review.tizen.org Git - sdk/emulator/qemu.git/log

qemu-nbd: Don't use qerror_report()

qerror_report() is a transitional interface to help with converting
existing HMP commands to QMP. It should not be used elsewhere.
Replace by error_report().

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

blockdev: Don't use qerror_report() in do_drive_del()

qerror_report() is a transitional interface to help with converting
existing HMP commands to QMP.  It should not be used elsewhere.

do_drive_del() is an HMP command that won't be converted to QMP (we'll
create a new QMP command instead).  It uses both qerror_report() and
error_report().  Convert the former to the latter.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

blockdev: Don't use qerror_report_err() in drive_init()

qerror_report_err() is a transitional interface to help with
converting existing HMP commands to QMP.  It should not be used
elsewhere.

drive_init() is not meant to be used by QMP commands.  It uses both
qerror_report_err() and error_report().  Convert the former to the
latter.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

docs: Define refcount_bits value

The 'refcount_bits' term used in the description of refcount block entry is
not defined in the specification. The definition is added in the
'refcount_order' section where refcount_bits was used as 'width in bits'.

Signed-off-by: Maria Kustova <maria.k@catit.be>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

block: Drop redundant bdrv_refresh_limits

The above bdrv_set_backing_hd already does this.

Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

block: Add backing_blocker in BlockDriverState

This makes use of op_blocker and blocks all the operations except for
commit target, on each BlockDriverState->backing_hd.

The asserts for op_blocker in bdrv_swap are removed because with this
change, the target of block commit has at least the backing blocker of
its child, so the assertion is not true. Callers should do their check.

Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

block: Use bdrv_set_backing_hd everywhere

We need to handle the coming backing_blocker properly, so don't open
code the assignment, instead, call bdrv_set_backing_hd to change
backing_hd.

Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

block: Add bdrv_set_backing_hd()

This is the common but non-trivial steps to assign or change the
backing_hd of BDS.

Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

block: Move op_blocker check from block_job_create to its caller

It makes no sense to check for "any" blocker on bs, we are here only
because of the mechanical conversion from in_use to op_blockers. Remove
it now, and let the callers check specific operation types. Backup and
mirror already have it, add checker to stream and commit.

Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Benoit Canet <benoit@irqsave.net>
Reviewed-by: Jeff Cody <jcody@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

block: Replace in_use with operation blocker

This drops BlockDriverState.in_use with op_blockers:

  - Call bdrv_op_block_all in place of bdrv_set_in_use(bs, 1).

  - Call bdrv_op_unblock_all in place of bdrv_set_in_use(bs, 0).

  - Check bdrv_op_is_blocked() in place of bdrv_in_use(bs).

    The specific types are used, e.g. in place of starting block backup,
    bdrv_op_is_blocked(bs, BLOCK_OP_TYPE_BACKUP, ...).

    There is one exception in block_job_create, where
    bdrv_op_blocker_is_empty() is used, because we don't know the operation
    type here. This doesn't matter because in a few commits away we will drop
    the check and move it to callers that _do_ know the type.

  - Check bdrv_op_blocker_is_empty() in place of assert(!bs->in_use).

Note: there is only bdrv_op_block_all and bdrv_op_unblock_all callers at
this moment. So although the checks are specific to op types, this
changes can still be seen as identical logic with previously with
in_use. The difference is error message are improved because of blocker
error info.

Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Jeff Cody <jcody@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

block: Introduce op_blockers to BlockDriverState

BlockDriverState.op_blockers is an array of lists with BLOCK_OP_TYPE_MAX
elements. Each list is a list of blockers of an operation type
(BlockOpType), that marks this BDS as currently blocked for a certain
type of operation with reason errors stored in the list. The rule of
usage is:

* BDS user who wants to take an operation should check if there's any
   blocker of the type with bdrv_op_is_blocked().

* BDS user who wants to block certain types of operation, should call
   bdrv_op_block (or bdrv_op_block_all to block all types of operations,
   which is similar to the existing bdrv_set_in_use()).

* A blocker is only referenced by op_blockers, so the lifecycle is
   managed by caller, and shouldn't be lost until unblock, so typically
   a caller does these:

   - Allocate a blocker with error_setg or similar, call bdrv_op_block()
     to block some operations.
   - Hold the blocker, do his job.
   - Unblock operations that it blocked, with the same reason pointer
     passed to bdrv_op_unblock().
   - Release the blocker with error_free().

Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Benoit Canet <benoit@irqsave.net>
Reviewed-by: Jeff Cody <jcody@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

block: Add BlockOpType enum

This adds the enum of all the operations that can be taken on a block
device.

Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Benoit Canet <benoit@irqsave.net>
Reviewed-by: Jeff Cody <jcody@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

iotests: Use _img_info in test 089

Currently, test 089 uses $QEMU_IMG info manually in order to obtain the
according output. However, the iotests should generally use _img_info as
this filters out more irrelevant information such as the host image size
or format specific information. Therefore, test 089 should use _img_info
as well.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reported-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

aio: Fix use-after-free in cancellation path

The current flow of canceling a thread from THREAD_ACTIVE state is:

  1) Caller wants to cancel a request, so it calls thread_pool_cancel.

  2) thread_pool_cancel waits on the conditional variable
     elem->check_cancel.

  3) The worker thread changes state to THREAD_DONE once the task is
     done, and notifies elem->check_cancel to allow thread_pool_cancel
     to continue execution, and signals the notifier (pool->notifier) to
     allow callback function to be called later. But because of the
     global mutex, the notifier won't get processed until step 4) and 5)
     are done.

  4) thread_pool_cancel continues, leaving the notifier signaled, it
     just returns to caller.

  5) Caller thinks the request is already canceled successfully, so it
     releases any related data, such as freeing elem->common.opaque.

  6) In the next main loop iteration, the notifier handler,
     event_notifier_ready, is called. It finds the canceled thread in
     THREAD_DONE state, so calls elem->common.cb, with an (likely)
     dangling opaque pointer. This is a use-after-free.

Fix it by calling event_notifier_ready before leaving
thread_pool_cancel.

Test case update: This change will let cancel complete earlier than
test-thread-pool.c expects, so update the code to check this case: if
it's already done, done_cb sets .aiocb to NULL, skip calling
bdrv_aio_cancel on them.

Reported-by: Ulrich Obergfell <uobergfe@redhat.com>
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

qcow2: Fix memory leak in COW error path

This triggers if bs->drv becomes NULL in a concurrent request. This is
currently only the case when corruption prevention kicks in (i.e. at
most once per image, and after that it produces I/O errors).

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

QemuOpt: add unit tests

Cover basic aspects and API usage for QemuOpt. The current implementation
covers the API's planned to be changed by Chunyan Liu in his QEMUOptionParameter
replacement/cleanup job.

Other APIs should be covered in future improvements.

[Squashing in a small fix "QemuOpt: use qemu_find_opts_err() to avoid
output on stderr in tests".

qemu_find_opts() calls error_report() instead of propagating the Error
object. It is undesirable to clutter test case output with error
messages from a passing test.

Use qemu_find_opts_err() to avoid the output on stderr.
--Stefan]

Signed-off-by: Leandro Dorileo <l@dorileo.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

qemu-iotests: Handle cache mode option in 091

We should allow testing this on tmpfs. Any cache setting in iotests
should try to obey $CACHEMODE.

The cache mode is still "none" by default but overridable

Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

Merge remote-tracking branch 'remotes/kraxel/tags/pull-input-9' into staging

input: add event routing and multiseat support.
input: misc bugfixes and minor improvements.

# gpg: Signature made Mon 26 May 2014 07:44:29 BST using RSA key ID D3E87138
# gpg: Can't check signature: public key not found

* remotes/kraxel/tags/pull-input-9:
  docs: add multiseat.txt
  usb: add input routing support for tablet and keyboard
  sdl: pass key event source to input layer
  input: bind devices and input routing
  input: switch hid mouse and tablet to the new input layer api.
  input: switch hid keyboard to new input layer api.
  input: keymap: add meta keys
  input: add name to input_event_key_number
  input: add qemu_input_key_number_to_qcode
  input (curses): mask keycodes to remove modifier bits

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/mjt/tags/trivial-patches-2014-05-26' into staging

trivial patches for 2014-05-26

# gpg: Signature made Mon 26 May 2014 08:17:08 BST using RSA key ID A4C3D7DB
# gpg: Can't check signature: public key not found

* remotes/mjt/tags/trivial-patches-2014-05-26: (23 commits)
  libcacard: remove useless initializers
  net: cadence_gem: Fix top comment
  bsd-user: replace fprintf(stderr, ...) with error_report()
  audio: replace fprintf(stderr, ...) with error_report() in audio
  libcacard: fix wrong array expansion logic
  libcacard/vcard_emul_nss: Drop a redundant conditional
  libcacard: Convert two leftover realloc() to GLib
  libcacard/vreader: Tighten assertion to clarify intent
  libcacard/vreader: Drop broken recovery from failed assertion
  libcacard: Plug memory leaks around vreader_get_reader_list()
  libcacard/vscclient: Bury some dead code
  vl: fix 'name' option to work with -readconfig
  configure: Put tempfiles in a subdir of the build directory
  dma-helpers: avoid calling dma_bdrv_unmap() twice
  arch_init: replace fprintf(stderr, ...) with error_report()
  pci: move dereferencing of root only after verifying valid root pointer
  jazz_led: Add missing break in switch case
  bswap.h: Rename ldl_p, stl_p, etc to ldl_he_p, stl_he_p, etc
  configure: Automatically select GTK+ 3.0 if GTK+ 2.0 is unavailable
  nbd: Miscellaneous typo fixes.
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/mwalle/tags/lm32-semihosting/20140524' into staging

* remotes/mwalle/tags/lm32-semihosting/20140524:
  lm32: remove lm32_sys
  test: lm32: use semihosting for testing
  target-lm32: add semihosting support
  test: lm32: make test cases independent

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/rth/tcg-mips' into staging

* remotes/rth/tcg-mips: (24 commits)
  tcg-mips: Enable direct chaining of TBs
  tcg-mips: Simplify movcond
  tcg-mips: Simplify brcond2
  tcg-mips: Improve setcond eq/ne vs zeros
  tcg-mips: Simplify setcond2
  tcg-mips: Simplify brcond
  tcg-mips: Simplify setcond
  tcg-mips: Commonize opcode implementations
  tcg-mips: Improve add2/sub2
  tcg-mips: Hoist args loads
  tcg-mips: Fix subtract immediate range
  tcg-mips: Name the opcode enumeration
  tcg-mips: Use EXT for AND on mips32r2
  tcg-mips: Use T9 for TCG_TMP1
  tcg-mips: Introduce TCG_TMP0, TCG_TMP1
  tcg-mips: Rearrange register allocation
  tcg-mips: Convert to new_ldst
  tcg-mips: Convert to new qemu_l/st helpers
  tcg-mips: Move softmmu slow path out of line
  tcg-mips: Split large ldst offsets
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/rth/fix-tci' into staging

* remotes/rth/fix-tci:
tci: Fix tcg_out_call

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target-arm: Fix segfault on startup when KVM enabled

Commit 50a2c6e55fa introduced a bug where QEMU would segfault on startup
when using KVM on ARM hosts, because kvm_arm_reset_cpu() accesses
cpu->cpreg_reset_values, which is not allocated before
kvm_arch_init_vcpu(). Fix this by not calling cpu_reset() until after
qemu_init_vcpu().

Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Faerber <afaerber@suse.de>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Message-id: 1401194263-13010-1-git-send-email-christoffer.dall@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

docs: add multiseat.txt

Howto on setting up multiseat for guests.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

usb: add input routing support for tablet and keyboard

Add display property to the keyboard.
Add display and head properties to the tablet.

If properties are set bind device to the display specified to
setup input routing.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

sdl: pass key event source to input layer

So the input layer knows where the input is coming from
and input routing works correctly.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

input: bind devices and input routing

Add function to bind input devices to display devices. Implementing
input routing on top of this: Events coming from the display device in
question are routed to the input device bound to it (if there is one).

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

input: switch hid mouse and tablet to the new input layer api.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

input: switch hid keyboard to new input layer api.

Minimal patch to get the switchover done. We continue processing ps/2
scancodes for now as they are part of the live migration stream. Fixing
that, then mapping directly from QKeyValue to HID keycodes is left as
excercise for another day.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

input: keymap: add meta keys

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

input: add name to input_event_key_number

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

input: add qemu_input_key_number_to_qcode

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

input (curses): mask keycodes to remove modifier bits

Without the mask, control bits are passed on in the keycode, generating
incorrect PS/2 sequences when SHIFT, ALT, etc are held down.

Cc: qemu-stable@nongnu.org
Signed-off-by: Andrew Oates <andrew@aoates.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

libcacard: remove useless initializers

libcacard has many functions which initializes local variables
at declaration time, which are always assigned some values later
(often right after declaration). Clean up these initializers.

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

net: cadence_gem: Fix top comment

To indicate Cadence GEM not Xilinx.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

bsd-user: replace fprintf(stderr, ...) with error_report()

Replace fprintf(stderr,...) with error_report() in files bsd-user/*.
The trailing "\n"s of the @fmt argument have been removed
because @fmt of error_report() should not contain newline.

Signed-off-by: Le Tan <tamlokveer@gmail.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

audio: replace fprintf(stderr, ...) with error_report() in audio

Replace fprintf(stderr,...) with error_report() in files audio/*.
The trailing "\n"s of the @fmt argument have been removed
because @fmt of error_report() should not contain newline.

Signed-off-by: Le Tan <tamlokveer@gmail.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

libcacard: fix wrong array expansion logic

The currrent code in libcacard/vcard_emul_nss.c:vcard_emul_options()
has a weird bug in variable usage around expanding opts->vreader
array.

There's a helper variable, vreaderOpt, which is first needlessly
initialized to NULL, next, conditionally, only we have to expand
opts->vreader, receives array expansion from g_renew(), and next,
even if we don't actually perform expansion, the value of this
variable is assigned to the actual array, opts->vreader, which
was supposed to be expanded.

So, since we expand the array by READER_STEP increments, only
once in READER_STEP (=4) the code will work, in other 3/4 times
it will fail badly.

Fix this by not using this temp variable when expanding the
array, and by dropping the useless =NULL initializer too -
if it wasn't in place initially, compiler would have warned
us about this problem at the beginning.

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Markus Armbruster <armbru@redhat.com>

lm32: remove lm32_sys

Since we have now semihosting on the lm32 target, this device is no longer
needed. Remove it.

Signed-off-by: Michael Walle <michael@walle.cc>

test: lm32: use semihosting for testing

Instead of the lm32-sys device, use semihosting to print to the host
console and exit the test.

Signed-off-by: Michael Walle <michael@walle.cc>

target-lm32: add semihosting support

Intercept certain system calls if semihosting is enabled. This should
behave like the GDB simulator.

Signed-off-by: Michael Walle <michael@walle.cc>

test: lm32: make test cases independent

Make test cases independent from from each other. Eg. if a test case needs
a specific value in register A, don't rely on the fact that it is already
set by the preceding test case.

Signed-off-by: Michael Walle <michael@walle.cc>

tcg-mips: Enable direct chaining of TBs

Now that the code_gen_buffer is constrained to not cross 256mb
regions, we are assured that we can use J to reach another TB.

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg-mips: Simplify movcond

Use the same table to fold comparisons as with setcond.

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg-mips: Simplify brcond2

Emitting a single branch instead of (up to) 3, using setcond2
to generate the composite compare.

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg-mips: Improve setcond eq/ne vs zeros

The original code results in one too many insns per zero
present in the input. And since comparing 64-bit numbers
vs zero is common...

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg-mips: Simplify setcond2

Using tcg_unsigned_cond and tcg_high_cond.
Also, move the function up in the file for future cleanups.

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg-mips: Simplify brcond

Use the same table to fold comparisons as with setcond.

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg-mips: Simplify setcond

Use a table to fold comparisons to less-than.
Also, move the function up in the file for futher simplifications.

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg-mips: Commonize opcode implementations

Most opcodes fall in to one of a couple of patterns.

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg-mips: Improve add2/sub2

Reduce insn count from 5 to either 3 or 4.

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg-mips: Hoist args loads

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg-mips: Fix subtract immediate range

Since we must use ADDUI, we would generate incorrect code for -32768.
Leaving off subtract of +32768 makes things easier for a follow-on patch.

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg-mips: Name the opcode enumeration

And use it in the opcode emission functions.

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg-mips: Use EXT for AND on mips32r2

At the same time, tidy deposit by introducing tcg_out_opc_bf.

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg-mips: Use T9 for TCG_TMP1

T0 is an argument register for the n32 and n64 abis. T9 is the call
address register for the abis, and is more directly under the control
of the backend.

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg-mips: Introduce TCG_TMP0, TCG_TMP1

Use these instead of hard-coding the registers to use for temporaries.

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg-mips: Rearrange register allocation

Use FP (also known as S8) as a normal call-saved register.

Include T0 in the allocation order and call-clobbered list
even though it's currently used as a TCG temporary.

Put the argument registers at the end of the allocation order.

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg-mips: Convert to new_ldst

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg-mips: Convert to new qemu_l/st helpers

In addition, fill delay slots calling the helpers and tail
call to the store helpers.

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg-mips: Move softmmu slow path out of line

At the same time, tidy up the call helpers, avoiding a memory reference.
Split out several subroutines. Use TCGMemOp constants. Make endianness
selectable at runtime.

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg-mips: Split large ldst offsets

Use this to reduce goto_tb by one insn.

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg-mips: Fill the exit_tb delay slot

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg-mips: Use J and JAL opcodes

For userland builds calls will normally be in range,
and for the exit_tb opcode the branch to the epilogue.

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg-mips: Constrain the code_gen_buffer to be within one 256mb segment

This assures us use of J for exit_tb and goto_tb, and JAL for calling
into the generated bswap helpers.

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>

tcg-mips: Layout executable and code_gen_buffer

Choosing good addresses for them means we can use JAL for helper calls.

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>

libcacard/vcard_emul_nss: Drop a redundant conditional

Bailing out when PK11_FindGenericObjects() returns null ensures the
loop that follows it executes at least once. The "loop did not
execute" test right after it is useless. Drop it.

Spotted by Coverity.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

libcacard: Convert two leftover realloc() to GLib

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

libcacard/vreader: Tighten assertion to clarify intent

Bonus: hushes up Coverity.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

libcacard/vreader: Drop broken recovery from failed assertion

We suppress some code when we got unexpected status and assertion
checking is off:

     assert(card_status == VCARD_DONE);
     if (card_status == VCARD_DONE) {
         int size = MIN(*receive_buf_len, response->b_total_len);
         memcpy(receive_buf, response->b_data, size);
         *receive_buf_len = size;
    }

Such "recovery" is of dubious value even when it works.  This one
doesn't: it fails to assign to receive_buf[] and *receive_buf_len,
which the callers expect.

Make the code unconditional.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

libcacard: Plug memory leaks around vreader_get_reader_list()

Spotted by Coverity.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

libcacard/vscclient: Bury some dead code

Spotted by Coverity.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

vl: fix 'name' option to work with -readconfig

The 'name' option silently failed when used in config files
( http://lists.gnu.org/archive/html/qemu-devel/2014-04/msg00378.html )

-readconfig stores the configuration read in QemuOpts.  Command line
option parsing should do the same, and no more.  In particular it should
not act upon the option.  That needs to be done separately, where both
command line and -readconfig settings are visible in QemuOpts.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reported-by: William Dauchy <william@gandi.net>
Tested-by: William Dauchy <william@gandi.net>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(mjt: added commit message by ambru@ and subject prefix)

configure: Put tempfiles in a subdir of the build directory

When libtool support was added to configure, the new temporary files
were left out of the list of files cleaned up on exit; this results
in a lot of stale .lo files being left around in /tmp. Worse, libtool
creates a /tmp/.libs directory which we can't easily clean up.

Put all our temporary files in a single temporary directory created
as a subdirectory of the build directory, so we can easily clean it up,
and don't need fragile or complicated code for creation to avoid it
clashing with temporary directories from other instances of QEMU
configure or being subject to attack from adversaries who can write
to /tmp.

Since the temporaries now live in the build tree, we have no
need to jump through hoops with a trap handler to try to remove
them when configure exits; this fixes some weird bugs where hitting
^C during a configure run wouldn't actually make it stop, because
we would run the trap handler but then not stop. (It is possible
to get the trap handler semantics right but it is convoluted largely
because of bugs in dash, so it is simpler to just avoid it.)

Note that "temporary files go in the build directory, not /tmp" is
the way autoconf behaves.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

dma-helpers: avoid calling dma_bdrv_unmap() twice

Calling dma_bdrv_unmap() twice is not necessary and may cause
potential problems if some code changes.

Signed-off-by: Jules Wang <junqing.wang@cs2c.com.cn>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

arch_init: replace fprintf(stderr, ...) with error_report()

Replace fprintf(stderr,...) with error_report() in the file
arch_init.c. The trailing "\n"s of the @fmt argument have been removed
because @fmt of error_report() should not contain newline.

Signed-off-by: Le Tan <tamlokveer@gmail.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

pci: move dereferencing of root only after verifying valid root pointer

Signed-off-by: Saravanakumar <saravanakumar.punith@gmail.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

jazz_led: Add missing break in switch case

Signed-off-by: Saravanakumar <saravanakumar.punith@gmail.com>
Reviewed-by: Paolo Bonizni <pbonzini@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

bswap.h: Rename ldl_p, stl_p, etc to ldl_he_p, stl_he_p, etc

We have an unfortunate naming clash between the functions
ldl_p, stl_p, etc defined in bswap.h (which have semantics
"load/store in host endianness") and the #defines of the same
name in cpu-all.h (which have the semantics "load/store in
target endianness").

Fortunately it turns out that the only users of the bswap.h
functions are all within bswap.h itself, so we can simply
rename them to include a _he_ infix for "host endianness".

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

configure: Automatically select GTK+ 3.0 if GTK+ 2.0 is unavailable

The configure option --with-gtkabi=3.0 is still supported, but no longer
needed when GTK+-2.0 is missing. When no GTK+ ABI is selected by the
user, configure first tries 2.0, then 3.0.

For some platforms (e.g. Windows) newer binaries of GTK+ are only
available for GTK+ 3.0. Now building on these platforms is a little bit
easier.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

nbd: Miscellaneous typo fixes.

Signed-off-by: Hani Benhabiles <hani@linux.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

nbd: Close socket on negotiation failure.

Otherwise, the nbd client may hang waiting for the server response.

Signed-off-by: Hani Benhabiles <hani@linux.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

iohandler.c: Properly initialize sigaction struct

The code in qemu_init_child_watch() wasn't clearing the 'struct
sigaction' before passing it to sigaction(); this meant that we
would block a random set of signals while executing the SIGCHLD
handler. Initialize properly by using memset() on the struct,
as we do in similar cases elsewhere.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

libcacard: g_malloc cleanups

This patch replaces g_malloc() in libcacard into g_new()
or g_new0() where appropriate (removing some init-to-zero
surrounding code), g_malloc+memcpy into g_memdup() and the
like.

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Alon Levy <alevy@redhat.com>

tci: Fix tcg_out_call

Broken since dddbb2e1e3f8137d7e3f1faf9758c66cca0c94ea.
Do all the rest of the things that tcg_out_op did before
and after the big switch statement.

Signed-off-by: Richard Henderson <rth@twiddle.net>

Merge remote-tracking branch 'remotes/qmp-unstable/queue/qmp' into staging

* remotes/qmp-unstable/queue/qmp:
  qapi: zero-initialize all QMP command parameters
  scripts/qapi.py: Avoid syntax not supported by Python 2.4
  doc: add "setup" to list of migration states

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/kraxel/tags/pull-chardev-2' into staging

purge error_is_set()

# gpg: Signature made Wed 21 May 2014 11:43:44 BST using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-chardev-2:
  error: error_is_set() is finally unused; remove
  char: Explain qmp_chardev_add()'s unusual error handling
  char: Clean up fragile use of error_is_set()
  char: Use return values instead of error_is_set(errp)
  qemu-socket: Clean up inet_connect_opts()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/kraxel/tags/pull-audio-5' into staging

audio: two intel-hda fixes.

# gpg: Signature made Wed 21 May 2014 09:49:39 BST using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-audio-5:
  hw/audio/intel-hda: Avoid shift into sign bit
  audio/intel-hda: support FIFORDY

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20140520' into staging

some s390 patches:

- Enable irqfds on s390 via the new adapter interrupt routing type.
  As a prereq, fix the kvm enable_cap helpers for some compilers and
  split the s390 flic into kvm and non-kvm parts.
- Enable software and hardware debugging support on s390. This needs a
  kernel headers update.

# gpg: Signature made Tue 20 May 2014 12:30:54 BST using RSA key ID C6F02FAF
# gpg: Can't check signature: public key not found

* remotes/cohuck/tags/s390x-20140520:
  s390x/kvm: hw debugging support via guest PER facility
  s390x/kvm: software breakpoint support
  s390x: remove duplicate definitions of DIAG 501
  linux-headers: update
  s390x/virtio-ccw: wire up irq routing and irqfds
  s390x/virtio-ccw: reference-counted indicators
  s390x: add I/O adapter registration
  s390x: split flic into kvm and non-kvm parts
  kvm: Fix enable_cap helpers on older gcc

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge remote-tracking branch 'remotes/bonzini/scsi-next' into staging

* remotes/bonzini/scsi-next:
  megasas: remove buildtime strings
  block: iscsi build fix if LIBISCSI_FEATURE_IOVECTOR is not defined
  virtio-scsi: Plug memory leak on virtio_scsi_push_event() error path
  scsi: Document intentional fall through in scsi_req_length()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

qapi: zero-initialize all QMP command parameters

In general QMP command parameter values are specified by consumers of the
QMP/HMP interface, but in the case of optional parameters these values may
be left uninitialized.

It is considered a bug for code to make use of optional parameters that have
not been flagged as being present by the marshalling code (via corresponding
has_<parameter> parameter), however our marshalling code will still pass
these uninitialized values on to the corresponding QMP function (to then
be ignored). Some compilers (clang in particular) consider this unsafe
however, and generate warnings as a result. As reported by Peter Maydell:

  This is something clang's -fsanitize=undefined spotted. The
  code generated by qapi-commands.py in qmp-marshal.c for
  qmp_marshal_* functions where there are some optional
  arguments looks like this:

      bool has_force = false;
      bool force;

      mi = qmp_input_visitor_new_strict(QOBJECT(args));
      v = qmp_input_get_visitor(mi);
      visit_type_str(v, &device, "device", errp);
      visit_start_optional(v, &has_force, "force", errp);
      if (has_force) {
          visit_type_bool(v, &force, "force", errp);
      }
      visit_end_optional(v, errp);
      qmp_input_visitor_cleanup(mi);

      if (error_is_set(errp)) {
          goto out;
      }
      qmp_eject(device, has_force, force, errp);

  In the case where has_force is false, we never initialize
  force, but then we use it by passing it to qmp_eject.
  I imagine we don't then actually use the value, but clang
  complains in particular for 'bool' variables because the value
  that ends up being loaded from memory for 'force' is not either
  0 or 1 (being uninitialized stack contents).

Fix this by initializing all QMP command parameters to {0} in the
marshalling code prior to passing them on to the QMP functions.

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

scripts/qapi.py: Avoid syntax not supported by Python 2.4

The Python "except Foo as x" syntax was only introduced in
Python 2.6, but we aim to support Python 2.4 and later.
Use the old-style "except Foo, x" syntax instead, thus
fixing configure/compile on systems with older Python.

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Andreas Färber <andreas.faerber@web.de>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

error: error_is_set() is finally unused; remove

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

char: Explain qmp_chardev_add()'s unusual error handling

Character backend open hasn't been fully converted to the Error API.
Some opens fail without setting an error. qmp_chardev_add() needs to
detect when that happens, and set a generic error. Explain that in a
comment, and inline error_is_set() for clarity.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

char: Clean up fragile use of error_is_set()

Using error_is_set(ERRP) to find out whether a function failed is
either wrong, fragile, or unnecessarily opaque.  It's wrong when ERRP
may be null, because errors go undetected when it is.  It's fragile
when proving ERRP non-null involves a non-local argument.  Else, it's
unnecessarily opaque (see commit 84d18f0).

The error_is_set(errp) in qemu_chr_new_from_opts() is merely fragile,
because the callers never pass a null errp argument.

Make the code more robust and more obviously correct: receive the
error in a local variable, then propagate it through the parameter.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

char: Use return values instead of error_is_set(errp)

Using error_is_set(errp) to check whether a function call failed is
fragile: it breaks when errp is null. Check perfectly suitable return
values instead when possible. As far as I can tell, errp can't be
null there, but this is more robust and more obviously correct

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

qemu-socket: Clean up inet_connect_opts()

Separate the search for a working addrinfo from the code that does
something with it. Makes for a clearer search loop.

Use a local Error * to simplify resetting the error in the search
loop.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

doc: add "setup" to list of migration states

On a slow VM (e.g., nested), you see the "setup" state when you query the
migration status.

Signed-off-by: Peter Feiner <peter@gridcentric.ca>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

megasas: remove buildtime strings

Using __DATE__ or __TIME__ in binary pkgs changes the checksum of
compiled binaries if they get rebuilt, even if there are no other
source changes. Replace the dynamic strings with some equally
informative static strings.

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

s390x/kvm: hw debugging support via guest PER facility

This patch makes use of the hw debugging support in kvm (provided by the guest's
PER facility) on s390. It enables the following features, available using the
gdbserver:
- single-stepping
- hw breakpoints
- hw watchpoints

Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>