Chris Spiegel [Mon, 6 Oct 2014 16:33:45 +0000 (09:33 -0700)]
snapshot: Reset err to NULL to avoid double free
If an error occurs in bdrv_snapshot_delete_by_id_or_name(), "err" is
freed. If "err" is not set to NULL before calling
bdrv_snapshot_delete_by_id_or_name() again, it will not be updated on
error, and will be freed again.
This can be triggered by starting a VM with at least two drives and then
attempting to delete a non-existent snapshot.
John Snow [Wed, 1 Oct 2014 22:55:51 +0000 (18:55 -0400)]
ahci: Fix SDB FIS Construction
The SDB FIS creation was mangled;
We were writing the error byte to byte 0,
and omitting the SDB FIS magic byte.
Though the SDB packet layout states that:
byte 0: Must be 0xA1 to indicate SDB FIS.
byte 1: Port multiplier select & other flags
byte 2: status byte.
byte 3: error byte.
This patch adds an SDB FIS structure with
human-readable names, and ensures that we
are filling the structure appropriately.
John Snow [Wed, 1 Oct 2014 22:55:47 +0000 (18:55 -0400)]
ahci: Update byte count after DMA completion
Currently, DMA read/write operations neglect to update
the byte count after a successful transfer like ATAPI
DMA read or PIO read/write operations do.
We correct this oversight by adding another callback into
the IDEDMAOps structure. The commit callback is called
whenever we are cleaning up a scatter-gather list.
AHCI can register this callback in order to update post-
transfer information such as byte count updates.
We use this callback in AHCI to consolidate where we delete
the SGlist as generated from the PRDT, as well as update the
byte count after the transfer is complete.
The QEMUSGList structure has an init flag added to it in order
to make qemu_sglist_destroy a nop if it is called when
there is no sglist, which simplifies cleanup and error paths.
This patch fixes several AHCI problems, notably Non-NCQ modes
of operation for Windows 7 as well as Hibernate support for Windows 7.
John Snow [Wed, 1 Oct 2014 22:55:46 +0000 (18:55 -0400)]
ahci: Correct PIO/D2H FIS responses
Currently, the D2H FIS packets AHCI generates simply parrot back
the LBA that the guest sent to us in the cmd_fis. However, some
commands (like READ NATIVE MAX) modify the LBA registers as a
return value, through which the AHCI D2H FIS is the only response
mechanism. Thus, the D2H response should use the current register
values, not the initial ones.
This patch adjusts the LBA and drive select register responses for
PIO Setup and D2H FIS response packets.
Additionally, the PIO and D2H FIS responses copy too many bytes
from the command FIS that it is being generated from. Specifically,
byte 11 which is the Features(15:8) field for Register Host to
Device FIS packets, is instead reserved for the PIO Setup FIS and
should always be 0.
Peter Lieven [Mon, 27 Oct 2014 09:18:47 +0000 (10:18 +0100)]
block/iscsi: use sector_limits_lun2qemu throughout iscsi_refresh_limits
As Max pointed out there is a hidden cast from int64_t to int for all
limits. So use the newly introduced sector_limits_lun2qemu for all
limits received from the target.
Peter Lieven [Mon, 27 Oct 2014 09:18:45 +0000 (10:18 +0100)]
block/iscsi: set max_transfer_length
Copy the max_xfer_len from the BlockLimits VPD or use the
maximum value fitting in the CDB.
The helper function sector_limits_lun2qemu is introduced to convert
and cap the limits from the VPD to the maximum power of two fitting
in an integer; integer is the range for nb_sectors throughout
the block layer.
Peter Lieven [Mon, 27 Oct 2014 09:18:43 +0000 (10:18 +0100)]
util: introduce MIN_NON_ZERO
at least in block layer we have the case of limits being defined for a
BlockDriverState. However, in this context often zero (0) has the special
meanining of undefined which means no limit. If two of those limits are
combined and the minimum is needed the minimum function should only return
zero if both parameters are zero.
Aurelien Jarno [Mon, 27 Oct 2014 14:53:35 +0000 (15:53 +0100)]
tcg/mips: fix store softmmu slow path
Commit 9d8bf2d1 moved the softmmu slow path out of line and introduce a
regression at the same time by always calling tcg_out_tlb_load with
is_load=1. This makes impossible to run any significant code under
qemu-system-mips*.
# gpg: Signature made Wed 29 Oct 2014 11:45:29 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <[email protected]>"
# gpg: aka "Gerd Hoffmann <[email protected]>"
# gpg: aka "Gerd Hoffmann (private) <[email protected]>"
* remotes/kraxel/tags/pull-cve-2014-3689-20141029-1:
vmware-vga: use vmsvga_verify_rect in vmsvga_fill_rect
vmware-vga: use vmsvga_verify_rect in vmsvga_copy_rect
vmware-vga: use vmsvga_verify_rect in vmsvga_update_rect
vmware-vga: add vmsvga_verify_rect
vmware-vga: CVE-2014-3689: turn off hw accel
Peter Maydell [Thu, 30 Oct 2014 17:04:29 +0000 (17:04 +0000)]
Merge remote-tracking branch 'remotes/kraxel/tags/pull-usb-20141028-1' into staging
Fixes for libcacard (usb smartcard emulation), xhci and uhci.
# gpg: Signature made Tue 28 Oct 2014 10:39:52 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <[email protected]>"
# gpg: aka "Gerd Hoffmann <[email protected]>"
# gpg: aka "Gerd Hoffmann (private) <[email protected]>"
* remotes/kraxel/tags/pull-usb-20141028-1:
uhci: remove useless DEBUG
xhci: add property to turn on/off streams support
libcacard: don't free sign buffer while sign op is pending
libcacard: Lock NSS cert db when selecting an applet on an emulated card
libcacard: introduce new vcard_emul_logout
James Harper [Thu, 30 Oct 2014 10:08:28 +0000 (10:08 +0000)]
fix off-by-one error in pci_piix3_xen_ide_unplug
Fix off-by-one error when unplugging disks, which would otherwise leave the last ATA disk plugged, with obvious consequences. Also rewrite loop to be more readable.
Peter Maydell [Thu, 30 Oct 2014 13:35:12 +0000 (13:35 +0000)]
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
virtio-scsi fixes, the first part of dynamic sysbus devices,
MAINTAINERS updates, and AVX512 support.
# gpg: Signature made Mon 27 Oct 2014 15:12:13 GMT using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <[email protected]>"
# gpg: aka "Paolo Bonzini <[email protected]>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini/tags/for-upstream: (28 commits)
aio / timers: De-document -clock
hw/scsi/virtio-scsi.c: fix the "type" use error in virtio_scsi_handle_ctrl
virtio-scsi: sense in virtio_scsi_command_complete
target-i386: add Intel AVX-512 support
get_maintainer.pl: restrict cases where it falls back to --git
get_maintainer.pl: move git loop under "if ($email) {"
qtest: fix qtest log fd should be initialized before qtest chardev
MAINTAINERS: avoid M entries that point to mailing lists
MAINTAINERS: add some tests directories
MAINTAINERS: Add more TCG files
MAINTAINERS: add myself for X86
MAINTAINERS: add Samuel Thibault as usb-serial.c and baum.c maintainer
MAINTAINERS: grab more files from Anthony's pile
target-i386: warns users when CPU threads>1 for non-Intel CPUs
sysbus: Use TYPE_DEVICE GPIO functionality
qdev: gpio: Define qdev_pass_gpios()
qdev: gpio: Remove qdev_init_gpio_out x1 restriction
qdev: gpio: delete NamedGPIOList::out
irq: Remove qemu_irq_intercept_out
qtest/irq: Rework IRQ interception
...
Paolo Bonzini [Wed, 29 Oct 2014 10:17:19 +0000 (11:17 +0100)]
virtio: link the rng backend through an alias property
The virtio-rng backend is currently linked twice, once in the proxy
device (e.g. virtio-rng-pci) and once in virtio-rng-device. This causes
a double unref of the backend when the parent device is unplugged.
To fix this, make the proxy device use an alias, similar to what is
already being done for the iothread link.
graphic_hw_update and vnc_refresh_server_surface aren't
need to do when no vnc client connected. It can reduce
lock contention, because vnc_refresh will hold global big
lock two millisecond every three seconds.
Petr Matousek [Mon, 27 Oct 2014 11:41:44 +0000 (12:41 +0100)]
vnc: sanitize bits_per_pixel from the client
bits_per_pixel that are less than 8 could result in accessing
non-initialized buffers later in the code due to the expectation
that bytes_per_pixel value that is used to initialize these buffers is
never zero.
To fix this check that bits_per_pixel from the client is one of the
values that the rfb protocol specification allows.
Gerd Hoffmann [Tue, 21 Oct 2014 10:29:33 +0000 (12:29 +0200)]
xhci: add property to turn on/off streams support
streams support in usb-redir and usb-host works only with recent enough
versions of the support libraries (libusbredir and libusbx). Failure
mode is rather unelegant: Any stream usb transfers will throw stall
errors. Turning off support for streams in the xhci host controller
will work better as the guest can figure beforehand that streams are
not going to work.
Ray Strode [Sun, 19 Oct 2014 02:12:49 +0000 (22:12 -0400)]
libcacard: don't free sign buffer while sign op is pending
commit 57f97834efe0c208ffadc9d2959f3d3d55580e52 cleaned up
the cac_applet_pki_process_apdu function to have a single
exit point. Unfortunately, that commit introduced a bug
where the sign buffer can get free'd and nullified while
it's still being used.
This commit corrects the bug by introducing a boolean to
track whether or not the sign buffer should be freed in
the function exit path.
Ray Strode [Sun, 19 Oct 2014 02:12:48 +0000 (22:12 -0400)]
libcacard: Lock NSS cert db when selecting an applet on an emulated card
When a process in a guest uses an emulated smartcard, libcacard running
on the host passes the PIN from the guest to the PK11_Authenticate NSS
function. The first time PK11_Authenticate is called the passed in PIN
is used to unlock the certificate database. Subsequent calls to
PK11_Authenticate will transparently succeed, regardless of the passed in
PIN. This is a convenience for applications provided by NSS.
Of course, the guest may have many applications using the one emulated
smart card all driven from the same host QEMU process. That means if a
user enters the right PIN in one program in the guest, and then enters the
wrong PIN in another program in the guest, the wrong PIN will still
successfully unlock the virtual smartcard.
This commit forces the NSS certificate database to be locked anytime an
applet is selected on an emulated smartcard by calling vcard_emul_logout.
Ray Strode [Sun, 19 Oct 2014 02:12:47 +0000 (22:12 -0400)]
libcacard: introduce new vcard_emul_logout
vcard_emul_reset currently only logs NSS out, but there is a TODO
for potentially sending insertion/removal events when powering down
or powering up.
For clarity, this commit moves the current guts of vcard_emul_reset to
a new vcard_emul_logout function which will never send insertion/removal
events. The vcard_emul_reset function now just calls vcard_emul_logout,
but also retains its TODO for watching power state transitions and sending
insertion/removal events.
Gerd Hoffmann [Thu, 23 Oct 2014 13:29:37 +0000 (15:29 +0200)]
gtk: drop gtk_widget_set_double_buffered call
Dunno why it is here. Removing it seems to have no ill side effects.
It is depricated in 3.14+. In some cases it has no effect since 3.10
according to the docs:
Gerd Hoffmann [Mon, 6 Oct 2014 09:58:22 +0000 (11:58 +0200)]
vmware-vga: use vmsvga_verify_rect in vmsvga_update_rect
Switch vmsvga_update_rect over to use vmsvga_verify_rect. Slight change
in behavior: We don't try to automatically fixup rectangles any more.
In case we find invalid update requests we'll do a full-screen update
instead.
Gerd Hoffmann [Mon, 6 Oct 2014 09:42:34 +0000 (11:42 +0200)]
vmware-vga: CVE-2014-3689: turn off hw accel
Quick & easy stopgap for CVE-2014-3689: We just compile out the
hardware acceleration functions which lack sanity checks. Thankfully
we have capability bits for them (SVGA_CAP_RECT_COPY and
SVGA_CAP_RECT_FILL), so guests should deal just fine, in theory.
Subsequent patches will add the missing checks and re-enable the
hardware acceleration emulation.
Commit 6d32717 "aio / timers: Remove alarm timers" has issues:
1. It silently ignores -clock for backward compatibility.
Incompatible change: -clock help no longer terminates the program.
Tolerable.
2. Failed to update option documentation. In particular, -help still
advises users to try -clock help for available timers. Drop all
documentation on -clock.
3. The 'query-alarm-clock' example in docs/writing-commands.txt no
longer works, and needs to be redone. Can't do that right now, so I
just stick in a FIXME.
Bin Wu [Sat, 25 Oct 2014 02:43:44 +0000 (02:43 +0000)]
hw/scsi/virtio-scsi.c: fix the "type" use error in virtio_scsi_handle_ctrl
The local variable "type" in virtio_scsi_handle_ctl represents the tmf
command type from the guest and it has the same meaning as the
req->req.tmf.type. However, before the invoking of virtio_scsi_parse_req
the req->req.tmf.type doesn't has the correct value(just initialized to
zero). Therefore, we need to use the "type" variable to judge the case.
Cc: [email protected] Signed-off-by: Bin Wu <[email protected]>
[Actually make it compile, "type" must be uint32_t in order to pass
it to virtio_tswap32s. - Paolo] Signed-off-by: Paolo Bonzini <[email protected]>
Jan Kiszka [Mon, 27 Oct 2014 14:13:02 +0000 (14:13 +0000)]
Revert "main-loop.c: Handle SIGINT, SIGHUP and SIGTERM synchronously"
This reverts commit 15124e142034d21341ec9f1a304a1dc5a6c25681. It breaks
debuggability of qemu and is no longer needed as the problem has
now been addressed in a different way.
Instead we provide a comment about why these signals must be
handled asynchronously.
Jan Kiszka [Mon, 27 Oct 2014 14:05:10 +0000 (14:05 +0000)]
Make qemu_shutdown_requested signal-safe
qemu_shutdown_requested may be interrupted by qemu_system_killed. If the
latter sets shutdown_requested after qemu_shutdown_requested has read it
but before it was cleared, the shutdown event is lost. Fix this by using
atomic_xchg.
This provides a different fix for the problem which commit 15124e142
attempts to deal with. That commit breaks use of ^C to drop into gdb,
and so this approach is better (and 15124e142 can be reverted).
Peter Maydell [Fri, 24 Oct 2014 11:40:28 +0000 (12:40 +0100)]
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20141024' into staging
target-arm queue:
* remove pointless 'info pcmcia' and a lot of now-dead code
* register ARM cpu reset handlers even if not using -kernel
* update to libvixl 1.6
* various minor code cleanups
* support PSCI under TCG ('virt' machine can now be shut down,
SMP configurations work)
* correct the sense of the AArch64 DCZID DZP bit
* report a valid L1Ip field in CTR_EL0 for CPU type "any"
* correctly UNDEF writes to FPINST/FPINST2 from EL0
* more preparatory code refactoring for EL2/EL3 support
# gpg: Signature made Fri 24 Oct 2014 12:35:52 BST using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <[email protected]>"
* remotes/pmaydell/tags/pull-target-arm-20141024: (23 commits)
target-arm: A32: Emulate the SMC instruction
target-arm: make arm_current_el() return EL3
target-arm: rename arm_current_pl to arm_current_el
target-arm: reject switching to monitor mode
target-arm: add arm_is_secure() function
target-arm: increase arrays of registers R13 & R14
target-arm: correctly UNDEF writes to FPINST/FPINST2 from EL0
target-arm: Report a valid L1Ip field in CTR_EL0 for CPU type "any"
target-arm: Correct sense of the DCZID DZP bit
arm/virt: enable PSCI emulation support for system emulation
target-arm: add emulation of PSCI calls for system emulation
target-arm: Add support for A32 and T32 HVC and SMC insns
target-arm: Handle SMC/HVC undef-if-no-ELx in pre_* helpers
target-arm: add missing PSCI constants needed for PSCI emulation
target-arm: do not set do_interrupt handlers for ARM and AArch64 user modes
target-arm: add powered off cpu state
omap_gpmc.c: Remove duplicate assignment
disas/libvixl/a64/instructions-a64.h: Remove unused constants
arm_gic: remove unused parameter.
disas/libvixl: Update to libvixl 1.6
...
Fabian Aggeler [Fri, 24 Oct 2014 11:19:14 +0000 (12:19 +0100)]
target-arm: make arm_current_el() return EL3
Make arm_current_el() return EL3 for secure PL1 and monitor mode.
Increase MMU modes since mmu_index is directly inferred from arm_
current_el(). Change assertion in arm_el_is_aa64() to allow EL3.
Fabian Aggeler [Fri, 24 Oct 2014 11:19:14 +0000 (12:19 +0100)]
target-arm: add arm_is_secure() function
arm_is_secure() function allows to determine CPU security state
if the CPU implements Security Extensions/EL3.
arm_is_secure_below_el3() returns true if CPU is in secure state
below EL3.
Peter Maydell [Fri, 24 Oct 2014 11:19:14 +0000 (12:19 +0100)]
target-arm: correctly UNDEF writes to FPINST/FPINST2 from EL0
The ARM ARM requires that the FPINST and FPINST2 VFP control
registers are not accessible to code at EL0. We were already
correctly implementing this for reads of these registers; add
the missing check for the write code path.
Peter Maydell [Fri, 24 Oct 2014 11:19:13 +0000 (12:19 +0100)]
target-arm: Report a valid L1Ip field in CTR_EL0 for CPU type "any"
For the CPU type "any" (only used with linux-user) we were reporting
the L1Ip field as 0b00, which is reserved. Change this field to 0b10
instead, indicating a VIPT icache as the comment describes.
Peter Maydell [Fri, 24 Oct 2014 11:19:13 +0000 (12:19 +0100)]
target-arm: Correct sense of the DCZID DZP bit
The DZP bit in the DCZID system register should be set if
the control bits which prohibit use of the DC ZVA instruction
have been set (it stands for Data Zero Prohibited). However
we had the sense of the test inverted; fix this so that the
bit reads correctly.
To avoid this regressing the behaviour of the user-mode
emulator, we must set the DZE bit in the SCTLR for that
config so that userspace continues to see DZP as zero (it
was getting the correct result by accident previously).
Rob Herring [Fri, 24 Oct 2014 11:19:13 +0000 (12:19 +0100)]
arm/virt: enable PSCI emulation support for system emulation
Now that we have PSCI emulation, enable it for the virt platform.
This simplifies the virt machine a bit now that PSCI no longer
needs to be a KVM only feature.
Rob Herring [Fri, 24 Oct 2014 11:19:13 +0000 (12:19 +0100)]
target-arm: add emulation of PSCI calls for system emulation
Add support for handling PSCI calls in system emulation. Both version
0.1 and 0.2 of the PSCI spec are supported. Platforms can enable support
by setting the "psci-conduit" QOM property on the cpus to SMC or HVC
emulation and having a PSCI binding in their dtb.
Signed-off-by: Rob Herring <[email protected]> Signed-off-by: Ard Biesheuvel <[email protected]> Signed-off-by: Peter Maydell <[email protected]>
Message-id: 1412865028[email protected]
[PMM: made system reset/off PSCI functions power down the CPU so
we obey the PSCI API requirement never to return from them;
rearranged how the code is plumbed into the exception system,
so that we split "is this a valid call?" from "do the call"] Signed-off-by: Peter Maydell <[email protected]>
Peter Maydell [Fri, 24 Oct 2014 11:19:13 +0000 (12:19 +0100)]
target-arm: Add support for A32 and T32 HVC and SMC insns
Add support for HVC and SMC instructions to the A32 and
T32 decoder. Using these for real exceptions to EL2 or EL3
is currently not supported (the do_interrupt routine does
not handle them) but we require the instruction support to
implement PSCI.
Peter Maydell [Fri, 24 Oct 2014 11:19:12 +0000 (12:19 +0100)]
target-arm: Handle SMC/HVC undef-if-no-ELx in pre_* helpers
SMC must UNDEF if EL3 is not implemented; similarly HVC UNDEFs
if EL2 is not implemented. Move the handling of this from
translate-a64.c into the pre_smc and pre_hvc helper functions.
This is necessary because use of these instructions for PSCI
takes precedence over this UNDEF case, and we can't tell if
this is a PSCI call until runtime.
Rob Herring [Fri, 24 Oct 2014 11:19:12 +0000 (12:19 +0100)]
target-arm: do not set do_interrupt handlers for ARM and AArch64 user modes
User mode emulation should never get interrupts and thus should not
use the system emulation exception handler function. Remove the reference,
and '#ifndef USER_MODE_ONLY' the function itself as well, so that we can add
system mode only functionality to it.
Rob Herring [Fri, 24 Oct 2014 11:19:12 +0000 (12:19 +0100)]
target-arm: add powered off cpu state
Add tracking of cpu power state in order to support powering off of
cores in system emuluation. The initial state is determined by the
start-powered-off QOM property.
The instructions-a64.h header defines a number of floating point
constants whose initializers are function calls. gcc 5 will warn
if these constants are not used by the C or C++ file which includes
the header, because they imply a runtime cost. Since for the files
QEMU uses from libvixl we don't use these constants at all, just
remove them.
Upstream intend to fix these by shifting to an 'extern const' in
the header plus definition in a suitable source file, so we can
drop this patch when we sync with the upcoming libvixl 1.7.
The related compiling error:
CXX disas/arm-a64.o
In file included from /upstream/qemu/disas/libvixl/a64/disasm-a64.h:32:0,
from disas/arm-a64.cc:20:
disas/libvixl/a64/instructions-a64.h:98:13: error: 'vixl::kFP32PositiveInfinity' defined but not used [-Werror=unused-variable]
const float kFP32PositiveInfinity = rawbits_to_float(0x7f800000);
^
disas/libvixl/a64/instructions-a64.h:99:13: error: 'vixl::kFP32NegativeInfinity' defined but not used [-Werror=unused-variable]
const float kFP32NegativeInfinity = rawbits_to_float(0xff800000);
^
disas/libvixl/a64/instructions-a64.h:100:14: error: 'vixl::kFP64PositiveInfinity' defined but not used [-Werror=unused-variable]
const double kFP64PositiveInfinity =
^
disas/libvixl/a64/instructions-a64.h:102:14: error: 'vixl::kFP64NegativeInfinity' defined but not used [-Werror=unused-variable]
const double kFP64NegativeInfinity =
^
disas/libvixl/a64/instructions-a64.h:107:21: error: 'vixl::kFP64SignallingNaN' defined but not used [-Werror=unused-variable]
static const double kFP64SignallingNaN =
^
disas/libvixl/a64/instructions-a64.h:109:20: error: 'vixl::kFP32SignallingNaN' defined but not used [-Werror=unused-variable]
static const float kFP32SignallingNaN = rawbits_to_float(0x7f800001);
^
disas/libvixl/a64/instructions-a64.h:112:21: error: 'vixl::kFP64QuietNaN' defined but not used [-Werror=unused-variable]
static const double kFP64QuietNaN =
^
disas/libvixl/a64/instructions-a64.h:114:20: error: 'vixl::kFP32QuietNaN' defined but not used [-Werror=unused-variable]
static const float kFP32QuietNaN = rawbits_to_float(0x7fc00001);
^
disas/libvixl/a64/instructions-a64.h:117:21: error: 'vixl::kFP64DefaultNaN' defined but not used [-Werror=unused-variable]
static const double kFP64DefaultNaN =
^
disas/libvixl/a64/instructions-a64.h:119:20: error: 'vixl::kFP32DefaultNaN' defined but not used [-Werror=unused-variable]
static const float kFP32DefaultNaN = rawbits_to_float(0x7fc00000);
^
cc1plus: all warnings being treated as errors
make: *** [disas/arm-a64.o] Error 1
Signed-off-by: Chen Gang <[email protected]>
[PMM: Rewrote the commit message a little] Signed-off-by: Peter Maydell <[email protected]>
Peter Maydell [Fri, 24 Oct 2014 11:19:11 +0000 (12:19 +0100)]
disas/libvixl: Update to libvixl 1.6
Update our copy of libvixl to upstream 1.6. There are no
changes of any particular interest to QEMU, so this is simply
keeping up with current upstream.
Ard Biesheuvel [Fri, 24 Oct 2014 11:19:11 +0000 (12:19 +0100)]
hw/arm/boot: register cpu reset handlers if using -bios
Move the registering of CPU reset handlers to before the point where
we leave the function in the -bios (not -kernel) case, so CPU reset
works correctly with -bios as well.
This command lists PCMCIA sockets and cards. Only a few ARM boards
have sockets (akita, borzoi, connex, mainstone, spitz, terrier, tosa,
verdex, z2), the only card is the DSCM-1xxxx Hitachi Microdrive (qdev
"microdrive"), and it is only inserted during machine init, if ever.
So this command doesn't really tell anybody anything new so far.
Moreover, pcmcia_socket_unregister() has a use-after-free bug, flagged
by Coverity. Has never been used, because there has never been code
to eject a PCMCIA card.
Peter Maydell [Fri, 24 Oct 2014 10:33:46 +0000 (11:33 +0100)]
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
Block patches
# gpg: Signature made Thu 23 Oct 2014 18:56:05 BST using RSA key ID C88F2FD6
# gpg: Good signature from "Kevin Wolf <[email protected]>"
* remotes/kevin/tags/for-upstream: (32 commits)
qemu-img: Print error if check failed
block: char devices on FreeBSD are not behind a pager
iotests: Add test for qcow2 L1 table update
qcow2: Do not overflow when writing an L1 sector
iotests: Add test for map commands
qemu-io: Respect early image end for map
block: Respect underlying file's EOF
docs/qcow2: Limit refcount_order to [0, 6]
docs/qcow2: Correct refcount_block_entries
qcow2: Drop REFCOUNT_SHIFT
iotests: Add test for potentially damaging repairs
iotests: Fix test outputs
qcow2: Clean up after refcount rebuild
qcow2: Rebuild refcount structure during check
qcow2: Do not perform potentially damaging repairs
qcow2: Fix refcount blocks beyond image end
qcow2: Reuse refcount table in calculate_refcounts()
qcow2: Let inc_refcounts() resize the reftable
qcow2: Let inc_refcounts() return -errno
qcow2: Split fail code in L1 and L2 checks
...
Max Reitz [Thu, 23 Oct 2014 13:29:12 +0000 (15:29 +0200)]
qemu-img: Print error if check failed
Currently, if bdrv_check() fails either by returning -errno or having
check_errors set, qemu-img check just exits with 1 after having told the
user that there were no errors on the image. This is bad.
Instead of printing the check result if there were internal errors which
were so bad that bdrv_check() could not even complete with 0 as a return
value, qemu-img check should inform the user about the error.
Peter Maydell [Thu, 23 Oct 2014 16:05:15 +0000 (17:05 +0100)]
Merge remote-tracking branch 'remotes/qmp-unstable/tags/for-upstream' into staging
QMP patches
# gpg: Signature made Thu 23 Oct 2014 16:05:52 BST using RSA key ID E24ED5A7
# gpg: Good signature from "Luiz Capitulino <[email protected]>"
* remotes/qmp-unstable/tags/for-upstream:
monitor: delete device_del_bus_completion
monitor: add del completion for peripheral device
qdev: add qdev_build_hotpluggable_device_list helper
MAINTAINERS: add entry for qobject files
dump: Turn some functions to void to make code cleaner
dump: Propagate errors into qmp_dump_guest_memory()
virtio-balloon: Tweak recent fix for integer overflow
Roger Pau Monne [Tue, 21 Oct 2014 14:03:03 +0000 (16:03 +0200)]
block: char devices on FreeBSD are not behind a pager
Introduce a new flag to mark devices that require requests to be aligned and
replace the usage of BDRV_O_NOCACHE and O_DIRECT with this flag when
appropriate.
If a character device is used as a backend on a FreeBSD host set this flag
unconditionally.
Paolo Bonzini [Wed, 22 Oct 2014 08:41:16 +0000 (10:41 +0200)]
get_maintainer.pl: restrict cases where it falls back to --git
The list emitted by --git-fallback often leads inexperienced contributors
to add pointless CCs. While not discouraging usage of --git-fallback,
we want to:
1) disable the fallback if only some files lack a maintainer
$ scripts/get_maintainer.pl -f util/cutils.c hw/ide/core.c
Kevin Wolf <[email protected]> (odd fixer:IDE)
Stefan Hajnoczi <[email protected]> (odd fixer:IDE)
This behavior is taken even if --git-fallback is specified.
2) warn the contributors about what we're doing, asking them to use their
common sense:
$ scripts/get_maintainer.pl -f util/cutils.c
get_maintainer.pl: No maintainers found, printing recent contributors.
get_maintainer.pl: Do not blindly cc: them on patches! Use common sense.
Li Liu [Wed, 22 Oct 2014 02:26:47 +0000 (10:26 +0800)]
qtest: fix qtest log fd should be initialized before qtest chardev
qtest_log_fp should be inited before qemu_chr_add_handlers.
If not the log dumped from callback functions may be lost.
easy to reproduce it by command:
"QTEST_LOG=1 QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64
gtester -k --verbose -m=quick tests/qdev-monitor-test"
The log "[I xxxxxx] OPENED" should be printed out by
qtest_event, but does not.
Paolo Bonzini [Tue, 21 Oct 2014 13:16:06 +0000 (15:16 +0200)]
MAINTAINERS: add myself for X86
Still not moving it beyond "Odd fixes". Richard Henderson also has
reviewed a bunch of X86 TCG patches, so add him as well. All we want
is to avoid that patches fall on the floor.
Wei Huang [Tue, 21 Oct 2014 15:00:45 +0000 (11:00 -0400)]
target-i386: warns users when CPU threads>1 for non-Intel CPUs
Only Intel CPUs support hyperthreading. When users select threads>1 in
-smp option, QEMU fixes it by adjusting CPUID_0000_0001_EBX and
CPUID_8000_0008_ECX based on inputs (sockets, cores, threads);
so guest VM can boot correctly. However it is still better to gives
users a warning when such case happens.
Signed-off-by: Wei Huang <[email protected]>
[As suggested by Eduardo, check for !IS_INTEL instead of AMD. - Paolo] Signed-off-by: Paolo Bonzini <[email protected]>
Re-implement the Sysbus GPIOs to use the existing TYPE_DEVICE
GPIO named framework. A constant string name is chosen to avoid
conflicts with existing unnamed GPIOs.
This unifies GPIOs are IRQs for sysbus devices and allows removal
of all Sysbus state for GPIOs.
Any existing and future-added functionality for GPIOs is now
also available for sysbus IRQs.
Allows a container to take ownership of GPIOs in a contained
device and automatically connect them as GPIOs to the container.
This prepares for deprecation of the SYSBUS IRQ functionality, which
has this feature. We push it up to the device level instead of sysbus
level. There's nothing sysbus specific about passing GPIOs to
containers so its a legitimate device-level generic feature.
Previously this was restricted to a single call per-dev/per-name. With
the conversion of the GPIO output state to QOM the implementation can
now handle repeated calls. Remove the restriction.
Change the qtest intercept handler to accept just the individual IRQ
being intercepted as opaque. n is still expected to be correctly set
as for the original intercepted irq. qemu_intercept_irq_in is updated
accordingly.
Then covert the qemu_irq_intercept_out call to use qdev intercept
version. This stops qtest from having to mess with the raw IRQ pointers
(still has to mess with names and counts but a step in the right
direction).
Re-implement as a link setter. This should allow the QOM framework to
keep track of ref counts properly etc.
We need to add a default parent for the connecting input incase it's
coming from a non-qdev source. We simply parent the IRQ to the machine
in this case.
The lead user of this is the QDEV GPIO framework which will implement
GPIO disconnects via an "unlink". GPIO disconnection is used by
qtest's irq_intercept_out command.
Cornelia Huck [Wed, 15 Oct 2014 13:15:26 +0000 (15:15 +0200)]
virtio-scsi: dataplane: stop trying on notifier error
There's no use to constantly trying to enable dataplane if we failed
to set up guest or host notifiers, so fence it off in that case.
We'll try again if the device is reinitialized.
Cornelia Huck [Wed, 15 Oct 2014 13:15:25 +0000 (15:15 +0200)]
virtio-scsi: dataplane: fail setup gracefully
The dataplane code is currently doing a hard exit on various setup
failures. In practice, this may mean that a guest suddenly dies after
a dataplane device failed to come up (e.g., when a file descriptor
limit is hit for the nth device).
Let's just try to unwind the setup instead and return.
Max Reitz [Thu, 16 Oct 2014 13:25:56 +0000 (15:25 +0200)]
qcow2: Do not overflow when writing an L1 sector
While writing an L1 table sector, qcow2_write_l1_entry() copies the
respective range from s->l1_table to the local "buf" array. The size of
s->l1_table does not have to be a multiple of L1_ENTRIES_PER_SECTOR;
thus, limit the index which is used for copying all entries to the L1
size.
projects / qemu.git / log