sdk/emulator/qemu.git
11 years agoMerge remote-tracking branch 'afaerber-or/prep-up' into staging
Anthony Liguori [Wed, 30 Jan 2013 16:48:23 +0000 (10:48 -0600)]
Merge remote-tracking branch 'afaerber-or/prep-up' into staging

# By Andreas Färber
# Via Andreas Färber
* afaerber-or/prep-up:
  prep: Move PReP machine to hw/ppc/
  prep_pci: Convert to QOM realizefn
  prep_pci: Create PCIBus and PCIDevice in-place

11 years agoMerge remote-tracking branch 'agraf/s390-for-upstream' into staging
Anthony Liguori [Wed, 30 Jan 2013 16:46:30 +0000 (10:46 -0600)]
Merge remote-tracking branch 'agraf/s390-for-upstream' into staging

# By Cornelia Huck (13) and others
# Via Alexander Graf
* agraf/s390-for-upstream:
  s390: Drop set_bit usage in virtio_ccw.
  s390: css error codes.
  s390: Use s390_cpu_physical_memory_map for tpi.
  sclpconsole: Don't instantiate sclpconsole with -nodefaults
  s390: Add s390-ccw-virtio machine.
  s390-virtio: Check for NULL device in reset hypercall
  s390: Move hw files to hw/s390x
  virtio-s390: add a reset function to virtio-s390 devices
  s390: Make typeinfo const
  s390: Add new channel I/O based virtio transport.
  s390-virtio: Factor out some initialization code.
  s390: Wire up channel I/O in kvm.
  s390: Virtual channel subsystem support.
  s390: Add channel I/O instructions.
  s390: I/O interrupt and machine check injection.
  s390: Channel I/O basic definitions.
  s390: Add mapping helper functions.
  s390: Lowcore mapping helper.
  s390: Add default support for SCLP console

11 years agoprep: Move PReP machine to hw/ppc/
Andreas Färber [Sat, 26 Jan 2013 19:41:58 +0000 (20:41 +0100)]
prep: Move PReP machine to hw/ppc/

Signed-off-by: Andreas Färber <andreas.faerber@web.de>
11 years agoMerge remote-tracking branch 'qemu-kvm/uq/master' into staging
Anthony Liguori [Tue, 29 Jan 2013 22:57:41 +0000 (16:57 -0600)]
Merge remote-tracking branch 'qemu-kvm/uq/master' into staging

* qemu-kvm/uq/master:
  target-i386: kvm: prevent buffer overflow if -cpu foo, [x]level is too big
  vmxcap: bit 9 of VMX_PROCBASED_CTLS2 is 'virtual interrupt delivery'

Conflicts:
target-i386/kvm.c

Trivial merge resolution due to lack of context.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoMerge remote-tracking branch 'mdroth/qga-pull-1-28-13' into staging
Anthony Liguori [Tue, 29 Jan 2013 22:57:04 +0000 (16:57 -0600)]
Merge remote-tracking branch 'mdroth/qga-pull-1-28-13' into staging

# By Markus Armbruster
# Via Michael Roth
* mdroth/qga-pull-1-28-13:
  qemu-ga: Plug leaks on qmp_guest_network_get_interfaces() error paths
  qemu-ga: Plug memory leak in guest_fsfreeze_cleanup()

11 years agos390: Drop set_bit usage in virtio_ccw.
Cornelia Huck [Tue, 29 Jan 2013 15:33:04 +0000 (16:33 +0100)]
s390: Drop set_bit usage in virtio_ccw.

set_bit on indicators doesn't go well on 32 bit targets:

note: expected 'long unsigned int *' but argument is of type 'uint64_t *'

Switch to bit shifts instead.

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
[agraf: use 1ULL instead]
Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agos390: css error codes.
Cornelia Huck [Mon, 28 Jan 2013 16:01:30 +0000 (17:01 +0100)]
s390: css error codes.

Changed error codes in the channel subsystem / virtio-ccw code
(-EOPNOTSUPP -> -ENOSYS, -ERESTART -> -EINPROGRESS).

This should hopefully fix building on mingw32.

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agos390: Use s390_cpu_physical_memory_map for tpi.
Cornelia Huck [Sun, 27 Jan 2013 23:59:26 +0000 (23:59 +0000)]
s390: Use s390_cpu_physical_memory_map for tpi.

Map the I/O interruption code before calling into css.

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agosclpconsole: Don't instantiate sclpconsole with -nodefaults
Christian Borntraeger [Fri, 25 Jan 2013 06:00:19 +0000 (06:00 +0000)]
sclpconsole: Don't instantiate sclpconsole with -nodefaults

libvirt specifies nodefaults and creates an sclp console with special
parameters. Let qemu follow nodefaults and don't create an sclp
console if nodefaults is specified.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agos390: Add s390-ccw-virtio machine.
Cornelia Huck [Thu, 24 Jan 2013 06:08:56 +0000 (06:08 +0000)]
s390: Add s390-ccw-virtio machine.

Add a new machine type, s390-ccw-virtio, making use of the
virtio-ccw transport to present virtio devices as channel
devices.

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agos390-virtio: Check for NULL device in reset hypercall
Andreas Färber [Tue, 22 Jan 2013 23:24:08 +0000 (23:24 +0000)]
s390-virtio: Check for NULL device in reset hypercall

s390_virtio_bus_find_mem() may return a NULL VirtIOS390Device.
If called with, e.g., args[0] == 0, this leads to a segfault.
Fix this by adding error handling as done for other hypercalls.

Present since baf0b55a9e57b909b1f8b0f732c0b10242867418 (Implement
virtio reset).

Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agos390: Move hw files to hw/s390x
Alexander Graf [Fri, 25 Jan 2013 00:16:39 +0000 (01:16 +0100)]
s390: Move hw files to hw/s390x

This moves all files only used by s390 system emulation to hw/s390x.

Signed-off-by: Alexander Graf <agraf@suse.de>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
11 years agovirtio-s390: add a reset function to virtio-s390 devices
Paolo Bonzini [Thu, 10 Jan 2013 04:40:25 +0000 (04:40 +0000)]
virtio-s390: add a reset function to virtio-s390 devices

virtio-s390 devices are not being reset when their bus is.  To fix
this, add a reset method that forwards to virtio_reset.  This is
only needed because of the "strange" modeling of virtio devices;
the ->vdev link is being handled manually rather than through qdev.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agos390: Make typeinfo const
Alexander Graf [Thu, 24 Jan 2013 18:11:26 +0000 (19:11 +0100)]
s390: Make typeinfo const

All TypeInfo definitions should be const.

Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agos390: Add new channel I/O based virtio transport.
Cornelia Huck [Thu, 24 Jan 2013 06:08:55 +0000 (06:08 +0000)]
s390: Add new channel I/O based virtio transport.

Add a new virtio transport that uses channel commands to perform
virtio operations.

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agos390-virtio: Factor out some initialization code.
Cornelia Huck [Thu, 24 Jan 2013 02:28:09 +0000 (02:28 +0000)]
s390-virtio: Factor out some initialization code.

Some of the machine initialization for s390-virtio will be reused
by virtio-ccw.

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agos390: Wire up channel I/O in kvm.
Cornelia Huck [Thu, 24 Jan 2013 02:28:07 +0000 (02:28 +0000)]
s390: Wire up channel I/O in kvm.

Trigger the code for our virtual css in case of instruction
intercepts for I/O instructions.

Handle the tsch exit for the subchannel-related part of tsch.

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agos390: Virtual channel subsystem support.
Cornelia Huck [Thu, 24 Jan 2013 02:28:06 +0000 (02:28 +0000)]
s390: Virtual channel subsystem support.

Provide a mechanism for qemu to provide fully virtual subchannels to
the guest.

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agos390: Add channel I/O instructions.
Cornelia Huck [Thu, 24 Jan 2013 02:28:05 +0000 (02:28 +0000)]
s390: Add channel I/O instructions.

Provide handlers for (most) channel I/O instructions.

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agos390: I/O interrupt and machine check injection.
Cornelia Huck [Thu, 24 Jan 2013 02:28:04 +0000 (02:28 +0000)]
s390: I/O interrupt and machine check injection.

I/O interrupts are queued per isc. Only crw pending machine checks
are supported.

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agos390: Channel I/O basic definitions.
Cornelia Huck [Thu, 24 Jan 2013 02:28:03 +0000 (02:28 +0000)]
s390: Channel I/O basic definitions.

Basic channel I/O structures and helper function.

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agos390: Add mapping helper functions.
Cornelia Huck [Thu, 24 Jan 2013 02:28:02 +0000 (02:28 +0000)]
s390: Add mapping helper functions.

Add s390_cpu_physical_memory_{map,unmap} with special handling
for the lowcore.

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agos390: Lowcore mapping helper.
Cornelia Huck [Thu, 24 Jan 2013 02:28:01 +0000 (02:28 +0000)]
s390: Lowcore mapping helper.

Create a lowcore mapping helper that includes a check for sufficient
length.

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
11 years agos390: Add default support for SCLP console
Alexander Graf [Thu, 24 Jan 2013 11:18:52 +0000 (12:18 +0100)]
s390: Add default support for SCLP console

The current s390 machine uses the virtio console as default console,
but this doesn't mean that we always want to keep it that way for new
machines.

This patch introduces a way for a machine type to specify that it wants
the default console to be an SCLP console, which is a lot closer to what
real hardware does.

Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Andreas Färber <afaerber@suse.de>
11 years agotarget-i386: kvm: prevent buffer overflow if -cpu foo, [x]level is too big
Igor Mammedov [Mon, 28 Jan 2013 11:49:26 +0000 (12:49 +0100)]
target-i386: kvm: prevent buffer overflow if -cpu foo, [x]level is too big

Stack corruption may occur if too big 'level' or 'xlevel' values passed
on command line with KVM enabled, due to limited size of cpuid_data
in kvm_arch_init_vcpu().

reproduces with:
 qemu -enable-kvm -cpu qemu64,level=4294967295
or
 qemu -enable-kvm -cpu qemu64,xlevel=4294967295

Check if there is space in cpuid_data before passing it to cpu_x86_cpuid()
or abort() if there is not space.

Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Andreas Faerber <afaerber@suse.de>
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
11 years agoMerge remote-tracking branch 'afaerber/qom-cpu' into staging
Anthony Liguori [Mon, 28 Jan 2013 20:48:03 +0000 (14:48 -0600)]
Merge remote-tracking branch 'afaerber/qom-cpu' into staging

* afaerber/qom-cpu: (37 commits)
  kvm: Pass CPUState to kvm_on_sigbus_vcpu()
  cpu: Unconditionalize CPUState fields
  target-m68k: Use type_register() instead of type_register_static()
  target-unicore32: Use type_register() instead of type_register_static()
  target-openrisc: Use type_register() instead of type_register_static()
  target-unicore32: Catch attempt to instantiate abstract type in cpu_init()
  target-openrisc: Catch attempt to instantiate abstract type in cpu_init()
  target-m68k: Catch attempt to instantiate abstract type in cpu_init()
  target-arm: Catch attempt to instantiate abstract type in cpu_init()
  target-alpha: Catch attempt to instantiate abstract type in cpu_init()
  qom: Introduce object_class_is_abstract()
  target-unicore32: Detect attempt to instantiate non-CPU type in cpu_init()
  target-openrisc: Detect attempt to instantiate non-CPU type in cpu_init()
  target-m68k: Detect attempt to instantiate non-CPU type in cpu_init()
  target-alpha: Detect attempt to instantiate non-CPU type in cpu_init()
  target-arm: Detect attempt to instantiate non-CPU type in cpu_init()
  cpu: Add model resolution support to CPUClass
  target-i386: Remove setting tsc-frequency from x86_def_t
  target-i386: Set custom features/properties without intermediate x86_def_t
  target-i386: Remove vendor_override field from CPUX86State
  ...

Conflicts:
tests/Makefile

Resolved simple conflict caused by lack of context in Makefile

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
11 years agoMerge remote-tracking branch 'kwolf/for-anthony' into staging
Anthony Liguori [Mon, 28 Jan 2013 20:46:45 +0000 (14:46 -0600)]
Merge remote-tracking branch 'kwolf/for-anthony' into staging

# By Paolo Bonzini (14) and others
# Via Kevin Wolf
* kwolf/for-anthony: (24 commits)
  ide: Add fall through annotations
  block: Create proper size file for disk mirror
  ahci: Add migration support
  ahci: Change data types in preparation for migration
  ahci: Remove unused AHCIDevice fields
  hbitmap: add assertion on hbitmap_iter_init
  mirror: do nothing on zero-sized disk
  block/vdi: Check for bad signature
  block/vdi: Improved return values from vdi_open
  block/vdi: Improve debug output for signature
  block: Use error code EMEDIUMTYPE for wrong format in some block drivers
  block: Add special error code for wrong format
  mirror: support arbitrarily-sized iterations
  mirror: support more than one in-flight AIO operation
  mirror: add buf-size argument to drive-mirror
  mirror: switch mirror_iteration to AIO
  mirror: allow customizing the granularity
  block: allow customizing the granularity of the dirty bitmap
  block: return count of dirty sectors, not chunks
  mirror: perform COW if the cluster size is bigger than the granularity
  ...

11 years agoMerge remote-tracking branch 'luiz/queue/qmp' into staging
Anthony Liguori [Mon, 28 Jan 2013 20:41:25 +0000 (14:41 -0600)]
Merge remote-tracking branch 'luiz/queue/qmp' into staging

# By Lei Li (3) and others
# Via Luiz Capitulino
* luiz/queue/qmp:
  QAPI: Introduce memchar-read QMP command
  QAPI: Introduce memchar-write QMP command
  qemu-char: Add new char backend CirMemCharDriver
  docs: document virtio-balloon stats
  balloon: re-enable balloon stats
  balloon: drop old stats code & API
  block: Monitor command commit neglects to report some errors

11 years agoqemu-ga: Plug leaks on qmp_guest_network_get_interfaces() error paths
Markus Armbruster [Wed, 16 Jan 2013 17:15:09 +0000 (18:15 +0100)]
qemu-ga: Plug leaks on qmp_guest_network_get_interfaces() error paths

Spotted by Coverity.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
11 years agoqemu-ga: Plug memory leak in guest_fsfreeze_cleanup()
Markus Armbruster [Wed, 16 Jan 2013 17:15:08 +0000 (18:15 +0100)]
qemu-ga: Plug memory leak in guest_fsfreeze_cleanup()

Neglects to free errors allocated by qmp_guest_fsfreeze_thaw().
Spotted by Coverity.

While there, drop the test whether return value is negative (it's
never true), and improve logging.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
11 years agokvm: Pass CPUState to kvm_on_sigbus_vcpu()
Andreas Färber [Thu, 17 Jan 2013 08:30:27 +0000 (09:30 +0100)]
kvm: Pass CPUState to kvm_on_sigbus_vcpu()

Since commit 20d695a9254c1b086a456d3b79a3c311236643ba (kvm: Pass
CPUState to kvm_arch_*) CPUArchState is no longer needed.

Allows to change qemu_kvm_eat_signals() argument as well.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Gleb Natapov <gleb@redhat.com>
11 years agocpu: Unconditionalize CPUState fields
Andreas Färber [Fri, 25 Jan 2013 15:11:42 +0000 (16:11 +0100)]
cpu: Unconditionalize CPUState fields

Commits fc8c5b8c41ee5ba69d7a2be63b02a08c7b0b155b (Makefile.user: Define
CONFIG_USER_ONLY for libuser/) and
dd83b06ae61cfa2dc4381ab49f365bd0995fc930 (qom: Introduce CPU class)
specifically prepared the qom/cpu.c file to be compiled differently for
softmmu and *-user. This broke as part of build system refactorings
while CPU patches were in flight, adding conditional fields
kvm_fd (8737c51c0444f832c4e97d7eb7540eae457e08e4) and
kvm_vcpu_dirty (20d695a9254c1b086a456d3b79a3c311236643ba) for softmmu.

linux-user and bsd-user would therefore get a CPUState type with
instance_size ~8 bytes longer than expected.
Fix this by unconditionally having the fields in CPUState.

In practice, target-specific CPU types' instance_size would compensate
this, and upstream qom/cpu.c does not yet touch any affected field.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
11 years agotarget-m68k: Use type_register() instead of type_register_static()
Andreas Färber [Sun, 27 Jan 2013 18:31:00 +0000 (19:31 +0100)]
target-m68k: Use type_register() instead of type_register_static()

According to its documentation, type_register_static()'s TypeInfo
argument should exist for the life type of the type.
Therefore use type_register() when registering the list of CPU subtypes.

No functional change with the current implementation.

Cf. 918fd0839eeafc83bd4984364321a947d29041fe for arm.

Signed-off-by: Andreas Färber <afaerber@suse.de>
11 years agotarget-unicore32: Use type_register() instead of type_register_static()
Andreas Färber [Wed, 23 Jan 2013 11:01:00 +0000 (12:01 +0100)]
target-unicore32: Use type_register() instead of type_register_static()

According to its documentation, type_register_static()'s TypeInfo
argument should exist for the life type of the type.
Therefore use type_register() when registering the list of CPU subtypes.

No functional change with the current implementation.

Cf. 918fd0839eeafc83bd4984364321a947d29041fe for arm.

Signed-off-by: Andreas Färber <afaerber@suse.de>
11 years agotarget-openrisc: Use type_register() instead of type_register_static()
Andreas Färber [Wed, 23 Jan 2013 10:10:14 +0000 (11:10 +0100)]
target-openrisc: Use type_register() instead of type_register_static()

According to its documentation, type_register_static()'s TypeInfo
argument should exist for the life type of the type.
Therefore use type_register() when registering the list of CPU subtypes.

No functional change with the current implementation.

Cf. 918fd0839eeafc83bd4984364321a947d29041fe for arm.

Signed-off-by: Andreas Färber <afaerber@suse.de>
11 years agotarget-unicore32: Catch attempt to instantiate abstract type in cpu_init()
Andreas Färber [Wed, 23 Jan 2013 11:41:38 +0000 (12:41 +0100)]
target-unicore32: Catch attempt to instantiate abstract type in cpu_init()

Fixes -cpu unicore32-cpu asserting.

Cc: qemu-stable@nongnu.org
Signed-off-by: Andreas Färber <afaerber@suse.de>
11 years agotarget-openrisc: Catch attempt to instantiate abstract type in cpu_init()
Andreas Färber [Wed, 23 Jan 2013 11:39:38 +0000 (12:39 +0100)]
target-openrisc: Catch attempt to instantiate abstract type in cpu_init()

There is no abstract OpenRISCCPU yet, but that seems a bug of its own.

Cc: qemu-stable@nongnu.org
Signed-off-by: Andreas Färber <afaerber@suse.de>
11 years agotarget-m68k: Catch attempt to instantiate abstract type in cpu_init()
Andreas Färber [Wed, 23 Jan 2013 11:36:31 +0000 (12:36 +0100)]
target-m68k: Catch attempt to instantiate abstract type in cpu_init()

This fixes -cpu m68k-cpu asserting.

Cc: qemu-stable@nongnu.org
Signed-off-by: Andreas Färber <afaerber@suse.de>
11 years agotarget-arm: Catch attempt to instantiate abstract type in cpu_init()
Andreas Färber [Wed, 23 Jan 2013 11:32:49 +0000 (12:32 +0100)]
target-arm: Catch attempt to instantiate abstract type in cpu_init()

This fixes -cpu arm-cpu asserting.

Cc: qemu-stable@nongnu.org
Acked-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andreas Färber <afaerber@suse.de>
11 years agotarget-alpha: Catch attempt to instantiate abstract type in cpu_init()
Andreas Färber [Wed, 23 Jan 2013 11:28:22 +0000 (12:28 +0100)]
target-alpha: Catch attempt to instantiate abstract type in cpu_init()

This fixes -cpu alpha-cpu asserting.

Cc: qemu-stable@nongnu.org
Signed-off-by: Andreas Färber <afaerber@suse.de>
11 years agoqom: Introduce object_class_is_abstract()
Andreas Färber [Wed, 23 Jan 2013 11:20:18 +0000 (12:20 +0100)]
qom: Introduce object_class_is_abstract()

This lets a caller check if an ObjectClass as returned by, e.g.,
object_class_by_name() is instantiatable.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Cc: Anthony Liguori <anthony@codemonkey.ws>
11 years agotarget-unicore32: Detect attempt to instantiate non-CPU type in cpu_init()
Andreas Färber [Wed, 23 Jan 2013 11:07:17 +0000 (12:07 +0100)]
target-unicore32: Detect attempt to instantiate non-CPU type in cpu_init()

Consolidate model checking into a new uc32_cpu_class_by_name().

If the name matches an existing type, also check whether that type is
actually (a sub-type of) TYPE_UNICORE32_CPU.

This fixes, e.g., -cpu puv3_dma asserting.

Cc: qemu-stable@nongnu.org
Signed-off-by: Andreas Färber <afaerber@suse.de>
11 years agoprep_pci: Convert to QOM realizefn
Andreas Färber [Wed, 16 Jan 2013 14:45:34 +0000 (15:45 +0100)]
prep_pci: Convert to QOM realizefn

SysBusDeviceClass' initfn merely calls SysBusDeviceClass::init, so we
can already hook up our own realizefn overwriting this behavior.

A symmetric unrealizefn is not necessary, knowing that the child's
unrealizefn is still no-op, too. Avoids ripping it out again when
recursive realization at DeviceState-level is implemented.

Signed-off-by: Andreas Färber <andreas.faerber@web.de>
11 years agoprep_pci: Create PCIBus and PCIDevice in-place
Andreas Färber [Sat, 26 May 2012 17:14:52 +0000 (19:14 +0200)]
prep_pci: Create PCIBus and PCIDevice in-place

Prepares for QOM realizefn by removing object creation from qdev initfn.

Signed-off-by: Andreas Färber <andreas.faerber@web.de>
11 years agotarget-openrisc: Detect attempt to instantiate non-CPU type in cpu_init()
Andreas Färber [Wed, 23 Jan 2013 10:17:14 +0000 (11:17 +0100)]
target-openrisc: Detect attempt to instantiate non-CPU type in cpu_init()

Consolidate model checking into a new openrisc_cpu_class_by_name().

If the name matches an existing type, also check whether that type is
actually (a sub-type of) TYPE_OPENRISC_CPU.

This fixes, e.g., -cpu open_eth asserting.

Cc: qemu-stable@nongnu.org
Signed-off-by: Andreas Färber <afaerber@suse.de>
11 years agotarget-m68k: Detect attempt to instantiate non-CPU type in cpu_init()
Andreas Färber [Mon, 21 Jan 2013 16:50:15 +0000 (17:50 +0100)]
target-m68k: Detect attempt to instantiate non-CPU type in cpu_init()

Consolidate model checking into a new m68k_cpu_class_by_name().

If the name matches an existing type, also check whether that type is
(a sub-type of) TYPE_M68K_CPU.

This fixes, e.g., -cpu ide-hd asserting.

Signed-off-by: Andreas Färber <afaerber@suse.de>
11 years agotarget-alpha: Detect attempt to instantiate non-CPU type in cpu_init()
Andreas Färber [Mon, 21 Jan 2013 16:27:54 +0000 (17:27 +0100)]
target-alpha: Detect attempt to instantiate non-CPU type in cpu_init()

Check in alpha_cpu_class_by_name() whether the type found is actually
(a sub-type of) TYPE_ALPHA_CPU.

This fixes, e.g., -cpu typhoon-pcihost asserting.

Signed-off-by: Andreas Färber <afaerber@suse.de>
11 years agotarget-arm: Detect attempt to instantiate non-CPU type in cpu_init()
Andreas Färber [Mon, 21 Jan 2013 15:11:43 +0000 (16:11 +0100)]
target-arm: Detect attempt to instantiate non-CPU type in cpu_init()

Consolidate model checking into a new arm_cpu_class_by_name().

If the name matches an existing type, also check whether that type is
actually (a sub-type of) TYPE_ARM_CPU.

This fixes, e.g., -cpu tmp105 asserting.

Cc: qemu-stable <qemu-stable@nongnu.org>
Acked-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andreas Färber <afaerber@suse.de>
11 years agocpu: Add model resolution support to CPUClass
Andreas Färber [Mon, 21 Jan 2013 17:26:21 +0000 (18:26 +0100)]
cpu: Add model resolution support to CPUClass

Introduce CPUClass::class_by_name and add a default implementation.
Hook up the alpha and ppc implementations.

Introduce a wrapper function cpu_class_by_name().

Signed-off-by: Andreas Färber <afaerber@suse.de>
11 years agotarget-i386: Remove setting tsc-frequency from x86_def_t
Igor Mammedov [Mon, 21 Jan 2013 14:06:39 +0000 (15:06 +0100)]
target-i386: Remove setting tsc-frequency from x86_def_t

Setting tsc-frequency from x86_def_t is NOP because default tsc_khz
in x86_def_t is 0 and CPUX86State.tsc_khz is also initialized to 0
by default. So there is no need to overwrite tsc_khz with default 0
because field was already initialized to 0.

Custom tsc-frequency setting is not affected due to it being set
without using x86_def_t.

Field tsc_khz in x86_def_t becomes unused with this patch, so drop it
as well.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
11 years agotarget-i386: Set custom features/properties without intermediate x86_def_t
Igor Mammedov [Mon, 21 Jan 2013 14:06:38 +0000 (15:06 +0100)]
target-i386: Set custom features/properties without intermediate x86_def_t

Move custom features parsing after built-in cpu_model defaults are set
and set custom features directly on CPU instance. That allows to make a
clear distinction between built-in cpu model defaults that eventually
should go into class_init() and extra property setting which is done
after defaults are set on CPU instance.

Impl. details:
 * use object_property_parse() property setter so it would be a mechanical
   change to switch to global properties later.
 * And after all current features/properties are converted into static
   properties, it will take a trivial patch to switch to global properties.
   Which will allow to:
   * get CPU instance initialized with all parameters passed on -cpu ...
     cmd. line from object_new() call.
   * call cpu_model/featurestr parsing only once before CPUs are created
   * open a road for removing CPUxxxState.cpu_model_str field, when other
     CPUs are similarly converted to subclasses and static properties.
 - re-factor error handling, to use Error instead of fprintf()s, since
   it is anyway passed in for property setter.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
11 years agotarget-i386: Remove vendor_override field from CPUX86State
Igor Mammedov [Mon, 21 Jan 2013 14:06:37 +0000 (15:06 +0100)]
target-i386: Remove vendor_override field from CPUX86State

Commit 8935499831312 makes cpuid return to guest host's vendor value
instead of built-in one by default if kvm_enabled() == true and allows
to override this behavior if 'vendor' is specified on -cpu command line.

But every time guest calls cpuid to get 'vendor' value, host's value is
read again and again in default case.

It complicates semantics of vendor property and makes it harder to use.

Instead of reading 'vendor' value from host every time cpuid[vendor] is
called, override 'vendor' value only once in cpu_x86_find_by_name(), when
built-in CPU model is found and if(kvm_enabled() == true).

It provides the same default semantics
 if (kvm_enabled() == true)  vendor = host's vendor
 else vendor = built-in vendor

and then later:
 if (custom vendor) vendor = custom vendor

'vendor' value is overridden when user provides it on -cpu command line,
and there is no need for vendor_override field anymore, remove it.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
11 years agotarget-i386: Replace uint32_t vendor fields by vendor string in x86_def_t
Igor Mammedov [Mon, 21 Jan 2013 14:06:36 +0000 (15:06 +0100)]
target-i386: Replace uint32_t vendor fields by vendor string in x86_def_t

Vendor property setter takes string as vendor value but cpudefs
use uint32_t vendor[123] fields to define vendor value. It makes it
difficult to unify and use property setter for values from cpudefs.

Simplify code by using vendor property setter, vendor[123] fields
are converted into vendor[13] array to keep its value. And vendor
property setter is used to access/set value on CPU.

 - Make for() cycle reusable for the next patch by adding
   x86_cpu_vendor_words2str()

Intel's CPUID spec[1] says:
"
5.1.1 ...
These registers contain the ASCII string: GenuineIntel
...
"

List[2] of known vendor values shows that they all are 12 ASCII
characters long, padded where necessary with space.

Current supported values are all ASCII characters packed in
ebx, edx, ecx. So lets state that QEMU supports 12 printable ASCII
characters packed in ebx, edx, ecx registers for cpuid(0) instruction.

*1 - http://www.intel.com/Assets/PDF/appnote/241618.pdf
*2 - http://en.wikipedia.org/wiki/CPUID#EAX.3D0:_Get_vendor_ID

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
11 years agotarget-i386: Print deprecation warning if xlevel < 0x80000000
Igor Mammedov [Mon, 21 Jan 2013 14:06:35 +0000 (15:06 +0100)]
target-i386: Print deprecation warning if xlevel < 0x80000000

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
11 years agotarget-i386: Drop redundant list of CPU definitions
Andreas Färber [Mon, 21 Jan 2013 00:02:28 +0000 (01:02 +0100)]
target-i386: Drop redundant list of CPU definitions

It is no longer needed since dropping cpudef config file support.
Cleaning this up removes knowledge about other models from x86_def_t,
in preparation for reusing x86_def_t as intermediate step towards pure
QOM X86CPU subclasses.

Signed-off-by: Andreas Färber <afaerber@suse.de>
11 years agotarget-i386: Simplify cpu_x86_find_by_name()
Andreas Färber [Mon, 21 Jan 2013 00:00:24 +0000 (01:00 +0100)]
target-i386: Simplify cpu_x86_find_by_name()

Catch NULL name argument early to avoid repeated checks.
Similarly, check for -cpu host early and untangle from iterating through
model definitions. This prepares for introducing X86CPU subclasses.

Signed-off-by: Andreas Färber <afaerber@suse.de>
11 years agopc: Generate APIC IDs according to CPU topology
Eduardo Habkost [Tue, 22 Jan 2013 20:25:09 +0000 (18:25 -0200)]
pc: Generate APIC IDs according to CPU topology

This keeps compatibility on machine-types pc-1.2 and older, and prints a
warning in case the requested configuration won't get the correct
topology.

I couldn't think of a better way to warn about broken topology when in
compat mode other than using error_report(). The warning message will
probably be buried in a log file somewhere, but it's better than
nothing.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
11 years agotarget-i386: Topology & APIC ID utility functions
Eduardo Habkost [Wed, 23 Jan 2013 17:58:27 +0000 (15:58 -0200)]
target-i386: Topology & APIC ID utility functions

This introduces utility functions for the APIC ID calculation, based on:
  Intel® 64 Architecture Processor Topology Enumeration
  http://software.intel.com/en-us/articles/intel-64-architecture-processor-topology-enumeration/

The code should be compatible with AMD's "Extended Method" described at:
  AMD CPUID Specification (Publication #25481)
  Section 3: Multiple Core Calcuation
as long as:
 - nr_threads is set to 1;
 - OFFSET_IDX is assumed to be 0;
 - CPUID Fn8000_0008_ECX[ApicIdCoreIdSize[3:0]] is set to
   apicid_core_width().

Unit tests included.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
11 years agopc: Set fw_cfg data based on APIC ID calculation
Eduardo Habkost [Wed, 23 Jan 2013 17:51:18 +0000 (15:51 -0200)]
pc: Set fw_cfg data based on APIC ID calculation

This changes FW_CFG_MAX_CPUS and FW_CFG_NUMA to use apic_id_for_cpu(),
so the NUMA table can be based on the APIC IDs, instead of CPU index
(SeaBIOS knows nothing about CPU indexes, just APIC IDs).

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
11 years agocpus.h: Make constant smp_cores/smp_threads available on *-user
Eduardo Habkost [Tue, 22 Jan 2013 20:25:05 +0000 (18:25 -0200)]
cpus.h: Make constant smp_cores/smp_threads available on *-user

The code that calculates the APIC ID will use smp_cores/smp_threads, so
just define them as 1 on *-user to avoid #ifdefs in the code.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
11 years agofw_cfg: Remove FW_CFG_MAX_CPUS from fw_cfg_init()
Eduardo Habkost [Tue, 22 Jan 2013 20:25:03 +0000 (18:25 -0200)]
fw_cfg: Remove FW_CFG_MAX_CPUS from fw_cfg_init()

PC will not use max_cpus for that field, so move it outside the common
code so it can use a different value on PC.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
11 years agotarget-i386: Introduce x86_cpu_apic_id_from_index() function
Eduardo Habkost [Tue, 22 Jan 2013 20:25:04 +0000 (18:25 -0200)]
target-i386: Introduce x86_cpu_apic_id_from_index() function

This function will be used by both the CPU initialization code and the
fw_cfg table initialization code.

Later this function will be updated to generate APIC IDs according to
the CPU topology.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
11 years agotarget-i386: kvm: Set vcpu_id to APIC ID instead of CPU index
Eduardo Habkost [Tue, 22 Jan 2013 20:25:02 +0000 (18:25 -0200)]
target-i386: kvm: Set vcpu_id to APIC ID instead of CPU index

The CPU ID in KVM is supposed to be the APIC ID, so change the
KVM_CREATE_VCPU call to match it. The current behavior didn't break
anything yet because today the APIC ID is assumed to be equal to the CPU
index, but this won't be true in the future.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Marcelo Tosatti <mtosatti@redhat.com>
Acked-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
11 years agokvm: Create kvm_arch_vcpu_id() function
Eduardo Habkost [Tue, 22 Jan 2013 20:25:01 +0000 (18:25 -0200)]
kvm: Create kvm_arch_vcpu_id() function

This will allow each architecture to define how the VCPU ID is set on
the KVM_CREATE_VCPU ioctl call.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Acked-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
11 years agopc: Reverse pc_init_pci() compatibility logic
Eduardo Habkost [Thu, 17 Jan 2013 20:59:29 +0000 (18:59 -0200)]
pc: Reverse pc_init_pci() compatibility logic

Currently, the pc-1.4 machine init function enables PV EOI and then
calls the pc-1.2 machine init function. The problem with this approach
is that now we can't enable any additional compatibility code inside the
pc-1.2 init function because it would end up enabling the compatibility
behavior on pc-1.3 and pc-1.4 as well.

This reverses the logic so that the pc-1.2 machine init function will
disable PV EOI, and then call the pc-1.4 machine init function.

This way we can change older machine-types to enable compatibility
behavior, and the newer machine-types (pc-1.3, pc-q35-1.4 and
pc-i440fx-1.4) would just use the default behavior.

(This means that one nice side-effect of this change is that pc-q35-1.4
will get PV EOI enabled by default, too)

It would be interesting to eventually change pc_init_pci_no_kvmclock()
and pc_init_isa() to reuse pc_init_pci_1_2() as well (so we don't need
to duplicate compatibility code on those two functions). But this will
be probably much easier to do after we create a PCInitArgs struct for
the PC initialization arguments, and/or after we use global-properties
to implement the compatibility modes present in pc_init_pci_1_2().

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
11 years agotarget-i386: Don't set any KVM flag by default if KVM is disabled
Eduardo Habkost [Thu, 17 Jan 2013 20:59:28 +0000 (18:59 -0200)]
target-i386: Don't set any KVM flag by default if KVM is disabled

This is a cleanup that tries to solve two small issues:

 - We don't need a separate kvm_pv_eoi_features variable just to keep a
   constant calculated at compile-time, and this style would require
   adding a separate variable (that's declared twice because of the
   CONFIG_KVM ifdef) for each feature that's going to be
   enabled/disabled by machine-type compat code.
 - The pc-1.3 code is setting the kvm_pv_eoi flag on cpuid_kvm_features
   even when KVM is disabled at runtime. This small inconsistency in
   the cpuid_kvm_features field isn't a problem today because
   cpuid_kvm_features is ignored by the TCG code, but it may cause
   unexpected problems later when refactoring the CPUID handling code.

This patch eliminates the kvm_pv_eoi_features variable and simply uses
kvm_enabled() inside the enable_kvm_pv_eoi() compat function, so it
enables kvm_pv_eoi only if KVM is enabled. I believe this makes the
behavior of enable_kvm_pv_eoi() clearer and easier to understand.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Acked-by: Gleb Natapov <gleb@redhat.com>
Reviewed-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
11 years agokvm: Add fake KVM_FEATURE_CLOCKSOURCE_STABLE_BIT for builds without KVM
Eduardo Habkost [Thu, 17 Jan 2013 20:59:27 +0000 (18:59 -0200)]
kvm: Add fake KVM_FEATURE_CLOCKSOURCE_STABLE_BIT for builds without KVM

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Acked-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
11 years agotarget-openrisc: Clean up triple QOM casts
Andreas Färber [Thu, 17 Jan 2013 16:30:08 +0000 (17:30 +0100)]
target-openrisc: Clean up triple QOM casts

Instead of calling openrisc_env_get_cpu(), casting to CPU() via the
ENV_GET_CPU() compatibility macro and casting back to OPENRISC_CPU(),
just call openrisc_env_get_cpu() directly.

ENV_GET_CPU() is meant as workaround for target-independent code only.

Signed-off-by: Andreas Färber <afaerber@suse.de>
11 years agotarget-openrisc: Drop OpenRISCCPUList
Andreas Färber [Sat, 5 Jan 2013 13:14:27 +0000 (14:14 +0100)]
target-openrisc: Drop OpenRISCCPUList

It was missed in 92a3136174f60ee45b113296cb2c2a5225b00369 (cpu:
Introduce CPUListState struct) because its naming did not match the
*CPUListState pattern. Use the generalized CPUListState instead.

Signed-off-by: Andreas Färber <afaerber@suse.de>
11 years agoxilinx_ethlite: Avoid build warnings in debug code
Edgar E. Iglesias [Sun, 27 Jan 2013 00:05:00 +0000 (01:05 +0100)]
xilinx_ethlite: Avoid build warnings in debug code

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
11 years agom25p80.c: Return state to IDLE after COLLECTING
Peter Crosthwaite [Sat, 26 Jan 2013 01:58:38 +0000 (17:58 -0800)]
m25p80.c: Return state to IDLE after COLLECTING

Default to moving back to the IDLE state after the COLLECTING_DATA
state. For a well behaved guest this patch has no consequence, but
A bad guest could crash QEMU by using one of the erase commands
followed by a longer than 5 byte argument (undefined behaviour).

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
11 years agoxilinx_ethlite: Flush queued packets on SW service
Peter Crosthwaite [Sat, 26 Jan 2013 20:36:23 +0000 (12:36 -0800)]
xilinx_ethlite: Flush queued packets on SW service

Software services a received packet by clearing the CTRL_S bit in the RX_CTRLn
register. If this bit is cleared, flush any packets queued for the device.

Reported-by: John Williams <john.williams@xilinx.com>
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
11 years agoxilinx_ethlite: fix eth_can_rx() for ping-pong
Peter Crosthwaite [Sat, 26 Jan 2013 20:36:22 +0000 (12:36 -0800)]
xilinx_ethlite: fix eth_can_rx() for ping-pong

The eth_can_rx() function only checks the first buffers status ("ping"). The
controller should be able to receive into "pong" when ping-pong is enabled.
Checks the active buffer (either "ping" or "pong") when determining can_rx()
rather than just testing "ping".

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
11 years agoMerge branch 'ppc-for-upstream' of git://repo.or.cz/qemu/agraf
Blue Swirl [Sat, 26 Jan 2013 14:18:28 +0000 (14:18 +0000)]
Merge branch 'ppc-for-upstream' of git://repo.or.cz/qemu/agraf

* 'ppc-for-upstream' of git://repo.or.cz/qemu/agraf:
  PPC: e500: Select MPIC v4.2 on ppce500 platform
  PPC: e500: fix mpic_iack address
  openpic: add basic support for MPIC v4.2
  openpic: fix timer address decoding
  openpic: fix remaining issues from idr-to-destmask conversion
  pseries: Adjust default VIO address allocations to play better with libvirt
  pseries: Improve handling of multiple PCI host bridges
  target-ppc: Give a meaningful error if too many threads are specified
  cuda: Move ADB bus into CUDA state
  adb: QOM'ify ADB devices
  adb: QOM'ify Apple Desktop Bus
  cuda: QOM'ify CUDA
  ide/macio: QOM'ify MacIO IDE
  mac_nvram: QOM'ify MacIO NVRAM
  mac_nvram: Mark as Big Endian
  mac_nvram: Clean up public API
  macio: Split MacIO in two
  macio: Delay qdev init until all fields are initialized
  macio: QOM'ify some more
  ppc: Move Mac machines to hw/ppc/

11 years agotests: Add gcov support for x86_64 qtest
Andreas Färber [Sat, 26 Jan 2013 11:45:14 +0000 (12:45 +0100)]
tests: Add gcov support for x86_64 qtest

Since x86_64 is a superset of i386 and reuses all its test cases, adopt
all the i386 gcov source files as well, substituting their paths
appropriately.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
11 years agotests: Add gcov support for sparc64 qtest
Andreas Färber [Sat, 26 Jan 2013 11:45:13 +0000 (12:45 +0100)]
tests: Add gcov support for sparc64 qtest

m48t59-test is individually being executed for sparc and sparc64, so add
the gcov source file for sparc64 as well.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
11 years agotests: Fix gcov typo for tmp105-test
Andreas Färber [Sat, 26 Jan 2013 11:45:12 +0000 (12:45 +0100)]
tests: Fix gcov typo for tmp105-test

Commit 6e9989034b176a8e4cfdccd85892abfa73977ba7 introduced a new qtest
test case but misspelled gcov, leading to no coverage analysis. Fix it.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
11 years agovmware_vga: fix out of bounds and invalid rects updating
Michael Tokarev [Fri, 25 Jan 2013 17:23:24 +0000 (21:23 +0400)]
vmware_vga: fix out of bounds and invalid rects updating

This is a follow up for several attempts to fix this issue.

Previous incarnations:

1. http://thread.gmane.org/gmane.linux.ubuntu.bugs.general/3156089
https://bugs.launchpad.net/bugs/918791
"qemu-kvm dies when using vmvga driver and unity in the guest" bug.
Fix by Serge Hallyn:
 https://launchpadlibrarian.net/94916786/qemu-vmware.debdiff
This fix is incomplete, since it does not check width and height
for being negative.  Serge weren't sure if that's the right place
to fix it, maybe the fix should be up the stack somewhere.

2. http://thread.gmane.org/gmane.comp.emulators.qemu/166064
by Marek Vasut: "vmware_vga: Redraw only visible area"

This one adds the (incomplete) check to vmsvga_update_rect_delayed(),
the routine just queues the rect updating but does no interesting
stuff.  It is also incomplete in the same way as patch by Serge,
but also does not touch width&height at all after adjusting x&y,
which is wrong.

As far as I can see, when processing guest requests, the device
places them into a queue (vmsvga_update_rect_delayed()) and
processes this queue in different place/time, namely, in
vmsvga_update_rect().  Sometimes, vmsvga_update_rect() is
called directly, without placing the request to the gueue.
This is the place this patch changes, which is the last
(deepest) in the stack.  I'm not sure if this is the right
place still, since it is possible we have some queue optimization
(or may have in the future) which will be upset by negative/wrong
values here, so maybe we should check for validity of input
right when receiving request from the guest (and maybe even
use unsigned types there).  But I don't know the protocol
and implementation enough to have a definitive answer.

But since vmsvga_update_rect() has other sanity checks already,
I'm adding the missing ones there as well.

Cc'ing BALATON Zoltan and Andrzej Zaborowski who shows in `git blame'
output and may know something in this area.

If this patch is accepted, it should be applied to all active
stable branches (at least since 1.1, maybe even before), with
minor context change (ds_get_*(s->vga.ds) => s->*).  I'm not
Cc'ing -stable yet, will do it explicitly once the patch is
accepted.

BTW, these checks use fprintf(stderr) -- it should be converted
to something more appropriate, since stderr will most likely
disappear somewhere.

Cc: Marek Vasut <marex@denx.de>
CC: Serge Hallyn <serge.hallyn@ubuntu.com>
Cc: BALATON Zoltan <balaton@eik.bme.hu>
Cc: Andrzej Zaborowski <balrogg@gmail.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Marek Vasut <marex@denx.de>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
11 years agotests: add fuzzing to visitor tests
Blue Swirl [Sat, 19 Jan 2013 15:43:53 +0000 (15:43 +0000)]
tests: add fuzzing to visitor tests

Perform input tests on random data.

Improvement to code coverage for qapi/string-input-visitor.c
is about 3 percentage points.

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
11 years agobuild: remove *.lo, *.a, *.la files from all subdirectories on make clean
Paolo Bonzini [Tue, 15 Jan 2013 08:49:37 +0000 (09:49 +0100)]
build: remove *.lo, *.a, *.la files from all subdirectories on make clean

.lo files in stubs/, util/ and libcacard/ were not cleaned.
Fix this.

Cc: Blue Swirl <blauwirbel@gmail.com>
Reported-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
11 years agohw/arm_boot: Align device tree to 4KB boundary, not page
Peter Maydell [Thu, 24 Jan 2013 19:02:28 +0000 (19:02 +0000)]
hw/arm_boot: Align device tree to 4KB boundary, not page

Align the device tree blob to a 4KB boundary, not to QEMU's
idea of a page boundary -- the latter is the smallest possible
page size for the architecture, which on ARM is 1KB.
The documentation for Linux does not impose separation
or alignment requirements on the device tree blob, but
in practice some kernels will happily trash the entire
page the initrd ends in after they have finished uncompressing
the initrd. So 4KB-align the DTB to ensure it does not get
trampled by these kernels.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
11 years agoqemu-char: Avoid unused variable warning in some configs
Peter Maydell [Thu, 24 Jan 2013 16:14:39 +0000 (16:14 +0000)]
qemu-char: Avoid unused variable warning in some configs

Avoid unused variable warnings:
qemu-char.c: In function 'qmp_chardev_open_port':
qemu-char.c:3132: warning: unused variable 'fd'
qemu-char.c:3132: warning: unused variable 'flags'

in configurations with neither HAVE_CHARDEV_TTY nor
HAVE_CHARDEV_PARPORT set.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
11 years agomake_device_config.sh: Fix target path in generated dependency file
Andreas Färber [Thu, 24 Jan 2013 15:47:55 +0000 (16:47 +0100)]
make_device_config.sh: Fix target path in generated dependency file

config-devices.mak.d is included from Makefile.target, i.e. from inside
the *-softmmu/ directory. It included the directory path, so never
applied to the actual ./config-devices.mak. Symptoms were spurious
build failures due to missing dependency on default-configs/pci.mak.

Fix this by using `basename` to strip the directory path.

Reported-by: Gerhard Wiesinger <lists@wiesinger.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
11 years agofw_cfg: Drop a few superfluous initializers
Markus Armbruster [Wed, 23 Jan 2013 17:25:09 +0000 (18:25 +0100)]
fw_cfg: Drop a few superfluous initializers

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
11 years agofw_cfg: Splash image loader can overrun a stack variable, fix
Markus Armbruster [Wed, 23 Jan 2013 17:25:08 +0000 (18:25 +0100)]
fw_cfg: Splash image loader can overrun a stack variable, fix

read_splashfile() passes the address of an int variable as size_t *
parameter to g_file_get_contents(), with a cast to gag the compiler.

No problem on machines where sizeof(size_t) == sizeof(int).

Happens to work on my x86_64 box (64 bit little endian): the least
significant 32 bits of the file size end up in the right place
(caller's variable file_size), and the most significant 32 bits
clobber a place that gets assigned to before its next use (caller's
variable file_type).

I'd expect it to break on a 64 bit big-endian box.

Fix up the variable types and drop the problematic cast.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
11 years agosoftfloat: Handle float_muladd_negate_c when product is zero
Richard Sandiford [Tue, 22 Jan 2013 17:03:05 +0000 (17:03 +0000)]
softfloat: Handle float_muladd_negate_c when product is zero

Honour float_muladd_negate_c in the case where the product is zero and
c is nonzero.  Previously we would fail to negate c.

Seen in (and tested against) the gfortran testsuite on MIPS.

Signed-off-by: Richard Sandiford <rdsandiford@googlemail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
11 years agohw/pxa2xx_timer: Explicitly mark fallthroughs
Peter Maydell [Mon, 21 Jan 2013 12:50:56 +0000 (12:50 +0000)]
hw/pxa2xx_timer: Explicitly mark fallthroughs

Explicitly mark the fallthroughs as intentional in the code
pattern where we gradually increment an index before falling
into the code to read/write that array entry:
    case THINGY_3: idx++;
    case THINGY_2: idx++;
    case THINGY_1: idx++;
    case THINGY_0: return s->thingy[idx];

This makes static analysers happy.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
11 years agohw/smc91c111: Add explicit 'return' rather than relying on fallthrough
Peter Maydell [Mon, 21 Jan 2013 12:50:55 +0000 (12:50 +0000)]
hw/smc91c111: Add explicit 'return' rather than relying on fallthrough

Add an explicit 'return' statement to a case in smc91c111_readb
rather than relying on fallthrough to the following case's
return statement, for code clarity and to placate static analysers.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
11 years agohw/pflash_cfi02.c: Mark deliberate fallthrough
Peter Maydell [Mon, 21 Jan 2013 12:50:54 +0000 (12:50 +0000)]
hw/pflash_cfi02.c: Mark deliberate fallthrough

Mark the deliberate fallthrough where we treat the case of
an attempt to read flash when it is an unknown command
state as if it were a normal read.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
11 years agohw/omap_dma, hw/omap_spi: Explicitly mark fallthroughs
Peter Maydell [Mon, 21 Jan 2013 12:50:53 +0000 (12:50 +0000)]
hw/omap_dma, hw/omap_spi: Explicitly mark fallthroughs

Explicitly mark the fallthroughs as intentional in the code
pattern where we gradually increment an index before falling
into the code to read/write that array entry:
  case THINGY_3: idx++;
  case THINGY_2: idx++;
  case THINGY_1: idx++;
  case THINGY_0: return s->thingy[idx];

This makes static analysers happy.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
11 years agohw/omap1.c: Add fallthrough markers and breaks
Peter Maydell [Mon, 21 Jan 2013 12:50:52 +0000 (12:50 +0000)]
hw/omap1.c: Add fallthrough markers and breaks

Explicitly mark cases where we are deliberately falling
through to the following code. In one case we insert a
'break' instead of falling through to a 'break', as this
seems slightly clearer.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
11 years agohw/arm_sysctl.c: Add missing 'break' statements
Peter Maydell [Mon, 21 Jan 2013 12:50:51 +0000 (12:50 +0000)]
hw/arm_sysctl.c: Add missing 'break' statements

Add some break statements that were accidentally omitted
from some cases of arm_sysctl_write(). The omission was
harmless because in both cases the following case did
an immediate break, but adding the breaks explicitly
placates static analysers and avoids weird behaviour if
the following register is ever implemented as something
other than a no-op.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
11 years agolink seccomp only with softmmu targets
Michael Tokarev [Sat, 19 Jan 2013 14:58:09 +0000 (18:58 +0400)]
link seccomp only with softmmu targets

Now, if seccomp is detected, it is linked into every executable,
but is used only by softmmu targets (from vl.c).  So link it
only where it is actually needed.

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
11 years agobsd-user: avoid conflict with qemu_vmalloc
Blue Swirl [Sat, 19 Jan 2013 09:49:09 +0000 (09:49 +0000)]
bsd-user: avoid conflict with qemu_vmalloc

Rename qemu_vmalloc() to bsd_vmalloc(), adjust the only user.

Remove #ifdeffery in oslib-posix.c.

Tested-by: Andreas Färber <andreas.faerber@web.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
11 years agobuild: remove extra-obj-y
Paolo Bonzini [Sat, 19 Jan 2013 10:06:48 +0000 (11:06 +0100)]
build: remove extra-obj-y

extra-obj-y is somewhat complicated to understand.  Replace it with a
special CONFIG_ALL symbol that is defined only at toplevel.
This limits the case of directories defining more than one
*-obj-y target.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
11 years agobuild: remove universal-obj-y
Paolo Bonzini [Sat, 19 Jan 2013 10:06:47 +0000 (11:06 +0100)]
build: remove universal-obj-y

All of universal-obj-y, user-obj-y (right now unused) and common-obj-y can
be unified into common-obj-y if we take care of defining CONFIG_SOFTMMU
and CONFIG_USER_ONLY in the toplevel makefile.  This is similar to how
we define symbols for hardware components.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
11 years agobuild: use -$(CONFIG_SECCOMP) instead of ifeq
Paolo Bonzini [Sat, 19 Jan 2013 10:06:46 +0000 (11:06 +0100)]
build: use -$(CONFIG_SECCOMP) instead of ifeq

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Acked-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
11 years agobuild: move around libcacard-y definition
Paolo Bonzini [Sat, 19 Jan 2013 10:06:45 +0000 (11:06 +0100)]
build: move around libcacard-y definition

It is also needed if !CONFIG_SOFTMMU, unlike everything that surrounds it.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
11 years agotests: adjust gcov variables for directory movement
Paolo Bonzini [Tue, 15 Jan 2013 08:49:35 +0000 (09:49 +0100)]
tests: adjust gcov variables for directory movement

I had missed the introduction of the gcov-files-* variables.

Cc: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
11 years agoPPC: e500: Select MPIC v4.2 on ppce500 platform
Scott Wood [Mon, 21 Jan 2013 15:53:55 +0000 (15:53 +0000)]
PPC: e500: Select MPIC v4.2 on ppce500 platform

The compatible string is changed to fsl,mpic on all e500 platforms, to
advertise the existence of BRR1.  This matches what the device tree will
have on real hardware.

With MPIC v4.2 max_cpu can be increased from 15 to 32.

Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>