review.tizen.org Git - sdk/emulator/qemu.git/log

Merge remote-tracking branch 'afaerber/prep-up' into staging

* afaerber/prep-up:
  prep: Use i82378 PCI->ISA bridge for 'prep' machine
  prep: Add i82378 PCI-to-ISA bridge emulation
  prep: Add i82374 DMA emulation
  MAINTAINERS: Add PCI host bridge files to PReP machine
  prep: qdev'ify Raven host bridge (SysBus)
  prep_pci: Update I/O to MemoryRegion ops
  prep_pci: Simplify I/O endianness
  prep: qdev'ify Raven host bridge (PCIDevice)
  prep: Use ISA m48t59
  prep: Fix offset of BIOS MemoryRegion

e1000: bounds packet size against buffer size

Otherwise we can write beyond the buffer and corrupt memory. This is tracked
as CVE-2012-0029.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

target-sparc: Fix mixup of uint64 and uint64_t

Commit 793a137a41ad4125011c7022cf16a1baa40a5ab6 (target-sparc:
Implement BMASK/BSHUFFLE.) introduced a stray usage of softfloat uint64
type.

Use uint64_t instead.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Cc: Richard Henderson <rth@twiddle.net>
Cc: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

sga: fix copypasta

Fix the name of the init function.

Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

vga: make Cirrus ISA device optional

Reviewed-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

vga: improve VGA logic

Improve VGA selection logic, push check for device availabilty to vl.c.
Create the devices at board level unconditionally.

Remove now unused pci_try_create*() functions.

Make PCI VGA devices optional.

Reviewed-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

grackle_pci: Clean up qdev names

Rename SysBus device from 'grackle' to 'grackle-pcihost' to resolve a
name conflict.

Also mark both devices as no_user.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Cc: Alexander Graf <agraf@suse.de>
Cc: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>

MAINTAINERS: Add PCI-PCI bridge to New World Mac machine

Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

PPC: Pseries: Check for PCI boundaries

We call pci_host_config_{read,write}_common() which perform PCI config
accesses. However they don't do all limit checking the way we expect
it to.

So let's introduce a small wrapper around them, making them behave the
way we would without touching generic code.

This patch is based on a patch by David Gibson which put this logic into
the generic code.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>

MAINTAINERS: Add PCI host bridge files to CHRP machines

Just like prep_pci.c, these were not associated with any MAINTAINERS
section, including PCI.

Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Cc: Alexander Graf <agraf@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

MAINTAINERS: Add qemu-ppc to all ppc target stuff

Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Cc: Alexander Graf <agraf@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>

pseries: SLOF PCI flag day

Currently on the pseries machine the SLOF firmware is used normally,
but we bypass it when -kernel is specified.  Having these two

different boot paths can cause some confusion.

In particular at present we need to "probe" the (emulated) PCI bus and
produce device tree nodes for the PCI devices in qemu, for the -kernel
case.  In the SLOF case, it takes the device tree from qemu adds some
stuff to it then passes it on to the kernel.

It's been decided that a better approach is to always boot through
SLOF, even when using -kernel.  WIth this approach we can leave PCI
probing and device node creation to SLOF in all cases which removes a
bunch of code in qemu, and avoids iterating the PCI devices from the
machine specific init code which we're not supposed to do.

This patch changes qemu to always boot through SLOF, and not to create
PCI nodes.  Simultaneously it updates the included version of SLOF
(submodule and binary image) to one which supports (and requires) the
new approach.

The new SLOF version also includes a number of unrelated enhancements:
support for booting from virtio-pci devices and e1000, greatly
improved FCode support and many bugfixes.  It also makes SLOF ready to
be used even when specifying a kernel on the qemu command line.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>

pseries: Use correct dispatcher for PCI config space accesses

The pseries machine expects a para-virtualized guest and so supplies RTAS
functions (via a hypercall) for performing PCI config space access.
Currently the implementation of these calls into
pci_default_{read,write}_config(). However this would be incorrect for
any PCI device which overrides the default config read/write functions.
AFAICT there's only one such device today, but we should still get it
right. In addition the pci_host_config_{read,write}_common() functions
which do correctly do this dispatch, perform bounds checking on the config
space address, lack of which currently leads to an exploitable bug.

This patch corrects the problem.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>

pseries: Support PCI extended config space in RTAS calls

On the pseries machine (which expexts a paravirtualized guest), guest
access to PCI config space is via host-provided RTAS functions. This
patch extends these RTAS functions to permit access to PCI extended
config space, as specified in PAPR.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>

Correct types in bmdma_addr_{read,write}

Back when I made patches introducing dma_addr_t and various PCI DMA
wrapper functions, I made a mistake. The bmdma_addr_{read,write} functions
need to take target_phys_addr_t not dma_addr_t, since they are assigned
to MemoryRegionOps callbacks.

This patch corrects my error.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>

Update gitignore file

This patch adds several auto-generated files to .gitignore which were
previously missing.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>

Fix dirty logging with 32-bit qemu & 64-bit guests

The kvm_get_dirty_pages_log_range() function uses two address
variables to step through the monitored memory region to update the
dirty log. However, these variables have type unsigned long, which
can overflow if running a 64-bit guest with a 32-bit qemu binary.

This patch changes these to target_phys_addr_t which will have the
correct size.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>

load_image_targphys() should enforce the max size

load_image_targphys() gets passed a max size for the file, but doesn't
enforce it at all. Add a check and return -1 (error) if the file is
too big, without loading it. Fix the bracing style in the function
while we're at it.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>

virtio: change memcpy to guest reads

When accessing the device specific virtio config space, we memcpy
the data into a variable in QEMU. At that point we're basically
pulling host endianness into the game which is a really bad idea.

So instead, let's use the target specific load/store helpers for
memory pointers which fetch things in target endianness. The whole
array is already populated in target endianness anyways
(see virtio-blk).

Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>

virtio-pci: Fix endianness of virtio config

The virtio config area in PIO space is a bit special. The initial
header is little endian but the rest (device specific) is guest
native endian.

The PIO accessors for PCI on machines that don't have native IO ports
assume that all PIO is little endian, which works fine for everything
except the above.

A complicated way to fix it would be to split the BAR into two memory
regions with different endianess settings, but this isn't practical
to do, besides, the PIO code doesn't honor region endianness anyway
(I have a patch for that too but it isn't necessary at this stage).

So I decided to go for the quick fix instead which consists of
reverting the swap in virtio-pci in selected places, hoping that when
we eventually do a "v2" of the virtio protocols, we sort that out once
and for all using a fixed endian setting for everything.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
[agraf: keep virtio in libhw and determine endianness through a
helper function in exec.c]
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>

PPC: Bamboo: Integrate SoC instatiation, use qdev for PCI

Now that we have the SoC init function in the same file, let's integrate
it with the board initialization.

While at it, also make use of the newly qdev'ified PCI host controller.

Signed-off-by: Alexander Graf <agraf@suse.de>

PPC: Bamboo: fold ppc440.c and ppc440_bamboo.c into a single file

The separation of ppc440 and ppc440_bamboo makes some sense, since ppc440
is the SoC while ppc440_bamboo is the actual board. But the separation
makes things harder for us for no good reason, so let's just fold them
in together with each other.

Signed-off-by: Alexander Graf <agraf@suse.de>

PPC: 4xx: Qdevify the 440 PCI host controller

Due to popular demand, this qdevifies the PCI host controller of 4xx SoCs
the same way as e500.

We have to introduce a small stub function for pci init that will be
removed in a later patch, once we qdev'ified the board, to keep the build
working.

Signed-off-by: Alexander Graf <agraf@suse.de>

PPC: bamboo: fix whitespace

Tabs followed by spaces are a no-go. My editor shows it red, distracting
me from actual work! :)

Signed-off-by: Alexander Graf <agraf@suse.de>

PPC: bamboo: remove old machine descriptions

Nobody needs to run bamboo in 0.12 compat mode. Remove the machine.

Signed-off-by: Alexander Graf <agraf@suse.de>

PPC: Enable 440EP CPU target

Now that we have 440 TLB emulation, we can also support running the 440EP
CPU target in system emulation mode.

Signed-off-by: Alexander Graf <agraf@suse.de>

PPC: 440: Default to 440EP CPU

Today we're exposing a Virtex 440 CPU to the guest despite the fact
that we're telling the guest that we're running on a 440EP one in the
device tree.

So let's better default to a real 440EP to make things synced again.

Signed-off-by: Alexander Graf <agraf@suse.de>

PPC: Bamboo: recompile device tree

Recent dtc doesn't compile our dts anymore. Change all hex numbers to have
0x prefixes, indicate the old version and recompile using recent dtc.

This doesn't change any semantics in the device tree.

Signed-off-by: Alexander Graf <agraf@suse.de>

PPC: 440: Ignore invalid PCI IRQs

When running a 440 target, we currently get invalid irq_num values (-1)
which completely confuse the IRQ setting code.

This is most likely due to the missing qdev conversion.

While this shouldn't happen in the first place and should really rather
be fixed by converting the target, I dislike segfaults. So for now, let's
just print a warning and ignore invalid irq_num values.

Signed-off-by: Alexander Graf <agraf@suse.de>

PPC: Bamboo: Set initial TLB entry

Back in the day when the bamboo target got introduced, the initial TLB was
dictated by KVM. TCG has been missing initial TLB values ever since, rendering
the target unusable for TCG usage.

This patch adds linear TLB maps the way Linux expects them, making the target
work.

Signed-off-by: Alexander Graf <agraf@suse.de>

PPC: Bamboo: Register CPU reset

To be able to support CPU reset, we need to put all register initialization
and initial state into a CPU reset hook instead of a function that is only
called once on bootup.

This is a preparation step for the initial TLB setting code and brings bamboo
more in line with what e500 and virtex already do.

Signed-off-by: Alexander Graf <agraf@suse.de>

PPC: 440EP: Initialize timer

When using TCG with a BookE PowerPC core, we need to explicitly initialize
the BookE timers with the correct frequencies.

This was missing for 440EP, since that code came from KVM and was never used
with TCG.

Signed-off-by: Alexander Graf <agraf@suse.de>

prep: Use i82378 PCI->ISA bridge for 'prep' machine

Speaker I/O, ISA bus, i8259 PIC, RTC and DMA are no longer set up
individually by the machine. Effectively, no-op speaker I/O is replaced
by pcspk; PIT and i82374 DMA are introduced.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Remove related dead, alternative code.
Wire up PCI host bridge IRQs via GPIO-in IRQs of PCI->ISA bridge.

Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Cc: Alexander Graf <agraf@suse.de>
Cc: Jan Kiszka <jan.kiszka@siemens.com>

prep: Add i82378 PCI-to-ISA bridge emulation

Prepare Intel 82378 emulation for use by PReP platforms.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Create ISA bus in this device (suggested by Markus).
Rebase onto Memory API, mark memory ops as Little Endian.
Add VMState. Provide access to i8259 IRQs via qdev GPIOs.

Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Cc: Markus Armbruster <armbru@redhat.com>
Cc: Alexander Graf <agraf@suse.de>
Cc: Jan Kiszka <jan.kiszka@siemens.com>

prep: Add i82374 DMA emulation

Prepare Intel 82374 emulation for use by Intel 82378 PCI->ISA bridge.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Confine to CONFIG_I82374. Add VMState.

Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Reviewed-by: Alexander Graf <agraf@suse.de>

MAINTAINERS: Add PCI host bridge files to PReP machine

Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Acked-by: Alexander Graf <agraf@suse.de>

prep: qdev'ify Raven host bridge (SysBus)

Drop pci_prep_init() in favor of extended device state. Inspired by
patches from Hervé and Alex.

Assign the 4 IRQs from the board after device instantiation. This moves
the knowledge out of prep_pci and allows for future machines with
different IRQ wiring (IBM 40P). Suggested by Alex.

Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Reviewed-by: Alexander Graf <agraf@suse.de>
Cc: Hervé Poussineau <hpoussin@reactos.org>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Anthony Liguori <aliguori@us.ibm.com>

prep_pci: Update I/O to MemoryRegion ops

Convert to new-style read/write callbacks.

Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Cc: Alexander Graf <agraf@suse.de>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Avi Kivity <avi@redhat.com>
Cc: Benoît Canet <benoit.canet@gmail.com>

prep_pci: Simplify I/O endianness

The prep PowerPC CPU is Big Endian. An explicit byte swap therefore
effectively becomes Little Endian.

Remove explicit byte swaps and mark as Little Endian.

Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Reviewed-by: Alexander Graf <agraf@suse.de>
Cc: Michael S. Tsirkin <mst@redhat.com>

prep: qdev'ify Raven host bridge (PCIDevice)

Move initialization of vendor ID, etc. to PCIDeviceInfo.
Introduce VMState.

Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Reviewed-by: Alexander Graf <agraf@suse.de>
Cc: Hervé Poussineau <hpoussin@reactos.org>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Anthony Liguori <aliguori@us.ibm.com>

prep: Use ISA m48t59

This simplifies the code later when the i8259 moves to the i82378
PCI->ISA bridge and happens to fix a SysBus m48t59 io_base issue
introduced by commit 0fb56ffc5edd66f12ccfc0d71af5f9c79c0a2612 (m48t59:
drop obsolete address base arithmetic). Suggested by Hervé and Jan.

Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Cc: Hervé Poussineau <hpoussin@reactos.org>
Cc: Jan Kiszka <jan.kiszka@siemens.com>
Cc: Blue Swirl <blauwirbel@gmail.com>

prep: Fix offset of BIOS MemoryRegion

Since 0c90c52fab5ea92d7f12b29bfe26a7cd75d9efcb (ppc_prep: convert to memory
API) OHW was "Trying to execute code outside RAM or ROM at 0xfff00700".

The BIOS MemoryRegion is created with a fixed size of 1 MiB.
Ensure that the full size can be accessed since the exception
vectors are located at 0xfff00000 and the BIOS may want to use them.

It thereby no longer depends on the actual BIOS binary size.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Cc: Avi Kivity <avi@redhat.com>
Cc: Alexander Graf <agraf@suse.de>

Merge remote-tracking branch 'spice/spice.v47' into staging

* spice/spice.v47:
qxl: Slot sanity check in qxl_phys2virt() is off by one, fix

Merge remote-tracking branch 'stefanha/trivial-patches' into staging

* stefanha/trivial-patches:
  Makefile: Remove generated headers on clean
  Makefile: Exclude tests/Makefile in unconfigured tree
  lm32: Fix mixup of uint32 and uint32_t
  tests: Silence gtester in Makefile
  qemu-tool: Fix mixup of int64 and int64_t

Merge remote-tracking branch 'qmp/queue/qmp' into staging

* qmp/queue/qmp:
  block: use proper qerrors in qmp_block_resize
  qerror: restore alphabetical order over qerrors
  qerror: add check-qerror.sh to verify alphabetical order
  qmp: Add missing gcc format attribute and fix format string
  qapi: Convert block_set_io_throttle
  qapi: Convert change
  qerror: Extend QERR_DEVICE_ENCRYPTED
  qapi: Introduce change-vnc-password
  monitor: expose readline state
  qapi: Convert eject
  block: eject_device(): Use error_set()
  qapi: Convert expire_password
  qapi: Convert set_password
  vnc: Simplify vnc_display_password()

Merge remote-tracking branch 'pmaydell/arm-devs.for-upstream' into staging

* pmaydell/arm-devs.for-upstream:
  arm: make the number of GIC interrupts configurable
  hw/lan9118: Add save/load support
  arm: Remove incorrect comment in arm_timer
  vexpress, realview: Add (dummy) L2 cache controller

Merge remote-tracking branch 'kraxel/usb.37' into staging

* kraxel/usb.37:
  usb-redir: Improve some debugging messages
  usb-redir: Try to keep our buffer size near the target size
  usb-redir: Pre-fill our isoc input buffer before sending pkts to the host
  usb-redir: Dynamically adjust iso buffering size based on ep interval
  usb-redir: Clear iso / irq error when stopping the stream
  usb: link packets to endpoints not devices
  usb: add max_packet_size to USBEndpoint
  usb/debug: add usb_ep_dump
  usb-desc: USBEndpoint support
  usb: add ifnum to USBEndpoint
  usb: add USBEndpoint
  xhci: Initial xHCI implementation
  usb: add audio device model
  usb-desc: audio endpoint support
  usb: track altsetting in USBDevice
  usb: track configuration and interface count in USBDevice.
  usb-host: rip out legacy procfs support

Makefile: Remove generated headers on clean

Running `make distclean' followed by a new out-of-tree build would fail
due to stale generated QMP headers in the tree.

Commit 611b727374ad76fb0078ea65bc1387194913980e (Makefile: remove more
generated files on clean) made sure generated sources are removed.

Also remove generated headers introduced in commit
e3193601c84558c303b1773379da76fce80c0a56 (qapi: use middle mode in QMP
server).

Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>

Makefile: Exclude tests/Makefile in unconfigured tree

Since commit dbfe06c62ccedc5b64e1c6466445133dd50f6de1 (build:
split unit test builds to a separate makefile fragment),
in absence of config-host.mak an undefined $(SRC_PATH) breaks
`make distclean' due to /tests/Makefile not being include'able.

Fix by only including when config-host.mak is present.

Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Cc: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>

lm32: Fix mixup of uint32 and uint32_t

Commit d23948b15a9920fb7f6374b55a6db1ecff81f3ee (lm32: add Milkymist
VGAFB support) introduced a stray usage of the softfloat uint32 type.

Use uint32_t instead.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Michael Walle <michael@walle.cc>
Cc: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>

tests: Silence gtester in Makefile

This prettifies make output a little by avoiding a very long line.
As gtester prints the checks when they are run, no information is lost.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>

qemu-tool: Fix mixup of int64 and int64_t

Commit cbcfa0418f0c196afa765f5c9837b9344d1adcf3 (link the main loop and
its dependencies into the tools) introduced stray usages of int64.

Use int64_t instead.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>

block: use proper qerrors in qmp_block_resize

Let's report specific errors so that management tools and users can
identify the problem.

Two new qerrors are needed:
* QERR_DEVICE_HAS_NO_MEDIUM for ENOMEDIUM
* QERR_DEVICE_IS_READ_ONLY for EACCES

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

qerror: restore alphabetical order over qerrors

Over time these must have gotten out of order. Put everything back in
alphabetical order.

This is purely a clean up. In practice nothing depends on the order.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

qerror: add check-qerror.sh to verify alphabetical order

We're supposed to keep qerror definitions and table entries in
alphabetical order. In practice this is not checked.

I haven't found a nice way to integrate this into the makefile yet but
we can at least have this script which verifies that qerrors are in
alphabetical order.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

qmp: Add missing gcc format attribute and fix format string

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

qapi: Convert block_set_io_throttle

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

qapi: Convert change

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

qerror: Extend QERR_DEVICE_ENCRYPTED

Include the name of the encrypted file.

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

qapi: Introduce change-vnc-password

New QMP command to change the VNC password.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

monitor: expose readline state

HMP is now implemented in terms of QMP. The monitor has a bunch of logic to
deal with HMP right now like readline support. Export it from the monitor so
we can consume it in hmp.c.

In short time, hmp.c will take over all of the readline bits.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

qapi: Convert eject

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

block: eject_device(): Use error_set()

Also drops the leftover 'mon' argument.

This is a preparation for the next commits which will port the
eject and change commands to the QAPI.

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

qapi: Convert expire_password

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

qapi: Convert set_password

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

vnc: Simplify vnc_display_password()

Drop the qerror_report() call from it and let its callers set the error
themselves. This also allows for dropping the 'ret' variable.

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

qxl: Slot sanity check in qxl_phys2virt() is off by one, fix

Spotted by Coverity.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

arm: make the number of GIC interrupts configurable

Increase the maximum number of GIC interrupts for a9mp and a11mp to 1020,
and create a configurable property for each defaulting to 96 and 64
(respectively) so that device modelers can set the value appropriately
for their SoC. Other ARM processors also set their maximum number of
used IRQs appropriately.

Set the maximum theoretical number of GIC interrupts to 1020 and
update the save/restore code to only use the appropriate number for
each SoC.

Signed-off-by: Mark Langsdorf <mark.langsdorf@calxeda.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
[Peter Maydell: fixed minor whitespace snafu]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

hw/lan9118: Add save/load support

Implement save/load for the LAN9118.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>

arm: Remove incorrect comment in arm_timer

The current comment says that the arm_timers are restricted to between
32 KHz and 1 MHz, but sp804 TRM does not specify those limits.

Signed-off-by: Mark Langsdorf <mark.langsdorf@calxeda.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

vexpress, realview: Add (dummy) L2 cache controller

Instantiate the L2 cache controller on the ARM devboards which have one,
since we have a dummy model of it now. Note that the only non-MP board
with an L2x0 is the PB1176, which we don't model.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

usb-redir: Improve some debugging messages

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

usb-redir: Try to keep our buffer size near the target size

Before this patch we would allow the (iso) buffer to grow unlimited
(and it would under certain circumstances) leading to way too high
latencies for iso data streams.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

usb-redir: Pre-fill our isoc input buffer before sending pkts to the host

This is something which should have been done from the first version of
usb-redir, but wasn't.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

usb-redir: Dynamically adjust iso buffering size based on ep interval

Note the bufpq_target_size id stored in the endpoint info struct,
even though it only used once. This is done because it will be
referenced from other code in a follow up patch.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

usb-redir: Clear iso / irq error when stopping the stream

And ignore status messages from the client which arrive after stream
stop (the stream stop send to the client and an error status reported by
the client my cross each other due to network latency).

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

usb: link packets to endpoints not devices

Add USBEndpoint for the control endpoint to USBDevices. Link async
packets to the USBEndpoint instead of the USBDevice.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

usb: add max_packet_size to USBEndpoint

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

usb/debug: add usb_ep_dump

Add function to dump endpoint data, for debugging purposes.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

usb-desc: USBEndpoint support

Initialize USBEndpoint structs from USBDesc* data.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

usb: add ifnum to USBEndpoint

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

usb: add USBEndpoint

Start maintaining endpoint state at USBDevice level.  Add USBEndpoint
struct and some helper functions to deal with it.  For now it contains
the endpoint type only.  Moved over some bits from usb-linux.c

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

xhci: Initial xHCI implementation

Based on the implementation from Hector Martin <hector@marcansoft.com>

Hectors's implementation completely sidestepped the qemu usb system and
used libusb directly for usb device pass through.  So I've ripped out
the libusb bits (or left them in disabled, as reference for further
coding) and hooked up the qemu subsystem instead.  That work is not
complete yet though, partly due to limitations of the qemu usb
subsystem.  Nevertheless I think it is better to continue development
in-tree, especially as the qemu usb bits need a bunch of improvements
too for decent usb 3.0 support.

Current state:
  - usb-storage emulation should work ok.
  - Devices which need constant polling (HID emulation like usb-tablet)
    are known to not work.
  - ISO xfers are not implemented yet.
  - superspeed ports are not implemented yet.
  - usb pass-through is completely untested so far.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

pxa2xx_keypad: fix unbalanced parenthesis.

Breakage introduced by me when ammending a previous patch, sorry.

hw/arm_boot.c: Make SMP boards specify address to poll in bootup loop

The secondary CPU bootloader in arm_boot.c holds secondary CPUs in a
pen until the primary CPU releases them. Make boards specify the
address to be polled to determine whether to leave the pen (it was
previously hardcoded to 0x10000030, which is a Versatile Express/
Realview specific system register address).

Signed-off-by: Evgeny Voevodin <e.voevodin@samsung.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>

hw/sysbus.h: Increase maximum number of device IRQs.

Samsung exynos4210 Interrupt Combiner needs 512 IRQ sources.

Signed-off-by: Evgeny Voevodin <e.voevodin@samsung.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>

pxa2xx_keypad: make single automatic scans work

u-boot uses single automatic scans and polling in
pxa2xx_keypad driver, so clear KPC_AS bit immediately
and update keys state even if KPC_AS and KPC_ASACT are
cleared.

Signed-off-by: Vasily Khoruzhick <anarsoul@gmail.com>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>

pxa2xx_lcd: fix palette parser

Pallete entry size for 16bpp format is 2 bytes, not 4

Signed-off-by: Vasily Khoruzhick <anarsoul@gmail.com>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>

seabios: Update to release 1.6.3.1

User visible changes in seabios:
- Probe HPET existence (fix for -no-hpet)
- Probe PCI existence (fix for -machine isapc)
- usb: fix boot paths

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>

isapc: Fix segfault during initialization

Obviously, linking the RTC device state to the PIIX does not belong into
the common path that is shared with the isapc.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>

kvm: flush the dirty log when unregistering a slot

Otherwise, the dirty log information is lost in the kernel forever.

Fixes opensuse-12.1 boot screen, which changes the vga windows rapidly.

Signed-off-by: Avi Kivity <avi@redhat.com>

arm: Add dummy support for co-processor 15's secure config register

Signed-off-by: Rob Herring <rob.herring@calxeda.com>
Signed-off-by: Mark Langsdorf <mark.langsdorf@calxeda.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target-arm: Fix errors in decode of M profile CPS

Fix errors in the decode of M profile CPS:
* the decode of the I (affects PRIMASK) and F (affects FAULTMASK)
bits was reversed
* the FAULTMASK system register number is 19, not 17

This fixes an issue reported as LP:913925.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

prepare for future GPLv2+ relicensing

All files under GPLv2 will get GPLv2+ changes starting tomorrow.
event_notifier.c and exec-obsolete.h were only ever touched by Red Hat
employees and can be relicensed now.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

virtio-console: no need to remove char handlers explicitly

qdev is now equipped (thanks to the last commit) to disassociate
chardevs from the qdev devices on the devices going away. So doing it
in the virtio-console driver is not necessary.

Since that was the only thing being done in the qdev exit method, drop
it entirely.

Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

qdev: Add a 'free' method to disassociate chardev from qdev device

When a device is removed, remove the association with a chardev, if any,
so that the chardev can be re-used later for other devices.

Reported-by: Qunfang Zhang <qzhang@redhat.com>
Fix-suggested-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

vectorize is_dup_page

is_dup_page is already proceeding in 32-bit chunks. Changing it
to 16 bytes using Altivec or SSE is easy.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

virtio-blk: refuse SG_IO requests with scsi=off

QEMU does have a "scsi" option (to be used like -device
virtio-blk-pci,drive=foo,scsi=off). However, it only
masks the feature bit, and does not reject the command
if a malicious guest disregards the feature bits and
issues a request.

Without this patch, using scsi=off does not protect you
from CVE-2011-4127.

Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

vmstate: extract declarations out of hw/hw.h

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

ptimer: move declarations to ptimer.h

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>