Commit Graph

6010 Commits

Author SHA1 Message Date
aurel32
0b97134b29 target-i386: fix CVE-2007-1322
The icebp instruction can be abused to terminate the emulation,
resulting in denial of service.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5921 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-07 18:15:36 +00:00
aurel32
e8e880a72e slirp: fix CVE 2007-5729
The emulated network cards in QEMU allows local users to execute arbitrary
code by writing Ethernet frames with a size larger than the slirp's default
MTU, which triggers a heap-based buffer overflow in the slirp library.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5920 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-07 18:15:23 +00:00
blueswir1
a810a2de17 Some fixes for TCG debugging
This fixes a few things after Paul's improvements for TCG debugging:

  - change TCGv_i64 field name to something different from
    TCGv_i32
  - fix things in tcg that the above change made visible.

Signed-off-by: Laurent Desnogues <laurent.desnogues@gmail.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5919 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-07 17:16:42 +00:00
aurel32
e8fc4fa7a1 target-ppc: disable single stepping
... which left was enabled by mistake.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5918 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-07 16:23:22 +00:00
balrog
dc23e2605d PXA: Account for offset from page start in a subpage mapping.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5917 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-07 16:08:49 +00:00
aurel32
dcb8c51272 Update .gitignore
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5916 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-07 16:04:13 +00:00
aurel32
ec72e276c5 target-ppc: Fix use of uninitialized TCG variable in tlbiva
Silences a warning about possible unitialized use of t0.

Signed-off-by: Andreas Faerber <andreas.faerber@web.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5915 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-07 15:45:15 +00:00
aurel32
86e840eef7 Remove a few dyngen and dyngen related code
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5914 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-07 15:21:23 +00:00
balrog
955a7dd5e8 ARM: fix smmul and smmla/smmls usage of registers (Mans Rullgard).
This fixes the destination and accumulator registers for the smmul
and smmla instructions.

Signed-off-by: Mans Rullgard <mans@mansr.com>
Acked-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5913 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-07 14:18:02 +00:00
balrog
ded9d29547 ARM: fix usad8 and usada8 usage of registers (Mans Rullgard).
This fixes the destination and accumulator registers for the usad8
and usada8 instructions.

Signed-off-by: Mans Rullgard <mans@mansr.com>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5912 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-07 14:03:27 +00:00
aurel32
662bbadd35 Remove gcc 3.4 check
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5911 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-07 13:40:38 +00:00
aurel32
45d827d2d7 target-ppc: convert SPR accesses to TCG
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5910 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-07 13:40:29 +00:00
aurel32
fa0d32c4e4 target-ppc: remove dead code
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5909 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-07 13:40:15 +00:00
balrog
4cc633c38b Patch holes in ARM translation (Laurent Desnogues).
- gen_set_CF_bit31:  use the right value to set carry flag
 - shifter_out_im:  remove a spurious semi-colon
 - add a break for VSHRN, VRSHRN, VQSHRN, VQRSHRN
   size 2 case
 - sbfx, ubfx are v6t2 instructions

The correct cps user mode behaviour is unclear so it's left out from the
commit until ARM decides it.

Signed-off-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5908 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-07 13:32:09 +00:00
balrog
aaf2d97dcb ARM: cosmetics (Laurent Desnogues).
- remove macros that are not used
  - remove disass structure is_mem field which value is never used
  - correct a typo in a comment.

Signed-off-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5907 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-07 13:20:16 +00:00
balrog
1364332320 omap1: fix uart3 init (Jean-Christophe PLAGNIOL-VILLARD).
Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5906 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-07 12:52:07 +00:00
balrog
c588de3d27 omap1: add OSC_12M_SEL UART register support (original patch from Jean-Christophe PLAGNIOL-VILLARD)
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5905 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-07 12:49:26 +00:00
balrog
d361be2566 pflash_cfi01: add Single Byte Program (Jean-Christophe PLAGNIOL-VILLARD).
Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5904 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-07 12:36:28 +00:00
balrog
575750581c SCSI: Handle inquiry commands of varying length (Justin Chevrier).
Openserver 5.0.5 sends an Inquiry command to the emulated SCSI disk
expecting a response length of 40 bytes. Currently the response to an
Inquiry command is hardcoded to 36 bytes. When receiving a response of
length 36 instead of 40 Openserver panics.

Modifications to original patch based on feedback from Ryan Harper and Paul
Brook. Thanks guys.

Signed-off-by: Justin Chevrier <address@hidden>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5903 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-07 03:12:54 +00:00
balrog
02b373ad5d LSI53C895A: Handle empty SCRIPTS opcode (Justin Chevrier)
Basically after each DMA transfer the Openserver driver would issue an
empty (0) SCRIPTS opcode. As the opcode is essentially a NOP it has no
second DWORD and therefore the DSP should only be incremented by 4 bytes
instead of the 8 bytes we currently do.

Here's a snippet of the log:

lsi_scsi: Data ready tag=0x100d9 len=16384
...
lsi_scsi: SCRIPTS dsp=068c5e50 opcode 01000400 arg 07a09000
lsi_scsi: DMA addr=0x07a09000 len=1024
lsi_scsi: SCRIPTS dsp=068c5e58 opcode 00000000 arg 01000400
lsi_scsi: Wrong phase got 1 expected 0

Note the 2nd DWORD after the empty opcode; the next opcode in the DMA
transfer sequence. As can be expected the address after that has the next
DMA address to use.

After the attached patch the DMA transfer is able to complete successfully:

lsi_scsi: SCRIPTS dsp=068c5e50 opcode 01000400 arg 07a0d000
lsi_scsi: DMA addr=0x07a0d000 len=1024
lsi_scsi: SCRIPTS dsp=068c5e5c opcode 01000400 arg 07a0d400
lsi_scsi: DMA addr=0x07a0d400 len=1024
...

Tested againsted Openserver 5.0.5 and Debian ARM.

Signed-off-by: Justin Chevrier <address@hidden>
Acked-by: Ryan Harper <ryanh@us.ibm.com>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5902 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-07 03:07:51 +00:00
balrog
c021db86a4 LSI53C895A: Remove current_dma_len hack
Signed-off-by: Justin Chevrier <address@hidden>
Acked-by: Ryan Harper <ryanh@us.ibm.com>
Acked-by: Chris Wright <chrisw@sous-sol.org>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5901 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-07 03:03:21 +00:00
balrog
9e7d11ff34 Remove a duplicate omap_l4_attach(), add one missing elsewhere.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5900 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-07 01:51:28 +00:00
balrog
ed00525318 Don't wrap I2C registers addresses on PXA270.
This way the registers will only be visible at the given offset instead of
every 0x100 bytes.


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5899 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-07 01:49:28 +00:00
edgar_igl
e63204853e ETRAX-FS: Simplify the DMA blocks address registration and decoding.
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5898 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-07 00:14:21 +00:00
edgar_igl
0db74b0705 ETRAX-FS: No need to decode the address anymore.
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5897 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-06 23:19:03 +00:00
aurel32
8983da70c4 target-ppc: remove dead code
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5896 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-06 22:01:01 +00:00
aurel32
74d37793f4 target-ppc: convert SLB/TLB instructions to TCG
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5895 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-06 21:46:17 +00:00
blueswir1
331dadde19 The configure test for struct iovec #includes <sys/uio.h> but qemu-common.h did not.
This fixes compilation of hw/virtio.h on Mac OS X.

Signed-off-by: Andreas Faerber <andreas.faerber@web.de>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5894 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-06 19:44:56 +00:00
aurel32
06dca6a7c1 target-ppc: convert dcr load/store to TCG
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5893 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-06 16:37:18 +00:00
aurel32
6527f6ea9c target-ppc: convert msr load/store to TCG
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5892 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-06 13:03:35 +00:00
aurel32
22e0e17337 target-ppc: convert POWER bridge instructions to TCG
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5891 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-06 12:19:14 +00:00
aurel32
3b63c04e1b Revert "hw/apic.c: use fls() from host-utils"
This reverts commit 5876.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5890 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-06 10:46:35 +00:00
aliguori
bf9298b90e Make struct iovec universally available
Vectored IO APIs will require some sort of vector argument.  It makes sense to
use struct iovec and just define it globally for Windows.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5889 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-05 20:05:26 +00:00
blueswir1
a38131b669 Attached patch contains warning fixes.
Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5888 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-05 17:56:40 +00:00
blueswir1
b3efe5c890 Attached patch make cpu-exec.c compile on NetBSD.
Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5887 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-05 17:55:45 +00:00
blueswir1
1360677cfe Attached patch makes NetBSD use the native bswap functions
which compile.

Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5886 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-05 17:54:09 +00:00
blueswir1
3990d09adf sys-queue.h defines _SYS_QUEUE_H_ which is also defined by
the <sys/queue.h> system header. <sys/disk.h> uses SLIST_ENTRY
on NetBSD, which doesn't exist in sys-queue.h. Therefore,
include <sys/queue.h> before including sys-queue.h.

Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5885 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-05 17:53:21 +00:00
aurel32
4dd8c13803 Fix PPC PREP platform, broken by commit 5849
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5884 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-05 16:05:41 +00:00
aurel32
3476f891cc hw/ppc4xx_pci.c: kill two warnings
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5883 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-05 16:05:32 +00:00
aurel32
7487953d70 target-ppc: convert POWER shift instructions to TCG
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5882 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-05 07:21:44 +00:00
aurel32
54cdcae646 target-ppc: add functions to load/store SPR
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5881 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-05 07:21:31 +00:00
aliguori
b2b183c270 do boundary check based on absolute value (Glauber Costa)
For backward operations, dstpitch and srcpitch can
be negative. This leads BLTUNSAFE macro into an
overflow, and as a result, it avoids performing
operations that are perfectly valid.

The visible effect that led to that patch was the gnome-panel
bar in Fedora10. Before this patch, you could see garbage
clobbering a big portion of the bar.

After this patch, this garbage is gone.

Signed-off-by: Glauber Costa <glommer@redhat.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5880 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-04 22:36:38 +00:00
aliguori
4dc822d726 Use writeback caching by default with qcow2
qcow2 writes a cluster reference count on every cluster update.  This causes
performance to crater when using anything but cache=writeback.  This is most
noticeable when using savevm.  Right now, qcow2 isn't a reliable format
regardless of the type of cache your using because metadata is not updated in
the correct order.  Considering this, I think it's somewhat reasonable to use
writeback caching by default with qcow2 files.

It at least avoids the massive performance regression for users until we sort
out the issues in qcow2. 

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5879 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-04 21:39:21 +00:00
aurel32
0cd2df75a2 Fix RTC initial date computation
qemu_get_clock() returns a structure containing the time the user wants
to be set (either UTC time, a local time, or a given date). Use mktimegm()
instead of mktime() to convert it into POSIX time without taking the host
timezone into account.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5878 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-04 21:34:52 +00:00
aliguori
bb6834cfae Fix windows build after virtio changes
Windows does not have sys/uio.h and does not have err.h.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5877 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-04 21:28:28 +00:00
aurel32
d34ca59016 hw/apic.c: use fls() from host-utils
...and fix a bug, the implementation in hw/apic.c was wrong.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5876 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-04 20:57:02 +00:00
aliguori
d096ab91c9 Add missing file from previous commit.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5875 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-04 20:35:16 +00:00
aliguori
bd3220870f Add virtio-balloon support
This adds a VirtIO based balloon driver.  It uses madvise() to actually balloon
the memory when possible.

Until 2.6.27, KVM forced memory pinning so we must disable ballooning unless the
kernel actually supports it when using KVM.  It's always safe when using TCG.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5874 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-04 20:33:06 +00:00
aliguori
df751fa8bf Add ballooning infrastructure.
Balloon devices allow you to ask the guest to allocate memory.  This allows you
to release that memory.  It's mostly useful for freeing up large chunks of
memory from cooperative guests.

Ballooning is supported by both Xen and VirtIO.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5873 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-04 20:19:35 +00:00
aliguori
8d371d4bce Define fls() in terms of clz32().
As suggested by Laurent Desnogues.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5872 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-04 20:08:06 +00:00