Commit Graph

57323 Commits

Author SHA1 Message Date
Alberto Garcia
c9b83e9c23 qcow2: Assert that the crypto header does not overlap other metadata
The crypto header is initialized only when QEMU is creating a new
image, so there's no chance of this happening on a corrupted image.

If QEMU is really trying to allocate the header overlapping other
existing metadata sections then this is a serious bug in QEMU itself
so let's add an assertion.

Signed-off-by: Alberto Garcia <berto@igalia.com>
Message-id: ae3d77f312fc0c5e0ac2bbd71676c0112eebe2e5.1509718618.git.berto@igalia.com
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
2017-11-14 18:06:25 +01:00
Alberto Garcia
ef083f61af qcow2: Add iotest for an empty refcount table
This patch adds a simple iotest in which we try to write to an image
with an empty refcount table (i.e. with all entries set to 0).

This scenario was already handled by the existing consistency checks,
but we add an explicit test case for completeness.

Signed-off-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 7e48b0e2ae1a0a18e0ee303b3045f130feec0474.1509718618.git.berto@igalia.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
2017-11-14 18:06:25 +01:00
Alberto Garcia
5a45da5ef8 qcow2: Add iotest for an image with header.refcount_table_offset == 0
This patch adds a simple iotest in which we try to write to an image
with the refcount table offset set to 0.

This scenario was already handled by the existing consistency checks,
but we add an explicit test case for completeness.

Signed-off-by: Alberto Garcia <berto@igalia.com>
Message-id: feeceada92486bb8790b90f303fc9fe82a27391a.1509718618.git.berto@igalia.com
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
2017-11-14 18:06:25 +01:00
Alberto Garcia
951053a9ec qcow2: Don't open images with header.refcount_table_clusters == 0
qcow2_do_open() is checking that header.refcount_table_clusters is not
too large, but it doesn't check that it's greater than zero. Apart
from the fact that an image like that is obviously corrupted, trying
to use it crashes QEMU since we end up with a null s->refcount_table
after qcow2_refcount_init().

These images can however be repaired, so allow opening them if the
BDRV_O_CHECK flag is set.

Signed-off-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: f9750f50c80359babba11062e88f5075a47e8e16.1509718618.git.berto@igalia.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
2017-11-14 18:06:25 +01:00
Alberto Garcia
8aa34834d5 qcow2: Prevent allocating compressed clusters at offset 0
If the refcount data is corrupted then we can end up trying to
allocate a new compressed cluster at offset 0 in the image, triggering
an assertion in qcow2_alloc_bytes() that would crash QEMU:

  qcow2_alloc_bytes: Assertion `offset' failed.

This patch adds an explicit check for this scenario and a new test
case.

Signed-off-by: Alberto Garcia <berto@igalia.com>
Message-id: fb53467cf48e95ff3330def1cf1003a5b862b7d9.1509718618.git.berto@igalia.com
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
2017-11-14 18:06:25 +01:00
Alberto Garcia
9883975050 qcow2: Prevent allocating L2 tables at offset 0
If the refcount data is corrupted then we can end up trying to
allocate a new L2 table at offset 0 in the image, triggering an
assertion in the qcow2 cache that would crash QEMU:

  qcow2_cache_entry_mark_dirty: Assertion `c->entries[i].offset != 0' failed

This patch adds an explicit check for this scenario and a new test
case.

Signed-off-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 92dac37191ae7844a2da22c122204eb493cc3133.1509718618.git.berto@igalia.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
2017-11-14 18:06:25 +01:00
Alberto Garcia
6bf45d59f9 qcow2: Prevent allocating refcount blocks at offset 0
Each entry in the qcow2 cache contains an offset field indicating the
location of the data in the qcow2 image. If the offset is 0 then it
means that the entry contains no data and is available to be used when
needed.

Because of that it is not possible to store in the cache the first
cluster of the qcow2 image (offset = 0). This is not a problem because
that cluster always contains the qcow2 header and we're not using this
cache for that.

However, if the qcow2 image is corrupted it can happen that we try to
allocate a new refcount block at offset 0, triggering this assertion
and crashing QEMU:

  qcow2_cache_entry_mark_dirty: Assertion `c->entries[i].offset != 0' failed

This patch adds an explicit check for this scenario and a new test
case.

This problem was originally reported here:

   https://bugs.launchpad.net/qemu/+bug/1728615

Reported-by: R.Nageswara Sastry <nasastry@in.ibm.com>
Signed-off-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 92a2fadd10d58b423f269c1d1a309af161cdc73f.1509718618.git.berto@igalia.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
2017-11-14 18:06:25 +01:00
Peter Maydell
29af6de2af seabios: update to 1.11 final
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJaCwAhAAoJEEy22O7T6HE4rOwP+QHozCMyQg9PzmTSo1ER0w6B
 6JvFCUyJJkWoPAT/ve5xv32rpLDOX848rw1Sm8tEOqrYeUOfUmz4FXImE+9IfKwE
 u4AfcohGqtvmKVI+GTInLTu8UZjoNqYGHFqQccamt/2Lu6oin0bGLy7OlEO0mPxi
 GU9EFt8k61GtsJXZQyl3Mt/pDB7VonUdTT/VXEO34RwiR/FFK8GJ+3LA5qrM7Nnz
 tIFLW21p0CN5Dg4If8bROlmQ15jLiSYJiv1OFrPMyvo+BPh+eG0TnNwQotMr+OMi
 EeChS/lM404Py/rTTomo8zFfbO2ML3ii2ZDD4VY+P67mfpQ4u3Awd3XQHjxB1zpe
 ZVOvFp59mMlLLfG3PDdzlQyhnwIibmPp0C5p1RvTHWIyVvgOkstxhXVWQzuZUd3T
 sZ3RR8h5RbbJ1UeTRX14/aa9J10zCF7Ib+hE0kpN8ww52ALNo1VIbXU7dFlPnXjF
 M7SAzNPW+5XMduXHteji9JfIgnQWAQz0SIoYL+9RbKTzbVtkao5ZqYmEtpOOlR5v
 UfUJcoX5zlPEucamMNvLK45ENToqphXow4HFRF79QVTi7+M/llosAnTBuinbsVQr
 v6jXf/COWPli+sUmFzMQNt3StU4giNvdFwOjzZgZjiAi8F+u+DLgJ/rrHadQV1O3
 KLUrs8pR7Yli0brPTmcj
 =hyw4
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/seabios-1.11-final-20171114-pull-request' into staging

seabios: update to 1.11 final

# gpg: Signature made Tue 14 Nov 2017 14:39:29 GMT
# gpg:                using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/seabios-1.11-final-20171114-pull-request:
  seabios: update to 1.11 final

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-14 16:53:47 +00:00
Peter Maydell
191b5fbfa6 Pull request
The following disk I/O throttling fixes solve recent bugs.
 -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJaCsdYAAoJEJykq7OBq3PIZdMH/10xOuxOjvjxlJNkQquhrAmD
 y9dVj0jEtopdter/XR7ZCsww1UgxpIt8K43Dk1yWTKrm2bNN1v3cqemJV+UUTLFl
 LppKxt5Cm1JRKaCfN0hSwOp5pFJumzH6creVdQMQ3VNCSSw6xfV94pupaVE8at6D
 n4r3ZDF03ARETMJW7HY7QIFi1YVcfmi4wrx8rfhEGLZu06nHrtFQsDdH7SeErgXi
 wJh+ksji4EvX2xc54nhprCsc9HdzbfeBEYx6tdD0Uh3xm7xXd2oka5Rac74WuqYu
 B4aKwyFbvKZ0DYnENiOCkemTN51s+0GHLz43T92/DmQhJrBy8EU4TTCn73vgmto=
 =KnUT
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging

Pull request

The following disk I/O throttling fixes solve recent bugs.

# gpg: Signature made Tue 14 Nov 2017 10:37:12 GMT
# gpg:                using RSA key 0x9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35  775A 9CA4 ABB3 81AB 73C8

* remotes/stefanha/tags/block-pull-request:
  qemu-iotests: Test I/O limits with removable media
  block: Leave valid throttle timers when removing a BDS from a backend
  block: Check for inserted BlockDriverState in blk_io_limits_disable()
  throttle-groups: drain before detaching ThrottleState
  block: all I/O should be completed before removing throttle timers.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-14 16:11:19 +00:00
Peter Maydell
0dc8874ade ppc patch queue for 2017-11-14
Another couple of fixes for qemu-2.11.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEdfRlhq5hpmzETofcbDjKyiDZs5IFAloKcsQACgkQbDjKyiDZ
 s5IpoQ/+KaZETisJhA2GPW2CGcWuNuT5lWwD1eCPhh1BOuhKYNGmwSVsRb3JGGDQ
 GxkaMyDWhT4ep2+5a8vJJjN7RAN3/hQJ1R9fTlzNHWy4H+j0p+POx3GaAUyeazif
 +TYYxO1uTdk7seoot8PIBBotA21DkS6cnlAg63jGfw2Y5RUBZSKMReLLpftf2B0i
 iF7RgrlCOBnmz3wEgny7COGadpJu2Ag7QkzH+PTcEhZc1nwr6hAWg/qXTCSzcj4p
 8MX60xMiHtinhekXhx5eVeAvmf76mT3yzz/MgtdgbwqRoXbFXIDeN4/5F3mzok4E
 sE+2dzsW3PdeCNMCq+mjevuJAQh/E6Tmtuat/9tqVu29W3aP76WPZ1JzkJqCvpSQ
 Pdt4ZtjyacWrswMmExt/r4t/hMcw8RX7ZG8qMQFTkR8UlA/cg4LVusYjumuvoh9B
 IxHoN+mfbu37Ww610lRZDyu8ZJhXf4dR5hw/U9dov3wzpdk7Ikv+AuCZNnjT9dX+
 M4DY88HtVsY/tkRLSfCh49+1yWJsM+XLQ6yWPI51oOs6Ujydxy0MjhziJEmQzx+G
 chKmDFzVo6HVfhZlfwNuaZ1rIPPf4m7VDI137o0PvnZPd9vhRooASaYK/WtLW14h
 WKGEmNQ18hpPOKHR7cAguDGqDmO6I8bcldgQV+74DqhAYT0uSro=
 =o74K
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.11-20171114' into staging

ppc patch queue for 2017-11-14

Another couple of fixes for qemu-2.11.

# gpg: Signature made Tue 14 Nov 2017 04:36:20 GMT
# gpg:                using RSA key 0x6C38CACA20D9B392
# gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>"
# gpg:                 aka "David Gibson (Red Hat) <dgibson@redhat.com>"
# gpg:                 aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>"
# gpg:                 aka "David Gibson (kernel.org) <dwg@kernel.org>"
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 B392

* remotes/dgibson/tags/ppc-for-2.11-20171114:
  xics/kvm: synchonize state before 'info pic'
  target/ppc: correct htab shift for hash on radix

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-14 15:24:01 +00:00
Gerd Hoffmann
6350b2a09b seabios: update to 1.11 final
Update our pre-release seabios snapshot to the final release.

git shortlog
============

Gerd Hoffmann (1):
      sercon: Disable ScreenAndDebug in case both serial console and serial debug are active

Kevin O'Connor (2):
      timer: Avoid integer overflows in usec and nsec calculations
      docs: Note v1.11.0 release

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2017-11-14 15:36:08 +01:00
Peter Maydell
9895606363 -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
 
 iQEcBAABAgAGBQJaCk9uAAoJEO8Ells5jWIRj+4H/iY9KX/YNuifChitg29e5GpF
 0SCxCjI1bMtnRzAhGDS3YKoLbLo/pePR4sNnZgEvrc3kt+JXxabP1+suSsQQ39k+
 4Iv2qEMXBralmB6RkldjEMMTEz6VHW/bbCUnKqOZnHWVoZ71CO2n6mbaGljbY6ft
 qhPZ9dRKL9Lv8sPKr1hzlsI/b8mMulJ96PZIuwWTxEDoTmeyjCn7WAotPcccjUGt
 Vg3nMx2HphDpUctqrcmcA667pXgo4eUcRyxfVmdtxIvVR7Mox4Mave8nPch9WgzO
 XhDc0zd1MLoW2mv+lPiM0a9Y4VCXoHzQ/ZF+WSBMTsZ5P+jOTmaN2YrZq82v7bA=
 =Rgs2
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging

# gpg: Signature made Tue 14 Nov 2017 02:05:34 GMT
# gpg:                using RSA key 0xEF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F  3562 EF04 965B 398D 6211

* remotes/jasowang/tags/net-pull-request:
  net/socket: fix coverity issue
  Add new PCI ID for i82559a
  Fix eepro100 simple transmission mode
  colo: Consolidate the duplicate code chunk into a routine
  colo-compare: Fix comments
  colo-compare: compare the packet in a specified Connection
  colo-compare: Insert packet into the suitable position of packet queue directly
  net: fix check for number of parameters to -netdev socket

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-14 13:53:00 +00:00
Pavel Dovgalyuk
17b50b0c29 cpu-exec: avoid cpu_exec_nocache infinite loop with record/replay
This patch ensures that icount_decr.u32.high is clear before calling
cpu_exec_nocache when exception is pending.  Because the exception is
caused by the first instruction in the block and it cannot be executed
without resetting the flag.

There are two parts in the fix.  First, clear icount_decr.u32.high in
cpu_handle_interrupt (just before processing the "dependent" request,
stored in cpu->interrupt_request or cpu->exit_request) rather than
cpu_loop_exec_tb; this ensures that cpu_handle_exception is always
reached with zero icount_decr.u32.high unless another interrupt has
happened in the meanwhile.

Second, try to cause the exception at the beginning of
cpu_handle_exception, and exit immediately if the TB cannot
execute.  With this change, interrupts are processed and
cpu_exec_nocache can make process.

Signed-off-by: Maria Klimushenkova <maria.klimushenkova@ispras.ru>
Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
Message-Id: <20171114081818.27640.33165.stgit@pasha-VirtualBox>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-11-14 14:46:46 +01:00
Pavel Dovgalyuk
e01cecabf3 cpu-exec: don't overwrite exception_index
This patch adds a condition before overwriting exception_index fiels.
It is needed when exception_index is already set to some meaningful value.

Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>

Message-Id: <20171114081812.27640.26372.stgit@pasha-VirtualBox>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-11-14 14:46:46 +01:00
Dariusz Stojaczyk
9200361060 vhost-user-scsi: add missing virtqueue_size param
Commit 5c0919d0 [1] introduced virtqueue_size parameter
for common virtio-scsi path, without updaing the vhost-user-scsi
code. vhost-user-scsi devices right now report size 0 for each vq.

This patch introduces virtqueue_size param to vhost-user-scsi,
that can now be set by the user. However, the most importantly, it
now has a default value of 128 (same as QEMU's virtio-scsi).

[1] 5c0919d0 ("virtio-scsi: Add virtqueue_size parameter
allowing virtqueue size to be set.")

Change-Id: I70e87eab702ebf1196c028dbf17d54fdc0c89a14
Signed-off-by: Dariusz Stojaczyk <dariuszx.stojaczyk@intel.com>
Message-Id: <1510676916-76409-1-git-send-email-dariuszx.stojaczyk@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-11-14 14:31:33 +01:00
Wanpeng Li
6976af663d target-i386: adds PV_TLB_FLUSH CPUID feature bit
Adds PV_TLB_FLUSH CPUID feature bit.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Radim KrÄmář <rkrcmar@redhat.com>
Cc: Richard Henderson <rth@twiddle.net>
Cc: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Wanpeng Li <wanpeng.li@hotmail.com>
Message-Id: <1510299947-11287-1-git-send-email-wanpeng.li@hotmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-11-14 14:31:33 +01:00
Emilio G. Cota
54113dd5eb thread-posix: fix qemu_rec_mutex_trylock macro
We never noticed because it has no users.

Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-Id: <1510273811-13419-1-git-send-email-cota@braap.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-11-14 14:31:33 +01:00
Philippe Mathieu-Daudé
b8e535ae8a Makefile: simpler/faster "make help"
Using obscure black magic introduced in eaa2ddbb76 :)

In an out-of-tree directory, running "../configure && make help" will generate
some required files (.mak), then clone some submodules, compile at least
the capstone submodule, generate QMP and Trace files, and finally display
the help.

On an outdated computer (Sun Blade workstation), running "make help" took
more than 5h :) With this patch it took roughly 37min.

Suggested-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20171108032052.20029-1-f4bug@amsat.org>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-11-14 14:31:33 +01:00
Dr. David Alan Gilbert
a2e6ffab97 ioapic/tracing: Remove last DPRINTFs
Remove the last few DPRINTFs from hw/intc/ioapic.c and turn
them into tracing.  In one case it's a new trace, in the others
it's just adding a parameter to the existing traces.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <20171102180310.24760-1-dgilbert@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-11-14 14:31:33 +01:00
Peter Maydell
55ed8d600a target-arm queue:
* translate-a64.c: silence gcc5 warning
  * highbank: validate register offset before access
  * MAINTAINERS: Add entries for Smartfusion2
  * accel/tcg/translate-all: expand cpu_restore_state addr check
    (so usermode insn aborts don't crash with an assertion failure)
  * fix TCG initialization of some Arm boards by allowing them
    to specify min/default number of CPUs to create
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCAAGBQJaCaf9AAoJEDwlJe0UNgzeCvAP+wW30EnJ7QChmsk1QvYRlTSO
 fLOrsJj4xaBlH9ZQmTyanH1xwK4aT8Y/UDLW+AM3cM5u/2bnzoL0bgccgImqzzGt
 4e0nPSWYmQ1OBSf9+sJulIPxjBCgzHKTxd4JxhO12a4yTaJFrBDhhCKhpK0yEp3H
 qd1uhWVeMnmub1EEBjPAUpDVWRngcRbkYk3QTU/RvC8WvOhpCFZJmELovog6R/0g
 r2gkY2aEp5mdnQv4knaRwpSepVedFmT9yBhF5X54bxIhx/iPWQFdlhe2wkzdSdpN
 I6/j3BTbg1hNB1/MDClgBp1/ZOd0Aajs2zeRvelA31te8UjEbU3cUW9EgUBd+BL7
 wWxAl+RN7Ma9g8AG7Ip354kZPg3XrRAFOZbJwi0b3amO8NOQAC64f7bxAYZekU0a
 vHxC09r+u0kF+TYiZUC489S1W/PD+yiVyMrNg92Lw0SIHp0ZhDa+VuU25HYKrLle
 0xYG1a4DV5R10x95ftsil/rTOIwh2tsUbvGooErXiqF950C1qLZEmfZMMnG2G//2
 J5yVVIHL1J4R7edit/v1bcTfVrZJpJFSNsQS7Grf+psWXetSTrDOAhFzMqkpVZEe
 EfrljrlxCEjyAVEgWvbkLbSjQ+hGNa6Yfwktjo9wgcwTrEtDOsBXRnoC/m0SfXm5
 MkrINCOUGX2/Iqa/dP+O
 =LC1U
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20171113' into staging

target-arm queue:
 * translate-a64.c: silence gcc5 warning
 * highbank: validate register offset before access
 * MAINTAINERS: Add entries for Smartfusion2
 * accel/tcg/translate-all: expand cpu_restore_state addr check
   (so usermode insn aborts don't crash with an assertion failure)
 * fix TCG initialization of some Arm boards by allowing them
   to specify min/default number of CPUs to create

# gpg: Signature made Mon 13 Nov 2017 14:11:09 GMT
# gpg:                using RSA key 0x3C2525ED14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>"
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>"
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20171113:
  accel/tcg/translate-all: expand cpu_restore_state addr check
  hw: add .min_cpus and .default_cpus fields to machine_class
  xlnx-zcu102: Specify the max number of CPUs for the EP108
  xlnx-zcu102: Add an info message deprecating the EP108
  xlnx-zynqmp: Properly support the smp command line option
  qom: move CPUClass.tcg_initialize to a global
  MAINTAINERS: Add entries for Smartfusion2
  highbank: validate register offset before access
  arm/translate-a64: mark path as unreachable to eliminate warning

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-14 10:26:08 +00:00
Peter Maydell
2e550e3151 ui: fixes for 2.11
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJaBbFvAAoJEEy22O7T6HE4mCAP/A/UJSL2xFUinLDvDBR2CSGb
 qzaf/vGPtcnekSahexxjBDe7ChHjuIh0dM9pQZDrb1pdhKs98Nt/Wb0SajgmPkj6
 CapjKRHdo+7oQ0M6J47yX7HBlHuUapVhSOKlLm2TpXpyE4v8tYPExz3eo+oK/BGx
 Q3GDjOklkIJq/SJ6CoTmq/IVZEDrQ7FevQIymEG+QiIevv87Qoorsf6KUEF1hi8p
 qP8vki1zPVj9GgxuXc1OWwOrFAn1JDy3vFVvYUf8bi4kZj+fnBzms7lmjHsZ7S83
 GpVaHV0dP8nHjvPzon0O5Q72jsC1ZSpIEnlS8eLNVS47R2J0oJN+OHEqTG+F7KiJ
 rx+tX2ASxeJImcEiTrs3OaM4Vk8Rl4K+e9MjGVw3S3w4IG/zLvp5eaO69sfDpxRr
 rZgf7YXQb9U+4xKMWiehRmE20GQiNp1mLDAC2AfqTDL4Q5KFRo1aAtDHC2B6JOQ/
 1yp25/JVu+PgHICfXQQHBXB8RtJ8CYEN2LffcY8iWX3fP9UwNovIHuZhVh5Wz9Ki
 TvCmBms3d7PYBhX+CZlN2LkMe+3XZKVlEF4v3EY5aEgPyXBRq94tXbTtJj1BdK0Q
 o7vy+LJmmMT6lDETlB7z/GgHJF/qNe7YlE0rav9n42fcYAlCCTjcUITj5OqGQtjy
 0bKN/tW18vp51TAyEnQo
 =tnNs
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/ui-20171110-pull-request' into staging

ui: fixes for 2.11

# gpg: Signature made Fri 10 Nov 2017 14:02:23 GMT
# gpg:                using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/ui-20171110-pull-request:
  ui: use QEMU_IS_ALIGNED macro
  ui: fix dcl unregister

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-14 08:39:50 +00:00
Greg Kurz
dcb556fc6a xics/kvm: synchonize state before 'info pic'
When using the emulated XICS, the 'info pic' monitor command shows:

CPU 0 XIRR=ff000000 ((nil)) PP=ff MFRR=ff
ICS 1000..13ff 0x10040060340
  1000 MSI 05 00
  1001 MSI 05 00
  1002 MSI 05 00
  1003 MSI ff 00
  1004 LSI ff 00
  1005 LSI ff 00
  1006 LSI ff 00
  1007 LSI ff 00
  1008 MSI 05 00
  1009 MSI 05 00
  100a MSI 05 00
  100b MSI 05 00
  100c MSI 05 00

but when using the in-kernel XICS with the very same guest, we get:

CPU 0 XIRR=00000000 ((nil)) PP=ff MFRR=ff
ICS 1000..13ff 0x10032e00340
  1000 MSI ff 00
  1001 MSI ff 00
  1002 MSI ff 00
  1003 MSI ff 00
  1004 LSI ff 00
  1005 LSI ff 00
  1006 LSI ff 00
  1007 LSI ff 00
  1008 MSI ff 00
  1009 MSI ff 00
  100a MSI ff 00
  100b MSI ff 00
  100c MSI ff 00

ie, all irqs are masked and XIRR is null, while we should get the
same output as with the emulated XICS.

If the guest is then migrated, 'info pic' shows the expected values
on both source and destination.

The problem is that QEMU doesn't synchronize with KVM before printing
the XICS state. Migration happens to fix the output because it enforces
synchronization with KVM.

To fix the invalid output of 'info pic', this patch introduces a new
synchronize_state operation for both ICPStateClass and ICSStateClass.
The ICP operation relies on run_on_cpu() in order to kick the vCPU
and avoid sleeping on KVM_GET_ONE_REG.

Signed-off-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-11-14 11:12:42 +11:00
Sam Bobroff
e05fba5004 target/ppc: correct htab shift for hash on radix
KVM HV will soon support running a guest in hash mode on a POWER9 host
running in radix mode (see [1]), however the guest currently fails to
boot.

This is because the "htab_shift" value (the size of the MMU's hash
table) is added to the device tree before KVM has had a chance to
change it. If the host is in hash mode, KVM does not need to change it
and so the problem is not seen, but when the host is in radix mode a
change is required and we see a problem.

To fix this, move the call spapr_setup_hpt_and_vrma() (where
htab_shift could be changed) up a little so that it's called before
spapr_h_cas_compose_response() (where htab_shift is added to the
device tree).

Signed-off-by: Sam Bobroff <sam.bobroff@au1.ibm.com>

[1] See http://www.spinics.net/lists/kvm-ppc/msg13057.html
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-11-14 10:28:32 +11:00
Peter Maydell
02e5844db2 -----BEGIN PGP SIGNATURE-----
iQFEBAABCAAuFiEEUAN8t5cGD3bwIa1WyjViTGqRccYFAloFrG0QHGZhbXpAcmVk
 aGF0LmNvbQAKCRDKNWJMapFxxmkQB/9E8+c1dNd3QaiISTg+7pyk7LMPB7sEaSZx
 Zj2kz3TalGsNsI9tTL/hfoi5oqBgxpQYL9FjU7yCCqKIq9pO+aKfC8f+mMm4h2hR
 wqYRbxkWHeKG2uVaGgH0MPeA85Vcn+U1j3RxZf1SnV2hlA9mnKu+sNZaf/KRYtWk
 dOzFKg0OUeDR4lF+NYj+p3YThjge1HxIFf5Li16CBZCbdZ78gqHCOspbYWAWSVFv
 X2m0tqROqAEXX7x1zKJn/yp7N0K5VykFX/WbVmEKpjDUTxDrhFnJiSVvsuMHJJjY
 2IN/2ePjwCa9cRpUJyhX6mlplaaTC4meuaJF4WmjIyT64n4QdM7k
 =Xymd
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/famz/tags/docker-pull-request' into staging

# gpg: Signature made Fri 10 Nov 2017 13:41:01 GMT
# gpg:                using RSA key 0xCA35624C6A9171C6
# gpg: Good signature from "Fam Zheng <famz@redhat.com>"
# Primary key fingerprint: 5003 7CB7 9706 0F76 F021  AD56 CA35 624C 6A91 71C6

* remotes/famz/tags/docker-pull-request:
  docker: correctly escape $BACKEND in the help output
  docker: Improved image checksum

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-13 23:24:46 +00:00
Alberto Garcia
0761562687 qemu-iotests: Test I/O limits with removable media
This test hotplugs a CD drive to a VM and checks that I/O limits can
be set only when the drive has media inserted and that they are kept
when the media is replaced.

This also tests the removal of a device with valid I/O limits set but
no media inserted. This involves deleting and disabling the limits
of a BlockBackend without BlockDriverState, a scenario that has been
crashing until the fixes from the last couple of patches.

[Python PEP8 fixup: "Don't use spaces are the = sign when used to
indicate a keyword argument or a default parameter value"
--Stefan]

Signed-off-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 071eb397118ed207c5a7f01d58766e415ee18d6a.1510339534.git.berto@igalia.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-11-13 15:46:26 +00:00
Alberto Garcia
c89bcf3af0 block: Leave valid throttle timers when removing a BDS from a backend
If a BlockBackend has I/O limits set then its ThrottleGroupMember
structure uses the AioContext from its attached BlockDriverState.
Those two contexts must be kept in sync manually. This is not
ideal and will be fixed in the future by removing the throttling
configuration from the BlockBackend and storing it in an implicit
filter node instead, but for now we have to live with this.

When you remove the BlockDriverState from the backend then the
throttle timers are destroyed. If a new BlockDriverState is later
inserted then they are created again using the new AioContext.

There are a couple of problems with this:

   a) The code manipulates the timers directly, leaving the
      ThrottleGroupMember.aio_context field in an inconsisent state.

   b) If you remove the I/O limits (e.g by destroying the backend)
      when the timers are gone then throttle_group_unregister_tgm()
      will attempt to destroy them again, crashing QEMU.

While b) could be fixed easily by allowing the timers to be freed
twice, this would result in a situation in which we can no longer
guarantee that a valid ThrottleState has a valid AioContext and
timers.

This patch ensures that the timers and AioContext are always valid
when I/O limits are set, regardless of whether the BlockBackend has a
BlockDriverState inserted or not.

[Fixed "There'a" typo as suggested by Max Reitz <mreitz@redhat.com>
--Stefan]

Reported-by: sochin jiang <sochin.jiang@huawei.com>
Signed-off-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: e089c66e7c20289b046d782cea4373b765c5bc1d.1510339534.git.berto@igalia.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-11-13 15:43:49 +00:00
Alberto Garcia
48bf7ea81a block: Check for inserted BlockDriverState in blk_io_limits_disable()
When you set I/O limits using block_set_io_throttle or the command
line throttling.* options they are kept in the BlockBackend regardless
of whether a BlockDriverState is attached to the backend or not.

Therefore when removing the limits using blk_io_limits_disable() we
need to check if there's a BDS before attempting to drain it, else it
will crash QEMU. This can be reproduced very easily using HMP:

     (qemu) drive_add 0 if=none,throttling.iops-total=5000
     (qemu) drive_del none0

Reported-by: sochin jiang <sochin.jiang@huawei.com>
Signed-off-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 0d3a67ce8d948bb33e08672564714dcfb76a3d8c.1510339534.git.berto@igalia.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-11-13 14:38:46 +00:00
Peter Maydell
4e8a737c09 vga: bugfixes for 2.11
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJaBakGAAoJEEy22O7T6HE4BvAQAKyFKukXChjmiM1+DLI/k1L2
 sVlu1yFECNnXfm5oSHF9SWIoZliD7PG3KbAoiwaba8bPKXN8oaCajptyWwTciWrD
 jj1ZUrq13Uz2oVMPciLT4UuEwrBogCMAiCn+QJdBoQZsK85O1mKmdUhH8kyYejtB
 NrmBJKy6xGTeFd2DJGB2MTqdLv9tx+BSxo/X9quWjxZCVE1pXsEez90ECjTqL6pt
 JEJLVhQgmoZ+F+P48tmGtIq4vdnqFNSIn8aMSemOxHixabtEO+YJTRwuZfh0+pnR
 UxKfabYuInG9YArva4p6dvlCFx8f1tKNkIi96BX0UQ+HPeAzgcZG1ygF7PJqqDla
 whOLRdv/+IwtZxbcbaEh/tkcNzXhNFF18meglG9ncnkRUPNupaWBxbuT3KDLPiSW
 3DXqBYZMBht29UukU0tyB6tBAJm48NIJX0+S6PhjtpM5CDB9bgAIOycFTQxYTBCf
 M24PPM8mMoG5jJo2NRcAbkwI63XQwPJuPToWxfCNPWQSncDutD2/IH753Rt3CTAV
 JQjgBHE90gTl99a03tGZ6R8jtYBd2Eahkpvrix9b16YduqyP7t8uhuw9VRFmsAaE
 guhIFV/BA0yOueo1PapKuATN4QowMclQVw/ZGXirDkZ7/HRRFxp8Dpck2vO1eX4S
 gTaiMDTMjuLyIDw6VfuJ
 =VUIS
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/vga-20171110-pull-request' into staging

vga: bugfixes for 2.11

# gpg: Signature made Fri 10 Nov 2017 13:26:30 GMT
# gpg:                using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/vga-20171110-pull-request:
  vmsvga: use ARRAY_SIZE macro
  vga: fix region checks in wraparound case
  virtio-gpu: fix bug in host memory calculation.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-13 14:33:29 +00:00
Stefan Hajnoczi
dc868fb03b throttle-groups: drain before detaching ThrottleState
I/O requests hang after stop/cont commands at least since QEMU 2.10.0
with -drive iops=100:

  (guest)$ dd if=/dev/zero of=/dev/vdb oflag=direct count=1000
  (qemu) stop
  (qemu) cont
  ...I/O is stuck...

This happens because blk_set_aio_context() detaches the ThrottleState
while requests may still be in flight:

  if (tgm->throttle_state) {
      throttle_group_detach_aio_context(tgm);
      throttle_group_attach_aio_context(tgm, new_context);
  }

This patch encloses the detach/attach calls in a drained region so no
I/O request is left hanging.  Also add assertions so we don't make the
same mistake again in the future.

Reported-by: Yongxue Hong <yhong@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Message-id: 20171110151934.16883-1-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-11-13 14:02:09 +00:00
Zhengui
632a773543 block: all I/O should be completed before removing throttle timers.
In blk_remove_bs, all I/O should be completed before removing throttle
timers. If there has inflight I/O, removing throttle timers here will
cause the inflight I/O never return.
This patch add bdrv_drained_begin before throttle_timers_detach_aio_context
to let all I/O completed before removing throttle timers.

[Moved declaration of bs as suggested by Alberto Garcia
<berto@igalia.com>.
--Stefan]

Signed-off-by: Zhengui <lizhengui@huawei.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Message-id: 1508564040-120700-1-git-send-email-lizhengui@huawei.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-11-13 14:02:05 +00:00
Alex Bennée
d25f2a7227 accel/tcg/translate-all: expand cpu_restore_state addr check
We are still seeing signals during translation time when we walk over
a page protection boundary. This expands the check to ensure the host
PC is inside the code generation buffer. The original suggestion was
to check versus tcg_ctx.code_gen_ptr but as we now segment the
translation buffer we have to settle for just a general check for
being inside.

I've also fixed up the declaration to make it clear it can deal with
invalid addresses. A later patch will fix up the call sites.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20171108153245.20740-2-alex.bennee@linaro.org
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Cc: Richard Henderson <rth@twiddle.net>
Tested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-13 13:55:27 +00:00
Emilio G. Cota
7264961934 hw: add .min_cpus and .default_cpus fields to machine_class
max_cpus needs to be an upper bound on the number of vCPUs
initialized; otherwise TCG region initialization breaks.

Some boards initialize a hard-coded number of vCPUs, which is not
captured by the global max_cpus and therefore breaks TCG initialization.
Fix it by adding the .min_cpus field to machine_class.

This commit also changes some user-facing behaviour: we now die if
-smp is below this hard-coded vCPU minimum instead of silently
ignoring the passed -smp value (sometimes announcing this by printing
a warning). However, the introduction of .default_cpus lessens the
likelihood that users will notice this: if -smp isn't set, we now
assign the value in .default_cpus to both smp_cpus and max_cpus. IOW,
if a user does not set -smp, they always get a correct number of vCPUs.

This change fixes 3468b59 ("tcg: enable multiple TCG contexts in
softmmu", 2017-10-24), which broke TCG initialization for some
ARM boards.

Fixes: 3468b59e18
Reported-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-id: 1510343626-25861-6-git-send-email-cota@braap.org
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-13 13:55:27 +00:00
Emilio G. Cota
1342b0355e xlnx-zcu102: Specify the max number of CPUs for the EP108
Just like the zcu102, the ep108 can instantiate several CPUs.

Signed-off-by: Emilio G. Cota <cota@braap.org>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Message-id: 1510343626-25861-5-git-send-email-cota@braap.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-13 13:55:26 +00:00
Alistair Francis
83926ad527 xlnx-zcu102: Add an info message deprecating the EP108
The EP108 was an early access development board that is no longer used.
Add an info message to convert any users to the ZCU102 instead. On QEMU
they are both identical.

This patch also updated the qemu-doc.texi file to indicate that the
EP108 has been deprecated.

Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Emilio G. Cota <cota@braap.org>
Message-id: 1510343626-25861-4-git-send-email-cota@braap.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-13 13:55:26 +00:00
Alistair Francis
6908ec448b xlnx-zynqmp: Properly support the smp command line option
Allow the -smp command line option to control the number of CPUs we
create.

Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Emilio G. Cota <cota@braap.org>
Tested-by: Emilio G. Cota <cota@braap.org>
Message-id: 1510343626-25861-3-git-send-email-cota@braap.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-13 13:55:26 +00:00
Emilio G. Cota
2dda635410 qom: move CPUClass.tcg_initialize to a global
55c3cee ("qom: Introduce CPUClass.tcg_initialize", 2017-10-24)
introduces a per-CPUClass bool that we check so that the target CPU
is initialized for TCG only once. This works well except when
we end up creating more than one CPUClass, in which case we end
up incorrectly initializing TCG more than once, i.e. once for
each CPUClass.

This can be replicated with:
  $ aarch64-softmmu/qemu-system-aarch64 -machine xlnx-zcu102 -smp 6 \
      -global driver=xlnx,,zynqmp,property=has_rpu,value=on
In this case the class name of the "RPUs" is prefixed by "cortex-r5-",
whereas the "regular" CPUs are prefixed by "cortex-a53-". This
results in two CPUClass instances being created.

Fix it by introducing a static variable, so that only the first
target CPU being initialized will initialize the target-dependent
part of TCG, regardless of CPUClass instances.

Fixes: 55c3ceef61
Signed-off-by: Emilio G. Cota <cota@braap.org>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Alistair Francis <alistair.francis@xilinx.com>
Message-id: 1510343626-25861-2-git-send-email-cota@braap.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-13 13:55:25 +00:00
Subbaraya Sundeep
670bc4cbda MAINTAINERS: Add entries for Smartfusion2
Voluntarily add myself as maintainer for Smartfusion2

Signed-off-by: Subbaraya Sundeep <sundeep.lkml@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 1510552520-3566-1-git-send-email-sundeep.lkml@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-13 13:55:25 +00:00
Prasad J Pandit
c5c752af8c highbank: validate register offset before access
An 'offset' parameter sent to highbank register r/w functions
could be greater than number(NUM_REGS=0x200) of hb registers,
leading to an OOB access issue. Add check to avoid it.

Reported-by: Moguofang (Dennis mo) <moguofang@huawei.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-id: 20171113062658.9697-1-ppandit@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-13 13:55:24 +00:00
Emilio G. Cota
5ca66278c8 arm/translate-a64: mark path as unreachable to eliminate warning
Fixes the following warning when compiling with gcc 5.4.0 with -O1
optimizations and --enable-debug:

target/arm/translate-a64.c: In function ‘aarch64_tr_translate_insn’:
target/arm/translate-a64.c:2361:8: error: ‘post_index’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
     if (!post_index) {
        ^
target/arm/translate-a64.c:2307:10: note: ‘post_index’ was declared here
     bool post_index;
          ^
target/arm/translate-a64.c:2386:8: error: ‘writeback’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
     if (writeback) {
        ^
target/arm/translate-a64.c:2308:10: note: ‘writeback’ was declared here
     bool writeback;
          ^

Note that idx comes from selecting 2 bits, and therefore its value
can be at most 3.

Signed-off-by: Emilio G. Cota <cota@braap.org>
Acked-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 1510087611-1851-1-git-send-email-cota@braap.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-13 13:55:24 +00:00
Peter Maydell
7edaf99759 slirp updates
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEmjc9NmSo3GLaCjT9nlEeAcc38HUFAloEl6cACgkQnlEeAcc3
 8HV1IQ//UOD00jJKsfwy/NwO0D6CEdxAtzAMUYzJxZjHnQ4kqn+e59jHg2cLqUFH
 Ile2sj13cgVbmgRaQ1NPcp6QmK4g6KeDGWfQXKX20FbZAcC06V/XWnsPLhgaXOfJ
 FbqYXSRsiddMcVIwPNJIyhrpwbzIBpcMR/gaPz4YZ7GN6Xj2KcfChoLBRhpMhTk8
 WXHSArOcSfDiTReVADnXrxH+LIJSQmFjBy/7O25SgUDtqHJ1FdAvcCQIIPmXGeKR
 u/B8jyQ0NQlMuxul61M9CtUpxOHPSO0FUIO7Z9zxyAb8LxyOjhQ+w1MwPKJoeP1T
 nCkOa3YFDrm1o0bwysT1waE8XAm6ANhQcy365XXU+HkMeCbHDmzEzBIb4RF+5qxM
 niJ5Uy0yXU/NAVjMZLucUxOjj2XAxhdI4TlgGd6fqnadF7u48DBx91kF/SlTJmJE
 wGQIJ4RJD/dE9Xc3KM1eYYTyngD8ZT9rZLVVYm4mDhWhxal/JwY8bs/7Dpve43KT
 oadHPfT6IGqPXs7smPjPuNZIFNgohi7JbB2GvGdpDtxuo++pHI4AbWUwz66L/C5J
 NTcrsfcrm+TzPN3UoEaD409st2gZ91VXlTwRq3ZzOUwQkC5bH9s3l+WrFX5Wx7eM
 F7Oh17ib1LvNukF+zQlvK7zhTlPXKAw+TZ5bRSVbsUVAjK2UR34=
 =/Wld
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/thibault/tags/samuel-thibault' into staging

slirp updates

# gpg: Signature made Thu 09 Nov 2017 18:00:07 GMT
# gpg:                using RSA key 0x9E511E01C737F075
# gpg: Good signature from "Samuel Thibault <samuel.thibault@aquilenet.fr>"
# gpg:                 aka "Samuel Thibault <sthibault@debian.org>"
# gpg:                 aka "Samuel Thibault <samuel.thibault@gnu.org>"
# gpg:                 aka "Samuel Thibault <samuel.thibault@inria.fr>"
# gpg:                 aka "Samuel Thibault <samuel.thibault@labri.fr>"
# gpg:                 aka "Samuel Thibault <samuel.thibault@ens-lyon.org>"
# gpg:                 aka "Samuel Thibault <samuel.thibault@u-bordeaux.fr>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 900C B024 B679 31D4 0F82  304B D017 8C76 7D06 9EE6
#      Subkey fingerprint: 9A37 3D36 64A8 DC62 DA0A  34FD 9E51 1E01 C737 F075

* remotes/thibault/tags/samuel-thibault:
  slirp: don't zero the whole ti_i when m == NULL

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-13 13:54:59 +00:00
Peter Maydell
f291910db6 nbd patches for 2017-11-09
- Vladimir Sementsov-Ogievskiy: nbd/server: fix nbd_negotiate_handle_info
 - Eric Blake: 0/7 various NBD fixes for 2.11
 -----BEGIN PGP SIGNATURE-----
 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg
 
 iQEcBAABCAAGBQJaBIjaAAoJEKeha0olJ0NquwYIAKTloZicVcWpElqvjee5bQkZ
 ZE6g++zuFc1e1bjWCC0qK1iZ+OFOg0lhbdna2SXLM8GwswBaXWRJDC5uBvwlVuJN
 7NK4EVzDlcSYwyQthmLIB5FGB8NZE4U6YK10pH+wIQdhip1aJ11eqXp1UNT3cLVb
 LyOTkBoCtygTf+nY+WpHhgH+YGZ4bNt1JHIOEk2yhq8xBDsCgKCa1gnWE1TyOuFX
 40sr7n2F8+YrPrTeGdk8ZCDDtwhtxawjllJPmbbTmBxClkGQi6rSYUurVtuyzw9c
 Sz4l0ahzzgyruLDHCef5BfypTzt+AW3PuuGAoaRQhfhBnwzgcMqA71m8gYa0K+0=
 =K/Rz
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2017-11-09' into staging

nbd patches for 2017-11-09

- Vladimir Sementsov-Ogievskiy: nbd/server: fix nbd_negotiate_handle_info
- Eric Blake: 0/7 various NBD fixes for 2.11

# gpg: Signature made Thu 09 Nov 2017 16:56:58 GMT
# gpg:                using RSA key 0xA7A16B4A2527436A
# gpg: Good signature from "Eric Blake <eblake@redhat.com>"
# gpg:                 aka "Eric Blake (Free Software Programmer) <ebb9@byu.net>"
# gpg:                 aka "[jpeg image of size 6874]"
# Primary key fingerprint: 71C2 CC22 B1C4 6029 27D2  F3AA A7A1 6B4A 2527 436A

* remotes/ericb/tags/pull-nbd-2017-11-09:
  nbd/server: Fix structured read of length 0
  nbd-client: Stricter enforcing of structured reply spec
  nbd-client: Short-circuit 0-length operations
  nbd: Fix struct name for structured reads
  nbd/client: Nicer trace of structured reply
  nbd-client: Refuse read-only client with BDRV_O_RDWR
  nbd-client: Fix error message typos
  nbd/server: fix nbd_negotiate_handle_info

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-13 13:13:12 +00:00
Peter Maydell
508ba0f7e2 s390x changes: let pci devices start out in a usable state, and make
RISBGN work in tcg.
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJaBHPZAAoJEN7Pa5PG8C+vb4IP/ibDb1/PdlrS2/a/wpt2sRjr
 F1WBRcnk+A1sWbscQ+4D0wY5nAkHoooRbQ+UYpxEGAyVE2d9q+yZ1EbZ/U4BgC+z
 Z/j/kV4HNoYvSkzvs6lohPsAm7vlAImJGbpcx575OTjaN4SHx9uKTxz6gUF0/WFg
 EbT0ir40Xd/vhY0Ubw/vIf6xlBWWMrNew2rWiCB3cIoKNwxYdSpsw9RYmpS+kAbe
 9f0x83fsyE6ZN9bFKF1F0TrR5lKyq+LNU0zNcjo+KulcoEu2s7vOu/eZinfTbN2n
 KFLz0Y4UuWZpZF2rO8PlyZn91jdtfGF/hprcKEAsiTL/v7PNO7wcS8WtV6KmCQLc
 T9cSOegZGEHA7jsz+bicVpGntxDTbvOButbG69k14IFhqwOQbTk7wIfDK4L13yHV
 n0Bke64w3pIGJmOyhU9pirvxoPXNSt9MD41diw7qDdxPKek0nqqA01ykUeE9lSvJ
 NNH6MDfJI2SMiw4OcUEY8FfngPQSpc7FIyzMFGznkl5aO4wSwOwrtrI1CJgrnUv9
 VsIjFh0N1ipiumoQLnZR8YXpeh9QNwHbtER8sqvoy1BsvvhqmwriZ+XSQxrtW1Rh
 44FhsQoq5JuCdfHSk+CMa+7O/Se1nCU84AgtCSplT5cIEzSIbgtB1jUFV4tYOH0x
 9Y+seVZWm0cOLlQfIKFq
 =4fvh
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20171109' into staging

s390x changes: let pci devices start out in a usable state, and make
RISBGN work in tcg.

# gpg: Signature made Thu 09 Nov 2017 15:27:21 GMT
# gpg:                using RSA key 0xDECF6B93C6F02FAF
# gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>"
# gpg:                 aka "Cornelia Huck <huckc@linux.vnet.ibm.com>"
# gpg:                 aka "Cornelia Huck <cornelia.huck@de.ibm.com>"
# gpg:                 aka "Cornelia Huck <cohuck@kernel.org>"
# gpg:                 aka "Cornelia Huck <cohuck@redhat.com>"
# Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0  18CE DECF 6B93 C6F0 2FAF

* remotes/cohuck/tags/s390x-20171109:
  target/s390x: Finish implementing RISBGN
  s390x/pci: let pci devices start in configured mode

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-13 11:41:47 +00:00
Peter Maydell
6b8d0ac031 Capstone fixes for 2.11
-----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJaBAiFAAoJEGTfOOivfiFf3VAH/14ajkifffP3FhylMD9rYhEo
 O3JYLdBDC1bXaXnpHf/6v80XtLonFUK8RBW76k/fCG/iZqJlohP6cfXmgAUNIEHl
 Id7yzZ7sN9OGSMdqEKYDY5nUKKDlBnQ8dFYZJGHvwvuBliPB6eDx92FEczph6wv2
 WEjI+Z3ViavoNMQQv2PfvIgdSXMPOmXbdwIdcAX4/vn8LSzk1t+nSlmjwAtRsIFO
 UgKdj0Ov53V32ed6iSbM+vGR/rE5BXmm0vc7vN+ix40r91aQRUJUqIywzCIlrVE6
 8OWNWbbc/7ortI3auKv73K6TBBiTMvecvu0TyPk2mYUYS/el66UyWCbMvJYnmVE=
 =j6B5
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/rth/tags/pull-cap-20171109' into staging

Capstone fixes for 2.11

# gpg: Signature made Thu 09 Nov 2017 07:49:25 GMT
# gpg:                using RSA key 0x64DF38E8AF7E215F
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>"
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A  05C0 64DF 38E8 AF7E 215F

* remotes/rth/tags/pull-cap-20171109:
  Makefile: Capstone: Add support for cross compile ranlib
  disas: Dump insn bytes along with capstone disassembly

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-13 10:05:18 +00:00
Jens Freimann
bb160b571f net/socket: fix coverity issue
This fixes coverity issue CID1005339.

Make sure that saddr is not used uninitialized if the
mcast parameter is NULL.

Cc: qemu-stable@nongnu.org
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Jens Freimann <jfreimann@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2017-11-13 18:05:12 +08:00
Mike Nawrocki
5e89dc0113 Add new PCI ID for i82559a
Adds a new PCI ID for the i82559a (0x8086 0x1030) interface. The
"x-use-alt-device-id" property controls whether this new ID is to be
used, and is true by default, and set to false in a compat entry.

Signed-off-by: Mike Nawrocki <michael.nawrocki@gtri.gatech.edu>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2017-11-13 15:48:54 +08:00
Mike Nawrocki
1865e288a8 Fix eepro100 simple transmission mode
The simple transmission mode was treating the area immediately after the
transmit command block (TCB) as if it were a transmit buffer descriptor,
when in reality it is simply the packet data. This change simply copies
the data following the TCB into the packet buffer.

Signed-off-by: Mike Nawrocki <michael.nawrocki@gtri.gatech.edu>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2017-11-13 15:46:58 +08:00
Mao Zhongyi
8fa5ad6dfb colo: Consolidate the duplicate code chunk into a routine
Consolidate the code that extract the ip address(src,dst) and
port number(src,dst) of the packet into a separate routine
extract_ip_and_port() since the same chunk of code is called
from two place.

Cc: Zhang Chen <zhangckid@gmail.com>
Cc: Li Zhijian <lizhijian@cn.fujitsu.com>
Cc: Jason Wang <jasowang@redhat.com>
Signed-off-by: Mao Zhongyi <maozy.fnst@cn.fujitsu.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2017-11-13 15:46:37 +08:00
Mao Zhongyi
3463218c6c colo-compare: Fix comments
Cc: Zhang Chen <zhangckid@gmail.com>
Cc: Li Zhijian <lizhijian@cn.fujitsu.com>
Cc: Jason Wang <jasowang@redhat.com>
Signed-off-by: Mao Zhongyi <maozy.fnst@cn.fujitsu.com>
Signed-off-by: Zhang Chen <zhangckid@gmail.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2017-11-13 15:46:37 +08:00
Mao Zhongyi
8ec1440202 colo-compare: compare the packet in a specified Connection
A package from pri_indev or sec_indev only belongs to a particular
Connection, so we only need to compare the package in the specified
Connection's primary_list and secondary_list, rather than for each
the whole Connection list to compare. This is time-consuming and
unnecessary.

Less checkpoint more efficiency.

Cc: Zhang Chen <zhangckid@gmail.com>
Cc: Li Zhijian <lizhijian@cn.fujitsu.com>
Cc: Jason Wang <jasowang@redhat.com>
Signed-off-by: Mao Zhongyi <maozy.fnst@cn.fujitsu.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2017-11-13 15:46:37 +08:00
Mao Zhongyi
8850d4caa7 colo-compare: Insert packet into the suitable position of packet queue directly
Currently, a packet from pri_dev or sec_dev is fristly pushed at the
tail of the primary or secondary packet queue then sorted by the tcp
sequence number.

Now, this patch use g_queue_insert_sorted to insert the packet directly
into the suitable position to avoid ordering all packets each time when
a new packet is comming, thereby increasing efficiency.

In addition, consolidate the code that add a packet to the list of
Connection (primary or secondary) into a separate routine colo_insert_packet()
since the same chunk of code is called from two place.

Cc: Zhang Chen <zhangckid@gmail.com>
Cc: Li Zhijian <lizhijian@cn.fujitsu.com>
Cc: Jason Wang <jasowang@redhat.com>
Signed-off-by: Mao Zhongyi <maozy.fnst@cn.fujitsu.com>
Signed-off-by: Zhang Chen <zhangckid@gmail.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2017-11-13 15:46:37 +08:00