Commit Graph

55398 Commits

Author SHA1 Message Date
Stefan Hajnoczi
3932ef3ffb trace: add TRACE_<event>_BACKEND_DSTATE()
QEMU keeps track of trace event enabled/disabled state and provides
monitor commands to inspect and modify the "dstate".  SystemTap and
LTTng UST maintain independent enabled/disabled states for each trace
event, the other backends rely on QEMU dstate.

Introduce a new per-event macro that combines backend-specific dstate
like this:

  #define TRACE_MY_EVENT_BACKEND_DSTATE() ( \
      QEMU_MY_EVENT_ENABLED() || /* SystemTap */ \
      tracepoint_enabled(qemu, my_event) /* LTTng UST */ || \
      false)

This will be used to extend trace_event_get_state() in the next patch.

[Daniel Berrange pointed out that QEMU_MY_EVENT_ENABLED() must be true
by default, not false.  This way events will fire even if the DTrace
implementation does not implement the SystemTap semaphores feature.

Ubuntu Precise uses lttng-ust-dev 2.0.2 which does not have
tracepoint_enabled(), so we need a compatibility wrapper to keep Travis
builds passing.
--Stefan]

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20170731140718.22010-2-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

fixup! trace: add TRACE_<event>_BACKEND_DSTATE()
2017-08-01 12:07:48 +01:00
Daniel P. Berrange
ea1ff54f7d trace: ensure unique function / variable names per .stp file
The simpletrace compatibility code for systemtap creates a
function and some global variables for mapping to event ID
numbers. We generate multiple -simpletrace.stp files though,
one per target and systemtap considers functions & variables
to be globally scoped, not per file. So if trying to use the
simpletrace compat probes, systemtap will complain:

 # stap -e 'probe qemu.system.arm.simpletrace.visit_type_str { print( "hello")}'
 semantic error: conflicting global variables: identifier 'event_name_to_id_map' at /usr/share/systemtap/tapset/qemu-aarch64-simpletrace.stp:3:8
        source: global event_name_to_id_map
                       ^
 identifier 'event_name_to_id_map' at /usr/share/systemtap/tapset/qemu-system-arm-simpletrace.stp:3:8
        source: global event_name_to_id_map
                       ^

 WARNING: cross-file global variable reference to identifier 'event_name_to_id_map' at /usr/share/systemtap/tapset/qemu-system-arm-simpletrace.stp:3:8 from: identifier 'event_name_to_id_map' at /usr/share/systemtap/tapset/qemu-aarch64-simpletrace.stp:8:21
 source:     if (!([name] in event_name_to_id_map)) {
                             ^
 WARNING: cross-file global variable reference to identifier 'event_next_id' at /usr/share/systemtap/tapset/qemu-system-arm-simpletrace.stp:4:8 from: identifier 'event_next_id' at :9:38
 source:         event_name_to_id_map[name] = event_next_id
                                              ^

We already have a string used to prefix probe names, so just
replace '.' with '_' to get a function / variable name prefix

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 20170728133657.5525-1-berrange@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-08-01 10:36:30 +01:00
Daniel P. Berrange
ed8650586f trace: ensure .stp files are rebuilt if trace tool source changes
The make rules for generating the .stp files forgot to add a dep
on $(tracetool-y) to trigger a rebuild if the trace tool source
changes.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 20170728133631.5449-1-berrange@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-08-01 10:36:29 +01:00
Peter Maydell
5619c17905 target-arm queue:
* fix broken properties on MPS2 SCC device
  * fix MPU trace handling of write vs exec
  * fix MPU M profile bugs:
    - not handling system space or PPB region correctly
    - not resetting state
    - not migrating MPU_RNR
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCAAGBQJZfyDUAAoJEDwlJe0UNgzel1UP/iOfjpKXm1KWI6FvcF2uw8Jp
 VVFLt2SP+SOYG4GrMfapndLj22RvhOAQWSao98uOplMOjIC2nxD+Wx9a9N9FrSV1
 wsZL842rWRfmNT5PUOo/6g4pEZm0d+JbwZNLdq1+LsRhdOX11KHS8dUFHcZKybhP
 Ebh1UsFplTXHQgcKDxeGc6RRoGEI6EwpW+ms5IPvdDcBVct7ibgZNicZW0vSdISM
 /xI7nvMLZD4OJGi9CUPdAQV7+v+xg/zqk2YOrjbvQzxCzx1uzvjsrIlEjMWmwdMO
 LEMYPNYdB+OjoIUHTy2Rb1tw19x7jB2VUO4NRZkfrEqtwoQHV4dI/53ASwLaS5Zg
 1n3QQ1iv9Fewzs8htnSlC2KQQ5vxiimyzlkvQd5DDLDOpY9gAA7jWc+zQrJHcD5G
 cpIytYWt2mxqZrJstWirmKPYcblwTKCzAqyKdIXH+IPSmIlTLhkqWHKWSZKDqD6Q
 IQxH+Cq7PVciWQ4Gu76VCJGlx/quDmDKGMr2BZmXs2BFvCE5p127KcRkEWPLrEyI
 I4lB0rq93k5h36VOnjtgs8dH4j1sUsPNJcBIBh/5lqe2gCm0aZ315C8ZdbB2KTHu
 h58M7AfkSHpC29QR0Rjk3SNXCeSrPJudCKQH0YBPdzGlsp5+2PpAQrGj53oC6cla
 33qRTSmfIua/fwdCGVoq
 =VErx
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20170731' into staging

target-arm queue:
 * fix broken properties on MPS2 SCC device
 * fix MPU trace handling of write vs exec
 * fix MPU M profile bugs:
   - not handling system space or PPB region correctly
   - not resetting state
   - not migrating MPU_RNR

# gpg: Signature made Mon 31 Jul 2017 13:21:40 BST
# gpg:                using RSA key 0x3C2525ED14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>"
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>"
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20170731:
  hw/mps2_scc: fix incorrect properties
  target/arm: Migrate MPU_RNR register state for M profile cores
  target/arm: Move PMSAv7 reset into arm_cpu_reset() so M profile MPUs get reset
  target/arm: Rename cp15.c6_rgnr to pmsav7.rnr
  target/arm: Don't allow guest to make System space executable for M profile
  target/arm: Don't do MPU lookups for addresses in M profile PPB region
  target/arm: Correct MPU trace handling of write vs execute

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-07-31 14:45:42 +01:00
Peter Maydell
bdf211f884 Revert "syscall: fix dereference of undefined pointer"
This reverts commit bc658e4a2e.

Some versions of gcc warn about this:

linux-user/syscall.c: In function ‘do_ioctl_rt’:
linux-user/syscall.c:5577:37: error: ‘host_rt_dev_ptr’ may be used uninitialized in this function [-Werror=uninitialized]

and in particular the Travis builds fail; they use
gcc (Ubuntu/Linaro 4.6.3-1ubuntu5) 4.6.3.

Revert the change to fix the travis builds.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-07-31 13:56:54 +01:00
Philippe Mathieu-Daudé
89cbc3778a hw/mps2_scc: fix incorrect properties
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20170729234930.725-1-f4bug@amsat.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-07-31 13:11:56 +01:00
Peter Maydell
f1a4694078 target/arm: Migrate MPU_RNR register state for M profile cores
The PMSAv7 region number register is migrated for R profile
cores using the cpreg scheme, but M profile doesn't use
cpregs, and so we weren't migrating the MPU_RNR register state
at all. Fix that by adding a migration subsection for the
M profile case.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 1501153150-19984-6-git-send-email-peter.maydell@linaro.org
2017-07-31 13:09:52 +01:00
Peter Maydell
69ceea64bf target/arm: Move PMSAv7 reset into arm_cpu_reset() so M profile MPUs get reset
When the PMSAv7 implementation was originally added it was for R profile
CPUs only, and reset was handled using the cpreg .resetfn hooks.
Unfortunately for M profile cores this doesn't work, because they do
not register any cpregs. Move the reset handling into arm_cpu_reset(),
where it will work for both R profile and M profile cores.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 1501153150-19984-5-git-send-email-peter.maydell@linaro.org
2017-07-31 13:09:52 +01:00
Peter Maydell
8531eb4f61 target/arm: Rename cp15.c6_rgnr to pmsav7.rnr
Almost all of the PMSAv7 state is in the pmsav7 substruct of
the ARM CPU state structure. The exception is the region
number register, which is in cp15.c6_rgnr. This exception
is a bit odd for M profile, which otherwise generally does
not store state in the cp15 substruct.

Rename cp15.c6_rgnr to pmsav7.rnr accordingly.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 1501153150-19984-4-git-send-email-peter.maydell@linaro.org
2017-07-31 13:09:52 +01:00
Peter Maydell
bf446a11df target/arm: Don't allow guest to make System space executable for M profile
For an M profile v7PMSA, the system space (0xe0000000 - 0xffffffff) can
never be executable, even if the guest tries to set the MPU registers
up that way. Enforce this restriction.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 1501153150-19984-3-git-send-email-peter.maydell@linaro.org
2017-07-31 13:09:18 +01:00
Peter Maydell
38aaa60ca4 target/arm: Don't do MPU lookups for addresses in M profile PPB region
The M profile PMSAv7 specification says that if the address being looked
up is in the PPB region (0xe0000000 - 0xe00fffff) then we do not use
the MPU regions but always use the default memory map. Implement this
(we were previously behaving like an R profile PMSAv7, which does not
special case this).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 1501153150-19984-2-git-send-email-peter.maydell@linaro.org
2017-07-31 13:05:21 +01:00
Peter Maydell
709e4407ad target/arm: Correct MPU trace handling of write vs execute
Correct off-by-one bug in the PSMAv7 MPU tracing where it would print
a write access as "reading", an insn fetch as "writing", and a read
access as "execute".

Since we have an MMUAccessType enum now, we can make the code clearer
in the process by using that rather than the raw 0/1/2 values.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1500906792-18010-1-git-send-email-peter.maydell@linaro.org
2017-07-31 13:05:04 +01:00
Peter Maydell
25dd0e7789 trivial patches for 2017-07-31
-----BEGIN PGP SIGNATURE-----
 
 iQFDBAABCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAll/BBEPHG1qdEB0bHMu
 bXNrLnJ1AAoJEHAbT2saaT5ZYU8IAJesHjleie9NI33FipPpUYf5Inocwkq9KD/3
 b1ibSuDiCrtJYHncL1c5M+th2Rrst7QGrFhji+pjgdz89PzP5B28xt3PvrLAQG6v
 uvvQX5ZcBM01nJtbxZxjdOnpTNZ5GueuUbDPDtgk5ld3UPUTe1mY9r/qKv7hpE2e
 RYKTMmGNQbI2J02P2N2iQ7y2xmLynNhI5R8aXRDfzOB263BsDhtRT2h3gNnDsJn8
 RWzBD8rAhthKN9SmhdYQjmoaKlAvbDn+DaH21/QoNtThVbLjcaHTpMZqQQ+2i/oX
 9musfZG8zxMl8matWHhX8TLwj3iq2BrJq4spwQ70L2eWMbIc+eQ=
 =aXae
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mjt/tags/trivial-patches-fetch' into staging

trivial patches for 2017-07-31

# gpg: Signature made Mon 31 Jul 2017 11:18:57 BST
# gpg:                using RSA key 0x701B4F6B1A693E59
# gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>"
# gpg:                 aka "Michael Tokarev <mjt@corpit.ru>"
# gpg:                 aka "Michael Tokarev <mjt@debian.org>"
# Primary key fingerprint: 6EE1 95D1 886E 8FFB 810D  4324 457C E0A0 8044 65C5
#      Subkey fingerprint: 7B73 BAD6 8BE7 A2C2 8931  4B22 701B 4F6B 1A69 3E59

* remotes/mjt/tags/trivial-patches-fetch: (25 commits)
  docs: fix broken paths to docs/specs/ivshmem-spec.txt
  docs: fix broken paths to docs/config/ich9-ehci-uhci.cfg
  docs: fix broken paths to docs/devel/tracing.txt
  docs: fix broken paths to docs/devel/atomics.txt
  docs: fix broken paths to docs/devel/qapi-code-gen.txt
  docs: fix broken paths to docs/interop/qcow2.txt
  docs: fix broken paths to docs/interop dir
  thunk: assert nb_fields is valid
  syscall: check inotify() and eventfd() return value
  syscall: fix use of uninitialized values
  syscall: fix dereference of undefined pointer
  linux-user/sh4: fix incorrect memory write
  m68k/translate: fix incorrect copy/paste
  net/eth: fix incorrect check of iov_to_buf() return value
  ui/vnc: fix leak of SocketAddress **
  qcow2: fix null pointer dereference
  ivshmem: fix incorrect error handling in ivshmem_recv_msg()
  loader: check get_image_size() return value
  tests: add missing dependency to build QTEST_QEMU_BINARY
  qemu-system-tricore: segfault when entering "x 0" on the monitor
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-07-31 11:27:43 +01:00
Philippe Mathieu-Daudé
25e11d8774 docs: fix broken paths to docs/specs/ivshmem-spec.txt
When this file was rewritten/renamed in fdee2025dd,
a reference path was not updated.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31 13:13:01 +03:00
Philippe Mathieu-Daudé
f31fd5cfd7 docs: fix broken paths to docs/config/ich9-ehci-uhci.cfg
With the move of some docs/ to docs/devel/ on ac06724a71,
a reference path was not updated.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31 13:12:55 +03:00
Philippe Mathieu-Daudé
87e0331c5a docs: fix broken paths to docs/devel/tracing.txt
With the move of some docs/ to docs/devel/ on ac06724a71,
no references were updated.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31 13:12:53 +03:00
Philippe Mathieu-Daudé
b208ac07ea docs: fix broken paths to docs/devel/atomics.txt
With the move of some docs/ to docs/devel/ on ac06724a71,
a couple of references were not updated.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31 13:12:47 +03:00
Philippe Mathieu-Daudé
b3125e73d4 docs: fix broken paths to docs/devel/qapi-code-gen.txt
With the move of some docs to docs/interop on ac06724a71,
a couple of references were not updated.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31 13:12:41 +03:00
Philippe Mathieu-Daudé
f3fdeb9c97 docs: fix broken paths to docs/interop/qcow2.txt
With the move of some docs to docs/interop on d59157ea05,
a reference path was not updated.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31 13:12:35 +03:00
Cleber Rosa
cfb41b8868 docs: fix broken paths to docs/interop dir
With the move of some docs to docs/interop on d59157e, a couple of
references were not updated.

Signed-off-by: Cleber Rosa <crosa@redhat.com>
[PMD: fixed a typo and another reference of docs/interop/qmp-spec.txt]
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31 13:06:52 +03:00
Philippe Mathieu-Daudé
a44af723b3 thunk: assert nb_fields is valid
thunk.c:91:32: warning: Call to 'malloc' has an allocation size of 0 bytes
        se->field_offsets[i] = malloc(nb_fields * sizeof(int));
                               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Reported-by: Clang Static Analyzer
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31 13:06:39 +03:00
Philippe Mathieu-Daudé
b929f7e56f syscall: check inotify() and eventfd() return value
linux-user/syscall.c:555:25: warning: Out of bound memory access (accessed memory precedes memory block)
    target_fd_trans[fd] = trans;
    ~~~~~~~~~~~~~~~~~~~~^~~~~~~

Reported-by: Clang Static Analyzer
Suggested-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31 13:06:39 +03:00
Philippe Mathieu-Daudé
6860710cc3 syscall: fix use of uninitialized values
linux-user/syscall.c:1627:35: warning: 1st function call argument is an uninitialized value
        target_saddr->sa_family = tswap16(addr->sa_family);
                                  ^~~~~~~~~~~~~~~~~~~~~~~~
linux-user/syscall.c:1629:25: warning: The left operand of '==' is a garbage value
    if (addr->sa_family == AF_NETLINK && len >= sizeof(struct sockaddr_nl)) {
        ~~~~~~~~~~~~~~~ ^

Reported-by: Clang Static Analyzer
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31 13:06:39 +03:00
Philippe Mathieu-Daudé
bc658e4a2e syscall: fix dereference of undefined pointer
linux-user/syscall.c:5581:9: warning: Dereference of undefined pointer value
    if (*host_rt_dev_ptr != 0) {
        ^~~~~~~~~~~~~~~~

Reported-by: Clang Static Analyzer
Suggested-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31 13:06:39 +03:00
Philippe Mathieu-Daudé
72cd500b72 linux-user/sh4: fix incorrect memory write
not hit since 2009! :)

linux-user/elfload.c:1102:20: warning: Out of bound memory access (access exceeds upper limit of memory block)
        (*regs[i]) = tswap32(env->gregs[i]);
        ~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~

Reported-by: Clang Static Analyzer
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31 13:06:39 +03:00
Philippe Mathieu-Daudé
4b5660e403 m68k/translate: fix incorrect copy/paste
db3d7945ae extended gen_cc_cond() for cond [6, 7, 9, 10] but misswrote [4, 5]

target/m68k/translate.c:1323:70: warning: identical expressions on both sides of logical operator
        if (op == CC_OP_ADDB || op == CC_OP_ADDW || op == CC_OP_ADDL ||
            op == CC_OP_ADDB || op == CC_OP_ADDW || op == CC_OP_ADDL) {
            ~~~~~~~~~~~~~~~~    ~~~~~~~~~~~~~~~~    ~~~~~~~~~~~~~~~~ ^

Reported-by: Clang Static Analyzer
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31 13:06:39 +03:00
Philippe Mathieu-Daudé
b2caa3b82e net/eth: fix incorrect check of iov_to_buf() return value
So we have sizeof(struct in6_address) != sizeof(uintptr_t)
and Clang > Coverity on this, see 4555ca6816 :)

net/eth.c:426:30: warning: The code calls sizeof() on a pointer type. This can produce an unexpected result
        return bytes_read == sizeof(dst_addr);
                             ^     ~~~~~~~~~~
net/eth.c:475:34: warning: The code calls sizeof() on a pointer type. This can produce an unexpected result
            return bytes_read == sizeof(src_addr);
                                 ^     ~~~~~~~~~~

Reported-by: Clang Static Analyzer
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Dmitry Fleytman <dmitry@daynix.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31 13:06:38 +03:00
Philippe Mathieu-Daudé
9f26f32525 ui/vnc: fix leak of SocketAddress **
Extract the (correct) cleaning code as a new function vnc_free_addresses() then
use it to remove the memory leaks.

Reported-by: Clang Static Analyzer
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31 13:06:38 +03:00
Philippe Mathieu-Daudé
f80ac75d0e qcow2: fix null pointer dereference
It seems this assert() was somehow misplaced.

block/qcow2-refcount.c:2193:42: warning: Array access (from variable 'on_disk_reftable') results in a null pointer dereference
        on_disk_reftable[refblock_index] = refblock_offset;
        ~~~~~~~~~~~~~~~~                 ^

Reported-by: Clang Static Analyzer
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31 13:06:38 +03:00
Philippe Mathieu-Daudé
b7b1e9dd6d ivshmem: fix incorrect error handling in ivshmem_recv_msg()
Screwed up in commit 3a55fc0f, v2.6.0.

If qemu_chr_fe_read_all() returns -EINTR the do {} statement continues and the
n accumulator used to complete reads upto sizeof(msg) is decremented by 4 (the
value of EINTR on Linux).
To avoid that, use simpler if() statements and continue if EINTR occured.

hw/misc/ivshmem.c:650:14: warning: Loss of sign in implicit conversion
    } while (n < sizeof(msg));
             ^

Reported-by: Clang Static Analyzer
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31 13:06:38 +03:00
Philippe Mathieu-Daudé
2a4e2e4919 loader: check get_image_size() return value
since a negative value means it errored.

hw/core/loader.c:149:9: warning: Loss of sign in implicit conversion
    if (size > max_sz) {
        ^~~~
hw/core/loader.c:171:9: warning: Loss of sign in implicit conversion
    if (size > memory_region_size(mr)) {
        ^~~~

Reported-by: Clang Static Analyzer
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31 13:06:38 +03:00
Philippe Mathieu-Daudé
b94b330e23 tests: add missing dependency to build QTEST_QEMU_BINARY
This allow a one liner from fresh repository clone, i.e.:

  ./configure && make -j check-qtest-aarch64

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31 13:06:38 +03:00
Eduardo Otubo
b190f477e2 qemu-system-tricore: segfault when entering "x 0" on the monitor
Starting Qemu with "qemu-system-tricore -nographic -M tricore_testboard -S"
and entering "x 0" at the monitor prompt leads to Segmentation fault.
This happens because tricore_cpu_get_phys_page_debug() is not implemented
yet, this is a temporary workaround to avoid the crash.

Signed-off-by: Eduardo Otubo <otubo@redhat.com>
Tested-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31 13:06:38 +03:00
Marc-André Lureau
7a0b7eba4b build-sys: there is no qemu-ga.c
It got moved in qga/main.c from commit 2870dc3456.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31 13:06:38 +03:00
Marc-André Lureau
d616c12b7d tests: test-netfilter && pxe-test require slirp
If slirp is disabled, it will fail with:

qemu-system-x86_64: -netdev user,id=qtest-bn0: Parameter 'type' expects a netdev backend type

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31 13:05:49 +03:00
Thomas Huth
1b61270be1 MAINTAINERS: Improve the NetBSD regex pattern
Currently get_maintainers.pl claims that the configure script is
maintained by Kamil:

 $ scripts/get_maintainer.pl -f configure
 Kamil Rytarowski <kamil@netbsd.org> (maintainer:NETBSD)
 qemu-devel@nongnu.org (open list:All patches CC here)

This happens because the regex pattern for the NETBSD entry triggers
on everything that contains the keyword "NetBSD". Ease the situation
a little bit by restricting this to "Subject:" lines only, like
we do it in the "trivial patches" section already.

Reported-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31 13:05:49 +03:00
Eduardo Otubo
36bed541ca fix qemu-system-unicore32 crashing when calling without -kernel
Starting qemu-system-unicore32 without the -kernel parameter results in
an assert() returns false and aborts qemu. This patch replaces it with a
proper error message followed by exit(1).

Signed-off-by: Eduardo Otubo <otubo@redhat.com>
Tested-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31 13:05:49 +03:00
Marc-André Lureau
80792eb925 tests: check-qom-proplist: fix leak
user_creatable_add_opts() returns a reference (the other reference is
for the root parent/child link).

Leak introduced in commit a1af255f06.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31 13:05:49 +03:00
Peter Maydell
0c26c080ee ppc patch queue 2017-07-31
This has a couple of last minute bugfixes for qemu 2.10.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEdfRlhq5hpmzETofcbDjKyiDZs5IFAll+sVIACgkQbDjKyiDZ
 s5IojhAApE2OJ5KCA35UP2pkvQ9nG7m1yRvUcb/mtGf3ERPPOOrtSIyey92qYXtR
 Bwh98/ByK88RULca3bDR0HQomuFaJ8LotYwRxT5Q6cRs9doLB9eO6dqLhADum6Vp
 y6xlhvTpl+FHBcg8FqO+DSn4+esKCMgAQJ+Saj1JI+g7VEFErGOLahriOz1lnUJE
 TWZYMDaZ5/FzDiW6xfnXQRpBDEeeIUTITXz0jHN/1siRUEQYkcUUBvxNC0tTCvOw
 JmEDo4mH0HYDxfLCXmQfSXCfe5aj7k5r1GzU03opwA8h62Q0UzxGfxpUoeHxtMYS
 QokTHZje/vpBQR43lRo7yBoSeVVehtZb8PiKJln+if9q8g2pFbQHMERQNqP7dTBT
 gaoW5yXQbQZ88e0s6y58X69pm7kpqW/Zbk8tQZzncX/12K49uALl2RPu6Qyn1tbL
 s7TkRaDWaoyNgc73IozUGuRqZLQlLGAWr+2WO9uEg0jGf42N3FXj+THP7Wb0ekhi
 Tj3O9BluNcFFeUXnTasqbjjkzwu9oHGJoAYnOa3nOTpwKq1zhHedmaxanfy9Gw+2
 CdPl/l/P7s1p96r8y2AhvzPSV0ZAItUSh5VvnPhg1J99M/uquzecC3LAwluep+jO
 35GqtifX3xjo9H5OCVB3Tzpa8no4xJVB7+1UE+5soBj+DR8vmqE=
 =AOf1
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.10-20170731' into staging

ppc patch queue 2017-07-31

This has a couple of last minute bugfixes for qemu 2.10.

# gpg: Signature made Mon 31 Jul 2017 05:25:54 BST
# gpg:                using RSA key 0x6C38CACA20D9B392
# gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>"
# gpg:                 aka "David Gibson (Red Hat) <dgibson@redhat.com>"
# gpg:                 aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>"
# gpg:                 aka "David Gibson (kernel.org) <dwg@kernel.org>"
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 B392

* remotes/dgibson/tags/ppc-for-2.10-20170731:
  Revert "spapr: populate device tree depending on XIVE_EXPLOIT option"
  spapr_drc: fix realize and unrealize

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-07-31 09:59:26 +01:00
David Gibson
fc7e0765fc Revert "spapr: populate device tree depending on XIVE_EXPLOIT option"
This reverts commit b87680427e.

I thought this was a harmless preliminary for XIVE enablement patches
we expect later on.  However, due to some subtle interactions between
qemu and SLOF (guest firmware) this breaks some things.  Revert it for
now, we'll work out how to fix it when the rest of the XIVE patches
are ready.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-07-29 16:22:14 +10:00
Greg Kurz
bf26ae32a9 spapr_drc: fix realize and unrealize
If object_property_add_alias() returns an error in realize(), we should
propagate it to the caller and certainly not unref the DRC.

Same thing goes for unrealize(). Since object_property_del() is the last
call, we can even get rid of the intermediate Error *.

And finally, unrealize() should undo all registrations performed by
realize().

Signed-off-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-07-29 16:22:14 +10:00
Peter Maydell
a588c4985e nbd patches for 2017-07-28
- Philippe Mathieu-Daudé - nbd: fix memory leak in nbd_opt_go()
 -----BEGIN PGP SIGNATURE-----
 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg
 
 iQEcBAABCAAGBQJZe217AAoJEKeha0olJ0NqbRUIAIdzEUgOfXKOrihdsENF17cB
 CkkqM4H0coRgBkk0w94kAFxew20UC7zJ4c098NRZi5M88VyUj5c87fkz6SKzexnZ
 E4jJSaTwT/xx8NCfdW4R0joWlLnVsK150WMlmJBUkBEhbTUlW2xTdL+IqJORhJyv
 1LcVKCYOS+7hyPnJkXmWM8SSbRHd3y2ejnUBlzhdZLwpiJ5hg4538D8z35qK3nHK
 qrF9JRPVzfCOTopiH2MfjluP1J7PrVFiM32gyj/8OxvTT4v3t0Q26JLbX2AJybnF
 jUHvLhutxvHCKL9+p1QpyNiIdI4IBtirUOVmdJWsAZ4Rr+U/jLc+S1HpO3eV65g=
 =3Dal
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2017-07-28' into staging

nbd patches for 2017-07-28

- Philippe Mathieu-Daudé - nbd: fix memory leak in nbd_opt_go()

# gpg: Signature made Fri 28 Jul 2017 17:59:39 BST
# gpg:                using RSA key 0xA7A16B4A2527436A
# gpg: Good signature from "Eric Blake <eblake@redhat.com>"
# gpg:                 aka "Eric Blake (Free Software Programmer) <ebb9@byu.net>"
# gpg:                 aka "[jpeg image of size 6874]"
# Primary key fingerprint: 71C2 CC22 B1C4 6029 27D2  F3AA A7A1 6B4A 2527 436A

* remotes/ericb/tags/pull-nbd-2017-07-28:
  nbd: fix memory leak in nbd_opt_go()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-07-28 18:17:44 +01:00
Philippe Mathieu-Daudé
158b9aa568 nbd: fix memory leak in nbd_opt_go()
nbd/client.c:385:12: warning: Potential leak of memory pointed to by 'buf'

Reported-by: Clang Static Analyzer
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20170727024224.22900-5-f4bug@amsat.org>
[introduced in commit 8ecaeae8]
Signed-off-by: Eric Blake <eblake@redhat.com>
2017-07-28 11:58:20 -05:00
Peter Maydell
3aabfec2c8 MIPS patches 2017-07-28
Changes:
 * Improve ths MIPS board kernel load error reporting
 * Revert unnecessary warning messages
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.5 (GNU/Linux)
 
 iQIVAwUAWXsyeCI464bV95fCAQJwLA//S/4pz25g3tGtrjZR+7GQnMUyY4jl7a70
 +ut7uGCU9/6KgbAL3XgCLVaxAAth5Swh7rrOb2Yp1TxyL4PC/M4o/dYaKY8+okWu
 /s4v2UFSwtZPkVCkzeZRMx/suM9jAdFuEkB9CzwPKVyqnC5ghZs68xWZMuSi8cyL
 VPj8ovPEo7G5Sw1icSRHq9jdmi5lOMI72U+AFC8hz6r6IWVI584vR7D7ozqharhV
 7JK5oY5gFFeq39Ip8sRiP+VXaclroOg5nC+NTVcArtRGgvTSxWz7SQhTusbSALX3
 Q/iCyecpEkK88AOesGVcRZPA3no5zkCBbnSbxU0E/Eq1wYQmOg1D25WFsirUNhS+
 JhspYVmAIWZ9S8mdaLtEJEkJW+3srMauB7HGLCSravgWH1ZKVEqI10Ewsew2mErb
 ncPvO3flH9y1QFqwMZy8879WMVBF5Z4dGDwnF+fShj9TDgFPwrtDK6aaIV9kC+iQ
 dh8rOSw7RQYigqj1VWIF356n1R2c1V0fvI0d8jJqau+SbNRQYFMJ4UaCFQtzD748
 FUPuP5rCOs+BxyYBYQnW5nSn7Jno19imQEwxDAfSATDDTTKM8moK97ZrisMzXT0S
 3UcgfBapcyL9RCXi4/Ums2Q5GIVXtxi2xsZ0HW1ZIezIs0UpmMqOfsMXiDfD+fFC
 hcpKCFsGCTo=
 =ci7G
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/yongbok/tags/mips-20170728' into staging

MIPS patches 2017-07-28

Changes:
* Improve ths MIPS board kernel load error reporting
* Revert unnecessary warning messages

# gpg: Signature made Fri 28 Jul 2017 13:47:52 BST
# gpg:                using RSA key 0x2238EB86D5F797C2
# gpg: Good signature from "Yongbok Kim <yongbok.kim@imgtec.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 8600 4CF5 3415 A5D9 4CFA  2B5C 2238 EB86 D5F7 97C2

* remotes/yongbok/tags/mips-20170728:
  Revert "elf-loader: warn about invalid endianness"
  hw/mips: load_elf_strerror to report kernel loading failure

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-07-28 15:32:44 +01:00
Peter Maydell
762971738c ui: more keymap fixes for 2.10
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJZezUVAAoJEEy22O7T6HE4ZPsP/1IG6CLs6x49ckjfKDIZnjIv
 NVjrI0kvj4okZApDT7ro/4B4NqTTP87pPCF7fEW5P3Qh+BbVkiyKRdDJHR0dk5kG
 EMQQOvZAvyq9xWoq0r+Mhh7fQmqLDXDUse88eFXk24fc73JQWsrIDRltpCJYMTLX
 F6mKCylgM86n3UBTxhDDylMX5Zui+qiToT88LJ+Eorj6HosD36Fu1cH4v3lB0YSb
 DbipMx1dbGydJNTjSaKl42etLAbHpqtlfNlAXkprksM3wnxhAQedgddQ2M2JNgUZ
 ep3LisR4iIA6mUBt/MnO7SWCPypOpiXAyR0MbEy4bk7SpaQ/sidE5ti+ckA0plBJ
 HgbvsWBLAfoQ1R4bUQm2He8z7GyKpJOowZm10y+feKvaF4GjIszlQF5r+Zihy8iF
 HjqlEIeLaqz34lHOMPfpa6MzCHpFXwY8yaHpTh2nUKyI4lgnuhO32uupiaVBnWQq
 JrGIr3wDOTJ0CTnOqu1WLRKnE6n+xI2skQ4dcJ0tOPVx7rPhtm8K5JBYRyb77ELQ
 HA3bV5kTJZLCGPjikl7At3Ekyx28sseGEBaGd4GeYBMCGKoeThAxNi0JDh/zRby8
 WxRKrxdiRj88qBuNSpneWHQ4EjyTG5hzbfNFC0yG7mq5hvG0tYxthe6msF0omwbz
 dMp3f5pwWpmQ0kiny3Pf
 =jdk3
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/ui-20170728-pull-request' into staging

ui: more keymap fixes for 2.10

# gpg: Signature made Fri 28 Jul 2017 13:59:01 BST
# gpg:                using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/ui-20170728-pull-request:
  ui: add pause key to linux_to_qcode
  ui: drop ac_search and ac_stop
  ui: correctly detect spice PAUSE scancode sequence

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-07-28 14:20:17 +01:00
Alexey Kardashevskiy
665df9010a Revert "elf-loader: warn about invalid endianness"
This reverts c8e1158cf6 "elf-loader: warn about invalid endianness"
as it produces a useless message every time an LE kernel image is
passed via -kernel on a ppc64-pseries machine. The pseries machine
already checks for ELF_LOAD_WRONG_ENDIAN and tries with big_endian=0.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
2017-07-28 13:32:32 +01:00
Aurelien Jarno
3ee3122c0d hw/mips: load_elf_strerror to report kernel loading failure
Emulated MIPS boards bail out with a simple "could not load kernel" when
a kernel could not be load, without specifying the underlying reason.
Fix that by calling load_elf_strerror.

At the same time use error_report to report the error instead of
fprintf.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
2017-07-28 13:32:32 +01:00
Gerd Hoffmann
ef58430d5d ui: add pause key to linux_to_qcode
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 20170728063432.27578-1-kraxel@redhat.com
2017-07-28 12:35:40 +02:00
Gerd Hoffmann
103dce8f75 ui: drop ac_search and ac_stop
Both keys exist already: "ac_search" is "find" and "ac_stop" is "stop".

Fixes: 37810e8055
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 20170728063415.27480-1-kraxel@redhat.com
2017-07-28 12:35:40 +02:00
Daniel P. Berrange
e92316ad30 ui: correctly detect spice PAUSE scancode sequence
The SPICE input code is currently detcting 0xe1 0x1d 0x45 as
the PAUSE key make sequence and 0xe1 0x9d 0xc5 as the break
sequence. This is incorrect, because all 6 scancodes together
are the make sequence, and there is no break sequence.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 20170727174640.30359-1-berrange@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2017-07-28 12:35:40 +02:00