Stefan Hajnoczi [Sat, 9 Jul 2011 09:22:07 +0000 (10:22 +0100)]
os-posix: set groups properly for -runas
Andrew Griffiths reports that -runas does not set supplementary group
IDs. This means that gid 0 (root) is not dropped when switching to an
unprivileged user.
Add an initgroups(3) call to use the -runas user's /etc/groups
membership to update the supplementary group IDs.
esp: cancel current request only if some request is in flight
This bug was introduced in 94d3f98a3f3caddd7875f9a11776daeb84962a7b:
scsi_cancel_io was checking if some request was pending before trying
to cancel it, while scsi_req_cancel always cancels the request.
This may lead to a crash of Qemu due to dereferencing a NULL pointer,
as exhibited by NetBSD 5.1 installer on MIPS Magnum emulation.
Peter Maydell [Mon, 4 Jul 2011 21:02:46 +0000 (22:02 +0100)]
target-alpha, target-ppc: Remove unnecessary setjmp.h include
Remove the include of setjmp.h from the cpu.h of target-alpha
and target-ppc. This is unnecessary because cpu-defs.h already
includes this header; this change brings these two targets
into line with all the rest.
Stefan Weil [Mon, 4 Jul 2011 18:52:38 +0000 (20:52 +0200)]
Remove unneeded setjmp.h (fix compilation on Debian "lenny")
Some versions of png.h cannot be included after setjmp.h,
even when PNG_SKIP_SETJMP_CHECK was defined.
setjmp.h was included from qemu-common.h and is not needed there.
Removing the include statement fixes compilation of ui/vnc-enc-tight.c
with CONFIG_VNC_PNG defined.
Jan Kiszka [Sat, 2 Jul 2011 07:50:51 +0000 (09:50 +0200)]
tcg: Reload local variables after return from longjmp
Recent compilers look deep into cpu_exec, find longjmp as a noreturn
function and decide to smash some stack variables as they won't be used
again. This may lead to env becoming invalid after return from setjmp,
causing crashes. Fix it by reloading env from cpu_single_env in that
case.
Peter Maydell [Wed, 22 Jun 2011 14:16:32 +0000 (15:16 +0100)]
exec-all.h: Make MAX_OP_PER_INSTR large enough for target-arm's uses
The target-arm frontend's worst-case TCG ops per instr is 194 (and in
general many of the "load multiple registers" ARM instructions generate
more than 100 TCG ops). Raise MAX_OP_PER_INSTR accordingly to avoid
possible buffer overruns.
Since it doesn't make any sense for the "64 bit guest on 32 bit host"
case to have a smaller limit than the normal case, we collapse the
two cases back into each other again.
(This increase costs us about 14K in extra static buffer space and
21K of extra margin at the end of a 32MB codegen buffer.)
Peter Maydell [Wed, 22 Jun 2011 10:58:25 +0000 (11:58 +0100)]
exec.c: Fix calculation of code_gen_buffer_max_size
When calculating the point at which we should not try to put another
TB into the code gen buffer, we have to allow not just for OPC_MAX_SIZE
but OPC_BUF_SIZE. This is because the target translate.c will only
stop when an instruction has put it past the OPC_MAX_SIZE limit, so
we have to include the MAX_OP_PER_INSTR margin which that final insn
might have used.
Alexander Graf [Wed, 6 Jul 2011 07:09:23 +0000 (09:09 +0200)]
exec: add endian specific phys ld/st functions
Device code some times needs to access physical memory and does that
through the ld./st._phys functions. However, these are the exact same
functions that the CPU uses to access memory, which means they will
be endianness swapped depending on the target CPU.
However, devices don't know about the CPU's endianness, but instead
access memory directly using their own interface to the memory bus,
so they need some way to read data with their native endianness.
This patch adds _le and _be functions to ld./st._phys.
Kevin Wolf [Mon, 4 Jul 2011 12:43:58 +0000 (14:43 +0200)]
ide: Initialise buffers with zeros
Just in case there's still a way how a guest can read out buffers when it's not
supposed to, let's zero the buffers during initialisation so that we don't leak
information to the guest.
Kevin Wolf [Mon, 4 Jul 2011 12:07:50 +0000 (14:07 +0200)]
ide: Ignore reads during PIO in and writes during PIO out
This fixes https://bugs.launchpad.net/qemu/+bug/786209:
When the DRQ_STAT bit is set, the IDE core permits both data reads
and data writes, regardless of whether the current transfer was
initiated as a read or write.
This potentially leaks uninitialized host memory into the guest,
if, before doing anything else to an IDE device, the guest begins a
write transaction (e.g. WIN_WRITE), but then *reads* from the IO
port instead of writing to it.
block/raw-posix: Linux compat-ioctl warning workaround
On Linux x86_64 host with 32bit userspace, running
qemu or even just "qemu-img create -f qcow2 some.img 1G"
causes a kernel warning:
ioctl32(qemu-img:5296): Unknown cmd fd(3) cmd(00005326){t:'S';sz:0} arg(7fffffff) on some.img
ioctl32(qemu-img:5296): Unknown cmd fd(3) cmd(801c0204){t:02;sz:28} arg(fff77350) on some.img
ioctl 00005326 is CDROM_DRIVE_STATUS,
ioctl 801c0204 is FDGETPRM.
The warning appears because the Linux compat-ioctl handler for these
ioctls only applies to block devices, while qemu also uses the ioctls on
plain files. Work around by calling fstat() the ensure the ioctls are
only used on block devices.
qemu-img currently writes disk images using writeback and filling
up the cache buffers which are then flushed by the kernel preventing
other processes from accessing the storage.
This is particularly bad in cluster environments where time-based
algorithms might be in place and accessing the storage within
certain timeouts is critical.
This patch adds the option to choose a cache method when writing
disk images.
Blue Swirl [Fri, 1 Jul 2011 21:12:50 +0000 (21:12 +0000)]
Merge branch 'ppc-next' of git://repo.or.cz/qemu/agraf
* 'ppc-next' of git://repo.or.cz/qemu/agraf:
PPC: move TLBs to their own arrays
PPC: 440: Use 440 style MMU as default, so Qemu knows the MMU type
PPC: E500: Use MAS registers instead of internal TLB representation
PPC: Only set lower 32bits with mtmsr
PPC: update openbios firmware
PPC: mpc8544ds: Add hypervisor node
PPC: calculate kernel,initrd,cmdline locations dynamically
target-ppc: Handle memory-forced I/O controller access
PPC: E500: Implement reboot controller
I get a segfault when booting a Fedora 14 guest. The backtrace says:
Program terminated with signal 11, Segmentation fault.
#0 0x0000000000420850 in handle_control_message (vser=0x3732bd0, buf=0x2c173e0, len=8) at /home/lcapitulino/src/qmp-unstable/hw/virtio-serial-bus.c:335
335 info = DO_UPCAST(VirtIOSerialPortInfo, qdev, port->dev.info);
What's happening is VIRTIO_CONSOLE_DEVICE_READY is a message for the
whole device, not for an individual port. So port is NULL. This bug was
introduced by commit a15bb0d6a981de749452a5180fc8084d625671da.
This commit fixes that by making the port returned by find_port_by_id()
be used only by the VIRTIO_CONSOLE_PORT_READY and
VIRTIO_CONSOLE_PORT_OPEN messages.
Blue Swirl [Sat, 28 May 2011 06:51:52 +0000 (06:51 +0000)]
TCG/x86: use TCG_REG_CALL_STACK instead of TCG_REG_ESP
Except for specific cases where the use of %esp changes the encoding of
the instruction, it's cleaner to use TCG_REG_CALL_STACK instead of
TCG_REG_ESP.
Blue Swirl [Sat, 28 May 2011 07:13:05 +0000 (07:13 +0000)]
TCG: remove broken stack allocation for call arguments
The code for stack allocation for call arguments is way too simplistic
to actually work on targets with non-trivial stack allocation policies,
e.g. ppc64. We've also already allocated TCG_STATIC_CALL_ARGS_SIZE worth
of stack for calls which should be well more than any helper needs.
Remove broken dynamic stack allocation code and replace it with an assert.
Should dynamic stack allocation ever be needed again, target specific
functions should be added.
Blue Swirl [Mon, 16 May 2011 19:38:48 +0000 (19:38 +0000)]
x86: use caller supplied CPUState for interrupt related stuff
Several x86 specific functions are called from cpu-exec.c with the
assumption that global env register is valid. This will be changed
later, so make the functions use caller supplied CPUState parameter.
It would be cleaner to move the functions to helper.c, but there are
quite a lot of dependencies between do_interrupt() and other functions.
Add helpers for svm_check_intercept() and cpu_cc_compute_all() instead
of calling the helper (which uses global env, AREG0) directly.
Jan Kiszka [Thu, 23 Jun 2011 08:05:12 +0000 (10:05 +0200)]
Fix fallouts from Linux header inclusion
This is an all-in-one fix for the smaller and bigger mistakes of the
build system changes for accompanied Linux headers:
- only enable KVM and vhost on Linux hosts
- fix powerpc asm header symlink
- do not use Linux headers on non-Linux hosts
- fix kvmclock for !CONFIG_KVM
- fix s390 build on non-Linux hosts
Strip trailing '\n' from error_report()'s first argument
error_report() prepends location, and appends a newline. The message
constructed from the arguments should not contain a newline. Fix the
obvious offenders.
Peter Maydell [Fri, 3 Jun 2011 16:10:40 +0000 (17:10 +0100)]
configure: Don't create symlinks to nonexistent targets
When we create the symlinks to source tree files, don't create them
if the file is not actually present in the source tree; this will
happen if the file is in a git submodule that wasn't checked out.
This also avoids the odd effect where an in-source-tree configure
will end up creating the missing file as a symlink to itself.
Andreas Färber [Thu, 23 Jun 2011 14:24:45 +0000 (16:24 +0200)]
coreaudio: Fix OSStatus format specifier
OSStatus type is defined as SInt32. That's signed int on __LP64__ and
signed long otherwise.
Since it is an explicit 32-bit-width type, cast to corresponsing POSIX type
and use PRId32 format specifier. This avoids a warning on ppc64.
Andreas Färber [Thu, 23 Jun 2011 14:24:46 +0000 (16:24 +0200)]
coreaudio: Avoid formatting UInt32 type
coreaudioVoiceOut's audioDevicePropertyBufferFrameSize is defined as UInt32
and is being used by reference for AudioDevice{Get,Set}Property().
UInt32 is unsigned int on __LP64__ but unsigned long otherwise.
Cast to POSIX type and use PRIu32 format specifier to hide the details.
This avoids a warning on ppc64.
Peter Maydell [Wed, 15 Jun 2011 17:22:35 +0000 (18:22 +0100)]
hw/usb-ohci.c: Fix handling of remote wakeup corner cases
Correct a number of minor errors in the OHCI wakeup implementation:
* when the port is suspended but the controller is not, raise RHSC
* when the controller is suspended but the port is not, raise RD
* when the controller is suspended, move it to resume state
These fix some edge cases where a USB device might not successfully get
the attention of the guest OS if it tried to do so at the wrong time.
Hans de Goede [Mon, 30 May 2011 09:40:45 +0000 (11:40 +0200)]
usb-linux: allow "compatible" high speed devices to connect at fullspeed
Some usb2 highspeed devices, like usb-msd devices, work fine when redirected
to a usb1 virtual controller. Allow this to avoid the new speedhecks causing
regressions for users who do not enable the new experimental ehci code.
Hans de Goede [Fri, 27 May 2011 12:27:18 +0000 (14:27 +0200)]
usb: Add a speedmask to devices
This is used to indicate at which speed[s] the device can operate,
so that this can be checked to match the ports capabilities when it gets
attached to a bus.
Note that currently all usb1 emulated device claim to be fullspeed, this
seems to not cause any problems, but still seems wrong, because with real
hardware keyboards, mice and tablets usually are lo-speed, so reporting these
as fullspeed devices seems wrong.
Gerd Hoffmann [Mon, 30 May 2011 14:24:29 +0000 (16:24 +0200)]
ehci: add freq + maxframes properties
Add properties for the wakeup rate and the max number of frames ehci
will process at once.
The wakeup rate defaults to 1000 which equals the usb frame rate. This
can be reduced to make qemu wake up less often when ehci is active.
In case the wakeup rate is reduced or the ehci timer is delayed due to
latency issues elsewhere in qemu ehci will process multiple frames at
once. The maxframes property specifies the upper limit for this.
Gerd Hoffmann [Fri, 10 Jun 2011 12:00:24 +0000 (14:00 +0200)]
usb-linux: track inflight iso urb count
Track the number of iso urbs which are currently in flight.
Log a message in case the count goes down to zero. Also
warn in case many urbs are returned at the same time.
Gerd Hoffmann [Fri, 10 Jun 2011 12:03:56 +0000 (14:03 +0200)]
usb-linux: make iso urb count contigurable
Add a qdev property for the number of iso urbs which
usb-linux keeps in flight, so it can be configured at
runtime. Make it default to four (old hardcoded value
used to be three).
Peter Maydell [Fri, 20 May 2011 15:50:01 +0000 (16:50 +0100)]
net: Warn about "-net nic" options which were ignored
Diagnose the case where the user asked for a NIC via "-net nic"
but the board didn't instantiate that NIC (for example where the
user asked for two NICs but the board only supports one). Note
that this diagnostic doesn't apply to NICs created through -device,
because those are always instantiated.
Peter Maydell [Fri, 20 May 2011 15:50:00 +0000 (16:50 +0100)]
net: Don't warn about the default network setup
Don't warn about the default network setup that you get if no command line
-net options are specified. There are two cases that we would otherwise
complain about:
(1) board doesn't support a NIC but the implicit "-net nic" requested one
(2) CONFIG_SLIRP not set, so the implicit "-net nic" sets up a nic that
isn't connected to anything
Peter Maydell [Fri, 20 May 2011 15:49:59 +0000 (16:49 +0100)]
Revert "net: Improve the warnings for dubious command line option combinations"
This reverts commit f68b9d672b90dedc79aeb9b44607f484dbe46a6b.
That attempt at diagnosing unused -net nic options failed to account
for NICs created via -device; back it out cleanly in preparation
for implementing in a different manner.
Avi Kivity [Mon, 20 Jun 2011 08:12:47 +0000 (11:12 +0300)]
Optimize screendump
When running kvm-autotest, fputc() is often the second highest (sometimes #1)
function showing up in a profile. This is due to fputc() locking the file
for every byte written.
Optimize by buffering a line's worth of pixels and writing that out in a
single call.
projects / qemu.git / log