In some cases, a direct branch will be in range.
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Some guest env are small enough to reach the tlb with only a 12-bit addition.
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Combines 4 other inline functions and tidies the prologue.
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
It's obviously call-clobbered, but is otherwise unused.
Repurpose it as the TCG temporary.
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
A compare and branch against zero happens at the start of
every single TB.
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Rearrange code to put the compare and branch in the same place.
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
The subset of logical immediates that we support is quite quick to test,
and such constants are quite common to want to load.
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
When profitable, initialize the register with MOVN instead of MOVZ,
before setting the remaining lanes with MOVK.
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Rather than raw constants that could mean anything.
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Since the kernel doesn't pass any info on the reason for the fault,
disassemble the instruction to detect a store.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
This reverts commit b533f658a9.
The original code was wrong, because effectively it ignored errors
from kernel, because kernel does not return -1 on error case but
returns -errno, and does not return -EPERM for this particular ioctl.
But in some cases kernel actually returned unsuccessful result,
namely, when the dirty bitmap in requested slot does not exist
it returns -ENOENT. With new code this condition becomes an
error when it shouldn't be.
Revert that patch instead of fixing it properly this late in the
release process. I disagree with this approach, but let's make
things move _somewhere_, instead of arguing endlessly whch of
the 2 proposed fixes is better.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Message-id: 1397477644-902-1-git-send-email-mjt@msgid.tls.msk.ru
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This has a fix by Igor for a regression introduced by
bridge hotplug code.
Expected test files were updated accordingly.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJTS9DvAAoJECgfDbjSjVRpxjIIAKOq7tKTpajRu4CkKKjCe5ya
z+xn71gdvw2jvrdC1oL772awIi2Krhbh8763RhrVMvTSrcOFY9oXM96iKGNpRNCH
e5lrFwOl8mVEJIg2KH9fhk5IirRBMrvH4IBggA6raarlH770VqKvBaLKSeWc4/tX
PS3Z6s1Mn8cw2wLKReKK6wHSMBpw2oF+7aazxjrRRFFXA3szA/z8XCRuj8ekOCBF
5ONrDT8LemuEGddf0j5w2N0HF6h5zR0/7rbKxmtzMDMDpQMW1lc3cRfWE5WHxxmi
/ni1fReaTuVXngBaENxsqGmTdbzCyLzOxJic3h2JzixypgqYHjBuJEySjgaen/8=
=FXqG
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
acpi: SSDT update
This has a fix by Igor for a regression introduced by
bridge hotplug code.
Expected test files were updated accordingly.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Mon 14 Apr 2014 13:13:35 BST using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
* remotes/mst/tags/for_upstream:
acpi-test: update expected files
acpi: fix incorrect encoding for 0x{F-1}FFFF
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The SMART self test counter was incorrectly being reset to zero,
not 1. This had the effect that on every 21st SMART EXECUTE OFFLINE:
* We would write off the beginning of a dynamically allocated buffer
* We forgot the SMART history
Fix this.
Signed-off-by: Benoit Canet <benoit@irqsave.net>
Message-id: 1397336390-24664-1-git-send-email-benoit.canet@irqsave.net
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Cc: qemu-stable@nongnu.org
Acked-by: Kevin Wolf <kwolf@redhat.com>
[PMM: tweaked commit message as per suggestions from Markus]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
commit 58b035c7354afc0c5351ea62264c01d74196ec26
acpi: fix incorrect encoding for 0x{F-1}FFFF
changes the SSDT, update expected files accordingly.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Fix typo in build_append_int() which causes integer
truncation when it's in range 0x{F-1}FFFF by packing it
as WordConst instead of required DWordConst.
In partucular this fixes a regression: hotplug in slots 16,17,18 and 19
didn't work, since SSDT had code like this:
If (And (Arg0, 0x0000))
{
Notify (S80, Arg1)
}
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Since we use the -fstack-protector argument at both compile and
link time in the build, we must check that it works with both
a compile and a link:
* MacOSX only fails in the compile step, not linking
* some gcc cross environments only fail at the link stage (if they
require a libssp and it's not present for some reason)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1397232832-32301-1-git-send-email-peter.maydell@linaro.org
Tested-by: Alexey Kardashevskiy <aik@ozlabs.ru>
CVE-2013-4544
Signed-off-by: Dmitry Fleytman <dmitry@daynix.com>
Reported-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-id: 1396604722-11902-5-git-send-email-dmitry@daynix.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
CVE-2013-4544
Signed-off-by: Dmitry Fleytman <dmitry@daynix.com>
Reported-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-id: 1396604722-11902-4-git-send-email-dmitry@daynix.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
CVE-2013-4544
Signed-off-by: Dmitry Fleytman <dmitry@daynix.com>
Reported-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-id: 1396604722-11902-3-git-send-email-dmitry@daynix.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
CVE-2013-4544
Signed-off-by: Dmitry Fleytman <dmitry@daynix.com>
Reported-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-id: 1396604722-11902-2-git-send-email-dmitry@daynix.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit 9561fda8d9 changed the type of
'opaque' for link properties, but missed updating this call site.
Reproducer:
./x86_64-softmmu/qemu-system-x86_64 -qmp unix:./qmp.sock,server &
./scripts/qmp/qmp-shell ./qmp.sock
(QEMU) qom-list path=//machine/i440fx/pci.0/child[2]
Reported-by: Marcin Gibuła <m.gibula@beyond.pl>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Message-id: 2f8f007ce2152ac3b65f0811199662799c509225.1397155389.git.crobinso@redhat.com
Acked-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
When VM guest programs multicast addresses for
a virtio net card, it supplies a 32 bit
entries counter for the number of addresses.
These addresses are read into tail portion of
a fixed macs array which has size MAC_TABLE_ENTRIES,
at offset equal to in_use.
To avoid overflow of this array by guest, qemu attempts
to test the size as follows:
- if (in_use + mac_data.entries <= MAC_TABLE_ENTRIES) {
however, as mac_data.entries is uint32_t, this sum
can overflow, e.g. if in_use is 1 and mac_data.entries
is 0xffffffff then in_use + mac_data.entries will be 0.
Qemu will then read guest supplied buffer into this
memory, overflowing buffer on heap.
CVE-2014-0150
Cc: qemu-stable@nongnu.org
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 1397218574-25058-1-git-send-email-mst@redhat.com
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
As speed is an optional parameter for the QMP block-commit command, it
should be set to 0 if not given (as it is undefined if has_speed is
false), that is, the speed should not be limited.
Cc: qemu-stable@nongnu.org
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The old check was off by a factor of 512 and didn't consider cases where
we don't get an exact division. This could lead to an out-of-bounds
array access in seek_to_sector().
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Right now relative mode accelerates too fast, and has the 'invisible wall'
problem. SDL2 added an explicit API to handle this use case, so let's use
it.
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Unbreaks relative mouse mode with sdl2, just like was done with sdl.c
in c3aa84b6.
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Two fixes here:
- Test fix to avoid warning with make check.
- Hex file update so people building QEMU
without installing iasl get exactly the same ACPI
as with.
Both should help avoid user confusion.
As it's very easy to check that the produced ACPI
binary didn't change, I think these are very low risk.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJTRsJHAAoJECgfDbjSjVRpt/kIAKHgP38TOkPLCNtC2puhXcJR
tN6AzKYh5eZ4v+PK6mZfsryicoHMnKo9yzukCPkjDbZfiv0Iho6aJC/WmKR81whd
yr06VDxxEhPUMsCRZpC3970rCTM/9iUnTk2KJOgv+P63/vxIiuRzLT3VyHnIuWou
bkzJ459mQ33O3ZzkASKQfHD1agHN1z3SaPQRDuQRtx43FZYxc7ojRs52bl0oqc7m
oTmoM1LISVmVsdh6uN7A5sRjpvjTb/cZTT2G4qHnxETNooRGaHNh/HWj9iqQOKiA
xBoJJL7ePGbH3FmPGUE1tiUgx8Qu9Lr/qePfMcibzumbf8h8pG3Bqt0NDIBh/xY=
=TQ9N
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
acpi: DSDT update
Two fixes here:
- Test fix to avoid warning with make check.
- Hex file update so people building QEMU
without installing iasl get exactly the same ACPI
as with.
Both should help avoid user confusion.
As it's very easy to check that the produced ACPI
binary didn't change, I think these are very low risk.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Thu 10 Apr 2014 17:09:43 BST using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
* remotes/mst/tags/for_upstream:
acpi: update generated hex files
tests/acpi: update expected DSDT files
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
MacOSX clang silently swallows unrecognized -f options when doing a link
with '-framework' also on the command line, so to detect support for
the various -fstack-protector options we must do a plain .c to .o compile,
not a complete compile-and-link.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 1397041487-28477-1-git-send-email-peter.maydell@linaro.org
commit f2ccc311df
dsdt: tweak ACPI ID for hotplug resource device
changes the DSDT, update hex files to match
Otherwise the fix is only effective if QEMU is built
with iasl.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
commit f2ccc311df
dsdt: tweak ACPI ID for hotplug resource device
changes the DSDT, update test expected files to match
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reported-by: Igor Mammedov <imammedo@redhat.com>
The raven_io_read() and raven_io_write() functions pass and
return values in little-endian format (since the IO op struct
is marked DEVICE_LITTLE_ENDIAN); however they were storing the
values in the buffer to pass to address_space_read/write()
in host-endian order, which meant that on big-endian hosts
the values were inadvertently reversed. Use the *_le_p()
accessors instead so that we are consistent regardless of
host endianness.
Strictly speaking the byte order of the buffer for
address_space_rw() is target byte order (which for PPC
will be BE) but it doesn't actually matter as long as we
are consistent about the marking on the IO op struct and
which stl_*_p().
This bug was probably introduced due to confusion caused by
the two different versions of ldl_p() and friends:
bswap.h defines versions meaning "host endianness access"
cpu-all.h defines versions meaning "target endianness access"
As a target-independent source file prep.c gets the bswap.h
versions; the very similar looking code in ioport.c is
compiled per-target and gets the cpu-all.h versions.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1396972271-22660-1-git-send-email-peter.maydell@linaro.org
Reviewed-by: Richard Henderson <rth@twiddle.net>
Here is a single last minute fix for 2.0
This changes the HID of the container used to claim
resources for CPU hotplug.
As a result, windows XP SP3 no longer brings up
an annoying "found new hardware" wizard on boot.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJTQ+pCAAoJECgfDbjSjVRpEM0H/24/MYnycc4XLJnhaByc9Tlp
ftcshToM34f+RxXm/hMLq/at/7Bu1S/rDXJEfm8WZ6Fm6Lr1DA9xQPuhIfEj3xqF
aVz98GQhT6cAN2PzlkAhdR4vpb3qTLIS1rSeS92z0bRgsZyLW4kO1aGEpxr4/vYu
VoSVl11ShdHQZodm0ukXLgAlgQPNMpwY1sIa/rYNzL+tnjN9UqqwazmL9t2SkZJc
OlwuLfV5KA1RfVHeZNYCJWExPAmBGbPBt4Pw04f0D0hhkLem9Oiv1bQnbsiLO7jq
RscOW4GjA5CZEHeuTZSdmHBTMjejMsrLWvmoxjzzut8l33aXHEKJtwBpN+JihGs=
=Zm7h
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
acpi bug fix
Here is a single last minute fix for 2.0
This changes the HID of the container used to claim
resources for CPU hotplug.
As a result, windows XP SP3 no longer brings up
an annoying "found new hardware" wizard on boot.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Tue 08 Apr 2014 13:23:30 BST using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
* remotes/mst/tags/for_upstream:
dsdt: tweak ACPI ID for hotplug resource device
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
ACPI0004 seems too new:
Windows XP complains about an unrecognized device.
This is a regression since 1.7.
Use PNP0A06 instead - Generic Container Device.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-By: Igor Mammedov <imammedo@redhat.com>
This patch changes the behavior in the relative mode to be compatible
with other UIs, namely, grabbing the input at the first left click.
It improves the usability a lot; otherwise you have to press ctl-alt-G
or select from menu at each time you want to move the pointer. Also,
the input grab is cleared when the current mode is switched to the
absolute mode.
The automatic reset of the implicit grabbing is needed since the
switching to the absolute mode happens always after the click even on
Gtk. That is, we cannot check whether the absolute mode is already
available at the first click time even though it should have been
switched in X11 input driver side.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This is the final queue for 2.0! It fixes a lot of bugs people have
seen during testing:
- Fix e500 SMP
- Fix book3s_64 DEC
- Fix VSX (new feature in 2.0) for LE hosts
- Fix PR KVM on top of pHyp (SLOF update)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
iQIcBAABAgAGBQJTQ8BCAAoJECszeR4D/txgX98QAI9ccJung8AY7KT5X6gaKZqH
rC2bBuB6Cg/Lkm8sUIEhsYJKpT4F2LTwQvWpi/L9JbXR2L39o5Gt9LD3a00VG4gC
eKIm9utZN7GJw61w6GzGIEjQX3eQh0GJUqP+U3KEh8Vzdl+Vr3sEpeuVQzwucO1Z
dYPKXK9ZVXLcTgCDbCO/D6R4129mnbZvyTiJIJLPewVXcBB0fKWHdu5x+VexaVXz
tuwa1UfMVqUBFcBxDvqRmvTCLwCwa0Gn2kVSl0sNb/cw/MRatb0uomJCr6OQCgXX
Fu6pEur+Tvsq/8twuqnTz/7Hs+EruYr6+4kB63ZZwRabJ1UmRmGUrIh+BvMJvgii
lGLV4F4VCqxakDLuFqvS98Ww+HhgBUqjnRPkKP+Epyg6JFV4yh+CWXIWY0ck27E9
aVSgeEgmNISIQs5vJ7JTNcGmF8KXvHc74HCtNQyenC89EoVaGHxI/ssJIk3u4dVA
TxYgb7tttG+qXAEeaxXziwptd5Tb4mWxx1j6Pz/Es9kqURWCnIBAfuoihDXIsKwc
+D6pv1GQ5vkTIyLbWjZ7LSkFNfJBFQzzbxXVBxzK1gOoklQBjJXNOylcuyOYLUD2
HjDDkVdolRv6xMWYQltUc2UlMos5rGC3rNvtJ4K9CeoIo7hZiSRnM9gnbIf/TwBo
55n53ZvZhIksFQXArmfH
=U2m0
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/agraf/tags/signed-ppc-for-upstream' into staging
Patch queue for ppc - 2014-04-08
This is the final queue for 2.0! It fixes a lot of bugs people have
seen during testing:
- Fix e500 SMP
- Fix book3s_64 DEC
- Fix VSX (new feature in 2.0) for LE hosts
- Fix PR KVM on top of pHyp (SLOF update)
# gpg: Signature made Tue 08 Apr 2014 10:24:18 BST using RSA key ID 03FEDC60
# gpg: Can't check signature: public key not found
* remotes/agraf/tags/signed-ppc-for-upstream:
PPC: Add l1 cache sizes for 970 and above systems
ppce500_spin: Initialize struct properly
PPC: Only enter MSR_POW when no interrupts pending
PPC: Clean up DECR implementation
target-ppc: Correct VSX Integer to FP Conversion
target-ppc: Correct VSX FP to Integer Conversion
target-ppc: Correct VSX FP to FP Conversions
target-ppc: Correct VSX Scalar Compares
target-ppc: Correct Simple VSR LE Host Inversions
target-ppc: Correct LE Host Inversion of Lower VSRs
target-ppc: Define Endian-Correct Accessors for VSR Field Access
target-ppc: Bug: VSX Convert to Integer Should Truncate
softfloat: Introduce float32_to_uint64_round_to_zero
pseries: Update SLOF firmware image to qemu-slof-20140404
PPC: E500: Set PIR default reset value rather than SPR value
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Book3s_64 guests expect the L1 cache size in device tree, so let's give
them proper values for all CPU types we support.
This fixes a "not compliant" warning with sles11 guests on -M pseries for me.
Signed-off-by: Alexander Graf <agraf@suse.de>