Andreas Färber [Wed, 16 Jan 2013 02:41:47 +0000 (03:41 +0100)]
target-i386: Update X86CPU to QOM realizefn
Adapt the signature of x86_cpu_realize(), hook up to
DeviceClass::realize and set realized = true in cpu_x86_init().
The QOM realizefn cannot depend on errp being non-NULL as in
cpu_x86_init(), so use a local Error to preserve error handling behavior
on APIC initialization errors.
Andreas Färber [Sat, 5 Jan 2013 09:18:18 +0000 (10:18 +0100)]
target-arm: Update ARMCPU to QOM realizefn
Turn arm_cpu_realize() into a QOM realize function, no longer called
via cpu.h prototype. To maintain the semantics of cpu_init(), set
realized = true explicitly in cpu_arm_init().
Move GDB coprocessor registration, CPU reset and vCPU initialization
into the realizefn.
Add function comments to the routines, documenting the corner
cases upon which we are standardizing. Fix the few instances
of non-standard coding style.
Peter Maydell [Mon, 11 Feb 2013 16:41:25 +0000 (16:41 +0000)]
qemu-log: Rename CPULogItem, cpu_log_items to QEMULogItem, qemu_log_items
Rename the typedef CPULogItem and the public array cpu_log_items
to names that better reflect the fact that the qemu_log functionality
isn't restricted to TCG CPU debug logs any more.
Peter Maydell [Mon, 11 Feb 2013 16:41:24 +0000 (16:41 +0000)]
cpus.c: Drop unnecessary set_cpu_log()
The set_cpu_log() function in cpus.c is a fairly simple wrapper
which is only called from one location. Just inline the code
into vl.c, since there is no need to indirect it via cpus.c
and the handling of the error case is more appropriate to vl.c.
Peter Maydell [Mon, 11 Feb 2013 16:41:21 +0000 (16:41 +0000)]
qemu-log: Abstract out "print usage message about valid log categories"
Abstract out the "print a human readable list of all the
valid log categories" functionality which is currently duplicated
in three separate places. (We leave the monitor.c help_cmd()
implementation as-is since it wants to send the message to
the monitor and add its own information.)
Peter Maydell [Mon, 11 Feb 2013 16:41:20 +0000 (16:41 +0000)]
qemu-log: Unify {cpu_set,set_cpu}_log_filename as qemu_set_log_filename
The qemu_log() functionality is no longer specific to TCG CPU debug logs.
Rename cpu_set_log_filename() to qemu_set_log_filename() and drop the
pointless wrapper set_cpu_log_filename().
Evgeny Voevodin [Thu, 31 Jan 2013 18:47:23 +0000 (01:47 +0700)]
TCG: Move translation block variables to new context inside tcg_ctx: tb_ctx
It's worth to clean-up translation blocks variables and move them
into one context as was suggested by Swirl.
Also if we use this context directly inside tcg_ctx, then it
speeds up code generation a bit.
The device returns false from the can receive function when the FIFO is
full. This means the device should check for buffered input whenever a byte is
popped from the FIFO.
Stefan Hajnoczi [Wed, 13 Feb 2013 08:25:34 +0000 (09:25 +0100)]
block/curl: only restrict protocols with libcurl>=7.19.4
The curl_easy_setopt(state->curl, CURLOPT_PROTOCOLS, ...) interface was
introduced in libcurl 7.19.4. Therefore we cannot protect against
CVE-2013-0249 when linking against an older libcurl.
Andreas Färber [Tue, 12 Feb 2013 22:16:06 +0000 (23:16 +0100)]
net: Avoid NULL function pointer dereference on cleanup
The pSeries machine and some other devices don't supply a cleanup
callback. Revert part of 1ceef9f27359cbe92ef124bf74de6f792e71f6fb that
started calling it unconditionally.
Cornelia Huck [Thu, 7 Feb 2013 02:20:51 +0000 (02:20 +0000)]
s390: Fix handling of iscs.
There are two ways to express an interruption subclass:
- As a bitmask, as used in cr6.
- As a number, as used in the I/O interruption word.
Unfortunately, we have treated to I/O interruption word as if it
contained the bitmask as well, which went unnoticed so far as
- (queued-for-next) kvm made the same mistake, and
- Linux guest kernels don't check the isc value in the I/O interruption
word for subchannel interrupts.
Make sure that we treat the I/O interruption word correctly.
Cornelia Huck [Thu, 7 Feb 2013 02:20:50 +0000 (02:20 +0000)]
s390: Keep I/O interrupts enabled for all iscs.
do_io_interrupt() would stop scanning further iscs if it found
an I/O interrupt it could inject. This might cause the pending
interrupt indication for I/O interrupts to be reset although there
might be queued I/O interrupts for subsequent iscs.
Fix this by reordering the logic: Inject the I/O interrupt immediately
and continue searching all iscs for queued interrupts.
s390/sclpconsole: prevent char layer callback during initialization
Starting a qemu with an sclp console and pressing a key very early
can result in
"qemu-system-s390x: hw/s390x/sclpconsole.c:60: receive_from_chr_layer:
Assertion `scon->iov' failed."
Lets make sure that the init process is finished, since the iov is
allocated after CHR_EVENT_OPENED by also checking for scon->iov.
Pulled the qdev_create functionality out of xilinx_axiethernet_create() and
pushed it up to the petalogix_ml605_mmu machine model. This makes the ethernet
create+init process consistent with the AXI DMA. Renamed function to
xilinx_axiethernet_init accordingly.
Stefan Hajnoczi [Tue, 12 Feb 2013 09:37:15 +0000 (10:37 +0100)]
block-migration: fix pending() and iterate() return values
The return value of .save_live_pending() is the number of bytes
remaining. This is just an estimate because we do not know how many
blocks will be dirtied by the running guest.
Currently our return value for .save_live_pending() is wrong because it
includes dirty blocks but not in-flight bdrv_aio_readv() requests or
unsent blocks. Crucially, it also doesn't include the bulk phase where
the entire device is transferred - therefore we risk completing block
migration before all blocks have been transferred!
The return value of .save_live_iterate() is the number of bytes
transferred this iteration. Currently we return whether there are bytes
remaining, which is incorrect.
Move the bytes remaining calculation into .save_live_pending() and
really return the number of bytes transferred this iteration in
.save_live_iterate().
Also fix the %ld format specifier which was used for a uint64_t
argument. PRIu64 must be use to avoid warnings on 32-bit hosts.
Stefan Hajnoczi [Tue, 12 Feb 2013 09:37:14 +0000 (10:37 +0100)]
migration: make qemu_ftell() public and support writable files
Migration .save_live_iterate() functions return the number of bytes
transferred. The easiest way of doing this is by calling qemu_ftell(f)
at the beginning and end of the function to calculate the difference.
Make qemu_ftell() public so that block-migration will be able to use it.
Also adjust the ftell calculation for writable files where buf_offset
does not include buf_size.
Stefan Hajnoczi [Tue, 12 Feb 2013 13:34:05 +0000 (14:34 +0100)]
trace: deal with deprecated glib thread functions
g_thread_create() was deprecated in favor of g_thread_new() and
g_cond_new() was deprecated in favor of GCond initialization. If the
host has glib 2.31 or newer, avoid using the deprecated functions.
This patch solves compiler warnings that are generated when glib's
deprecated functions are used.
Jeff Cody's testing revealed that the interpretation of size differs
even between VirtualPC and HyperV. Revert this so there is time to
consider the impact of any backwards incompatible behavior this change
creates.
Stefan Hajnoczi [Tue, 5 Feb 2013 11:28:33 +0000 (12:28 +0100)]
block/raw-posix: detect readonly Linux block devices using BLKROGET
Linux block devices can be set read-only with "blockdev --setro
<device>". The same thing can be done for LVM volumes using "lvchange
--permission r <volume>". This read-only setting is independent of
device node permissions. Therefore the device can still be opened
O_RDWR but actual writes will fail.
This results in odd behavior for QEMU. bdrv_open() is supposed to fail
if a read-only image is being opened with BDRV_O_RDWR. By not failing
for Linux block devices, the guest boots up but every write produces an
I/O error.
This patch checks whether the block device is read-only so that Linux
block devices behave like regular files.
Kuo-Jung Su [Mon, 4 Feb 2013 09:56:25 +0000 (17:56 +0800)]
hw/m25p80.c: add WRSR(0x01) support
Atmel, SST and Intel/Numonyx serial flash tend to power up
with the software protection bits set.
And thus the new m25p80.c in linux kernel would always tries
to use WREN(0x06) + WRSR(0x01) to turn-off the protection.
The WEL(0x02) of status register is supposed to be cleared after
WRSR(0x01). There are also some drivers (i.e mine for RTOSes)
would check the WEL(0x02) in status register to make sure the
protection is correctly turned off.
Stefan Hajnoczi [Mon, 11 Feb 2013 16:01:45 +0000 (17:01 +0100)]
migration: restrict scope of incoming fd read handler
The incoming migration is processed in a coroutine and uses an fd read
handler to enter the yielded coroutine when data becomes available.
The read handler was set too broadly, so that spurious coroutine entries
were be triggered if other coroutine users yielded (like the block
layer's bdrv_write() function).
Install the fd read only only when yielding for more data to become
available. This prevents spurious coroutine entries which break code
that assumes only a specific set of places can re-enter the coroutine.
This patch fixes crashes in block/raw-posix.c that are triggered with
"migrate -b" when qiov becomes a dangling pointer due to a spurious
coroutine entry that frees qiov early.
Andreas Färber [Mon, 11 Feb 2013 16:41:54 +0000 (17:41 +0100)]
libi2c-omap: Fix endianness dependency
The libqos driver for omap_i2c currently does not work on Big Endian.
Introduce helpers for reading from and writing to 16-bit armel registers.
This fixes tmp105-test failures on ppc.
To prepare for a QTest-level endianness solution, poison mem{read,write}
and always use the helpers. Adopt the expected signatures.
To avoid an unused variable warning, assert the STAT Single Byte Data
bit but, due to it not getting cleared, only it being set when len == 1.
Andreas Färber [Mon, 11 Feb 2013 16:41:53 +0000 (17:41 +0100)]
qtest: Use strtoull() for uint64_t
On 32-bit hosts, unsigned long may be uint32_t and uint64_t may be
unsigned long long. Account for this by always using strtoull().
We were already using strtoll() for int64_t.
qemu-option: Disable two helpful messages that got broken recently
commit 8be7e7e4 and commit ec7b2ccb messed up the ordering of error
message and the helpful explanation that should follow it, like this:
$ qemu-system-x86_64 --nodefaults -S --vnc :0 --chardev null,id=,
Identifiers consist of letters, digits, '-', '.', '_', starting with a letter.
qemu-system-x86_64: -chardev null,id=,: Parameter 'id' expects an identifier
$ qemu-system-x86_64 --nodefaults -S --vnc :0 --machine kvm_shadow_mem=dunno
You may use k, M, G or T suffixes for kilobytes, megabytes, gigabytes and terabytes.
qemu-system-x86_64: -machine kvm_shadow_mem=dunno: Parameter 'kvm_shadow_mem' expects a size
error: Clean up error strings with embedded newlines
The arguments of error_report() should yield a short error string
without newlines.
A few places try to print additional help after the error message by
embedding newlines in the error string. That's nice, but let's do it
the right way.
Since I'm touching these lines anyway, drop a stray preposition and
some tabs. We don't use tabs for similar messages elsewhere.
Stefan Hajnoczi [Fri, 8 Feb 2013 07:49:10 +0000 (08:49 +0100)]
block/curl: disable extra protocols to prevent CVE-2013-0249
There is a buffer overflow in libcurl POP3/SMTP/IMAP. The workaround is
simple: disable extra protocols so that they cannot be exploited. Full
details here:
http://curl.haxx.se/docs/adv_20130206.html
QEMU only cares about HTTP, HTTPS, FTP, FTPS, and TFTP. I have tested
that this fix prevents the exploit on my host with
libcurl-7.27.0-5.fc18.
Jesse Larrew [Tue, 5 Feb 2013 23:47:17 +0000 (17:47 -0600)]
hw/virtio-net: disable multiqueue by default
The new multiqueue feature adds fields to the virtio device config, which
breaks Windows guests. Disable the feature by default until the Windows
drivers are fixed.
Jesse Larrew [Tue, 5 Feb 2013 23:47:16 +0000 (17:47 -0600)]
hw/virtio-net.c: set config size using host features
Currently, the config size for virtio devices is hard coded. When a new
feature is added that changes the config size, drivers that assume a static
config size will break. For purposes of backward compatibility, there needs
to be a way to inform drivers of the config size needed to accommodate the
set of features enabled.
aliguori: merged in
- hw/virtio-net: use existing macros to implement endof
- hw/virtio-net: fix config_size data type
Michael Roth [Thu, 7 Feb 2013 00:25:48 +0000 (18:25 -0600)]
net: fix infinite loop on exit
1ceef9f27359cbe92ef124bf74de6f792e71f6fb added handling for cleaning
up multiple queues in qemu_del_nic() for cases where multiqueue is in
use. To determine the number of queues it looks at nic->conf->queues,
then iterates through all the queues to cleanup the associated
NetClientStates. If no queues are found, no NetClientStates are deleted.
However, nic->conf->queues is only set when a peer is created via
-netdev or netdev_add, and is otherwise 0. This causes us to spin in
net_cleanup() if we attempt to shut down qemu before adding a host
device.
Since qemu_new_nic() unconditionally creates at least 1
queue/NetClientState at queue idx 0, make qemu_del_nic() always attempt
to clean it up.
Peter Maydell [Tue, 5 Feb 2013 20:44:23 +0000 (20:44 +0000)]
tests/test-string-input-visitor: Handle errors provoked by fuzz test
It's OK and expected for visitors to return errors when presented with
the fuzz test's random data. Since the fuzzer doesn't care about
errors, we pass in NULL rather than an Error**. This fixes a bug in
the fuzzer where it was passing the same Error** into each visitor,
with the effect that once one visitor returned an error, each later
visitor would notice that it had been passed in an Error** representing
an already set error, and do nothing.
For the case of visit_type_str() we also need to handle the case where
an error means that the visitor doesn't set our char*. We initialize
the pointer to NULL so we can safely g_free() it regardless of whether
the visitor allocated a string for us or not.
This fixes a problem where this test failed the MacOSX malloc()
consistency checks and might segfault on other platforms [due
to calling free() on an uninitialized pointer variable when
visit_type_str() failed.].
Peter Maydell [Thu, 31 Jan 2013 12:50:40 +0000 (12:50 +0000)]
linux-user: Restore cast to target type in get_user()
Commit 658f2dc97 accidentally dropped the cast to the target type of
the value loaded by get_user(). The most visible effect of this would
be that the sequence "uint64_t v; get_user_u32(v, addr)" would sign
extend the 32 bit loaded value into v rather than zero extending as
would be expected for a _u32 accessor. Put the cast back again to
restore the old behaviour.
Peter Maydell [Sat, 2 Feb 2013 15:13:02 +0000 (15:13 +0000)]
hw/pxa2xx: Fix transposed crn/crm values for pxa2xx cp14 perf regs
When the pxa2xx performance counter related cp14 registers were converted
from a switch-statement implementation to the new table driven cpregs
format in commit dc2a9045c, the crn and crm values for all these
registers were accidentally transposed. Fix this mistake, which was
causing OpenBSD for Zaurus to fail to boot.
Anthony Liguori [Wed, 6 Feb 2013 22:36:16 +0000 (16:36 -0600)]
Merge remote-tracking branch 'stefanha/tracing' into staging
# By Markus Armbruster
# Via Stefan Hajnoczi
* stefanha/tracing:
trace: Fix location of simpletrace.py in docs
trace: Clean up the "try to update atomic until it worked" loops
trace: Direct access of atomics is verboten, use the API
trace: Fix simple trace dropped event record for big endian
Anthony Liguori [Wed, 6 Feb 2013 22:36:11 +0000 (16:36 -0600)]
Merge remote-tracking branch 'stefanha/trivial-patches' into staging
# By Michael Tokarev (1) and Stefan Weil (1)
# Via Stefan Hajnoczi
* stefanha/trivial-patches:
vnc: recognize Hungarian doubleacutes
target-m68k: Fix comment
As a general rule, HMP commands must be built on top of the QMP API.
Luiz and others have worked long & hard to make HMP conform to this
rule.
Commit f1088908 added chardev-add, in violation of this rule. QMP
command chardev-add was added right before, with minimal features, and
the idea to complete it step by step, then switch over the HMP command
to use it.
Unfortunately, we're not there, yet, and we don't want to release with
chardev-add in a "HMP is more powerful than QMP" state.
Disable the HMP command for now, along with its chardev-remove buddy.
qemu-char: Saner naming of memchar stuff & doc fixes
New device, has never been released, so we can still improve things
without worrying about compatibility.
Naming is a mess. The code calls the device driver CirMemCharDriver,
the public API calls it "memory", "memchardev", or "memchar", and the
special commands are named like "memchar-FOO". "memory" is a
particularly unfortunate choice, because there's another character
device driver called MemoryDriver. Moreover, the device's distinctive
property is that it's a ring buffer, not that's in memory. Therefore:
* Rename CirMemCharDriver to RingBufCharDriver, and call the thing a
"ringbuf" in the API.
* Rename QMP and HMP commands from memchar-FOO to ringbuf-FOO.
* Rename device parameter from maxcapacity to size (simple words are
good for you).
* Clearly mark the parameter as optional in documentation.
* Fix error reporting so that chardev-add reports to current monitor,
not stderr.
* Replace cirmem in C identifiers by ringbuf.
* Rework documentation. Document the impact of our crappy UTF-8
handling on reading.
* QMP examples that even work.
I could split this up into multiple commits, but they'd change the
same documentation lines multiple times. Not worth it.
Inline trivial cirmem_chr_is_empty() into its only caller.
Rename qemu_chr_cirmem_count() to cirmem_count().
Fast ring buffer index wraparound. Without this, there's no point in
restricting size to a power two.
qemu_is_chr(chr, "memory") returns *zero* when chr is a memory
character device, which isn't what I'd expect. Replace it by the
saner and more obviously correct chr_is_cirmem(). Also avoids
encouraging testing for specific character devices elsewhere.
Since these values can possibly be sent from guest (for hw/9pfs), do a sanity check
on them. A 9p write request with 0 bytes caused qemu to abort without this patch
projects / qemu.git / log