review.tizen.org Git - sdk/emulator/qemu.git/log

skin: wearable skin pacakging

- add wearable-360x360-1btn
- add wearableO-360x360-2btn

Change-Id: I886421bb20edd38316b86320d0ee9fe0d8ed23a3
Signed-off-by: GiWoong Kim <giwoong.kim@samsung.com>

KeySequence: activatedAmbiguously() signal handling

When a key sequence is being typed at the keyboard, it is said
to be ambiguous as long as it matches the start of more than one shortcut.
When a shortcut's key sequence is completed, activatedAmbiguously() is
emitted if the key sequence is still ambiguous (i.e., it is the start of
one or more other shortcuts). The activated() signal is not emitted in this case.

A warning message box will show up in Emulator when
conflicted shortcut key is typed by user.

Change-Id: I62538ed48ec02786f70565652c7cd734992ec06a
Signed-off-by: GiWoong Kim <giwoong.kim@samsung.com>

9pfs: fix bug of reading host directory path

On Windows host, if the user selected the root directory as Host
Directory Sharing path, the emulator launching failure could occur.

There was a code that remove the last backslash of entered path on
Windows implementation. By the way, stat() function could not read the
path when root path like 'c:\' had entered and been removed the last
backslash(the result was 'c:').
So we change the code to remove the backslash only if the entered path
is not a root directory.

We should check the stat() working mechanism about reading pathes
including backslash on Windows later.

Change-Id: I7a155520af1f008f927e6dc67408e930c0f73ab1
Signed-off-by: ChulHo Song <ch81.song@samsung.com>
Signed-off-by: Sooyoung Ha <yoosah.ha@samsung.com>
(cherry picked from commit 20be828e348259146208ee67f13c1b340a8eaff8)

KeySequence: remove unnecessary function and etc

- remove unnecessary function
- modify some variable names

Change-Id: Ia9988078c47a2d934d1aacb845b1100df168d7b3
Signed-off-by: GiWoong Kim <giwoong.kim@samsung.com>

package: version up(2.4.3)

2.4.3

Change-Id: I88fe9dd4ccdfb50d1e470424c3953e68f4f4b1b5
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>

hax: remove redundant comparison

"(hax_enabled() && hax_ug_platform())" is always false when
tcg is enabled.

Change-Id: I1fed39c6e4e45b915792130882d5a3971583b3ed
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>

Merge tag 'v2.4.1' into tizen_3.0_develop

v2.4.1

Change-Id: I8d62d785e1d693dc2ce29ddc3bdaf4e5ad30da61
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>

menu: improve CPU architecture information on Detailed Info

- guest 32bit CPU: "x86 (32bit)"
- guest 64bit CPU: "x86 (64bit)"

Change-Id: I73d233c534e1e2d89e56b0c01f33996aa832eea7
Signed-off-by: GiWoong Kim <giwoong.kim@samsung.com>

osutil-win32: get JavaHome path of current JRE

Currently, the emulator gets the java path by traverses the registry
subkeys of "\\SOFTWARE\\JavaSoft\\Java Runtime Environment".
This can cause side effects.
So modified to get the java path in the normal way.
It gets the JavaHome path of the CurrentVersion.

Change-Id: Ibfa41f3c939f01f3b0ffd5fe4cfa2bdb575be76a
Signed-off-by: Jinhyung Jo <jinhyung.jo@samsung.com>

ui: remove unnecessary blank space in window

To remove blank space, add none boder-style to QGraphicView.
And it should not be overwritten.

Change-Id: I50f6fad3a65d191faa4effd0c969c23b0821a140
Signed-off-by: GiWoong Kim <giwoong.kim@samsung.com>

menu: delete some unnecessary lines in SWT GUI

There is no need to consider CPU architecture on
Detailed Info Dialog.

Change-Id: I97ac80a5cee32d382ac93d60e01740a87a8de8d6
Signed-off-by: GiWoong Kim <giwoong.kim@samsung.com>

package: version up(2.4.2)

2.4.2

Change-Id: I07da5c679ce952a781776f42c59b7c87a47f63c0
Signed-off-by: Jinhyung Jo <jinhyung.jo@samsung.com>

Qt: set new menu icons of Always On Top and Move

As setting two icons of "Always On Top" and "Move" in emulator context menu,
the context menu will look nice.
Specifically, each indentation of the context menu becomes equal in MacOSX.
Also, new icons will help users recognize what does menu mean at a glance.

Change-Id: I0114f9f064f069c1553c0f59983cf8131a6133ad
Signed-off-by: Jihye Won <jihye.won1@samsung.com>

Qt: destroy transWidget before offGuideImage shows

When emulator does not receive any event,
offGuideImage is loaded on the top of the screen.
The problem is that offGuideImage shows with transparent widget
created for Move function.
To resolve the problem, transparent widget should be deleted
just before offGuidImage shows.

Change-Id: Ia2ceb186034d4e37bff3c1f22c206202a20b7e8b
Signed-off-by: Jihye Won <jihye.won1@samsung.com>

debug: fix a bug about reading debugch name

The legacy code designed that DEBUGCH file always has a newline
character end of it, code tried to remove(means changed it to null char)
the last char. But surely, DEBUGCH file might not have the newline, it
could cause the unexpected behavior. So I add the newline check code.

Change-Id: Id5eb667adcdeef7fa3920069afc1e936100107ce
Signed-off-by: Sooyoung Ha <yoosah.ha@samsung.com>

YaGL: Version bump

For the 64bit addressing
(commit id: 6f60a05179838f69e095cd6425a5f1ac8b0bd2e2)
Be sure synchronize with the kernel & platform yagl packages.

Change-Id: I39de2627754b7f70efc0a0fbfd3b2101be9b009d
Signed-off-by: Jinhyung Jo <jinhyung.jo@samsung.com>

DIBS: build on DIBS in the same way on local

Using TIZEN_SDK_DEV_PATH instead of overriding PKG_CONFIG_PATH.

Change-Id: Ib99c9e6149cbca93c278e84873b8a93de6f436e0
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>

configure: change default TIZEN_SDK_DEV_PATH for cross compiling

If CROSS_PREFIX is specified, we use "~/tizen-sdk-dev/$CROSS_PREFIX/"
as a default instead of "~/$CROSS_PREFIX-tizen-sdk-dev/".

Change-Id: I86e825ca2b1749be240e8850478de2c185b2cb8e
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>

util: remove unused utility sources

check-* is moved to emulator-supplements. So it is useless now.

Change-Id: I52a0fbe884a37d1fd570dff3febd029e3afad869
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>

vl.c: do not use deprecated glib API g_mem_set_vtable()

g_mem_set_vtable() has been deprecated since glib version 2.46. So,
compiler complain about it "-Wdeprecated-declarations".
We should not use g_mem_set_vtable() when glib is newer than 2.46.

Change-Id: I0fcf76fa1b18e544341c679307aa5418cf619367
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>

XML: removed returning allocated memory in parser

Change-Id: I5e63849a513e7f53b0a414742e3c21a935f7046b
Signed-off-by: GiWoong Kim <giwoong.kim@samsung.com>

XML: minor cleanup

- declare a makeGeneralCon function
- call by reference
- add some logs

Change-Id: Ic14a41b222be25ff8e3c9b773ded17c8e6cc7dda
Signed-off-by: GiWoong Kim <giwoong.kim@samsung.com>

display: added masking for screen off guide

Change-Id: If3bcf54f83f779e32490bfee12668d94facd928d
Signed-off-by: GiWoong Kim <giwoong.kim@samsung.com>

skin: fix the incorrect decision logic for VM color

Decision logic for VM color(which is used by Pair Tag on skin)
is depended on base port number. The port number is
increased by 10 from 26100.

Change-Id: I8744e837eb77773e9dedf2155abca346498ae211
Signed-off-by: GiWoong Kim <giwoong.kim@samsung.com>

check-net: fix duplicated http_proxy

replace duplicated "http_proxy=" with "https_proxy="
It is typo error.

Change-Id: Ic02493790ddcc52367a179c4a7d51d5812b46517
Signed-off-by: Munkyu Im <munkyu.im@samsung.com>

package: version up(2.4.1)

up to 2.4.1

Change-Id: I9cb76d4cdbad96f30d985e5ad26c1b33d1fbf714
Signed-off-by: Jinhyung Jo <jinhyung.jo@samsung.com>

YaGL: Patches for the 64bit memory addressing

Tizen 3.0 supports a 64bit guest.
However current yagl is implemented by assumed to use the 32bit address.
So modify the address related parts.
I will also update the yagl platform sources.

Change-Id: I5f56915fa68f8170d81c96e8f426f60ddc9d98e5
Signed-off-by: Jinhyung Jo <jinhyung.jo@samsung.com>

YaGL: Modified the process state for the 64bit guest

If the guest image is 64bit, 'yagl_mem_get' function fails.
So the host yagl can not access the guest memory.
The failure occurs in the 'cpu_get_phys_page_debug'.
(<qemu>/target-i386.helper.c:820 if (env->hflags & HF_LMA_MASK))
Becuase the yagl process state does not have the flag like above,
it does not proceed as a normal routine in Ubuntu 64bit.
Therefore add the 'hflags' to the yagl process state.

Change-Id: Ia1dfa8d7ca51211893149612f400365199fe16b5
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>
Signed-off-by: Jinhyung Jo <jinhyung.jo@samsung.com>

skin: masking for non-alpha channel image format

Removes any mask set on main window when emulator uses
a non-alpha channel image as a skin.

Change-Id: I64293c35f07a36fb3bbbff140a06412f09b6084c
Signed-off-by: GiWoong Kim <giwoong.kim@samsung.com>

Update version for 2.4.1 release

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

virtio: sync the dataplane vring state to the virtqueue before virtio_save

When creating snapshot with the dataplane enabled, the snapshot file gets
not the actual state of virtqueue, because the current state is stored in
VirtIOBlockDataPlane. Therefore, before saving snapshot need to sync
the dataplane vring state to the virtqueue. The dataplane will resume its
work at the next notify virtqueue.

When snapshot loads with loadvm we get a message:
VQ 0 size 0x80 Guest index 0x15f5 inconsistent with Host index 0x0:
delta 0x15f5
error while loading state for instance 0x0 of device
'0000:00:08.0/virtio-blk'
Error -1 while loading VM state

to reproduce the error I used the following hmp commands:
savevm snap1
loadvm snap1

qemu parameters:
--enable-kvm -smp 4 -m 1024 -drive file=/var/lib/libvirt/images/centos6.4.qcow2,if=none,id=drive-virtio-disk0,format=qcow2,cache=none,aio=native -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x8,drive=drive-virtio-disk0,id=virtio-disk0 -set device.virtio-disk0.x-data-plane=on

Signed-off-by: Pavel Butsykin <pbutsykin@virtuozzo.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Message-id: 1445859777-2982-1-git-send-email-den@openvz.org
CC: Stefan Hajnoczi <stefanha@redhat.com>
CC: "Michael S. Tsirkin" <mst@redhat.com>
CC: Kevin Wolf <kwolf@redhat.com>
CC: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 10a06fd65f667a972848ebbbcac11bdba931b544)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

target-xtensa: add window overflow check to L32E/S32E

Despite L32E and S32E primary use is for window underflow and overflow
exception handlers they are just normal instructions, and thus need to
check for window overflow.

Cc: qemu-stable@nongnu.org
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
(cherry picked from commit f822b7e497fa6a662094b491f86441015f363362)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

net: don't set native endianness

commit 5be7d9f1b1452613b95c6ba70b8d7ad3d0797991
vhost-net: tell tap backend about the vnet endianness
makes vhost net always try to set LE - even if that matches the
native endian-ness.

This makes it fail on older kernels on x86 without TUNSETVNETLE support.

To fix, make qemu_set_vnet_le/qemu_set_vnet_be skip the
ioctl if it matches the host endian-ness.

Reported-by: Marcel Apfelbaum <marcel@redhat.com>
Cc: Greg Kurz <gkurz@linux.vnet.ibm.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
(cherry picked from commit 052bd52fa978d3f04bc476137ad6e1b9a697f9bd)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

audio: disable audio on Windows to avoid Windows audio problem

QEMU dsound audio backend is not stabilized now and it can cause
emuulator crash. Until we solve the problem, we should disable
audio in Windows.

Change-Id: I5acb6f955fa03868b34ca27be8fc0fec63c7dda1
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>

audio: remove W/A codes for winwaveaudio

When sound is played without connecting of speaker on Windows,
because winwaveaudio made process lock-up, the W/A were applied.
However, qemu of tizen_3.0 does not support winwaveaudio,
but, dsoundaudio for Windows host.
And, as audio codes of qemu are updated, the W/A is no more valid code.
Therefore, the W/A codes are removed.

Change-Id: I63f4d73646f09b2af41238ce34102667f05f1d5e
Signed-off-by: bk0121.shin <bk0121.shin@samsung.com>

ui: initialize class-member variables

1. initialize class-member variables
2. delete unnecessary null checking

Change-Id: Ie20dfc5789f7d9be8cb08487c7bfe460507bcb2c
Signed-off-by: GiWoong Kim <giwoong.kim@samsung.com>

device-introspect-test: New, covering device introspection

The test doesn't check that the output makes any sense, only that QEMU
survives.  Useful since we've had an astounding number of crash bugs
around there.

In fact, we have a bunch of them right now: a few devices crash or
hang, and some leave dangling pointers behind.  The test skips testing
the broken parts.  The next commits will fix them up, and drop the
skipping.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <1443689999-12182-8-git-send-email-armbru@redhat.com>
(cherry picked from commit 2d1abb850fd15fd6eb75a92290be5f93b2772ec5)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

libqtest: New hmp() & friends

New convenience function hmp() to facilitate use of
human-monitor-command in tests. Use it to simplify its existing uses.

To blend into existing libqtest code, also add qtest_hmpv() and
qtest_hmp(). That, and the egregiously verbose GTK-Doc comment format
make this patch look bigger than it is.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <1443689999-12182-7-git-send-email-armbru@redhat.com>
(cherry picked from commit 5fb48d9673b76fc53507a0e717a12968e57d846e)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

tests: Fix how qom-test is run

We want to run qom-test for every architecture, without having to
manually add it to every architecture's list of tests.  Commit 3687d53
accomplished this by adding it to every architecture's list
automatically.

However, some architectures inherit their tests from others, like this:

    check-qtest-x86_64-y = $(check-qtest-i386-y)
    check-qtest-microblazeel-y = $(check-qtest-microblaze-y)
    check-qtest-xtensaeb-y = $(check-qtest-xtensa-y)

For such architectures, we ended up running the (slow!) test twice.
Commit 2b8419c attempted to avoid this by adding the test only when
it's not already present.  Works only as long as we consider adding
the test to the architectures on the left hand side *after* the ones
on the right hand side: x86_64 after i386, microblazeel after
microblaze, xtensaeb after xtensa.

Turns out we consider them in $(SYSEMU_TARGET_LIST) order.  Defined as

    SYSEMU_TARGET_LIST := $(subst -softmmu.mak,,$(notdir \
       $(wildcard $(SRC_PATH)/default-configs/*-softmmu.mak)))

On my machine, this results in the oder xtensa, x86_64, microblazeel,
microblaze, i386.  Consequently, qom-test runs twice for microblazeel
and x86_64.

Replace this complex and flawed machinery with a much simpler one: add
generic tests (currently just qom-test) to check-qtest-generic-y
instead of check-qtest-$(target)-y for every target, then run
$(check-qtest-generic-y) for every target.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Message-Id: <1443689999-12182-5-git-send-email-armbru@redhat.com>
(cherry picked from commit e253c287153c6f3ce4177686ac12c196f9bd8292)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

macio: move DBDMA_init from instance_init to realize

DBDMA_init is not idempotent, and calling it from instance_init
breaks a simple object_new/object_unref pair. Work around this,
pending qdev-ification of DBDMA, by moving the call to realize.

Reported-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1443689999-12182-4-git-send-email-armbru@redhat.com>
(cherry picked from commit c7104402353bf32ac1d3a276e3619a20e910506b)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

hw: do not pass NULL to memory_region_init from instance_init

This causes the region to outlive the object, because it attaches the
region to /machine. This is not nice for the "realize" method, but
much worse for "instance_init" because it can cause dangling pointers
after a simple object_new/object_unref pair.

Reported-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1443689999-12182-3-git-send-email-armbru@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit 81e0ab48dda611e9571dc2e166840205a4208567)

Conflicts:
hw/display/cg3.c
hw/display/tcx.c

* removed context dependencies on &error_fatal/&error_abort

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

memory: allow destroying a non-empty MemoryRegion

This is legal; the MemoryRegion will simply unreference all the
existing subregions and possibly bring them down with it as well.
However, it requires a bit of care to avoid an infinite loop.
Finalizing a memory region cannot trigger an address space update,
but memory_region_del_subregion errs on the side of caution and
might trigger a spurious update: avoid that by resetting mr->enabled
first.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1443689999-12182-2-git-send-email-armbru@redhat.com>
(cherry picked from commit 2e2b8eb70fdb7dfbec39f3a19b20f9a73f2f813e)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

update-linux-headers: Rename SW_MAX to SW_MAX_

The next commit will compile hw/input/virtio-input.c and
hw/input/virtio-input-hid.c even when CONFIG_LINUX is off.  These
files include both "include/standard-headers/linux/input.h" and
<windows.h> then.  Doesn't work, because both define SW_MAX.  We don't
actually use it.  Patch input.h to define SW_MAX_ instead.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1444320700-26260-2-git-send-email-armbru@redhat.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit ac98fa849e834f48e5a64cf4b22218ba4047e142)

Conflicts:
scripts/update-linux-headers.sh

* remove dependency on eddb4de3

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

trace: remove malloc tracing

The malloc vtable is not supported anymore in glib, because it broke
when constructors called g_malloc. Remove tracing of g_malloc,
g_realloc and g_free calls.

Note that, for systemtap users, glib also provides tracepoints
glib.mem_alloc, glib.mem_free, glib.mem_realloc, glib.slice_alloc
and glib.slice_free.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Message-id: 1442417924-25831-1-git-send-email-pbonzini@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 98cf48f60aa4999f5b2808569a193a401a390e6a)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

Qt: initialize the docking controller view status

When DockingConView object is created,
the mouse button state is naturally relased.
So, conViewStat should be initialized
as CONVIEW_RELEASED in the constructor of DockingConView.

Change-Id: I849582317075c10d2126c478ac7f6eec51f0dd3a
Signed-off-by: Jihye Won <jihye.won1@samsung.com>

hax: expand error popup cases

We had only one popup "No accelerator found." when haxm had failed to
load. It was not enough to describe why users could not launch emulator
clearly. So I expand the error popup strings for some cases. This patch
could help users to understand their status.

Change-Id: Ie4818308255be4cb4c82e0b5f790cfe365f9e0d2
Signed-off-by: Sooyoung Ha <yoosah.ha@samsung.com>

skin: remove memory leak

1. remove resource leak in SkinPainter object
2. delete unnecessary null checking

Change-Id: I141116cfd68dcd242bd2581c6deff01c82bf266c
Signed-off-by: GiWoong Kim <giwoong.kim@samsung.com>

package: version up (2.4.0)

2.4.0

Change-Id: I9963206f9bf71c6105d67929694d5c3ce071037f
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>

osutil: get_java_path() move to osutil-win32.c

qemu_oom_check() uses new QT5 dialog for reporting errors. Finally,
get_java_path() is called by tizen specific logics only. Then it
can move to tizen specific utility now.

Change-Id: I9f2d0dd26715059734bc8242320de01c539a331c
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>

error: use new qt5 dialog instead of legacy java dialog

Change-Id: I3682bd91063ffe2393207ed9c6a7d2d4d003a46c
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>

hax-all: just use compiler's builtin ffsl()

Toolchains of some platforms don't have ffsl() function. To solve
it, just use compiler's builtin ffsl().

Change-Id: I176aabe730b0bf8afbd5a5d9323e73b203855cdb
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>

build: clean DIBS build scripts up

Specific operations for MacOS move to macos-64 script.
Routines checking whether TARGET_OS is valid or not is added.

Change-Id: I7aadff447dcd7e7cbe6f55de9f4f6f319c21c2f3
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>

Merge tag 'v2.4.0.1' into tizen_3.0_develop

v2.4.0.1

CVE-only release (see commit log for CVE numbers)

virtio-net: correctly drop truncated packets

When packet is truncated during receiving, we drop the packets but
neither discard the descriptor nor add and signal used
descriptor. This will lead several issues:

- sg mappings are leaked
- rx will be stalled if a lots of packets were truncated

In order to be consistent with vhost, fix by discarding the descriptor
in this case.

Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 0cf33fb6b49a19de32859e2cdc6021334f448fb3)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

virtio: introduce virtqueue_discard()

This patch introduces virtqueue_discard() to discard a descriptor and
unmap the sgs. This will be used by the patch that will discard
descriptor when packet is truncated.

Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 29b9f5efd78ae0f9cc02dd169b6e80d2c404bade)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

virtio: introduce virtqueue_unmap_sg()

Factor out sg unmapping logic. This will be reused by the patch that
can discard descriptor.

Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Andrew James <andrew.james@hpe.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit ce317461573bac12b10d67699b4ddf1f97cf066c)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

virtio-input: ignore events until the guest driver is ready

Cc: qemu-stable@nongnu.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit d9460a7557672af9c4d9d4f153200d1075ed5a78)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

Migration: Generate the completed event only when we complete

The current migration-completed event is generated a bit too early,
which means that an eager libvirt that's ready to go as soon
as it sees the event ends up racing with the actual end of migration.

This corresponds to RH bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1271145

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
xSigned-off-by: Juan Quintela <quintela@redhat.com>
(cherry picked from commit ed1f3e0090069dcb9458aa9e450df12bf8eba0b0)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

util/qemu-config: fix missing machine command line options

Commit 0a7cf217 ("util/qemu-config: fix regression of
qmp_query_command_line_options") aimed to restore parsing of global
machine options, but missed two: "aes-key-wrap" and
"dea-key-wrap" (which were present in the initial version of that
patch). Let's add them to the machine_opts again.

Fixes: 0a7cf217 ("util/qemu-config: fix regression of
qmp_query_command_line_options")
CC: Marcel Apfelbaum <marcel@redhat.com>
CC: qemu-stable@nongnu.org
Signed-off-by: Tony Krowiak <akrowiak@linux.vnet.ibm.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
Tested-by: Christian Borntraeger <borntraeger@de.ibm.com>
Message-Id: <1444664181-28023-1-git-send-email-akrowiak@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
(cherry picked from commit 5bcfa0c543b42a560673cafd3b5225900ef617e1)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

s390x/kvm: Fix vector validity bit in device machine checks

Device hotplugs trigger a crw machine check. All machine checks
have validity bits for certain register types. With vector support
we also have to claim that vector registers are valid.
This is a band-aid suitable for stable. Long term we should
create the full mcic value dynamically depending on the active
features in the kernel interrupt handler.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
(cherry picked from commit 2ab75df38e34fe9bc271b5115ab52114e6e63a89)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

misc: zynq_slcr: Fix MMIO writes

The /4 for offset calculation in MMIO writes was happening twice giving
wrong write offsets. Fix.

While touching the code, change the if-else to be a short returning if
and convert the debug message to a GUEST_ERROR, which is more accurate
for this condition.

Cc: qemu-stable@nongnu.org
Cc: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit c209b0537203c58a051e5d837320335cea23e494)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

Revert "qdev: Use qdev_get_device_class() for -device <type>,help"

This reverts commit 31bed5509dfcbdfc293154ce81086a4dbd7a80b6.

The reverted commit changed qdev_device_help() to reject abstract
devices and devices that have cannot_instantiate_with_device_add_yet
set, to fix crash bugs like -device x86_64-cpu,help.

Rejecting abstract devices makes sense: they're purely internal, and
the implementation of the help feature can't cope with them.

Rejecting non-pluggable devices makes less sense: even though you
can't use them with -device, the help may still be useful elsewhere,
for instance with -global.  This is a regression: -device FOO,help
used to help even for FOO that aren't pluggable.

The previous two commits fixed the crash bug at a lower layer, so
reverting this one is now safe.  Fixes the -device FOO,help
regression, except for the broken devices marked
cannot_even_create_with_object_new_yet.  For those, the error message
is improved.

Example of a device where the regression is fixed:

    $ qemu-system-x86_64 -device PIIX4_PM,help
    PIIX4_PM.command_serr_enable=bool (on/off)
    PIIX4_PM.multifunction=bool (on/off)
    PIIX4_PM.rombar=uint32
    PIIX4_PM.romfile=str
    PIIX4_PM.addr=int32 (Slot and optional function number, example: 06.0 or 06)
    PIIX4_PM.memory-hotplug-support=bool
    PIIX4_PM.acpi-pci-hotplug-with-bridge-support=bool
    PIIX4_PM.s4_val=uint8
    PIIX4_PM.disable_s4=uint8
    PIIX4_PM.disable_s3=uint8
    PIIX4_PM.smb_io_base=uint32

Example of a device where it isn't fixed:

    $ qemu-system-x86_64 -device host-x86_64-cpu,help
    Can't list properties of device 'host-x86_64-cpu'

Both failed with "Parameter 'driver' expects pluggable device type"
before.

Cc: qemu-stable@nongnu.org
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <1443689999-12182-11-git-send-email-armbru@redhat.com>
(cherry picked from commit 33fe96833015cf15f4c0aa5bf8d34f60526e0732)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

qdev: Protect device-list-properties against broken devices

Several devices don't survive object_unref(object_new(T)): they crash
or hang during cleanup, or they leave dangling pointers behind.

This breaks at least device-list-properties, because
qmp_device_list_properties() needs to create a device to find its
properties.  Broken in commit f4eb32b "qmp: show QOM properties in
device-list-properties", v2.1.  Example reproducer:

    $ qemu-system-aarch64 -nodefaults -display none -machine none -S -qmp stdio
    {"QMP": {"version": {"qemu": {"micro": 50, "minor": 4, "major": 2}, "package": ""}, "capabilities": []}}
    { "execute": "qmp_capabilities" }
    {"return": {}}
    { "execute": "device-list-properties", "arguments": { "typename": "pxa2xx-pcmcia" } }
    qemu-system-aarch64: /home/armbru/work/qemu/memory.c:1307: memory_region_finalize: Assertion `((&mr->subregions)->tqh_first == ((void *)0))' failed.
    Aborted (core dumped)
    [Exit 134 (SIGABRT)]

Unfortunately, I can't fix the problems in these devices right now.
Instead, add DeviceClass member cannot_destroy_with_object_finalize_yet
to mark them:

* Hang during cleanup (didn't debug, so I can't say why):
  "realview_pci", "versatile_pci".

* Dangling pointer in cpus: most CPUs, plus "allwinner-a10", "digic",
  "fsl,imx25", "fsl,imx31", "xlnx,zynqmp", because they create such
  CPUs

* Assert kvm_enabled(): "host-x86_64-cpu", host-i386-cpu",
  "host-powerpc64-cpu", "host-embedded-powerpc-cpu",
  "host-powerpc-cpu" (the powerpc ones can't currently reach the
  assertion, because the CPUs are only registered when KVM is enabled,
  but the assertion is arguably in the wrong place all the same)

Make qmp_device_list_properties() fail cleanly when the device is so
marked.  This improves device-list-properties from "crashes, hangs or
leaves dangling pointers behind" to "fails".  Not a complete fix, just
a better-than-nothing work-around.  In the above reproducer,
device-list-properties now fails with "Can't list properties of device
'pxa2xx-pcmcia'".

This also protects -device FOO,help, which uses the same machinery
since commit ef52358 "qdev-monitor: include QOM properties in -device
FOO, help output", v2.2.  Example reproducer:

    $ qemu-system-aarch64 -machine none -device pxa2xx-pcmcia,help

Before:

    qemu-system-aarch64: .../memory.c:1307: memory_region_finalize: Assertion `((&mr->subregions)->tqh_first == ((void *)0))' failed.

After:

    Can't list properties of device 'pxa2xx-pcmcia'

Cc: "Andreas Färber" <afaerber@suse.de>
Cc: "Edgar E. Iglesias" <edgar.iglesias@gmail.com>
Cc: Alexander Graf <agraf@suse.de>
Cc: Anthony Green <green@moxielogic.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Cc: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Cc: Blue Swirl <blauwirbel@gmail.com>
Cc: Eduardo Habkost <ehabkost@redhat.com>
Cc: Guan Xuetao <gxt@mprc.pku.edu.cn>
Cc: Jia Liu <proljc@gmail.com>
Cc: Leon Alrae <leon.alrae@imgtec.com>
Cc: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Cc: Max Filippov <jcmvbkbc@gmail.com>
Cc: Michael Walle <michael@walle.cc>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: Richard Henderson <rth@twiddle.net>
Cc: qemu-ppc@nongnu.org
Cc: qemu-stable@nongnu.org
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <1443689999-12182-10-git-send-email-armbru@redhat.com>
(cherry picked from commit 4c315c27661502a0813b129e41c0bf640c34a8d6)

Conflicts:
hw/arm/fsl-imx25.c
hw/arm/fsl-imx31.c
target-tilegx/cpu.c
tests/device-introspect-test.c

* removed hunks pertaining to devices/tests not in 2.4

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

qmp: Fix device-list-properties not to crash for abstract device

Broken in commit f4eb32b "qmp: show QOM properties in
device-list-properties", v2.1.

Cc: qemu-stable@nongnu.org
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Message-Id: <1443689999-12182-9-git-send-email-armbru@redhat.com>
(cherry picked from commit edb1523d90415cb79f60f83b4028ef3820d15612)

Conflicts:
tests/device-introspect-test.c

* removed hunk specific to QAPI introspection (not in 2.4)

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

vmxnet3: Drop net_vmxnet3_info.can_receive

Commit 6e99c63 ("net/socket: Drop net_socket_can_send") changed the
semantics around .can_receive for sockets to now require the device to
flush queued pkts when transitioning to a .can_receive=true state. But
it's OK to drop incoming packets when the link is not active.

Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 2734a20b8161831ba68c9166014e00522599d1e2)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

virtio-net: unbreak self announcement and guest offloads after migration

After commit 019a3edbb25f1571e876f8af1ce4c55412939e5d ("virtio: make
features 64bit wide"). Device's guest_features was actually set after
vdc->load(). This breaks the assumption that device specific load()
function can check guest_features. For virtio-net, self announcement
and guest offloads won't work after migration.

Fixing this by defer them to virtio_net_load() where guest_features
were guaranteed to be set. Other virtio devices looks fine.

Fixes: 019a3edbb25f1571e876f8af1ce4c55412939e5d
("virtio: make features 64bit wide")
Cc: qemu-stable@nongnu.org
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
(cherry picked from commit 1f8828ef573c83365b4a87a776daf8bcef1caa21)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

virtio: avoid leading underscores for helpers

Commit ef546f1275f6563e8934dd5e338d29d9f9909ca6 ("virtio: add
feature checking helpers") introduced a helper __virtio_has_feature.
We don't want to use reserved identifiers, though, so let's
rename __virtio_has_feature to virtio_has_feature and virtio_has_feature
to virtio_vdev_has_feature.

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 95129d6fc9ead97155627a4ca0cfd37282883658)
* prereq for 1f8828e
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

target-ppc: fix xscmpodp and xscmpudp decoding

The xscmpodp and xscmpudp instructions only have the AX, BX bits in
there encoding, the lowest bit (usually TX) is marked as an invalid
bit. We therefore can't decode them with GEN_XX2FORM, which decodes
the two lowest bit.

Introduce a new form GEN_XX2FORM, which decodes AX and BX and mark
the lowest bit as invalid.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Tested-by: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
(cherry picked from commit 8f60f8e2e574f341709128ff7637e685fd640254)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

target-ppc: fix vcipher, vcipherlast, vncipherlast and vpermxor

For vector instructions, the helpers get pointers to the vector register
in arguments. Some operands might point to the same register, including
the operand holding the result.

When emulating instructions which access the vector elements in a
non-linear way, we need to store the result in an temporary variable.

This fixes openssl when emulating a POWER8 CPU.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
(cherry picked from commit 65cf1f65be0fc4883edbd66feeab3ddaceb11c00)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

Qt: code refactoring to improve readability

I decreased indentation on the existing source code.
This code refactoring will help developers understand and
improve readability.

Change-Id: I5edd527a69dd8fd181a28d80025b1d53273ebeb7
Signed-off-by: Jihye Won <jihye.won1@samsung.com>

tcg/mips: Fix clobbering of qemu_ld inputs

The MIPS TCG backend implements qemu_ld with 64-bit targets using the v0
register (base) as a temporary to load the upper half of the QEMU TLB
comparator (see line 5 below), however this happens before the input
address is used (line 8 to mask off the low bits for the TLB
comparison, and line 12 to add the host-guest offset). If the input
address (addrl) also happens to have been placed in v0 (as in the second
column below), it gets clobbered before it is used.

     addrl in t2              addrl in v0

1 srl     a0,t2,0x7        srl     a0,v0,0x7
2 andi    a0,a0,0x1fe0     andi    a0,a0,0x1fe0
3 addu    a0,a0,s0         addu    a0,a0,s0
4 lw      at,9136(a0)      lw      at,9136(a0)      set TCG_TMP0 (at)
5 lw      v0,9140(a0)      lw      v0,9140(a0)      set base (v0)
6 li      t9,-4093         li      t9,-4093
7 lw      a0,9160(a0)      lw      a0,9160(a0)      set addend (a0)
8 and     t9,t9,t2         and     t9,t9,v0         use addrl
9 bne     at,t9,0x836d8c8  bne     at,t9,0x836d838  use TCG_TMP0
10  nop                      nop
11 bne     v0,t8,0x836d8c8  bne     v0,a1,0x836d838  use base
12  addu   v0,a0,t2          addu   v0,a0,v0         use addrl, addend
13 lw      t0,0(v0)         lw      t0,0(v0)

Fix by using TCG_TMP0 (at) as the temporary instead of v0 (base),
pushing the load on line 5 forward into the delay slot of the low
comparison (line 10). The early load of the addend on line 7 also needs
pushing even further for 64-bit targets, or it will clobber a0 before
we're done with it. The output for 32-bit targets is unaffected.

srl     a0,v0,0x7
andi    a0,a0,0x1fe0
addu    a0,a0,s0
lw      at,9136(a0)
-lw      v0,9140(a0)      load high comparator
li      t9,-4093
-lw      a0,9160(a0)      load addend
and     t9,t9,v0
bne     at,t9,0x836d838
- nop
+ lw     at,9140(a0)      load high comparator
+lw      a0,9160(a0)      load addend
-bne     v0,a1,0x836d838
+bne     at,a1,0x836d838
  addu   v0,a0,v0
lw      t0,0(v0)

Cc: qemu-stable@nongnu.org
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 5eb4f645eba8a79ea643b228c74a79183d436c97)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

qom: Fix invalid error check in property_get_str()

When a function returns a null pointer on error and only on error, you
can do

    if (!foo(foos, errp)) {
        ... handle error ...
    }

instead of the more cumbersome

    Error *err = NULL;

    if (!foo(foos, &err)) {
        error_propagate(errp, err);
        ... handle error ...
    }

A StringProperty's getter, however, may return null on success!  We
then fail to call visit_type_str().

Screwed up in 6a146eb, v1.1.

Fails tests/qom-test in my current, heavily hacked QAPI branch.  No
reproducer for master known (but I didn't look hard).

Cc: Anthony Liguori <anthony@codemonkey.ws>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Andreas Färber <afaerber@suse.de>
(cherry picked from commit e1c8237df5395f6a453f18109bd9dd33fb2a397c)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

qom: Do not reuse errp after a possible error

The argument for an Error **errp parameter must point to a null
pointer.  If it doesn't, and an error happens, error_set() fails its
assertion.

Instead of

    foo(foos, errp);
    bar(bars, errp);

you need to do something like

    Error *err = NULL;

    foo(foos, &err);
    if (err) {
        error_propagate(errp, err);
        goto out;
    }

    bar(bars, errp);
out:

Screwed up in commit 0e55884 (v1.3.0): property_get_bool().

Screwed up in commit 1f21772 (v2.1.0): object_property_get_enum() and
object_property_get_uint16List().

Screwed up in commit a8e3fbe (v2.4.0): property_get_enum(),
property_set_enum().

Found by inspection, no actual crashes observed.

Fix them up.

Cc: Anthony Liguori <anthony@codemonkey.ws>
Cc: Hu Tao <hutao@cn.fujitsu.com>
Cc: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Andreas Färber <afaerber@suse.de>
(cherry picked from commit 4715d42efe8632b0f9d2594a80e917de45e4ef88)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

ide: unify io_buffer_offset increments

IDEState's io_buffer_offset was originally added to keep track of offsets
in AHCI rather exclusively, but it was added to IDEState instead of an
AHCI-specific structure.

AHCI fakes all PIO transfers using DMA and a scatter-gather list. When
the core or atapi layers invoke HBA-specific mechanisms for transfers,
they do not always know that it is being backed by DMA or a sglist, so
this offset is not always updated by the HBA code everywhere.

If we modify it in dma_buf_commit, however, any HBA that needs to use
this offset to manage operating on only part of a sglist will have
access to it.

This will fix ATAPI PIO transfers performed through the AHCI HBA,
which were previously not modifying this value appropriately.

This will fix ATAPI PIO transfers larger than one sector.

Reported-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Message-id: 1440546331-29087-2-git-send-email-jsnow@redhat.com
CC: qemu-stable@nongnu.org
(cherry picked from commit aaeda4a3c9e4d1d25c65ce8ca98e2de06daf1eec)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

slirp: Fix non blocking connect for w32

Signed-off-by: Stefan Weil <sw@weilnetz.de>
(cherry picked from commit a246a01631f90230374c2b8ffce608232e2aa654)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

nbd: release exp->blk after all clients are closed

If the socket fd is shutdown, there may be some data which is received before
shutdown. We will read the data and do read/write in nbd_trip(). But the exp's
blk is NULL, and it will cause qemu crashed.

Reported-by: Li Zhijian <lizhijian@cn.fujitsu.com>
Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
Message-Id: <55F929E2.1020501@cn.fujitsu.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit d6268348493f32ecc096caa637620757472a1196)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

spapr_pci: fix device tree props for MSI/MSI-X

PAPR requires ibm,req#msi and ibm,req#msi-x to be present in the
device node to define the number of msi/msi-x interrupts the device
supports, respectively.

Currently we have ibm,req#msi-x hardcoded to a non-sensical constant
that happens to be 2, and are missing ibm,req#msi entirely. The result
of that is that msi-x capable devices get limited to 2 msi-x
interrupts (which can impact performance), and msi-only devices likely
wouldn't work at all. Additionally, if devices expect a minimum that
exceeds 2, the guest driver may fail to load entirely.

SLOF still owns the generation of these properties at boot-time
(although other device properties have since been offloaded to QEMU),
but for hotplugged devices we rely on the values generated by QEMU
and thus hit the limitations above.

Fix this by generating these properties in QEMU as expected by guests.

In the future it may make sense to modify SLOF to pass through these
values directly as we do with other props since we're duplicating SLOF
code.

Cc: qemu-ppc@nongnu.org
Cc: qemu-stable@nongnu.org
Cc: David Gibson <david@gibson.dropbear.id.au>
Cc: Nikunj A Dadhania <nikunj@linux.vnet.ibm.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
(cherry picked from commit a8ad731a001d41582c9cec4015f73ab3bc11a28d)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

gtk: use setlocale() for LC_MESSAGES only

The QEMU code is not internationalized and assumes that it runs under
the C locale, but if we use the GTK+ UI we'll end up importing the
locale settings from the environment. This can break things, such as
the JSON generator and iotest 120 in locales that use a decimal comma.

We do however have translations for a few simple strings for the GTK+
menu items, so in order to run QEMU using the C locale, and yet have a
translated UI let's use setlocale() for LC_MESSAGES only.

Cc: qemu-stable@nongnu.org
Signed-off-by: Alberto Garcia <berto@igalia.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 2cb5d2a47c655331bcf0ab16bab8fe4701182c58)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

ide: fix ATAPI command permissions

We're a little too lenient with what we'll let an ATAPI drive handle.
Clamp down on the IDE command execution table to remove CD_OK permissions
from commands that are not and have never been ATAPI commands.

For ATAPI command validity, please see:
- ATA4 Section 6.5 ("PACKET Command feature set")
- ATA8/ACS Section 4.3 ("The PACKET feature set")
- ACS3 Section 4.3 ("The PACKET feature set")

ACS3 has a historical command validity table in Table B.4
("Historical Command Assignments") that can be referenced to find when
a command was introduced, deprecated, obsoleted, etc.

The only reference for ATAPI command validity is by checking that
version's PACKET feature set section.

ATAPI was introduced by T13 into ATA4, all commands retired prior to ATA4
therefore are assumed to have never been ATAPI commands.

Mandatory commands, as listed in ATA8-ACS3, are:

- DEVICE RESET
- EXECUTE DEVICE DIAGNOSTIC
- IDENTIFY DEVICE
- IDENTIFY PACKET DEVICE
- NOP
- PACKET
- READ SECTOR(S)
- SET FEATURES

Optional commands as listed in ATA8-ACS3, are:

- FLUSH CACHE
- READ LOG DMA EXT
- READ LOG EXT
- WRITE LOG DMA EXT
- WRITE LOG EXT

All other commands are illegal to send to an ATAPI device and should
be rejected by the device.

CD_OK removal justifications:

0x06 WIN_DSM              Defined in ACS2. Not valid for ATAPI.
0x21 WIN_READ_ONCE        Retired in ATA5. Not ATAPI in ATA4.
0x94 WIN_STANDBYNOW2      Retired in ATA4. Did not coexist with ATAPI.
0x95 WIN_IDLEIMMEDIATE2   Retired in ATA4. Did not coexist with ATAPI.
0x96 WIN_STANDBY2         Retired in ATA4. Did not coexist with ATAPI.
0x97 WIN_SETIDLE2         Retired in ATA4. Did not coexist with ATAPI.
0x98 WIN_CHECKPOWERMODE2  Retired in ATA4. Did not coexist with ATAPI.
0x99 WIN_SLEEPNOW2        Retired in ATA4. Did not coexist with ATAPI.
0xE0 WIN_STANDBYNOW1      Not part of ATAPI in ATA4, ACS or ACS3.
0xE1 WIN_IDLEIMMDIATE     Not part of ATAPI in ATA4, ACS or ACS3.
0xE2 WIN_STANDBY          Not part of ATAPI in ATA4, ACS or ACS3.
0xE3 WIN_SETIDLE1         Not part of ATAPI in ATA4, ACS or ACS3.
0xE4 WIN_CHECKPOWERMODE1  Not part of ATAPI in ATA4, ACS or ACS3.
0xE5 WIN_SLEEPNOW1        Not part of ATAPI in ATA4, ACS or ACS3.
0xF8 WIN_READ_NATIVE_MAX  Obsoleted in ACS3. Not ATAPI in ATA4 or ACS.

This patch fixes a divide by zero fault that can be caused by sending
the WIN_READ_NATIVE_MAX command to an ATAPI drive, which causes it to
attempt to use zeroed CHS values to perform sector arithmetic.

Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1441816082-21031-1-git-send-email-jsnow@redhat.com
CC: qemu-stable@nongnu.org
(cherry picked from commit d9033e1d3aa666c5071580617a57bd853c5d794a)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

qcow2: Make size_to_clusters() return uint64_t

Sadly, some images may have more clusters than what can be represented
using a plain int. We should be prepared for that case (in
qcow2_check_refcounts() we actually were trying to catch that case, but
since size_to_clusters() truncated the returned value, that check never
did anything useful).

Cc: qemu-stable <qemu-stable@nongnu.org>
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit b6d36def6d9e9fd187327182d0abafc9b7085d8f)

Conflicts:
block/qcow2-cluster.c
block/qcow2.h

* removed context dependency on ff99129a
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

target-arm: Share all common TCG temporaries

This is a bug fix for aarch64.  At present, we have branches using
the 32-bit (translate.c) versions of cpu_[NZCV]F, but we set the flags
using the 64-bit (translate-a64.c) versions of cpu_[NZCV]F.  From
the view of the TCG code generator, these are unrelated variables.

The bug is hard to see because we currently only read these variables
from branches, and upon reaching a branch TCG will first spill live
variables and then reload the arguments of the branch.  Since the
32-bit versions were never live until reaching the branch, we'd re-read
the data that had just been spilled from the 64-bit versions.

There is currently no such problem with the cpu_exclusive_* variables,
but there's no point in tempting fate.

Cc: qemu-stable@nongnu.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Message-id: 1441909103-24666-2-git-send-email-rth@twiddle.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 78bcaa3e37afbd0c5316634f917c13487384b6ca)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

virtio dataplane: adapt dataplane for virtio Version 1

Let dataplane allocate different region for the desc/avail/used
ring regions.
Take VIRTIO_RING_F_EVENT_IDX into account to increase the used/avail
rings accordingly.

[Fix 32-bit builds by changing 16lx format specifier to HWADDR_PRIx.
--Stefan]

Signed-off-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
Tested-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Message-id: 1441625636-23773-1-git-send-email-pmorel@linux.vnet.ibm.com
(changed __virtio16 into uint16_t,
map descriptor table and available ring read-only)
Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit a9718ef0005d6910097788936dc40c0204713729)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

cpus.c: qemu_mutex_lock_iothread fix race condition at cpu thread init

When QEMU starts the RCU thread executes qemu_mutex_lock_thread
causing error "qemu:qemu_cpu_kick_thread: No such process" and exits.

This isn't occur frequently but in glibc the thread id can exist and
this not guarantee that the thread is on active/running state. If is
inserted a sleep(1) after newthread assignment [1] the issue appears.

So not make assumption that thread exist if first_cpu->thread is set
then change the validation of cpu to created that is set into cpu
threads (kvm, tcg, dummy).

[1] https://sourceware.org/git/?p=glibc.git;a=blob;f=nptl/pthread_create.c;h=d10f4ea8004e1d8f3a268b95cc0f8d93b8d89867;hb=HEAD#l621

Cc: qemu-stable@nongnu.org
Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
Message-Id: <1441313313-3040-1-git-send-email-anibal.limon@linux.intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 46036b2462c7ff56c0af6466ea6b9248197a38a8)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

rtl8139: Do not consume the packet during overflow in standard mode.

When operation in standard mode, we currently return the size
of packet during buffer overflow. This consumes the overflow
packet. Return 0 instead so we can re-process the overflow packet
when we have room.

This fixes issues with lost/dropped fragments of large messages.

Signed-off-by: Vladislav Yasevich <vyasevic@redhat.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Message-id: 1441121206-6997-3-git-send-email-vyasevic@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 26c4e7ca72d970d120f0f51244bc8d37458512a0)
*removed dependency on b76f21a7
*removed context dependency on 4cbea598
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

rtl8139: Fix receive buffer overflow check

rtl8139_do_receive() tries to check for the overflow condition
by making sure that packet_size + 8 does not exceed the
available buffer space.  The issue here is that RxBuffAddr,
used to calculate available buffer space, is aligned to a
a 4 byte boundry after every update.  So it is possible that
every packet ends up being slightly padded when written
to the receive buffer.  This padding is not taken into
account when checking for overflow and we may end up missing
the overflow condition can causing buffer overwrite.

This patch takes alignment into consideration when
checking for overflow condition.

Signed-off-by: Vladislav Yasevich <vyasevic@redhat.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Message-id: 1441121206-6997-2-git-send-email-vyasevic@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit fabdcd3392f16fc666b1d04fc1bbe5f1dbbf10a4)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

install: remove enlarging shared memory size

Because it needs communication protocol to deliver the frame buffer data
to swt skin, the frame buffer between swt skin and qemu was shared by shared memory.
The size of the buffer needs big size.(the size is calculated by width * height * color depth)
It caused performance issue.
Also the buffer was useless since the protocol was integrated by QT.

Change-Id: Ib593cdef178a9a154d6c5ad70ae20d3735829ffe
Signed-off-by: Munkyu Im <munkyu.im@samsung.com>

VIGS: Enabling NVidia GPU on Optimus systems

Add global variable NvOptimusEnablement for the NVidia GPU.
It can run with Release 302 driver or later.
Add global vatiable AmdPowerXpressRequestHighPerformance for the AMD GPU.
It can run with 13.35 driver or later.

Change-Id: Ia917d46dd466fbfa2260c8013dab6baa7ffbb803
Signed-off-by: Jinhyung Jo <jinhyung.jo@samsung.com>
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>

configure: remove --export-all-symbols on Windows

An option "--export-all-symbols" seems to hide other exported value.
We don't know yet whether it is Windows specification or bug on GNU
toolchains. This commit causes some symbol name is missed in backtrace
information. But I think it is better to re-write backtrace code that
uses debugging symbols instead of exported symbols.

We use "-rdynamic" instead of "-Wl,--export-dynamic" since some
linker use "--export_dynamic" not "--export-dynamic".

"-static-libgcc" and "-static-libstdc++" are linker options, so they
are designated as a ldflags.

Change-Id: I1f301bc44c0ee245d7d2a4d7af7a238d0df648df
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>

net: modify script file for setting bridge network

- fix if statement
- modify log

Change-Id: Ie9841bf824680fa0106c596f102a2d3a9170381d
Signed-off-by: Munkyu Im <munkyu.im@samsung.com>

coroutine: decrease POOL_BATCH_SIZE for Win32

In 32bit Windows, POOL_BATCH_SIZE == 64 can cause ERROR_NOT_ENOUGH_MEMORY
in CreateFiber() in very busy fiber creation. So we decrease the value to
32 for Win32.

Change-Id: I09d85087f51d696909f732d1589e0efba4c6d699
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>

coroutine: co->fiber has not to be null

CreateFiber() will be return NULL when it fails. If co->fiber is null,
SwitchToFiber() aborts with C0000005 and it corrupts stack that make
hard to find causes. So it is better to abort when CreateFiber()
returns NULL.

Change-Id: Ifdc36404ce523cee842fd486bdbe071e58b7d7b3
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>

configure: support recent Windows APIs

We do not support Windows XP or older version.

Change-Id: I51e5ae09a6a486d36b347b95a5007067a72ab013
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>

configure: _WIN32_WINNT should be set when WINVER is set

_WIN32_WINNT can be set different value from WINVER. But _WIN32_WINNT
and WINVER are used independantly in header files for determining which
API can be used for specified Windows version. So, it is better that
_WIN32_WINNT and WINVER has same value.

And if _WIN32_WINNT >= 0x0600 (Vista or newer) some APIs need ole32.

Change-Id: I6a1900e80327caad4dc0e7709dec3a1c981b7b0d
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>

menu: add a Move menu into the context menu.

The Move function for moving easily the emulator was introduced.
So, I added the menu and shortcut for the function.

Change-Id: I2d0d1309399a045fab2512ececf433352cfec4a4
Signed-off-by: Jihye Won <jihye.won1@samsung.com>

Qt: add a "Move" function to move an emulator

The Move function can improve user convenience
when the skin bezel is too small to grab the emulator

Change-Id: I4729326650ca42364252625c6ec4b0dbf370414c
Signed-off-by: Jihye Won <jihye.won1@samsung.com>

gitignore: added qt5_msgbox.res

After building tizen on Windows,
tizen/standalone-src/qt5_msgbox.res is created.
I added the file in gitignore for the file
to be untracked.

Change-Id: I33b1c2dd96cd3eb4959a54fa046c5c8f158ec87e
Signed-off-by: Jihye Won <jihye.won1@samsung.com>

Qt: fixed the bug about Qt log in debugging mode.

There was an encoding error about the file name of Qt log
when the emulator is executed in debugging mode.
So, I fixed the error by using member functions of QByteArray.

Change-Id: I35effa7ba50e172a68783d83259d714b14ca72a0
Signed-off-by: Jihye Won <jihye.won1@samsung.com>

multi-touch: added device initializing checking

Multi-touch events should be ignored when
the touchscreen device is not ready yet.

Change-Id: I7486e1bc91bf9a4519a9e27a6c331aca65b03b39
Signed-off-by: GiWoong Kim <giwoong.kim@samsung.com>

multi-touch: improved re-touch decision for touch point

To get more precise distincion for re-touch points,
shape of decision region need to change to circular from rectangle.
It makes reduce a gap between mouse event area(decision region)
and point appearance.

Change-Id: I6e47a0d3a8c1bd45ba0df124cf744573fffe41dd
Signed-off-by: GiWoong Kim <giwoong.kim@samsung.com>

ui: delete a space before the colon on logging

Change-Id: I14aa91a3b86f9c8a0549b54e005dbb4b781e825b
Signed-off-by: GiWoong Kim <giwoong.kim@samsung.com>