Commit 0b183fc871:"memory: move mem_path handling to
memory_region_allocate_system_memory" split memory_region_init_ram and
memory_region_init_ram_from_file. Also it moved mem-path handling a step
up from memory_region_init_ram to memory_region_allocate_system_memory.
Therefore for any board that uses memory_region_init_ram directly,
-mem-path is not supported.
Fix this by replacing memory_region_init_ram with
memory_region_allocate_system_memory.
Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Cc: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Signed-off-by: Dirk Mueller <dmueller@suse.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Commit 0b183fc871:"memory: move mem_path handling to
memory_region_allocate_system_memory" split memory_region_init_ram and
memory_region_init_ram_from_file. Also it moved mem-path handling a step
up from memory_region_init_ram to memory_region_allocate_system_memory.
Therefore for any board that uses memory_region_init_ram directly,
-mem-path is not supported.
Fix this by replacing memory_region_init_ram with
memory_region_allocate_system_memory.
Cc: Richard Henderson <rth@twiddle.net>
Signed-off-by: Dirk Mueller <dmueller@suse.com>
Acked-by: Richard Henderson <rth@twiddle.net>
Message-id: CAL5wTH64_ykF17cw2T1Axq8P3vCWm=6WbUJ3qJrLF-u+-MmzUw@mail.gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit 0b183fc871:"memory: move mem_path handling to
memory_region_allocate_system_memory" split memory_region_init_ram and
memory_region_init_ram_from_file. Also it moved mem-path handling a step
up from memory_region_init_ram to memory_region_allocate_system_memory.
Therefore for any board that uses memory_region_init_ram directly,
-mem-path is not supported.
Fix this by replacing memory_region_init_ram with
memory_region_allocate_system_memory.
Cc: Michael Walle <michael@walle.cc>
Signed-off-by: Dirk Mueller <dmueller@suse.com>
Acked-by: Michael Walle <michael@walle.cc>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Otherwise the guest can abuse that control to cause e.g. PCIe
Unsupported Request responses (by disabling memory and/or I/O decoding
and subsequently causing [CPU side] accesses to the respective address
ranges), which (depending on system configuration) may be fatal to the
host.
This is CVE-2015-2756 / XSA-126.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Message-id: alpine.DEB.2.02.1503311510300.7690@kaball.uk.xensource.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit 0b183fc871:"memory: move mem_path handling to
memory_region_allocate_system_memory" split memory_region_init_ram and
memory_region_init_ram_from_file. Also it moved mem-path handling a step
up from memory_region_init_ram to memory_region_allocate_system_memory.
Therefore for any board that uses memory_region_init_ram directly,
-mem-path is not supported.
Fix this by replacing memory_region_init_ram with
memory_region_allocate_system_memory.
Signed-off-by: Dirk Mueller <dmueller@suse.com>
Message-id: CAL5wTH4UHYKpJF=dLJfFzxpufjY189chnCow47-ySuLf8GLbug@mail.gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
After qemu_iovec_destroy, the QEMUIOVector's size is zeroed and
the zero size ultimately is used to compute virtqueue_push's len
argument. Therefore, reads from virtio-blk devices did not
migrate their results correctly. (Writes were okay).
Save the size in virtio_blk_handle_request, and use it when the request
is completed.
Based on a patch by Wen Congyang.
Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Tested-by: Li Zhijian <lizhijian@cn.fujitsu.com>
Message-id: 1427997044-392-1-git-send-email-pbonzini@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Probably a copy&paste bug. Fixing it helps identifying the device model
behind port 0x61.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
virtio-blk fix, because Wen only posted a prototype and the changes
I made were pretty large. It definitely needs another pair of eyes
(but it is a 2.3 regression and a blocker).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAABCAAGBQJVHUtcAAoJEL/70l94x66Dr1IIAIq+2i+79CoOW1VgoqdN9hBM
co7s8MzVwPzSPxMzicv94nAMBcPWfmoGzi8JJebxUmQDmZ7L33bOa64cbVgmQ5wU
gfJ+yea8TRkyDH/psv8jcvesdEgwRUnpOTCrEv4GD+haTHWZB4t6HW4KpolxbclJ
igs5MUxcH/cM//L+nyadr/ZuJvPy4sakquvnMqr5Zzr/xjwLwzbJIksoZthMdxW5
oZAY1g0T2f5sSpt0kl8lYid1njbTBX9z8ZkoftQSjRJFZ253vl+CxXFuJevke1hE
ayRhRKg5VfAyPY4txEK0+27E/Jo4X51y+6Et0N5yzrQsSZ1FeBtxzngm14gEQZA=
=CfCj
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
Another round of small fixes. I am not including the
virtio-blk fix, because Wen only posted a prototype and the changes
I made were pretty large. It definitely needs another pair of eyes
(but it is a 2.3 regression and a blocker).
# gpg: Signature made Thu Apr 2 14:59:56 2015 BST using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini/tags/for-upstream:
Use $(MAKE) for recursive make
kvm-all: Sync dirty-bitmap from kvm before kvm destroy the corresponding dirty_bitmap
util/qemu-config: fix regression of qmp_query_command_line_options
target-i386: clear bsp bit when designating bsp
qga: fitering out -fstack-protector-strong
target-i386: save 64-bit CR3 in 64-bit SMM state save area
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Since the BSP bit is writable on real hardware, during reset all the CPUs which
were not chosen to be the BSP should have their BSP bit cleared. This fix is
required for KVM to work correctly when it changes the BSP bit.
An additional fix is required for QEMU tcg to allow software to change the BSP
bit.
Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Message-Id: <1427932716-11800-1-git-send-email-namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Device models aren't supposed to go on fishing expeditions for
backends. They should expose suitable properties for the user to set.
For onboard devices, board code sets them.
A number of sysbus devices pick up block backends in their init() /
instance_init() methods with drive_get_next() instead: sl-nand,
milkymist-memcard, pl181, generic-sdhci.
Likewise, a number of sysbus devices pick up character backends in
their init() / realize() methods with qemu_char_get_next_serial():
cadence_uart, digic-uart, etraxfs,serial, lm32-juart, lm32-uart,
milkymist-uart, pl011, stm32f2xx-usart, xlnx.xps-uartlite.
All these mistakes are already marked FIXME. See the commit that
added these FIXMEs for a more detailed explanation of what's wrong.
Fortunately, only machines ppce500 and pseries-* support -device with
sysbus devices, and none of the devices above is supported with these
machines.
Set cannot_instantiate_with_device_add_yet to preserve our luck.
Cc: Andrzej Zaborowski <balrogg@gmail.com>
Cc: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Cc: Antony Pavlov <antonynpavlov@gmail.com>
Cc: "Edgar E. Iglesias" <edgar.iglesias@gmail.com>
Cc: Michael Walle <michael@walle.cc>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Device models aren't supposed to go on fishing expeditions for
backends. They should expose suitable properties for the user to set.
For onboard devices, board code sets them.
"sdhci-pci" picks up its block backend in its realize() method with
drive_get_next() instead. Already marked FIXME. See the commit that
added the FIXME for a more detailed explanation of what's wrong.
We can't fix this in time for the release, but since the device is new
in 2.3, we can set cannot_instantiate_with_device_add_yet to disable
it before this mistake becomes ABI, and we have to support command
lines like
$ qemu -drive if=sd -drive if=sd,file=sd.img -device sdhci-pci -device sdhci-pci
forever.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
NICs defined with -net nic are for board initialization to wire up.
Board code examines nd_table[] to find them, and creates devices with
their qdev NIC properties set accordingly.
Except "allwinner-a10" goes on a fishing expedition for NIC
configuration instead of exposing the usual NIC properties for board
code to set: it uses nd_table[0] in its instance_init() method.
Picking up the first -net nic option's configuration that way works
when the device is created by board code. But it's inappropriate for
-device and device_add. Not only is it inconsistent with how the
other block device models work (they get their configuration from
properties "mac", "vlan", "netdev"), it breaks when nd_table[0] has
been picked up by the board or a previous -device / device_add
already.
Example:
$ qemu-system-arm -S -M cubieboard -device allwinner-a10
qemu-system-arm: -device allwinner-a10: Property 'allwinner-emac.netdev' can't take value 'hub0port0', it's in use
Aborted (core dumped)
It also breaks in other entertaining ways:
$ qemu-system-arm -M highbank -device allwinner-a10
qemu-system-arm: -device allwinner-a10: Unsupported NIC model: xgmac
$ qemu-system-arm -M highbank -net nic,model=allwinner-emac -device allwinner-a10
qemu-system-arm: Unsupported NIC model: allwinner-emac
Mark the mistake with a FIXME comment.
Cc: Li Guang <lig.fnst@cn.fujitsu.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Character devices defined with -serial and -parallel are for board
initialization to wire up. Board code examines serial_hds[] and
parallel_hds[] to find them, and creates devices with their qdev
chardev properties set accordingly.
Except a few devices go on a fishing expedition for a suitable backend
instead of exposing a chardev property for board code to set: they use
serial_hds[] (often via qemu_char_get_next_serial()) or parallel_hds[]
in their realize() or init() method to connect to a backend.
Picking up backends that way works when the devices are created by
board code. But it's inappropriate for -device or device_add. Not
only is it inconsistent with how the other characrer device models
work (they connect to a backend explicitly identified by a "chardev"
property), it breaks when the backend has been picked up by the board
or a previous -device / device_add already.
Example:
$ qemu-system-ppc64 -M bamboo -S -device i82378 -device pc87312 -device pc87312
qemu-system-ppc64: -device pc87312: Property 'isa-parallel.chardev' can't take value 'parallel0', it's in use
Mark them with suitable FIXME comments.
Cc: Li Guang <lig.fnst@cn.fujitsu.com>
Cc: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Cc: Antony Pavlov <antonynpavlov@gmail.com>
Cc: "Edgar E. Iglesias" <edgar.iglesias@gmail.com>
Cc: Michael Walle <michael@walle.cc>
Cc: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Cc: "Andreas Färber" <andreas.faerber@web.de>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Drives defined with if!=none are for board initialization to wire up.
Board code calls drive_get() or similar to find them, and creates
devices with their qdev drive properties set accordingly.
Except a few devices go on a fishing expedition for a suitable backend
instead of exposing a drive property for board code to set: they call
driver_get() or drive_get_next() in their realize() or init() method
to implicitly connect to the "next" backend with a certain interface
type.
Picking up backends that way works when the devices are created by
board code. But it's inappropriate for -device or device_add. Not
only is this inconsistent with how the other block device models work
(they connect to a backend explicitly identified by a "drive"
property), it breaks when the "next" backend has been picked up by the
board already.
Example:
$ qemu-system-arm -S -M connex -pflash flash.img -device ssi-sd
Aborted (core dumped)
Mark them with suitable FIXME comments.
Cc: Andrzej Zaborowski <balrogg@gmail.com>
Cc: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Cc: "Andreas Färber" <andreas.faerber@web.de>
Cc: Michael Walle <michael@walle.cc>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Commits 6e05a12f8f and db25a1581 both attempt to fix the
same "failed to free memory containing flash filename" bug,
with the effect that when they were both applied we ended
up freeing the memory twice. Delete the spurious extra free.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Message-id: 1427968334-14527-1-git-send-email-peter.maydell@linaro.org
As 4de9a88(hw/arm/virt: Fix memory leak reported by Coverity)
and 6e05a12(arm: fix memory leak) both handle the memory leak
reported by Coverity, this cause qemu corruption due to
double free.
Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Message-id: 1427944026-8968-1-git-send-email-zhaoshenglong@huawei.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
As there is logic to deal with the difference between edge and level
triggered interrupts in the kernel we must ensure it knows the
configuration of the IRQs before we restore the pending state.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Acked-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
As the conditional statement had to be split anyway, we can also
add a better error report message.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Message-id: 1426877982-3603-1-git-send-email-sw@weilnetz.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
As the conditional statement had to be split anyway, we can also
add a better error report message.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Message-id: 1426877963-3556-1-git-send-email-sw@weilnetz.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Coverity reports a resource leak for sysboot_filename which is allocated
by qemu_find_file.
In addition, that name is used to get the size of the image, but a
different image name was used to load it.
In addition, instead of passing the maximum allowed image size the actual
image size was passed to load_image_targphys.
Fix all three issues.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Message-id: 1426326781-2488-1-git-send-email-sw@weilnetz.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit cd61cb2 pc: acpi-build: generate pvpanic device description dynamically
introduced regression changing pvpanic device HID from
QEMU0001 to QEMU0002.
Fix AML generated code so that pvpanic device
would keep its original HID. i.e. QEMU0001
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reported-by: Gal Hammer <ghammer@redhat.com>
Message-Id: <1427717907-25027-1-git-send-email-imammedo@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Make s390_update_iplstate() return uint32_t to avoid sign extensions
for cssids > 127. While this doesn't matter in practice yet (as
nobody supports MCSS-E and thus won't see the real cssid), play safe.
Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Jason J. Herne <jjherne@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
ram_addr.h is an internal interface and it is not needed anyway by
hw/s390x/ipl.c.
Cc: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Thomas Huth <huth@tuxfamily.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <1427295389-5054-1-git-send-email-pbonzini@redhat.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Processing for READ_VQ_CONF needs to check whether the requested queue
value is actually in the supported range and post a channel program
check if not.
Cc: qemu-stable@nongnu.org
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
VIRTIO_PCI_QUEUE_MAX is already too big; a malicious guest would be
able to trigger a write beyond the VirtQueue structure.
Cc: qemu-stable@nongnu.org
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Many bits in the CMD register are supposed to be strictly read-only.
We should not be deleting them on every write.
As a side-effect: pay explicit attention to when a guest marks off
the FIS Receive or Start bits, and disable the status bits ourselves,
instead of letting them implicitly fall off.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1426283454-15590-3-git-send-email-jsnow@redhat.com
The FIS Receive Buffer and Command List Buffer pointers
should not be edited while the FIS receive engine or
Command Receive engines are running.
Currently, we attempt to re-map the buffers every time they
are adjusted, but while the AHCI engines are off, these registers
may contain stale values, so we should not attempt to re-map these
values until the engines are reactivated.
Reported-by: Jordan Hargrave <jharg93@gmail.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1426283454-15590-2-git-send-email-jsnow@redhat.com
It's detected by coverity.In is_vlan_packet s->mac_reg[VET] is
unsigned int but is dereferenced as a narrower unsigned short.
This may lead to unexpected results depending on machine
endianness.
Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Message-id: 1426224119-8352-1-git-send-email-zhaoshenglong@huawei.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The shift operation on nlb gives a 32 bit result if no type cast is
applied. This bug was reported by Coverity.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Message-id: 1426348844-8793-1-git-send-email-sw@weilnetz.de
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
VirtIOSCSIVring which allocated in virtio_scsi_vring_init
should be free when dataplane has been stopped or failed to start.
Signed-off-by: Ting Wang <kathy.wangting@huawei.com>
Message-Id: <1427355752-25844-1-git-send-email-kathy.wangting@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Capture the explicit setting of "usb=no" into a separate bool, and
use it to skip the update of machine->usb in the board init function.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
On sPAPR we haven't supported boot once ever since it emerged, but
recently grew need for it. This patch implements boot once logic
to it.
While at it, we also move to the new bootdevice handling that got
introduced to the tree recently.
Reported-by: Dinar Valeev <dvaleev@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
This fixes potential runtime crashes and two warnings from Coverity.
The new error message does not add a prefix "qemu:" because that is
already done in function hw_error. It also starts with an uppercase
letter because that seems to be the mostly used form.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
[agraf: fix typo]
Signed-off-by: Alexander Graf <agraf@suse.de>
Commit 0b183fc871:"memory: move mem_path handling to
memory_region_allocate_system_memory" split memory_region_init_ram and
memory_region_init_ram_from_file. Also it moved mem-path handling a step
up from memory_region_init_ram to memory_region_allocate_system_memory.
Therefore for any board that uses memory_region_init_ram directly,
-mem-path is not supported.
Fix this by replacing memory_region_init_ram with
memory_region_allocate_system_memory.
Signed-off-by: Dirk Mueller <dmueller@suse.com>
Message-Id: <CAL5wTH7o8uA59Ep0n41i0M19VFWa73n9m172j2W3fjz6=PSVBA@mail.gmail.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit 0b183fc871:"memory: move mem_path handling to
memory_region_allocate_system_memory" split memory_region_init_ram and
memory_region_init_ram_from_file. Also it moved mem-path handling a step
up from memory_region_init_ram to memory_region_allocate_system_memory.
Therefore for any board that uses memory_region_init_ram directly,
-mem-path is not supported.
Fix this by replacing memory_region_init_ram with
memory_region_allocate_system_memory.
Signed-off-by: Dirk Mueller <dmueller@suse.com>
Message-Id: <CAL5wTH4-=HJUvwBu+2o6jGanJesJOyNf3sL8-5+d_-6C3cWBfA@mail.gmail.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Acked-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit 0b183fc871:"memory: move mem_path handling to
memory_region_allocate_system_memory" split memory_region_init_ram and
memory_region_init_ram_from_file. Also it moved mem-path handling a step
up from memory_region_init_ram to memory_region_allocate_system_memory.
Therefore for any board that uses memory_region_init_ram directly,
-mem-path is not supported.
Fix this by replacing memory_region_init_ram with
memory_region_allocate_system_memory.
Signed-off-by: Dirk Mueller <dmueller@suse.com>
Message-Id: <CAL5wTH6X-GsT1AA8kEtP_e7oZWGZgi=fCcDfSs3wLgJN30DbUw@mail.gmail.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
We don't validate the backend queue numbers against bus limitation,
this will easily crash qemu if it exceeds the limitation which will
hit the abort() in virtio_del_queue(). An example is trying to
starting a virtio-net device with 256 queues. E.g:
./qemu-system-x86_64 -netdev tap,id=hn0,queues=256 -device
virtio-net-pci,netdev=hn0
Fixing this by doing the validation and fail early.
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: qemu-stable <qemu-stable@nongnu.org>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
commit 9b70c1790a
virtio-serial: switch to standard-headers
changes virtio_console_config size from 8 to 12 bytes:
it adds an optional 4 byte emerg_wr field.
As this crosses a power of two boundary, this changes the PCI BAR size,
which breaks migration compatibility with old qemu machine types.
It's probably a problem for other transports as well.
As a temporary fix, as we don't yet support this new field anyway,
simply make the config size smaller at init time.
Long terms we probably want something along the lines
of virtio_net_set_config_size.
Reported-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Cole Robinson <crobinso@redhat.com>
This fixes these gcc warnings (not enabled in default build):
hw/acpi/aml-build.c:83:5: warning:
function might be possible candidate for ‘gnu_printf’ format attribute [-Wsuggest-attribute=format]
hw/acpi/aml-build.c:88:5: warning:
function might be possible candidate for ‘gnu_printf’ format attribute [-Wsuggest-attribute=format]
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
It is wrong to use address_space_memory directly, because there could be an
IOMMU in the middle. Passing the entire PVSCSIRingInfo to RS_GET_FIELD
and RS_SET_FIELD makes it easy to go back to the PVSCSIState.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
If the guest programs a sufficiently large timeout value an integer
overflow can occur in i6300esb_restart_timer(). e.g. if the maximum
possible timer preload value of 0xfffff is programmed then we end up with
the calculation:
timeout = get_ticks_per_sec() * (0xfffff << 15) / 33000000;
get_ticks_per_sec() returns 1000000000 (10^9) giving:
10^9 * (0xfffff * 2^15) == 0x1dcd632329b000000 (65 bits)
Obviously the division by 33MHz brings it back under 64-bits, but the
overflow has already occurred.
Since signed integer overflow has undefined behaviour in C, in theory this
could be arbitrarily bad. In practice, the overflowed value wraps around
to something negative, causing the watchdog to immediately expire, killing
the guest, which is still fairly bad.
The bug can be triggered by running a Linux guest, loading the i6300esb
driver with parameter "heartbeat=2046" and opening /dev/watchdog. The
watchdog will trigger as soon as the device is opened.
This patch corrects the problem by using muldiv64(), which effectively
allows a 128-bit intermediate value between the multiplication and
division.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Message-Id: <1427075508-12099-3-git-send-email-david@gibson.dropbear.id.au>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The IO operations for the i6300esb watchdog timer are marked as
DEVICE_NATIVE_ENDIAN. This is not correct, and - as a PCI device - should
be DEVICE_LITTLE_ENDIAN.
This allows i6300esb to work on ppc targets (yes, using an Intel ICH
derived device on ppc is a bit odd, but the driver exists on the guest
and there's no more obviously suitable watchdog device).
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Message-Id: <1427075508-12099-2-git-send-email-david@gibson.dropbear.id.au>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The fw_cfg documentation says this of the revision key (0x0001, FW_CFG_ID):
> A 32-bit little-endian unsigned int, this item is used as an interface
> revision number, and is currently set to 1 by all QEMU architectures
> which expose a fw_cfg device.
arm/virt doesn't. It could be argued that that's an error in
"hw/arm/virt.c"; on the other hand, all of the other fw_cfg providing
boards set the interface version to 1 manually, despite the device
coming from the same, shared implementation. Therefore, instead of
adding
fw_cfg_add_i32(fw_cfg, FW_CFG_ID, 1);
to arm/virt, consolidate all such existing calls in the fw_cfg
initialization code.
Signed-off-by: Gabriel Somlo <somlo@cmu.edu>
Message-Id: <1426789244-26318-1-git-send-email-somlo@cmu.edu>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This does not bother DMA, because DMA generally transfers
the entire SGList in one shot if it can.
PIO, on the other hand, tries to transfer just one sector
at a time, and will make multiple visits to the sglist
to fetch memory addresses.
Fix the memory address calculaton when we have an offset
by moving the offset addition OUTSIDE of the le64_to_cpu
calculation.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Tested-by: Andreas Färber <afaerber@suse.de>
Message-id: 1426811056-2202-4-git-send-email-jsnow@redhat.com
Similar to the cmd_write_pio fix, update the nsector count and
ide sector before we invoke ide_transfer_start.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Tested-by: Andreas Färber <afaerber@suse.de>
Message-id: 1426811056-2202-3-git-send-email-jsnow@redhat.com
We need to adjust the sector being written to
prior to calling ide_transfer_start, otherwise
we'll write to the same sector again.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Tested-by: Andreas Färber <afaerber@suse.de>
Message-id: 1426811056-2202-2-git-send-email-jsnow@redhat.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABCAAGBQJVCyYhAAoJECgHk2+YTcWmKl0P+wSBnfMCIMhKLmrqI6N8NKWT
RJV7EJaaY/ek/Ca4/fs6PZxGsfRDZ2KyGgP3rfM2tArW954Slw4eIpg/TlUFfcR1
M0kMoeEjh1tOeZjkMzSWuQoTjslSazMU+EeNzzykc2GR5uQthjJPqiJXqpsXoMmN
HvvwkoyWc3IE1qE2jdlRjfZg3k7HDEGUP92oR5/wrHuE2wK7QHNCrzt1Ej+aF1eW
s2neC//Q3CJXpbsAOMG7SbL/5C1k7tlmLGKs6LID5Q/kozxZUedOC7UIi43H3KbY
TsXPhggyETnnZ7b4hK3zbJEOjrcgBWq7houcERrDzFG5XK+4tOBOYN7KL8mL+MbJ
G3GkitC2Jdng/bmrSpT9GtPhDEmhx1JUNqSRoUt6YN1UxSsCATgLi0TBbKouFBGI
IY0aM1/WHV8m9ksOPWAcz0OG9kywt53jKbWaKIouDADGI9BEOsoK7+py8Kq3bbTV
92M4vCkX752z1wJgEwE7SIXvM3kCfm0C1tjvIipNlgMm9M+yM/FEX9xSmW3q36Sq
Vmn+2oMk+x6yntmdaYVWJKhqFWSriJQyfobgvk30enmvCmKKtBXo9i/WcjxvldVh
Zi6guaz8AG6bAigrZja7sGqnld7rZ7qgbJe8bNATGrgjT8Nrr2D3+DsdwTK/76nJ
pG9uGb/rtc5ZfDzDf+qd
=BNKx
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/ehabkost/tags/x86-pull-request' into staging
X86 queue 2015-03-19
# gpg: Signature made Thu Mar 19 19:40:17 2015 GMT using RSA key ID 984DC5A6
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF D1AA 2807 936F 984D C5A6
* remotes/ehabkost/tags/x86-pull-request:
target-i386: Haswell-noTSX and Broadwell-noTSX
Revert "target-i386: Disable HLE and RTM on Haswell & Broadwell"
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABCAAGBQJVCyLBAAoJECgHk2+YTcWm0kQP/09B1s3b32dABR6YsFFfeziS
I5GWzvwOh1HMMVx1sCrGbC/fvqavLqgfG/87Q+1ijGM6vAGMspGgxgFoCs50Tdrm
0jxrDODHFzuHZDhxk38rj5B8L6wEyrLzEpJYDZ6OzM0zuZU7/uoNjT9IqkzlFHFi
1BHxrttFLiGe9sRaVu8f60tmxpixgxRaj2o5ru3Cgt38YIVQ3Wl0XjZxXlAZI0Pu
C59HaBipPVYRNiNpasYPA9C5grjT01EtHgs3bUfKUz9tsrjvDaVFiQHIb7g+bUIV
J/0av8UwLtTnDovKqv4VxO31xugzTAPWzZU37bwhhGAgG8DlHyENzrrAfihy9TUQ
YQNm6y+0K+Mjtf5nDAoSmkAEBxLMyNo1SCbAFinL6xy1QaH/KYuCKS/RN7GuNgZZ
SQW3EFIoXacVPL0AQiBccOGZG03EOk9AJh4EdC2+QI73H/ZzZgQpLDuw+wWLxwip
s3piz9CUUXEKuqWaCWqJk3W1lmM35gwpzHOMRKbxCzHuX2aOPkO5pKeyliG7cmFI
sdmt6bB+lKL4EAm0bB2xeOzPC4wFgZa3ePu1wBrS7euWoUWuvkStm2C0QvLy7vpq
to7IPlBrhf/5QSLi4HIMYJ68kbf9fxDWW291LzKowDppAHtxLXkgYpnFHHOSk5YI
51cc/NuCGt9k+i7+Dtvm
=gCrW
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/ehabkost/tags/work/numa-verify-cpus-pull-request' into staging
NUMA queue 2015-03-19
# gpg: Signature made Thu Mar 19 19:25:53 2015 GMT using RSA key ID 984DC5A6
# gpg: Can't check signature: public key not found
* remotes/ehabkost/tags/work/numa-verify-cpus-pull-request:
numa: Print warning if no node is assigned to a CPU
pc: fix default VCPU to NUMA node mapping
numa: introduce machine callback for VCPU to node mapping
numa: Reject configuration if CPU appears on multiple nodes
numa: Reject CPU indexes > max_cpus
numa: Fix off-by-one error at MAX_CPUMASK_BITS check
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
When hot-unplugging the usb controllers (ehci/uhci),
we have to clean all resouce of these devices,
involved registered reset handler. Otherwise, it
may cause NULL pointer access and/or segmentation fault
if we reboot the guest os after hot-unplugging.
Let's hook up reset via DeviceClass->reset() and drop
the qemu_register_reset() call. Then Qemu will register
and unregister the reset handler automatically.
Cc: qemu-stable <qemu-stable@nongnu.org>
Reported-by: Lidonglin <lidonglin@huawei.com>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
When hot-unplugging the usb controllers (ehci/uhci),
we have to clean all resouce of these devices,
involved registered reset handler. Otherwise, it
may cause NULL pointer access and/or segmentation fault
if we reboot the guest os after hot-unplugging.
Let's hook up reset via DeviceClass->reset() and drop
the qemu_register_reset() call. Then Qemu will register
and unregister the reset handler automatically.
Ohci does't support hotplugging/hotunplugging yet, but
existing resource cleanup leak logic likes ehci/uhci.
Cc: qemu-stable <qemu-stable@nongnu.org>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
When hot-unplugging the usb controllers (ehci/uhci),
we have to clean all resouce of these devices,
involved registered reset handler. Otherwise, it
may cause NULL pointer access and/or segmentation fault
if we reboot the guest os after hot-unplugging.
Let's hook up reset via DeviceClass->reset() and drop
the qemu_register_reset() call. Then Qemu will register
and unregister the reset handler automatically.
Cc: qemu-stable <qemu-stable@nongnu.org>
Reported-by: Lidonglin <lidonglin@huawei.com>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This reverts commit 13704e4c45.
With the Intel microcode update that removed HLE and RTM, there will be
different kinds of Haswell and Broadwell CPUs out there: some that still
have the HLE and RTM features, and some that don't have the HLE and RTM
features. On both cases people may be willing to use the pc-*-2.3
machine-types.
So instead of making the CPU model results confusing by making it depend
on the machine-type, keep HLE and RTM on the existing Haswell and
Broadwell CPU models. The plan is to introduce "Haswell-noTSX" and
"Broadwell-noTSX" CPU models later, for people who have CPUs that don't
have TSX feature available.
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Since commit
dd0247e0 pc: acpi: mark all possible CPUs as enabled in SRAT
Linux kernel actually tries to use CPU to Node mapping from
QEMU provided SRAT table instead of discarding it, and that
in some cases breaks build_sched_domains() which expects
sane mapping where cores/threads belonging to the same socket
are on the same NUMA node.
With current default round-robin mapping of VCPUs to nodes
guest ends-up with cores/threads belonging to the same socket
being on different NUMA nodes.
For example with following CLI:
qemu-system-x86_64 -m 4G \
-cpu Opteron_G3,vendor=AuthenticAMD \
-smp 5,sockets=1,cores=4,threads=1,maxcpus=8 \
-numa node,nodeid=0 -numa node,nodeid=1
2.6.32 based kernels will hang on boot due to incorrectly built
sched_group-s list in update_sd_lb_stats()
Replacing default mapping with a manual, where VCPUs belonging to
the same socket are on the same NUMA node, fixes the issue for
guests which can't handle nonsense topology i.e. changing CLI to:
-numa node,nodeid=0,cpus=0-3 -numa node,nodeid=1,cpus=4-7
So instead of simply scattering VCPUs around nodes, provide
callback to map the same socket VCPUs to the same NUMA node,
which is what guests would expect from a sane hardware/BIOS.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Users of virtio-serial may want to know when a port becomes writable. A
port can stop accepting writes if the guest port is open but not being
read from. In this case, data gets queued up in the virtqueue, and
after the vq is full, writes to the port do not succeed.
When the guest reads off a vq element, and adds a new one for the host
to put data in, we can tell users the port is available for more writes,
via the new ->guest_writable() callback.
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Just a bunch of bugfixes. Should be nothing remarkable here.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJVCXAHAAoJECgfDbjSjVRp6zcH/A1NwWCefPfGj2wLc/GdhKJ4
NcxNYQwNh/C687BKV+iBFvUqh+G1lkuoz7OYX+EGvzadqeWmDX7uIhCm8z01aqb0
La/afm/JyB22Vz7Za1od+JUyjwSJoyBiD/1OI/lS6/6fPLtj1vwnyC4V6zmJgXDt
OvWKYk/xexMSnQH8Gutw74Kasdvh+ui1l2T1Ti5VlYY5Ea6a36dDxqKhdMOdMOpE
5zAQHNGYihtQhxjJPUdvoCR0zNknNGd62XpMBk7mEvB98yCZnLLZ/HnbeDjUV9gN
Lj8yG1nbsiGA2uu4XHD+PTHW3wN0K/DDM9XDDGOHuh7jsBB7XSrVBD/TnQuUmUg=
=sL0e
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
pci, virtio bugfixes for 2.3
Just a bunch of bugfixes. Should be nothing remarkable here.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Wed Mar 18 12:31:03 2015 GMT using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67
# Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469
* remotes/mst/tags/for_upstream:
pcie_aer: fix comment to match pcie spec
pci: fix several trivial typos in comment
aer: fix a wrong init PCI_ERR_COR_STATUS w1cmask type register
pcie_aer: fix typos in pcie_aer_inject_error comment
aer: fix wrong check on expose aer tlp prefix log
pcie: correct mistaken register bit for End-End TLP Prefix Blocking
virtio: Fix memory leaks reported by Coverity
virtio: validate the existence of handle_output before calling it
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Coverity reports a truncation due to cast operation on operand
reltab->sh_size from 64 bits to 32 bits for calls of load_at.
Fix the types of the function arguments to match their use in
function load_at: the offset is used for lseek which takes an
off_t parameter, the size is used for g_malloc and read.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
The pc-dimm option presented on device list (by argument "-device \?")
is the unique option that don't have any information about it. This
patch adds a description for the pc-dimm device to help users to
identify it.
Signed-off-by: Paulo Vital <paulo.vital@profitbricks.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
This is a continuation of the work started in commit 565f65d27:
"error: Use error_report_err() where appropriate"
Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Cc: Michael Tokarev <mjt@tls.msk.ru>
Cc: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Code comment says "table 6-2" but in fact it's is not a table, it is
"Figure 6-2" on page 479.
Cc: Chen Fan <chen.fan.fnst@cn.fujitsu.com>
Reported-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Error Status Register, so this patch fix a wrong definition
for PCI_ERR_COR_STATUS register with w1cmask type.
Signed-off-by: Chen Fan <chen.fan.fnst@cn.fujitsu.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Refer to "PCI Express Base Spec3.0", this comments can't
fit the description in spec, so we should fix them.
Signed-off-by: Chen Fan <chen.fan.fnst@cn.fujitsu.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
when specify TLP Prefix log as using pcie_aer_inject_error,
the TLP prefix log is always discarded. because the check
is incorrect, the End-End TLP Prefix Supported bit
(PCI_EXP_DEVCAP2_EETLPP) should be in Device Capabilities 2 Register.
Signed-off-by: Chen Fan <chen.fan.fnst@cn.fujitsu.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
from pcie spec 7.8.17, the End-End TLP Prefix Blocking bit local
is 15(e.g. 0x8000) in device control 2 register.
Signed-off-by: Chen Fan <chen.fan.fnst@cn.fujitsu.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
if k->set_host_notifier failed, VirtIOSCSIVring *r will leak
Signed-off-by: Bo Su <subo7@huawei.com>
Message-Id: <1426671732-80213-1-git-send-email-subo7@huawei.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Hotplugging a scsi-disk may trigger the assertion in qemu_sgl_concat.
qemu-system-x86_64: qemu/hw/scsi/virtio-scsi.c:115: qemu_sgl_concat:
Assertion `skip == 0' failed.
This is introduced by commit 55783a55 (virtio-scsi: work around bug in
old BIOSes) which didn't check out_num when accessing out_sg[0].iov_len
(the same to in sg). For virtio_scsi_push_event, looking into out_sg
doesn't make sense because 0 req_size is intended.
Cc: qemu-stable@nongnu.org
[Cc'ing qemu-stable because 55783a55 did it too]
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-Id: <1426233354-525-1-git-send-email-famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Boards that do not include an USB controller should not provide
USB devices. However, when running "qemu-system-s390x -device help"
for example, there's still a usb-hub, usb-kbd, usb-mouse and
usb-tablet in the list of "supported" devices. Let's fix that
by compiling and linking the USB files only if it is really
necessary.
Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* QTest for PC X86CPU
* Confinement of ICC bridge X86CPU parenting to PC code
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABAgAGBQJVCEbzAAoJEPou0S0+fgE/0CQQAK7LPJgLXD7tvbD7nhX+E+Vl
8OeawRKag367b1yqHGgdAd4JxTSSFDzjqif67OYAG5xRuA53tZ6BdccWlnLUYYbW
+v2931HR+E4KztVHato7qdq0lVmbv9N9kg44KQPPuX8cNvJIliT/ap3SKc9btSp3
I10QtM41+KqzJYa6TBzkpij12AbzOD153STrdmiasIIQc4SMKuAZRA/A14fLazj9
iraIRLQQ1gvKPuL/4eCGN65sxXHq93ga0LeU2L2slPxm8jJ1BzgzFTDJtcXSG4Sj
CQCmDCAn8BFoom3HP5REg6u0p/d1+UbBCl9S/YjUiA5lDSrJh+8xSZ4zcwAGHcXQ
LzRKxZ18TJnpg4qcohikl43NkDmCKpqbj1T5QRrFlUp5pcia7tqlREwOTJTu8YpX
gMvdMrshJ0nM2BrdTXpkeQRP4hTKJ4pbaT15FIbxAFAqwihHW07pYU1mE0enmFb+
cA4yJTT4D4qwUFGm3OJEk/jsQmEpAoD7lz2MSjBVZiX1Crprs7ETGKalVDxDYBga
CaTxJp5nZhgwEbgmKx5/AxnohMVEs40+sXieNHkFhOZ8DOJ+/kAClBmqHakR8ENg
G6B1/gN3Gr5fSTEdppXAbvDe7g8qpC9gWkV7kwFie/MykrmDWDnivvVKxt9PlRgC
DUhHfcNCISWNvaBZWc31
=fe5i
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/afaerber/tags/qom-cpu-for-peter' into staging
QOM CPUState and X86CPU
* QTest for PC X86CPU
* Confinement of ICC bridge X86CPU parenting to PC code
# gpg: Signature made Tue Mar 17 15:23:31 2015 GMT using RSA key ID 3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg: aka "Andreas Färber <afaerber@suse.com>"
* remotes/afaerber/tags/qom-cpu-for-peter:
target-i386: Remove icc_bridge parameter from cpu_x86_create()
tests: Add PC CPU test
pc: Suppress APIC ID compatibility warning for QTest
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Instead of passing icc_bridge from the PC initialization code to
cpu_x86_create(), make the PC initialization code attach the CPU to
icc_bridge.
The only difference here is that icc_bridge attachment will now be done
after x86_cpu_parse_featurestr() is called. But this shouldn't make any
difference, as property setters shouldn't depend on icc_bridge.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Move non-qdev-gpio[*] from /machine into /machine/unattached.
For the PC this moves 25 nodes from the stable namespace into the unstable.
Cc: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Tested-by: Alistair Francis <alistair.francis@xilinx.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
qerror_report_err() is a transitional interface to help with
converting existing monitor commands to QMP. It should not be used
elsewhere.
usb_msd_password_cb() is only called from within an HMP command
handler. Replace by error_report_err().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
When the image is encrypted, QMP device_add creates the device, defers
actually attaching it to when the key becomes available, then returns
an error. This is wrong. device_add must either create the device
and succeed, or do nothing and fail.
The bug is in usb_msd_realize_storage(). It posts an error with
qerror_report_err(), and returns success. Device realization relies
on the return value, and completes. The QMP monitor, however, relies
on the posted error, and sends it in an error reply.
Reproducer:
$ qemu-system-x86_64 -nodefaults -display none -usb -qmp stdio -drive if=none,id=foo,file=geheim.qcow2
{"QMP": {"version": {"qemu": {"micro": 50, "minor": 2, "major": 2}, "package": ""}, "capabilities": []}}
{ "execute": "qmp_capabilities" }
{"return": {}}
{ "execute": "device_add", "arguments": { "driver": "usb-storage", "id": "bar", "drive": "foo" } }
{"error": {"class": "DeviceEncrypted", "desc": "'foo' (geheim.qcow2) is encrypted"}}
Even though we got an error back, the device got created just fine.
To demonstrate, let's unplug it again:
{"execute":"device_del","arguments": { "id": "bar" } }
{"timestamp": {"seconds": 1426003440, "microseconds": 237181}, "event": "DEVICE_DELETED", "data": {"path": "/machine/peripheral/bar/bar.0/legacy[0]"}}
{"timestamp": {"seconds": 1426003440, "microseconds": 238231}, "event": "DEVICE_DELETED", "data": {"device": "bar", "path": "/machine/peripheral/bar"}}
{"return": {}}
Fix by making usb_msd_realize_storage() fail properly.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
monitor_read_bdrv_key_start() does several things:
1. If no key is needed, call completion_cb() and succeed
2. If we're in QMP context, call qerror_report_err() and fail
3. Start reading the key in the monitor.
This is two things too many. Inline 1. and 2. into its callers
monitor_read_block_device_key() and usb_msd_realize_storage().
Since monitor_read_block_device_key() only ever runs in HMP context,
drop 2. there.
The next commit will clean up the result in usb_msd_realize_storage().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit 457215ec "ohci: Use QOM realize for OHCI" converted only
"sysbus-ohci". Finish the job: convert "pci-ohci".
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The previous commit broke the additional messages explaining the error
messages. Improve the error messages, so they don't need explaining
so much. Helps QMP users as well, unlike additional explanations.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This loses the messages explaining the error printed with
error_printf_unless_qmp(). The next commit will make up for the loss.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Use DeviceClass::realize() and TypeInfo::instance_init() instead of
the deprecated SysBusDevice::init().
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABCAAGBQJVBtxlAAoJEPSH7xhYctcjokAQALpZdRqCAS89MSFfFMj0uSE+
YL2jELoMHYoOutq7quc/dF5wpQpYeSWYAzcHBpdo63j9VlnoKfQ0CaOGdevnwhZT
KUg9S+9UtvcqJUteZyd/JtY6HA83jXElJB6siTUMHJmdgYY4i5HSfUeYe/jqsfdT
W2TYJQPMu1ecGFAjKJQafZRO0q5gYfR2XeEiAsdynIVvccPFKMKnE5CtoPnJtTPb
83O36K3wi4lg0AgB7ti8QcNSf3JS2WuluKXG1TxrgoxfWAVQ0SQ79pq7xVZ7c4IZ
BErm7ihhlOP/DlGaNsPzcYwVsP6uksm1TE/PO63QoWBxaVjmLPkV0ZLKbGkR8Cr0
ulk/BUSAjXzMDoloVqz27e2SCrCA0p7tpGJ9nw/2xv01GNcVO6EFAJDHFLv8HmnH
yVZDQnqO5wJkrUu5U5WQ1tKIktRZFRoyR0D6nzhAKSOWqFCOKMID6TH8ixmGSxA7
HHzSxs48GHu9pztZ1tNqON1r1Ets5I+Zy760wC60DPeOrSlkcEvgRzfNF26V9cY/
VSp8QedX5RE509HYvh73fVT5+brwPHMs36OSe/LSc4tomXZq83RjfDRjwYrAAAjW
nBugr0hyBrATLiPQSYgt+GNly4Qg09jwkTvRcQqcNf22zKdFM4zjf+wvrbH/+9xa
ZTuPQUSpHMNS3mv/Gj3b
=DZVy
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/juanquintela/tags/migration/20150316' into staging
migration/next for 20150316
# gpg: Signature made Mon Mar 16 13:36:37 2015 GMT using RSA key ID 5872D723
# gpg: Can't check signature: public key not found
* remotes/juanquintela/tags/migration/20150316:
pc: Disable vmdesc submission for old machines
migration: Allow to suppress vmdesc submission
migration: Read JSON VM description on incoming migration
rename save_block_hdr to save_page_header
save_block_hdr: we can recalculate the cont parameter here
save_xbzrle_page: change calling convention
ram_save_page: change calling covention
ram_find_and_save_block: change calling convention
ram: make all save_page functions take a uint64_t parameter
Add migrate_incoming
Add -incoming defer
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
All four leaks are similar, so fix them in one patch.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
We don't validate the existence of handle_output which may let a buggy
guest to trigger a SIGSEV easily. E.g:
1) write 10 to queue_sel to a virtio net device with only 1 queue
2) setup an arbitrary pfn
3) then notify queue 10
Fixing this by validating the existence of handle_output before.
Cc: qemu-stable@nongnu.org
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Don Koch <dkoch@verizon.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
* fix handling of execute-never bits in page table walks
* tell kernel to initialize KVM GIC in realize function
* fix handling of STM (user) with r15 in register list
* ignore low bit of PC in M-profile exception return
* fix linux-user get/set_tls syscalls on CPUs with TZ
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABCAAGBQJVBs7oAAoJEDwlJe0UNgzeyFMP/Re3884RXnk5Mc9+57mwJOCh
NjVOiNskvFWwSxmOBWK0Zestr1MWp9zsnr27dj6wu9EqIlSTLbknl8ttnHnHdSrj
C21mD3H/1DXmQyIysHa3g61BQAuOU9UGgG8PSgK6z8IFM7x0+ntcyEzR8BL2qjHU
9YyvENrmbbVaY8/YfvAdqs0d4mp6RVwzPrb/t35CkX0nI2rgGX+wNTsqH/UCIpNb
eD1YeSaUJnaxODhZlZUcTR/D7wAzUmPtp7Le5qwMSH4jm6LTPSAQ2B5WFAfLodGO
Tpb8sXUAAJymnLOjPchYACEH/tS+yLTN40aTYXgq/sc7b6uCwRvEfZzVjJ3cn6Cf
ZEtP2ZwevzS2Uy17tfYs6fxgAdh07dB/lUif5lCg5tvlYa531HhH1uq0QplSxhDR
/uXvl8Q/tAVXLnWDh0uydZ7NuqEv7P+25feL7sAT5I/VUWgYCs3RhwE1lU1JMwih
yMKipD93bg+z7PqtOW/GHjIKyai7yTKhaVNS+BGZaqOIfqWSTFJ0NPFK0SK67kou
+38OMHtORaAnKGFbkBnJQGVjHTgzWPol9r1KuVgsa5zZvhDtNGNhk0A0xLil/Qkh
jwj1O5y+xtYI+JXIDucbcEySwL/RpzEOSKbd7OTsmTVNqhKqoomKUy5e0w/zG1v6
RFuUdUzabLTzT3uqwL+I
=uK1h
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20150316' into staging
target-arm queue:
* fix handling of execute-never bits in page table walks
* tell kernel to initialize KVM GIC in realize function
* fix handling of STM (user) with r15 in register list
* ignore low bit of PC in M-profile exception return
* fix linux-user get/set_tls syscalls on CPUs with TZ
# gpg: Signature made Mon Mar 16 12:39:04 2015 GMT using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
* remotes/pmaydell/tags/pull-target-arm-20150316:
linux-user: Access correct register for get/set_tls syscalls on ARM TZ CPUs
target-arm: Ignore low bit of PC in M-profile exception return
target-arm: Fix handling of STM (user) with r15 in register list
hw/intc/arm_gic: Initialize the vgic in the realize function
target-arm: get_phys_addr_lpae: more xn control
target-arm: fix get_phys_addr_v6/SCTLR_AFE access check
target-arm: convert check_ap to ap_to_rw_prot
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Older PC machine types might by accident be backwards live migration compatible,
but with the new vmdesc self-describing blob in our live migration stream we
would break that compatibility.
Also users wouldn't expect massive behaviorial differences when updating to a
new version of QEMU while retaining their old machine type, especially not
potential breakage in tooling around live migration.
So disable vmdesc submission for old PC machine types.
Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
We now always send a JSON blob describing the migration file format as part
of the migration stream. However, some tools built around QEMU have proven
to stumble over this.
This patch gives the user the chance to disable said self-describing part of
the migration stream. To disable vmdesc submission, just add
-machine suppress-vmdesc=on
to your QEMU command line.
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Juan Quintela <quintela@redhat.com>
* remotes/kvaneesh/for-upstream:
virtio: Fix memory leaks reported by Coverity
virtfs-proxy: Fix possible overflow
fsdev/virtfs-proxy-helper: Fix improper use of negative value
hw/9pfs/virtio-9p-posix-acl: Fix out-of-bounds access
9pfs-proxy: tiny cleanups in proxy_pwritev and proxy_preadv
9pfs-local: simplify/optimize local_mapped_attr_path()
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This patch forces vgic initialization in the vgic realize function.
It uses a new group/attribute that allows such operation:
KVM_DEV_ARM_VGIC_GRP_CTRL/KVM_DEV_ARM_VGIC_CTRL_INIT
This earlier initialization allows, for example, to setup VFIO
signaling and irqfd after vgic initialization, on a reset notifier.
Signed-off-by: Eric Auger <eric.auger@linaro.org>
Message-id: 1426094226-8515-1-git-send-email-eric.auger@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The sei_nt2 event must contain the length of the event.
Signed-off-by: Frank Blaschka <blaschka@linux.vnet.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Message-Id: <1426164834-38648-7-git-send-email-jfrei@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
load_image_targphys already checks the max size and will return
an error code. So the follow-on check will never trigger.
Signed-off-by: Dominik Dingel <dingel@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Message-Id: <1426164834-38648-6-git-send-email-jfrei@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
The function s390_virtio_bus_console() is completely unused and thus
can be removed safely.
Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Message-Id: <1426164834-38648-5-git-send-email-jfrei@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Check for the aes_key_wrap and dea_key_wrap machine options and set the
appropriate KVM device attribute(s) to tell the kernel to enable or disable
the AES/DEA protected key functions for the guest domain.
This patch introduces two new machine options for indicating the state of
AES/DEA key wrapping functions. This controls whether the guest will
have access to the AES/DEA crypto functions.
aes_key_wrap="on | off" is changed to aes-key-wrap="on | off"
dea_key_wrap="on | off" is changed to dea-key-wrap="on | off"
Check for the aes-key-wrap and dea-key-wrap machine options and set the
appropriate KVM device attribute(s) to tell the kernel to enable or disable
the AES/DEA protected key functions for the guest domain.
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Tony Krowiak <akrowiak@linux.vnet.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Message-Id: <1426164834-38648-4-git-send-email-jfrei@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
All fields in structures transmitted by ccws are big endian; assure
we handle them as such.
Reviewed-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Message-Id: <1426067871-17693-2-git-send-email-cornelia.huck@de.ibm.com>
Synchronizes the guest TOD clock across a migration by sending the guest TOD
clock value to the destination system. If the guest TOD clock is not preserved
across a migration then the guest's view of time will snap backwards if the
destination host clock is behind the source host clock. This will cause the
guest to hang immediately upon resuming on the destination system.
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Jason J. Herne <jjherne@linux.vnet.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Message-Id: <1425912968-54387-1-git-send-email-jfrei@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
s390_flic_init() is a helper to create and realize either
"s390-flic-kvm" or "s390-flic-qemu". When qdev_init() fails, it
complains to stderr and succeeds.
Except it can't actually fail, because the "s390-flic-qemu" is a dummy
without a realize method, and "s390-flic-kvm"'s realize can't fail,
even when the kernel device is really unavailable. Odd.
Replace qdev_init() by qdev_init_nofail() to make "can't fail" locally
obvious, and get rid of the unreachable error reporting.
Cc: Christian Borntraeger <borntraeger@de.ibm.com>
Cc: Cornelia Huck <cornelia.huck@de.ibm.com>
Cc: Alexander Graf <agraf@suse.de>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Message-Id: <1423128889-18260-4-git-send-email-armbru@redhat.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
All four leaks are similar, so fix them in one patch.
Success path was not doing memory free.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
It's detected by coverity. The socket name specified
should fit in the sockadd_un.sun_path. If not abort.
Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Rename config option from "glx" to "opengl", glx will not be the only
option for opengl in near future. Also switch over to pkg-config for
opengl support detection.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Don't compare syscall return with -1, use "<0" condition.
Don't introduce useless local variables when we already
have similar variable
Rename local variable to be consistent with other usages
Finally make the two methods, read and write, to be similar to each other
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Omit one unnecessary memory allocation for components
of the path and create the resulting path directly given
lengths of the components.
Do not use basename(3) because there are 2 versions of
this function which differs when argument ends with
slash character, use strrchr() instead so we have
consistent result. This also makes sure the function
will do the right thing in corner cases (eg, empty
pathname is given), when basename(3) return entirely
another string.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
A bunch of fixes all over the place, some of the
bugs fixed are actually regressions.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJVAH/uAAoJECgfDbjSjVRprq0H/iyqLSHQIv6gNOPYQbLXOCv0
pkCeLx6kTMO9lSwxZcsZvMsYPeiEL3CHRKJcEjq0+Ap0uen0pa2Yl3WzyJcnBcib
xwkHk/UftFYAiZAzVtd4moXujvVLYNL1ukvr/wPOdIkTEn8U6K3NaT3pLooc369f
oTyQhlL3E9HJ5S6X0HXJIFwtsOIhPfS3NCLoDFbFjtb9mIsqTx7N5s2C5hctF+ir
JtyuwPx5oT73WYxoYmjSP6n/Nf5cuJdqtm6o2KijjhWWYMJ6epYVBo/DD6dIFbmJ
V/23dxpon+lvhae2c2LAVrkiJ1Boon/eMbJK/mNwpFX7vW35ataLPy6pYpaiEJs=
=RUld
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
misc fixes and cleanups
A bunch of fixes all over the place, some of the
bugs fixed are actually regressions.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Wed Mar 11 17:48:30 2015 GMT using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67
# Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469
* remotes/mst/tags/for_upstream: (25 commits)
virtio-scsi: remove empty wrapper for cmd
virtio-scsi: clean out duplicate cdb field
virtio-scsi: fix cdb/sense size
uapi/virtio_scsi: allow overriding CDB/SENSE size
virtio-scsi: drop duplicate CDB/SENSE SIZE
exec: don't include hw/boards for linux-user
acpi: specify format for build_append_namestring
MAINTAINERS: drop aliguori@amazon.com
tpm: Move memory subregion function into realize function
virtio-pci: Convert to realize()
pci: Convert pci_nic_init() to Error to avoid qdev_init()
machine: query mem-merge machine property
machine: query dump-guest-core machine property
hw/boards: make it safe to include for linux-user
machine: query phandle-start machine property
machine: query kvm-shadow-mem machine property
kvm: add machine state to kvm_arch_init
machine: query kernel-irqchip property
machine: allowed/required kernel-irqchip support
machine: replace qemu opts with iommu property
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
cdb is now part of cmd, drop it from req.
There's also nothing to check using build assert now.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Commit "virtio-scsi: use standard-headers" added
cdb and sense into req/rep structures, which
breaks uses of sizeof for these structures,
since qemu adds its own arrays on top.
To fix, redefine CDB/sense field size to 0.
Reported-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Move the memory subregion function into the DeviceClass realize function
due to isa_address_space (now) crashing if called in the instance init
function.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
qdev_init() is deprecated, and will be removed when its callers have
been weaned off it.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Running
qemu-bin ... -machine pc,mem-merge=on
leads to crash:
x86_64-softmmu/qemu-system-x86_64 -machine pc,dump-guest-core=on
qemu-system-x86_64: qemu/util/qemu-option.c:387: qemu_opt_get_bool_helper:
Assertion `opt->desc && opt->desc->type == QEMU_OPT_BOOL' failed. Aborted
(core dumped)
This happens because the commit e79d5a6 ("machine: remove qemu_machine_opts
global list") removed the global option descriptions and moved them to
MachineState's QOM properties.
Fix this by querying machine properties through designated wrappers.
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Running
qemu-bin ... -machine pc,dump-guest-core=on
leads to crash:
x86_64-softmmu/qemu-system-x86_64 -machine pc,dump-guest-core=on
qemu-system-x86_64: qemu/util/qemu-option.c:387: qemu_opt_get_bool_helper:
Assertion `opt->desc && opt->desc->type == QEMU_OPT_BOOL' failed. Aborted
(core dumped)
This happens because the commit e79d5a6 ("machine: remove qemu_machine_opts
global list") removed the global option descriptions and moved them to
MachineState's QOM properties.
Fix this by querying machine properties through designated wrappers.
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Commit e79d5a6 ("machine: remove qemu_machine_opts global list") removed
the global option descriptions and moved them to MachineState's QOM
properties.
Query phandle-start by accessing machine properties through designated
wrappers.
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Commit e79d5a6 ("machine: remove qemu_machine_opts global list") removed
the global option descriptions and moved them to MachineState's QOM
properties.
Query kvm-shadow-mem by accessing machine properties through designated
wrappers.
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Running
x86_64-softmmu/qemu-system-x86_64 -machine pc,kernel_irqchip=on -enable-kvm
leads to crash:
qemu-system-x86_64: qemu/util/qemu-option.c:387: qemu_opt_get_bool_helper:
Assertion `opt->desc && opt->desc->type == QEMU_OPT_BOOL' failed. Aborted
(core dumped)
This happens because the commit e79d5a6 ("machine: remove qemu_machine_opts
global list") removed the global option descriptions and moved them to
MachineState's QOM properties.
Fix this by querying machine properties through designated wrappers.
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The code using kernel-irqchip property requires 'allowed/required'
functionality. Replace machine's kernel_irqchip field with two fields
representing the new functionality and expose them through wrappers.
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Fixes a QEMU crash when passing iommu parameter in command line.
Running
x86_64-softmmu/qemu-system-x86_64 -machine pc,iommu=on -enable-kvm
leads to crash:
qemu-system-x86_64: qemu/util/qemu-option.c:387: qemu_opt_get_bool_helper:
Assertion `opt->desc && opt->desc->type == QEMU_OPT_BOOL' failed.
Aborted (core dumped)
This happens because commit e79d5a6 ("machine: remove qemu_machine_opts global
list") removed the global option descriptions and moved them to MachineState's
QOM properties.
Fix this by querying machine properties through designated wrappers.
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
* fix a bug in bitops.h
* implement SD card support on integratorcp
* add a missing 'compatible' property for Cortex-A57
* add Netduino 2 machine model
* fix command line parsing bug for CPU options with multiple CPUs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABCAAGBQJVAE2+AAoJEDwlJe0UNgzeK2wP/j/cMV58i+iZLw5dI3nR5M/J
YbM5wWV2VYNJQQcN5rDFGAEzYewGhDYZCjkxWF2AHw5LgpZcSbDlyCsvkRtAv9yR
f7E66C+GKx1Mhuvu9ygAy/OqzxC/cmqLbyV46IkeygKT76LLAn/guWyUy7mgbSbA
yygMmG3eaaNBJsDdm8YNFbcI3vPecc0fchDe4IsbIiZ1K6wNZH2NVk2+gQ4XXmIn
/EIYsczIU5wFsaZ7pMN/adZVKjzVmN7XnG9eeG/3cx/QIis/JFfCU5JuoJ2+BFQW
rdeeMtMcg/NUXslADlPpeUTt7gPTeBLxqYYFXPhrdUAmIUA4dh8FjcrUpq4naKj1
cbOQusbJEpkf/La3KgfOy1BjWvK8TmzaFarJcKX4V7x1Lmx0fD4It4l+NwTLnxEV
Yel3h0X0/lBGTXUnT5UBfhcj2M9ywl29m+knvVHknfMz3caVyFUNDPnt06rwAiva
VgKJ0pgzl98AlSfM1aRpzsoXMYD5DOJLwMry9PEAitWWRRrOdnha7Tm+jWXLNUot
izF4i4UJb/J5IED8K2t5iVUWaq5QY7bs3yfWfoCcNpMDoxSHuavxQpiJRwhEeJoH
0HtnAUb5A3tFEdUolrJ88LCfhfZeE0KdjQptXUTesk9VxIGFpjHcZYrPOb9+79m3
oHsE1fY0B4gY+4vI3YgE
=HTma
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20150311' into staging
target-arm queue:
* fix a bug in bitops.h
* implement SD card support on integratorcp
* add a missing 'compatible' property for Cortex-A57
* add Netduino 2 machine model
* fix command line parsing bug for CPU options with multiple CPUs
# gpg: Signature made Wed Mar 11 14:14:22 2015 GMT using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
* remotes/pmaydell/tags/pull-target-arm-20150311:
bitops.h: sextract64() return type should be int64_t, not uint64_t
integrator/cp: Implement CARDIN and WPROT signals
integrator/cp: Model CP control registers as sysbus device
target-arm: Add missing compatible property to A57
netduino2: Add the Netduino 2 Machine
stm32f205: Add the stm32f205 SoC
stm32f2xx_SYSCFG: Add the stm32f2xx SYSCFG
stm32f2xx_USART: Add the stm32f2xx USART Controller
stm32f2xx_timer: Add the stm32f2xx Timer
hw/arm/virt: fix cmdline parsing bug with CPU options and smp > 1
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
- an extension to the elf loader to allow relocations
- make the ccw bios relocatable. This allows for bigger ramdisks
or smaller guests
- Handle all slow SIGPs in QEMU (instead of kernel) for better
compliance and correctness
- tell the KVM module the maximum guest size. This allows KVM
to reduce the number or page table levels
- Several fixes/cleanups
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
iQIcBAABAgAGBQJVABYpAAoJEBF7vIC1phx8M/kP/AsuFTCrWebziX5qdeIFX8Cu
RBcnqm7Dgt7lg+fyt/mj7g7/PVZEoe9AQ5hWoXmguR850/PmMuEDfHhY6pAfKU+r
RokYiQR2pHDWFU9D2qf3ggEcI4suym1mmuMjx4TEs9318zpREHu9fGpzfJxlQgXa
SUqQDZWElYyiF1nu8cxvH7wqeJLalKSiQBRtkM3w2oG8Nw1TgFxt/xiYHkiz/rkr
U2sQrCabOCcVC/nlDAaWajBq18rzqhFk6QZEZsf9O4jsxy8Pbmkw2cqSp68KBMeB
o50lRrguGhuejQg6g4AXZWGgUt5YnNL0CIHmTXp0KTnijGSAHnWUPf+qCOOR/sfn
1roTNwCH8rjSfpEPKAhmiLRcPTVzy6IYxaT+J7KniCRAyHdIk2NBF3cHzDBy47uC
pre1pIHnKkwBkxv/xkj8CHlfcpCjp8sXhW6FSXoX9On5SKiROnQUwiLoUjtnvRXe
kQZRhtgJSKnLTtEEZ3XWh/UDyD2QJiwnm1E5SjXEa/mdDqgUmsVsPtz29f/xDKJA
GZGNOCsIew0286C+tf5M88JpIXqpAiEYXA9vw5ZUqzxh3ArNuT0GJGxrlWxbqD8j
tbvjHIja62IbCxM8dtZ9v0M4YFNU+VLHdKEREziK6RKS9Ek7rJmSh8128JNQhJ/X
RjiUxdcbApvEunZInwB/
=6Cw+
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/borntraeger/tags/s390x-20150310' into staging
s390x/kvm: Features and fixes for 2.3
- an extension to the elf loader to allow relocations
- make the ccw bios relocatable. This allows for bigger ramdisks
or smaller guests
- Handle all slow SIGPs in QEMU (instead of kernel) for better
compliance and correctness
- tell the KVM module the maximum guest size. This allows KVM
to reduce the number or page table levels
- Several fixes/cleanups
# gpg: Signature made Wed Mar 11 10:17:13 2015 GMT using RSA key ID B5A61C7C
# gpg: Good signature from "Christian Borntraeger (IBM) <borntraeger@de.ibm.com>"
* remotes/borntraeger/tags/s390x-20150310:
s390-ccw: rebuild BIOS
s390/bios: Make the s390-ccw.img relocatable
elf-loader: Provide the possibility to relocate s390 ELF files
s390-ccw.img: Reinitialize guessing on reboot
s390-ccw.img: Allow bigger ramdisk sizes or offsets
s390x/kvm: passing max memory size to accelerator
virtio-ccw: Convert to realize()
virtio-s390: Convert to realize()
virtio-s390: s390_virtio_device_init() can't fail, simplify
s390x/kvm: enable the new SIGP handling in user space
s390x/kvm: deliver SIGP RESTART directly if stopped
s390x: add function to deliver restart irqs
s390x/kvm: SIGP START is only applicable when STOPPED
s390x/kvm: implement handling of new SIGP orders
s390x/kvm: trace all SIGP orders
s390x/kvm: helper to set the SIGP status in SigpInfo
s390x/kvm: pass the SIGP instruction parameter to the SIGP handler
s390x/kvm: more details for SIGP handler with one destination vcpu
s390x: introduce defines for SIGP condition codes
synchronize Linux headers to 4.0-rc3
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
clang undefined behaviour sanitizer reports:
> hw/pci/shpc.c:162:27: runtime error: left shift of 1 by 31 places
> cannot be represented in type 'int'
Caused by the usual lack of a 'U' qualifier on a constant 1 being
shifted left. Fix it up.
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
did not have the 'name' property set.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJVACNxAAoJEB6aO1+FQIO2Ud4P/15vnYfH23vtgJgJPzWHl4jb
xzIi+uNjzPy5jVYXUoeWnSlgIzjwqkaGmxpwvQAXHuEHLear1ZiF5wpf/PC/3Gb7
kOTGjyCkVehrxIQ3UhqF39DJ99drfeT/ZChtnqisF/HctpYkiMF/K6piCULLL3ZN
49xl7nXVA6JM/tMSs9TUt6Z8RTsiL6+s1r9KkdoHJ/2G97BJwzGl1iTxmtsr2GJS
Hw3Kzn1155u2T74pB4etAv8QUYokB5aYjlkifLAylCu12UfhVPvLy6qFYftvJQN9
b7Rf884q/d8eQ5J13fW6CvmA+3sg9//SCYCWu4DkpmSmLjX0q+Faj04x22IhVyrt
YGIqdnJrBEq4WmG7nn14B8znvpLSldHUm7JNB6F011fm2GClSuND4fCS9YbDYrt6
O9XDyWUMMXq+k3Y/WVlF0boyS7kgyDbeukF4XRbIMADP05BL7fmvK6IOfiJnMIXD
YTl5AjKNALarzRCBUJJLWmFw4UDNyowUBo4xlsbBBT0k6DtTNG7sHRVRfs02psFV
g/Xh1atD6ve7bKErdn9Ue82DpYwBwzTBj7lt5rrbfyNXnHMZBaR5p5qL0rA7K2Nt
80i4vtSHi3YOGBUXmDBvwWyuQNEziDHSP3hZyL3zXTLk+O22XJ5TswIpMUo4fGxR
RGoaA0MSxljHFGOUe1Rq
=rxBA
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/amit/tags/vser-for-2.3-1' into staging
virtio-serial: fix crash on port hotplug when a previously-added port
did not have the 'name' property set.
# gpg: Signature made Wed Mar 11 11:13:53 2015 GMT using RSA key ID 854083B6
# gpg: Good signature from "Amit Shah <amit@amitshah.net>"
# gpg: aka "Amit Shah <amit@kernel.org>"
# gpg: aka "Amit Shah <amitshah@gmx.net>"
* remotes/amit/tags/vser-for-2.3-1:
virtio-serial: fix segfault on NULL port names
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This allows to use the SD card emulation of the board: Forward the
signals from the pl181 top the CP control register emulation, report the
current state via CP_INTREG, deliver CARDIN IRQ to the secondary
interrupt controller and also support clearing that line via CP_INTREG.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Message-id: c55d9fb28d19ec83625cb0074b3b6f2e5958caf6.1426004843.git.jan.kiszka@siemens.com
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This patch adds the stm32f205 SoC. This will be used by the
Netduino 2 to create a machine.
Signed-off-by: Alistair Francis <alistair@alistair23.me>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 48d509747a1ea0d8a7d5480560495e679990f9d2.1424175342.git.alistair@alistair23.me
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This patch adds the stm32f2xx System Configuration
Controller. This is used to configure what memory is mapped
at address 0 (although that is not supported) as well
as configure how the EXTI interrupts work (also not
supported at the moment).
This device is not required for basic examples, but more
complex systems will require it (as well as the EXTI device)
Signed-off-by: Alistair Francis <alistair@alistair23.me>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 5d499d7b60b61d5d6dcb310b2e55411b1f53794e.1424175342.git.alistair@alistair23.me
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This patch adds the stm32f2xx USART controller
(UART also uses the same controller).
Signed-off-by: Alistair Francis <alistair@alistair23.me>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 762c6c0d2a41d574932bc4445ec9bfffe6da8798.1424175342.git.alistair@alistair23.me
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This patch adds the stm32f2xx timers: TIM2, TIM3, TIM4 and TIM5
to QEMU.
Signed-off-by: Alistair Francis <alistair@alistair23.me>
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 155091a323390f8da3cca496e4c611c493e62a77.1424175342.git.alistair@alistair23.me
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The recently introduced feature that allows 32 bit guests to be
executed under KVM on a 64-bit host incorrectly handles the case
where more than 1 cpu is specified using '-smp N'
For instance, this invocation of qemu
qemu-system-aarch64 -M virt -cpu cortex-a57,aarch64=off -smp 2
produces the following error
qemu-system-aarch64: Expected key=value format, found aarch64
which is caused by the destructive parsing performed by
cpu_common_parse_features(), resulting in subsequent attempts
to parse the CPU option string (for each additional CPU) to fail.
So duplicate the string before parsing it, and free it directly
afterwards.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
Message-id: 1425402380-10488-1-git-send-email-ard.biesheuvel@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
code assigning APIC ID.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABCAAGBQJU/gVGAAoJECgHk2+YTcWmGmgQAKE/tDoKt2Uw5BjWxmmU0GFm
r4m43rcR3xfHdQyEx3iNKSlAQvxcYd/eBM5kb6Ir7wjhqtDfoiVC+bui3VhAsQPk
kaB+6ryyAGDV2xt1UtgfzEodXl9aw0zofFBafJrtArITAsO5UeuTQhxIuLHwzcF6
XKkpg7oz3bgRH57gZFi1y5PUdJUpmk4awipE/A4G/y5mERe2W30Ku4JSSxV7+shz
MLOQF4GjfHBKnfA/PVQbtWQjbKVZRPbGrcg+TmEH+2TGzEMVXeXuqvAgbOGhhlcD
uJyiCeXf1CD92JIU2JWXejd0SSLLJyf74TiBEhxfFil3gpS+d5RWSCkuR1mmtpR4
B5NPbhhPZmXJBMIQB9kM0fiW4I8+qPPqFatqEJ78OYhVqUHgY746hnJTc22jK/FK
e1UxLBREMLAty4aVT3iAaPZo6hM/IMctEOgEhwH15NSQDNXFIqrlM/b5OJ9Iq01Y
Ah838rv4kRiVQcKoa1Mg8rqBvmw4Cm1MKcYp4sOPhY4/bwx71qagbZG4EAfQ6DP6
uieN/4hMTuGqf4eHgIjrdAr/4sPPiszYjF6fVwJVh+pCbirWOsRQPx4NnSmIRveU
CUJuuHCsqWjThMEWVNqe5bm1d32EI0o16ihEBuBl+MqivpmV+4p/bJYvyiC1vJw7
UatzprZMm2Az2RL6W6Mw
=iDzB
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/ehabkost/tags/x86-pull-request' into staging
X86 patches queued in the last few weeks. Mostly code cleanup and changes on
code assigning APIC ID.
# gpg: Signature made Mon Mar 9 20:40:38 2015 GMT using RSA key ID 984DC5A6
# gpg: Can't check signature: public key not found
* remotes/ehabkost/tags/x86-pull-request:
target-i386: Require APIC ID to be explicitly set before CPU realize
target-i386: Move APIC ID compatibility code to pc.c
target-i386: Move CPUX86State::cpuid_apic_id to X86CPU::apic_id
target-i386: Remove unused APIC ID default code
target-i386: Eliminate unnecessary get_cpuid_vendor() function
target-i386: Simplify listflags() function
target-i386: Move topology.h to include/hw/i386
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit d0a0bfe672 added checks for port
names, but didn't add a check to ensure port->name is non-NULL. This
results in a SIGSEGV when adding a port when one of the previously-added
ports didn't have the 'name' property set.
https://bugzilla.redhat.com/show_bug.cgi?id=1192775
Reported-by: vivian zhang <vivianzhang@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
The current bios sits at location 0x7e00000 in the guest RAM
and thus prevents loading of bigger ramdisks. By making the
image relocatable we can move it to the end of the RAM so that
it is getting out of the way.
Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Message-Id: <1425895973-15239-3-git-send-email-thuth@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
[Fixup build failure on 32 bit hosts]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAABAgAGBQJU/vQnAAoJEFvCxW+uDzIfSHQIAKLVePJyOEtVA5OOUSyuA5TQ
6MNXg1X+PxD0GT8iyKhcyHqaRSibPjY/D2Hb8MyNt/lLIQj13hfL1fXXAMvnjY1+
WcCpGfbZmmcIpgjY+OWkkSVU3nSxNE6a0ZgdOvK9Cvc+dJHMpO02E5kRqig6nYX6
UuA7aIgjE2T63PPucuEjFVA4a8v7NsqO4OBmYPO/L7KEpAQk3Y/qDDGahQRXuBXl
0poyJrj99BoKHJFemf7L79SbpZHrnaQ54dndqerq5tzmBXRVjhYJa/iLm0LSjPnN
kWdlMKXSGgI/rFRWZqfOk+jDIZb21xliM6y/lDpDJGdoC1aPsIWwQ0mFK6ZPVDo=
=Ee+Y
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/mcayland/tags/qemu-sparc-signed' into staging
qemu-sparc update
# gpg: Signature made Tue Mar 10 13:39:51 2015 GMT using RSA key ID AE0F321F
# gpg: Good signature from "Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>"
* remotes/mcayland/tags/qemu-sparc-signed:
sun4u: switch m48t59 NVRAM to MMIO access
MAINTAINERS: add myself as SPARC maintainer
doc: minor updates to SPARC32 and SPARC64 documentation
m48t59: add m48t59 sysbus device
m48t59: introduce new base-year qdev property
m48t59: let init functions return a Nvram object
m48t59: add a Nvram interface
m48t59: register a QOM type for each nvram type we support
m48t59: move ISA ports/memory regions registration to QOM constructor
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Coverity/sparse fix for iscsi driver
- RCU fallout: fix -daemonize and s390x system emulation
- KVM: kvm_stat improvements and new man page
- x86: SYSRET fix for VxWorks
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQEcBAABAgAGBQJU/sUFAAoJEL/70l94x66D1JwIAJ28Lan2DQwi+xHvNxF8zW6n
v7eMc04/fepuon0TYmUZC3qbqc00sccEQZQ+yAAauT9epZ/kdSDudDOzG+3F4MuQ
/X3crXw2/jrhtWedGq49vFCONX4MKoaoudqK8kOFMe1ImQgkOYeAzOoqeFXyHsFh
jINlKTJZB6oKzrZ+SYryY14cO7pvGaIhyqaCC+6GcVihTjm9Yq13lP1lFj7LsVRV
aGfd6xH9RSV/mwzvZwD4i3cUWSUaV/wY0NDhAEzDPCUcxX0/nAj3XF1YeJUF30Qd
ETaCLo/Nxq2R6POK3c/Zm/FRLvjzZ2caD+q1LcwB/bCYdc2lJ1JDxE/hr48ANv0=
=OWXY
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
- scsi: improvements to error reporting and conversion to realize,
Coverity/sparse fix for iscsi driver
- RCU fallout: fix -daemonize and s390x system emulation
- KVM: kvm_stat improvements and new man page
- x86: SYSRET fix for VxWorks
# gpg: Signature made Tue Mar 10 10:18:45 2015 GMT using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini/tags/for-upstream:
x86: fix SS selector in SYSRET
scsi: Convert remaining PCI HBAs to realize()
scsi: Improve error reporting for invalid drive property
hw: Propagate errors through qdev_prop_set_drive()
scsi: Clean up duplicated error in legacy if=scsi code
cpus: initialize cpu->memory_dispatch
rcu: handle forks safely
qemu-thread: do not use PTHREAD_MUTEX_ERRORCHECK
kvm_stat: add kvm_stat.1 man page
kvm_stat: add column headers to text UI
iscsi: Fix check for username
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Instead of using the legacy cpu_init() function, use uc32_cpu_init() to
create a UniCore32CPU object.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Cc: Guan Xuetao <gxt@mprc.pku.edu.cn>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Instead of using the legacy cpu_init() function, use cpu_m68k_init()
directly to create a M68kCPU object.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
The DefLEqual op does not have a target operand. Remove it.
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Opcodes are raw bytes, they shouldn't be added
using build_append_int. This only happens to work
with 0 and 1 opcodes.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
this code:
aml_append(foo, bar);
might, non-intuitively, modify bar, which means that e.g. the following
might not DTRT:
c = ....;
aml_append(a, c);
aml_append(b, c);
to fix, simply allocate an intermediate array,
and always modify that.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAABAgAGBQJU/uuVAAoJEH8JsnLIjy/WULwP/jeARjYkFuG3ahSWpeY0JnTK
QCkLF06iSQQUiirXI4H+Tofl8kNVBd/Iinv+LbkF27iWbTiwalmLz7NiyboX8dl+
NJZtCrqp44q7KFbl3g19/jop/zdZ9N5Gxp8BARVUILHQb1y5cXJwrDhBxTmNRDL+
sSZXfomCgKtMP40nGLa0CcNIYKlm8MePJEM2TsMoWv7tYz4CXgBG39EqK6NJluCY
kTTMcbdrLbR0imfKOVPutCgV8rhRXJ0oGVD3Q+D3/LFmPG++hoRnWCcDm6ZZ62Hi
Ra7u87TBfAUUtiT+vFQJnd7hTpN+stQidsCDBLEY3qPTKYhzm648PHvcEwOAv6YW
sjAELF2Rrsbe4vkL3/qgYDusnaPMElrHVEdbKtHofWtg6KctLnYIhusV+qKq1Fpa
cRQEbQIZMVFeWN1G9WuYH8RBYrwJqp+/qq7DcnV62lUAdY4e3iO7E3yMLFDwpxku
PLl7eofU/ZpnAOrrU2QAQvgXZRqy1ie/Unv8jFwefQkK5mXHoCtkAeBlOM8t4kJf
HjkC/hYO7kwPdaz6xK80wpXqYd3vT6jKi7mlJqC5oQQLGJbRigxlMZ16UIAx+IrL
NxhnQChp7IP21KMATFbpvYjcJyGMw3ZuVRaUhQBgqQArIomVHvM5WcN9M6S5dsmj
vClFOIqjlSbtsmChceWr
=hlbC
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
Block patches for 2.3
# gpg: Signature made Tue Mar 10 13:03:17 2015 GMT using RSA key ID C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"
* remotes/kevin/tags/for-upstream: (73 commits)
MAINTAINERS: Add jcody as blockjobs, block devices maintainer
iotests: add O_DIRECT alignment probing test
block/raw-posix: fix launching with failed disks
MAINTAINERS: Add jsnow as IDE maintainer
sheepdog: Fix misleading error messages in sd_snapshot_create()
Add testcase for scsi-hd devices without drive property
scsi-hd: fix property unset case
block/vdi: Add locking for parallel requests
iotests: Drop vpc from 004's and 104's format list
iotests: Remove 006
iotests: Fix 051's reference output
virtio-blk: Remove the stale FIXME comment
tests: Check QVIRTIO_F_ANY_LAYOUT flag in virtio-blk test
libqos: Solve bug in interrupt checking when using MSIX in virtio-pci.c
sheepdog: fix confused return values
qtest/ahci: add fragmented dma test
qtest/ahci: Add PIO and LBA48 tests
qtest/ahci: Add DMA test variants
libqos/ahci: add ahci command helpers
qtest/ahci: Add a macro bootup routine
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit c53659f0 ("BlockConf: Call backend functions to detect geometry
and blocksizes") causes a segmentation fault on the invalid
configuration of a scsi device without a drive.
Let's check for conf.blk before calling blkconf_blocksizes. The error
will be handled later on in scsi_realize anyway.
Reported-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Ekaterina Tumanova <tumanova@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
By default, we have ioeventfd enabled, so the IO request processing is
in IO thread; in the vcpu thread, guest mode is returned to as quickly
as possible, and completion is delivered via irqfd. Therefore this
comment from the initial implementation is barely relevant.
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
When the AHCI HBA device is migrated, all of the information that
led to the request being created is stored in the AHCIDevice
structures, except for pointers into guest data where return
information needs to be stored.
The "cur_cmd" field is usually responsible for this.
To rebuild the cur_cmd pointer post-migration, we can utilize
the busy_slot index to figure out where the command header
we are still processing is.
This allows a machine in a halted state from rerror=stop or
werror=stop to be migrated and resume operations without issue.
Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1424708286-16483-17-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This is easy, since start_dma already restarts processing from the
beginning of the PRDT.
Migration is also easy to cover; the comment about busy_slot is
wrong, busy_slot will only be set if there is an error. In this
case we have nothing to do really. The core IDE code will restart
the operation and command list processing will proceed after the
erroring command has been completed.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1424708286-16483-16-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Amazingly, we weren't doing this before.
Make sure we migrate the IDEState structure that belongs to
the AHCIDevice.IDEBus structure during migrations.
No version numbering changes because AHCI is not officially
migratable (and we can all see with good reason why) so we
do not impact any official builds by altering the stream and
leaving it at version 1.
This fixes the rerror=stop/werror=stop test case where we wish
to migrate a halted job. Previously, the error code would not
migrate, so even if the job completed successfully, AHCI would
report an error because it would still have the placeholder
error code from initialization time.
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1424708286-16483-15-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1424708286-16483-14-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1424708286-16483-13-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Resetting the io_buffer_index to 0 is commonized,
with the exception of the case within ide_atapi_cmd_reply,
where we need to reset this index to 0 prior to the
ide_atapi_cmd_reply_end call.
Note that not all calls to ide_atapi_cmd_reply_end
expect the index to be 0, so setting it there is
not appropriate.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1424708286-16483-12-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This only breaks backwards migration compatibility if the bus is in
an error state. It is in principle possible to avoid this by making
two subsections (one for version 1, and one for version 2, but with
the same name) with different "_needed" callbacks. The v1 callback would
return true if error_status != 0 and the bus is PATA; the v2 callback
would return true if error_status != 0 and the bus is AHCI.
Forward migration keeps working.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1424708286-16483-11-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This moves more common restarting logic to the core IDE code.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1424708286-16483-10-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Start moving the initial state of the current request to IDEBus, so that
AHCI can use it. The set_unit callback is not used anymore once this is
done.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1424708286-16483-9-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
With restarts now handled by ide_restart_cb and
the IDEDMAOps.restart_dma() member, remove the old
restart_cb callback.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1424708286-16483-8-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
With BMDMA specific excised from the restart functions,
create a HBA-agnostic restart callback to be shared
between the different HBAs.
Change the callback registered with the vmstate_change
handler to always point to ide_restart_cb instead of
relying on the IDEDMAOps.restart_cb() member.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1424708286-16483-7-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Pass the containing IDEBus to the restart_cb instead
of the more specific BMDMAState child.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1424708286-16483-6-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Whenever an error stops the VM, ide_handle_rw_error does
"s->bus->dma->unit = s->unit". So we can just use
idebus_active_if.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1424708286-16483-5-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
A helper is added that registers the IDEDMAOp .restart_cb()
via qemu_add_vm_change_state_handler instead of requiring
each HBA to register the callback themselves.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1424708286-16483-4-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This patch adds the restart_dma callback and adjusts
the ide_restart_dma function to utilize this callback
to call the BMDMA-specific restart code instead of statically
executing BMDMA-specific code.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1424708286-16483-3-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This patch begins refactoring the restart dma functions
out of bmdma to be shared with AHCI and other future
IDE HBA implementations.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1424708286-16483-2-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
geometry: hd_geometry_guess function autodetects the drive geometry.
This patch adds a block backend call, that probes the backing device
geometry. If the inner driver method is implemented and succeeds
(currently only for DASDs), the blkconf_geometry will pass-through
the backing device geometry. Otherwise will fallback to old logic.
blocksize: This patch initializes blocksize properties to 0.
In order to set the property a blkconf_blocksizes was introduced.
If user didn't set physical or logical blocksize, it will
retrieve its value from a driver (only succeeds for DASD), otherwise
it will set default 512 value.
The blkconf_blocksizes call was added to all users of BlkConf.
Signed-off-by: Ekaterina Tumanova <tumanova@linux.vnet.ibm.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1424087278-49393-6-git-send-email-tumanova@linux.vnet.ibm.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Since commit 1dc936aa84 (virtio-blk: Use blk_aio_ioctl) we silently lose
the request if blk_aio_ioctl returns NULL (not implemented).
Fix it by directly returning VIRTIO_BLK_S_UNSUPP as we used to do.
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
[ kwolf: Fixed build error on win32 ]
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
These are "am53c974", "dc390", "lsi53c895a", "lsi53c810", "megasas",
"megasas-gen2".
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-Id: <1425925048-15482-5-git-send-email-armbru@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
When setting "realized" fails, scsi_bus_legacy_add_drive() passes the
error to qerror_report_err(), then returns an unspecific "Setting
drive property failed" error, which is reported further up the call
chain.
Example:
$ qemu-system-x86_64 -nodefaults -S -display none \
> -drive if=scsi,id=foo,file=tmp.qcow2 -global isa-fdc.driveA=foo
qemu-system-x86_64: -drive if=scsi,id=foo,file=tmp.qcow2: Property 'scsi-disk.drive' can't take value 'foo', it's in use
qemu-system-x86_64: Setting drive property failed
qemu-system-x86_64: Initialization of device lsi53c895a failed: Device initialization failed
Clean up the obvious way: simply return the original error to the
caller. Gets rid of the second message in the above error cascade.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-Id: <1425925048-15482-4-git-send-email-armbru@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Three kinds of callers:
1. On failure, report the error and abort
Passing &error_abort does the job. No functional change.
2. On failure, report the error and exit()
This is qdev_prop_set_drive_nofail(). Error reporting moves from
qdev_prop_set_drive() to its caller. Because hiding away the error
in the monitor right before exit() isn't helpful, replace
qerror_report_err() by error_report_err(). Shouldn't make a
difference, because qdev_prop_set_drive_nofail() should never be
used in QMP context.
3. On failure, report the error and recover
This is usb_msd_init() and scsi_bus_legacy_add_drive(). Error
reporting and freeing the error object moves from
qdev_prop_set_drive() to its callers.
Because usb_msd_init() can't run in QMP context, replace
qerror_report_err() by error_report_err() there.
No functional change.
scsi_bus_legacy_add_drive() calling qerror_report_err() is of
course inappropriate, but this commit merely makes it more obvious.
The next one will clean it up.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-Id: <1425925048-15482-3-git-send-email-armbru@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit a818a4b changed scsi_bus_legacy_handle_cmdline() to report
errors from scsi_bus_legacy_add_drive() with error_report() in
addition to returning them. That's inappropriate.
Two kinds of callers:
1. realize methods (devices "esp", "virtio-scsi-device" and
"spapr-vscsi")
The error object gets passed up the call chain until it gets
reported again and freed.
Example:
$ qemu-system-arm -M virt -S -display none \
> -drive if=scsi,id=foo,bus=1,file=tmp.qcow2 \
> -device nec-usb-xhci -device usb-storage,drive=foo \
> -device virtio-scsi-pci
qemu-system-arm: -drive if=scsi,id=foo,bus=1,file=tmp.qcow2: Property 'scsi-disk.drive' can't take value 'foo', it's in use
qemu-system-arm: -drive if=scsi,id=foo,bus=1,file=tmp.qcow2: Setting drive property failed
qemu-system-arm: -device virtio-scsi-pci: Setting drive property failed
qemu-system-arm: -device virtio-scsi-pci: Device initialization failed
qemu-system-arm: -device virtio-scsi-pci: Device 'virtio-scsi-pci' could not be initialized
The second message in this error cascade comes from
scsi_bus_legacy_handle_cmdline(). The error object then gets
passed up to the qdev_init() called from
virtio_scsi_pci_init_pci(), which reports it again.
2. init methods (devices "am53c974", "dc390", "lsi53c895a",
"lsi53c810", "megasas", "megasas-gen2")
init methods need to report their errors with qerror_report().
These don't. The inappropriate error_report() papers over the bug.
error_report() isn't the same as qerror_report() in QMP context,
but this can't actually happen: QMP can still only hot-plug, and
callers call scsi_bus_legacy_handle_cmdline() only on cold-plug.
Except for sysbus_esp_realize(), but that can't be hot-plugged at
all, as far as I can tell.
Fix the init methods and drop the inappropriate error_report() in
scsi_bus_legacy_handle_cmdline().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-Id: <1425925048-15482-2-git-send-email-armbru@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Real sun4u systems memory-map the NVRAM on the (ISA) ebus, so switch over to
MMIO from ioport access whilst setting the base year to 1968 as used by Sun
systems. This allows all SPARC64 OSs included in my tests to correctly detect
the NVRAM IC and read the hardware clock correctly upon boot.
Note that this also requires a corresponding OpenBIOS update to r1330 in order
to switch the SPARC64 NVRAM accessors over from ioport to MMIO.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
This is for subsequent use by the sun4u machine.
Reviewed-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Currently the m48t59 device uses the hardware model in order to determine
whether the year value is offset from the hardware value. As this will
soon be required by the x59 model, create a qdev base-year property to
represent the base year and update the callers appropriately.
Reviewed-by: Hervé Poussineau <hpoussin@reactos.org>
CC: Andreas Färber <afaerber@suse.de>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Remove left-overs from header file.
Move some functions only used by PReP to hw/ppc/prep.c
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
CC: Andreas Färber <afaerber@suse.de>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
As m48t59 devices can only be created with m48t59_init() or m48t59_init_isa(),
we know exactly which nvram types are required. Register only those three
types.
Remove .model and .size properties as they can be infered from nvram name.
Rename type to 'isa-*' (and 'sysbus-*') to do like other devices ISA devices
(isa-ide, isa-parallel, isa-serial...)
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
CC: Andreas Färber <afaerber@suse.de>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
-device m48t59_isa can now be used to create a fully functional nvram.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
CC: Andreas Färber <afaerber@suse.de>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
On s390, we would like to load our "BIOS" s390-ccw.img to the end of the
RAM. Therefor we need the possibility to relocate the ELF file so that
it can also run from different addresses. This patch adds the necessary
code to the QEMU ELF loader function.
Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Message-Id: <1425895973-15239-2-git-send-email-thuth@linux.vnet.ibm.com>
Acked-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
With "KVM: s390: Allow userspace to limit guest memory size" KVM is able to
do some optimizations based on the guest memory limit.
The guest memory limit is computed by the initial definition and with the notion of
hotplugged memory.
Reviewed-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: Guenther Hutzl <hutzl@linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Dominik Dingel <dingel@linux.vnet.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Message-Id: <1425570981-40609-3-git-send-email-jfrei@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1425045337-20138-3-git-send-email-armbru@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1425045337-20138-2-git-send-email-armbru@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
man gcc:
Warn if in a loop with constant number of iterations the compiler
detects undefined behavior in some statement during one or more of
the iterations.
Milkymist pfpu has no jump instructions, so checking for MICROCODE_WORDS
instructions should have kept us in bounds of s->microcode, but i++
allowed one loop too many,
hw/misc/milkymist-pfpu.c: In function ‘pfpu_write’:
hw/misc/milkymist-pfpu.c:365:20: error: loop exit may only be reached after undefined behavior [-Werror=aggressive-loop-optimizations]
if (i++ >= MICROCODE_WORDS) {
^
hw/misc/milkymist-pfpu.c:167:14: note: possible undefined statement is here
uint32_t insn = s->microcode[pc];
^
The code can still access out of bounds, because it presumes that PC register
always begins at 0, and we allow writing to it.
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Acked-by: Michael Walle <michael@walle.cc>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
man gcc:
Warn about logical not used on the left hand side operand of a
comparison. This option does not warn if the RHS operand is of a
boolean type.
By preferring bool over int where sensible, but without modifying any
depending code, make GCC happy in cases like this,
qemu-img.c: In function ‘compare_sectors’:
qemu-img.c:992:39: error: logical not is only applied to the left hand
side of comparison [-Werror=logical-not-parentheses]
if (!!memcmp(buf1, buf2, 512) != res) {
hw/ide/core.c:1836 doesn't throw an error,
assert(!!s->error == !!(s->status & ERR_STAT));
even thought the second operand is int (and first hunk of this patch has
a very similar case), maybe GCC developers still have a little faith in
C programmers.
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
If ret = macio_initfn_ide() is less than 0, the timer_memory
will leak the memory it points to.
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
