When processing NCQ commands, AHCI device emulation prepares a
NCQ transfer object; To which an aio control block(aiocb) object
is assigned in 'execute_ncq_command'. In case, when the NCQ
command is invalid, the 'aiocb' object is not assigned, and NCQ
transfer object is left as 'used'. This leads to a use after
free kind of error in 'bdrv_aio_cancel_async' via 'ahci_reset_port'.
Reset NCQ transfer object to 'unused' to avoid it.
[Maintainer edit: s/ACHI/AHCI/ in the commit message. --js]
Mark Cave-Ayland [Mon, 11 Jan 2016 19:10:42 +0000 (14:10 -0500)]
macio: fix overflow in lba to offset conversion for ATAPI devices
As the IDEState lba field is an int32_t, make sure we cast to int64_t before
shifting to calculate the offset. Otherwise we end up with an overflow when
trying to access sectors beyond 2GB as can occur when using DVD images.
Ashok Kumar [Mon, 11 Jan 2016 15:52:18 +0000 (15:52 +0000)]
hw/arm/virt: Support legacy -nic command line syntax
Support the legacy -nic syntax for creating PCI network devices
as well as the new-style -device options. This makes life easier
for people moving from x86 KVM virtualization to ARM KVM virtualization
and expecting their network configuration options to work the same
way for both setups.
We use "virtio" as the default NIC model if the user doesn't specify one.
Peter Maydell [Mon, 11 Jan 2016 15:52:18 +0000 (15:52 +0000)]
disas/libvixl: Update to upstream VIXL 1.12
Update our copy of libvixl to upstream's 1.12 release.
The major benefit from QEMU's point of view is that some instructions
previously disassembled as "unimplemented (System)" are now displayed
as something more useful. It also fixes some warnings about format
strings that newer w64-mingw32 compilers were emitting.
We didn't have any local changes to libvixl so nothing needed
to be forward-ported.
Although this is a large commit (due to upstream renaming most
of the files), only a few of the files changed in this commit
are not just straight copies of upstream libvixl files:
disas/arm-a64.cc
disas/libvixl/Makefile.objs
disas/libvixl/README
Note that this commit introduces some signed-unsigned comparison
warnings on the old mingw compilers. Those compilers have broken
TLS support anyway so have only ever been much use for compile tests;
anybody still using them should add -Wno-sign-compare to their
--extra-cflags.
Peter Maydell [Mon, 11 Jan 2016 14:22:04 +0000 (14:22 +0000)]
Merge remote-tracking branch 'remotes/riku/tags/pull-linux-user-20160111' into staging
January 2016 Linux-user queque
# gpg: Signature made Mon 11 Jan 2016 14:13:57 GMT using RSA key ID DE3C9BC0
# gpg: Good signature from "Riku Voipio <[email protected]>"
# gpg: aka "Riku Voipio <[email protected]>"
* remotes/riku/tags/pull-linux-user-20160111:
linux-user/mmap.c: Use end instead of real_end in target_mmap
linux-user: Add SOCKOP_sendmmsg and SOCKOP_recvmmsg socket call, wire them up.
linux-user: Update m68k syscall definitions to match Linux 4.4.
linux-user/syscall.c: Use SOL_SOCKET instead of level for setsockopt()
linux-user: enable sigaltstack for all architectures
unicore32: convert get_sp_from_cpustate from macro to inline
linux-user/mmap.c: Always zero MAP_ANONYMOUS memory in mmap_frag()
linux-user,sh4: fix signal retcode address
linux-user: check fd is >= 0 in fd_trans_host_to_target_data/fd_trans_host_to_target_addr
linux-user: manage bind with a socket of SOCK_PACKET type.
linux-user: add a function hook to translate sockaddr
linux-user: rename TargetFdFunc to TargetFdDataFunc, and structure fields accordingly
linux-user: SOCK_PACKET uses network endian to encode protocol in socket()
linux-user/syscall.c: malloc()/calloc() to g_malloc()/g_try_malloc()/g_new0()
linux-user: in poll(), if nfds is 0, pfd can be NULL
linux-user: correctly align target_epoll_event
linux-user: add signalfd/signalfd4 syscalls
Chen Gang [Thu, 24 Dec 2015 01:07:33 +0000 (09:07 +0800)]
linux-user/mmap.c: Use end instead of real_end in target_mmap
The fragment must effectively be mapped only to "end" not to "real_end"
(which is a host page aligned address, and thus this is not a fragment).
It is consistent with what it is done in the case of one single page.
Peter Maydell [Mon, 11 Jan 2016 12:56:58 +0000 (12:56 +0000)]
Merge remote-tracking branch 'remotes/mjt/tags/pull-trivial-patches-2016-01-11' into staging
trivial patches for 2016-01-11
# gpg: Signature made Mon 11 Jan 2016 08:39:32 GMT using RSA key ID A4C3D7DB
# gpg: Good signature from "Michael Tokarev <[email protected]>"
# gpg: aka "Michael Tokarev <[email protected]>"
# gpg: aka "Michael Tokarev <[email protected]>"
* remotes/mjt/tags/pull-trivial-patches-2016-01-11:
hw/s390x: Remove superfluous return statements
hw/core/qdev: Remove superfluous return statement
hw/acpi: Remove superfluous return statement
hw/ide: Remove superfluous return statements
osdep.h: Include glib-compat.h in osdep.h rather than qemu-common.h
scripts/checkpatch.pl: Don't allow special cases of unspaced operators
PCI Bonito: QOMify and cleanup
SH PCI Host: convert to realize()
gt64120: convert to realize()
Add missing syscall nrs. according to more recent Linux kernels
hw/misc/edu: Convert to realize()
configure: fix trace backend check
xen/Makefile.objs: simplify
crypto: Fix typo in example
MAINTAINERS: Add the correct device_tree.h file
iscsi: fix readcapacity error message
net: convert qemu_log to error_report, fix message
linux-user: enable sigaltstack for all architectures
unicore32: convert get_sp_from_cpustate from macro to inline
linux-user: Add SOCKOP_sendmmsg and SOCKOP_recvmmsg socket call, wire them up.
Adds the definitions for the socket calls SOCKOP_sendmmsg
and SOCKOP_recvmmsg and wires them up with the rest of the code.
The necessary function do_sendrecvmmsg() is already present in
linux-user/syscall.c. After adding these two definitions and wiring
them up, I no longer receive an error message about the
unimplemented socket calls when running "apt-get update" on Debian
unstable running on qemu with glibc_2.21 on m68k.
Peter Maydell [Mon, 11 Jan 2016 12:30:02 +0000 (12:30 +0000)]
Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging
# gpg: Signature made Mon 11 Jan 2016 05:22:16 GMT using RSA key ID 398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <[email protected]>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F 3562 EF04 965B 398D 6211
* remotes/jasowang/tags/net-pull-request: (24 commits)
ether/slirp: Avoid redefinition of the same constants
l2tpv3: fix cookie decoding
net: ne2000: fix bounds check in ioport operations
net: rocker: fix an incorrect array bounds check
vmxnet3: Introduce 'x-disable-pcie' back-compat property
vmxnet3: Report the Device Serial Number capability
vmxnet3: The vmxnet3 device is a PCIE endpoint
vmxnet3: coding: Introduce VMXNET3Class
vmxnet3: Introduce 'x-old-msi-offsets' back-compat property
vmxnet3: Change the offset of the MSIX PBA table
vmxnet3: Change offsets of msi/msix pci capabilities
net/filter: fix nf->netdev_id leak
net/dump: fix nfds->filename leak
net/vmxnet3: rename VMXNET3_DEVICE_VERSION to VMXNET3_UPT_REVISION
net/vmxnet3: return 0 on unknown command
net/vmxnet3: return correct value for VMXNET3_CMD_GET_DEV_EXTRA_INFO
net/vmxnet3: return correct value for VMXNET3_CMD_GET_DID_* command
net/vmxnet3: return 1 on device activation failure
MAINTAINERS: Add an entry for the net/slirp.c file
net: vmxnet3: avoid memory leakage in activate_device
...
Peter Maydell [Mon, 11 Jan 2016 11:57:53 +0000 (11:57 +0000)]
Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.6-20160111' into staging
ppc patch queue 2016-01-11
Biggest content is a thorough cleanups of spapr machine type handling.
Also contains several other minor cleanups, bugfixes and extensions.
# gpg: Signature made Mon 11 Jan 2016 04:34:38 GMT using RSA key ID 20D9B392
# gpg: Good signature from "David Gibson <[email protected]>"
# gpg: aka "David Gibson (Red Hat) <[email protected]>"
# gpg: aka "David Gibson (ozlabs.org) <[email protected]>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E 87DC 6C38 CACA 20D9 B392
* remotes/dgibson/tags/ppc-for-2.6-20160111:
hw/ppc/spapr: fix spapr->kvm_type leak
spapr vio: fix to incomplete QOMify
hw/ppc/spapr: Use XHCI as host controller for new spapr machines
pseries: Add pseries-2.6 machine type
pseries: Improve setting of default machine version
pseries: Restructure class_options functions
pseries: DEFINE_SPAPR_MACHINE
pseries: Use SET_MACHINE_COMPAT
Move SET_MACHINE_COMPAT macro to boards.h
pseries: Remove versions from mc->desc
pseries: Remove redundant calls to spapr_machine_initfn()
pseries: Rearrange versioned machine type code
pseries: Remove redundant setting of mc->name for pseries-2.5 machine
spapr: Add /system-id
target-ppc: Define kvmppc_read_int_dt()
hw/ppc/spapr_rtc: Remove bad class_size value
Peter Maydell [Mon, 11 Jan 2016 11:19:05 +0000 (11:19 +0000)]
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
acpi dsdt rework, misc fixes
This completes the dsdt rewrite, and includes misc fixes all over the place.
Signed-off-by: Michael S. Tsirkin <[email protected]>
# gpg: Signature made Sat 09 Jan 2016 21:20:34 GMT using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <[email protected]>"
# gpg: aka "Michael S. Tsirkin <[email protected]>"
* remotes/mst/tags/for_upstream: (59 commits)
virtio: fix error message for number of queues
ivshmem: Store file descriptor for vhost-user negotiation
migration/virtio: Remove simple .get/.put use
Add VMSTATE_STRUCT_VARRAY_KNOWN
i386/pc: expose identifying the floppy controller
pc: acpi: remove unused ASL templates and related blobs/utils
pc: acpi: switch to AML API composed DSDT
pc: acpi: q35: PCST, PCSB opregions and PCIB field into SSDT
pc: acpi: q35: move PCI0 device definition into SSDT
pc: acpi: q35: move PCI0._OSC() method into SSDT
pc: acpi: q35: move _PIC() method into SSDT
pc: acpi: q35: move PRTP routing table into SSDT
pc: acpi: q35: move PRTA routing table into SSDT
pc: acpi: q35: move _PRT() into SSDT
pc: acpi: q35: move ISA bridge into SSDT
pc: acpi: q35: move IQST() into SSDT
pc: acpi: q35: move IQCR() into SSDT
pc: acpi: q35: move link devices to SSDT
pc: acpi: q35: move GSI links to SSDT
pc: acpi: piix4: acpi move PCI0 device to SSDT
...
Peter Maydell [Fri, 4 Dec 2015 17:34:20 +0000 (17:34 +0000)]
osdep.h: Include glib-compat.h in osdep.h rather than qemu-common.h
Our use of glib is now pervasive across QEMU. Move the include of glib-compat.h
from qemu-common.h to osdep.h so that it is more widely accessible and doesn't
get forgotten by accident. (Failure to include it will result in build failure
on old versions of glib which is likely to be unnoticed by most developers.)
Peter Maydell [Fri, 18 Dec 2015 12:59:31 +0000 (12:59 +0000)]
scripts/checkpatch.pl: Don't allow special cases of unspaced operators
The checkpatch.pl script has a special case to permit the following
operators to have no spaces around them:
<< >> & ^ | + - * / %
QEMU style prefers all operators to consistently have spacing around
them, so remove this special case handling. This avoids reviewers
having to manually note it during code review.
David Gibson [Mon, 7 Dec 2015 03:27:21 +0000 (14:27 +1100)]
pseries: Restructure class_options functions
Currently each of the *_class_options() functions for the pseries-2.1 ..
pseries-2.5 machine types are standalone. This will become harder to
maintain as new versions are added.
This patch restructures them similarly to x86 where each function calls
the one from the next version, then overrides anything necessary for
compatibility with the specific version and older.
The default behaviour - that for the most recent machine are set up in
the base class initializer spapr_machine_class_init(). Previously it had
some things set up to default to older behaviour with the more recent
machines overriding it.
David Gibson [Mon, 7 Dec 2015 03:23:20 +0000 (14:23 +1100)]
pseries: DEFINE_SPAPR_MACHINE
At the moment all the class_init functions and TypeInfo structures for the
various versioned pseries machine types are open-coded. As more versions
are created this is getting increasingly clumsy.
This patch borrows the approach used in PC, using a DEFINE_SPAPR_MACHINE()
macro to construct most of the boilerplate from simpler 'class_options' and
'instance_options' functions.
This patch makes a small semantic change - the versioned machine types are
now registered through machine_init() instead of type_init(). Since the
new way is how PC already did it, I'm assuming that's correct.
David Gibson [Thu, 3 Dec 2015 06:34:38 +0000 (17:34 +1100)]
Move SET_MACHINE_COMPAT macro to boards.h
pc.h defines a SET_MACHINE_COMPAT macro to make setting up compat_props
for the various PC machine versions less verbose. There's nothing
inherently PC specific about it, though, so move it to boards.h where other
versioned machine types (like pseries-*) can use it.
While we're doing that, change it's indentation to be a bit more regular.
David Gibson [Mon, 7 Dec 2015 03:29:35 +0000 (14:29 +1100)]
pseries: Remove versions from mc->desc
Currently, the versioned spapr machine types put the machine type version
into the description string. PC does not do this, using just the name
itself to distinguish. Doing the same lets us move setting the description
into the common base class, simplifying the code slightly.
David Gibson [Thu, 3 Dec 2015 06:34:20 +0000 (17:34 +1100)]
pseries: Remove redundant calls to spapr_machine_initfn()
The instance_init() functions for several of the pseries-x.y versioned
machine types explicitly call spapr_machine_initfn(). But that's the
instance_init function for the common parent of all those machine types,
so will already have been called beforehand by the QOM infrastructure.
David Gibson [Thu, 3 Dec 2015 06:34:10 +0000 (17:34 +1100)]
pseries: Rearrange versioned machine type code
hw/ppc/spapr.c has a number of definitions related to the various versioned
machine types ("pseries-2.1" .. "pseries-2.5") it defines. These are
mostly arranged by type of function first, then machine version second, and
it's not consistent about whether it goes in increasing or decreasing
version order.
This rearranges the code to keep all the definitions for a particular
machine version together, and arrange then consistently in order most
recent to least recent.
This brings us closer to matching the way PC does things, and makes later
cleanups easier to follow.
Apart from adding some comments marking each section, this is a pure
mechanical rearrangement with no semantic changes.
David Gibson [Mon, 30 Nov 2015 05:36:49 +0000 (16:36 +1100)]
pseries: Remove redundant setting of mc->name for pseries-2.5 machine
98cec76 "machine: Set MachineClass::name automatically" removed the setting
of mc->name for the pseries machine types, since it can be derived
automatically from the type names constructed with MACHINE_TYPE_NAME().
Unfortunately fb0fc8f "spapr: Create pseries-2.5 machine" went in later and
brought one of them back.
Section B.6.2.1 Root Node Properties of PAPR specification defines
a set of properties which shall be present in the device tree root,
one of these properties is "system-id" which "should be unique across
all systems and all manufacturers". Since UUID is meant to be unique,
it makes sense to use it as "system-id".
This adds "system-id" property to the device tree root when not empty.
If a 32 bits l2tpv3 frame cookie MSB if set to 1, the cast to uint64_t
cookie will spread 1 to the four most significant bytes.
Then the condition (cookie != s->rx_cookie) becomes false.
While processing transmit(tx) descriptors in 'tx_consume' routine
the switch emulator suffers from an off-by-one error, if a
descriptor was to have more than allowed(ROCKER_TX_FRAGS_MAX=16)
fragments. Fix an incorrect bounds check to avoid it.
Following the previous patch which changed vmxnet3 to be a pci express
device, this patch introduces a boolean property 'x-disable-pcie' whose
default is false.
Setting 'x-disable-pcie' to 'on' preserves the old 'pci device' (non
express) behavior. This allows migration to older versions.
Following the previous patches, where vmxnet3's pci's msi/msix
capability offsets and msix's PBA table offsets have been changed, this
patch introduces a boolean property 'x-old-msi-offsets' to vmxnet3,
whose default is false.
Setting 'x-old-msi-offsets' to 'on' preserves the old offsets behavior,
which allows migration to older versions.
Miao Yan [Wed, 23 Dec 2015 06:06:07 +0000 (22:06 -0800)]
net/vmxnet3: return 1 on device activation failure
When reading device status, 0 means device is successfully
activated and 1 means error.
This behavior can be observed by the following steps:
1) run a Linux distro on esxi server (5.5+)
2) modify vmxnet3 Linux driver to give it an invalid
address to 'adapter->shared_pa' which is the
shared memory for guest/host communication
This will trigger device activation failure and kernel
log will have the following message:
P J P [Tue, 15 Dec 2015 06:57:54 +0000 (12:27 +0530)]
net: vmxnet3: avoid memory leakage in activate_device
Vmxnet3 device emulator does not check if the device is active
before activating it, also it did not free the transmit & receive
buffers while deactivating the device, thus resulting in memory
leakage on the host. This patch fixes both these issues to avoid
host memory leakage.
Miao Yan [Tue, 8 Dec 2015 05:28:32 +0000 (21:28 -0800)]
net/vmxnet3: fix debug macro pattern for vmxnet3
Vmxnet3 uses the following debug macro style:
#ifdef SOME_DEBUG
# define debug(...) do{ printf(...); } while (0)
# else
# define debug(...) do{ } while (0)
#endif
If SOME_DEBUG is undefined, then format string inside the
debug macro will never be checked by compiler. Code is
likely to break in the future when SOME_DEBUG is enabled
because of lack of testing. This patch changes this
to the following:
#define debug(...) \
do { if (SOME_DEBUG_ENABLED) printf(...); } while (0)
Miao Yan [Tue, 8 Dec 2015 05:28:30 +0000 (21:28 -0800)]
net/vmxnet3: fix a build error when enabling debug output
Macro MAC_FMT and MAC_ARG are not defined, but used in vmxnet3_net_init().
This will cause build error when debug level is raised in
vmxnet3_debug.h (enable all VMXNET3_DEBUG_xxx).
Michael Tokarev [Tue, 29 Dec 2015 09:39:44 +0000 (12:39 +0300)]
unicore32: convert get_sp_from_cpustate from macro to inline
All other architectures define get_sp_from_cpustate as an inline function,
only unicore32 uses a #define. With this, some usages are impossible, for
example, enabling sigaltstack in linux-user/syscall.c results in
linux-user/syscall.c: In function ‘do_syscall’:
linux-user/syscall.c:8299:39: error: dereferencing ‘void *’ pointer [-Werror]
get_sp_from_cpustate(arg1, arg2, get_sp_from_cpustate((CPUArchState *)cpu_env));
^
linux-user/syscall.c:8299:39: error: request for member ‘regs’ in something not a structure or union
Tetsuya Mukawa [Mon, 21 Dec 2015 03:47:34 +0000 (12:47 +0900)]
ivshmem: Store file descriptor for vhost-user negotiation
If virtio-net driver allocates memory in ivshmem shared memory,
vhost-net will work correctly, but vhost-user will not work because
a fd of shared memory will not be sent to vhost-user backend.
This patch fixes ivshmem to store file descriptor of shared memory.
It will be used when vhost-user negotiates vhost-user backend.
At the moment we have VMSTATE_STRUCT_ARRAY that requires
the field is declared as an array of fixed size.
We also have VMSTATE_STRUCT_VARRAY_UINT* that allows
a field declared as a pointer, but requires that the length
is a field member in the structure being loaded/saved.
VMSTATE_STRUCT_VARRAY_KNOWN is for arrays defined as pointers
yet we somehow know the length of.
Roman Kagan [Wed, 30 Dec 2015 20:11:51 +0000 (23:11 +0300)]
i386/pc: expose identifying the floppy controller
Factor out and expose the function to locate the floppy controller in
the system.
It will allow to dynamically populate the relevant objects in the ACPI
tables.
Igor Mammedov [Mon, 28 Dec 2015 17:02:58 +0000 (18:02 +0100)]
pc: acpi: remove unused ASL templates and related blobs/utils
QEMU now uses internally composed DSDT so drop now
empty *.dsl templates and related *.generated
binary blobs.
Also since templates are not used anymore/obolete
remove utility scripts used for extracting/patching
AML blobs compiled by IASL and for updating them
in git tree.
Igor Mammedov [Mon, 28 Dec 2015 17:02:44 +0000 (18:02 +0100)]
pc: acpi: piix4: acpi move PCI0 device to SSDT
leave Scope(\_SB) definition in DSDT so that iasl
would be able to compile DSDT since we are still
need definition block for table.
After Q35 ASL is converted, DSDT templates will
be completly replaced by AML API generated tables.
Igor Mammedov [Mon, 28 Dec 2015 17:02:42 +0000 (18:02 +0100)]
pc: acpi: piix4: move PCI0._PRT() into SSDT
PCI routing table for expander buses is build with help
of build_prt() using AML API. And it's almost the same
as PRT for PCI0 bus except of power-management device.
So make existing build_prt() build PRT table for PCI0
bus as well.
projects / qemu.git / log