Commit Graph

51159 Commits

Author SHA1 Message Date
Li Qiang
dd248ed7e2 virtio-gpu: fix memory leak in set scanout
In virtio_gpu_set_scanout function, when creating the 'rect'
its refcount is set to 2, by pixman_image_create_bits and
qemu_create_displaysurface_pixman function. This can lead
a memory leak issues. This patch avoid this issue.

Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 5884626f.5b2f6b0a.1bfff.3037@mx.google.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2017-02-10 16:49:45 +01:00
Peter Maydell
33d076ebd0 One minor fix and a build split to reduce timeouts.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJYndJcAAoJEPvQ2wlanipEqCQH/j85vUUkHyeESut3my2iqwol
 eZ66lJ4PADykwEAwax5DIaSkcIOmC9tLWkqvsqRrwkuT59J+k8dIJwvWyOcHoVXF
 Kfmws5zUqyipJk0KMaNkSbLtim8G8aMevaKqkVWDlmDpn9hzdXU3/OYBmU7Y2hGv
 KhcGmCrKd8rn3b34lhJvsVxXUxIHUlUi5swzm9iDwBeUdvjKnwch5MtaUS+FfVXe
 53Ix6u3ZykuK8VW7hKkx9sxUdjGUmEuXVcdy20/w1tpDsI/s665/GysAYK99tOIA
 zTywjSi1cNNqOOkhGIMrtL2qLWeu9aDWRZVnwZN/RszJn2giLnisvZW+FniLaBw=
 =2Ltn
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/stsquad/tags/pull-travis-10022017-1' into staging

One minor fix and a build split to reduce timeouts.

# gpg: Signature made Fri 10 Feb 2017 14:46:52 GMT
# gpg:                using RSA key 0xFBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>"
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8  DF35 FBD0 DB09 5A9E 2A44

* remotes/stsquad/tags/pull-travis-10022017-1:
  .travis.yml: split VM based builds
  .travis.yml: don't specify CONFIG twice

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-10 15:05:37 +00:00
Alex Bennée
78a22af040 .travis.yml: split VM based builds
The Trusty based builds run a little slower than the main container
based ones. This is also true for the latest version of Clang. The
builds are getting very close (and occasionally run over) the 50 minute
timeout. Rather than partitioning by target I just split them into
linux-user and system builds.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
2017-02-10 13:19:56 +00:00
Alex Bennée
fed5364971 .travis.yml: don't specify CONFIG twice
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
2017-02-10 13:19:56 +00:00
Peter Maydell
8b1897725d vnc: add support for multiple listening sockets.
vnc: misc fixes and cleanups.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJYnJyOAAoJEEy22O7T6HE4JZAQAKLalr4Xxm677CPCLG3juTDs
 pheRub7CTULxEp/1EonaOg8zrlMJxQw0Xhenmqv9I9PF6mMCXjJnSokqzqM+sQOV
 TuLq8f62IbKK5F7iGLX6C/X+7MRQW/W/xqa7dpAHgttgt/KeuFOpj8H6ugHgxbrb
 aXkB2lCnzvjFv/OkZ1ZM8ZjN/tiuAkUJtN4DNKyXvjwP3rhPGKmQMicUf0IQxM1q
 54i2xdW85UtGIkBW5PFh/inj7Ba6PIYH3BoIX4qNhMOMrgwlXb6dovtvHgUo6jb0
 C0CQoo8kEntq4YBiy7qK+WMfOsNoyq+H8kVXbNgO0XJo4lraa72lkH7rnSMaIJIB
 aGorHg6gNq3ehVb8MApp4nt/mi830zSYxmI+Ck8Q0P2tYc8Tx6v7fhHZCvzPiMhk
 l/FQ9kuhE7HSIFZ+RgGTHdq21O72xAb+LBtjhJ2EpBYz5GdaPKVqmjzcxvSVmz7J
 rH1jIgbQQMxppdL6xIdKcznBVPouZkQsdxwmh0kldpn1cUYzuB94BaQzU7kPkE3n
 1tdo0jWxJfcWqaNH7SLRyVjPeY+232QVez/VjFJF57SStmYKdhHrKSOj/EQe9iYU
 67TVF1lwUtMJnT0b4J1ubNQNELoxt5Pm9gawBQFC8XoJ7qRKQq+NbhUGRgcC7nBR
 2ZDjZKyM/V0rxRT6wjZV
 =nM13
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/pull-ui-20170209-2' into staging

vnc: add support for multiple listening sockets.
vnc: misc fixes and cleanups.

# gpg: Signature made Thu 09 Feb 2017 16:45:02 GMT
# gpg:                using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/pull-ui-20170209-2:
  ui: add ability to specify multiple VNC listen addresses
  util: add iterators for QemuOpts values
  ui: let VNC server listen on all resolved IP addresses
  ui: extract code to connect/listen from vnc_display_open
  ui: refactor code for populating SocketAddress from vnc_display_open
  ui: refactor VncDisplay to allow multiple listening sockets
  ui: fix reporting of VNC auth in query-vnc-servers
  ui: fix regression handling bare 'websocket' option to -vnc
  vnc: do not disconnect on EAGAIN
  ui/vnc: Drop unused vnc_has_job() and vnc_jobs_clear()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-09 16:58:39 +00:00
Daniel P. Berrange
396f935a9a ui: add ability to specify multiple VNC listen addresses
This change allows the listen address and websocket address
options for -vnc to be repeated. This causes the VNC server
to listen on multiple addresses. e.g.

 $ $QEMU -vnc vnc=localhost:1,vnc=unix:/tmp/vnc,\
              websocket=127.0.0.1:8080,websocket=[::]:8081

results in listening on

127.0.0.1:5901, 127.0.0.1:8080, ::1:5901, :::8081 & /tmp/vnc

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 20170203120649.15637-9-berrange@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2017-02-09 17:28:49 +01:00
Daniel P. Berrange
e998e2090f util: add iterators for QemuOpts values
To iterate over all QemuOpts currently requires using a callback
function which is inconvenient for control flow. Add support for
using iterator functions more directly

  QemuOptsIter iter;
  QemuOpt *opt;

  qemu_opts_iter_init(&iter, opts, "repeated-key");
  while ((opt = qemu_opts_iter_next(&iter)) != NULL) {
      ....do something...
  }

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 20170203120649.15637-8-berrange@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2017-02-09 17:28:49 +01:00
Daniel P. Berrange
57a6d6d538 ui: let VNC server listen on all resolved IP addresses
Remove the limitation that the VNC server can only listen on
a single resolved IP address. This uses the new DNS resolver
API to resolve a SocketAddress struct into an array of
SocketAddress structs containing raw IP addresses. The VNC
server will then attempt to listen on all resolved IP addresses.
The server must successfully listen on at least one of the
resolved IP addresses, otherwise an error will be reported.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 20170203120649.15637-7-berrange@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2017-02-09 17:28:49 +01:00
Daniel P. Berrange
8bd22f477f ui: extract code to connect/listen from vnc_display_open
The code which takes a SocketAddress and connects/listens on the
network is going to get more complicated to deal with multiple
listeners. Pull it out into a separate method to avoid making the
vnc_display_open method even more complex.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 20170203120649.15637-6-berrange@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2017-02-09 17:28:49 +01:00
Daniel P. Berrange
275e0d616b ui: refactor code for populating SocketAddress from vnc_display_open
The code which interprets the CLI args to populate the SocketAddress
objects for plain & websockets VNC is quite complex already and will
need further enhancements shortly. Refactor it into separate methods
to avoid vnc_display_open getting even larger. As a side effect of
the refactoring, it is now possible to specify a listen address for
the websocket server explicitly. e.g,

  -vnc localhost:5900,websockets=0.0.0.0:8080

will listen on localhost for the plain VNC server, but expose the
websockets VNC server on the public interface. This refactoring
also removes the restriction that prevents enabling websockets
when the plain VNC server is listening on a UNIX socket.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 20170203120649.15637-5-berrange@redhat.com

[ kraxel: squashed clang build fix ]

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2017-02-09 17:28:45 +01:00
Daniel P. Berrange
4ee74fa708 ui: refactor VncDisplay to allow multiple listening sockets
Currently there is only a single listener for plain VNC and
a single listener for websockets VNC. This means that if
getaddrinfo() returns multiple IP addresses, for a hostname,
the VNC server can only listen on one of them. This is
just bearable if listening on wildcard interface, or if
the host only has a single network interface to listen on,
but if there are multiple NICs and the VNC server needs
to listen on 2 or more specific IP addresses, it can't be
done.

This refactors the VncDisplay state so that it holds an
array of listening sockets, but still only listens on
one socket.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 20170203120649.15637-4-berrange@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2017-02-08 14:59:37 +01:00
Daniel P. Berrange
2a7e6857cd ui: fix reporting of VNC auth in query-vnc-servers
Currently the VNC authentication info is emitted at the
top level of the query-vnc-servers data. This is wrong
because the authentication scheme differs between plain
and websockets when TLS is enabled. We should instead
report auth against the individual servers. e.g.

(QEMU) query-vnc-servers
{
    "return": [
        {
            "clients": [],
            "id": "default",
            "auth": "vencrypt",
            "vencrypt": "x509-vnc",
            "server": [
                {
                    "host": "127.0.0.1"
                    "service": "5901",
                    "websocket": false,
                    "family": "ipv4",
                    "auth": "vencrypt",
                    "vencrypt": "x509-vnc"
                },
                {
                    "host": "127.0.0.1",
                    "service": "5902",
                    "websocket": true,
                    "family": "ipv4",
                    "auth": "vnc"
                }
            ]
        }
    ]
}

This also future proofs the QMP schema so that we can
cope with multiple VNC server instances, listening on
different interfaces or ports, with different auth
setup.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 20170203120649.15637-3-berrange@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2017-02-08 14:59:37 +01:00
Daniel P. Berrange
1b1aeb5828 ui: fix regression handling bare 'websocket' option to -vnc
The -vnc argument is documented as accepting two syntaxes for
the 'websocket' option, either a bare option name, or a port
number. If using the bare option name, it is supposed to apply
the display number as an offset to base port 5700. e.g.

  -vnc localhost:3,websocket

should listen on port 5703, however, this was broken in 2.3.0 since

  commit 4db14629c3
  Author: Gerd Hoffmann <kraxel@redhat.com>
  Date:   Tue Sep 16 12:33:03 2014 +0200

    vnc: switch to QemuOpts, allow multiple servers

instead qemu tries to listen on port "on" which gets looked up in
/etc/services and fails.

Fixes bug: #1455912

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 20170203120649.15637-2-berrange@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2017-02-08 14:59:37 +01:00
Michael Tokarev
537848ee62 vnc: do not disconnect on EAGAIN
When qemu vnc server is trying to send large update to clients,
there might be a situation when system responds with something
like EAGAIN, indicating that there's no system memory to send
that much data (depending on the network speed, client and server
and what is happening).  In this case, something like this happens
on qemu side (from strace):

sendmsg(16, {msg_name(0)=NULL,
        msg_iov(1)=[{"\244\"..., 729186}],
        msg_controllen=0, msg_flags=0}, 0) = 103950
sendmsg(16, {msg_name(0)=NULL,
        msg_iov(1)=[{"lz\346"..., 1559618}],
        msg_controllen=0, msg_flags=0}, 0) = -1 EAGAIN
sendmsg(-1, {msg_name(0)=NULL,
        msg_iov(1)=[{"lz\346"..., 1559618}],
        msg_controllen=0, msg_flags=0}, 0) = -1 EBADF

qemu closes the socket before the retry, and obviously it gets EBADF
when trying to send to -1.

This is because there WAS a special handling for EAGAIN, but now it doesn't
work anymore, after commit 04d2529da2, because
now in all error-like cases we initiate vnc disconnect.

This change were introduced in qemu 2.6, and caused numerous grief for many
people, resulting in their vnc clients reporting sporadic random disconnects
from vnc server.

Fix that by doing the disconnect only when necessary, i.e. omitting this
very case of EAGAIN.

Hopefully the existing condition (comparing with QIO_CHANNEL_ERR_BLOCK)
is sufficient, as the original code (before the above commit) were
checking for other errno values too.

Apparently there's another (semi?)bug exist somewhere here, since the
code tries to write to fd# -1, it probably should check if the connection
is open before. But this isn't important.

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 1486115549-9398-1-git-send-email-mjt@msgid.tls.msk.ru
Fixes: 04d2529da2
Cc: Daniel P. Berrange <berrange@redhat.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2017-02-08 14:59:36 +01:00
Peter Maydell
c3ff04b60d ui/vnc: Drop unused vnc_has_job() and vnc_jobs_clear()
The functions vnc_has_job() and vnc_jobs_clear() are
never used; remove them.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Message-id: 1486146260-8092-1-git-send-email-peter.maydell@linaro.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2017-02-08 14:59:36 +01:00
Peter Maydell
f073cd3a2b target-arm:
* new "unimplemented" device for stubbing out devices in a
    system model so accesses can be logged
  * stellaris: document the SoC memory map
  * arm: create instruction syndromes for AArch32 data aborts
  * arm: Correctly handle watchpoints for BE32 CPUs
  * Fix Thumb-1 BE32 execution and disassembly
  * arm: Add cfgend parameter for ARM CPU selection
  * sd: sdhci: check data length during dma_memory_read
  * aspeed: add a watchdog controller
  * integratorcp: adding vmstate for save/restore
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCAAGBQJYmh3zAAoJEDwlJe0UNgzeZF0P/0v1AomIyNLaJ8Xyr6/9Ia9L
 xn8jYsACWyT3AQ4BXdmaGXg24+wPVT4X36wzTNS50s4a3R4VWxaqu+9bxAKVtyfH
 Y1CIXIib5Gz9FyY1n5pvpj7b438h4QtNbgvb/0vJoECk2F99QjEQxX+XJlCGGAGi
 J8O/L2cfrzZUXLfRZQW1VfcIkgLvlGo1A489/MFYQuv+irzJckHmnY3LeqrRfKCB
 udYbaaAdtCiPQ/OlCzsDXucjOXBMqrGba+f3g+P4xmtDPYTlSvvOjFroR54v9xa8
 n8qLLelEiH8uhW3vl8aeEsdPMV3yrX2yz0HzMqhzXTajJJs8wxECtvYKWaSzosKP
 64pbSlHD8iwl1oHJ+ZOlwaCpAcaVnBLwz65VSB6EUxAGPpeFqp0q6uATc7t9dO3o
 PRAijt5IrNpKHehTmcZ1bAsO59KeCBFwMyGL8clX2jD1Vjj8zD9CrkCDL4tpJlsL
 uGHn9RyywsWcMGsjpP6JXo3uYMK1Wbozt0XRnWWex+wsW3qOdCHVGIhXyyDJBLMD
 +r+hc49//GA58GtdTDVsU/qI4NgLfVSp2qk4lKlYVu1kxp5azPs2OpRn44Hv6YID
 2VmepX4ug/pfJ0y2AHyYuJEO+auHKzunjDCrnrBqQEMrON2hmvqtHnS/G496+lIG
 146ctV+2sSPz2vxOvTwf
 =dbln
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20170207-1' into staging

target-arm:
 * new "unimplemented" device for stubbing out devices in a
   system model so accesses can be logged
 * stellaris: document the SoC memory map
 * arm: create instruction syndromes for AArch32 data aborts
 * arm: Correctly handle watchpoints for BE32 CPUs
 * Fix Thumb-1 BE32 execution and disassembly
 * arm: Add cfgend parameter for ARM CPU selection
 * sd: sdhci: check data length during dma_memory_read
 * aspeed: add a watchdog controller
 * integratorcp: adding vmstate for save/restore

# gpg: Signature made Tue 07 Feb 2017 19:20:19 GMT
# gpg:                using RSA key 0x3C2525ED14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>"
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>"
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20170207-1:
  stellaris: Use the 'unimplemented' device for parts we don't implement
  hw/misc: New "unimplemented" sysbus device
  stellaris: Document memory map and which SoC devices are unimplemented
  target/arm: A32, T32: Create Instruction Syndromes for Data Aborts
  target/arm: Abstract out pbit/wbit tests in ARM ldr/str decode
  arm: Correctly handle watchpoints for BE32 CPUs
  Fix Thumb-1 BE32 execution and disassembly.
  target/arm: Add cfgend parameter for ARM CPU selection.
  hw/arm/integratorcp: Support specifying features via -cpu
  sd: sdhci: check data length during dma_memory_read
  aspeed: add a watchdog controller
  wdt: Add Aspeed watchdog device model
  integratorcp: adding vmstate for save/restore

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-07 19:21:30 +00:00
Peter Maydell
aecfbbc97a stellaris: Use the 'unimplemented' device for parts we don't implement
Use the 'unimplemented' dummy device to cover regions of the
SoC device memory map which we don't have proper device
implementations for yet.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1484247815-15279-4-git-send-email-peter.maydell@linaro.org
2017-02-07 18:55:15 +00:00
Peter Maydell
f5095aa380 hw/misc: New "unimplemented" sysbus device
Create a new "unimplemented" sysbus device, which simply accepts
all read and write accesses, and implements them as read-as-zero,
write-ignored, with logging of the access as LOG_UNIMP.

This is useful for stubbing out bits of an SoC or board model
which haven't been written yet.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1484247815-15279-3-git-send-email-peter.maydell@linaro.org
2017-02-07 18:55:15 +00:00
Peter Maydell
394c8bbfb7 stellaris: Document memory map and which SoC devices are unimplemented
Add a comment documenting the memory map of the SoC devices and which
are not implemented.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1484247815-15279-2-git-send-email-peter.maydell@linaro.org
2017-02-07 18:55:15 +00:00
Peter Maydell
9bb6558a21 target/arm: A32, T32: Create Instruction Syndromes for Data Aborts
Add support for generating the ISS (Instruction Specific Syndrome)
for Data Abort exceptions taken from AArch32. These syndromes are
used by hypervisors for example to trap and emulate memory accesses.

This is the equivalent for AArch32 guests of the work done for AArch64
guests in commit aaa1f954d4.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
2017-02-07 18:30:00 +00:00
Peter Maydell
63f26fcfda target/arm: Abstract out pbit/wbit tests in ARM ldr/str decode
In the ARM ldr/str decode path, rather than directly testing
"insn & (1 << 21)" and "insn & (1 << 24)", abstract these
bits out into wbit and pbit local flags. (We will want to
do more tests against them to determine whether we need to
provide syndrome information.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
2017-02-07 18:29:59 +00:00
Julian Brown
4061200059 arm: Correctly handle watchpoints for BE32 CPUs
In BE32 mode, sub-word size watchpoints can fail to trigger because the
address of the access is adjusted in the opcode helpers before being
compared with the watchpoint registers.  This patch reverses the address
adjustment before performing the comparison with the help of a new CPUClass
hook.

This version of the patch augments and tidies up comments a little.

Signed-off-by: Julian Brown <julian@codesourcery.com>
Message-id: caaf64ffc72f6ae183015337b7afdbd4b8989cb6.1484929304.git.julian@codesourcery.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-07 18:29:59 +00:00
Julian Brown
f7478a92dd Fix Thumb-1 BE32 execution and disassembly.
Thumb-1 code has some issues in BE32 mode (as currently implemented). In
short, since bytes are swapped within words at load time for BE32
executables, this also swaps pairs of adjacent Thumb-1 instructions.

This patch un-swaps those pairs of instructions again, both for execution,
and for disassembly. (The previous version of the patch always read four
bytes in arm_read_memory_func and then extracted the proper two bytes,
in a probably misguided attempt to match the behaviour of actual hardware
as described by e.g. the ARM9TDMI TRM, section 3.3 "Endian effects for
instruction fetches". It's less complicated to just read the correct
two bytes though.)

Signed-off-by: Julian Brown <julian@codesourcery.com>
Message-id: ca20462a044848000370318a8bd41dd0a4ed273f.1484929304.git.julian@codesourcery.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-07 18:29:59 +00:00
Julian Brown
3a062d5730 target/arm: Add cfgend parameter for ARM CPU selection.
Add a new "cfgend" property which selects whether the CPU resets into
big-endian mode or not.  This setting affects whether we reset with
SCTLR_B (ARMv6 and earlier) or SCTLR_EE (ARMv7 and later) set.

Signed-off-by: Julian Brown <julian@codesourcery.com>
Message-id: 11420d1c49636c1790e60578ee996e51f0f0b835.1484929304.git.julian@codesourcery.com
[PMM: use error_report_err() rather than error_report();
 move the integratorcp changes to their own patch;
 drop an unnecessary extra #include;
 rephrase commit message accordingly;
 move setting of reset_sctlr above registration of cpregs
 so it actually has an effect]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-07 18:29:59 +00:00
Julian Brown
00909b5858 hw/arm/integratorcp: Support specifying features via -cpu
Since the integratorcp board creates the CPU object directly
rather than via cpu_arm_init(), we have to call the CPU
class parse_features() method ourselves if we want to
support the user passing features via the -cpu command
line argument as well as just the cpu name. Do so.

Signed-off-by: Julian Brown <julian@codesourcery.com>
[PMM: split out into its own patch]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-07 18:29:59 +00:00
Prasad J Pandit
42922105be sd: sdhci: check data length during dma_memory_read
While doing multi block SDMA transfer in routine
'sdhci_sdma_transfer_multi_blocks', the 's->fifo_buffer' starting
index 'begin' and data length 's->data_count' could end up to be same.
This could lead to an OOB access issue. Correct transfer data length
to avoid it.

Cc: qemu-stable@nongnu.org
Reported-by: Jiang Xin <jiangxin1@huawei.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20170130064736.9236-1-ppandit@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-07 18:29:59 +00:00
Cédric Le Goater
013befe1ca aspeed: add a watchdog controller
This enables reboot of a guest from U-Boot and Linux.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Message-id: 1485452251-1593-3-git-send-email-clg@kaod.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-07 18:29:59 +00:00
Cédric Le Goater
854123bf8d wdt: Add Aspeed watchdog device model
The Aspeed SoC includes a set of watchdog timers using 32-bit
decrement counters, which can be based either on the APB clock or
a 1 MHz clock.

The watchdog timer is designed to prevent system deadlock and, in
general, it should be restarted before timeout. When a timeout occurs,
different types of signals can be generated, ARM reset, SOC reset,
System reset, CPU Interrupt, external signal or boot from alternate
block. The current model only performs the system reset function as
this is used by U-Boot and Linux.

Signed-off-by: Joel Stanley <joel@jms.id.au>
Message-id: 1485452251-1593-2-git-send-email-clg@kaod.org
[clg: - fixed compile breakage
      - fixed io region size
      - added watchdog_perform_action() on timer expiry
      - wrote a commit log
      - merged fixes from Andrew Jeffery to scale the reload value ]
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-07 18:29:59 +00:00
Pavel Dovgalyuk
26d3202207 integratorcp: adding vmstate for save/restore
VMState added by this patch preserves correct
loading of the integratorcp device state.

Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
Message-id: 20170131114310.6768.79416.stgit@PASHA-ISP
[PMM: removed unnecessary minimum_version_id_old lines]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-07 18:29:58 +00:00
Peter Maydell
d0dff238a8 migration/next for 20170206
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABCAAGBQJYmKCmAAoJEPSH7xhYctcju4EP/3R5+ezqOIRS+ybURKC0W0+h
 VkpEMu1Vrmu+Y5m4rBpiPbr2vxuR0r4SvTGHpkhzNlbVI8H24mDN6snkf0r0M/HJ
 ERU9pH46kJV8MWmbfsSY6JQqIlZiqww/2oDQ5ILI/m8oRaqF2hKkJtAA7JZJEasA
 gpA4r6yng0V5eKJ05MQVNzavY0uNxWKkQ7+6cXPcoFWiyZXvnuL0EDlxAdTzW9qH
 oMzqnnywBg6xj8/qz/g7ZjfiXfZnNshrPqS0LztxPJJaCVD+XK7JWs0yDyxJLqz5
 qhy/3an6d5bo0A5aG8qM8Q4PSHfY+Mahre2I3kfBH8vUiLlQ4c8N+v6HHLSi2LMi
 EK0Sy8jBALDjg9Tr4Jl9oG46YKgdct13rUxMb+Gvr5GIkhALB/sTAS/x7QXHck2z
 ecDYC+LKXXY8vqgPri+aaF6OLngeVWP7bszF79xXNB6jo+lTwU0Xbhh0M1c552ZV
 TaOwy+z/G0My4dUAq0zGx43ZJqSrwY0RrR1Hp6YCNQoL3Gj5RjJL6CBJ7MIq8AYV
 G2L2J/u6AGLjuLf4zYre12rKsmK+IBOyYK2osfcPpx0/i3gi5POl/ep5pVD0z9e6
 Ry7sDOwlkN5CwlDdaWDQEg8jrhZlGe424jqe4ScwlubjylBm/UhLjnyPUK38o+jk
 hAjvVFCrbuA9jrlJMgNZ
 =R5kr
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/juanquintela/tags/migration/20170206' into staging

migration/next for 20170206

# gpg: Signature made Mon 06 Feb 2017 16:13:26 GMT
# gpg:                using RSA key 0xF487EF185872D723
# gpg: Good signature from "Juan Quintela <quintela@redhat.com>"
# gpg:                 aka "Juan Quintela <quintela@trasno.org>"
# Primary key fingerprint: 1899 FF8E DEBF 58CC EE03  4B82 F487 EF18 5872 D723

* remotes/juanquintela/tags/migration/20170206:
  postcopy: Recover block devices on early failure
  Postcopy: Reset state to avoid cleanup assert
  vmstate registration: check return values
  migration: Check for ID length
  vmstate_register_with_alias_id: Take an Error **
  migration: create Migration Incoming State at init time

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-07 15:29:26 +00:00
Peter Maydell
3c457da147 Misc hppa fixes.
-----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJYmTDYAAoJEK0ScMxN0CebebAIAIfzcwhKRYfWVhRdN5tzjik9
 IpVlFriOgNa+25JSYyeF56I56Ur3TMHEhVUPElN6o1Seio1wr2XefTiwbmIBdJXu
 oxcDkxZaP58oYFKsJeVrKunmNFVeXzlrWmtE14ViB1kcZHADZ1CRGQM2+OeRZ3K6
 E7yIA4SwT/0E8GXSaCIbKO6kT5JUpZSgnRW2v3bs6Xau2dGhgeoFDHqIK0ThM+v9
 AkvaYL/wJJeh/OIBQnLMG4ScPu/pqzosxaZEqY8J0dMt8WpsLh7mVZwNUK/9eIik
 w/0vf30K/WeXSKNy8ico52PRotjspMRvWJAwHZbppFHxLgVRTrUNivwqVsAsNYU=
 =7mkL
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/rth/tags/pull-hppa-20170206' into staging

Misc hppa fixes.

# gpg: Signature made Tue 07 Feb 2017 02:28:40 GMT
# gpg:                using RSA key 0xAD1270CC4DD0279B
# gpg: Good signature from "Richard Henderson <rth7680@gmail.com>"
# gpg:                 aka "Richard Henderson <rth@redhat.com>"
# gpg:                 aka "Richard Henderson <rth@twiddle.net>"
# Primary key fingerprint: 9CB1 8DDA F8E8 49AD 2AFC  16A4 AD12 70CC 4DD0 279B

* remotes/rth/tags/pull-hppa-20170206:
  target/hppa: Fix gdb_write_register
  target/hppa: Tidy do_cbranch
  linux-user: define correct UTS machine name for hppa
  linux-user: fix "apt-get update" on linux-user hppa
  linux-user: add hppa magic numbers in qemu-binfmt-conf.sh

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-07 14:11:52 +00:00
Daniel P. Berrange
ac7568bd3f rules: don't try to create missing include dirs
In

  commit ba78db44f6
  Author: Daniel P. Berrange <berrange@redhat.com>
  Date:   Wed Jan 25 16:14:10 2017 +0000

  make: move top level dir to end of include search path

The dir $(BUILD_DIR)/$(@D) was added to the include
path. This would sometimes point to a non-existant
directory, if the sub-dir in question did not contain
any target-independant files (eg tcg/). To deal with
this the rules.mak attempted to create the directory.

While this was succesful, it also caused accidental
creation of files in the parent of the build dir.
e.g. when building common source files into target
specific output files.

Rather than trying to workaround this, just revert
the code that attempted to mkdir the missing include
directories. Instead just turn off the compiler warning
in question as the missing dir is expected & harmless
in general.

NB: you can clean up a build directory parent that has
been filled with empty directories by commit ba78db44f6
using this GNU find command in that parent directory:
  find audio backends block chardev crypto disas fsdev hw io linux-user \
    migration nbd net qapi qom replay slirp target ui util \
    -type d -empty -delete

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Tested-by: Alberto Garcia <berto@igalia.com>
[PMM: added note about how to clean up a polluted directory]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-07 11:52:34 +00:00
Richard Henderson
6836a8fb96 target/hppa: Fix gdb_write_register
Add a missing break, detected by Coverity.

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
2017-02-06 18:25:31 -08:00
Richard Henderson
a881c8e73f target/hppa: Tidy do_cbranch
Removes some dead code detected by Covarity.

Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
2017-02-06 18:24:40 -08:00
Laurent Vivier
3d96995dec linux-user: define correct UTS machine name for hppa
the correct UTS machine name (as expected by systemd) is "parisc",
not "hppa".

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20170126080449.28255-4-laurent@vivier.eu>
Signed-off-by: Richard Henderson <rth@twiddle.net>
2017-02-06 18:24:40 -08:00
Laurent Vivier
40493c5f2b linux-user: fix "apt-get update" on linux-user hppa
apt-get was hanging on linux-user hppa.

strace has shown the netlink data stream was not correctly byte swapped.

It appears the fd translator function is unregistered just after it
has been registered, so the translator function is not called.

This patch removes the fd_trans_unregister() after the do_socket()
in the TARGET_NR_socket case.

This fd_trans_unregister() was added by commit
    e36800c linux-user: add signalfd/signalfd4 syscalls
when do_socket() was not registering any fd translator.
And as now it is, we must remove this fd_trans_unregister() to keep them.

Reported-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Tested-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Message-Id: <20170126080449.28255-3-laurent@vivier.eu>
Signed-off-by: Richard Henderson <rth@twiddle.net>
2017-02-06 18:24:39 -08:00
Laurent Vivier
e4d966cc65 linux-user: add hppa magic numbers in qemu-binfmt-conf.sh
As we have now a linux-user HPPA target, we can add it to the list of
supported targets in qemu-binfmt-conf.sh

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-Id: <20170126080449.28255-2-laurent@vivier.eu>
Signed-off-by: Richard Henderson <rth@twiddle.net>
2017-02-06 18:24:39 -08:00
Dr. David Alan Gilbert
ef8d6488d2 postcopy: Recover block devices on early failure
An early postcopy failure can be recovered from as long as we know
we haven't sent the command to run the destination.
We have to undo the bdrv_inactivate_all by calling
bdrv_invalidate_cache_all

Note that I'm not using ms->block_inactive because once we've
sent the postcopy package we dont want anything else to try
and recover the block storage on the source; the destination
might have started writing to it.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <20170202155909.31784-3-dgilbert@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2017-02-06 13:36:49 +01:00
Dr. David Alan Gilbert
328d4d8528 Postcopy: Reset state to avoid cleanup assert
On a destination host with no userfault support an incoming
postcopy would cause the state to enter ADVISE before
it realised there was no support, and because it was in ADVISE
state it would perform a cleanup at the end.  Since there
was no support the cleanup function should be unreachable,
but ends up being called and asserting.

Reset the state when we realise we have no support, thus the
cleanup doesn't happen.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <20170202155909.31784-2-dgilbert@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2017-02-06 13:36:49 +01:00
Dr. David Alan Gilbert
67980031d2 vmstate registration: check return values
Check qdev's call to vmstate_register_with_alias_id; that gets
most of the common uses; there's hundreds of calls via vmstate_register
which could get fixed over time.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Message-Id: <20170202125956.21942-4-dgilbert@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2017-02-06 13:36:49 +01:00
Dr. David Alan Gilbert
581f08bac2 migration: Check for ID length
The qdev id of a device can be huge if it's on the end of a chain
of bridges; in reality such chains shouldn't occur but they can
be made to by chaining PCIe bridges together.

The migration format has a number of 256 character long format
limits; check we don't hit them (we already use pstrcat/cpy but
that just protects us from buffer overruns, we fairly quickly
hit an assert).

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Message-Id: <20170202125956.21942-3-dgilbert@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2017-02-06 13:36:49 +01:00
Dr. David Alan Gilbert
bc5c4f2196 vmstate_register_with_alias_id: Take an Error **
I'll be adding an error to it in a subsequent patch.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Message-Id: <20170202125956.21942-2-dgilbert@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2017-02-06 13:36:49 +01:00
Juan Quintela
b4b076daf3 migration: create Migration Incoming State at init time
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <1485207141-1941-3-git-send-email-quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2017-02-06 13:36:49 +01:00
Peter Maydell
7d2c6c9551 usb: various bugfixes, mostly xhci.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJYmF1rAAoJEEy22O7T6HE4UQgP/RGWAnt4dJAk3SDzZilYexS7
 rol3cNAUuhLI/sV6syh8paFdSiD0+mDw8h0n+QLS+bgP50WmRhu4xJTHpnzWdXfV
 7EGvZI2Gnjy2XMccr5q8hfSragI8MJKgUkW/32v9nvTmA+1lnvK2t6PeSjhwD7zf
 WTsdv7mi3D5LMbCCtTCy7X0ojIHZ009nU9sroz8KEzF752j6NRLiCn7UfRjT+m24
 IHYhUX2TLU7dw+TzhnQPzFalaZMj0mGowtP517Ugw3lsXxtxsRStpKmp5Js0+d4N
 amH/PPmZmaESfrv3OKvcZ6C4VCCgXAWa88nQZt1oST5/oQbskNYR+SS/rHUL4JJ0
 Y4Ta0euwQGwCJVyFhOHJPoZM64L+3SzeQJQXNAiiYxy9427y+UZ+VA2ffHpUr3+4
 zc6x9Jc43+l0YE9eRlkwv8dr7S3xzWoMqaUJag941VRg0M6F+Ox74r9dnFC9UW+L
 JIP4wFMGnJflSQsl6KlAaGd+sUnArOcwZHIyp47TauEx4bGoUeVzTbvz8a+VZ+22
 rkMdR5JuHbw65fjxfAXgaqxmEA8+eYzyjO4CbWmBdcuZbIhrDRvUcBCTSQaxVg8T
 nrBesIsHKFTuKywHGHrpli1d9SqO9tOo9nM3voD+mpKXeTLYtJ1/2RX6487JkTob
 flY8/lupvCLEtzXH3Fyg
 =gltI
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/pull-usb-20170206-1' into staging

usb: various bugfixes, mostly xhci.

# gpg: Signature made Mon 06 Feb 2017 11:26:35 GMT
# gpg:                using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/pull-usb-20170206-1:
  xhci: fix event queue IRQ handling
  usb: ccid: check ccid apdu length
  xhci: guard xhci_kick_epctx against recursive calls
  xhci: don't kick in xhci_submit and xhci_fire_ctl_transfer
  xhci: rename xhci_complete_packet to xhci_try_complete_packet
  xhci: only free completed transfers
  usb: accept usb3 control requests
  usb/uas: more verbose error message
  hw/usb/dev-hid: Improve guest compatibility of usb-tablet

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-06 11:44:08 +00:00
Gerd Hoffmann
7da76e12cc xhci: fix event queue IRQ handling
The qemu xhci emulation doesn't handle the ERDP_EHB flag correctly.

When the host adapter queues a new event the ERDP_EHB flag is set.  The
flag is cleared (via w1c) by the guest when it updates the ERDP (event
ring dequeue pointer) register to notify the host adapter which events
it has fetched.

An IRQ must be raised in case the ERDP_EHB flag flips from clear to set.
If the flag is set already (which implies there are events queued up
which are not yet processed by the guest) xhci must *not* raise a IRQ.

Qemu got that wrong and raised an IRQ on every event, thereby generating
spurious interrupts in case we've queued events faster than the guest
processed them.  This patch fixes that.

With that change in place we also have to check ERDP updates, to see
whenever the guest has fetched all queued events.  In case there are
still pending events set ERDP_EHB and raise an IRQ again, to make sure
the events don't linger unseen forever.

The linux kernel driver and the microsoft windows driver (shipped with
win8+) can deal with the spurious interrupts without problems.  The
renesas windows driver (v2.1.39) which can be used on older windows
versions is quite upset though.  It does spurious ERDP updates now and
then (not every time, seems we must hit a race window for this to
happen), which in turn makes the qemu xhci emulation think the event
ring is full.  Things go south from here ...

tl;dr: This is the "fix xhci on win7" patch.

Cc: M.Cerveny@computer.org
Cc: 1373228@bugs.launchpad.net
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1486104705-13761-1-git-send-email-kraxel@redhat.com
2017-02-06 12:12:26 +01:00
Peter Maydell
c192325242 Allow ISA to be disabled on some platforms (v3)
This makes some cleanups that are a start on allowing ISA to be
 compiled out for platforms which don't use it.
 
 I posted this series last November, and it collected a number of R-bs
 and no apparent objections.  So, I've now rebased it (trivially) and
 am sending a pull request in the hopes of merge.  A lot of the pieces
 here don't have a clear maintainer, so I'm sending it directly to
 Peter.
 
 Notes:
   * Patch 3/3 triggers a style warning, but that's just because I'm
     moving a C++ // comment verbatim from one file to another
 
 Changes since v2:
   * Trivial rebase
 
 Changes since v1:
   * Fixed some silly compile errors in 3/3 exposed by some
     changes in other headers
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABCAAGBQJYl9NuAAoJEGw4ysog2bOScQ0P/iHg9XVMOCr6E4YLxHN0bagB
 vLRCYVkUDeucMSZ7ARyIUR/Cp8uQGtTPpukcyscX7/1nim+n/FVWnW4noDeptauk
 PjtPdOydu3Ml9lFtTGkpEUOrUrViVEWrDH0NScLECSKFdACtokfF30T2iYo1oPuG
 A6UCurn4zeS75iMsFXK+i871wiQtGFN1B/liE67SJ39K7vqHmNc7lyn/WUXtr0X0
 eQwHcFxiPDjR/pssAv1naUs6NBnbvb/iHpqUlUAhxeiBJ02DQ9qV2lb/XJaly/NZ
 SFg++ij4XDWT5aZbee9COmonUjwcKrj0W+vwAbWLOnG/HviGwDkzAGhbLgtfsIPt
 J/XZDuLUm9GSS+lW7pqmrW7G0R6zh43nxD+jJiFh2V+aqSmIxFoRAAAo8ft0y0QW
 JdclrCCfJwmYmS27xtpl6J0lQfwP7w/ta5anx6ohBwR8sma9zBz/QqC6jP+QY18h
 qLsYvVwXhCKMzNUONED5zCTm30j4Lpdcn1xwA544EyeN8NUUzgjUgvzl/wEt7P/l
 Icnd8uMjCRn9ZCxDdjIOP7QkFFwo/3QoQoOcRspNIEwBHVnuJFBLwFRIa+27txFE
 GZKqMIzgRVf7QbwR+wZwutJgIJ7xXoviHm2I8k2L0epyB1kiU+mSywg0l/3DmB5q
 IlhUpHpWEVO2oxwWwm/p
 =87oO
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/dgibson/tags/isa-cleanup-20170206' into staging

Allow ISA to be disabled on some platforms (v3)

This makes some cleanups that are a start on allowing ISA to be
compiled out for platforms which don't use it.

I posted this series last November, and it collected a number of R-bs
and no apparent objections.  So, I've now rebased it (trivially) and
am sending a pull request in the hopes of merge.  A lot of the pieces
here don't have a clear maintainer, so I'm sending it directly to
Peter.

Notes:
  * Patch 3/3 triggers a style warning, but that's just because I'm
    moving a C++ // comment verbatim from one file to another

Changes since v2:
  * Trivial rebase

Changes since v1:
  * Fixed some silly compile errors in 3/3 exposed by some
    changes in other headers

# gpg: Signature made Mon 06 Feb 2017 01:37:50 GMT
# gpg:                using RSA key 0x6C38CACA20D9B392
# gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>"
# gpg:                 aka "David Gibson (Red Hat) <dgibson@redhat.com>"
# gpg:                 aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>"
# gpg:                 aka "David Gibson (kernel.org) <dwg@kernel.org>"
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 B392

* remotes/dgibson/tags/isa-cleanup-20170206:
  Split ISA and sysbus versions of m48t59 device
  Allow ISA bus to be configured out
  Split serial-isa into its own config option

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-06 10:29:12 +00:00
Prasad J Pandit
c7dfbf3225 usb: ccid: check ccid apdu length
CCID device emulator uses Application Protocol Data Units(APDU)
to exchange command and responses to and from the host.
The length in these units couldn't be greater than 65536. Add
check to ensure the same. It'd also avoid potential integer
overflow in emulated_apdu_from_guest.

Reported-by: Li Qiang <liqiang6-s@360.cn>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-id: 20170202192228.10847-1-ppandit@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2017-02-06 10:23:18 +01:00
Gerd Hoffmann
96d87bdda3 xhci: guard xhci_kick_epctx against recursive calls
Track xhci_kick_epctx processing being active in a variable.  Check the
variable before calling xhci_kick_epctx from xhci_kick_ep.  Add an
assert to make sure we don't call recursively into xhci_kick_epctx.

Cc: 1653384@bugs.launchpad.net
Fixes: 94b037f2a4
Reported-by: Fabian Lesniak <fabian@lesniak-it.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1486035372-3621-1-git-send-email-kraxel@redhat.com
Message-id: 1485790607-31399-5-git-send-email-kraxel@redhat.com
2017-02-06 10:23:18 +01:00
Gerd Hoffmann
ddb603ab6c xhci: don't kick in xhci_submit and xhci_fire_ctl_transfer
xhci_submit and xhci_fire_ctl_transfer are is called from
xhci_kick_epctx processing loop only, so there is no need to call
xhci_kick_epctx make sure processing continues.  Also eecursive calls
into xhci_kick_epctx can cause trouble.

Drop the xhci_kick_epctx calls.

Cc: 1653384@bugs.launchpad.net
Fixes: 94b037f2a4
Reported-by: Fabian Lesniak <fabian@lesniak-it.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1485790607-31399-4-git-send-email-kraxel@redhat.com
2017-02-06 10:23:18 +01:00
Gerd Hoffmann
13e8ff7abb xhci: rename xhci_complete_packet to xhci_try_complete_packet
Make clear that this isn't guaranteed to actually complete the transfer,
the usb packet can still be in flight after calling that function.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1485790607-31399-3-git-send-email-kraxel@redhat.com
2017-02-06 10:23:17 +01:00