmio are identical to PCI IDE registers so we can
use the corresponding functions that were factored out into ide/pci.c.
This removes code duplication and simplifies the SiI3112 model which
also helped to spot a copy paste error where reading status of the
2nd channel read the 1st channel instead. This is also fixed here.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: 793b6a7934ef2bba26b8d066bec446019efa6c5d.1547166960.git.balaton@eik.bme.hu
Signed-off-by: John Snow <jsnow@redhat.com>
2019-01-25 14:52:11 -05:00
BALATON Zoltan
8ac98d1a97 ide: Get rid of CMD646BAR struct
Now that no CMD646 specific parts are left in CMD646BAR (all remaining
members are really PCI IDE specific) this struct can be deleted moving
the memory regions for PCI IDE BARs to PCIIDEState where they better
belong. The CMD646 PCI IDE model is adjusted accordingly.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: 4b6cb2ae150dc0d21178209e4beb1e35140a7325.1547166960.git.balaton@eik.bme.hu
Signed-off-by: John Snow <jsnow@redhat.com>
2019-01-25 14:52:11 -05:00
BALATON Zoltan
c9ebc75dc2 cmd646: Move PCI IDE specific functions to ide/pci.c
The io mem ops callbacks are not specific to CMD646 but really follow
the PCI IDE spec so move these from cmd646.c to pci.c to allow other
PCI IDE implementations to use them.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: a2b1b2b74afdc78330b8b75605687f683a249635.1547166960.git.balaton@eik.bme.hu
Signed-off-by: John Snow <jsnow@redhat.com>
2019-01-25 14:52:11 -05:00
BALATON Zoltan
e210ec87b9 cmd646: Remove IDEBus from CMD646BAR
The cmd646 io mem ops callbacks only need the IDEBus which is
currently passed via a CMD646BAR struct. No need to wrap it up like
that, we can pass it directly to these callbacks which then allows to
drop the IDEBus from the CMD646BAR.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: 7a31c155c9899869794499d841d30c7ef32aae47.1547166960.git.balaton@eik.bme.hu
Signed-off-by: John Snow <jsnow@redhat.com>
2019-01-25 14:52:11 -05:00
BALATON Zoltan
2ab2ef0785 cmd646: Remove unused variable
There was a pointer to PCIIDEState in CMD646BAR which was set but
not used afterwards. Get rid of this unused variable.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: 1e352f091aa601fb2e19771aac46529fe278dd91.1547166960.git.balaton@eik.bme.hu
Signed-off-by: John Snow <jsnow@redhat.com>
2019-01-25 14:52:11 -05:00
Peter Maydell
ad7a21e812 Python 3 compatibility fixes
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABCAAGBQJcSxeIAAoJECgHk2+YTcWmwGgQAK0R2abxoAvDlT2hM8vM28jc
 5SyGvthMprX11Xw2AP9t7tU+U/YaICW2EQNmk4jmzGvfxKRUZzjFIFao0W3heC8k
 OQwm9Y8CoAdWtiM4oIBUGX0+H7doef9OZlDpHuqcQF29WDvFTgbOUs84U2col+NW
 Il4RVy8FnZ9pEnOWupeMFuLXZuS3rVZ0+EhToyq/OfgQB9MihPvxSGPmVsbjBu+I
 zNIrTl7zRQJnOoz5RaL7MzV/Dz3Pju/W5wyysNEC2piNdTIEZckRnPL1ypjYeaNK
 pQ7xfu+YTPjAZhb3Jrx8ZYIJx1Ho62ArsIWQVRF+8Vna0wEfQpnwGdV3XPAtpZ61
 p0QL1nP0BEK93Q1UsK9xDjL7SbSY7p24ZSNUyoRlCuSocHMmENeOdc+gcJ5/xfUX
 Ukf5xboA2xFOP+R/sFG0h+cdAfViIfbViIx+Do/tzeyc35KLVwxAFMhwDVtvTON0
 Kw1sWJHnfuSxrlDhZ3w88UB1t3R9KxUtZsi3xavosRaX87v3G2MXDAv1tjuktWEI
 XH13JYhTU1R7WUEqsenSiR/u0truoIRYUbWGbABxmDU0BTWI9k4ZIwAzsozYi8cZ
 r+GOOd6NzSq4LZ2J90465doMRQvmhTOeaDyZ8T4MLthYjbfxRSopcJpRwwGfuPvW
 q2NzQ30RR5zoRCN/zqGx
 =xAEc
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/ehabkost/tags/python-next-pull-request' into staging

Python 3 compatibility fixes

# gpg: Signature made Fri 25 Jan 2019 14:04:56 GMT
# gpg:                using RSA key 2807936F984DC5A6
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>" [full]
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF  D1AA 2807 936F 984D C5A6

* remotes/ehabkost/tags/python-next-pull-request:
  decodetree: re.fullmatch was added in 3.4
  device-crash-test: Python 3 compatibility fix

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-25 17:22:20 +00:00
Peter Maydell
2dc2f10de3 MIPS queue for January 25, 2019
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJcSw5lAAoJENSXKoln91pl8aEH/2KkK5ojXMBY94wH+sCZ17pM
 gEuysp20pUudeIk7eUk9aCnq7NHXGJ3GElB6baBq9zwC6qMlVC2Fmj4azluZbjra
 ZHKXAeXmibDpRo0UJeovH27+rP8j/NKK+nvZX/+gt0azfC+0SgFwhM6DFFPklJWj
 FXGxe2vOUO8Qjke0GwGfqUcjhXJPYg9DEC8RxvliBANME1o0HwkPaNPWWHdjacm2
 3K5FeR4jbPYIsfLdazH+G1KfYnQc8GgleSYBIeBKSyyy0z0Z9FXUTZGTjXZSgup4
 TqUJbUG0whUtVPzRzd8/DLeWK+2JXfLk35MrwVwv/TDdKuije7Pk7ABrb9B2Lnk=
 =O/OP
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/amarkovic/tags/mips-queue-january-25-2019' into staging

MIPS queue for January 25, 2019

# gpg: Signature made Fri 25 Jan 2019 13:25:57 GMT
# gpg:                using RSA key D4972A8967F75A65
# gpg: Good signature from "Aleksandar Markovic <amarkovic@wavecomp.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 8526 FBF1 5DA3 811F 4A01  DD75 D497 2A89 67F7 5A65

* remotes/amarkovic/tags/mips-queue-january-25-2019:
  docs/qemu-cpu-models: Add MIPS/nanoMIPS QEMU supported CPU models
  qemu-doc: Add nanoMIPS ISA information
  tests: tcg: mips: Remove old directories
  tests: tcg: mips: Add two new Makefiles
  tests: tcg: mips: Move source files to new locations
  MAINTAINERS: Update MIPS sections
  target/mips: Add I6500 core configuration
  target/mips: nanoMIPS: Fix branch handling
  disas: nanoMIPS: Amend DSP instructions related comments
  target/mips: Extend gen_scwp() functionality to support EVA
  target/mips: Correct the second argument type of cpu_supports_isa()
  target/mips: nanoMIPS: Rename macros for extracting 3-bit-coded GPR numbers
  target/mips: nanoMIPS: Remove an unused macro
  target/mips: nanoMIPS: Remove duplicate macro definitions

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-25 16:31:02 +00:00
Paolo Bonzini
651514df88 decodetree: re.fullmatch was added in 3.4
Python 3 versions earlier than 3.4 do not have it, use the
same workaround that is in place for 3.0.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <1548410602-16008-1-git-send-email-pbonzini@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2019-01-25 11:41:42 -02:00
Nisarg Shah
55e0a34635 device-crash-test: Python 3 compatibility fix
Restrict whitelist entry stats in debug mode to be sorted only by
"count", since Python 3 does not implicitly support comparing
dictionaries.

Signed-off-by: Nisarg Shah <nshah@disroot.org>
Message-Id: <20190116183358.30287-1-nshah@disroot.org>
[ehabkost: removed 2 unnecessary hunks from patch]
[ehabkost: edited commit message]
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2019-01-25 11:41:33 -02:00
Peter Maydell
9dd0d8111f QAPI patches for 2019-01-24
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJcScrPAAoJEDhwtADrkYZTONEP/jbAXZGv1N4HM/0oTtVrLWCo
 tNshxN6GOmSLov6DXeJoaPQTVmDSBdFQ5tprCdOjeJ3YxCVZtWea5l+IB5UMG/IL
 /wfiOH7ajJV7OxwoA3Ts6T4gX6ypgRm0lss0xQff7/RIbmltounYwvHDHH410K+o
 UVed5sSzTDmmSvpin5GaJBdVhRPIW7iyiuTIVypF2u4On5VqCttx8P5b2AKd5yON
 JbftwsFCjsXq/rzPA7itGqYe/yPhaoMI1mcLQxSKqfnwilpXZriTwm/YE9a1rwYU
 pwNwX/Db9GwOxQ78PZWeP/m+jpe6KHltyZ+H0KZQN5HsIfdqKHpuQ7xibT36hxPk
 ikDKIptbp66nAGKk8PL3i5ANEumLP3OgNTc8aoakqIb5pAu2wnf8lFS340KNmzj3
 xxzv6SEPqYt/ycDCW6HRCkunXaYIU9dsWi8HDNVij+y14IENi0LwzhsrbDlfljTG
 thXXAylwfY5HkFKUWVpVb7sAPRCYyMUNBYbUiwJkwLzF8gkaT0vXsNTTJ+mzYUFk
 SqHHAmUml9Vkz3KCTiDJGrsUMdLxJKHrLjTabk6ACFJ5iur+Cqv8h/nmJjK6JmpU
 9OrTc0CYQnTTPpDVSwDc3VqYKzKRHK/DUkLTTvA05avVuFiUDCJMMfrLJCrtel88
 f3648CQG/utzIr8NruLV
 =Oima
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2019-01-24' into staging

QAPI patches for 2019-01-24

# gpg: Signature made Thu 24 Jan 2019 14:25:19 GMT
# gpg:                using RSA key 3870B400EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>"
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867  4E5F 3870 B400 EB91 8653

* remotes/armbru/tags/pull-qapi-2019-01-24:
  json: Fix % handling when not interpolating
  qmp: Add examples to qom list, get, and set commands
  qapi: Eliminate indirection through qmp_event_get_func_emit()
  qapi: Belatedly update docs for commit 9c2f56e9f9

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-25 11:52:12 +00:00
Peter Maydell
87f6a866f1 audio: pc speaker init fix, rework driver probing
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJcSbt4AAoJEEy22O7T6HE4sQcQAI9luAsbiv9IVEjZwCMd/j0U
 4ekmDZVZ7WJhVSYtHNwMtccxADzlTpCEJi9+sPuYg20guzT5gGBwxCYTpQFgx3ta
 g5g3gF+OXJdCG8E9Nu3N/wloYKLreB1nESk2IWC3hpzsfFW0BCMYQ44EoJ+CPJoV
 sTyNj7/krCZZU1E7BGv4A74u2l2vUQFXZMADLnrhtvu8ZtXahhI3B+wbD5swYjGK
 flibJTyak/msqv0xDgwRJmudO2l1reGYyf6y/d/IQRFhoV/RmxRu7P0WAwOkDkYY
 cG89NdjIyq0pltLGpyWedlUqZvvJty3hQYvP6rQXcZLAj6UXz9EVwSYlW+Cd1ybg
 Qqw3gJY+6EraFksddbe10fvj1IZWZ/5hHWRfQZHSZjKN3Ex9sR9EjKfMVUBk7/6A
 ewkxMRO6J2qwtBQvB8Al9ISa/vkLQlZ02Hjg4VWX3SH3hrclDQtOmYio7wSa0UZ2
 qatTUrmxOmAiODxyHE3DEoZbsHI7hxpboONHR8uyvvk/mwnmhaEgxZxRxhnyQcEP
 PBDALkvYzwLCtMUZwbKynebruZ8+mFVqhccyt3wkWu6FyPv8r6ZCPjXoprvy5jAy
 rkiYL0nCjDU0tW+2RsNLmwiv+b8gPyZJwctsdTJRwcN0MqtFYUGbWoqy8E9ALVjk
 M6AlVTjnORmX3c4SGGF5
 =EUbq
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/audio-20190124-pull-request' into staging

audio: pc speaker init fix, rework driver probing

# gpg: Signature made Thu 24 Jan 2019 13:19:52 GMT
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/audio-20190124-pull-request:
  audio: probe audio drivers by default
  audio: error message tweak
  audio: check for pulseaudio daemon pidfile
  audio: use try-sdl for openbsd
  audio: allow optional audio drivers.
  audio: use pkg-config
  audio: fix pc speaker init

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-25 10:38:03 +00:00
Vladimir Sementsov-Ogievskiy
ff12e3ae3d trace: improve runstate tracing
Trace previous state, move tracepoint to runstate_set start (to cover
all cases for debugging), add string representations of traced states.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-id: 20190124125154.474650-1-vsementsov@virtuozzo.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2019-01-25 10:21:27 +00:00
Peter Maydell
7d8df3272d - Some typo and UTF-8 fixes
- a ppc e6500 fix to remove duplicate SPR registering
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJcSbQFAAoJEPMMOL0/L748kpUQAKwWBwvvJFevOO8yoUR5jXzc
 qZBxjuv+U1Rj+WBtb40M7H54zJYICgx+BqV3f9fKOI75FtRj1c5hRKe4lnjyinvy
 MAYjxpdKTdbo8g5sb4NXPkW6mGaEJ9lVUBHmPXXixgfddpapfRo8GEXDQAwnQQFx
 VpcglzGgYYhw1SWrH0McFqvrcZ0GTkIJ49dU+VHM4xFK0lnoGIasLTHlZGCFy7OE
 48Rq8mApRJlQCLifVhH2uWe0IGE4n9QWrpycThsmT+EGPFVRY9FdH1XjetJ2pQT0
 x6yyE8le1JiOWoKwC6y6pwG4WVwn92XE7UT8YIKyV5UapD2RuyghlgPLCZbJYs4r
 X7Q5kXoRrs5lQzDy5K3rTHiJAZMBw9ggQFd3+qSj91aCNAlVZFYESXw6mlV4OdZX
 NpaQgDW0LLOY7bR4InCyevOTrQM2GkalrLwa9Wn6MOpx6QuhzwaX7b70OxdVghUn
 EQ/rXlthzzCnZrnYwHAZ6j5RMMv6vDrnYJxRbUNFJy4HeY/QH0hauHl4UWy+93y3
 Mo4Fqq7Z6j1uViy03zj/HvikhvIVZOO4ExqhAAyREXDr+id8DJVuwrw0zF8cwmZa
 4QTESNefZu7JTQO8v+/rGSt3IbP64/mheCp+un4l/46XIUo3BH9b1ig/ebyNjPLl
 ngzh6SkTArrX4qMJqEZa
 =2lfm
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/vivier2/tags/trivial-patches-pull-request' into staging

- Some typo and UTF-8 fixes
- a ppc e6500 fix to remove duplicate SPR registering

# gpg: Signature made Thu 24 Jan 2019 12:48:05 GMT
# gpg:                using RSA key F30C38BD3F2FBE3C
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>"
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>"
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>"
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F  5173 F30C 38BD 3F2F BE3C

* remotes/vivier2/tags/trivial-patches-pull-request:
  hw/i386/pc.c: fix one typo in function name
  virtio-net: Fix a typo
  ppc: e6500 registers SPR 604 twice
  contrib/gitdm: Fix a typo
  MAINTAINERS: Fix utf-8 mangling

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-25 09:54:47 +00:00
Peter Maydell
feff020891 Merge qio 2010/01/24
Fixes accidental deletion of VNC server UNIX listener socket
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABCAAGBQJcSa6LAAoJEL6G67QVEE/fkpkP/A79ZN4Mb3i5WTHYBYbzsicJ
 nqngWLh9m8qkuSgVFVzaFKtV/U4idHdFwt7f2fsboUnhVmOugE4ArDdzSqYVWNky
 tz/3UyfskZaNH6HtxuNhc1hyFN+zVPIw+0phQF8O2cQ6MVMufOYSocLcxrVF0436
 FqLoPjhLdFphJGBWxCRrXDLYu5BOWoupvuDGV7gRtMfvGi5OWiWhAEgewYPn9zUx
 lGdxCMbh/m+XKYcro8hiCJHnP7SdGrpMl3ZZh0QdTORangNObt8HSSpmdzaf4ueO
 NOv7rRVhhjvEXDLQguFpQAlt3ewjZ2V72Sdz4sM7WvNDpsYZlLXhSjUdHo1xbqVl
 PcB4GX8NYbv9idEZGfnvO/C6JrRfcWm8cbN8vs5sMTfSF8KqK7A4ISAJtqQE3r85
 y4Mtix5elSNwmCOZIwG6NovQOuK92iaFItPz9lzScSuXhRnR6GC2D03U/e54wDxw
 TRpoB8nL3hB4KFJEMNkdHS3RAuxuZcl1kz2yio+wPeI0Edm4aB+Y/FxlGw+Fs+kz
 rPH++pMbod6ZcDCc8PbzS1Th38pzPxYm4Rcbyw+YWz2nbjlz+kz4EVi2esg3fQIl
 TGB8vOyNYwq/cTaMwxqklK1SoB+sTHWZJKNuiSvyY2ZYNmUcMo/Hgb/I2QTzEqGS
 vnLp59vcidv73daZw/KT
 =Crcm
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/berrange/tags/qio-next-pull-request' into staging

Merge qio 2010/01/24

Fixes accidental deletion of VNC server UNIX listener socket

# gpg: Signature made Thu 24 Jan 2019 12:24:43 GMT
# gpg:                using RSA key BE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>"
# gpg:                 aka "Daniel P. Berrange <berrange@redhat.com>"
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E  8E3F BE86 EBB4 1510 4FDF

* remotes/berrange/tags/qio-next-pull-request:
  io: ensure UNIX client doesn't unlink server socket

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-25 09:26:33 +00:00
Stefan Markovic
e5a5b1bb7c docs/qemu-cpu-models: Add MIPS/nanoMIPS QEMU supported CPU models
Add list of supported and preferred CPU models for MIPS32, MIPS64
and nanoMIPS hosts.

Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
Signed-off-by: Stefan Markovic <smarkovic@wavecomp.com>
Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
2019-01-24 17:48:33 +01:00
Stefan Markovic
f7d257cb4a qemu-doc: Add nanoMIPS ISA information
Add nanoMIPS information in qemu-doc.texi. An example of usage
is included.

Reviewed-by: Aleksandar Markovic <amarkovic@wavecomp.com>
Signed-off-by: Stefan Markovic <smarkovic@wavecomp.com>
Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
2019-01-24 17:48:33 +01:00
Aleksandar Markovic
dcca150f83 tests: tcg: mips: Remove old directories
Remove old test directories.

Reviewed-by: Aleksandar Rikalo <arikalo@wavecomp.com>
Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
2019-01-24 17:48:33 +01:00
Aleksandar Markovic
5e0aa63b08 tests: tcg: mips: Add two new Makefiles
Add Makefiles for two new direcitories.

Reviewed-by: Aleksandar Rikalo <arikalo@wavecomp.com>
Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
2019-01-24 17:48:33 +01:00
Aleksandar Markovic
073d9f2ce0 tests: tcg: mips: Move source files to new locations
MIPS TCG test will be organized by ISAs and ASEs in future.

Reviewed-by: Aleksandar Rikalo <arikalo@wavecomp.com>
Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
2019-01-24 17:48:33 +01:00
Aleksandar Markovic
b304981f52 MAINTAINERS: Update MIPS sections
Remove Stefan Markovic as a reviewer for MIPS directories and
files, as he left Wave Computing.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
2019-01-24 17:48:33 +01:00
Yongbok Kim
ca1ffd14ed target/mips: Add I6500 core configuration
Add I6500 core configuration. Note that this configuration is
supported only on best-effort basis due to the lack of certain
features in QEMU.

Reviewed-by: Aleksandar Rikalo <arikalo@wavecomp.com>
Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
2019-01-24 17:48:33 +01:00
Stefan Markovic
697b7b6bc5 target/mips: nanoMIPS: Fix branch handling
Fix nanoMIPS branch handling.

Reviewed-by: Aleksandar Rikalo <arikalo@wavecomp.com>
Signed-off-by: Stefan Markovic <smarkovic@wavecomp.com>
Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
2019-01-24 17:48:33 +01:00
Aleksandar Markovic
fc95c2412e disas: nanoMIPS: Amend DSP instructions related comments
Amend some DSP instructions related comments.

Reviewed-by: Aleksandar Rikalo <arikalo@wavecomp.com>
Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
2019-01-24 17:48:33 +01:00
Aleksandar Markovic
8d5388c1de target/mips: Extend gen_scwp() functionality to support EVA
Extend gen_scwp() functionality to support EVA by adding an
additional argument, modify internals of the function to handle
new functionality, and accordingly change its invocations.

Reviewed-by: Aleksandar Rikalo <arikalo@wavecomp.com>
Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
2019-01-24 17:48:33 +01:00
Aleksandar Markovic
5b1e098128 target/mips: Correct the second argument type of cpu_supports_isa()
"insn_flags" bitfield was expanded from 32-bit to 64-bit in commit
f9c9cd63e3. However, this was not reflected on the second argument
of the function cpu_supports_isa(). By chance, this did not create
some wrong behavior, since the left-most halves of all instances of
the second argument are currently all zeros. However, this is still
a bug waiting to happen. Correct this by changing the type of the
second argument to be always 64-bit.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
2019-01-24 17:48:33 +01:00
Aleksandar Markovic
99e49abf11 target/mips: nanoMIPS: Rename macros for extracting 3-bit-coded GPR numbers
Rename macros for extracting 3-bit-coded GPR numbers, to achieve
better consistency with the nanoMIPS documentation.

Reviewed-by: Aleksandar Rikalo <arikalo@wavecomp.com>
Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
2019-01-24 17:48:33 +01:00
Aleksandar Markovic
be3a131a05 target/mips: nanoMIPS: Remove an unused macro
Remove a macro that is never used.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
2019-01-24 17:48:33 +01:00
Aleksandar Markovic
362d2e7254 target/mips: nanoMIPS: Remove duplicate macro definitions
Several macros were defined twice, with identical values, so
remove duplicates.

Previously added in 80845edf37.

This reverts commit 6bfa9f4c9c.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
2019-01-24 17:48:33 +01:00
Peter Maydell
341b7186e7 input-linux: customizable grab toggle keys
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJcSZTxAAoJEEy22O7T6HE4TmkP/1Ym0YTe0RTT7WV+oZtp1ZOB
 B02c3EU7aAT+y0aupD5WWIQV/Jgbx40RaACIyi8MxKfUD5is/8jS2WXgffPPAIxA
 e6jpnO+7PHkmny42jYWdiOD1Eb5OnSeQL8ax06CdFnZhxRvibrBCV7RdB01yMg1G
 wIzIjgvvFwjgzbCMq3L8n+uCRwmQqgMQ7xUhDFxv3omLK01pTGf95fYhoGTJ7Cc5
 gUWlugifM10Vs+62kuDkYbebCm0F8ALHtrTqC/schZfOOLrVIhtyqBdLrl8n9U/J
 ziyshrmtVfpfB/ezGwse66L2Fi/0K/o6GKesXjNEkfxb8RHNaw17SukOylR0nXHs
 oaviIH7JUh+MWcK/zuOVFzkRX3WUBsHLODMQRSixK2Kh6EtOqncO2x+ulaHKJtGb
 B1jyZpZgJEdXiUTgheZwn7csZDHc/Wh6a/LIe6sv7UUJEHbK+oklmPc6Dkrr4GUp
 UgODYDrTSZKwy8hk1BLLerRC3jzz1oIDRDAUi+z4Ct2ofGBUW91gjcJjtcVE2Kvq
 Jexqoo7pgaMJZ4GZllNWqHRDG95sBG2suycfesJgrABiHL/JWwD+ecfpvbuCtcX9
 vtdLUdyzc6REIQ2s9wh+lyml6LOCK40j4gwi0oSQ++pvw+eNud2lb/0ZgBF8xno5
 jrtkODqmnSWS8lgYgg8N
 =znqD
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/ui-20190124-pull-request' into staging

input-linux: customizable grab toggle keys

# gpg: Signature made Thu 24 Jan 2019 10:35:29 GMT
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/ui-20190124-pull-request:
  input-linux: customizable grab toggle keys

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-24 15:38:47 +00:00
Peter Maydell
8b7a3e1e54 Pull request
Changelog: No user-visible changes.
 -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJcSZNlAAoJEJykq7OBq3PISnAH/iH5KzgWDg8JNVxOUG3Tc9fB
 6H6PZgBniqsAYbLYcFLkOJKJk83rPex3I+pwaPuDdVc+Thx2F6upZ4yrzMoI+1jx
 lLHxjfozsGyNY6AnNOIFAC3GFFmsn+HcWfVGg24SFeMY8JHJKu5Ia0z3xOUe/IIh
 XEkni1U+Kzp3bfqn4FP2lBfG6yVmum1+6MFReHcIJOsjkQpP96MSdWCHbdYgnDp8
 EqvY4Puom11f2gljzdfoJU4zCEmJCtgYz/dhAw9paVZr3t/yAj8XYI5rVJtWIG7t
 cR0l0UNB8fvRbRlx8vdWqhRN5o+TknC2vcyaMkSlWJGn9lD37K7qoY62B7zKwx8=
 =v6QC
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging

Pull request

Changelog: No user-visible changes.

# gpg: Signature made Thu 24 Jan 2019 10:28:53 GMT
# gpg:                using RSA key 9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35  775A 9CA4 ABB3 81AB 73C8

* remotes/stefanha/tags/block-pull-request:
  qemu-coroutine-sleep: drop CoSleepCB
  iotests: add 238 for throttling tgm unregister iothread segfault
  throttle-groups: fix restart coroutine iothread race

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-24 15:04:47 +00:00
Christophe Fergeau
bbc0586ced json: Fix % handling when not interpolating
Commit 8bca4613 added support for %% in json strings when interpolating,
but in doing so broke handling of % when not interpolating.

When parse_string() is fed a string token containing '%', it skips the
'%' regardless of ctxt->ap, i.e. even it's not interpolating.  If the
'%' is the string's last character, it fails an assertion.  Else, it
"merely" swallows the '%'.

Fix parse_string() to handle '%' specially only when interpolating.

To gauge the bug's impact, let's review non-interpolating users of this
parser, i.e. code passing NULL context to json_message_parser_init():

* tests/check-qjson.c, tests/test-qobject-input-visitor.c,
  tests/test-visitor-serialization.c

  Plenty of tests, but we still failed to cover the buggy case.

* monitor.c: QMP input

* qga/main.c: QGA input

* qobject_from_json():

  - qobject-input-visitor.c: JSON command line option arguments of
    -display and -blockdev

    Reproducer: -blockdev '{"%"}'

  - block.c: JSON pseudo-filenames starting with "json:"

    Reproducer: https://bugzilla.redhat.com/show_bug.cgi?id=1668244#c3

  - block/rbd.c: JSON key pairs

    Pseudo-filenames starting with "rbd:".

Command line, QMP and QGA input are trusted.

Filenames are trusted when they come from command line, QMP or HMP.
They are untrusted when they come from from image file headers.
Example: QCOW2 backing file name.  Note that this is *not* the security
boundary between host and guest.  It's the boundary between host and an
image file from an untrusted source.

Neither failing an assertion nor skipping a character in a filename of
your choice looks exploitable.  Note that we don't support compiling
with NDEBUG.

Fixes: 8bca4613e6
Cc: qemu-stable@nongnu.org
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
Message-Id: <20190102140535.11512-1-cfergeau@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Tested-by: Richard W.M. Jones <rjones@redhat.com>
[Commit message extended to discuss impact]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2019-01-24 15:20:59 +01:00
Daniel P. Berrangé
62dd1048c0 trace: add ability to do simple printf logging via systemtap
The dtrace systemtap trace backend for QEMU is very powerful but it is
also somewhat unfriendly to users who aren't familiar with systemtap,
or who don't need its power right now.

  stap -e "....some strange script...."

The 'log' backend for QEMU by comparison is very crude but incredibly
easy to use:

 $ qemu -d trace:qio* ...some args...
 23266@1547735759.137292:qio_channel_socket_new Socket new ioc=0x563a8a39d400
 23266@1547735759.137305:qio_task_new Task new task=0x563a891d0570 source=0x563a8a39d400 func=0x563a86f1e6c0 opaque=0x563a89078000
 23266@1547735759.137326:qio_task_thread_start Task thread start task=0x563a891d0570 worker=0x563a86f1ce50 opaque=0x563a891d9d90
 23273@1547735759.137491:qio_task_thread_run Task thread run task=0x563a891d0570
 23273@1547735759.137503:qio_channel_socket_connect_sync Socket connect sync ioc=0x563a8a39d400 addr=0x563a891d9d90
 23273@1547735759.138108:qio_channel_socket_connect_fail Socket connect fail ioc=0x563a8a39d400

This commit introduces a way to do simple printf style logging of probe
points using systemtap. In particular it creates another set of tapsets,
one per emulator:

  /usr/share/systemtap/tapset/qemu-*-log.stp

These pre-define probe functions which simply call printf() on their
arguments. The printf() format string is taken from the normal
trace-events files, with a little munging to the format specifiers
to cope with systemtap's more restrictive syntax.

With this you can now do

 $ stap -e 'probe qemu.system.x86_64.log.qio*{}'
 22806@1547735341399856820 qio_channel_socket_new Socket new ioc=0x56135d1d7c00
 22806@1547735341399862570 qio_task_new Task new task=0x56135cd66eb0 source=0x56135d1d7c00 func=0x56135af746c0 opaque=0x56135bf06400
 22806@1547735341399865943 qio_task_thread_start Task thread start task=0x56135cd66eb0 worker=0x56135af72e50 opaque=0x56135c071d70
 22806@1547735341399976816 qio_task_thread_run Task thread run task=0x56135cd66eb0

We go one step further though and introduce a 'qemu-trace-stap' tool to
make this even easier

 $ qemu-trace-stap run qemu-system-x86_64 'qio*'
 22806@1547735341399856820 qio_channel_socket_new Socket new ioc=0x56135d1d7c00
 22806@1547735341399862570 qio_task_new Task new task=0x56135cd66eb0 source=0x56135d1d7c00 func=0x56135af746c0 opaque=0x56135bf06400
 22806@1547735341399865943 qio_task_thread_start Task thread start task=0x56135cd66eb0 worker=0x56135af72e50 opaque=0x56135c071d70
 22806@1547735341399976816 qio_task_thread_run Task thread run task=0x56135cd66eb0

This tool is clever in that it will automatically change the
SYSTEMTAP_TAPSET env variable to point to the directory containing the
right set of probes for the QEMU binary path you give it. This is useful
if you have QEMU installed in /usr but are trying to test and trace a
binary in /home/berrange/usr/qemu-git. In that case you'd do

 $ qemu-trace-stap run /home/berrange/usr/qemu-git/bin/qemu-system-x86_64 'qio*'

And it'll make sure /home/berrange/usr/qemu-git/share/systemtap/tapset
is used for the trace session

The 'qemu-trace-stap' script takes a verbose arg so you can understand
what it is running

 $ qemu-trace-stap run /home/berrange/usr/qemu-git/bin/qemu-system-x86_64 'qio*'
 Using tapset dir '/home/berrange/usr/qemu-git/share/systemtap/tapset' for binary '/home/berrange/usr/qemu-git/bin/qemu-system-x86_64'
 Compiling script 'probe qemu.system.x86_64.log.qio* {}'
 Running script, <Ctrl>-c to quit
 ...trace output...

It can enable multiple probes at once

 $ qemu-trace-stap run qemu-system-x86_64 'qio*' 'qcrypto*' 'buffer*'

By default it monitors all existing running processes and all future
launched proceses. This can be restricted to a specific PID using the
--pid arg

 $ qemu-trace-stap run --pid 2532 qemu-system-x86_64 'qio*'

Finally if you can't remember what probes are valid it can tell you

 $ qemu-trace-stap list qemu-system-x86_64
 ahci_check_irq
 ahci_cmd_done
 ahci_dma_prepare_buf
 ahci_dma_prepare_buf_fail
 ahci_dma_rw_buf
 ahci_irq_lower
 ...snip...

Or list just those matching a prefix pattern

 $ qemu-trace-stap list -v qemu-system-x86_64 'qio*'
 Using tapset dir '/home/berrange/usr/qemu-git/share/systemtap/tapset' for binary '/home/berrange/usr/qemu-git/bin/qemu-system-x86_64'
 Listing probes with name 'qemu.system.x86_64.log.qio*'
 qio_channel_command_abort
 qio_channel_command_new_pid
 qio_channel_command_new_spawn
 qio_channel_command_wait
 qio_channel_file_new_fd
 ...snip...

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 20190123120016.4538-5-berrange@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2019-01-24 14:16:56 +00:00
Daniel P. Berrangé
772f1b3721 trace: forbid use of %m in trace event format strings
The '%m' format instructs glibc's printf()/syslog() implementation to
insert the contents of strerror(errno). Since this is a glibc extension
it should generally be avoided in QEMU due to need for portability to a
variety of platforms.

Even though vfio is Linux-only code that could otherwise use "%m", it
must still be avoided in trace-events files because several of the
backends do not use the format string and so this error information is
invisible to them.

The errno string value should be given as an explicit trace argument
instead, making it accessible to all backends. This also allows it to
work correctly with future patches that use the format string with
systemtap's simple printf code.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 20190123120016.4538-4-berrange@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2019-01-24 14:16:56 +00:00
Daniel P. Berrangé
7760636309 trace: enforce that every trace-events file has a final newline
When generating the trace-events-all file, the build system simply
concatenates all the individual trace-events files. If any one of those
files does not have a final newline, the printf format string will have
the contents of the first line of the next file appended to it, which is
usually a '#' comment.

Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 20190123120016.4538-3-berrange@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2019-01-24 14:16:56 +00:00
Daniel P. Berrangé
00f4269743 display: ensure qxl log_buf is a nul terminated string
The QXL_IO_LOG command allows the guest to send log messages to the host
via a buffer in the QXLRam struct. QEMU prints these to the console if
the qxl 'guestdebug' option is set to non-zero. It will also feed them
to the trace subsystem if any backends are built-in.

In both cases the log_buf data will get treated as being as a nul
terminated string, by the printf '%s' format specifier and / or other
code reading the buffer.

QEMU does nothing to guarantee that the log_buf really is nul terminated,
so there is potential for out of bounds array access.

This would affect any QEMU which has the log, syslog or ftrace trace
backends built into QEMU. It can only be triggered if the 'qxl_io_log'
trace event is enabled, however, so they are not vulnerable without
specific administrative action to enable this.

It would also affect QEMU if the 'guestdebug' parameter is set to a
non-zero value, which again is not the default and requires explicit
admin opt-in.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 20190123120016.4538-2-berrange@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2019-01-24 14:16:56 +00:00
Peter Maydell
b6b2308113 Migration pull 2019-01-23
New pages-per-second stat, a new test, and a bunch
 of fixes and tidy ups.
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJcSI5IAAoJEAUWMx68W/3nQuoQAKvaW/g+EMEHBXeXkSttCTpz
 n5hDhiIwj+sW6BXDqjS9r9zBbAeUvmlJELO+N35ELgZKZKAfymYjcP7MT3bHlnW+
 8/AZdIuuVBBWvGS4iCgiScvBVwbj7HqeVynEk4Z2DudGckJpypNnfjx8ssBKs5Gt
 DGGKcqrT3DGo5VxMbR/gYXCvsFtbqxVM3Taud4ReZNyuNQmMxRLe+O3JPQ2AHYbZ
 lSWVp9R0AZx71ynpI5K2bZDe5f1Y6Ag9Ziitz+H0WOpiEcDdS5NHmnfq8Bm7x/Ef
 0K/D2V2T9EVyiuGs6XAuyMV0n7RfpVN7OpMMH41SW6UzvS88YoXqLPuSPYPV5TGH
 JhpenX/5ELAGEO/B7ITeaeKi9q4aQ4Fxbtpr/lWqStodCARzI7QS6arrUCOF0UhH
 EGuKV/qoX7UMmz1KRA7vr6npSOZkdVVbdnRjG6zrTJpSBwCzZufUYKPaDDjc8pSD
 +RY4rrFU1bMuQF5e8xyjKu8VWWN1YhN+uzWzf5OhTsW6josocSCzC3FTJPJStpbs
 2hbXDptznfZw77W3qvKPX1hNMwl08im79NLyDo+PxniVilclMQ11GKyaWAGRggmQ
 49012bWozON6pK2JIzv1GXLHNOAyLcTHdUfpywU100srBEkchrdq/SlEX49IiDW7
 yh+a4BmwHjN4FDwCkufR
 =xxTj
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/dgilbert/tags/pull-migration-20190123a' into staging

Migration pull 2019-01-23

New pages-per-second stat, a new test, and a bunch
of fixes and tidy ups.

# gpg: Signature made Wed 23 Jan 2019 15:54:48 GMT
# gpg:                using RSA key 0516331EBC5BFDE7
# gpg: Good signature from "Dr. David Alan Gilbert (RH2) <dgilbert@redhat.com>"
# Primary key fingerprint: 45F5 C71B 4A0C B7FB 977A  9FA9 0516 331E BC5B FDE7

* remotes/dgilbert/tags/pull-migration-20190123a:
  migration: introduce pages-per-second
  vmstate: constify SaveVMHandlers
  tests: add /vmstate/simple/array
  migration/rdma: unregister fd handler
  migration: unify error handling for process_incoming_migration_co
  migration: add more error handling for postcopy_ram_enable_notify
  migration: multifd_save_cleanup() can't fail, simplify
  migration: fix the multifd code when receiving less channels
  Fix segmentation fault when qemu_signal_init fails

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-01-24 13:28:27 +00:00