Andreas Färber [Sat, 26 Jan 2013 11:45:14 +0000 (12:45 +0100)]
tests: Add gcov support for x86_64 qtest
Since x86_64 is a superset of i386 and reuses all its test cases, adopt
all the i386 gcov source files as well, substituting their paths
appropriately.
Michael Tokarev [Fri, 25 Jan 2013 17:23:24 +0000 (21:23 +0400)]
vmware_vga: fix out of bounds and invalid rects updating
This is a follow up for several attempts to fix this issue.
Previous incarnations:
1. http://thread.gmane.org/gmane.linux.ubuntu.bugs.general/3156089
https://bugs.launchpad.net/bugs/918791
"qemu-kvm dies when using vmvga driver and unity in the guest" bug.
Fix by Serge Hallyn:
https://launchpadlibrarian.net/94916786/qemu-vmware.debdiff
This fix is incomplete, since it does not check width and height
for being negative. Serge weren't sure if that's the right place
to fix it, maybe the fix should be up the stack somewhere.
2. http://thread.gmane.org/gmane.comp.emulators.qemu/166064
by Marek Vasut: "vmware_vga: Redraw only visible area"
This one adds the (incomplete) check to vmsvga_update_rect_delayed(),
the routine just queues the rect updating but does no interesting
stuff. It is also incomplete in the same way as patch by Serge,
but also does not touch width&height at all after adjusting x&y,
which is wrong.
As far as I can see, when processing guest requests, the device
places them into a queue (vmsvga_update_rect_delayed()) and
processes this queue in different place/time, namely, in
vmsvga_update_rect(). Sometimes, vmsvga_update_rect() is
called directly, without placing the request to the gueue.
This is the place this patch changes, which is the last
(deepest) in the stack. I'm not sure if this is the right
place still, since it is possible we have some queue optimization
(or may have in the future) which will be upset by negative/wrong
values here, so maybe we should check for validity of input
right when receiving request from the guest (and maybe even
use unsigned types there). But I don't know the protocol
and implementation enough to have a definitive answer.
But since vmsvga_update_rect() has other sanity checks already,
I'm adding the missing ones there as well.
Cc'ing BALATON Zoltan and Andrzej Zaborowski who shows in `git blame'
output and may know something in this area.
If this patch is accepted, it should be applied to all active
stable branches (at least since 1.1, maybe even before), with
minor context change (ds_get_*(s->vga.ds) => s->*). I'm not
Cc'ing -stable yet, will do it explicitly once the patch is
accepted.
BTW, these checks use fprintf(stderr) -- it should be converted
to something more appropriate, since stderr will most likely
disappear somewhere.
Peter Maydell [Thu, 24 Jan 2013 19:02:28 +0000 (19:02 +0000)]
hw/arm_boot: Align device tree to 4KB boundary, not page
Align the device tree blob to a 4KB boundary, not to QEMU's
idea of a page boundary -- the latter is the smallest possible
page size for the architecture, which on ARM is 1KB.
The documentation for Linux does not impose separation
or alignment requirements on the device tree blob, but
in practice some kernels will happily trash the entire
page the initrd ends in after they have finished uncompressing
the initrd. So 4KB-align the DTB to ensure it does not get
trampled by these kernels.
Andreas Färber [Thu, 24 Jan 2013 15:47:55 +0000 (16:47 +0100)]
make_device_config.sh: Fix target path in generated dependency file
config-devices.mak.d is included from Makefile.target, i.e. from inside
the *-softmmu/ directory. It included the directory path, so never
applied to the actual ./config-devices.mak. Symptoms were spurious
build failures due to missing dependency on default-configs/pci.mak.
Fix this by using `basename` to strip the directory path.
fw_cfg: Splash image loader can overrun a stack variable, fix
read_splashfile() passes the address of an int variable as size_t *
parameter to g_file_get_contents(), with a cast to gag the compiler.
No problem on machines where sizeof(size_t) == sizeof(int).
Happens to work on my x86_64 box (64 bit little endian): the least
significant 32 bits of the file size end up in the right place
(caller's variable file_size), and the most significant 32 bits
clobber a place that gets assigned to before its next use (caller's
variable file_type).
I'd expect it to break on a 64 bit big-endian box.
Fix up the variable types and drop the problematic cast.
Peter Maydell [Mon, 21 Jan 2013 12:50:56 +0000 (12:50 +0000)]
hw/pxa2xx_timer: Explicitly mark fallthroughs
Explicitly mark the fallthroughs as intentional in the code
pattern where we gradually increment an index before falling
into the code to read/write that array entry:
case THINGY_3: idx++;
case THINGY_2: idx++;
case THINGY_1: idx++;
case THINGY_0: return s->thingy[idx];
Peter Maydell [Mon, 21 Jan 2013 12:50:55 +0000 (12:50 +0000)]
hw/smc91c111: Add explicit 'return' rather than relying on fallthrough
Add an explicit 'return' statement to a case in smc91c111_readb
rather than relying on fallthrough to the following case's
return statement, for code clarity and to placate static analysers.
Peter Maydell [Mon, 21 Jan 2013 12:50:53 +0000 (12:50 +0000)]
hw/omap_dma, hw/omap_spi: Explicitly mark fallthroughs
Explicitly mark the fallthroughs as intentional in the code
pattern where we gradually increment an index before falling
into the code to read/write that array entry:
case THINGY_3: idx++;
case THINGY_2: idx++;
case THINGY_1: idx++;
case THINGY_0: return s->thingy[idx];
Peter Maydell [Mon, 21 Jan 2013 12:50:52 +0000 (12:50 +0000)]
hw/omap1.c: Add fallthrough markers and breaks
Explicitly mark cases where we are deliberately falling
through to the following code. In one case we insert a
'break' instead of falling through to a 'break', as this
seems slightly clearer.
Peter Maydell [Mon, 21 Jan 2013 12:50:51 +0000 (12:50 +0000)]
hw/arm_sysctl.c: Add missing 'break' statements
Add some break statements that were accidentally omitted
from some cases of arm_sysctl_write(). The omission was
harmless because in both cases the following case did
an immediate break, but adding the breaks explicitly
placates static analysers and avoids weird behaviour if
the following register is ever implemented as something
other than a no-op.
Michael Tokarev [Sat, 19 Jan 2013 14:58:09 +0000 (18:58 +0400)]
link seccomp only with softmmu targets
Now, if seccomp is detected, it is linked into every executable,
but is used only by softmmu targets (from vl.c). So link it
only where it is actually needed.
Paolo Bonzini [Sat, 19 Jan 2013 10:06:48 +0000 (11:06 +0100)]
build: remove extra-obj-y
extra-obj-y is somewhat complicated to understand. Replace it with a
special CONFIG_ALL symbol that is defined only at toplevel.
This limits the case of directories defining more than one
*-obj-y target.
Paolo Bonzini [Sat, 19 Jan 2013 10:06:47 +0000 (11:06 +0100)]
build: remove universal-obj-y
All of universal-obj-y, user-obj-y (right now unused) and common-obj-y can
be unified into common-obj-y if we take care of defining CONFIG_SOFTMMU
and CONFIG_USER_ONLY in the toplevel makefile. This is similar to how
we define symbols for hardware components.
Paolo Bonzini [Sat, 19 Jan 2013 10:06:45 +0000 (11:06 +0100)]
build: move around libcacard-y definition
It is also needed if !CONFIG_SOFTMMU, unlike everything that surrounds it. Signed-off-by: Paolo Bonzini <[email protected]> Signed-off-by: Blue Swirl <[email protected]>
Anthony Liguori [Thu, 24 Jan 2013 18:56:02 +0000 (12:56 -0600)]
Merge remote-tracking branch 'bonzini/scsi-next' into staging
# By Paolo Bonzini (1) and Peter Lieven (1)
# Via Paolo Bonzini
* bonzini/scsi-next:
iscsi: add support for iovectors
iscsi: do not leak acb->buf when commands are aborted
I'm not sure if the retry logic has ever worked when not using FIFO mode. I
found this while writing a test case although code inspection confirms it is
definitely broken.
The TSR retry logic will never actually happen because it is guarded by an
'if (s->tsr_rety > 0)' but this is the only place that can ever make the
variable greater than zero. That effectively makes the retry logic an 'if (0)
I believe this is a typo and the intention was >= 0. Once this is fixed thoug
I see double transmits with my test case. This is because in the non FIFO
case, serial_xmit may get invoked while LSR.THRE is still high because the
character was processed but the retransmit timer was still active.
We can handle this by simply checking for LSR.THRE and returning early. It's
possible that the FIFO paths also need some attention.
Cc: Stefano Stabellini <[email protected]> Signed-off-by: Anthony Liguori <[email protected]>
Even if the previous logic was never worked, new logic breaks stuff -
namely,
Paolo Bonzini [Tue, 22 Jan 2013 16:34:29 +0000 (17:34 +0100)]
iscsi: do not leak acb->buf when commands are aborted
acb->buf is freed in the WRITE(16) callback, but this may not
get called at all when commands are aborted. Add another
free in the ABORT TASK callback, which requires setting acb->buf
to NULL everywhere.
Grant Likely [Wed, 23 Jan 2013 16:15:25 +0000 (16:15 +0000)]
trivial: etraxfs_eth: Eliminate checkpatch errors
This is a trivial patch to harmonize the coding style on
hw/etraxfs_eth.c. This is in preparation to split off the bitbang mdio
code into a separate file.
Anthony Liguori [Wed, 23 Jan 2013 15:08:54 +0000 (09:08 -0600)]
Merge remote-tracking branch 'bonzini/scsi-next' into staging
# By Peter Lieven (3) and others
# Via Paolo Bonzini
* bonzini/scsi-next:
scsi: Drop useless null test in scsi_unit_attention()
lsi: use qbus_reset_all to reset SCSI bus
scsi: fix segfault with 0-byte disk
iscsi: add support for iSCSI NOPs [v2]
iscsi: partly avoid iovec linearization in iscsi_aio_writev
iscsi: add iscsi_create support
scsi: Drop useless null test in scsi_unit_attention()
req was created by scsi_req_alloc(), which initializes req->dev to a
value it dereferences. req->dev isn't changed anywhere else.
Therefore, req->dev can't be null.
Paolo Bonzini [Thu, 10 Jan 2013 14:08:05 +0000 (15:08 +0100)]
scsi: fix segfault with 0-byte disk
When a 0-sized disk is found, READ CAPACITY will return a
LUN NOT READY error. However, because it returns -1 instead
of zero, the HBA will call scsi_req_continue. This will
typically cause a segmentation fault or an assertion failure.
Peter Lieven [Thu, 6 Dec 2012 09:46:47 +0000 (10:46 +0100)]
iscsi: add support for iSCSI NOPs [v2]
This patch will send NOP-Out PDUs every 5 seconds to the iSCSI target.
If a consecutive number of NOP-In replies fail a reconnect is initiated.
iSCSI NOPs help to ensure that the connection to the target is still operational.
This should not, but in reality may be the case even if the TCP connection is still
alive if there are bugs in either the target or the initiator implementation.
v2:
- track the NOPs inside libiscsi so libiscsi can reset the counter
in case it initiates a reconnect.
Peter Lieven [Mon, 19 Nov 2012 14:58:31 +0000 (15:58 +0100)]
iscsi: partly avoid iovec linearization in iscsi_aio_writev
libiscsi expects all write16 data in a linear buffer. If the
iovec only contains one buffer we can skip the linearization
step as well as the additional malloc/free and pass the
buffer directly.
Peter Lieven [Sat, 17 Nov 2012 15:13:24 +0000 (16:13 +0100)]
iscsi: add iscsi_create support
This patch adds support for bdrv_create. This allows e.g.
to use qemu-img to convert from any supported device to
an iscsi backed storage as destination.
Alon Levy [Mon, 21 Jan 2013 12:48:07 +0000 (14:48 +0200)]
qxl: change rom size to 8192
This is a simpler solution to 869981, where migration breaks since qxl's
rom bar size has changed. Instead of ignoring fields in QXLRom, which is what has
actually changed, we remove some of the modes, a mechanism already
accounted for by the guest. The modes left allow for portrait and
landscape only modes, corresponding to orientations 0 and 1.
Orientations 2 and 3 are dropped.
Added assert so that rom size will fit the future QXLRom increases via
spice-protocol changes.
This patch has been tested with 6.1.0.10015. With the newer 6.1.0.10016
there are problems with both "(flipped)" modes prior to the patch, and
the patch loses the ability to set "Portrait" modes. But this is a
separate bug to be fixed in the driver, and besides the patch doesn't
affect the new arbitrary mode setting functionality.
Test isn't useless. scsi_req_enqueue() may finish the request (will
actually happen for requests which don't trigger any I/O such as
INQUIRY), then call usb_msd_command_complete() which in turn will
set s->req to NULL after unref'ing it.
Tim Hardeck [Mon, 21 Jan 2013 10:04:45 +0000 (11:04 +0100)]
vnc: fix possible uninitialized removals
Some VncState values are not initialized before the Websocket handshake.
If it fails QEMU segfaults during the cleanup. To prevent this behavior
intialization checks are added.
Tim Hardeck [Mon, 21 Jan 2013 10:04:44 +0000 (11:04 +0100)]
vnc: added initial websocket protocol support
This patch adds basic Websocket Protocol version 13 - RFC 6455 - support
to QEMU VNC. Binary encoding support on the client side is mandatory.
Because of the GnuTLS requirement the Websockets implementation is
optional (--enable-vnc-ws).
To activate Websocket support the VNC option "websocket"is used, for
example "-vnc :0,websocket".
The listen port for Websocket connections is (5700 + display) so if
QEMU VNC is started with :0 the Websocket port would be 5700.
As an alternative the Websocket port could be manually specified by
using ",websocket=<port>" instead.
Parts of the implementation base on Anthony Liguori's QEMU Websocket
patch from 2010 and on Joel Martin's LibVNC Websocket implementation.
Tim Hardeck [Mon, 21 Jan 2013 10:04:43 +0000 (11:04 +0100)]
vnc: added buffer_advance function
Following Anthony Liguori's Websocket implementation I have added the
buffer_advance function to VNC and replaced all related buffer memmove
operations with it.
Anthony Liguori [Mon, 21 Jan 2013 19:22:43 +0000 (13:22 -0600)]
Merge remote-tracking branch 'quintela/thread.next' into staging
# By Juan Quintela (7) and Paolo Bonzini (6)
# Via Juan Quintela
* quintela/thread.next:
migration: remove argument to qemu_savevm_state_cancel
migration: Only go to the iterate stage if there is anything to send
migration: unfold rest of migrate_fd_put_ready() into thread
migration: move exit condition to migration thread
migration: Add buffered_flush error handling
migration: move beginning stage to the migration thread
qemu-file: Only set last_error if it is not already set
migration: fix off-by-one in buffered_rate_limit
migration: remove double call to migrate_fd_close
migration: make function static
use XFER_LIMIT_RATIO consistently
Protect migration_bitmap_sync() with the ramlist lock
Unlock ramlist lock also in error case
Anthony Liguori [Mon, 21 Jan 2013 13:32:22 +0000 (07:32 -0600)]
Merge remote-tracking branch 'stefanha/trivial-patches' into staging
# By Stefan Weil (2) and others
# Via Stefan Hajnoczi
* stefanha/trivial-patches:
hw/tpci200: Fix compiler warning (redefined symbol with MinGW)
configure: silence pkg-config's check for curses
acpitable: open the data file in binary mode
hw: Spelling fix in log message
Stefan Weil [Mon, 21 Jan 2013 06:49:51 +0000 (07:49 +0100)]
hw/tpci200: Fix compiler warning (redefined symbol with MinGW)
STATUS_TIMEOUT is defined in winnt.h:
CC hw/tpci200.o
hw/tpci200.c:34:0:
warning: "STATUS_TIMEOUT" redefined [enabled by default]
/usr/lib/gcc/x86_64-w64-mingw32/4.6/../../../../x86_64-w64-mingw32/include/winnt.h:1036:0:
note: this is the location of the previous definition
Use STATUS_TIME instead of STATUS_TIMEOUT as suggested by Alberto Garcia.
Michael Tokarev [Thu, 17 Jan 2013 10:53:52 +0000 (14:53 +0400)]
acpitable: open the data file in binary mode
-acpitable {file|data}=file reads the content of file, but it is
in binary form, so the file should be opened usin O_BINARY flag.
On *nix it is a no-op, but on windows and other weird platform
it is really needed.
Anthony Liguori [Sun, 20 Jan 2013 17:01:10 +0000 (11:01 -0600)]
Merge remote-tracking branch 'stefanha/block' into staging
# By Kevin Wolf (4) and others
# Via Stefan Hajnoczi
* stefanha/block:
dataplane: support viostor virtio-pci status bit setting
dataplane: avoid reentrancy during virtio_blk_data_plane_stop()
win32-aio: use iov utility functions instead of open-coding them
win32-aio: Fix memory leak
win32-aio: Fix vectored reads
aio: Fix return value of aio_poll()
ide: Remove wrong assertion
block: fix null-pointer bug on error case in block commit
Stefan Weil [Sat, 19 Jan 2013 19:23:51 +0000 (20:23 +0100)]
tci: Fix broken build (regression)
s390x-linux-user now also uses GETPC. Instead of adding it to the list of
targets which use GETPC, the macro is now defined unconditionally.
This avoids future build regressions like this one:
CC s390x-linux-user/target-s390x/int_helper.o
cc1: warnings being treated as errors
qemu/target-s390x/int_helper.c: In function ‘helper_divs32’:
qemu/target-s390x/int_helper.c:47: error: implicit declaration of function ‘GETPC’
qemu/target-s390x/int_helper.c:47: error: nested extern declaration of ‘GETPC’
Andreas Färber [Fri, 18 Jan 2013 18:30:13 +0000 (19:30 +0100)]
cpu-defs.h: Drop qemu_work_item prototype
Commit c64ca8140e9c21cd0d44c10fbe1247cb4ade8e6e (cpu: Move
queued_work_{first,last} to CPUState) moved the qemu_work_item fields
away. Clean up the now unused prototype.
Peter Maydell [Thu, 17 Jan 2013 20:04:16 +0000 (20:04 +0000)]
tcg/target-arm: Add missing parens to assertions
Silence a (legitimate) complaint about missing parentheses:
tcg/arm/tcg-target.c: In function ‘tcg_out_qemu_ld’:
tcg/arm/tcg-target.c:1148:5: error: suggest parentheses around
comparison in operand of ‘&’ [-Werror=parentheses]
tcg/arm/tcg-target.c: In function ‘tcg_out_qemu_st’:
tcg/arm/tcg-target.c:1357:5: error: suggest parentheses around
comparison in operand of ‘&’ [-Werror=parentheses]
which meant that we would mistakenly always assert if running
a QEMU built with debug enabled on ARM.
fw_cfg: Use void *, size_t instead of uint8_t *, uint32_t for blobs
Many callers pass size_t, which gets silently truncated to uint32_t.
Harmless, because all practical sizes are well below 4GiB. Clean it
up anyway. Size overflow now fails assertions.
Paolo Bonzini [Fri, 11 Jan 2013 23:42:53 +0000 (15:42 -0800)]
optimize: optimize using nonzero bits
This adds two optimizations using the non-zero bit mask. In some cases
involving shifts or ANDs the value can become zero, and can thus be
optimized to a move of zero. Second, useless zero-extension or an
AND with constant can be detected that would only zero bits that are
already zero.
The main advantage of this optimization is that it turns zero-extensions
into moves, thus enabling much better copy propagation (around 1% code
reduction). Here is for example a "test $0xff0000,%ecx + je" before
optimization:
In some cases TCG even outsmarts GCC. :) Here the input code has
"and $0x2,%eax + movslq %eax,%rbx + test %rbx, %rbx" and the optimizer,
thanks to copy propagation, does the following:
Paolo Bonzini [Fri, 11 Jan 2013 23:42:52 +0000 (15:42 -0800)]
optimize: track nonzero bits of registers
Add a "mask" field to the tcg_temp_info struct. A bit that is zero
in "mask" will always be zero in the corresponding temporary.
Zero bits in the mask can be produced from moves of immediates,
zero-extensions, ANDs with constants, shifts; they can then be
be propagated by logical operations, shifts, sign-extensions,
negations, deposit operations, and conditional moves. Other
operations will just reset the mask to all-ones, i.e. unknown.
Paolo Bonzini [Fri, 11 Jan 2013 23:42:51 +0000 (15:42 -0800)]
optimize: only write to state when clearing optimizer data
The next patch will add to the TCG optimizer a field that should be
non-zero in the default case. Thus, replace the memset of the
temps array with a loop. Only the state field has to be up-to-date,
because others are not used except if the state is TCG_TEMP_COPY
or TCG_TEMP_CONST.
Blue Swirl [Sat, 19 Jan 2013 09:56:41 +0000 (09:56 +0000)]
Merge branch 'ppc-for-upstream' of git://repo.or.cz/qemu/agraf
* 'ppc-for-upstream' of git://repo.or.cz/qemu/agraf:
PPC: KVM: Add support for EPR with KVM
openpic: export e500 epr enable into a ppc.c function
Update Linux kernel headers
PPC: e500: Change in-memory order of load blobs
PPC: Provide zero SVR for -cpu e500mc and e5500
PPC: E500: Calculate loading blob offsets properly
openpic: set mixed mode as supported
openpic: unify gcr mode mask updates
openpic: move gcr write into a function
Blue Swirl [Sat, 19 Jan 2013 09:55:46 +0000 (09:55 +0000)]
Merge branch 's390-for-upstream' of git://repo.or.cz/qemu/agraf
* 's390-for-upstream' of git://repo.or.cz/qemu/agraf:
s390: Add a hypercall registration interface.
target-s390x: Unregister reset callback on finalization
s390x: fix indentation
s390: Add CPU reset handler
s390x: Remove inline function ebcdic_put and related data from cpu.h
S390: Enable -cpu help and QMP query-cpu-definitions
s390: Move IPL code into a separate device
s390: new contributions GPLv2 or later
Stefan Weil [Tue, 1 Jan 2013 08:24:55 +0000 (08:24 +0000)]
s390x: Remove inline function ebcdic_put and related data from cpu.h
The function is only used in misc_helper.c, so move it to that file.
This reduces the size of debug executables (compiled without optimization)
because they get unused code and data for each compilation which includes
cpu.h.
Executables with optimization don't change their size.
ebcdic2ascii is currently unused and could be removed (not done here).
The array ascii2ebcdic must be accessed with an unsigned index, therefore
(int)ascii[i] was replaced by (uint8_t)ascii[i]. The old code would have
failed for a signed char less than 0. The current code only converts
"QEMU" and spaces to EBCDIC, so there is no problem today.
S390: Enable -cpu help and QMP query-cpu-definitions
This enables qemu -cpu help to return a list of supported CPU models
on s390 and also to query for cpu definitions in the monitor.
Initially only cpu model = host is returned. This needs to be reworked
into a full-fledged CPU model handling later on.
This change is needed to allow libvirt exploiters (like OpenStack)
to specify a CPU model.
Lets move the code to setup IPL for external kernel
or via the zipl rom into a separate file. This allows to
- define a reboot handler, setting up the PSW appropriately
- enhance the boot code to IPL disks that contain a bootmap that
was created with zipl under LPAR or z/VM (future patch)
- reuse that code for several machines (e.g. virtio-ccw and virtio-s390)
- allow different machines to provide different defaults
Signed-off-by: Christian Borntraeger <[email protected]> Signed-off-by: Jens Freimann <[email protected]>
[agraf: symbolify initial psw, adjust header file location, fix for QOM] Signed-off-by: Alexander Graf <[email protected]>
IBMs s390 contributions were meant to to be gplv2 or later (since
we were contributing to qemu). Several of the s390 specific files
link to gpl code anyway, so lets clarify the licence statement for
new contributions for those files that we have touched multiple
times or will likely touch again.
This patch does not touch files that mostly deal with tcg.
Alexander Graf [Thu, 17 Jan 2013 10:32:21 +0000 (11:32 +0100)]
openpic: export e500 epr enable into a ppc.c function
Enabling and disabling the EPR capability (mpic_proxy) is a system
wide operation. As such, it belongs into the ppc.c file, since that's
where PPC specific machine wide logic happens.
Alexander Graf [Wed, 16 Jan 2013 00:43:43 +0000 (01:43 +0100)]
PPC: Provide zero SVR for -cpu e500mc and e5500
Even though our -cpu types for e500mc and e5500 are no real CPUs that
actually have version registers, a guest might still want to access
said version register and that has to succeed for a guest to be happy.
So let's expose a zero SVR value on E500_SVR SPR reads.
projects / qemu.git / log