Tang Chen [Mon, 27 Apr 2015 08:47:16 +0000 (16:47 +0800)]
acpi, mem-hotplug: add acpi_memory_slot_status() to get MemStatus
Add a new API named acpi_memory_slot_status() to obtain a single memory
slot status. Doing this is because this procedure will be used by other
functions in the next coming patches.
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Tang Chen <tangchen@cn.fujitsu.com>
Signed-off-by: Zhu Guihua <zhugh.fnst@cn.fujitsu.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Zhu Guihua [Mon, 27 Apr 2015 08:47:15 +0000 (16:47 +0800)]
docs: update documentation for memory hot unplug
Add specification about how to use memory hot unplug, and add
a flow diagram to explain memory hot unplug process.
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Zhu Guihua <zhugh.fnst@cn.fujitsu.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Michael S. Tsirkin [Mon, 27 Apr 2015 19:01:20 +0000 (21:01 +0200)]
virtio: coding style tweak
no space needed after *.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Jason Wang [Thu, 23 Apr 2015 06:21:49 +0000 (14:21 +0800)]
pci: remove hard-coded bar size in msix_init_exclusive_bar()
This patch lets msix_init_exclusive_bar() can calculate the bar and
pba size based on the number of MSI-X vectors other than using a
hard-coded limit 4096. This is needed to allow device to have more
than 128 MSI_X vectors. To keep migration compatibility, keep using
4096 as bar size and 2048 for pba offset.
Notes: We don't care about the case that using vectors > 128 for
legacy machine type. Since we limit the queue max to 64, so vectors >=
65 is meaningless.
Virtio device will be the first user for this.
Cc: Keith Busch <keith.busch@intel.com>
Cc: Kevin Wolf <kwolf@redhat.com>
Cc: Stefan Hajnoczi <stefanha@redhat.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Jason Wang [Thu, 23 Apr 2015 06:21:47 +0000 (14:21 +0800)]
virtio-pci: speedup MSI-X masking and unmasking
This patch tries to speed up the MSI-X masking and unmasking through
the mapping between vector and queues. With this patch it will there's
no need to go through all possible virtqueues, which may help to
reduce the time spent when doing MSI-X masking/unmasking a single
vector when more than hundreds or even thousands of virtqueues were
supported.
Tested with 80 queue pairs virito-net-pci by changing the smp affinity
in the background and doing netperf in the same time:
Before the patch:
5711.70 Gbits/sec
After the patch:
6830.98 Gbits/sec
About 19.6% improvements in throughput.
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Jason Wang [Thu, 23 Apr 2015 06:21:46 +0000 (14:21 +0800)]
virtio: introduce vector to virtqueues mapping
Currently we will try to traverse all virtqueues to find a subset that
using a specific vector. This is sub optimal when we will support
hundreds or even thousands of virtqueues. So this patch introduces a
method which could be used by transport to get all virtqueues that
using a same vector. This is done through QLISTs and the number of
QLISTs was queried through a transport specific method. When guest
setting vectors, the virtqueue will be linked and helpers for traverse
the list was also introduced.
The first user will be virtio pci which will use this to speed up
MSI-X masking and unmasking handling.
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Jason Wang [Thu, 23 Apr 2015 06:21:40 +0000 (14:21 +0800)]
virtio-ccw: using VIRTIO_NO_VECTOR instead of 0 for invalid virtqueue
It's a bad idea to need to use vector 0 for invalid virtqueue. So this patch
changes to using VIRTIO_NO_VECTOR instead.
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Cornelia Huck <cornelia.huck@de.ibm.com>
CC: Christian Borntraeger <borntraeger@de.ibm.com>
Cc: Richard Henderson <rth@twiddle.net>
Cc: Alexander Graf <agraf@suse.de>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Jason Wang [Thu, 23 Apr 2015 06:21:39 +0000 (14:21 +0800)]
monitor: check return value of qemu_find_net_clients_except()
qemu_find_net_clients_except() may return a value which is greater
than the size of array we provided. So we should check this value
before using it, otherwise this may cause unexpected memory access.
This patch fixes the net related command completion when we have a
virtio-net nic with more than 255 queues.
Cc: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Jason Wang [Thu, 23 Apr 2015 06:21:38 +0000 (14:21 +0800)]
monitor: replace the magic number 255 with MAX_QUEUE_NUM
This patch replace the magic number 255, and increase it to
MAX_QUEUE_NUM which is maximum number of queues supported by a nic.
Cc: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Jason Wang [Thu, 23 Apr 2015 06:21:37 +0000 (14:21 +0800)]
ppc: spapr: add 2.4 machine type
The following patches will limit the following things to legacy
machine type:
- maximum number of virtqueues for virtio-pci were limited to 64
Cc: Alexander Graf <agraf@suse.de>
Cc: qemu-ppc@nongnu.org
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Alexander Graf <agraf@suse.de>
Jason Wang [Thu, 23 Apr 2015 06:21:36 +0000 (14:21 +0800)]
spapr: add machine type specific instance init function
This patches adds machine type specific instance initialization
functions. Those functions will be used by following patches to compat
class properties for legacy machine types.
Cc: Alexander Graf <agraf@suse.de>
Cc: qemu-ppc@nongnu.org
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Jason Wang [Thu, 23 Apr 2015 06:21:35 +0000 (14:21 +0800)]
pc: add 2.4 machine types
The following patches will limit the following things to legacy
machine type:
- maximum number of virtqueues for virtio-pci were limited to 64
- auto msix bar size for virtio-net-pci were disabled by default
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Richard Henderson <rth@twiddle.net>
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Jason Wang [Thu, 23 Apr 2015 06:21:34 +0000 (14:21 +0800)]
virtio-net: fix the upper bound when trying to delete queues
Virtqueue were indexed from zero, so don't delete virtqueue whose
index is n->max_queues * 2 + 1.
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: qemu-stable <qemu-stable@nongnu.org>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Luke Gorrie [Sun, 26 Apr 2015 13:00:49 +0000 (15:00 +0200)]
vhost-user: Send VHOST_RESET_OWNER on vhost stop
Ensure that the vhost-user slave knows when the vrings are valid and
when they are invalid, for example during a guest reboot.
The vhost-user protocol says this of VHOST_RESET_OWNER:
Issued when a new connection is about to be closed. The Master
will no longer own this connection (and will usually close it).
Send this message to tell the vhost-user slave that the vhost session
has ended and that session state (e.g. vrings) is no longer valid.
Signed-off-by: Luke Gorrie <luke@snabb.co>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Shannon Zhao [Fri, 3 Apr 2015 10:03:34 +0000 (18:03 +0800)]
hw/i386/acpi-build: move generic acpi building helpers into dedictated file
Move generic acpi building helpers into dedictated file and this
can be shared with other machines.
Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Shannon Zhao [Fri, 3 Apr 2015 10:03:33 +0000 (18:03 +0800)]
hw/i386: Move ACPI header definitions in an arch-independent location
The ACPI related header file acpi-defs.h, includes definitions that
apply on other architectures as well. Move it in `include/hw/acpi/`
to sanely include it from other architectures.
Signed-off-by: Alvise Rigo <a.rigo@virtualopensystems.com>
Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Michael S. Tsirkin [Wed, 15 Apr 2015 08:55:46 +0000 (10:55 +0200)]
acpi-build: close } in comment
missing } confuses editors
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Peter Maydell [Mon, 27 Apr 2015 16:28:41 +0000 (17:28 +0100)]
Merge remote-tracking branch 'remotes/qmp-unstable/tags/for-upstream' into staging
Four little fixes
# gpg: Signature made Fri Apr 24 19:56:51 2015 BST using RSA key ID
E24ED5A7
# gpg: Good signature from "Luiz Capitulino <lcapitulino@gmail.com>"
* remotes/qmp-unstable/tags/for-upstream:
qmp: Give saner messages related to qmp_capabilities misuse
qmp-commands: fix incorrect uses of ":O" specifier
qapi: Drop dead genlist parameter
balloon: improve error msg when adding second device
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Sat, 25 Apr 2015 21:05:07 +0000 (22:05 +0100)]
Open 2.4 development tree
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Eric Blake [Wed, 15 Apr 2015 15:19:23 +0000 (09:19 -0600)]
qmp: Give saner messages related to qmp_capabilities misuse
Pretending that QMP doesn't understand a command merely because
we are not in the right mode doesn't help first-time users figure
out what to do to correct things. Although the documentation for
QMP calls out capabilities negotiation, we should also make it
clear in our error messages what we were expecting. With this
patch, I now get the following transcript:
$ ./x86_64-softmmu/qemu-system-x86_64 -qmp stdio -nodefaults
{"QMP": {"version": {"qemu": {"micro": 93, "minor": 2, "major": 2}, "package": ""}, "capabilities": []}}
{"execute":"huh"}
{"error": {"class": "CommandNotFound", "desc": "The command huh has not been found"}}
{"execute":"quit"}
{"error": {"class": "CommandNotFound", "desc": "Expecting capabilities negotiation with 'qmp_capabilities' before command 'quit'"}}
{"execute":"qmp_capabilities"}
{"return": {}}
{"execute":"qmp_capabilities"}
{"error": {"class": "CommandNotFound", "desc": "Capabilities negotiation is already complete, command 'qmp_capabilities' ignored"}}
{"execute":"quit"}
{"return": {}}
{"timestamp": {"seconds":
1429110729, "microseconds": 181935}, "event": "SHUTDOWN"}
Signed-off-by: Eric Blake <eblake@redhat.com>
Tested-By: Kashyap Chamarthy <kchamart@redhat.com>
Reviewed-by: Paulo Vital <paulo.vital@profitbricks.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Paolo Bonzini [Wed, 15 Apr 2015 11:30:04 +0000 (13:30 +0200)]
qmp-commands: fix incorrect uses of ":O" specifier
As far as the QMP parser is concerned, neither the 'O' nor the 'q' format specifiers
put any constraint on the command. However, there are two differences:
1) from a documentation point of view 'O' says that this command takes
a dictionary. The dictionary will be converted to QemuOpts in the
handler to match the corresponding HMP command.
2) 'O' sets QMP_ACCEPT_UNKNOWNS, resulting in the command accepting invalid
extra arguments. For example the following is accepted:
{ "execute": "send-key",
"arguments": { "keys": [ { "type": "qcode", "data": "ctrl" },
{ "type": "qcode", "data": "alt" },
{ "type": "qcode", "data": "delete" } ], "foo": "bar" } }
Neither send-key nor migrate-set-capabilities take a QemuOpts-like
dictionary; they take an array of dictionaries. And neither command
really wants to have extra unknown arguments. Thus, the right
specifier to use in this case is 'q'; with this patch the above
command fails with
{"error": {"class": "GenericError", "desc": "Invalid parameter 'foo'"}}
as intended.
Reported-by: Alberto Garcia <berto@igalia.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Eric Blake [Fri, 10 Apr 2015 21:07:59 +0000 (15:07 -0600)]
qapi: Drop dead genlist parameter
Defaulting a parameter to True, then having all callers omit or
pass an explicit True for that parameter, is pointless. Looks
like it has been dead since introduction in commit 06d64c6, more
than 4 years ago.
Signed-off-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Luiz Capitulino [Tue, 31 Mar 2015 17:00:26 +0000 (13:00 -0400)]
balloon: improve error msg when adding second device
A VM supports only one balloon device, but due to several changes
in infrastructure the error message got messed up when trying
to add a second device. Fix it.
Before this fix
Command-line:
qemu-qmp: -device virtio-balloon-pci,id=balloon0: Another balloon device already registered
qemu-qmp: -device virtio-balloon-pci,id=balloon0: Adding balloon handler failed
qemu-qmp: -device virtio-balloon-pci,id=balloon0: Device 'virtio-balloon-pci' could not be initialized
HMP:
Another balloon device already registered
Adding balloon handler failed
Device 'virtio-balloon-pci' could not be initialized
QMP:
{ "execute": "device_add", "arguments": { "driver": "virtio-balloon-pci", "id": "balloon0" } }
{
"error": {
"class": "GenericError",
"desc": "Adding balloon handler failed"
}
}
After this fix
Command-line:
qemu-qmp: -device virtio-balloon-pci,id=balloon0: Only one balloon device is supported
qemu-qmp: -device virtio-balloon-pci,id=balloon0: Device 'virtio-balloon-pci' could not be initialized
HMP:
(qemu) device_add virtio-balloon-pci,id=balloon0
Only one balloon device is supported
Device 'virtio-balloon-pci' could not be initialized
(qemu)
QMP:
{ "execute": "device_add",
"arguments": { "driver": "virtio-balloon-pci", "id": "balloon0" } }
{
"error": {
"class": "GenericError",
"desc": "Only one balloon device is supported"
}
}
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Peter Maydell [Fri, 24 Apr 2015 14:05:06 +0000 (15:05 +0100)]
Update version for v2.3.0 release
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Mon, 20 Apr 2015 16:13:16 +0000 (17:13 +0100)]
Update version for v2.3.0-rc4 release
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Michael S. Tsirkin [Fri, 17 Apr 2015 15:13:24 +0000 (17:13 +0200)]
vhost: fix log base address
VHOST_SET_LOG_BASE got an incorrect address, causing
migration errors and potentially even memory corruption.
Reported-by: Wen Congyang <wency@cn.fujitsu.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Amos Kong <akong@redhat.com>
Message-id:
1429283565-32265-1-git-send-email-mst@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alberto Garcia [Fri, 17 Apr 2015 12:44:48 +0000 (15:44 +0300)]
hmp: fix crash in 'info block -n -v'
The image field in BlockDeviceInfo should never be null, however
bdrv_block_device_info() is not filling it in.
This makes the 'info block -n -v' command crash QEMU.
The proper solution is probably to move the relevant code from
bdrv_query_info() to bdrv_block_device_info(), but since we're too
close to the release for that this simpler workaround solves the
crash.
Signed-off-by: Alberto Garcia <berto@igalia.com>
Message-id:
1429274688-8115-1-git-send-email-berto@igalia.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Fri, 17 Apr 2015 11:54:46 +0000 (12:54 +0100)]
Merge remote-tracking branch 'remotes/lalrae/tags/mips-
20150417-2' into staging
MIPS patches 2015-04-17
Changes:
* fix broken fulong2e
# gpg: Signature made Fri Apr 17 12:14:37 2015 BST using RSA key ID
0B29DA6B
# gpg: Can't check signature: public key not found
* remotes/lalrae/tags/mips-
20150417-2:
mips: fix broken fulong2e machine
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Fri, 17 Apr 2015 11:37:38 +0000 (12:37 +0100)]
Merge remote-tracking branch 'remotes/kraxel/tags/pull-fwcfg-
20150414-1' into staging
fw_cfg: add documentation file (docs/specs/fw_cfg.txt)
# gpg: Signature made Tue Apr 14 12:22:20 2015 BST using RSA key ID
D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
* remotes/kraxel/tags/pull-fwcfg-
20150414-1:
fw_cfg: add documentation file (docs/specs/fw_cfg.txt)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Paolo Bonzini [Thu, 16 Apr 2015 20:11:23 +0000 (21:11 +0100)]
mips: fix broken fulong2e machine
After commit 5312bd8 the bonito_readl() and bonito_writel() have been
accessing incorrect addresses. Consequently QEMU is crashing when trying
to boot Linux kernel on fulong2e machine.
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Mark Cave-Ayland [Fri, 17 Apr 2015 07:16:49 +0000 (08:16 +0100)]
target-ppc: don't invalidate msr MSR_HVB bit in cpu_post_load
The invalidation code introduced in commit 2360b works by inverting most bits
of env->msr to ensure that hreg_store_msr() will forcibly update the CPU env
state to reflect the new msr value post-migration. Unfortunately
hreg_store_msr() is called with alter_hv set to 0 which preserves the MSR_HVB
state from the CPU env which is now the opposite value to what it should be.
Ensure that we don't invalidate the msr MSR_HVB bit during cpu_post_load so
that the correct value is restored. This fixes suspend/resume for PPC64.
Reported-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Alexander Graf <agraf@suse.de>
Message-id:
1429255009-12751-1-git-send-email-mark.cave-ayland@ilande.co.uk
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Gabriel L. Somlo [Thu, 9 Apr 2015 14:40:01 +0000 (10:40 -0400)]
fw_cfg: add documentation file (docs/specs/fw_cfg.txt)
This document covers the guest-side hardware interface, as
well as the host-side programming API of QEMU's firmware
configuration (fw_cfg) device.
Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>
Signed-off-by: Gabriel Somlo <somlo@cmu.edu>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Peter Maydell [Mon, 13 Apr 2015 16:35:44 +0000 (17:35 +0100)]
Update version for v2.3.0-rc3 release
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Fri, 10 Apr 2015 12:58:01 +0000 (13:58 +0100)]
Revert seccomp tests that allow it to be used on non-x86 architectures
Unfortunately it turns out that libseccomp 2.2 still does not work
correctly on non-x86 architectures; return to the previous configure
setup of insisting on libseccomp 2.1 or better and i386/x86_64 and
disabling seccomp support in all other situations.
This reverts the two commits:
* "seccomp: libseccomp version varying according to arch"
(commit
896848f0d3e2393905845ef2b244bb2601f9df0c)
* "seccomp: update libseccomp version and remove arch restriction"
(commit
8e27fc200457e3f2473d0069263774d4ba17bd85)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id:
1428670681-23032-1-git-send-email-peter.maydell@linaro.org
Thomas Huth [Thu, 9 Apr 2015 13:32:45 +0000 (15:32 +0200)]
pci: Fix crash with illegal "-net nic, model=xxx" option
Current QEMU crashes when specifying an illegal model with the
"-net nic,model=xxx" option, e.g.:
$ qemu-system-x86_64 -net nic,model=n/a
qemu-system-x86_64: Unsupported NIC model: n/a
Program received signal SIGSEGV, Segmentation fault.
The gdb backtrace looks like this:
0x0000555555965fe0 in error_get_pretty (err=0x0) at util/error.c:152
152 return err->msg;
(gdb) bt
0 0x0000555555965fe0 in error_get_pretty (err=0x0) at util/error.c:152
1 0x0000555555965ffd in error_report_err (err=0x0) at util/error.c:157
2 0x0000555555809c90 in pci_nic_init_nofail (nd=0x555555e49860 <nd_table>, rootbus=0x5555564409b0,
default_model=0x55555598c37b "e1000", default_devaddr=0x0) at hw/pci/pci.c:1663
3 0x0000555555691e42 in pc_nic_init (isa_bus=0x555556f71900, pci_bus=0x5555564409b0)
at hw/i386/pc.c:1506
4 0x000055555569396b in pc_init1 (machine=0x5555562abbf0, pci_enabled=1, kvmclock_enabled=1)
at hw/i386/pc_piix.c:248
5 0x0000555555693d27 in pc_init_pci (machine=0x5555562abbf0) at hw/i386/pc_piix.c:310
6 0x000055555572ddf5 in main (argc=3, argv=0x7fffffffe018, envp=0x7fffffffe038) at vl.c:4226
The problem is that pci_nic_init_nofail() does not check whether the err
parameter from pci_nic_init has been set up and thus passes a NULL pointer
to error_report_err(). Fix it by correctly checking the err parameter.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Andreas Färber [Fri, 10 Apr 2015 14:37:56 +0000 (16:37 +0200)]
stm32f205: Fix SoC type name
The type name for the SoC device, unlike those of its sub-devices,
did not follow the QOM naming conventions. While the usage is internal
only, this is exposed through QMP and HMP, so fix it before release.
Cc: Alistair Francis <alistair.francis@xilinx.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Alistair Francis <alistair@alistair23.me>
Message-id:
1428676676-23056-1-git-send-email-afaerber@suse.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Dirk Müller [Sat, 4 Apr 2015 12:15:10 +0000 (14:15 +0200)]
cris: memory: Replace memory_region_init_ram with memory_region_allocate_system_memory
Commit
0b183fc871:"memory: move mem_path handling to
memory_region_allocate_system_memory" split memory_region_init_ram and
memory_region_init_ram_from_file. Also it moved mem-path handling a step
up from memory_region_init_ram to memory_region_allocate_system_memory.
Therefore for any board that uses memory_region_init_ram directly,
-mem-path is not supported.
Fix this by replacing memory_region_init_ram with
memory_region_allocate_system_memory.
Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Cc: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Signed-off-by: Dirk Mueller <dmueller@suse.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Dirk Müller [Sat, 4 Apr 2015 12:14:14 +0000 (14:14 +0200)]
alpha: memory: Replace memory_region_init_ram with memory_region_allocate_system_memory
Commit
0b183fc871:"memory: move mem_path handling to
memory_region_allocate_system_memory" split memory_region_init_ram and
memory_region_init_ram_from_file. Also it moved mem-path handling a step
up from memory_region_init_ram to memory_region_allocate_system_memory.
Therefore for any board that uses memory_region_init_ram directly,
-mem-path is not supported.
Fix this by replacing memory_region_init_ram with
memory_region_allocate_system_memory.
Cc: Richard Henderson <rth@twiddle.net>
Signed-off-by: Dirk Mueller <dmueller@suse.com>
Acked-by: Richard Henderson <rth@twiddle.net>
Message-id: CAL5wTH64_ykF17cw2T1Axq8P3vCWm=6WbUJ3qJrLF-u+-MmzUw@mail.gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Dirk Müller [Sat, 4 Apr 2015 12:16:18 +0000 (14:16 +0200)]
lm32: memory: Replace memory_region_init_ram with memory_region_allocate_system_memory
Commit
0b183fc871:"memory: move mem_path handling to
memory_region_allocate_system_memory" split memory_region_init_ram and
memory_region_init_ram_from_file. Also it moved mem-path handling a step
up from memory_region_init_ram to memory_region_allocate_system_memory.
Therefore for any board that uses memory_region_init_ram directly,
-mem-path is not supported.
Fix this by replacing memory_region_init_ram with
memory_region_allocate_system_memory.
Cc: Michael Walle <michael@walle.cc>
Signed-off-by: Dirk Mueller <dmueller@suse.com>
Acked-by: Michael Walle <michael@walle.cc>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Jan Beulich [Tue, 31 Mar 2015 14:18:03 +0000 (15:18 +0100)]
xen: limit guest control of PCI command register
Otherwise the guest can abuse that control to cause e.g. PCIe
Unsupported Request responses (by disabling memory and/or I/O decoding
and subsequently causing [CPU side] accesses to the respective address
ranges), which (depending on system configuration) may be fatal to the
host.
This is CVE-2015-2756 / XSA-126.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Message-id: alpine.DEB.2.02.
1503311510300.7690@kaball.uk.xensource.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Stefan Hajnoczi [Thu, 9 Apr 2015 13:52:18 +0000 (14:52 +0100)]
configure: disable Archipelago by default and warn about libxseg GPLv3 license
libxseg has changed license to GPLv3. QEMU includes GPL "v2 only" code
which is not compatible with GPLv3. This means the resulting binaries
may not be redistributable!
Disable Archipelago (libxseg) by default to prevent accidental license
violations. Also warn if linking against libxseg is enabled to remind
the user.
Note that this commit does not constitute any advice about software
licensing. If you have doubts you should consult a lawyer.
Cc: Chrysostomos Nanakos <cnanakos@grnet.gr>
Suggested-by: Kevin Wolf <kwolf@redhat.com>
Reported-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Message-id:
1428587538-8765-1-git-send-email-stefanha@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Thu, 9 Apr 2015 11:05:00 +0000 (12:05 +0100)]
Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging
# gpg: Signature made Thu Apr 9 10:55:11 2015 BST using RSA key ID
81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>"
* remotes/stefanha/tags/block-pull-request:
block/iscsi: handle zero events from iscsi_which_events
aio: strengthen memory barriers for bottom half scheduling
virtio-blk: correctly dirty guest memory
qcow2: Fix header update with overridden backing file
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Wed, 8 Apr 2015 19:57:09 +0000 (20:57 +0100)]
tcg/tcg-op.c: Fix ld/st of 64 bit values on 32-bit bigendian hosts
Commit
951c6300f7 out-of-lined the 32-bit-host versions of
tcg_gen_{ld,st}_i64, but in the process it inadvertently changed
an #ifdef HOST_WORDS_BIGENDIAN to #ifdef TCG_TARGET_WORDS_BIGENDIAN.
Since the latter doesn't get defined anywhere this meant we always
took the "LE host" codepath, and stored the two halves of the value
in the wrong order on BE hosts. This typically breaks any 64-bit
guest on a 32-bit BE host completely, and will have possibly more
subtle effects even for 32-bit guests.
Switch the ifdef back to HOST_WORDS_BIGENDIAN.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Tested-by: Andreas Färber <afaerber@suse.de>
Message-id:
1428523029-13620-1-git-send-email-peter.maydell@linaro.org
Peter Lieven [Tue, 7 Apr 2015 20:08:15 +0000 (22:08 +0200)]
block/iscsi: handle zero events from iscsi_which_events
newer libiscsi versions may return zero events from iscsi_which_events.
In this case iscsi_service will return immediately without any progress.
To avoid busy waiting for iscsi_which_events to change we deregister all
read and write handlers in this case and schedule a timer to periodically
check iscsi_which_events for changed events.
Next libiscsi version will introduce async reconnects and zero events
are returned while libiscsi is waiting for a reconnect retry.
Signed-off-by: Peter Lieven <pl@kamp.de>
Message-id:
1428437295-29577-1-git-send-email-pl@kamp.de
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Paolo Bonzini [Tue, 7 Apr 2015 15:16:19 +0000 (17:16 +0200)]
aio: strengthen memory barriers for bottom half scheduling
There are two problems with memory barriers in async.c. The fix is
to use atomic_xchg in order to achieve sequential consistency between
the scheduling of a bottom half and the corresponding execution.
First, if bh->scheduled is already 1 in qemu_bh_schedule, QEMU does
not execute a memory barrier to order any writes needed by the callback
before the read of bh->scheduled. If the other side sees req->state as
THREAD_ACTIVE, the callback is not invoked and you get deadlock.
Second, the memory barrier in aio_bh_poll is too weak. Without this
patch, it is possible that bh->scheduled = 0 is not "published" until
after the callback has returned. Another thread wants to schedule the
bottom half, but it sees bh->scheduled = 1 and does nothing. This causes
a lost wakeup. The memory barrier should have been changed to smp_mb()
in commit 924fe12 (aio: fix qemu_bh_schedule() bh->ctx race condition,
2014-06-03) together with qemu_bh_schedule()'s. Guess who reviewed
that patch?
Both of these involve a store and a load, so they are reproducible on
x86_64 as well. It is however much easier on aarch64, where the
libguestfs test suite triggers the bug fairly easily. Even there the
failure can go away or appear depending on compiler optimization level,
tracing options, or even kernel debugging options.
Paul Leveille however reported how to trigger the problem within 15
minutes on x86_64 as well. His (untested) recipe, reproduced here
for reference, is the following:
1) Qcow2 (or 3) is critical – raw files alone seem to avoid the problem.
2) Use “cache=directsync” rather than the default of
“cache=none” to make it happen easier.
3) Use a server with a write-back RAID controller to allow for rapid
IO rates.
4) Run a random-access load that (mostly) writes chunks to various
files on the virtual block device.
a. I use ‘diskload.exe c:25’, a Microsoft HCT load
generator, on Windows VMs.
b. Iometer can probably be configured to generate a similar load.
5) Run multiple VMs in parallel, against the same storage device,
to shake the failure out sooner.
6) IvyBridge and Haswell processors for certain; not sure about others.
A similar patch survived over 12 hours of testing, where an unpatched
QEMU would fail within 15 minutes.
This bug is, most likely, also the cause of failures in the libguestfs
testsuite on AArch64.
Thanks to Laszlo Ersek for initially reporting this bug, to Stefan
Hajnoczi for suggesting closer examination of qemu_bh_schedule, and to
Paul for providing test input and a prototype patch.
Reported-by: Laszlo Ersek <lersek@redhat.com>
Reported-by: Paul Leveille <Paul.Leveille@stratus.com>
Reported-by: John Snow <jsnow@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id:
1428419779-26062-1-git-send-email-pbonzini@redhat.com
Suggested-by: Paul Leveille <Paul.Leveille@stratus.com>
Suggested-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Dirk Müller [Sat, 4 Apr 2015 12:24:38 +0000 (14:24 +0200)]
arm: memory: Replace memory_region_init_ram with memory_region_allocate_system_memory
Commit
0b183fc871:"memory: move mem_path handling to
memory_region_allocate_system_memory" split memory_region_init_ram and
memory_region_init_ram_from_file. Also it moved mem-path handling a step
up from memory_region_init_ram to memory_region_allocate_system_memory.
Therefore for any board that uses memory_region_init_ram directly,
-mem-path is not supported.
Fix this by replacing memory_region_init_ram with
memory_region_allocate_system_memory.
Signed-off-by: Dirk Mueller <dmueller@suse.com>
Message-id: CAL5wTH4UHYKpJF=dLJfFzxpufjY189chnCow47-ySuLf8GLbug@mail.gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Paolo Bonzini [Thu, 2 Apr 2015 17:50:44 +0000 (19:50 +0200)]
virtio-blk: correctly dirty guest memory
After qemu_iovec_destroy, the QEMUIOVector's size is zeroed and
the zero size ultimately is used to compute virtqueue_push's len
argument. Therefore, reads from virtio-blk devices did not
migrate their results correctly. (Writes were okay).
Save the size in virtio_blk_handle_request, and use it when the request
is completed.
Based on a patch by Wen Congyang.
Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Tested-by: Li Zhijian <lizhijian@cn.fujitsu.com>
Message-id:
1427997044-392-1-git-send-email-pbonzini@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Kevin Wolf [Tue, 7 Apr 2015 13:03:16 +0000 (15:03 +0200)]
qcow2: Fix header update with overridden backing file
In recent qemu versions, it is possible to override the backing file
name and format that is stored in the image file with values given at
runtime. In such cases, the temporary override could end up in the
image header if the qcow2 header was updated, while obviously correct
behaviour would be to leave the on-disk backing file path/format
unchanged.
Fix this and add a test case for it.
Reported-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id:
1428411796-2852-1-git-send-email-kwolf@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Peter Maydell [Tue, 7 Apr 2015 13:33:46 +0000 (14:33 +0100)]
Merge remote-tracking branch 'remotes/mjt/tags/pull-trivial-patches-2015-04-04' into staging
trivial patches for 2015-04-04
# gpg: Signature made Sat Apr 4 08:07:49 2015 BST using RSA key ID
A4C3D7DB
# gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>"
# gpg: aka "Michael Tokarev <mjt@corpit.ru>"
# gpg: aka "Michael Tokarev <mjt@debian.org>"
* remotes/mjt/tags/pull-trivial-patches-2015-04-04:
vhost: fix typo in vq_index description
gitignore: Ignore more .pod files.
target-tricore: Fix check which was always false
target-i386: remove superfluous TARGET_HAS_SMC macro
pcspk: Fix I/O port name
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Greg Kurz [Thu, 26 Mar 2015 11:10:29 +0000 (12:10 +0100)]
vhost: fix typo in vq_index description
Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Eric Blake [Fri, 20 Mar 2015 16:30:44 +0000 (10:30 -0600)]
gitignore: Ignore more .pod files.
kvm_stat.{1,pod} started showing up as untracked files in my
directory, and I nearly accidentally merged them into a commit
with my usual habit of 'git add .'. Rather than spelling out
each such file, just ignore the entire pattern.
Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Stefan Weil [Sat, 21 Mar 2015 13:44:58 +0000 (14:44 +0100)]
target-tricore: Fix check which was always false
With a mask value of 0x00400000, the result will never be 1.
This fixes a Coverity warning.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Emilio G. Cota [Sat, 21 Mar 2015 17:29:09 +0000 (13:29 -0400)]
target-i386: remove superfluous TARGET_HAS_SMC macro
Signed-off-by: Emilio G. Cota <cota@braap.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Jan Kiszka [Thu, 19 Mar 2015 12:08:40 +0000 (13:08 +0100)]
pcspk: Fix I/O port name
Probably a copy&paste bug. Fixing it helps identifying the device model
behind port 0x61.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Peter Maydell [Thu, 2 Apr 2015 17:02:02 +0000 (18:02 +0100)]
Update version for v2.3.0-rc2 release
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Cornelia Huck [Thu, 2 Apr 2015 15:17:45 +0000 (17:17 +0200)]
glib-compat: fix problems with not-quite glib 2.22
Commit
89b516d8b9444ece8ccabb322a9389587c7a7b83 ("glib: add
compatibility interface for g_get_monotonic_time()") aimed
at making qemu build with old glib versions. At least SLES11SP3,
however, contains a backport of g_get_monotonic_time() while
keeping the reported glib version at 2.22.
Let's work around this by a strategically placed #define.
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Message-id:
1427987865-433-2-git-send-email-cornelia.huck@de.ibm.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Thu, 2 Apr 2015 14:53:16 +0000 (15:53 +0100)]
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
Another round of small fixes. I am not including the
virtio-blk fix, because Wen only posted a prototype and the changes
I made were pretty large. It definitely needs another pair of eyes
(but it is a 2.3 regression and a blocker).
# gpg: Signature made Thu Apr 2 14:59:56 2015 BST using RSA key ID
78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini/tags/for-upstream:
Use $(MAKE) for recursive make
kvm-all: Sync dirty-bitmap from kvm before kvm destroy the corresponding dirty_bitmap
util/qemu-config: fix regression of qmp_query_command_line_options
target-i386: clear bsp bit when designating bsp
qga: fitering out -fstack-protector-strong
target-i386: save 64-bit CR3 in 64-bit SMM state save area
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Ed Maste [Wed, 1 Apr 2015 17:58:38 +0000 (13:58 -0400)]
Use $(MAKE) for recursive make
On BSDs "make" is typically BSD make, while "gmake" is GNU make.
Signed-off-by: Ed Maste <emaste@freebsd.org>
Message-Id: <
1427911118-21905-1-git-send-email-emaste@freebsd.org>
[Fix $(INSTALLER) too as reported by Fam Zheng. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
zhanghailiang [Thu, 2 Apr 2015 19:26:31 +0000 (19:26 +0000)]
kvm-all: Sync dirty-bitmap from kvm before kvm destroy the corresponding dirty_bitmap
Sometimes, we destroy the dirty_bitmap in kvm_memory_slot before any sync action
occur, this bit in dirty_bitmap will be missed, and which will lead the corresponding
dirty pages to be missed in migration.
This usually happens when do migration during VM's Start-up or Reboot.
Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
[Use s->migration_log instead of exec.c's in_migration. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Marcel Apfelbaum [Wed, 1 Apr 2015 16:47:21 +0000 (19:47 +0300)]
util/qemu-config: fix regression of qmp_query_command_line_options
Commit 49d2e64 (machine: remove qemu_machine_opts global list)
made machine options specific to machine sub-type, leaving
the qemu_machine_opts desc array empty. Sadly this is the place
qmp_query_command_line_options is looking for supported options.
As a fix for for 2.3 the machine_qemu_opts (the generic ones)
are restored only for qemu-config scope.
We need to find a better fix for 2.4.
Reported-by: Tony Krowiak <akrowiak@linux.vnet.ibm.com>
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Message-Id: <
1427906841-1576-1-git-send-email-marcel@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Nadav Amit [Wed, 1 Apr 2015 23:58:36 +0000 (02:58 +0300)]
target-i386: clear bsp bit when designating bsp
Since the BSP bit is writable on real hardware, during reset all the CPUs which
were not chosen to be the BSP should have their BSP bit cleared. This fix is
required for KVM to work correctly when it changes the BSP bit.
An additional fix is required for QEMU tcg to allow software to change the BSP
bit.
Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Message-Id: <
1427932716-11800-1-git-send-email-namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Joseph Hindin [Wed, 1 Apr 2015 16:38:57 +0000 (19:38 +0300)]
qga: fitering out -fstack-protector-strong
configure script may add -fstack-protector-strong option instead
of -fstack-protector-all, depending on availability ( see
commit
63678e17c ). Both options have to by filtered out for
qga-vss.dll, otherwise MinGW cross-compilation fails at linking
stage.
Signed-off-by: Joseph Hindin <jhindin@daynix.com>
Message-Id: <
1427906337-20805-2-git-send-email-jhindin@daynix.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Thu, 2 Apr 2015 12:13:55 +0000 (14:13 +0200)]
target-i386: save 64-bit CR3 in 64-bit SMM state save area
The x86_64 CR3 register is 64 bits wide, save all of them!
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Peter Maydell [Thu, 2 Apr 2015 13:36:57 +0000 (14:36 +0100)]
Merge remote-tracking branch 'remotes/armbru/tags/pull-hw-2015-04-02' into staging
hw: Contain drive, serial, parallel, net misuse
# gpg: Signature made Thu Apr 2 14:32:00 2015 BST using RSA key ID
EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg: aka "Markus Armbruster <armbru@pond.sub.org>"
* remotes/armbru/tags/pull-hw-2015-04-02:
sysbus: Make devices picking up backends unavailable with -device
sdhci: Make device "sdhci-pci" unavailable with -device
hw: Mark device misusing nd_table[] FIXME
hw: Mark devices picking up char backends actively FIXME
hw: Mark devices picking up block backends actively FIXME
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Markus Armbruster [Mon, 23 Mar 2015 18:34:40 +0000 (19:34 +0100)]
sysbus: Make devices picking up backends unavailable with -device
Device models aren't supposed to go on fishing expeditions for
backends. They should expose suitable properties for the user to set.
For onboard devices, board code sets them.
A number of sysbus devices pick up block backends in their init() /
instance_init() methods with drive_get_next() instead: sl-nand,
milkymist-memcard, pl181, generic-sdhci.
Likewise, a number of sysbus devices pick up character backends in
their init() / realize() methods with qemu_char_get_next_serial():
cadence_uart, digic-uart, etraxfs,serial, lm32-juart, lm32-uart,
milkymist-uart, pl011, stm32f2xx-usart, xlnx.xps-uartlite.
All these mistakes are already marked FIXME. See the commit that
added these FIXMEs for a more detailed explanation of what's wrong.
Fortunately, only machines ppce500 and pseries-* support -device with
sysbus devices, and none of the devices above is supported with these
machines.
Set cannot_instantiate_with_device_add_yet to preserve our luck.
Cc: Andrzej Zaborowski <balrogg@gmail.com>
Cc: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Cc: Antony Pavlov <antonynpavlov@gmail.com>
Cc: "Edgar E. Iglesias" <edgar.iglesias@gmail.com>
Cc: Michael Walle <michael@walle.cc>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Markus Armbruster [Mon, 23 Mar 2015 18:22:10 +0000 (19:22 +0100)]
sdhci: Make device "sdhci-pci" unavailable with -device
Device models aren't supposed to go on fishing expeditions for
backends. They should expose suitable properties for the user to set.
For onboard devices, board code sets them.
"sdhci-pci" picks up its block backend in its realize() method with
drive_get_next() instead. Already marked FIXME. See the commit that
added the FIXME for a more detailed explanation of what's wrong.
We can't fix this in time for the release, but since the device is new
in 2.3, we can set cannot_instantiate_with_device_add_yet to disable
it before this mistake becomes ABI, and we have to support command
lines like
$ qemu -drive if=sd -drive if=sd,file=sd.img -device sdhci-pci -device sdhci-pci
forever.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Markus Armbruster [Wed, 25 Mar 2015 10:35:25 +0000 (11:35 +0100)]
hw: Mark device misusing nd_table[] FIXME
NICs defined with -net nic are for board initialization to wire up.
Board code examines nd_table[] to find them, and creates devices with
their qdev NIC properties set accordingly.
Except "allwinner-a10" goes on a fishing expedition for NIC
configuration instead of exposing the usual NIC properties for board
code to set: it uses nd_table[0] in its instance_init() method.
Picking up the first -net nic option's configuration that way works
when the device is created by board code. But it's inappropriate for
-device and device_add. Not only is it inconsistent with how the
other block device models work (they get their configuration from
properties "mac", "vlan", "netdev"), it breaks when nd_table[0] has
been picked up by the board or a previous -device / device_add
already.
Example:
$ qemu-system-arm -S -M cubieboard -device allwinner-a10
qemu-system-arm: -device allwinner-a10: Property 'allwinner-emac.netdev' can't take value 'hub0port0', it's in use
Aborted (core dumped)
It also breaks in other entertaining ways:
$ qemu-system-arm -M highbank -device allwinner-a10
qemu-system-arm: -device allwinner-a10: Unsupported NIC model: xgmac
$ qemu-system-arm -M highbank -net nic,model=allwinner-emac -device allwinner-a10
qemu-system-arm: Unsupported NIC model: allwinner-emac
Mark the mistake with a FIXME comment.
Cc: Li Guang <lig.fnst@cn.fujitsu.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Markus Armbruster [Wed, 25 Mar 2015 08:29:20 +0000 (09:29 +0100)]
hw: Mark devices picking up char backends actively FIXME
Character devices defined with -serial and -parallel are for board
initialization to wire up. Board code examines serial_hds[] and
parallel_hds[] to find them, and creates devices with their qdev
chardev properties set accordingly.
Except a few devices go on a fishing expedition for a suitable backend
instead of exposing a chardev property for board code to set: they use
serial_hds[] (often via qemu_char_get_next_serial()) or parallel_hds[]
in their realize() or init() method to connect to a backend.
Picking up backends that way works when the devices are created by
board code. But it's inappropriate for -device or device_add. Not
only is it inconsistent with how the other characrer device models
work (they connect to a backend explicitly identified by a "chardev"
property), it breaks when the backend has been picked up by the board
or a previous -device / device_add already.
Example:
$ qemu-system-ppc64 -M bamboo -S -device i82378 -device pc87312 -device pc87312
qemu-system-ppc64: -device pc87312: Property 'isa-parallel.chardev' can't take value 'parallel0', it's in use
Mark them with suitable FIXME comments.
Cc: Li Guang <lig.fnst@cn.fujitsu.com>
Cc: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Cc: Antony Pavlov <antonynpavlov@gmail.com>
Cc: "Edgar E. Iglesias" <edgar.iglesias@gmail.com>
Cc: Michael Walle <michael@walle.cc>
Cc: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Cc: "Andreas Färber" <andreas.faerber@web.de>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Markus Armbruster [Mon, 23 Mar 2015 18:03:13 +0000 (19:03 +0100)]
hw: Mark devices picking up block backends actively FIXME
Drives defined with if!=none are for board initialization to wire up.
Board code calls drive_get() or similar to find them, and creates
devices with their qdev drive properties set accordingly.
Except a few devices go on a fishing expedition for a suitable backend
instead of exposing a drive property for board code to set: they call
driver_get() or drive_get_next() in their realize() or init() method
to implicitly connect to the "next" backend with a certain interface
type.
Picking up backends that way works when the devices are created by
board code. But it's inappropriate for -device or device_add. Not
only is this inconsistent with how the other block device models work
(they connect to a backend explicitly identified by a "drive"
property), it breaks when the "next" backend has been picked up by the
board already.
Example:
$ qemu-system-arm -S -M connex -pflash flash.img -device ssi-sd
Aborted (core dumped)
Mark them with suitable FIXME comments.
Cc: Andrzej Zaborowski <balrogg@gmail.com>
Cc: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Cc: "Andreas Färber" <andreas.faerber@web.de>
Cc: Michael Walle <michael@walle.cc>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Peter Maydell [Thu, 2 Apr 2015 09:52:14 +0000 (10:52 +0100)]
hw/arm/vexpress: Don't double-free flash filename
Commits
6e05a12f8f7f and
db25a1581 both attempt to fix the
same "failed to free memory containing flash filename" bug,
with the effect that when they were both applied we ended
up freeing the memory twice. Delete the spurious extra free.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Message-id:
1427968334-14527-1-git-send-email-peter.maydell@linaro.org
Shannon Zhao [Thu, 2 Apr 2015 03:07:06 +0000 (11:07 +0800)]
hw/arm/virt: Fix corruption due to double free
As 4de9a88(hw/arm/virt: Fix memory leak reported by Coverity)
and 6e05a12(arm: fix memory leak) both handle the memory leak
reported by Coverity, this cause qemu corruption due to
double free.
Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Message-id:
1427944026-8968-1-git-send-email-zhaoshenglong@huawei.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Wed, 1 Apr 2015 17:13:21 +0000 (18:13 +0100)]
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-
20150401' into staging
target-arm:
* Fix broken migration on AArch64 KVM
* Fix minor memory leaks in virt, vexpress, highbank
* Honour requested filename when loading highbank rom image
# gpg: Signature made Wed Apr 1 18:06:09 2015 BST using RSA key ID
14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
* remotes/pmaydell/tags/pull-target-arm-
20150401:
target-arm: kvm64 fix save/restore of SPSR regs
target-arm: kvm64 sync FP register state
hw/intc: arm_gic_kvm.c restore config first
target-arm: kvm: save/restore mp state
target-arm: Store SPSR_EL1 state in banked_spsr[1] (SPSR_svc)
hw/arm/virt: Fix memory leak reported by Coverity
hw/arm/vexpress: Fix memory leak reported by Coverity
hw/arm/highbank: Fix resource leak and wrong image loading
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alex Bennée [Wed, 1 Apr 2015 16:57:30 +0000 (17:57 +0100)]
target-arm: kvm64 fix save/restore of SPSR regs
The current code was negatively indexing the cpu state array and not
synchronizing banked spsr register state with the current mode's spsr
state, causing occasional failures with migration.
Some munging is done to take care of the aarch64 mapping and also to
ensure the most current value of the spsr is updated to the banked
registers (relevant for KVM<->TCG migration).
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alex Bennée [Wed, 1 Apr 2015 16:57:30 +0000 (17:57 +0100)]
target-arm: kvm64 sync FP register state
For migration to work we need to sync all of the register state. This is
especially noticeable when GCC starts using FP registers as spill
registers even with integer programs.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alex Bennée [Wed, 1 Apr 2015 16:57:30 +0000 (17:57 +0100)]
hw/intc: arm_gic_kvm.c restore config first
As there is logic to deal with the difference between edge and level
triggered interrupts in the kernel we must ensure it knows the
configuration of the IRQs before we restore the pending state.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Acked-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alex Bennée [Wed, 1 Apr 2015 16:57:30 +0000 (17:57 +0100)]
target-arm: kvm: save/restore mp state
This adds the saving and restore of the current Multi-Processing state
of the machine. While the KVM_GET/SET_MP_STATE API exposes a number of
potential states for x86 we only use two for ARM. Either the process is
running or not. We then save this state into the cpu_powered TCG state
to avoid changing the serialisation format.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Wed, 1 Apr 2015 16:57:29 +0000 (17:57 +0100)]
target-arm: Store SPSR_EL1 state in banked_spsr[1] (SPSR_svc)
The AArch64 SPSR_EL1 register is architecturally mandated to
be mapped to the AArch32 SPSR_svc register. This means its
state should live in QEMU's env->banked_spsr[1] field.
Correct the various places in the code that incorrectly
put it in banked_spsr[0].
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Stefan Weil [Wed, 1 Apr 2015 16:57:29 +0000 (17:57 +0100)]
hw/arm/virt: Fix memory leak reported by Coverity
As the conditional statement had to be split anyway, we can also
add a better error report message.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Message-id:
1426877982-3603-1-git-send-email-sw@weilnetz.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Stefan Weil [Wed, 1 Apr 2015 16:57:29 +0000 (17:57 +0100)]
hw/arm/vexpress: Fix memory leak reported by Coverity
As the conditional statement had to be split anyway, we can also
add a better error report message.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Message-id:
1426877963-3556-1-git-send-email-sw@weilnetz.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Stefan Weil [Wed, 1 Apr 2015 16:57:29 +0000 (17:57 +0100)]
hw/arm/highbank: Fix resource leak and wrong image loading
Coverity reports a resource leak for sysboot_filename which is allocated
by qemu_find_file.
In addition, that name is used to get the size of the image, but a
different image name was used to load it.
In addition, instead of passing the maximum allowed image size the actual
image size was passed to load_image_targphys.
Fix all three issues.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Message-id:
1426326781-2488-1-git-send-email-sw@weilnetz.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Wed, 1 Apr 2015 16:18:51 +0000 (17:18 +0100)]
Merge remote-tracking branch 'remotes/kraxel/tags/pull-cve-2015-1779-
20150401-2' into staging
vnc: fix websocket security issues (cve-2015-1779).
# gpg: Signature made Wed Apr 1 16:14:34 2015 BST using RSA key ID
D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
* remotes/kraxel/tags/pull-cve-2015-1779-
20150401-2:
CVE-2015-1779: limit size of HTTP headers from websockets clients
CVE-2015-1779: incrementally decode websocket frames
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Daniel P. Berrange [Mon, 23 Mar 2015 22:58:22 +0000 (22:58 +0000)]
CVE-2015-1779: limit size of HTTP headers from websockets clients
The VNC server websockets decoder will read and buffer data from
websockets clients until it sees the end of the HTTP headers,
as indicated by \r\n\r\n. In theory this allows a malicious to
trick QEMU into consuming an arbitrary amount of RAM. In practice,
because QEMU runs g_strstr_len() across the buffered header data,
it will spend increasingly long burning CPU time searching for
the substring match and less & less time reading data. So while
this does cause arbitrary memory growth, the bigger problem is
that QEMU will be burning 100% of available CPU time.
A novnc websockets client typically sends headers of around
512 bytes in length. As such it is reasonable to place a 4096
byte limit on the amount of data buffered while searching for
the end of HTTP headers.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Daniel P. Berrange [Mon, 23 Mar 2015 22:58:21 +0000 (22:58 +0000)]
CVE-2015-1779: incrementally decode websocket frames
The logic for decoding websocket frames wants to fully
decode the frame header and payload, before allowing the
VNC server to see any of the payload data. There is no
size limit on websocket payloads, so this allows a
malicious network client to consume 2^64 bytes in memory
in QEMU. It can trigger this denial of service before
the VNC server even performs any authentication.
The fix is to decode the header, and then incrementally
decode the payload data as it is needed. With this fix
the websocket decoder will allow at most 4k of data to
be buffered before decoding and processing payload.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
[ kraxel: fix frequent spurious disconnects, suggested by Peter Maydell ]
@@ -361,7 +361,7 @@ int vncws_decode_frame_payload(Buffer *input,
- *payload_size = input->offset;
+ *payload_size = *payload_remain;
[ kraxel: fix 32bit build ]
@@ -306,7 +306,7 @@ struct VncState
- uint64_t ws_payload_remain;
+ size_t ws_payload_remain;
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Peter Maydell [Wed, 1 Apr 2015 10:31:31 +0000 (11:31 +0100)]
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
Fix for object_del of in-use memory, pvpanic
regression, PPC regression and bogus error message with
Oxygen theme.
# gpg: Signature made Wed Apr 1 09:08:20 2015 BST using RSA key ID
78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini/tags/for-upstream:
Revert "exec: Respect as_tranlsate_internal length clamp"
rcu: do not create thread in pthread_atfork callback
pc: acpi: fix pvpanic regression
hostmem: Prevent removing an in-use memory backend
qom: Add can_be_deleted callback to UserCreatableClass
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Paolo Bonzini [Wed, 1 Apr 2015 07:57:45 +0000 (09:57 +0200)]
Revert "exec: Respect as_tranlsate_internal length clamp"
This reverts commit
c3c1bb99d1c11978d9ce94d1bdcf0705378c1459.
It causes problems with boards that declare memory regions shorter
than the registers they contain.
Reported-by: Zoltan Balaton <balaton@eik.bme.hu>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Tue, 31 Mar 2015 11:01:05 +0000 (13:01 +0200)]
rcu: do not create thread in pthread_atfork callback
If QEMU forks after the CPU threads have been created, qemu_mutex_lock_iothread
will not be able to do qemu_cpu_kick_thread. There is no solution other than
assuming that forks after the CPU threads have been created will end up in an
exec. Forks before the CPU threads have been created (such as -daemonize)
have to call rcu_after_fork manually.
Notably, the oxygen theme for GTK+ forks and shows a "No such process" error
without this patch.
This patch can be reverted once the iothread loses the "kick the TCG thread"
magic.
User-mode emulation does not use the iothread, so it can also call
rcu_after_fork.
Reported by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Tested by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Igor Mammedov [Mon, 30 Mar 2015 12:18:27 +0000 (14:18 +0200)]
pc: acpi: fix pvpanic regression
Commit cd61cb2 pc: acpi-build: generate pvpanic device description dynamically
introduced regression changing pvpanic device HID from
QEMU0001 to QEMU0002.
Fix AML generated code so that pvpanic device
would keep its original HID. i.e. QEMU0001
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reported-by: Gal Hammer <ghammer@redhat.com>
Message-Id: <
1427717907-25027-1-git-send-email-imammedo@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Lin Ma [Mon, 30 Mar 2015 08:36:29 +0000 (16:36 +0800)]
hostmem: Prevent removing an in-use memory backend
showing a memory device whose memdev is removed leads an assert:
(qemu) object_add memory-backend-ram,id=ram0,size=128M
(qemu) device_add pc-dimm,id=d0,memdev=ram0
(qemu) object_del ram0
(qemu) info memory-devices
**
ERROR:qom/object.c:1274:object_get_canonical_path_component:\
assertion failed: (obj->parent != NULL)
Aborted
The patch prevents removing an in-use mem backend and error out.
Signed-off-by: Lin Ma <lma@suse.com>
Message-Id: <
1427704589-7688-3-git-send-email-lma@suse.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Lin Ma [Mon, 30 Mar 2015 08:36:28 +0000 (16:36 +0800)]
qom: Add can_be_deleted callback to UserCreatableClass
If backends implement the can_be_deleted and it returns false,
Then the qmp_object_del won't delete the given backends.
Signed-off-by: Lin Ma <lma@suse.com>
Message-Id: <
1427704589-7688-2-git-send-email-lma@suse.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Peter Maydell [Tue, 31 Mar 2015 11:12:22 +0000 (12:12 +0100)]
Merge remote-tracking branch 'remotes/afaerber/tags/qom-devices-for-peter' into staging
QOM infrastructure fixes and device conversions
* Fix for adding alias properties with [*]
# gpg: Signature made Tue Mar 31 11:59:00 2015 BST using RSA key ID
3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg: aka "Andreas Färber <afaerber@suse.com>"
* remotes/afaerber/tags/qom-devices-for-peter:
qom: Fix object_property_add_alias() with [*]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Andreas Färber [Fri, 27 Mar 2015 16:34:10 +0000 (17:34 +0100)]
qom: Fix object_property_add_alias() with [*]
Commit 8074264 (qom: Add description field in ObjectProperty struct)
introduced property descriptions and copied them for alias properties.
Instead of using the caller-supplied property name, use the returned
property name for setting the description. This avoids an Error when
setting a property description for a property with literal "[*]" that
doesn't exist due to automatic property naming in object_property_add().
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: qemu-stable@nongnu.org (v2.2+)
Signed-off-by: Andreas Färber <afaerber@suse.de>
Peter Maydell [Tue, 31 Mar 2015 09:55:33 +0000 (10:55 +0100)]
Merge remote-tracking branch 'remotes/afaerber/tags/qtest-for-2.3' into staging
QTest cleanups
* Change fw_cfg-test and i440fx-test GTester paths
* Extend libqtest API as necessary
# gpg: Signature made Mon Mar 30 18:29:39 2015 BST using RSA key ID
3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg: aka "Andreas Färber <afaerber@suse.com>"
* remotes/afaerber/tags/qtest-for-2.3:
i440fx-test: Fix test paths to include architecture
qtest: Add qtest_add() wrapper macro
qtest: Add qtest_add_data_func() wrapper function
fw_cfg-test: Fix test path to include architecture
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 31 Mar 2015 08:56:48 +0000 (09:56 +0100)]
Merge remote-tracking branch 'remotes/bkoppelmann/tags/pull-tricore-
20150330' into staging
TriCore bugfixes
# gpg: Signature made Mon Mar 30 12:40:50 2015 BST using RSA key ID
6B69CA14
# gpg: Good signature from "Bastian Koppelmann <kbastian@mail.uni-paderborn.de>"
* remotes/bkoppelmann/tags/pull-tricore-
20150330:
target-tricore: fix CACHEA/I_POSTINC/PREINC using data register..
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Mon, 30 Mar 2015 21:55:51 +0000 (22:55 +0100)]
Merge remote-tracking branch 'remotes/cohuck/tags/s390x-
20150330' into staging
s390x fixes:
- virtqueue index issues in virtio-ccw
- cleanup and sign extension fix for the ipl device
# gpg: Signature made Mon Mar 30 08:52:54 2015 BST using RSA key ID
C6F02FAF
# gpg: Good signature from "Cornelia Huck <huckc@linux.vnet.ibm.com>"
# gpg: aka "Cornelia Huck <cornelia.huck@de.ibm.com>"
* remotes/cohuck/tags/s390x-
20150330:
s390x/ipl: avoid sign extension
s390x: do not include ram_addr.h
virtio-ccw: range check in READ_VQ_CONF
virtio-ccw: fix range check for SET_VQ
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Andreas Färber [Tue, 24 Mar 2015 18:35:22 +0000 (19:35 +0100)]
i440fx-test: Fix test paths to include architecture
Replace g_test_add_func() with new qtest_add_func() and g_test_add()
macro with qtest_add() macro. This effectively changes GTester paths:
/i440fx/foo -> /x86_64/i440fx/foo etc.
Cc: qemu-stable@nongnu.org
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Andreas Färber [Wed, 25 Mar 2015 15:52:45 +0000 (16:52 +0100)]
qtest: Add qtest_add() wrapper macro
It extends g_test_add() macro with the architecture path.
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Andreas Färber [Tue, 24 Mar 2015 18:33:34 +0000 (19:33 +0100)]
qtest: Add qtest_add_data_func() wrapper function
It calls g_test_add_data_func() with a path supplemented by the
architecture, like qtest_add_func() does.
Reviewed-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Andreas Färber [Thu, 19 Mar 2015 17:35:23 +0000 (18:35 +0100)]
fw_cfg-test: Fix test path to include architecture
Use qtest_add_func() instead of g_test_add_func() to reflect
the architecture tested, changing GTester paths as follows:
/fw_cfg/foo -> /x86_64/fw_cfg/foo etc.
Cc: qemu-stable@nongnu.org
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Bastian Koppelmann [Fri, 27 Mar 2015 13:55:22 +0000 (14:55 +0100)]
target-tricore: fix CACHEA/I_POSTINC/PREINC using data register..
..for address calculation instead address registers.
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Cornelia Huck [Thu, 26 Mar 2015 09:41:45 +0000 (10:41 +0100)]
s390x/ipl: avoid sign extension
Make s390_update_iplstate() return uint32_t to avoid sign extensions
for cssids > 127. While this doesn't matter in practice yet (as
nobody supports MCSS-E and thus won't see the real cssid), play safe.
Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Jason J. Herne <jjherne@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
projects / sdk / emulator / qemu.git / log