Paolo Bonzini [Tue, 10 Jan 2017 10:54:52 +0000 (11:54 +0100)]
event_notifier: cleanups around event_notifier_set_handler
Remove the useless is_external argument. Since the iohandler
AioContext is never used for block devices, aio_disable_external
is never called on it. This lets us remove stubs/iohandler.c.
Eduardo Habkost [Mon, 12 Dec 2016 18:31:01 +0000 (16:31 -0200)]
qom: Make all interface types abstract
"qom-list-types abstract=false" currently returns all interface
types, as if they were not abstract. Fix this by making sure all
interface types are abstract.
All interface types have instance_size == 0, so we can use
it to set abstract=true on type_initialize().
Paolo Bonzini [Mon, 2 Jan 2017 10:03:33 +0000 (11:03 +0100)]
megasas: fix guest-triggered memory leak
If the guest sets the sglist size to a value >=2GB, megasas_handle_dcmd
will return MFI_STAT_MEMORY_NOT_AVAILABLE without freeing the memory.
Avoid this by returning only the status from map_dcmd, and loading
cmd->iov_size in the caller.
hangaohuai [Mon, 19 Dec 2016 06:03:36 +0000 (14:03 +0800)]
bugfix: vm halt when in reset looping
reset mc146818rtc device when RESET event happens.
Fix the problem:
1. Guest boot the second cpu, set CMOS_RESET_CODE 0x0a to protect selfboot;
2. VM being reset by others, hmp_system_reset;
3. seabios resume check the CMOS_RESET_CODE, if 0x0a, jump to the BDA
resume execution by jump via 40h:0067h;
4. Guest halt;
Peter Maydell [Mon, 16 Jan 2017 12:41:35 +0000 (12:41 +0000)]
Merge remote-tracking branch 'remotes/vivier/tags/m68k-for-2.9-pull-request' into staging
# gpg: Signature made Sat 14 Jan 2017 09:06:31 GMT
# gpg: using RSA key 0xF30C38BD3F2FBE3C
# gpg: Good signature from "Laurent Vivier <[email protected]>"
# gpg: aka "Laurent Vivier <[email protected]>"
# gpg: aka "Laurent Vivier (Red Hat) <[email protected]>"
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F 5173 F30C 38BD 3F2F BE3C
* remotes/vivier/tags/m68k-for-2.9-pull-request:
target-m68k: increment/decrement with SP
target-m68k: CAS doesn't need aligned access
target-m68k: manage pre-dec et post-inc in CAS
target-m68k: fix gen_flush_flags()
target-m68k: fix bit operation with immediate value
m68k: Remove PCI and USB from config file
target-m68k: Implement bfffo
target-m68k: Implement bitfield ops for memory
target-m68k: Implement bitfield ops for registers
* remotes/rth/tags/pull-tcg-20170113:
tcg/aarch64: Fix tcg_out_movi
tcg/aarch64: Fix addsub2 for 0+C
target/arm: Fix ubfx et al for aarch64
tcg/s390: Fix merge error with facilities
Laurent Vivier [Fri, 13 Jan 2017 18:36:30 +0000 (19:36 +0100)]
target-m68k: fix gen_flush_flags()
gen_flush_flags() is setting unconditionally cc_op_synced to 1
and s->cc_op to CC_OP_FLAGS, whereas env->cc_op can be set
to something else by a previous tcg fragment.
We fix that by not setting cc_op_synced to 1
(except for gen_helper_flush_flags() that updates env->cc_op)
Thomas Huth [Fri, 6 Jan 2017 07:39:56 +0000 (08:39 +0100)]
m68k: Remove PCI and USB from config file
None of the ColdFire boards that we currently support has a PCI or
USB bus (and AFAIK the upcoming q800 machine does not support PCI
and USB either), so we do not need these settings the config file.
There were some patterns, like 0x0000_ffff_ffff_00ff, for which we
would select to begin a multi-insn sequence with MOVN, but would
fail to set the 0x0000 lane back from 0xffff.
Peter Maydell [Fri, 13 Jan 2017 14:38:21 +0000 (14:38 +0000)]
Merge remote-tracking branch 'remotes/ehabkost/tags/x86-and-machine-pull-request' into staging
x86 and machine queue, 2017-01-17
Includes i386, CPU, NUMA, and memory backends changes.
i386:
target/i386: Fix bad patch application to translate.c
CPU:
qmp: Report QOM type name on query-cpu-definitions
NUMA:
numa: make -numa parser dynamically allocate CPUs masks
Memory backends:
qom: remove unused header
monitor: reuse user_creatable_add_opts() instead of user_creatable_add()
monitor: fix qmp/hmp query-memdev not reporting IDs of memory backends
# gpg: Signature made Thu 12 Jan 2017 17:53:11 GMT
# gpg: using RSA key 0x2807936F984DC5A6
# gpg: Good signature from "Eduardo Habkost <[email protected]>"
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF D1AA 2807 936F 984D C5A6
* remotes/ehabkost/tags/x86-and-machine-pull-request:
qmp: Report QOM type name on query-cpu-definitions
numa: make -numa parser dynamically allocate CPUs masks
target/i386: Fix bad patch application to translate.c
monitor: fix qmp/hmp query-memdev not reporting IDs of memory backends
monitor: reuse user_creatable_add_opts() instead of user_creatable_add()
qom: remove unused header
* remotes/kraxel/tags/pull-vga-20170111-1:
virtio-gpu: tag as not hotpluggable
virtio-gpu: Fix memory leak in virtio_gpu_load()
virtio-gpu: Recalculate VirtIOGPU::hostmem on VM load
display: cirrus: ignore source pitch value as needed in blit_is_unsafe
virtio-gpu: fix information leak in capset get dispatch
Eduardo Habkost [Wed, 16 Nov 2016 18:21:39 +0000 (16:21 -0200)]
qmp: Report QOM type name on query-cpu-definitions
The new typename attribute on query-cpu-definitions will be used
to help management software use device-list-properties to check
which properties can be set using -cpu or -global for the CPU
model.
Igor Mammedov [Tue, 10 Jan 2017 12:53:15 +0000 (13:53 +0100)]
monitor: fix qmp/hmp query-memdev not reporting IDs of memory backends
Considering 'id' is mandatory for user_creatable objects/backends
and user_creatable_add_type() always has it as an argument
regardless of where from it is called CLI/monitor or QMP,
Fix issue by adding 'id' property to hostmem backends and
set it in user_creatable_add_type() for every object that
implements 'id' property. Then later at query-memdev time
get 'id' from object directly.
Igor Mammedov [Tue, 10 Jan 2017 12:53:14 +0000 (13:53 +0100)]
monitor: reuse user_creatable_add_opts() instead of user_creatable_add()
Simplify code by dropping ~57LOC by merging user_creatable_add()
into user_creatable_add_opts() and using the later from monitor.
Along with it allocate opts_visitor_new() once in user_creatable_add_opts().
As result we have one less API func and a more readable/simple
user_creatable_add_opts() vs user_creatable_add().
* remotes/rth/tags/pull-tcg-20170110: (65 commits)
tcg/i386: Handle ctpop opcode
tcg/ppc: Handle ctpop opcode
tcg: Use ctpop to generate ctz if needed
tests: New test-bitcnt
qemu/host-utils.h: Reduce the operation count in the fallback ctpop
target-i386: Use ctpop helper
target-tilegx: Use ctpop helper
target-sparc: Use ctpop helper
target-s390x: Avoid a loop for popcnt
target-ppc: Use ctpop helper
target-alpha: Use ctpop helper
tcg: Add opcode for ctpop
target-xtensa: Use clrsb helper
target-tricore: Use clrsb helper
target-arm: Use clrsb helper
tcg: Add helpers for clrsb
tcg/i386: Rely on undefined/undocumented behaviour of BSF/BSR
tcg/i386: Handle ctz and clz opcodes
tcg/i386: Allow bmi2 shiftx to have non-matching operands
tcg/i386: Hoist common arguments in tcg_out_op
...
Greg Kurz [Wed, 11 Jan 2017 08:49:32 +0000 (09:49 +0100)]
libqtest: handle zero length memwrite/memread
Some recently added tests pass a zero length to qtest_memwrite().
Unfortunately, the qtest protocol doesn't implement an on-the-wire
syntax for zero-length writes and the current code happily sends
garbage to QEMU. This causes intermittent failures.
It isn't worth the pain to enhance the protocol, so this patch
simply fixes the issue by "just return, doing nothing". The same
fix is applied to qtest_memread() since the issue also exists in
the QEMU part of the "memread" command.
Alex Bennée [Mon, 7 Nov 2016 14:41:09 +0000 (14:41 +0000)]
travis: add Trusty with clang stable build
Although we've reduced the matrix to avoid repeating clang builds we can
still add an additional clang build to use the latest stable version of
clang which will typically be available on current distros.
We test with both gcc and clang in order to detect cases
where clang issues warnings that gcc misses. To achieve
this though we don't need to build QEMU in multiple
different configurations. Just a single clang-on-linux
build will be sufficient, if we have an "all enabled"
config.
This cuts the number of build jobs from 21 to 16,
reducing the load imposed on shared Travis CI infra.
This will make it practical to enable jobs for other
interesting & useful configurations without DOS'ing
Travis to much.
Peter Maydell [Mon, 9 Jan 2017 13:38:43 +0000 (13:38 +0000)]
virtio-gpu: Fix memory leak in virtio_gpu_load()
Coverity points out that if we fail in the "creating resources"
loop in virtio_gpu_load() we will leak various resources (CID 1356431).
Failing a VM load is going to leave the simulation in a complete mess,
but we can tidy up to the point that a full system reset should
get us back to sanity.
Peter Maydell [Mon, 9 Jan 2017 13:38:42 +0000 (13:38 +0000)]
virtio-gpu: Recalculate VirtIOGPU::hostmem on VM load
The 'hostmem' field in VirtIOGPU is used to track the total memory
used in pixmaps so that we can impose a maximum limit on it.
However this field is neither migrated nor recalculated on
VM load, which means that after a migration it will be incorrectly
too low, which can allow the guest to use more pixmap memory
than it should. The per-resource hostmem fields are not filled
in either as we reallocate them in the load function.
Recalculate the memory used for each pixmap and the total memory
used as we reallocate the pixmaps in virtio_gpu_load().
Bruce Rogers [Mon, 9 Jan 2017 20:35:20 +0000 (13:35 -0700)]
display: cirrus: ignore source pitch value as needed in blit_is_unsafe
Commit 4299b90 added a check which is too broad, given that the source
pitch value is not required to be initialized for solid fill operations.
This patch refines the blit_is_unsafe() check to ignore source pitch in
that case. After applying the above commit as a security patch, we
noticed the SLES 11 SP4 guest gui failed to initialize properly.
Li Qiang [Tue, 1 Nov 2016 12:37:57 +0000 (05:37 -0700)]
virtio-gpu: fix information leak in capset get dispatch
In virgl_cmd_get_capset function, it uses g_malloc to allocate
a response struct to the guest. As the 'resp'struct hasn't been full
initialized it will lead the 'resp->padding' field to the guest.
Use g_malloc0 to avoid this.
Alex Bennée [Fri, 9 Dec 2016 14:36:00 +0000 (14:36 +0000)]
tests: New test-bitcnt
Add some unit tests for bit count functions (currently only ctpop). As
the routines are based on the Hackers Delight optimisations I based
the test patterns on their tests.
The number of actual invocations of ctpop itself does not warrent
an opcode, but it is very helpful for POWER7 to use in generating
an expansion for ctz.
tcg/i386: Rely on undefined/undocumented behaviour of BSF/BSR
The ISA manual documents the output is undefined if the input was zero.
However, we document in target-i386 that the behavior of real silicon
is to preserve the contents of the output register. We also mention
that there are real applications that depend on this. That this is
baked into silicon is mentioned as a potential cause for some false
sharing behaviour wrt lzcnt/tzcnt.
Taking advantage of this allows us to save 2 insns in the normal case,
and 4 insns for i686 emulating a 64-bit clz.
projects / qemu.git / log