sdk/emulator/qemu.git
8 years agoRevert "tracetool: use Python 2.4-compatible exception handling syntax"
Markus Armbruster [Fri, 18 Dec 2015 07:52:43 +0000 (08:52 +0100)]
Revert "tracetool: use Python 2.4-compatible exception handling syntax"

This reverts commit 662da3854e3f490223373b40afdcfcc339d14aa5.

We require Python 2.6 now (commit fec2103).

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <1450425164-24969-4-git-send-email-armbru@redhat.com>

8 years agoscripts/qmp: Use Python 2.6 "except E as ..." syntax
Markus Armbruster [Fri, 18 Dec 2015 07:52:42 +0000 (08:52 +0100)]
scripts/qmp: Use Python 2.6 "except E as ..." syntax

PEP 8 calls for it, because it's forward compatible with Python 3.
Supported since Python 2.6, which we require (commit fec2103).

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <1450425164-24969-3-git-send-email-armbru@redhat.com>

8 years agoqapi: Use Python 2.6 "except E as ..." syntax
Markus Armbruster [Fri, 18 Dec 2015 07:52:41 +0000 (08:52 +0100)]
qapi: Use Python 2.6 "except E as ..." syntax

PEP 8 calls for it, because it's forward compatible with Python 3.
Supported since Python 2.6, which we require (commit fec2103).

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <1450425164-24969-2-git-send-email-armbru@redhat.com>

8 years agoui/cocoa.m: Include qemu/osdep.h
Peter Maydell [Fri, 29 Jan 2016 16:23:34 +0000 (16:23 +0000)]
ui/cocoa.m: Include qemu/osdep.h

Include "qemu/osdep.h". (This is a manual commit equivalent
to what the clean-includes script would do, because that
script can't handle ObjectiveC source files.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1454084614-5365-1-git-send-email-peter.maydell@linaro.org

8 years agoMerge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
Peter Maydell [Mon, 8 Feb 2016 11:25:31 +0000 (11:25 +0000)]
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

pc and misc cleanups and fixes, virtio optimizations

Included here:
Refactoring and bugfix patches in PC/ACPI.
New commands for ipmi.
Virtio optimizations.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Sat 06 Feb 2016 18:44:26 GMT using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"

* remotes/mst/tags/for_upstream: (45 commits)
  net: set endianness on all backend devices
  fix MSI injection on Xen
  intel_iommu: large page support
  dimm: Correct type of MemoryHotplugState->base
  pc: set the OEM fields in the RSDT and the FADT from the SLIC
  acpi: add function to extract oem_id and oem_table_id from the user's SLIC
  acpi: expose oem_id and oem_table_id in build_rsdt()
  acpi: take oem_id in build_header(), optionally
  pc: Eliminate PcGuestInfo struct
  pc: Move APIC and NUMA data from PcGuestInfo to PCMachineState
  pc: Move PcGuestInfo.fw_cfg to PCMachineState
  pc: Remove PcGuestInfo.isapc_ram_fw field
  pc: Remove RAM size fields from PcGuestInfo
  pc: Remove compat fields from PcGuestInfo
  acpi: Don't save PcGuestInfo on AcpiBuildState
  acpi: Remove guest_info parameters from functions
  pc: Simplify xen_load_linux() signature
  pc: Simplify pc_memory_init() signature
  pc: Eliminate struct PcGuestInfoState
  pc: Move PcGuestInfo declaration to top of file
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agonet: set endianness on all backend devices
Laurent Vivier [Wed, 13 Jan 2016 19:26:25 +0000 (20:26 +0100)]
net: set endianness on all backend devices

commit 5be7d9f1b1452613b95c6ba70b8d7ad3d0797991
       vhost-net: tell tap backend about the vnet endianness

makes vhost net to set the endianness of the device, but only for
the first device.

In case of multiqueue, we have multiple devices... This patch sets the
endianness for all the devices of the interface.

Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
8 years agofix MSI injection on Xen
Stefano Stabellini [Wed, 13 Jan 2016 14:59:09 +0000 (14:59 +0000)]
fix MSI injection on Xen

On Xen MSIs can be remapped into pirqs, which are a type of event
channels. It's mostly for the benefit of PCI passthrough devices, to
avoid the overhead of interacting with the emulated lapic.

However remapping interrupts and MSIs is also supported for emulated
devices, such as the e1000 and virtio-net.

When an interrupt or an MSI is remapped into a pirq, masking and
unmasking is done by masking and unmasking the event channel. The
masking bit on the PCI config space or MSI-X table should be ignored,
but it isn't at the moment.

As a consequence emulated devices which use MSI or MSI-X, such as
virtio-net, don't work properly (the guest doesn't receive any
notifications). The mechanism was working properly when xen_apic was
introduced, but I haven't narrowed down which commit in particular is
causing the regression.

Fix the issue by ignoring the masking bit for MSI and MSI-X which have
been remapped into pirqs.

Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
8 years agointel_iommu: large page support
Jason Wang [Thu, 14 Jan 2016 05:47:24 +0000 (00:47 -0500)]
intel_iommu: large page support

Current intel_iommu only supports 4K page which may not be sufficient
to cover guest working set. This patch tries to enable 2M and 1G mapping
for intel_iommu. This is also useful for future device IOTLB
implementation to have a better hit rate.

Major work is adding a page mask field on IOTLB entry to make it
support large page. And also use the slpte level as key to do IOTLB
lookup. MAMV was increased to 18 to support direct invalidation for 1G
mapping.

Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Richard Henderson <rth@twiddle.net>
Cc: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
8 years agodimm: Correct type of MemoryHotplugState->base
David Gibson [Thu, 21 Jan 2016 01:37:51 +0000 (12:37 +1100)]
dimm: Correct type of MemoryHotplugState->base

The 'base' field of MemoryHotplugState is ram_addr_t, which indicates that
it exists in the abstract address space of RAM regions.

However, the actual usage of this field indicates that it is a concrete
physical address (it's passed as an offset to memory_region_add_subgregion
for example).

So, correct its type to 'hwaddr'.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Acked-by: Eduardo Habkost <ehabkost@redhat.com>
8 years agopc: set the OEM fields in the RSDT and the FADT from the SLIC
Laszlo Ersek [Mon, 18 Jan 2016 14:12:13 +0000 (15:12 +0100)]
pc: set the OEM fields in the RSDT and the FADT from the SLIC

The Microsoft spec about the SLIC and MSDM ACPI tables at
<http://go.microsoft.com/fwlink/p/?LinkId=234834> requires the OEM ID and
OEM Table ID fields to be consistent between the SLIC and the RSDT/XSDT.
That further affects the FADT, because a similar match between the FADT
and the RSDT/XSDT is required by the ACPI spec in general.

This patch wires up the previous three patches.

Cc: "Michael S. Tsirkin" <mst@redhat.com> (supporter:ACPI/SMBIOS)
Cc: Igor Mammedov <imammedo@redhat.com> (supporter:ACPI/SMBIOS)
Cc: Paolo Bonzini <pbonzini@redhat.com> (maintainer:X86)
Cc: Richard W.M. Jones <rjones@redhat.com>
Cc: Aleksei Kovura <alex3kov@zoho.com>
Cc: Michael Tokarev <mjt@tls.msk.ru>
Cc: Steven Newbury <steve@snewbury.org.uk>
RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1248758
LP: https://bugs.launchpad.net/qemu/+bug/1533848
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Steven Newbury <steve@snewbury.org.uk>
8 years agoacpi: add function to extract oem_id and oem_table_id from the user's SLIC
Laszlo Ersek [Mon, 18 Jan 2016 14:12:12 +0000 (15:12 +0100)]
acpi: add function to extract oem_id and oem_table_id from the user's SLIC

The acpi_get_slic_oem() function stores pointers to these fields in the
(first) SLIC table that the user passes in with the -acpitable switch.

Cc: "Michael S. Tsirkin" <mst@redhat.com> (supporter:ACPI/SMBIOS)
Cc: Igor Mammedov <imammedo@redhat.com> (supporter:ACPI/SMBIOS)
Cc: Richard W.M. Jones <rjones@redhat.com>
Cc: Aleksei Kovura <alex3kov@zoho.com>
Cc: Michael Tokarev <mjt@tls.msk.ru>
Cc: Steven Newbury <steve@snewbury.org.uk>
RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1248758
LP: https://bugs.launchpad.net/qemu/+bug/1533848
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Steven Newbury <steve@snewbury.org.uk>
8 years agoacpi: expose oem_id and oem_table_id in build_rsdt()
Laszlo Ersek [Mon, 18 Jan 2016 14:12:11 +0000 (15:12 +0100)]
acpi: expose oem_id and oem_table_id in build_rsdt()

Since build_rsdt() is implemented as common utility code (in
"hw/acpi/aml-build.c"), it should expose -- and forward -- the oem_id and
oem_table_id parameters between board code and the generic build_header()
function.

Cc: "Michael S. Tsirkin" <mst@redhat.com> (supporter:ACPI/SMBIOS)
Cc: Igor Mammedov <imammedo@redhat.com> (supporter:ACPI/SMBIOS)
Cc: Shannon Zhao <zhaoshenglong@huawei.com> (maintainer:ARM ACPI Subsystem)
Cc: Paolo Bonzini <pbonzini@redhat.com> (maintainer:X86)
Cc: Richard W.M. Jones <rjones@redhat.com>
Cc: Aleksei Kovura <alex3kov@zoho.com>
Cc: Michael Tokarev <mjt@tls.msk.ru>
Cc: Steven Newbury <steve@snewbury.org.uk>
RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1248758
LP: https://bugs.launchpad.net/qemu/+bug/1533848
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Shannon Zhao <shannon.zhao@linaro.org>
8 years agoacpi: take oem_id in build_header(), optionally
Laszlo Ersek [Mon, 18 Jan 2016 14:12:10 +0000 (15:12 +0100)]
acpi: take oem_id in build_header(), optionally

This patch is the continuation of commit 8870ca0e94f2 ("acpi: support
specified oem table id for build_header"). It will allow us to control the
OEM ID field too in the SDT header.

Cc: "Michael S. Tsirkin" <mst@redhat.com> (supporter:ACPI/SMBIOS)
Cc: Igor Mammedov <imammedo@redhat.com> (supporter:ACPI/SMBIOS)
Cc: Xiao Guangrong <guangrong.xiao@linux.intel.com> (maintainer:NVDIMM)
Cc: Shannon Zhao <zhaoshenglong@huawei.com> (maintainer:ARM ACPI Subsystem)
Cc: Paolo Bonzini <pbonzini@redhat.com> (maintainer:X86)
Cc: Richard W.M. Jones <rjones@redhat.com>
Cc: Aleksei Kovura <alex3kov@zoho.com>
Cc: Michael Tokarev <mjt@tls.msk.ru>
Cc: Steven Newbury <steve@snewbury.org.uk>
RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1248758
LP: https://bugs.launchpad.net/qemu/+bug/1533848
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Shannon Zhao <shannon.zhao@linaro.org>
8 years agopc: Eliminate PcGuestInfo struct
Eduardo Habkost [Fri, 11 Dec 2015 18:42:33 +0000 (16:42 -0200)]
pc: Eliminate PcGuestInfo struct

The struct is not used for anything, now.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
8 years agopc: Move APIC and NUMA data from PcGuestInfo to PCMachineState
Eduardo Habkost [Fri, 11 Dec 2015 18:42:32 +0000 (16:42 -0200)]
pc: Move APIC and NUMA data from PcGuestInfo to PCMachineState

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
8 years agopc: Move PcGuestInfo.fw_cfg to PCMachineState
Eduardo Habkost [Fri, 11 Dec 2015 18:42:31 +0000 (16:42 -0200)]
pc: Move PcGuestInfo.fw_cfg to PCMachineState

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
8 years agopc: Remove PcGuestInfo.isapc_ram_fw field
Eduardo Habkost [Fri, 11 Dec 2015 18:42:30 +0000 (16:42 -0200)]
pc: Remove PcGuestInfo.isapc_ram_fw field

The code can use the PCMachineClass.pci_enabled field directly.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
8 years agopc: Remove RAM size fields from PcGuestInfo
Eduardo Habkost [Fri, 11 Dec 2015 18:42:29 +0000 (16:42 -0200)]
pc: Remove RAM size fields from PcGuestInfo

The ACPI code can use the PCMachineState fields directly.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
8 years agopc: Remove compat fields from PcGuestInfo
Eduardo Habkost [Fri, 11 Dec 2015 18:42:28 +0000 (16:42 -0200)]
pc: Remove compat fields from PcGuestInfo

Remove the fields: legacy_acpi_table_size, has_acpi_build,
has_reserved_memory, and rsdp_in_ram from PcGuestInfo, and let
the existing code use the PCMachineClass fields directly.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
8 years agoacpi: Don't save PcGuestInfo on AcpiBuildState
Eduardo Habkost [Fri, 11 Dec 2015 18:42:27 +0000 (16:42 -0200)]
acpi: Don't save PcGuestInfo on AcpiBuildState

We don't need to save the pointer on AcpiBuildState, as it is not
used anymore.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
8 years agoacpi: Remove guest_info parameters from functions
Eduardo Habkost [Fri, 11 Dec 2015 18:42:26 +0000 (16:42 -0200)]
acpi: Remove guest_info parameters from functions

We can use PC_MACHINE(qdev_get_machine())->acpi_guest_info to get
guest_info.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
8 years agopc: Simplify xen_load_linux() signature
Eduardo Habkost [Fri, 11 Dec 2015 18:42:25 +0000 (16:42 -0200)]
pc: Simplify xen_load_linux() signature

We can get the PcGuestInfo struct directly from PCMachineState,
and the return value is not needed at all.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
8 years agopc: Simplify pc_memory_init() signature
Eduardo Habkost [Fri, 11 Dec 2015 18:42:24 +0000 (16:42 -0200)]
pc: Simplify pc_memory_init() signature

We can get the PcGuestInfo struct directly from PCMachineState,
and the return value is not needed at all.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
8 years agopc: Eliminate struct PcGuestInfoState
Eduardo Habkost [Fri, 11 Dec 2015 18:42:23 +0000 (16:42 -0200)]
pc: Eliminate struct PcGuestInfoState

Instead of allocating a new struct just for PcGuestInfo and the
mchine_done Notifier, place them inside PCMachineState.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
8 years agopc: Move PcGuestInfo declaration to top of file
Eduardo Habkost [Fri, 11 Dec 2015 18:42:22 +0000 (16:42 -0200)]
pc: Move PcGuestInfo declaration to top of file

The struct will be used inside PCMachineState.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
8 years agoipmi: add ACPI power and GUID commands
Cédric Le Goater [Mon, 25 Jan 2016 14:07:34 +0000 (15:07 +0100)]
ipmi: add ACPI power and GUID commands

>From the specs (20.8 Get Device GUID Command), the command needs to
return a GUID (Globally Unique ID), or UUID, that should never change
over the lifetime of the device. qemu_uuid looked like a good
candidate to start with but we could use a specific BMC property also
if needed.

Signed-off-by: Cédric Le Goater <clg@fr.ibm.com>
Acked-by: Corey Minyard <cminyard@mvista.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
8 years agoipmi: add GET_SYS_RESTART_CAUSE chassis command
Cédric Le Goater [Mon, 25 Jan 2016 14:07:33 +0000 (15:07 +0100)]
ipmi: add GET_SYS_RESTART_CAUSE chassis command

This is a simulator. Just return an unknown cause (0).

Signed-off-by: Cédric Le Goater <clg@fr.ibm.com>
Acked-by: Corey Minyard <cminyard@mvista.com>
Reviewed-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
8 years agoipmi: add get and set SENSOR_TYPE commands
Cédric Le Goater [Mon, 25 Jan 2016 14:07:32 +0000 (15:07 +0100)]
ipmi: add get and set SENSOR_TYPE commands

Signed-off-by: Cédric Le Goater <clg@fr.ibm.com>
Acked-by: Corey Minyard <cminyard@mvista.com>
Reviewed-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
8 years agoipmi: introduce a struct ipmi_sdr_compact
Cédric Le Goater [Mon, 25 Jan 2016 14:07:31 +0000 (15:07 +0100)]
ipmi: introduce a struct ipmi_sdr_compact

Currently, sdr attributes are identified using byte offsets and this
can be a bit confusing.

This patch adds a struct ipmi_sdr_compact conforming to the IPMI specs
and replaces byte offsets with names. It also introduces and uses a
struct ipmi_sdr_header in sections of the code where no assumption is
made on the type of SDR. This leave rooms to potential usage of other
types in the future.

Signed-off-by: Cédric Le Goater <clg@fr.ibm.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
8 years agoipmi: fix SDR length value
Cédric Le Goater [Mon, 25 Jan 2016 14:07:30 +0000 (15:07 +0100)]
ipmi: fix SDR length value

The IPMI BMC simulator populates the SDR table with a set of initial
SDRs. The length of each SDR is taken from the record itself (byte 4)
which does not include the size of the header. But, the full length
(header + data) is required by the sdr_add_entry() routine.

Signed-off-by: Cédric Le Goater <clg@fr.ibm.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
8 years agoipmi: cleanup error_report messages
Cédric Le Goater [Mon, 25 Jan 2016 14:07:29 +0000 (15:07 +0100)]
ipmi: cleanup error_report messages

Signed-off-by: Cédric Le Goater <clg@fr.ibm.com>
Cc: Greg Kurz <gkurz@linux.vnet.ibm.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
8 years agoipmi: replace *_MAXCMD defines
Cédric Le Goater [Mon, 25 Jan 2016 14:07:28 +0000 (15:07 +0100)]
ipmi: replace *_MAXCMD defines

ARRAY_SIZE() is simple to use and removes the need to pre-define
the size of the command arrays.

Signed-off-by: Cédric Le Goater <clg@fr.ibm.com>
Reviewed-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
8 years agoipmi: replace goto by a return statement
Cédric Le Goater [Mon, 25 Jan 2016 14:07:27 +0000 (15:07 +0100)]
ipmi: replace goto by a return statement

Each routine using the IPMI_ADD_RSP_DATA, IPMI_CHECK_CMD_LEN or
IPMI_CHECK_RESERVATION macros needs to define a goto label 'out' to
handle hidden errors. Using directly a return statement has the same
effect and it removes the fact that 'out' needs to be defined.

The code exits in ipmi_sim_handle_command() are a little different
from the rest and a "possible" error in the macro IPMI_ADD_RSP_DATA is
handled before making use of it. This might be a bit excessive as a
minimum response len is currently 300 bytes and the patch checks that
at least 3 are available.

Signed-off-by: Cédric Le Goater <clg@fr.ibm.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Reviewed-by: Corey Minyard <cminyard@mvista.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
8 years agohw/pci: ensure that only PCI/PCIe bridges can be attached to pxb/pxb-pcie devices
Marcel Apfelbaum [Mon, 18 Jan 2016 15:27:26 +0000 (17:27 +0200)]
hw/pci: ensure that only PCI/PCIe bridges can be attached to pxb/pxb-pcie devices

PCI devices can't be plugged directly into PCI extra root bridges
because their resources can't be computed by firmware before the ACPI
tables are loaded.

Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
8 years agovhost-user-test: use correct ROM to speed up and avoid spurious failures
Paolo Bonzini [Thu, 4 Feb 2016 15:00:52 +0000 (16:00 +0100)]
vhost-user-test: use correct ROM to speed up and avoid spurious failures

The mechanism to get the option ROM for virtio-net does not block the
PCI ROM from being loaded. Therefore, in vhost-user-test there are
two entries in the boot menu for the virtio-net card: one as an
embedded option ROM, one from the ROM BAR.

The embedded option ROM in vhost-user-test is the non-EFI-enabled,
while the ROM BAR has an EFI-enabled ROM. The two are compiled with
slightly different parameters, where only the old BIOS-only one doesn't
have a timeout for the "Press Ctrl-B" banner. When using a new
machine type, therefore, the vhost-user-test has to wait for the
EFI-enabled ROM's banner to go away. There are several ways to fix
this:

1) fix the ROMs to have the same configuration

2) add ",romfile=" to the -device line

3) remove --option-rom and add the ROM file name to the -device line

4) use an old machine type

This patch chooses 3. In addition, the file name was wrong because
qtest runs QEMU relative to the top build directory, not to the
x86_64-softmmu/ subdirectory, which is fixed too.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
8 years agohw/pxb: add pxb devices to the bridge category
Marcel Apfelbaum [Wed, 3 Feb 2016 11:56:10 +0000 (13:56 +0200)]
hw/pxb: add pxb devices to the bridge category

Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
8 years agovirtio: combine write of an entry into used ring
Vincenzo Maffione [Sun, 31 Jan 2016 10:29:06 +0000 (11:29 +0100)]
virtio: combine write of an entry into used ring

Fill in an element of the used ring with a single combined access to the
guest physical memory, rather than using two separated accesses.
This reduces the overhead due to expensive address translation.

Signed-off-by: Vincenzo Maffione <v.maffione@gmail.com>
Message-Id: <e4a89a767a4a92cbb6bcc551e151487eb36e1722.1450218353.git.v.maffione@gmail.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
8 years agovirtio: read avail_idx from VQ only when necessary
Vincenzo Maffione [Sun, 31 Jan 2016 10:29:05 +0000 (11:29 +0100)]
virtio: read avail_idx from VQ only when necessary

The virtqueue_pop() implementation needs to check if the avail ring
contains some pending buffers. To perform this check, it is not
always necessary to fetch the avail_idx in the VQ memory, which is
expensive. This patch introduces a shadow variable tracking avail_idx
and modifies virtio_queue_empty() to access avail_idx in physical
memory only when necessary.

Signed-off-by: Vincenzo Maffione <v.maffione@gmail.com>
Message-Id: <b617d6459902773d9f4ab843bfaca764f5af8eda.1450218353.git.v.maffione@gmail.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
8 years agovirtio: cache used_idx in a VirtQueue field
Vincenzo Maffione [Sun, 31 Jan 2016 10:29:04 +0000 (11:29 +0100)]
virtio: cache used_idx in a VirtQueue field

Accessing used_idx in the VQ requires an expensive access to
guest physical memory. Before this patch, 3 accesses are normally
done for each pop/push/notify call. However, since the used_idx is
only written by us, we can track it in our internal data structure.

Signed-off-by: Vincenzo Maffione <v.maffione@gmail.com>
Message-Id: <3d062ec54e9a7bf9fb325c1fd693564951f2b319.1450218353.git.v.maffione@gmail.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
8 years agovirtio: combine the read of a descriptor
Paolo Bonzini [Sun, 31 Jan 2016 10:29:03 +0000 (11:29 +0100)]
virtio: combine the read of a descriptor

Compared to vring, virtio has a performance penalty of 10%.  Fix it
by combining all the reads for a descriptor in a single address_space_read
call.  This also simplifies the code nicely.

Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
8 years agovring: slim down allocation of VirtQueueElements
Paolo Bonzini [Sun, 31 Jan 2016 10:29:02 +0000 (11:29 +0100)]
vring: slim down allocation of VirtQueueElements

Build the addresses and s/g lists on the stack, and then copy them
to a VirtQueueElement that is just as big as required to contain this
particular s/g list.  The cost of the copy is minimal compared to that
of a large malloc.

Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
8 years agovirtio: slim down allocation of VirtQueueElements
Paolo Bonzini [Sun, 31 Jan 2016 10:29:01 +0000 (11:29 +0100)]
virtio: slim down allocation of VirtQueueElements

Build the addresses and s/g lists on the stack, and then copy them
to a VirtQueueElement that is just as big as required to contain this
particular s/g list.  The cost of the copy is minimal compared to that
of a large malloc.

When virtqueue_map is used on the destination side of migration or on
loadvm, the iovecs have already been split at memory region boundary,
so we can just reuse the out_num/in_num we find in the file.

Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
8 years agovirtio: introduce virtqueue_alloc_element
Paolo Bonzini [Sun, 31 Jan 2016 10:29:00 +0000 (11:29 +0100)]
virtio: introduce virtqueue_alloc_element

Allocate the arrays for in_addr/out_addr/in_sg/out_sg outside the
VirtQueueElement.  For now, virtqueue_pop and vring_pop keep
allocating a very large VirtQueueElement.

Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
8 years agovirtio: introduce qemu_get/put_virtqueue_element
Paolo Bonzini [Sun, 31 Jan 2016 10:28:59 +0000 (11:28 +0100)]
virtio: introduce qemu_get/put_virtqueue_element

Move allocation to virtio functions also when loading/saving a
VirtQueueElement.  This will also let the load/save functions
keep backwards compatibility when the VirtQueueElement layout
is changed.

Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
8 years agovirtio: move allocation to virtqueue_pop/vring_pop
Paolo Bonzini [Thu, 4 Feb 2016 14:26:51 +0000 (16:26 +0200)]
virtio: move allocation to virtqueue_pop/vring_pop

The return code of virtqueue_pop/vring_pop is unused except to check for
errors or 0.  We can thus easily move allocation inside the functions
and just return a pointer to the VirtQueueElement.

The advantage is that we will be able to allocate only the space that
is needed for the actual size of the s/g list instead of the full
VIRTQUEUE_MAX_SIZE items.  Currently VirtQueueElement takes about 48K
of memory, and this kind of allocation puts a lot of stress on malloc.
By cutting the size by two or three orders of magnitude, malloc can
use much more efficient algorithms.

The patch is pretty large, but changes to each device are testable
more or less independently.  Splitting it would mostly add churn.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
8 years agoMerge remote-tracking branch 'remotes/amit-migration/tags/migration-for-2.6-2' into...
Peter Maydell [Fri, 5 Feb 2016 14:20:46 +0000 (14:20 +0000)]
Merge remote-tracking branch 'remotes/amit-migration/tags/migration-for-2.6-2' into staging

Migration pull req.

Small fixes, nothing major.

# gpg: Signature made Fri 05 Feb 2016 13:51:30 GMT using RSA key ID 854083B6
# gpg: Good signature from "Amit Shah <amit@amitshah.net>"
# gpg:                 aka "Amit Shah <amit@kernel.org>"
# gpg:                 aka "Amit Shah <amitshah@gmx.net>"

* remotes/amit-migration/tags/migration-for-2.6-2:
  migration: fix bad string passed to error_report()
  static checker: e1000-82540em got aliased to e1000
  migration: remove useless code.
  qmp-commands.hx: Document the missing options for migration capability commands
  qmp-commands.hx: Fix the missing options for migration parameters commands
  migration/ram: Fix some helper functions' parameter to use PageSearchStatus
  savevm: Split load vm state function qemu_loadvm_state
  migration: rename 'file' in MigrationState to 'to_dst_file'
  ram: Split host_from_stream_offset() into two helper functions

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agomigration: fix bad string passed to error_report()
Greg Kurz [Fri, 5 Feb 2016 08:33:26 +0000 (09:33 +0100)]
migration: fix bad string passed to error_report()

state->name does not contain a terminating '\0' and you may get:

Machine type received is 'pseries-2.3y�?' and local is 'pseries-2.4'
load of migration failed: Invalid argument

Let's add a precision modifier to fix this.

Reviewed-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Message-Id: <20160205083201.2201.76109.stgit@bahia.huguette.org>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
8 years agostatic checker: e1000-82540em got aliased to e1000
Amit Shah [Fri, 18 Dec 2015 05:35:47 +0000 (11:05 +0530)]
static checker: e1000-82540em got aliased to e1000

Commit 8304402033e8dbe8e379017d51ed1dd8344f1dce changed the name of the
e1000-82540em device to e1000.  This was flagged:

   Section "e1000-82540em" does not exist in dest

Add the mapping to the changed section names dictionary so the checker
can proceed.

Signed-off-by: Amit Shah <amit.shah@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Message-Id: <7ccfe834c897142dceaa4da87c13b7059fa12aa8.1450416947.git.amit.shah@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
8 years agomigration: remove useless code.
Liang Li [Wed, 27 Jan 2016 06:11:05 +0000 (14:11 +0800)]
migration: remove useless code.

Since 's->state' will be set in migrate_init(), there is no
need to set it before calling migrate_init(). The code and
the related comments can be removed.

Signed-off-by: Liang Li <liang.z.li@intel.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Message-Id: <1453875065-24326-1-git-send-email-liang.z.li@intel.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
8 years agoqmp-commands.hx: Document the missing options for migration capability commands
zhanghailiang [Fri, 15 Jan 2016 03:37:46 +0000 (11:37 +0800)]
qmp-commands.hx: Document the missing options for migration capability commands

Add the missing descriptions for the options of migration capability commands,
and fix the example for query-migrate-capabilities command.

Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Message-Id: <1452829066-9764-7-git-send-email-zhang.zhanghailiang@huawei.com>
[Amit: Strip whitespace]
Signed-off-by: Amit Shah <amit.shah@redhat.com>
8 years agoqmp-commands.hx: Fix the missing options for migration parameters commands
zhanghailiang [Fri, 15 Jan 2016 03:37:45 +0000 (11:37 +0800)]
qmp-commands.hx: Fix the missing options for migration parameters commands

We didn't document x-cpu-throttle-initial/x-cpu-throttle-increment for
commands migrate-set-parameters and query-migrate-parameters.

Here we add the descriptions for these two options and fix the wrong example
for query-migrate-parameters qmp commands.
Besides, this will also fix the bug that we can't set x-cpu-throttle-initial
and x-cpu-throttle-increment through migrate-set-parameters qmp command.

Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Message-Id: <1452829066-9764-6-git-send-email-zhang.zhanghailiang@huawei.com>
[Amit: fix typo in 'auto-converge']
Signed-off-by: Amit Shah <amit.shah@redhat.com>
8 years agomigration/ram: Fix some helper functions' parameter to use PageSearchStatus
zhanghailiang [Fri, 15 Jan 2016 03:37:44 +0000 (11:37 +0800)]
migration/ram: Fix some helper functions' parameter to use PageSearchStatus

Some helper functions use parameters 'RAMBlock *block' and 'ram_addr_t *offset',
We can use 'PageSearchStatus *pss' directly instead, with this change, we
can reduce the number of parameters for these helper function, also
it is easily to add new parameters for these helper functions.

Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Message-Id: <1452829066-9764-5-git-send-email-zhang.zhanghailiang@huawei.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
8 years agosavevm: Split load vm state function qemu_loadvm_state
zhanghailiang [Fri, 15 Jan 2016 03:37:43 +0000 (11:37 +0800)]
savevm: Split load vm state function qemu_loadvm_state

qemu_loadvm_state is too long, and we can simplify it by splitting up
with three helper functions.

Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Message-Id: <1452829066-9764-4-git-send-email-zhang.zhanghailiang@huawei.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
8 years agomigration: rename 'file' in MigrationState to 'to_dst_file'
zhanghailiang [Fri, 15 Jan 2016 03:37:42 +0000 (11:37 +0800)]
migration: rename 'file' in MigrationState to 'to_dst_file'

Rename the 'file' member of MigrationState to 'to_dst_file' to
be consistent with to_src_file, from_src_file and from_dst_file.

Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Message-Id: <1452829066-9764-3-git-send-email-zhang.zhanghailiang@huawei.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
8 years agoram: Split host_from_stream_offset() into two helper functions
zhanghailiang [Fri, 15 Jan 2016 03:37:41 +0000 (11:37 +0800)]
ram: Split host_from_stream_offset() into two helper functions

Split host_from_stream_offset() into two parts:
One is to get ram block, which the block idstr may be get from migration
stream, the other is to get hva (host) address from block and the offset.
Besides, we will do the check working in a new helper offset_in_ramblock().

Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Message-Id: <1452829066-9764-2-git-send-email-zhang.zhanghailiang@huawei.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
8 years agovirtio: move VirtQueueElement at the beginning of the structs
Paolo Bonzini [Sun, 31 Jan 2016 10:28:57 +0000 (11:28 +0100)]
virtio: move VirtQueueElement at the beginning of the structs

The next patch will make virtqueue_pop/vring_pop allocate memory for
the VirtQueueElement. In some cases (blk, scsi, gpu) the device wants
to extend VirtQueueElement with device-specific fields and, until now,
the place of the VirtQueueElement within the containing struct didn't
matter. When allocating the entire block in virtqueue_pop/vring_pop,
however, the containing struct must basically be a "subclass" of
VirtQueueElement, with the VirtQueueElement as the first field. Make
that the case for blk and scsi; gpu is already doing it.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
8 years agotests: pc: acpi: add expected DSDT.bridge blobs and update DSDT blobs
Igor Mammedov [Fri, 22 Jan 2016 14:36:08 +0000 (15:36 +0100)]
tests: pc: acpi: add expected DSDT.bridge blobs and update DSDT blobs

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
8 years agotests: pc: acpi: drop not needed 'expected SSDT' blobs
Igor Mammedov [Fri, 22 Jan 2016 14:36:07 +0000 (15:36 +0100)]
tests: pc: acpi: drop not needed 'expected SSDT' blobs

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
8 years agopc: acpi: merge SSDT into DSDT
Igor Mammedov [Fri, 22 Jan 2016 14:36:06 +0000 (15:36 +0100)]
pc: acpi: merge SSDT into DSDT

Since both tables are built dynamically now,
there is no point in keeping ASL in them in separate
tables.
So do the same as we do for ARM where we have only
DSDT table, i.e. move SSDT ASL into DSDT and
drop SSDT altogether.
This patch doesn't change moved SSDT ASL in any way,
but it opens a way to relatively independently simplify
generated ASL on per device/subsystem basis in
followup series.
It also simplifies bios-tables-test where expected
SSDT blobs could be dropped and only DSDT ones
have to be maintained.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
8 years agoFix virtio migration
Dr. David Alan Gilbert [Fri, 29 Jan 2016 13:18:56 +0000 (13:18 +0000)]
Fix virtio migration

I misunderstood the vmstate macro definition when I reworked the
virtio .get/.put.
The VMSTATE_STRUCT_VARRAY_KNOWN, was described as being for "a
variable length array (i.e. _type *_field) but we know the
length".  However it actually specified operation for arrays embedded in
the struct (i.e. _type _field[]) since it lacked the VMS_POINTER
flag. This caused offset calculation to be completely off, examining and
potentially sending random data instead of the VirtQueue content.

Replace the otherwise unused VMSTATE_STRUCT_VARRAY_KNOWN with a
VMSTATE_STRUCT_VARRAY_POINTER_KNOWN that includes the VMS_POINTER flag
(so now actually doing what it advertises) and use it in the virtio
migration code.

Fixes and description as per Sascha's suggestions/debug.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reported-by: Sascha Silbe <silbe@linux.vnet.ibm.com>
Tested-By: Sascha Silbe <silbe@linux.vnet.ibm.com>
Reviewed-By: Sascha Silbe <silbe@linux.vnet.ibm.com>
Fixes: 50e5ae4dc3e4f21e874512f9e87b93b5472d26e0
Fixes: 2cf0148674430b6693c60d42b7eef721bfa9509f
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Cornelia Huck <cornelia.huck@de.ibm.com>
8 years agoall: Clean up includes
Peter Maydell [Fri, 29 Jan 2016 17:50:05 +0000 (17:50 +0000)]
all: Clean up includes

Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1454089805-5470-16-git-send-email-peter.maydell@linaro.org

8 years agocontrib: Clean up includes
Peter Maydell [Fri, 29 Jan 2016 17:50:04 +0000 (17:50 +0000)]
contrib: Clean up includes

Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1454089805-5470-15-git-send-email-peter.maydell@linaro.org

8 years agoio: Clean up includes
Peter Maydell [Fri, 29 Jan 2016 17:50:03 +0000 (17:50 +0000)]
io: Clean up includes

Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1454089805-5470-14-git-send-email-peter.maydell@linaro.org

8 years agoqom: Clean up includes
Peter Maydell [Fri, 29 Jan 2016 17:50:02 +0000 (17:50 +0000)]
qom: Clean up includes

Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1454089805-5470-13-git-send-email-peter.maydell@linaro.org

8 years agoqobject: Clean up includes
Peter Maydell [Fri, 29 Jan 2016 17:50:01 +0000 (17:50 +0000)]
qobject: Clean up includes

Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1454089805-5470-12-git-send-email-peter.maydell@linaro.org

8 years agonet: Clean up includes
Peter Maydell [Fri, 29 Jan 2016 17:50:00 +0000 (17:50 +0000)]
net: Clean up includes

Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1454089805-5470-11-git-send-email-peter.maydell@linaro.org

8 years agoslirp: Clean up includes
Peter Maydell [Fri, 29 Jan 2016 17:49:59 +0000 (17:49 +0000)]
slirp: Clean up includes

Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1454089805-5470-10-git-send-email-peter.maydell@linaro.org

8 years agoqga: Clean up includes
Peter Maydell [Fri, 29 Jan 2016 17:49:58 +0000 (17:49 +0000)]
qga: Clean up includes

Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1454089805-5470-9-git-send-email-peter.maydell@linaro.org

8 years agoqapi: Clean up includes
Peter Maydell [Fri, 29 Jan 2016 17:49:57 +0000 (17:49 +0000)]
qapi: Clean up includes

Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1454089805-5470-8-git-send-email-peter.maydell@linaro.org

8 years agodisas: Clean up includes
Peter Maydell [Fri, 29 Jan 2016 17:49:56 +0000 (17:49 +0000)]
disas: Clean up includes

Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1454089805-5470-7-git-send-email-peter.maydell@linaro.org

8 years agoutil: Clean up includes
Peter Maydell [Fri, 29 Jan 2016 17:49:55 +0000 (17:49 +0000)]
util: Clean up includes

Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1454089805-5470-6-git-send-email-peter.maydell@linaro.org

8 years agobackends: Clean up includes
Peter Maydell [Fri, 29 Jan 2016 17:49:54 +0000 (17:49 +0000)]
backends: Clean up includes

Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1454089805-5470-5-git-send-email-peter.maydell@linaro.org

8 years agobsd-user: Clean up includes
Peter Maydell [Fri, 29 Jan 2016 17:49:53 +0000 (17:49 +0000)]
bsd-user: Clean up includes

Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1454089805-5470-4-git-send-email-peter.maydell@linaro.org

8 years agostubs: Clean up includes
Peter Maydell [Fri, 29 Jan 2016 17:49:52 +0000 (17:49 +0000)]
stubs: Clean up includes

Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1454089805-5470-3-git-send-email-peter.maydell@linaro.org

8 years agoui: Clean up includes
Peter Maydell [Fri, 29 Jan 2016 17:49:51 +0000 (17:49 +0000)]
ui: Clean up includes

Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1454089805-5470-2-git-send-email-peter.maydell@linaro.org

8 years agoMerge remote-tracking branch 'remotes/mcayland/tags/qemu-openbios-signed' into staging
Peter Maydell [Thu, 4 Feb 2016 16:16:00 +0000 (16:16 +0000)]
Merge remote-tracking branch 'remotes/mcayland/tags/qemu-openbios-signed' into staging

Update OpenBIOS images

# gpg: Signature made Thu 04 Feb 2016 11:18:01 GMT using RSA key ID AE0F321F
# gpg: Good signature from "Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>"

* remotes/mcayland/tags/qemu-openbios-signed:
  Update OpenBIOS images

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoMerge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging
Peter Maydell [Thu, 4 Feb 2016 14:17:11 +0000 (14:17 +0000)]
Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging

# gpg: Signature made Thu 04 Feb 2016 08:26:24 GMT using RSA key ID 398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F  3562 EF04 965B 398D 6211

* remotes/jasowang/tags/net-pull-request:
  net/filter: Fix the output information for command 'info network'
  net: always walk through filters in reverse if traffic is egress
  net: netmap: use nm_open() to open netmap ports
  e1000: eliminate infinite loops on out-of-bounds transfer start
  slirp: Adding family argument to tcp_fconnect()
  slirp: Make udp_attach IPv6 compatible
  slirp: Add sockaddr_equal, make solookup family-agnostic
  slirp: Factorizing and cleaning solookup()
  slirp: Factorizing address translation
  slirp: Make Socket structure IPv6 compatible
  slirp: Adding address family switch for produced frames
  slirp: Generalizing and neutralizing ARP code
  slirp: goto bad in udp_input if sosendto fails
  cadence_gem: fix buffer overflow
  net: cadence_gem: check packet size in gem_recieve
  qemu-doc: Do not promote deprecated -smb and -redir options
  net/slirp: Tell the users when they are using deprecated options

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoMerge remote-tracking branch 'remotes/jnsnow/tags/ide-pull-request' into staging
Peter Maydell [Thu, 4 Feb 2016 12:50:43 +0000 (12:50 +0000)]
Merge remote-tracking branch 'remotes/jnsnow/tags/ide-pull-request' into staging

# gpg: Signature made Wed 03 Feb 2016 20:29:54 GMT using RSA key ID AAFC390E
# gpg: Good signature from "John Snow (John Huston) <jsnow@redhat.com>"

* remotes/jnsnow/tags/ide-pull-request:
  dma: remove now useless DMA_* functions
  sb16: use IsaDma interface instead of global DMA_* functions
  gus: use IsaDma interface instead of global DMA_* functions
  cs4231a: use IsaDma interface instead of global DMA_* functions
  fdc: use IsaDma interface instead of global DMA_* functions
  sparc64: disable floppy DMA
  sparc: disable floppy DMA
  magnum: disable floppy DMA for now
  i8257: implement the IsaDma interface
  isa: add an ISA DMA interface, and store it within the ISA bus
  i8257: move state definition to new independent header
  i8257: QOM'ify
  i8257: add missing const
  i8257: make the DMA running method per controller
  i8257: rename functions to start with i8257_ prefix
  i8257: rename struct dma_regs to I8257Regs
  i8257: rename struct dma_cont to I8257State
  i8257: pass ISA bus to DMA_init() function
  i82374: device only existed as ISA device, so simplify device
  fdc: fix detection under Linux

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agoUpdate OpenBIOS images
Mark Cave-Ayland [Thu, 4 Feb 2016 11:17:44 +0000 (11:17 +0000)]
Update OpenBIOS images

Update OpenBIOS images to SVN r1378 built from submodule.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
8 years agoMerge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20160203' into...
Peter Maydell [Thu, 4 Feb 2016 11:06:35 +0000 (11:06 +0000)]
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20160203' into staging

target-arm queue:
 * virt-acpi-build: add always-on property for timer
 * various fixes for EL2 and EL3 behaviour
 * arm: virt-acpi: each MADT.GICC entry as enabled unconditionally
 * target-arm: Don't report presence of EL2 if it doesn't exist
 * raspi: add raspberry pi 2 machine

# gpg: Signature made Wed 03 Feb 2016 18:58:02 GMT using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>"
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>"

* remotes/pmaydell/tags/pull-target-arm-20160203:
  raspi: add raspberry pi 2 machine
  arm/boot: move highbank secure board setup code to common routine
  bcm2836: add bcm2836 SoC device
  bcm2836_control: add bcm2836 ARM control logic
  bcm2835_peripherals: add rollup device for bcm2835 peripherals
  bcm2835_ic: add bcm2835 interrupt controller
  bcm2835_property: add bcm2835 property channel
  bcm2835_mbox: add BCM2835 mailboxes
  target-arm: Don't report presence of EL2 if it doesn't exist
  libvixl: Avoid std::abs() of 64-bit type
  arm: virt-acpi: each MADT.GICC entry as enabled unconditionally
  target-arm: Implement the S2 MMU inputsize > pamax check
  target-arm: Rename check_s2_startlevel to check_s2_mmu_setup
  target-arm: Apply S2 MMU startlevel table size check to AArch64
  hw/arm: Setup EL1 and EL2 in AArch64 mode for 64bit Linux boots
  target-arm: Make various system registers visible to EL3
  virt-acpi-build: add always-on property for timer

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agonet/filter: Fix the output information for command 'info network'
zhanghailiang [Tue, 26 Jan 2016 06:43:33 +0000 (14:43 +0800)]
net/filter: Fix the output information for command 'info network'

The properties of netfilter object could be changed by 'qom-set'
command, but the output of 'info network' command is not updated,
because it got the old information through nf->info_str, it will
not be updated while we change the value of netfilter's property.

Here we split a helper function that could collect the output
information for filter, and also remove the useless member
'info_str' from struct NetFilterState.

Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Cc: Jason Wang <jasowang@redhat.com>
Cc: Eric Blake <eblake@redhat.com>
Cc: Markus Armbruster <armbru@redhat.com>
Cc: Yang Hongyang <hongyang.yang@easystack.cn>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
8 years agonet: always walk through filters in reverse if traffic is egress
Li Zhijian [Tue, 26 Jan 2016 05:00:22 +0000 (13:00 +0800)]
net: always walk through filters in reverse if traffic is egress

Previously, if we attach more than one filters for a single netdev,
both ingress and egress traffic will go through net filters in same
order like:

ingress: netdev ->filter1 ->filter2 ->...filter[n] ->emulated device
egress: emulated device ->filter1 ->filter2 ->...filter[n] ->netdev.

This is against the natural feeling and will complicate filters
configuration since in some scenes, we hope filters handle the egress
traffic in a reverse order. For example, in colo-proxy (will be
implemented later), we have a redirector filter and a colo-rewriter
filter, we need the filter behave like:

ingress(->)/egress(<-): chardev<->redirector<->colo-rewriter<->emulated device

Since both buffer filter and dump do not require strict order of
filters, this patch switches to always let egress traffic walk through
net filters in reverse to simplify the possible filters configuration
in the future.

Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com>
Reviewed-by: Yang Hongyang <hongyang.yang@easystack.cn>
Signed-off-by: Jason Wang <jasowang@redhat.com>
8 years agonet: netmap: use nm_open() to open netmap ports
Vincenzo Maffione [Mon, 25 Jan 2016 18:24:35 +0000 (19:24 +0100)]
net: netmap: use nm_open() to open netmap ports

This patch simplifies the netmap backend code by means of the nm_open()
helper function provided by netmap_user.h, which hides the details of
open(), iotcl() and mmap() carried out on the netmap device.

Moreover, the semantic of nm_open() makes it possible to open special
netmap ports (e.g. pipes, monitors) and use special modes (e.g. host rings
only, single queue mode, exclusive access).

Signed-off-by: Vincenzo Maffione <v.maffione@gmail.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
8 years agoe1000: eliminate infinite loops on out-of-bounds transfer start
Laszlo Ersek [Tue, 19 Jan 2016 13:17:20 +0000 (14:17 +0100)]
e1000: eliminate infinite loops on out-of-bounds transfer start

The start_xmit() and e1000_receive_iov() functions implement DMA transfers
iterating over a set of descriptors that the guest's e1000 driver
prepares:

- the TDLEN and RDLEN registers store the total size of the descriptor
  area,

- while the TDH and RDH registers store the offset (in whole tx / rx
  descriptors) into the area where the transfer is supposed to start.

Each time a descriptor is processed, the TDH and RDH register is bumped
(as appropriate for the transfer direction).

QEMU already contains logic to deal with bogus transfers submitted by the
guest:

- Normally, the transmit case wants to increase TDH from its initial value
  to TDT. (TDT is allowed to be numerically smaller than the initial TDH
  value; wrapping at or above TDLEN bytes to zero is normal.) The failsafe
  that QEMU currently has here is a check against reaching the original
  TDH value again -- a complete wraparound, which should never happen.

- In the receive case RDH is increased from its initial value until
  "total_size" bytes have been received; preferably in a single step, or
  in "s->rxbuf_size" byte steps, if the latter is smaller. However, null
  RX descriptors are skipped without receiving data, while RDH is
  incremented just the same. QEMU tries to prevent an infinite loop
  (processing only null RX descriptors) by detecting whether RDH assumes
  its original value during the loop. (Again, wrapping from RDLEN to 0 is
  normal.)

What both directions miss is that the guest could program TDLEN and RDLEN
so low, and the initial TDH and RDH so high, that these registers will
immediately be truncated to zero, and then never reassume their initial
values in the loop -- a full wraparound will never occur.

The condition that expresses this is:

  xdh_start >= s->mac_reg[XDLEN] / sizeof(desc)

i.e., TDH or RDH start out after the last whole rx or tx descriptor that
fits into the TDLEN or RDLEN sized area.

This condition could be checked before we enter the loops, but
pci_dma_read() / pci_dma_write() knows how to fill in buffers safely for
bogus DMA addresses, so we just extend the existing failsafes with the
above condition.

This is CVE-2016-1981.

Cc: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Petr Matousek <pmatouse@redhat.com>
Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Cc: Prasad Pandit <ppandit@redhat.com>
Cc: Michael Roth <mdroth@linux.vnet.ibm.com>
Cc: Jason Wang <jasowang@redhat.com>
Cc: qemu-stable@nongnu.org
RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1296044
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
8 years agoslirp: Adding family argument to tcp_fconnect()
Guillaume Subiron [Sat, 19 Dec 2015 21:25:03 +0000 (22:25 +0100)]
slirp: Adding family argument to tcp_fconnect()

This patch simply adds a unsigned short family argument to remove the hardcoded
"AF_INET" in the call of qemu_socket().

This prepares for IPv6 support.

Signed-off-by: Guillaume Subiron <maethor@subiron.org>
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
8 years agoslirp: Make udp_attach IPv6 compatible
Guillaume Subiron [Sat, 19 Dec 2015 21:25:02 +0000 (22:25 +0100)]
slirp: Make udp_attach IPv6 compatible

A unsigned short is now passed in argument to udp_attach instead of using a
hardcoded "AF_INET" to call qemu_socket().

This prepares for IPv6 support.

Signed-off-by: Guillaume Subiron <maethor@subiron.org>
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
8 years agoslirp: Add sockaddr_equal, make solookup family-agnostic
Guillaume Subiron [Sat, 19 Dec 2015 21:25:01 +0000 (22:25 +0100)]
slirp: Add sockaddr_equal, make solookup family-agnostic

This patch makes solookup() compatible with varying address
families, by using a new sockaddr_equal() function that compares
two sockaddr_storage.

This prepares for IPv6 support.

Signed-off-by: Guillaume Subiron <maethor@subiron.org>
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
8 years agoslirp: Factorizing and cleaning solookup()
Guillaume Subiron [Sat, 19 Dec 2015 21:25:00 +0000 (22:25 +0100)]
slirp: Factorizing and cleaning solookup()

solookup() was only compatible with TCP. Having the socket list in
argument, it is now compatible with UDP too.

Some optimization code is factorized inside the function (the function
look at the last returned result before browsing the complete socket
list).

This prepares for IPv6 support.

Signed-off-by: Guillaume Subiron <maethor@subiron.org>
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
8 years agoslirp: Factorizing address translation
Guillaume Subiron [Sat, 19 Dec 2015 21:24:59 +0000 (22:24 +0100)]
slirp: Factorizing address translation

This patch factorizes some duplicate code into a new function,
sotranslate_out(). This function perform the address translation when a
packet is transmitted to the host network. If the packet is destinated
to the host, the loopback address is used, and if the packet is
destinated to the virtual DNS, the real DNS address is used. This code
is just a copy of the existent, but factorized and ready to manage the
IPv6 case.

On the same model, the major part of udp_output() code is moved into a
new sotranslate_in(). This function is directly used in sorecvfrom(),
like sotranslate_out() in sosendto().
udp_output() becoming useless, it is removed and udp_output2() is
renamed into udp_output(). This adds consistency with the udp6_output()
function introduced by further patches.

Lastly, this factorizes some duplicate code into sotranslate_accept(), which
performs the address translation when a connection is established on the host
for port forwarding: if it comes from localhost, the host virtual address is
used instead.

This prepares for IPv6 support.

Signed-off-by: Guillaume Subiron <maethor@subiron.org>
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
8 years agoslirp: Make Socket structure IPv6 compatible
Guillaume Subiron [Sat, 19 Dec 2015 21:24:58 +0000 (22:24 +0100)]
slirp: Make Socket structure IPv6 compatible

This patch replaces foreign and local address/port couples in Socket
structure by 2 sockaddr_storage which can be casted in sockaddr_in.
Direct access to address and port is still possible thanks to some
\#define, so retrocompatibility of the existing code is assured.

The ss_family field of sockaddr_storage is declared after each socket
creation.

The whole structure is also saved/restored when a Qemu session is
saved/restored.

This prepares for IPv6 support.

Signed-off-by: Guillaume Subiron <maethor@subiron.org>
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
8 years agoslirp: Adding address family switch for produced frames
Guillaume Subiron [Sat, 19 Dec 2015 21:24:57 +0000 (22:24 +0100)]
slirp: Adding address family switch for produced frames

In if_encap, a switch is added to prepare for the IPv6 case. Some code
is factorized.

This prepares for IPv6 support.

Signed-off-by: Guillaume Subiron <maethor@subiron.org>
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
8 years agoslirp: Generalizing and neutralizing ARP code
Guillaume Subiron [Sat, 19 Dec 2015 21:24:56 +0000 (22:24 +0100)]
slirp: Generalizing and neutralizing ARP code

Basically, this patch replaces "arp" by "resolution" every time "arp"
means "mac resolution" and not specifically ARP.

This prepares for IPv6 support.

Signed-off-by: Guillaume Subiron <maethor@subiron.org>
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
8 years agoslirp: goto bad in udp_input if sosendto fails
Guillaume Subiron [Sat, 19 Dec 2015 21:24:55 +0000 (22:24 +0100)]
slirp: goto bad in udp_input if sosendto fails

Before this patch, if sosendto fails, udp_input is executed as if the
packet was sent, recording the packet for icmp errors, which does not
makes sense since the packet was not actually sent, errors would be
related to a previous packet.

This patch adds a goto bad to cut the execution of this function.

Signed-off-by: Guillaume Subiron <maethor@subiron.org>
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
8 years agocadence_gem: fix buffer overflow
Michael S. Tsirkin [Thu, 14 Jan 2016 09:43:30 +0000 (11:43 +0200)]
cadence_gem: fix buffer overflow

gem_transmit copies a packet from guest into an tx_packet[2048]
array on stack, with size limited by descriptor length set by guest.  If
guest is malicious and specifies a descriptor length that is too large,
and should packet size exceed array size, this results in a buffer
overflow.

Reported-by: 刘令 <liuling-it@360.cn>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
8 years agonet: cadence_gem: check packet size in gem_recieve
Prasad J Pandit [Fri, 15 Jan 2016 07:00:40 +0000 (12:30 +0530)]
net: cadence_gem: check packet size in gem_recieve

While receiving packets in 'gem_receive' routine, if Frame Check
Sequence(FCS) is enabled, it copies the packet into a local
buffer without checking its size. Add check to validate packet
length against the buffer size to avoid buffer overflow.

Reported-by: Ling Liu <liuling-it@360.cn>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Jason Wang <jasowang@redhat.com>
8 years agoqemu-doc: Do not promote deprecated -smb and -redir options
Thomas Huth [Wed, 13 Jan 2016 08:21:02 +0000 (09:21 +0100)]
qemu-doc: Do not promote deprecated -smb and -redir options

Since -smb and -redir are deprecated options, we should not
use them as examples in the documentation anymore.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
8 years agonet/slirp: Tell the users when they are using deprecated options
Thomas Huth [Wed, 13 Jan 2016 08:05:32 +0000 (09:05 +0100)]
net/slirp: Tell the users when they are using deprecated options

We don't want to support the legacy -tftp, -bootp, -smb and
-net channel options forever. So let's start telling the users
that they are deprecated and what option should be used instead.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
8 years agoMerge remote-tracking branch 'remotes/stefanha/tags/tracing-pull-request' into staging
Peter Maydell [Wed, 3 Feb 2016 19:00:33 +0000 (19:00 +0000)]
Merge remote-tracking branch 'remotes/stefanha/tags/tracing-pull-request' into staging

# gpg: Signature made Wed 03 Feb 2016 15:47:34 GMT using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"

* remotes/stefanha/tags/tracing-pull-request:
  log: add "-d trace:PATTERN"
  trace: switch default backend to "log"
  trace: convert stderr backend to log
  log: move qemu-log.c into util/ directory
  log: do not unnecessarily include qom/cpu.h
  trace: add "-trace help"
  trace: add "-trace enable=..."
  trace: no need to call trace_backend_init in different branches now
  trace: split trace_init_file out of trace_init_backends
  trace: split trace_init_events out of trace_init_backends
  trace: fix documentation
  trace: track enabled events in a separate array
  trace: count number of enabled events

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8 years agodma: remove now useless DMA_* functions
Hervé Poussineau [Wed, 3 Feb 2016 16:28:58 +0000 (11:28 -0500)]
dma: remove now useless DMA_* functions

Keep only DMA_init function as a wrapper around DMA controllers creation.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Message-id: 1453843944-26833-20-git-send-email-hpoussin@reactos.org
Signed-off-by: John Snow <jsnow@redhat.com>
8 years agosb16: use IsaDma interface instead of global DMA_* functions
Hervé Poussineau [Wed, 3 Feb 2016 16:28:58 +0000 (11:28 -0500)]
sb16: use IsaDma interface instead of global DMA_* functions

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Message-id: 1453843944-26833-19-git-send-email-hpoussin@reactos.org
Signed-off-by: John Snow <jsnow@redhat.com>