Commit Graph

11406 Commits

Author SHA1 Message Date
Peter Maydell
f42c5c8ec8 hw/arm/virt: Add support for Cortex-A57
Support the Cortex-A57 in the virt machine model.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1398362083-17737-4-git-send-email-peter.maydell@linaro.org
2014-05-01 15:25:52 +01:00
Peter Maydell
3078e848fa hw/arm/virt: Put GIC register banks on 64K boundaries
For an AArch64 CPU which supports 64K pages, having the GIC
register banks at 4K offsets is potentially awkward. Move
them out to being at 64K offsets. (This is harmless for
AArch32 CPUs and for AArch64 CPUs with 4K pages, so it is simpler
to use the same offsets everywhere than to try to use 64K offsets
only for AArch64 host CPUs.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1398362083-17737-3-git-send-email-peter.maydell@linaro.org
2014-05-01 15:25:52 +01:00
Peter Maydell
6420474384 hw/arm/virt: Create the GIC ourselves rather than (ab)using a15mpcore_priv
Rather than having the virt machine model create an a15mpcore_priv
device regardless of the actual CPU type in order to instantiate the GIC,
move to having the machine model create the GIC directly. This
corresponds to a system which uses a standalone GIC (eg the GIC-400)
rather than the one built in to the CPU core.

The primary motivation for this is to support the Cortex-A57,
which for a KVM configuration will use a GICv2, which is not
built into the CPU.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1398362083-17737-2-git-send-email-peter.maydell@linaro.org
2014-05-01 15:24:46 +01:00
Rabin Vincent
e3da9921eb armv7m_nvic: fix CPUID Base Register
cp15.c0_cpuid is never initialized for ARMv7-M; take the value directly
from cpu->midr instead.

Signed-off-by: Rabin Vincent <rabin@rab.in>
Message-id: 1398036308-32166-1-git-send-email-rabin@rab.in
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-05-01 15:24:44 +01:00
Gerd Hoffmann
4843877e5d hda-audio: fix non-mixer codecs
They don't advertise mixer support, but still allow the guest change
mixer settings.  Add a check to avoid it.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-04-29 10:46:29 +02:00
Peter Maydell
93156cef1c trivial patches for 2014-04-28
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 
 iQEcBAABAgAGBQJTXd9hAAoJEL7lnXSkw9fb9XUIAKRVB/RAIuaQExVDOxq1C6ml
 o9gpFbCm1rE/fDB3fxUdppMxeOy4nLaX+H/RspYCtzEF8QBWA+OXiB5sH19I2Yd5
 1eiseNXimTMIWIJNwqgXCEabxOE2ae/9kQWry7pI3F7u2cA8EZZlgUIDzO5ogREj
 bi+Fy6KDlrMCLUBxtmoAkOnDPbTdnkVxu3Uv/oBFcrNCgklpGitIM+dMcayCUJ2q
 Mp2M/jRrGsCVB+cTpEbzqPoC/l2Xv6VYAvnjQWvJM9RpitzghufVAJ9IJa1xJM83
 2F05MEIr6h+ymLB7qh8x2lrJHN14O3t50uFaXL//om9JPlPei9lHQhfpVrg0UmQ=
 =2Bsm
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mjt/tags/trivial-patches-2014-04-28' into staging

trivial patches for 2014-04-28

# gpg: Signature made Mon 28 Apr 2014 05:56:01 BST using RSA key ID A4C3D7DB
# gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>"
# gpg:                 aka "Michael Tokarev <mjt@corpit.ru>"
# gpg:                 aka "Michael Tokarev <mjt@debian.org>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6EE1 95D1 886E 8FFB 810D  4324 457C E0A0 8044 65C5
#      Subkey fingerprint: 6F67 E18E 7C91 C5B1 5514  66A7 BEE5 9D74 A4C3 D7DB

* remotes/mjt/tags/trivial-patches-2014-04-28:
  slirp/smb: Move ncalrpc directory to tmp
  po: add proper Language: tags to .po files
  po/Makefile: fix $SRC_PATH reference
  init_paths: fix minor memory leak
  virtfs-proxy-helper: fix call to accept
  net/net.c: remove unnecessary semicolon
  Add QEMU logo (SVG file)
  vl: avoid closing stdout with 'writeconfig'
  xilinx: Fix typo in comment (Marvel -> Marvell)
  vl: Eliminate a superfluous local variable
  vl: Remove useless 'continue'
  gitignore: cleanups #2
  tests/.gitignore: Ignore test-rfifolock
  move test-* from .gitignore to tests/.gitignore
  configure: Improve help behavior
  vl: convert -m to QemuOpts
  qemu-option: introduce qemu_find_opts_singleton
  misc: Use cpu_physical_memory_read and cpu_physical_memory_write

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-28 13:43:17 +01:00
Peter Maydell
13de54eedd Merge remote-tracking branch 'remotes/qmp-unstable/queue/qmp' into staging
* remotes/qmp-unstable/queue/qmp:
  monitor: fix qmp_getfd() fd leak in error case
  HMP: support specifying dump format for dump-guest-memory
  HMP: fix doc of dump-guest-memory
  qmp: object-add: Validate class before creating object
  monitor: Add device_add and device_del completion.
  monitor: Add command_completion callback to mon_cmd_t.
  monitor: Fix drive_del id argument type completion.
  error: Remove some unused headers
  qerror.h: Replace QERR_NOT_SUPPORTED with QERR_UNSUPPORTED
  qerror.h: Remove QERR defines that are only used once
  qerror.h: Remove unused error classes
  error: Print error_report() to stderr if using qmp
  monitor: Remove unused monitor_print_filename
  error: Privatize error_print_loc
  vnc: Remove default_mon usage
  slirp: Remove default_mon usage

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-28 12:56:34 +01:00
Peter Maydell
d09a18d44d Net patches
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJTWmwjAAoJEJykq7OBq3PI32kH+gMZlANje8MPlPn0rjuQC3Eb
 9dt5Oz7dbRbEbRJQHvadbKSvV0beeIdSBxVe8vD3IOyPwGQQg0LqwTnUfXadwNYD
 SGYwOXMNgKe/+o9NRAcZonRxNLoU9J+cSCfLnqXUPdhLzlPF1uuaglBBjlcrhOOE
 YQfDIEe3UcPLpehl6ALrgtiF6+ZrjDnvFnL0KZcMKomQlCnMHvBuzVJ26lQ0m+38
 JxYYc99q6qGvBleH/tHMT7jRWPdEud5rEINKAFnb/OB82YL44fbVTboDFmGVW5WI
 keWiWbs2BwpxXjOwyf7ZunmSMLWIdSVLiSja+WE0YUMiNh+DFxdO7I9YVNlYK4Q=
 =0oRs
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/stefanha/tags/net-pull-request' into staging

Net patches

# gpg: Signature made Fri 25 Apr 2014 15:07:31 BST using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"

* remotes/stefanha/tags/net-pull-request:
  net: Don't use error_is_set() to suppress additional errors
  net: Make qmp_query_rx_filter() with name argument more obvious
  net: xilinx_axienet.c: Add phy soft reset bit clearing
  net/net.c: Remove unnecessary semicolon
  pcnet: remove duplicate assignment
  tap: Avoid extra iterations while closing file fd

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-28 11:29:03 +01:00
Stefan Weil
24c12b7923 xilinx: Fix typo in comment (Marvel -> Marvell)
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-04-28 08:55:31 +04:00
Stefan Weil
eb6282f230 misc: Use cpu_physical_memory_read and cpu_physical_memory_write
These functions don't need type casts (as does cpu_physical_memory_rw)
and also make the code better readable.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-04-27 13:04:18 +04:00
Cole Robinson
f231b88db1 qerror.h: Remove QERR defines that are only used once
Just hardcode them in the callers

Cc: Luiz Capitulino <lcapitulino@redhat.com>
Cc: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-04-25 09:19:59 -04:00
Nathan Rossi
f663faac3e net: xilinx_axienet.c: Add phy soft reset bit clearing
Clear the BMCR Reset when writing to registers.

Signed-off-by: Nathan Rossi <nathan.rossi@xilinx.com>
[ PC:
 * Trivial style fixes to commit message
]
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Beniamino Galvani <b.galvani@gmail.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-04-25 13:40:10 +02:00
Prasad Joshi
16cf0b2b34 pcnet: remove duplicate assignment
Signed-off-by: Prasad Joshi <prasadjoshi.linux@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-04-25 13:40:03 +02:00
Peter Maydell
7931b05987 Block patches
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJTV4+1AAoJEH8JsnLIjy/Wx+wP+gJfhqxu8VJghro3YD1idhre
 iGBlKRWkkNqQmKNRV7coN2qb9rAEtHOPTkdlbYFSCd+mg/1vhZVS79wLa4jpwCMJ
 sfP4pmeJRj4XT2/3aFGuI3cLPMpZHD+lXMsldt+0f/tcmcF5LUHas+ss6grk52fb
 /u4WKPxl+BRc1zXRFXYTBVZyX2x2RaS0gUL0HTzXd9cXY76eXDyONKXsGUREgHE3
 O+paV6b4m8Hfnvahce5lM1Gz6wXUXk7JM9ZiQdZXqTe0Cnz9bjfhuMNTPlNlzWio
 TAnjBBEM2yLgwT9oPt6liMviPeb1NdY0m+SIhu+yrSqnxUto5AfMt3JawV8njP42
 TemQv4uGHUu60rSFb7MaPXkzzR3XoTMEAy2U2jXLeXgAfAfqdUhE3gcHwSDU6ctv
 Oxh7eWVoWzxJ92cUe88XMCv+KlQFZteF3WHYQZmPCRXJ8fb21W/ZQXtui0+sJArq
 /qjpOiOHk3F+geId3OLWcwHDLUV6GUfR2bLvS8ayQdRIVq2orltJqICnoAiRq4cM
 IwWxrZRlhPaLhnryeGeNS7AkmK0JopIBYTa+3CL7yUBFP8ziPDiQC6qS82dIsXGF
 5emPJux1Wg7qcZ56J21LydnsXjpzAOw9HxQzOBRWpgh8Ougd5NyxVer3UsZx9NAH
 2Dpu2uTqXJsLJq0KAPLZ
 =iitJ
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Block patches

# gpg: Signature made Wed 23 Apr 2014 11:02:29 BST using RSA key ID C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"

* remotes/kevin/tags/for-upstream:
  block/cloop: use PRIu32 format specifier for uint32_t
  vmdk: Fix "%x" to PRIx32 in format strings for cid
  qemu-img: Improve error messages
  qemu-iotests: Check common namespace for id and node-name
  block: Catch duplicate IDs in bdrv_new()
  qemu-img: Avoid duplicate block device IDs
  block: Add errp to bdrv_new()
  convert fprintf() calls to error_setg() in block/qed.c:bdrv_qed_create()
  block: Remove -errno return value from bdrv_assign_node_name
  curl: Replaced old error handling with error reporting API.
  block: Handle error of bdrv_getlength in bdrv_create_dirty_bitmap
  vmdk: Fix %d and %lld to PRI* in format strings
  block: Check bdrv_getlength() return value in bdrv_make_zero()
  block: Catch integer overflow in bdrv_rw_co()
  block: Limit size to INT_MAX in bdrv_check_byte_request()
  block: Fix nb_sectors check in bdrv_check_byte_request()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-25 12:22:37 +01:00
Peter Maydell
0e96643c98 usb: mtp filesharing
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJTV3m1AAoJEEy22O7T6HE49N4P+QFtqY3HOWbxguzALuRMAnhB
 yZyujJOdC4N5W41kHrC7cG3rK5gLeQ24BcYVJOimreDtD1QRFyz5yC6Rb/FTT9+M
 4ldEO0WwD4bfewej4ax3ptopMGmpin/RgTslYyhq3QKAHICGcjtb9l5CV/ozHuyR
 ZgB7LaZBk49a5RL7QYd9EwcIH3X+5GtnPnDI1qG8IK6/ivvOGYVmPo9fdE5hm0YL
 Y2YO2nnIwgHCPiqlY1YGPwhiwhqiCWlQoumRvidSKDNgWCu2uraAERajgrcmUYBc
 oB8JHW+KTZJ/4JyO2okFVSpq+sSsSCnFlTvIDK6zSdvA4CPuNiFKhoqSkW/2Ioc5
 GZJ5/DLOor1kzcPbEDiBvosiNtUCWNyI1/UnzFnyc5XJyrfZ0INhR6w1++3N62nT
 w6InjD+BgdpXP+BHtWqnypEwKGXCfXeC8CUD5iUwYyj5mbg+FrTVXCGePk8x8UXP
 zn12MkM8Awh+Dm/EoVnmGKdt+rbT1qUu3cB+DSyuFNfFUT7FrwVvfmwOYv1FfJ2h
 I34jHw6r+GvV4awAdzNibT24/vQw+82iOPOzzo8RZpL65OEne/v+mrsyXl5GDiGG
 rW4TwO+2R717PpD5cmji/DO1BtkgmjjP/nkzHbnvPPq4S46PpinzDEICQ3WputeB
 oP8VESG0/3os3cIeCoB2
 =KDFB
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/pull-usb-5' into staging

usb: mtp filesharing

# gpg: Signature made Wed 23 Apr 2014 09:28:37 BST using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-usb-5:
  usb: mtp filesharing
  usb: add CompatibleID support to msos

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-24 16:16:57 +01:00
Gerd Hoffmann
840a178c94 usb: mtp filesharing
Implementation of a USB Media Transfer Device device for easy
filesharing.  Read-only.  No access control inside qemu, it will
happily export any file it is able to open to the guest, i.e.
standard unix access rights for the qemu process apply.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-04-23 10:28:14 +02:00
Gerd Hoffmann
409951f552 usb: add CompatibleID support to msos
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-04-22 12:40:57 +02:00
Kevin Wolf
98522f63f4 block: Add errp to bdrv_new()
This patch adds an errp parameter to bdrv_new() and updates all its
callers. The next patches will make use of this in order to check for
duplicate IDs. Most of the callers know that their ID is fine, so they
can simply assert that there is no error.

Behaviour doesn't change with this patch yet as bdrv_new() doesn't
actually assign errors to errp.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2014-04-22 12:00:20 +02:00
Stefan Weil
b36dc67b95 Fix grammar in comment
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-04-18 10:33:36 +04:00
Peter Maydell
ee25595f01 hw/ide/ahci.c: Avoid shift left into sign bit
Add U suffix to avoid shifting left into the sign bit, which
is undefined behaviour.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-04-18 10:33:36 +04:00
Peter Crosthwaite
5538937368 net: cadence_gem: Make phy respond to broadcast
Phys must respond to address 0 by specification. Implement.

Signed-off-by: Nathan Rossi <nathan.rossi@xilinx.com>
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 6f4d53b04ddbfb19895bfb61a595e69f1c08859a.1396594056.git.peter.crosthwaite@xilinx.com
Reviewed-by: Beniamino Galvani <b.galvani@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-17 21:34:07 +01:00
Peter Crosthwaite
6954a1cd97 misc: zynq_slcr: Make DB_PRINTs always compile
Change the DB_PRINT macro over to a regular if() rather than
conditional compilation to give constant compile testing of formats.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 942477847353c5cff5f45a228cc88c633dc012f3.1396503037.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-17 21:34:07 +01:00
Peter Crosthwaite
15e3611e1c misc: zynq_slcr: Convert SBD::init to object init
To bring it up to date with styling guidelines.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 2e837af80a18216c21e73241032e048f39d78b99.1396503037.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-17 21:34:07 +01:00
Peter Crosthwaite
db302f8f93 misc: zynq-slcr: Rewrite
Near total rewrite of this device model. It is stylistically
obsolete, has numerous coverity fails and is not up to date with latest
Xilinx documentation. Fix.

The registers are flattened into a single array. This greatly simplifies
the MMIO accessor functions.

We take the oppurtunity to update the register Macro definitions to
match the latest TRM. Xilinx has de-documented some regs hence there are
some straight deletions. We only do this however in the case or a stock
read-as-written reset-zero register. Non-zero resets are always
preserved. New register definitions are added as needed.

This all comes with a VMSD version break as the union layout from before
was a bit strange and we are better off without it.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 3aa016167b352ed224666909217137285fd3351d.1396503037.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-17 21:34:06 +01:00
Beniamino Galvani
6619bc5c55 allwinner-emac: update irq status after writes to interrupt registers
The irq line status must be updated after writes to the INT_CTL and
INT_STA registers.

Signed-off-by: Beniamino Galvani <b.galvani@gmail.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 1395771730-16882-8-git-send-email-b.galvani@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-17 21:34:06 +01:00
Beniamino Galvani
103db49a10 allwinner-emac: set autonegotiation complete bit on link up
Signed-off-by: Beniamino Galvani <b.galvani@gmail.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 1395771730-16882-7-git-send-email-b.galvani@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-17 21:34:06 +01:00
Beniamino Galvani
286226a479 allwinner-a10-pit: implement prescaler and source selection
This implements the prescaler and source fields of the timer control
register. The source for each timer can be selected among 4 clock
inputs whose frequencies are set through model properties.

Signed-off-by: Beniamino Galvani <b.galvani@gmail.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 1395771730-16882-6-git-send-email-b.galvani@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-17 21:34:06 +01:00
Beniamino Galvani
a63f9f85e3 allwinner-a10-pit: use level triggered interrupts
Convert the interrupt generation logic to the use of level triggered
interrupts.

Signed-off-by: Beniamino Galvani <b.galvani@gmail.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 1395771730-16882-5-git-send-email-b.galvani@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-17 21:34:06 +01:00
Beniamino Galvani
323a8771cf allwinner-a10-pit: avoid generation of spurious interrupts
The model was generating interrupts for all enabled timers after the
expiration of one of them. Avoid this by passing explicitly the timer
index to the callback function.

Signed-off-by: Beniamino Galvani <b.galvani@gmail.com>
Reviewed-by: Li Guang <lig.fnst@cn.fujitsu.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 1395771730-16882-4-git-send-email-b.galvani@gmail.com
[PMM: avoid duplicate typedef of AwA10PITState]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-17 21:34:06 +01:00
Beniamino Galvani
2237094d96 allwinner-a10-pic: fix behaviour of pending register
The pending register is read-only and the value returned upon a read
reflects the state of irq input pins (interrupts are level triggered).
This patch implements such behaviour.

Signed-off-by: Beniamino Galvani <b.galvani@gmail.com>
Reviewed-by: Li Guang <lig.fnst@cn.fujitsu.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 1395771730-16882-3-git-send-email-b.galvani@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-17 21:34:06 +01:00
Beniamino Galvani
1c70aa6264 allwinner-a10-pic: set vector address when an interrupt is pending
This patch implements proper updating of the vector register which
should hold, according to the A10 user manual, the vector address for
the interrupt currently active on the CPU IRQ input.

Interrupt priority is not implemented at the moment and thus the first
pending interrupt is returned.

Signed-off-by: Beniamino Galvani <b.galvani@gmail.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Li Guang <lig.fnst@cn.fujitsu.com>
Message-id: 1395771730-16882-2-git-send-email-b.galvani@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-17 21:34:06 +01:00
Peter Crosthwaite
f727d0e621 timer: cadence_ttc: Fix match register write logic
This switch logic should not fall through. Fix.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 74147b4c017c904364955cc73107f90e6ac8ba74.1396326389.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-17 21:34:06 +01:00
Peter Maydell
c2b9af1d6c acpi: SSDT update
This has a fix by Igor for a regression introduced by
 bridge hotplug code.
 Expected test files were updated accordingly.
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJTS9DvAAoJECgfDbjSjVRpxjIIAKOq7tKTpajRu4CkKKjCe5ya
 z+xn71gdvw2jvrdC1oL772awIi2Krhbh8763RhrVMvTSrcOFY9oXM96iKGNpRNCH
 e5lrFwOl8mVEJIg2KH9fhk5IirRBMrvH4IBggA6raarlH770VqKvBaLKSeWc4/tX
 PS3Z6s1Mn8cw2wLKReKK6wHSMBpw2oF+7aazxjrRRFFXA3szA/z8XCRuj8ekOCBF
 5ONrDT8LemuEGddf0j5w2N0HF6h5zR0/7rbKxmtzMDMDpQMW1lc3cRfWE5WHxxmi
 /ni1fReaTuVXngBaENxsqGmTdbzCyLzOxJic3h2JzixypgqYHjBuJEySjgaen/8=
 =FXqG
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

acpi: SSDT update

This has a fix by Igor for a regression introduced by
bridge hotplug code.
Expected test files were updated accordingly.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Mon 14 Apr 2014 13:13:35 BST using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"

* remotes/mst/tags/for_upstream:
  acpi-test: update expected files
  acpi: fix incorrect encoding for 0x{F-1}FFFF

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-14 14:02:12 +01:00
Benoît Canet
940973ae0b ide: Correct improper smart self test counter reset in ide core.
The SMART self test counter was incorrectly being reset to zero,
not 1. This had the effect that on every 21st SMART EXECUTE OFFLINE:
 * We would write off the beginning of a dynamically allocated buffer
 * We forgot the SMART history
Fix this.

Signed-off-by: Benoit Canet <benoit@irqsave.net>
Message-id: 1397336390-24664-1-git-send-email-benoit.canet@irqsave.net
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Cc: qemu-stable@nongnu.org
Acked-by: Kevin Wolf <kwolf@redhat.com>
[PMM: tweaked commit message as per suggestions from Markus]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-14 13:23:53 +01:00
Igor Mammedov
482f38b948 acpi: fix incorrect encoding for 0x{F-1}FFFF
Fix typo in build_append_int() which causes integer
truncation when it's in range 0x{F-1}FFFF by packing it
as WordConst instead of required DWordConst.

In partucular this fixes a regression: hotplug in slots 16,17,18 and 19
didn't work, since SSDT had code like this:

                If (And (Arg0, 0x0000))
                {
                    Notify (S80, Arg1)
                }

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
2014-04-14 15:13:27 +03:00
Dmitry Fleytman
f12d048a52 vmxnet3: validate queues configuration read on migration
CVE-2013-4544

Signed-off-by: Dmitry Fleytman <dmitry@daynix.com>
Reported-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-id: 1396604722-11902-5-git-send-email-dmitry@daynix.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-14 11:50:56 +01:00
Dmitry Fleytman
3c99afc779 vmxnet3: validate interrupt indices read on migration
CVE-2013-4544

Signed-off-by: Dmitry Fleytman <dmitry@daynix.com>
Reported-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-id: 1396604722-11902-4-git-send-email-dmitry@daynix.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-14 11:50:49 +01:00
Dmitry Fleytman
9878d173f5 vmxnet3: validate queues configuration coming from guest
CVE-2013-4544

Signed-off-by: Dmitry Fleytman <dmitry@daynix.com>
Reported-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-id: 1396604722-11902-3-git-send-email-dmitry@daynix.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-14 11:50:22 +01:00
Dmitry Fleytman
8c6c047899 vmxnet3: validate interrupt indices coming from guest
CVE-2013-4544

Signed-off-by: Dmitry Fleytman <dmitry@daynix.com>
Reported-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-id: 1396604722-11902-2-git-send-email-dmitry@daynix.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-14 11:33:18 +01:00
Michael S. Tsirkin
edc2438512 virtio-net: fix guest-triggerable buffer overrun
When VM guest programs multicast addresses for
a virtio net card, it supplies a 32 bit
entries counter for the number of addresses.
These addresses are read into tail portion of
a fixed macs array which has size MAC_TABLE_ENTRIES,
at offset equal to in_use.

To avoid overflow of this array by guest, qemu attempts
to test the size as follows:
-    if (in_use + mac_data.entries <= MAC_TABLE_ENTRIES) {

however, as mac_data.entries is uint32_t, this sum
can overflow, e.g. if in_use is 1 and mac_data.entries
is 0xffffffff then in_use + mac_data.entries will be 0.

Qemu will then read guest supplied buffer into this
memory, overflowing buffer on heap.

CVE-2014-0150

Cc: qemu-stable@nongnu.org
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 1397218574-25058-1-git-send-email-mst@redhat.com
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-11 16:02:23 +01:00
Michael S. Tsirkin
775478418a acpi: update generated hex files
commit f2ccc311df
    dsdt: tweak ACPI ID for hotplug resource device
changes the DSDT, update hex files to match

Otherwise the fix is only effective if QEMU is built
with iasl.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-04-10 19:03:18 +03:00
Peter Maydell
7dc176bce4 hw/pci-host/prep: Don't reverse IO accesses on bigendian hosts
The raven_io_read() and raven_io_write() functions pass and
return values in little-endian format (since the IO op struct
is marked DEVICE_LITTLE_ENDIAN); however they were storing the
values in the buffer to pass to address_space_read/write()
in host-endian order, which meant that on big-endian hosts
the values were inadvertently reversed. Use the *_le_p()
accessors instead so that we are consistent regardless of
host endianness.

Strictly speaking the byte order of the buffer for
address_space_rw() is target byte order (which for PPC
will be BE) but it doesn't actually matter as long as we
are consistent about the marking on the IO op struct and
which stl_*_p().

This bug was probably introduced due to confusion caused by
the two different versions of ldl_p() and friends:
 bswap.h defines versions meaning "host endianness access"
 cpu-all.h defines versions meaning "target endianness access"
As a target-independent source file prep.c gets the bswap.h
versions; the very similar looking code in ioport.c is
compiled per-target and gets the cpu-all.h versions.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1396972271-22660-1-git-send-email-peter.maydell@linaro.org
Reviewed-by: Richard Henderson <rth@twiddle.net>
2014-04-08 18:37:45 +01:00
Peter Maydell
9bc1a1d817 acpi bug fix
Here is a single last minute fix for 2.0
 
 This changes the HID of the container used to claim
 resources for CPU hotplug.
 As a result, windows XP SP3 no longer brings up
 an annoying "found new hardware" wizard on boot.
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJTQ+pCAAoJECgfDbjSjVRpEM0H/24/MYnycc4XLJnhaByc9Tlp
 ftcshToM34f+RxXm/hMLq/at/7Bu1S/rDXJEfm8WZ6Fm6Lr1DA9xQPuhIfEj3xqF
 aVz98GQhT6cAN2PzlkAhdR4vpb3qTLIS1rSeS92z0bRgsZyLW4kO1aGEpxr4/vYu
 VoSVl11ShdHQZodm0ukXLgAlgQPNMpwY1sIa/rYNzL+tnjN9UqqwazmL9t2SkZJc
 OlwuLfV5KA1RfVHeZNYCJWExPAmBGbPBt4Pw04f0D0hhkLem9Oiv1bQnbsiLO7jq
 RscOW4GjA5CZEHeuTZSdmHBTMjejMsrLWvmoxjzzut8l33aXHEKJtwBpN+JihGs=
 =Zm7h
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

acpi bug fix

Here is a single last minute fix for 2.0

This changes the HID of the container used to claim
resources for CPU hotplug.
As a result, windows XP SP3 no longer brings up
an annoying "found new hardware" wizard on boot.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Tue 08 Apr 2014 13:23:30 BST using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"

* remotes/mst/tags/for_upstream:
  dsdt: tweak ACPI ID for hotplug resource device

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-08 13:59:28 +01:00
Michael S. Tsirkin
f2ccc311df dsdt: tweak ACPI ID for hotplug resource device
ACPI0004 seems too new:
Windows XP complains about an unrecognized device.
This is a regression since 1.7.
Use PNP0A06 instead - Generic Container Device.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-By: Igor Mammedov <imammedo@redhat.com>
2014-04-08 15:22:59 +03:00
Alexander Graf
6a2b3d89fa ppce500_spin: Initialize struct properly
The spinning struct is in guest endianness, so we need to initialize
its variables in guest endianness too.

This fixes booting e500 guests with SMP on x86 for me.

Signed-off-by: Alexander Graf <agraf@suse.de>
2014-04-08 11:20:05 +02:00
Alexander Graf
e81a982aa5 PPC: Clean up DECR implementation
There are 3 different variants of the decrementor for BookE and BookS.

The BookE variant sets TSR[DIS] to 1 when the DEC value becomes 1 or 0. TSR[DIS]
is then the indicator whether the decrementor interrupt line is asserted or not.

The old BookS variant treats DEC as an edge interrupt that gets triggered when
the DEC value's top bit turns 1 from 0.

The new BookS variant maintains the assertion bit inside DEC itself. Whenever
the DEC value becomes negative (top bit set) the DEC interrupt line is asserted.

So far we implemented mostly the old BookS variant. Let's do them all properly.

This fixes booting pseries ppc64 guest images in TCG mode for me.

Signed-off-by: Alexander Graf <agraf@suse.de>
2014-04-08 11:20:04 +02:00
Alexander Graf
6a450df9b8 PPC: E500: Set PIR default reset value rather than SPR value
We now reset SPRs to their reset values on CPU reset. So if we want
to have an SPR persistently changed, we need to change its default
reset value rather than the value itself manually.

Do this for SPR_BOOKE_PIR, fixing e500v2 SMP boot.

Reported-by: Frederic Konrad <fred.konrad@greensocs.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Tested-by: KONRAD Frederic <fred.konrad@greensocs.com>
2014-04-08 11:19:59 +02:00
Peter Maydell
55519a4b24 QOM/QTest infrastructure fixes
* Relicensing of FWPathProvider interface
 * Clean up all targets' qtests
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJTQtitAAoJEPou0S0+fgE/YgAP/iQSMEu+Y/fIhtBOgIjuP/Qr
 6NxNkiwIhT8T2eZmFBQ3qsuo3IrBFOmD2kXuQcywAhtvlfjcb36OF11dwPYRt/vy
 dqJge7s9CighNI34YHLpNbnu4XfqrwiMw8qwIEziNQ5GeBhM8azFwamcOAoiV3uw
 KzyclrJOj8Mvmx2Zd7nMhY8KLbEaZUsqm5ycFaPOhTTtSw4tHLsBRblwz5cBZUe7
 YaM3Da0j6qn0pYai98oG4b0TzMgn4ZH0PH0Rv9QyG66TH65PbwLNbrbHOb1ZQx40
 Eemirlm7um4rPFFayW/WKl/iyGHjKgyflm/2LvuV6pUCny+vU/qOp5eKLzuLqp7w
 S5OhLWxlwPXjFwTJUmG0+QYWlWbZJuh6S4/0K7+6vIHDuJtoIrpMkEqlc+KW3825
 vBNpBtybwOK+mDezzXIylF+sEYV37tWH3+3tagG/CEaFFj150xxyDQRpFhiurIpX
 JsqOKciWK4xW60y2lhQ4s5i4t3POsE+OChuzasqZm3vExNNee1QNLcWdFUOlJiqd
 pD8YBd6FoJhLewZMOo/0hiPa39o7NAVllDS2HloUVIy86LmBePgaTt5Eqn2dD03L
 so4rAkW+kMRqO8MwIE+pQeKLl1Iab0/UojcPI4EQr9cbJkNNaVVcmWpKjVO2CbI7
 FM7PqgvCf8+F1iwmDZMU
 =1t/E
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/afaerber/tags/qom-devices-for-2.0' into staging

QOM/QTest infrastructure fixes

* Relicensing of FWPathProvider interface
* Clean up all targets' qtests

# gpg: Signature made Mon 07 Apr 2014 17:56:13 BST using RSA key ID 3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg:                 aka "Andreas Färber <afaerber@suse.com>"

* remotes/afaerber/tags/qom-devices-for-2.0:
  tests: Update check-clean rule
  fw-path-provider: Change GPL version to 2+

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-07 17:57:23 +01:00
Don Slutz
dffacd4654 char/serial: Fix emptyness handling
The commit 88c1ee73d3
char/serial: Fix emptyness check

Still causes extra NULL byte(s) to be sent.

So if the fifo is empty, do not send an extra NULL byte.

Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Don Slutz <dslutz@verizon.com>
Message-id: 1395160174-16006-1-git-send-email-dslutz@verizon.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-04-07 14:51:32 +01:00
Alexey Kardashevskiy
20c50a955f fw-path-provider: Change GPL version to 2+
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-04-07 15:36:07 +02:00