sdk/emulator/qemu.git
12 years agoqemu: Use valgrind annotations to mark kvm guest memory as defined
Christian Borntraeger [Fri, 10 Aug 2012 13:11:45 +0000 (15:11 +0200)]
qemu: Use valgrind annotations to mark kvm guest memory as defined

valgrind with kvm produces a big amount of false positives regarding
"Conditional jump or move depends on uninitialised value(s)". This
happens because the guest memory is allocated with qemu_vmalloc which
boils down posix_memalign etc. This function is (correctly) considered
by valgrind as returning undefined memory.

Since valgrind is based on jitting code, it will not be able to see
changes made by the guest to guest memory if this is done by KVM_RUN,
thus keeping most of the guest memory undefined.

Now lots of places in qemu will then use guest memory to change behaviour.
To avoid the flood of these messages, lets declare the whole guest
memory as defined. This will reduce the noise and allows us to see real
problems.

In the future we might want to make this conditional, since there
is actually something that we can use those false positives for:
These messages will point to code that depends on guest memory, so
we can use these backtraces to actually make an audit that is focussed
only at those code places. For normal development we dont want to
see those messages, though.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
12 years agomusicpal: Fix flash mapping
Jan Kiszka [Sat, 8 Sep 2012 09:52:39 +0000 (11:52 +0200)]
musicpal: Fix flash mapping

The old arithmetic assumed 32 physical address bits which is no longer
true for ARM since 3cc0cd61f4.

Signed-off-by: Jan Kiszka <jan.kiszka@web.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
12 years agoAdd MAINTAINERS entry for leon3
Fabien Chouteau [Tue, 22 May 2012 08:14:28 +0000 (10:14 +0200)]
Add MAINTAINERS entry for leon3

Signed-off-by: Fabien Chouteau <chouteau@adacore.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
12 years agotarget-sparc: fix fcmp{s,d,q} instructions wrt exception
Aurelien Jarno [Fri, 7 Sep 2012 15:13:28 +0000 (17:13 +0200)]
target-sparc: fix fcmp{s,d,q} instructions wrt exception

fcmp{s,d,q} instructions are supposed to ignore quiet NaN (contrary to
the fcmpe{s,d,q} instructions), but the current code is wrongly setting
the NV exception in that case. Moreover the current code is duplicated:
first the arguments are checked for NaN to generate an exception, and
later in case the comparison is unordered (which can only happens if one
of the argument is a NaN), the same check is done to generate an
exception.

Fix that by calling clear_float_exceptions() followed by
check_ieee_exceptions() as for the other floating point instructions.
Use the _compare_quiet functions for fcmp{s,d,q} and the _compare ones
for fcmpe{s,d,q}. Simplify the flag setting by not clearing a flag that
is set the line just below.

This fix allows the math glibc testsuite to pass.

Cc: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
12 years agotarget-xtensa: fix missing errno codes for mingw32
Max Filippov [Thu, 6 Sep 2012 00:36:46 +0000 (04:36 +0400)]
target-xtensa: fix missing errno codes for mingw32

Put the following errno value mappings under #ifdef:

xtensa-semi.c: In function 'errno_h2g':
xtensa-semi.c:113: error: 'ENOTBLK' undeclared (first use in this function)
xtensa-semi.c:113: error: (Each undeclared identifier is reported only once
xtensa-semi.c:113: error: for each function it appears in.)
xtensa-semi.c:113: error: array index in initializer not of integer type
xtensa-semi.c:113: error: (near initialization for 'guest_errno')
xtensa-semi.c:124: error: 'ETXTBSY' undeclared (first use in this function)
xtensa-semi.c:124: error: array index in initializer not of integer type
xtensa-semi.c:124: error: (near initialization for 'guest_errno')
xtensa-semi.c:134: error: 'ELOOP' undeclared (first use in this function)
xtensa-semi.c:134: error: array index in initializer not of integer type
xtensa-semi.c:134: error: (near initialization for 'guest_errno')

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
12 years agotarget-cris: Fix buffer overflow
Stefan Weil [Fri, 7 Sep 2012 20:36:08 +0000 (22:36 +0200)]
target-cris: Fix buffer overflow

Report from smatch:

target-cris/translate.c:3464 cpu_dump_state(32) error:
 buffer overflow 'env->sregs' 4 <= 255

sregs is declared 'uint32_t sregs[4][16]', so the first index must be
less than 4 or ARRAY_SIZE(env->sregs).

Signed-off-by: Stefan Weil <sw@weilnetz.de>
12 years agoMIPS/user: Fix reset CPU state initialization
Maciej W. Rozycki [Fri, 8 Jun 2012 01:04:40 +0000 (02:04 +0100)]
MIPS/user: Fix reset CPU state initialization

 This change updates the CPU reset sequence to use a common piece of code
that figures out CPU state flags, fixing the problem with MIPS_HFLAG_COP1X
not being set where applicable that causes floating-point MADD family
instructions (and other instructions from the MIPS IV FP subset) to trap.

 As compute_hflags is now shared between op_helper.c and translate.c, the
function is now moved to a common header.  There are no changes to this
function.

 The problem was seen with the 24Kf MIPS32r2 processor in user emulation.
The new approach prevents system and user emulation from diverging -- all
the hflags state is initialized in one place now.

Signed-off-by: Maciej W. Rozycki <macro@codesourcery.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
12 years agolan9118: fix multicast filtering
Aurelien Jarno [Sun, 10 Jun 2012 21:18:44 +0000 (23:18 +0200)]
lan9118: fix multicast filtering

The lan9118 emulation tries to compute the multicast index by calling
directly the crc32() function from zlib, but fails to get the correct
result.

Use the common compute_mcast_idx() function instead, which gives the
correct result. This fixes IPv6 support.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
12 years agofix entry pointer for ELF kernels loaded with -kernel option
Henning Schild [Wed, 5 Sep 2012 12:56:39 +0000 (14:56 +0200)]
fix entry pointer for ELF kernels loaded with -kernel option

 Find a hopefully proper patch attached. Take it or leave it.

Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Henning Schild <henning@hennsch.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
12 years agohw/pl110: Fix spelling of 'palette'
Peter Maydell [Mon, 27 Aug 2012 11:32:36 +0000 (12:32 +0100)]
hw/pl110: Fix spelling of 'palette'

Fix the spelling of 'palette' used in various local variables,
structure members and comments.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
12 years agotarget-xtensa: convert host errno values to guest
Max Filippov [Wed, 29 Aug 2012 19:54:25 +0000 (23:54 +0400)]
target-xtensa: convert host errno values to guest

Guest errno values are taken from the newlib. Convert only those errno
values that can be returned from used system calls.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
12 years agoCHECKPATCH: Add warning for single else statement.
Don Slutz [Sun, 2 Sep 2012 23:22:38 +0000 (19:22 -0400)]
CHECKPATCH: Add warning for single else statement.

For an example:

WARNING: braces {} are necessary even for single statement blocks
+    } else
+        return env->regs[R_EAX];

total: 0 errors, 1 warnings, 41 lines checked
Signed-off-by: Don Slutz <Don@CloudSwitch.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
12 years agoCHECKPATCH: Add --debug adv_apw
Don Slutz [Sun, 2 Sep 2012 23:22:37 +0000 (19:22 -0400)]
CHECKPATCH: Add --debug adv_apw

Add debug options to find this issue.  They were not listed
in the help because the are not simple to understand the output of.

Signed-off-by: Don Slutz <Don@CloudSwitch.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
12 years agoCHECKPATCH: Add --debug adv_checking
Don Slutz [Sun, 2 Sep 2012 23:22:36 +0000 (19:22 -0400)]
CHECKPATCH: Add --debug adv_checking

Add debug options to find this issue.  They were not listed
in the help because the are not simple to understand the output of.

Signed-off-by: Don Slutz <Don@CloudSwitch.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
12 years agoCHECKPATCH: Add --debug adv_dcs
Don Slutz [Sun, 2 Sep 2012 23:22:35 +0000 (19:22 -0400)]
CHECKPATCH: Add --debug adv_dcs

Add debug options to find this issue.  They were not listed
in the help because the are not simple to understand the output of.

Signed-off-by: Don Slutz <Don@CloudSwitch.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
12 years agoOpen up 1.3 development tree
Anthony Liguori [Wed, 5 Sep 2012 16:44:53 +0000 (11:44 -0500)]
Open up 1.3 development tree

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
12 years agoUpdate version for 1.2.0
Anthony Liguori [Wed, 5 Sep 2012 12:50:01 +0000 (07:50 -0500)]
Update version for 1.2.0

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
12 years agoconsole: bounds check whenever changing the cursor due to an escape code
Ian Campbell [Tue, 4 Sep 2012 15:26:09 +0000 (10:26 -0500)]
console: bounds check whenever changing the cursor due to an escape code

This is XSA-17 / CVE-2012-3515

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
12 years agoqemu-timer: properly arm alarm timer for timers set by device initialization
Paolo Bonzini [Mon, 3 Sep 2012 15:34:32 +0000 (17:34 +0200)]
qemu-timer: properly arm alarm timer for timers set by device initialization

QEMU will hang when fed the following command-line

  qemu-system-mips -kernel vmlinux-2.6.32-5-4kc-malta -append "console=ttyS0" -nographic -net none

The -net none is important otherwise it seems some events are generated
causing the things to work. When it doesn't work, the guest hangs when
measuring the CPU frequency, after the following line:

  [    0.000000] NR_IRQS:256

Pressing a key on the serial port unblocks it, hinting that the problem
is due to the recent elimination of the 1 second timeout in the main
loop.

The problem is that because init_timer_alarm sets the timer's pending
flag to true, the alarm timer is never armed until after the first time
through the main loop.  Thus the bug started when QEMU started testing
the pending flag in qemu_mod_timer (commit 1828be3, more alarm timer
cleanup, 2010-03-10).

But actually, it isn't true at all that a timer is pending when the
alarm timer is created, and the real bug has been latent forever: the
fix is to remove the bogus setting of pending flag.

Reported-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Jan Kiszka <jan.kiszka@siemens.com>
Tested-by: Aurelien Jarno <aurelien@aurel32.net>
Tested-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
12 years agotarget-xtensa: return ENOSYS for unimplemented simcalls
Max Filippov [Wed, 22 Aug 2012 18:03:35 +0000 (22:03 +0400)]
target-xtensa: return ENOSYS for unimplemented simcalls

This prevents guest from proceeding with uninitialised garbage returned
from unimplemented simcalls.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
12 years agoUpdate version to 1.2.0-rc3
Anthony Liguori [Fri, 31 Aug 2012 15:50:46 +0000 (10:50 -0500)]
Update version to 1.2.0-rc3

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
12 years agoconsole: Fix warning from clang (and potential crash)
Stefan Weil [Fri, 17 Aug 2012 13:50:44 +0000 (15:50 +0200)]
console: Fix warning from clang (and potential crash)

ccc-analyzer reports this warning:

console.c:1090:29: warning: Dereference of null pointer
        if (active_console->cursor_timer) {
                            ^

Function console_select allows active_console to be NULL,
but would crash when accessing cursor_timer. Fix this.

Reviewed-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
12 years agoMerge remote-tracking branch 'kraxel/usb.61' into staging
Anthony Liguori [Fri, 31 Aug 2012 15:04:54 +0000 (10:04 -0500)]
Merge remote-tracking branch 'kraxel/usb.61' into staging

* kraxel/usb.61:
  uas: move transfer kickoff
  ehci: Fix interrupt endpoints no longer working
  ehci: handle TD deactivation of inflight packets
  ehci: add ehci_cancel_queue()
  ehci: simplify ehci_state_executing
  ehci: Remove unnecessary ehci_flush_qh call
  ehci: Schedule async-bh when IAAD bit gets set
  ehci: Fix NULL ptr deref when unplugging an USB dev with an iso stream active
  usb: unique packet ids
  usb: Halt ep queue en cancel pending packets on a packet error
  fix info qtree indention

12 years agoMerge remote-tracking branch 'kwolf/for-anthony' into staging
Anthony Liguori [Fri, 31 Aug 2012 15:04:18 +0000 (10:04 -0500)]
Merge remote-tracking branch 'kwolf/for-anthony' into staging

* kwolf/for-anthony:
  qemu-iotests: add backing file smaller than image test case
  stream: complete early if end of backing file is reached
  qed: refuse unaligned zero writes with a backing file

12 years agouas: move transfer kickoff
Gerd Hoffmann [Fri, 31 Aug 2012 12:34:19 +0000 (14:34 +0200)]
uas: move transfer kickoff

Kick next scsi transfer from request release callback instead of command
completion callback, otherwise we might get stuck in case scsi_req_unref()
doesn't release the request instantly due to someone else holding a
reference too.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
12 years agoehci: Fix interrupt endpoints no longer working
Hans de Goede [Thu, 30 Aug 2012 09:20:51 +0000 (11:20 +0200)]
ehci: Fix interrupt endpoints no longer working

One of the recent changes (likely the addition of queuing support) has broken
interrupt endpoints, this patch fixes this.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
12 years agoehci: handle TD deactivation of inflight packets
Gerd Hoffmann [Tue, 21 Aug 2012 12:03:09 +0000 (14:03 +0200)]
ehci: handle TD deactivation of inflight packets

Check the TDs of inflight packets, cancel
packets in case the guest clears the active bit.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
12 years agoehci: add ehci_cancel_queue()
Gerd Hoffmann [Tue, 21 Aug 2012 11:58:40 +0000 (13:58 +0200)]
ehci: add ehci_cancel_queue()

Factor out function to cancel all packets of a queue.
No behavior change.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
12 years agoehci: simplify ehci_state_executing
Hans de Goede [Fri, 17 Aug 2012 09:39:17 +0000 (11:39 +0200)]
ehci: simplify ehci_state_executing

ehci_state_executing does not need to check for p->usb_status == USB_RET_ASYNC
or USB_RET_PROCERR, since ehci_execute_complete already does a similar check
and will trigger an assert if either value is encountered.

USB_RET_ASYNC should never be the packet status when execute_complete runs
for obvious reasons, and USB_RET_PROCERR is only used by ehci_state_execute /
ehci_execute not by ehci_state_executing / ehci_execute_complete.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
12 years agoehci: Remove unnecessary ehci_flush_qh call
Hans de Goede [Thu, 16 Aug 2012 13:47:29 +0000 (15:47 +0200)]
ehci: Remove unnecessary ehci_flush_qh call

ehci_qh_do_overlay() already calls ehci_flush_qh() before it returns, calling
it twice is useless.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
12 years agoehci: Schedule async-bh when IAAD bit gets set
Hans de Goede [Thu, 30 Aug 2012 07:55:19 +0000 (09:55 +0200)]
ehci: Schedule async-bh when IAAD bit gets set

After the "ehci: Print a warning when a queue unexpectedly contains packets
on cancel" commit. Under certain reproducable conditions I was getting the
following message: "EHCI: Warning queue not empty on queue reset".

After aprox. 8 hours of debugging I've finally found the cause. The Linux EHCI
driver has an IAAD watchdog, to work around certain EHCI hardware sometimes
not acknowledging the doorbell at all. This watchdog has a timeout of 10 ms,
which is less then the time between 2 runs through the async schedule when
async_stepdown is at its highest value.

Thus the watchdog can trigger, after which Linux clears the IAAD bit and
re-uses the QH. IOW we were not properly detecting the unlink of the qh, due
to us missing (ignoring for more then 10 ms) the IAAD command, which triggered
the warning.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
12 years agoehci: Fix NULL ptr deref when unplugging an USB dev with an iso stream active
Hans de Goede [Tue, 28 Aug 2012 09:50:26 +0000 (11:50 +0200)]
ehci: Fix NULL ptr deref when unplugging an USB dev with an iso stream active

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
12 years agousb: unique packet ids
Gerd Hoffmann [Thu, 23 Aug 2012 11:30:13 +0000 (13:30 +0200)]
usb: unique packet ids

This patch adds IDs to usb packets.  Those IDs are (a) supposed to be
unique for the lifecycle of a packet (from packet setup until the packet
is either completed or canceled) and (b) stable across migration.

uhci, ohci, ehci and xhci use the guest physical address of the transfer
descriptor for this.

musb needs a different approach because there is no transfer descriptor.
But musb also doesn't support pipelining, so we have never more than one
packet per endpoint in flight.  So we go create an ID based on endpoint
and device address.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
12 years agousb: Halt ep queue en cancel pending packets on a packet error
Hans de Goede [Fri, 17 Aug 2012 13:24:49 +0000 (15:24 +0200)]
usb: Halt ep queue en cancel pending packets on a packet error

For controllers which queue up more then 1 packet at a time, we must halt the
ep queue, and inside the controller code cancel all pending packets on an
error.

There are multiple reasons for this:
1) Guests expect the controllers to halt ep queues on error, so that they
get the opportunity to cancel transfers which the scheduled after the failing
one, before processing continues

2) Not cancelling queued up packets after a failed transfer also messes up
the controller state machine, in the case of EHCI causing the following
assert to trigger: "assert(p->qtdaddr == q->qtdaddr)" at hcd-ehci.c:2075

3) For bulk endpoints with pipelining enabled (redirection to a real USB
device), we must cancel all the transfers after this a failed one so that:
a) If they've completed already, they are not processed further causing more
   stalls to be reported, originating from the same failed transfer
b) If still in flight, they are cancelled before the guest does
   a clear stall, otherwise the guest and device can loose sync!

Note this patch only touches the ehci and uhci controller changes, since AFAIK
no other controllers actually queue up multiple transfer. If I'm wrong on this
other controllers need to be updated too!

Also note that this patch was heavily tested with the ehci code, where I had
a reproducer for a device causing a transfer to fail. The uhci code is not
tested with actually failing transfers and could do with a thorough review!

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
12 years agofix info qtree indention
Gerd Hoffmann [Wed, 11 Jul 2012 10:21:23 +0000 (12:21 +0200)]
fix info qtree indention

Without the patch bus properties are are not in line with the other
properties:

[ ... ]
  dev: fw_cfg, id ""
    ctl_iobase = 0x510
    data_iobase = 0x511
      irq 0
      mmio ffffffffffffffff/0000000000000002
      mmio ffffffffffffffff/0000000000000001
[ ... ]

With the patch applied everything is lined up properly:

[ ... ]
  dev: fw_cfg, id ""
    ctl_iobase = 0x510
    data_iobase = 0x511
    irq 0
    mmio ffffffffffffffff/0000000000000002
    mmio ffffffffffffffff/0000000000000001
[ ... ]

Needed to make the autotest qtree parser happy.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
12 years agow32: Fix broken build
Stefan Weil [Thu, 30 Aug 2012 20:28:31 +0000 (22:28 +0200)]
w32: Fix broken build

Commit ef8621b1a3b199c348606c0a11a77d8e8bf135f1 added an include
file which is not available for MinGW compilations.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
12 years agoUpdate version for 1.2.0-rc2
Anthony Liguori [Thu, 30 Aug 2012 12:45:28 +0000 (07:45 -0500)]
Update version for 1.2.0-rc2

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
12 years agoscsi-disk: Fix typo (uint32 -> uint32_t)
Stefan Weil [Wed, 29 Aug 2012 18:39:25 +0000 (20:39 +0200)]
scsi-disk: Fix typo (uint32 -> uint32_t)

Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
12 years agomsix: make [un]use vectors on reset/load optional
Michael S. Tsirkin [Wed, 29 Aug 2012 16:40:56 +0000 (19:40 +0300)]
msix: make [un]use vectors on reset/load optional

The facility to use/unuse vectors dynamically is helpful
for virtio but little else: everyone just seems to use
vectors in their init function.

Avoid clearing msix vector use info on reset and load.
For virtio, clear it explicitly.
This should fix regressions reported with ivshmem - though
I didn't test this, I verified that virtio keeps
working like it did.

Tested-by: Cam Macdonell <cam@cs.ualberta.ca>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
12 years agokvm: get/set PV EOI MSR
Michael S. Tsirkin [Tue, 28 Aug 2012 17:43:56 +0000 (20:43 +0300)]
kvm: get/set PV EOI MSR

Support get/set of new PV EOI MSR, for migration.
Add an optional section for MSR value - send it
out in case MSR was changed from the default value (0).

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
12 years agolinux-headers: update to 3.6-rc3
Michael S. Tsirkin [Tue, 28 Aug 2012 17:43:42 +0000 (20:43 +0300)]
linux-headers: update to 3.6-rc3

Update linux-headers to version present in Linux 3.6-rc3.
Header asm-x96_64/kvm_para.h update is needed for the new PV EOI
feature.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
12 years agotarget-i386: disable pv eoi to fix migration across QEMU versions
Anthony Liguori [Wed, 29 Aug 2012 14:32:41 +0000 (09:32 -0500)]
target-i386: disable pv eoi to fix migration across QEMU versions

We have a problem with how we handle migration with KVM paravirt features.
We unconditionally enable paravirt features regardless of whether we know how
to migrate them.

We also don't tie paravirt features to specific machine types so an old QEMU on
a new kernel would expose features that never existed.

The 1.2 cycle is over and as things stand, migration is broken.  Michael has
another series that adds support for migrating PV EOI and attempts to make it
work correctly for different machine types.

After speaking with Michael on IRC, we agreed to take this patch plus 1 & 4
from his series.  This makes sure QEMU can migrate PV EOI if it's enabled, but
does not enable it by default.

This also means that we won't unconditionally enable new features for guests
future proofing us from this happening again in the future.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
12 years agoreset PMBA and PMREGMISC PIIX4 registers.
Gleb Natapov [Tue, 7 Aug 2012 12:52:03 +0000 (15:52 +0300)]
reset PMBA and PMREGMISC PIIX4 registers.

The bug causes Windows + OVMF hang after reboot since OVMF
checks PMREGMISC to see if IO space is enabled and skip
configuration if it is.

Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
12 years agoqemu-ga: Fix null pointer passed to unlink in failure branch
Stefan Weil [Fri, 24 Aug 2012 05:03:03 +0000 (07:03 +0200)]
qemu-ga: Fix null pointer passed to unlink in failure branch

Clang reports this warning:

Null pointer passed as an argument to a 'nonnull' parameter

Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
12 years agomemory: Fix copy&paste mistake in memory_region_iorange_write
Jan Kiszka [Sun, 26 Aug 2012 08:12:47 +0000 (10:12 +0200)]
memory: Fix copy&paste mistake in memory_region_iorange_write

The last argument of find_portio is "write", so this must be true here.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
12 years agoivshmem: remove redundant ioeventfd configuration
Cam Macdonell [Mon, 27 Aug 2012 18:12:19 +0000 (12:12 -0600)]
ivshmem: remove redundant ioeventfd configuration

setup_ioeventfds() is unnecessary and actually causes a segfault when used
ioeventfd=on is used on the command-line.  Since ioeventfds are handled within
the memory API, it can be removed.

Signed-off-by: Cam Macdonell <cam@cs.ualberta.ca>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
12 years agohw/arm_gic.c: Define .class_size in arm_gic_info TypeInfo
Peter Maydell [Wed, 29 Aug 2012 07:52:37 +0000 (08:52 +0100)]
hw/arm_gic.c: Define .class_size in arm_gic_info TypeInfo

Add the missing .class_size definition to the arm_gic_info TypeInfo.
This fixes the memory corruption and possible segfault that otherwise
results when the class struct is allocated at too small a size and
the class init function writes off the end of it.

Reported-by: Adam Lackorzynski <adam@os.inf.tu-dresden.de>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
12 years agoqemu-iotests: add backing file smaller than image test case
Stefan Hajnoczi [Tue, 28 Aug 2012 14:26:49 +0000 (15:26 +0100)]
qemu-iotests: add backing file smaller than image test case

This new test case checks that streaming completes successfully when the
backing file is smaller than the image file.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
12 years agostream: complete early if end of backing file is reached
Stefan Hajnoczi [Tue, 28 Aug 2012 14:26:48 +0000 (15:26 +0100)]
stream: complete early if end of backing file is reached

It is possible to create an image that is larger than its backing file.
Reading beyond the end of the backing file produces zeroes if no writes
have been made to those sectors in the image file.

This patch finishes streaming early when the end of the backing file is
reached.  Without this patch the block job hangs and continually tries
to stream the first sectors beyond the end of the backing file.

To reproduce the hung block job bug:

  $ qemu-img create -f qcow2 backing.qcow2 128M
  $ qemu-img create -f qcow2 -o backing_file=backing.qcow2 image.qcow2 6G
  $ qemu -drive if=virtio,cache=none,file=image.qcow2
  (qemu) block_stream virtio0
  (qemu) info block-jobs

The qemu-iotests 030 streaming test still passes.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
12 years agoqed: refuse unaligned zero writes with a backing file
Stefan Hajnoczi [Tue, 28 Aug 2012 13:04:27 +0000 (14:04 +0100)]
qed: refuse unaligned zero writes with a backing file

Zero writes have cluster granularity in QED.  Therefore they can only be
used to zero entire clusters.

If the zero write request leaves sectors untouched, zeroing the entire
cluster would obscure the backing file.  Instead return -ENOTSUP, which
is handled by block.c:bdrv_co_do_write_zeroes() and falls back to a
regular write.

The qemu-iotests 034 test cases covers this scenario.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
12 years agoMerge remote-tracking branch 'bonzini/scsi-next' into staging
Anthony Liguori [Wed, 29 Aug 2012 13:23:18 +0000 (08:23 -0500)]
Merge remote-tracking branch 'bonzini/scsi-next' into staging

* bonzini/scsi-next:
  iscsi: Set number of blocks to 0 for blank CDROM devices
  scsi: more fixes to properties for passthrough devices
  esp: support 24-bit DMA
  megasas: Add 'hba_serial' property

12 years agoMerge remote-tracking branch 'riku/linux-user-for-upstream' into staging
Anthony Liguori [Wed, 29 Aug 2012 13:22:02 +0000 (08:22 -0500)]
Merge remote-tracking branch 'riku/linux-user-for-upstream' into staging

* riku/linux-user-for-upstream:
  linux-user: Clarify "Unable to reserve guest address space" error
  linux-user: fix emulation of getdents
  linux-user: arg_table need not have global scope

12 years agotcg/mips: fix broken CONFIG_TCG_PASS_AREG0 code
Aurelien Jarno [Mon, 27 Aug 2012 20:13:27 +0000 (22:13 +0200)]
tcg/mips: fix broken CONFIG_TCG_PASS_AREG0 code

The CONFIG_TCG_PASS_AREG0 code for calling ld/st helpers was
broken in that it did not respect the ABI requirement that 64
bit values were passed in even-odd register pairs. The simplest
way to fix this is to implement some new utility functions
for marshalling function arguments into the correct registers
and stack, so that the code which sets up the address and
data arguments does not need to care whether there has been
a preceding env argument.

Based on commit 9716ef3b for ARM by Peter Maydell.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
12 years agoUpdate OpenBIOS PPC image
Aurelien Jarno [Tue, 28 Aug 2012 12:47:51 +0000 (14:47 +0200)]
Update OpenBIOS PPC image

Update OpenBIOS PPC image to SVN r1063 to fix issues introduced by
commit 9e56edcf. The code change in this revision only affects PPC,
so OpenBIOS SPARC images are not updated.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
12 years agotarget-ppc: fix altivec instructions
Aurelien Jarno [Sun, 26 Aug 2012 14:12:03 +0000 (16:12 +0200)]
target-ppc: fix altivec instructions

Altivec instructions are not working anymore in PowerPC emulation,
following commit d15f74fb, which inverted two registers in the call
to helper. Fix that.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Acked-by: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
12 years agoaudio/winwave: previous audio buffer should be flushed
munkyu.im [Tue, 28 Aug 2012 07:42:06 +0000 (16:42 +0900)]
audio/winwave: previous audio buffer should be flushed

Winwave audio backend has problem with pausing and restart audio out.
Unlike other backends, Winwave pausing API does not flush audio buffer.
As a result, the previous audio data are played in front of
user expected sound when user restart audio.
So changes it to waveOutReset()

Signed-off-by: Munkyu Im <munkyu.im@samsung.com>
Signed-off-by: malc <av1474@comtv.ru>
12 years agoiscsi: Set number of blocks to 0 for blank CDROM devices
Ronnie Sahlberg [Fri, 17 Aug 2012 02:36:20 +0000 (12:36 +1000)]
iscsi: Set number of blocks to 0 for blank CDROM devices

The number of blocks of the device is used to compute the device size
in bdrv_getlength()/iscsi_getlength().
For MMC devices, the ReturnedLogicalBlockAddress in the READCAPACITY10
has a special meaning when it is 0.
In this case it does not mean that LBA 0 is the last accessible LBA,
and thus the device has 1 readable block, but instead it means that the
disc is blank and there are no readable blocks.

This change ensures that when the iSCSI LUN is loaded with a blank
DVD-R disk or similar that bdrv_getlength() will return the correct
size of the device as 0 bytes.

Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
12 years agoscsi: more fixes to properties for passthrough devices
Paolo Bonzini [Tue, 28 Aug 2012 10:46:18 +0000 (12:46 +0200)]
scsi: more fixes to properties for passthrough devices

Commit 0384783 (scsi-block: remove properties that are not relevant for
passthrough, 2012-07-09) removed one property that should have been
left there, "bootindex".

It also did not touch scsi-generic, while it should have.

Fix both problems.

Reported-by: Alexandre DERUMIER <aderumier@odiso.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
12 years agoesp: support 24-bit DMA
Paolo Bonzini [Thu, 2 Aug 2012 13:43:39 +0000 (15:43 +0200)]
esp: support 24-bit DMA

SeaBIOS will issue requests for more than 64k when loading a CD-ROM
image into memory.  Support the TCHI register from the AMD PCscsi
spec.

Acked-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
12 years agomegasas: Add 'hba_serial' property
Hannes Reinecke [Fri, 24 Aug 2012 10:36:41 +0000 (12:36 +0200)]
megasas: Add 'hba_serial' property

Add a 'hba_serial' property to the megasas driver. Originally
it would be using a pointer value which would break migration.

Reported-by: Stefan Weil <sw@weilnetz.de>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
12 years agotarget-mips: allow microMIPS SWP and SDP to have RD equal to BASE
Eric Johnson [Sun, 18 Sep 2011 00:28:16 +0000 (17:28 -0700)]
target-mips: allow microMIPS SWP and SDP to have RD equal to BASE

The microMIPS SWP and SDP instructions do not modify GPRs.  So their
behavior is well defined when RD equals BASE.  The MIPS Architecture
Verification Programs (AVPs) check that they work as expected.  This
is required for AVPs to pass.

Signed-off-by: Eric Johnson <ericj@mips.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
12 years agotarget-mips: add privilege level check to several Cop0 instructions
Eric Johnson [Sun, 18 Sep 2011 00:05:32 +0000 (17:05 -0700)]
target-mips: add privilege level check to several Cop0 instructions

The MIPS Architecture Verification Programs (AVPs) check privileged
instructions for the required privilege level.  These changes are needed
to pass the AVP suite.

Signed-off-by: Eric Johnson <ericj@mips.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
12 years agoRevert "fix some debug printf format strings"
malc [Mon, 27 Aug 2012 14:33:24 +0000 (18:33 +0400)]
Revert "fix some debug printf format strings"

This reverts commit 145c7c880ff520a9348cc2401ba291330b9606fe.

Signed-off-by: malc <av1474@comtv.ru>
12 years agoRevert "vl: fix -hdachs/-hda argument order parsing issues"
malc [Mon, 27 Aug 2012 14:33:22 +0000 (18:33 +0400)]
Revert "vl: fix -hdachs/-hda argument order parsing issues"

This reverts commit 7764ae9671f1cd74227cf4404431dd5213799ef0.

Signed-off-by: malc <av1474@comtv.ru>
12 years agoRevert "qemu-options.hx: mention retrace= VGA option"
malc [Mon, 27 Aug 2012 14:33:21 +0000 (18:33 +0400)]
Revert "qemu-options.hx: mention retrace= VGA option"

This reverts commit 39dda260628e5f2a3fd2ce2ec8a71f3d5ca309a9.

Signed-off-by: malc <av1474@comtv.ru>
12 years agoRevert "vga: add some optional CGA compatibility hacks"
malc [Mon, 27 Aug 2012 14:33:20 +0000 (18:33 +0400)]
Revert "vga: add some optional CGA compatibility hacks"

This reverts commit 482f7bf86b43af9f6903c52726fedf82b28bf953.

Signed-off-by: malc <av1474@comtv.ru>
12 years agoRevert "i8259: add -no-spurious-interrupt-hack option"
malc [Mon, 27 Aug 2012 14:33:12 +0000 (18:33 +0400)]
Revert "i8259: add -no-spurious-interrupt-hack option"

This reverts commit f278d4947fff814dcde2ef2acad36d172ff8be35.

Signed-off-by: malc <av1474@comtv.ru>
12 years agomips-linux-user: Always support rdhwr.
Richard Henderson [Fri, 30 Mar 2012 17:16:37 +0000 (13:16 -0400)]
mips-linux-user: Always support rdhwr.

The kernel will emulate this instruction if it's not supported
natively.  This insn is used for TLS, among other things, and
so is required by modern glibc.

Signed-off-by: Richard Henderson <rth@twiddle.net>
Cc: Riku Voipio <riku.voipio@iki.fi>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
12 years agotarget-mips: Streamline indexed cp1 memory addressing.
Richard Henderson [Fri, 30 Mar 2012 17:16:36 +0000 (13:16 -0400)]
target-mips: Streamline indexed cp1 memory addressing.

We've already eliminated both base and index being zero.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
12 years agoFix order of CVT.PS.S operands
Richard Sandiford [Mon, 27 Aug 2012 08:53:29 +0000 (09:53 +0100)]
Fix order of CVT.PS.S operands

The FS input to CVT.PS.S is the high half and FT is the low half.
tcg_gen_concat_i32_i64 takes the low half first, so the operands
were in the wrong order.

Signed-off-by: Richard Sandiford <rdsandiford@googlemail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
12 years agoFix operands of RECIP2.S and RECIP2.PS
Richard Sandiford [Mon, 27 Aug 2012 08:50:38 +0000 (09:50 +0100)]
Fix operands of RECIP2.S and RECIP2.PS

Read the second input operand of RECIP2.S and RECIP2.PS from FT rather
than FD.  RECIP2.D is already correct.

Signed-off-by: Richard Sandiford <rdsandiford@googlemail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
12 years agolinux-user: Clarify "Unable to reserve guest address space" error
Peter Maydell [Mon, 20 Aug 2012 10:36:32 +0000 (11:36 +0100)]
linux-user: Clarify "Unable to reserve guest address space" error

Now that we default to reserving nearly 4GB of RAM for the guest
address space when running a 32 bit linux-user guest on 64 bit
hosts, users are much more likely to run into it. Reword the
message to be more informative about what failed and provide
suggestions for how to fix things.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
12 years agolinux-user: fix emulation of getdents
Dmitry V. Levin [Mon, 20 Aug 2012 22:13:12 +0000 (02:13 +0400)]
linux-user: fix emulation of getdents

In case when TARGET_ABI_BITS == 32 && HOST_LONG_BITS == 64, the last
byte of the target dirent structure (aka d_type byte) was never copied
from the host dirent structure, thus breaking everything that relies
on valid d_type value, e.g. glob(3).

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
12 years agolinux-user: arg_table need not have global scope
Jim Meyering [Mon, 21 May 2012 19:56:19 +0000 (21:56 +0200)]
linux-user: arg_table need not have global scope

Declare arg_table to be "static const", and adjust the two users
to also be const.

Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
12 years agotcg/ia64: fix and optimize ld/st slow path
Aurelien Jarno [Sat, 25 Aug 2012 22:45:27 +0000 (00:45 +0200)]
tcg/ia64: fix and optimize ld/st slow path

Store slow path has been broken in e141ab52d:
- the arguments are shifted before the last one (mem_index) is written.
- the shift is done for both slow and fast paths.

Fix that. Also optimize a bit by bundling the move together. This still
can be optimized, but it's better to wait for a decision to be taken on
the arguments order.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
12 years agotcg/ia64: fix prologue/epilogue
Aurelien Jarno [Sat, 25 Aug 2012 21:59:58 +0000 (23:59 +0200)]
tcg/ia64: fix prologue/epilogue

Prologue and epilogue code has been broken in cea5f9a28.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
12 years agotcg/arm: Fix broken CONFIG_TCG_PASS_AREG0 code
Peter Maydell [Sun, 26 Aug 2012 13:40:02 +0000 (14:40 +0100)]
tcg/arm: Fix broken CONFIG_TCG_PASS_AREG0 code

The CONFIG_TCG_PASS_AREG0 code for calling ld/st helpers was
broken in that it did not respect the ABI requirement that 64
bit values were passed in even-odd register pairs. The simplest
way to fix this is to implement some new utility functions
for marshalling function arguments into the correct registers
and stack, so that the code which sets up the address and
data arguments does not need to care whether there has been
a preceding env argument.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
12 years agoi8259: add -no-spurious-interrupt-hack option
Matthew Ogilvie [Thu, 23 Aug 2012 06:24:43 +0000 (00:24 -0600)]
i8259: add -no-spurious-interrupt-hack option

This patch provides a way to optionally suppress spurious interrupts,
as a workaround for systems described below:

Some old operating systems do not handle spurious interrupts well,
and qemu tends to generate them significantly more often than
real hardware.

Examples:
  - Microport UNIX System V/386 v 2.1 (ca 1987)
    (The main problem I'm fixing: Without this patch, it panics
    sporadically when accessing the hard disk.)
  - AT&T UNIX System V/386 Release 4.0 Version 2.1a (ca 1991)
    See screenshot in "QEMU Official OS Support List":
    http://www.claunia.com/qemu/objectManager.php?sClass=application&iId=9
    (I don't have this system to test.)
  - A report about OS/2 boot lockup from 2004 by Hampa Hug:
    http://lists.nongnu.org/archive/html/qemu-devel/2004-09/msg00367.html
    (My patch was partially inspired by his.)
    Also: http://lists.nongnu.org/archive/html/qemu-devel/2005-06/msg00243.html
    (I don't have this system to test.)

Signed-off-by: Matthew Ogilvie <mmogilvi_qemu@miniinfo.net>
Signed-off-by: malc <av1474@comtv.ru>
12 years agovga: add some optional CGA compatibility hacks
Matthew Ogilvie [Thu, 23 Aug 2012 06:24:42 +0000 (00:24 -0600)]
vga: add some optional CGA compatibility hacks

This patch adds some optional compatibility hacks (default
disabled) to allow Microport UNIX to function under qemu.

I've tried to structure it to be easy to add more hacks for other
old CGA programs, if anyone ever needs them.

Microport UNIX System V/386 v 2.1 (ca 1987) tries to program
the CGA registers directly with neither the assistance of BIOS, nor
with proper handling of EGA/VGA-only registers.  Note that it didn't
work on real VGA hardware, either (although in that case, the most
obvious problems seemed to be out-of-range hsync and/or vsync
signalling, rather than the issues in this patch).

Eventually real MDA and/or CGA support might provide an alternative to
this patch, although a hybrid approach like this patch might still
be useful in marginal cases.

Signed-off-by: Matthew Ogilvie <mmogilvi_qemu@miniinfo.net>
Signed-off-by: malc <av1474@comtv.ru>
12 years agoqemu-options.hx: mention retrace= VGA option
Matthew Ogilvie [Thu, 23 Aug 2012 06:24:41 +0000 (00:24 -0600)]
qemu-options.hx: mention retrace= VGA option

The feature was added in commit cb5a7aa8c32141bb Sep 2008.
My description is based on "Better VGA retrace emulation (needed
for some DOS games/demos)" from
http://www.boblycat.org/~malc/code/patches/qemu/index.html

Signed-off-by: Matthew Ogilvie <mmogilvi_qemu@miniinfo.net>
Signed-off-by: malc <av1474@comtv.ru>
12 years agovl: fix -hdachs/-hda argument order parsing issues
Matthew Ogilvie [Thu, 23 Aug 2012 06:24:40 +0000 (00:24 -0600)]
vl: fix -hdachs/-hda argument order parsing issues

Without this patch, the -hdachs argument had to occur either
BEFORE the corresponding "-hda" option, or AFTER the plain
disk image name (if neither -hda nor -drive is used).  Otherwise
it would effectively be ignored.

Option -hdachs still has no effect on -drive, but that seems best.

Signed-off-by: Matthew Ogilvie <mmogilvi_qemu@miniinfo.net>
Signed-off-by: malc <av1474@comtv.ru>
12 years agotarget-i386/translate.c: mov to/from crN/drN: ignore mod bits
Matthew Ogilvie [Thu, 23 Aug 2012 06:24:39 +0000 (00:24 -0600)]
target-i386/translate.c: mov to/from crN/drN: ignore mod bits

> This instruction is always treated as a register-to-register (MOD = 11)
> instruction, regardless of the encoding of the MOD field in the MODR/M
> byte.

Also, Microport UNIX System V/386 v 2.1 (ca 1987) runs fine on
real Intel 386 and 486 CPU's (at least), but does not run in qemu without
this patch.

Signed-off-by: Matthew Ogilvie <mmogilvi_qemu@miniinfo.net>
Signed-off-by: malc <av1474@comtv.ru>
12 years agofix some debug printf format strings
Matthew Ogilvie [Thu, 23 Aug 2012 06:24:38 +0000 (00:24 -0600)]
fix some debug printf format strings

These are normally ifdefed out and don't matter.  But if you enable
them, they ought to be correct.

Signed-off-by: Matthew Ogilvie <mmogilvi_qemu@miniinfo.net>
Signed-off-by: malc <av1474@comtv.ru>
12 years agoivshmem: fix memory_region_del_eventfd assertion failure
Paolo Bonzini [Wed, 22 Aug 2012 21:09:47 +0000 (23:09 +0200)]
ivshmem: fix memory_region_del_eventfd assertion failure

We do not register ioeventfds unless the IVSHMEM_IOEVENTFD feature
is set.  The same feature must be checked before releasing the eventfds.
Regression introduced by commit 563027c (ivshmem: use EventNotifier and
memory API, 2012-07-05).

Reported-by: Cam Macdonnell <cam@cs.ualberta.ca>
Tested-by: Cam Macdonnell <cam@cs.ualberta.ca>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
12 years agoqom: object_delete should unparent the object first
Paolo Bonzini [Wed, 22 Aug 2012 21:09:46 +0000 (23:09 +0200)]
qom: object_delete should unparent the object first

object_deinit is only called when the reference count goes to zero,
and yet tries to do an object_unparent.  Now, object_unparent
either does nothing or it will decrease the reference count.
Because we know the reference count is zero, the object_unparent
call in object_deinit is useless.

Instead, we need to disconnect the object from its parent just
before we remove the last reference apart from the parent's.  This
happens in object_delete.  Once we do this, all calls to
object_unparent peppered through QEMU can go away.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
12 years agomonitor: don't try to initialize json parser when monitor is HMP
Anthony Liguori [Thu, 23 Aug 2012 18:49:02 +0000 (13:49 -0500)]
monitor: don't try to initialize json parser when monitor is HMP

Reported-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
12 years agotarget-mips: Fix some helper functions (VR54xx multiplication)
Stefan Weil [Sun, 4 Mar 2012 07:21:39 +0000 (08:21 +0100)]
target-mips: Fix some helper functions (VR54xx multiplication)

Commits b5dc7732e1cc2fb549e48b7b5d664f2c79628e2e and
be24bb4f3007c3e07cbf1934f7e781493d876ab7 optimized the code
and removed the correct setting of t0. Fix this.

gcc-4.7 detected this bug because parameter arg1 was unused
but set in set_HIT0_LO and set_HI_LOT0.

Cc: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
12 years agotarget-mips: Enable access to required RDHWR hardware registers
Meador Inge [Tue, 21 Aug 2012 17:31:37 +0000 (12:31 -0500)]
target-mips: Enable access to required RDHWR hardware registers

While running in the usermode emulator all of the required*
MIPS32r2 RDHWR hardware registers should be accessible (the
Linux kernel enables access to these same registers).  Note
that these registers are still enabled when the MIPS ISA is
not release 2.  This is OK since the Linux kernel emulates
access to them when they are not available in hardware.

* There is also the ULR register which is only recommended
  for full release 2 compliance.  Incidentally, accessing
  this register in the current implementation works fine
  without flipping its access bit.

Signed-off-by: Meador Inge <meadori@codesourcery.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
12 years agomonitor: move json init from OPEN event to init
Anthony Liguori [Thu, 23 Aug 2012 13:03:21 +0000 (08:03 -0500)]
monitor: move json init from OPEN event to init

At some point in the past, the OPEN event was changed to be issued from a
bottom half.  This creates a small window whereas a data callback registered in
init may be invoked before the OPEN event has been issued.

This is reproducible with:

 echo "{'execute': 'qmp_capabilities'}" | qemu-system-x86_64 -M none -qmp stdio

We can fix this for the monitor by moving the parser initialization to init.

The remaining state that is set in OPEN appears harmless.

Reported-by: Daniel Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
12 years agoboards: add a 'none' machine type to all platforms
Anthony Liguori [Wed, 22 Aug 2012 20:22:05 +0000 (15:22 -0500)]
boards: add a 'none' machine type to all platforms

This allows any QEMU binary to be executed with:

  $QEMU_BINARY -M none -qmp stdio

Without errors from missing options that are required by various boards.  This
also provides a mode that we can use in the future to construct machines
entirely through QMP commands.

Cc: Daniel Berrange <berrange@redhat.com>
Cc: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
12 years agoUpdate version for 1.2.0-rc1 release
Anthony Liguori [Wed, 22 Aug 2012 20:44:38 +0000 (15:44 -0500)]
Update version for 1.2.0-rc1 release

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
12 years agoMerge remote-tracking branch 'qmp/queue/qmp' into staging
Anthony Liguori [Wed, 22 Aug 2012 18:33:15 +0000 (13:33 -0500)]
Merge remote-tracking branch 'qmp/queue/qmp' into staging

* qmp/queue/qmp:
  migration: move total_time from ram stats to migration info
  monitor: avoid declaring unused variables
  qapi: Fix memory leak

12 years agoMerge remote-tracking branch 'sstabellini/xen-fixes-20120822' into staging
Anthony Liguori [Wed, 22 Aug 2012 18:31:39 +0000 (13:31 -0500)]
Merge remote-tracking branch 'sstabellini/xen-fixes-20120822' into staging

* sstabellini/xen-fixes-20120822:
  xen-all.c: fix multiply issue for int and uint types
  Fix invalidate if memory requested was not bucket aligned

12 years agoMerge remote-tracking branch 'bonzini/scsi-next' into staging
Anthony Liguori [Wed, 22 Aug 2012 18:31:17 +0000 (13:31 -0500)]
Merge remote-tracking branch 'bonzini/scsi-next' into staging

* bonzini/scsi-next:
  virtio-scsi: add backwards-compatibility properties for 1.1 and earlier machines
  iscsi: fix races between task completion and abort
  iscsi: simplify iscsi_schedule_bh
  iscsi: move iscsi_schedule_bh and iscsi_readv_writev_bh_cb
  Revert "iscsi: Fix NULL dereferences / races between task completion and abort"

12 years agoMerge remote-tracking branch 'kwolf/for-anthony' into staging
Anthony Liguori [Wed, 22 Aug 2012 18:01:05 +0000 (13:01 -0500)]
Merge remote-tracking branch 'kwolf/for-anthony' into staging

* kwolf/for-anthony:
  virtio-blk: hide VIRTIO_BLK_F_CONFIG_WCE from old machine types
  Documentation: Warn against qemu-img on active image
  vmdk: Read footer for streamOptimized images
  vmdk: Fix header structure

Conflicts:
hw/virtio-blk.c

12 years agoMerge remote-tracking branch 'kraxel/usb.59' into staging
Anthony Liguori [Wed, 22 Aug 2012 17:53:18 +0000 (12:53 -0500)]
Merge remote-tracking branch 'kraxel/usb.59' into staging

* kraxel/usb.59:
  ehci: Fix setting of halt bit from usbcmd register updates
  ehci: fix Interrupt Threshold Control implementation
  usb: update uas product id
  usb: async control xfer fixup

12 years agoqapi: add 'query-target' command to return target arch
Daniel P. Berrange [Mon, 20 Aug 2012 14:31:38 +0000 (15:31 +0100)]
qapi: add 'query-target' command to return target arch

Add a 'query-target' QAPI command to allow management applications
to determine what target architecture a QEMU binary is emulating
without having to parse the binary name or -help output

  $ qmp-shell -p /tmp/qemu
  (QEMU) query-target
  {   u'return': {   u'arch': u'x86_64' }}

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
12 years agopci: Tidy up PCI host bridges
Andreas Färber [Mon, 20 Aug 2012 17:08:09 +0000 (19:08 +0200)]
pci: Tidy up PCI host bridges

Adopt the QOM parent field name and enforce QOM-style access via casts.
Don't just typedef PCIHostState, either use it directly or embed it.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
12 years agopci: Derive PCI host bridges from TYPE_PCI_HOST_BRIDGE
Andreas Färber [Mon, 20 Aug 2012 17:08:08 +0000 (19:08 +0200)]
pci: Derive PCI host bridges from TYPE_PCI_HOST_BRIDGE

Use PCIHostState and PCI_HOST_BRIDGE() where appropriate.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
12 years agopci_host: Turn into SysBus-derived QOM type
Andreas Färber [Mon, 20 Aug 2012 17:08:07 +0000 (19:08 +0200)]
pci_host: Turn into SysBus-derived QOM type

The preceding commits fixed misuses of FROM_SYSBUS() that led people to
add a bogus busdev field. For qdev the field order was less relevant but
for QOM the PCIHostState field (including the SysBusDevice actually
initialized with a value) must be placed first within the state struct.

To facilitate accessing the PCIHostState fields, derive all PCI host
bridges from TYPE_PCI_HOST_BRIDGE rather than TYPE_SYS_BUS_DEVICE.

We can now access PCIHostState QOM-style, with PCI_HOST_BRIDGE() macro.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Wanpeng Li <liwanp@linux.vnet.ibm.com>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>