aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2013-04-08hw: move headers to include/Paolo Bonzini511-830/+829
Many of these should be cleaned up with proper qdev-/QOM-ification. Right now there are many catch-all headers in include/hw/ARCH depending on cpu.h, and this makes it necessary to compile these files per-target. However, fixing this does not belong in these patches. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-04-08build: enable using $(CONFIG_FOO) on the rhs of config filesPaolo Bonzini1-1/+4
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-04-06Merge branch 'arm-devs.next' of git://git.linaro.org/people/pmaydell/qemu-armBlue Swirl13-125/+137
* 'arm-devs.next' of git://git.linaro.org/people/pmaydell/qemu-arm: hw/nand.c: Fix nand erase operation cadence_uart: Flush queued characters on reset pl330: Don't inhibit ES bits on INTEN pflash_cfi01: Implement migration support pflash_cfi01: Drop unused 'bypass' field hw/arm_gic_common: Use vmstate struct rather than save/load functions arm_gic: Fix sizes of state fields in preparation for vmstate support vmstate: Add support for two dimensional arrays hw/onenand.c: fix migration of dynamically allocated buffer "otp" hw/sd.c: fix migration of dynamically allocated buffer "buf" vmstate.h: introduce VMSTATE_BUFFER_POINTER_UNSAFE macro hw/arm_mptimer: Save the timer state pl050: Don't send always-constant is_mouse field hw/arm/nseries: don't print to stdout or stderr
2013-04-05main-loop: drop the BQL if the I/O appears to be spinningAnthony Liguori1-0/+25
The char-flow refactoring introduced a busy-wait that depended on an action from the VCPU thread. However, the VCPU thread could never take that action because the busy-wait starved the VCPU thread of the BQL because it never dropped the mutex while running select. Paolo doesn't want to drop this optimization for fear that we will stop detecting these busy waits. I'm afraid to keep this optimization even with the busy-wait fixed because I think a similar problem can occur just with heavy I/O thread load manifesting itself as VCPU pauses. As a compromise, introduce an artificial timeout after a thousand iterations but print a rate limited warning when this happens. This let's us still detect when this condition occurs without it being a fatal error. Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> Message-id: 1365169560-11012-1-git-send-email-aliguori@us.ibm.com
2013-04-05qemu-char: eliminate busy waiting on can_read returning zeroPaolo Bonzini1-43/+19
The character backend refactoring introduced an undesirable busy wait. The busy wait happens if can_read returns zero and there is data available on the character device's file descriptor. Then, the I/O watch will fire continuously and, with TCG, the CPU thread will never run. 1) Char backend asks front end if it can write 2) Front end says no 3) poll() finds the char backend's descriptor is available 4) Goto (1) What we really want is this (note that step 3 avoids the busy wait): 1) Char backend asks front end if it can write 2) Front end says no 3) poll() goes on without char backend's descriptor 4) Goto (1) until qemu_chr_accept_input() called 5) Char backend asks front end if it can write 6) Front end says yes 7) poll() finds the char backend's descriptor is available 8) Backend handler called After this patch, the IOWatchPoll source and the watch source are separated. The IOWatchPoll is simply a hook that runs during the prepare phase on each main loop iteration. The hook adds/removes the actual source depending on the return value from can_read. A simple reproducer is qemu-system-i386 -serial mon:stdio ... followed by banging on the terminal as much as you can. :) Without this patch, emulation will hang. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Message-id: 1365177573-11817-1-git-send-email-pbonzini@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-04-05Merge remote-tracking branch 'stefanha/trivial-patches' into stagingAnthony Liguori5-6/+15
# By Peter Crosthwaite (2) and others # Via Stefan Hajnoczi * stefanha/trivial-patches: xilinx_zynq: Cleanup ssi_create_slave petalogix_ml605_mmu: Cleanup ssi_create_slave() target-s390: Fix SRNMT linux-user: Don't omit comma for strace of rt_sigaction() test-visitor-serialization: Fix some memory leaks
2013-04-05Merge remote-tracking branch 'sstabellini/xen-2013-04-05' into stagingAnthony Liguori3-35/+58
# By Alex Bligh (2) and Felipe Franciosi (2) # Via Stefano Stabellini * sstabellini/xen-2013-04-05: Allow xen guests to plug disks of 1 TiB or more Introduce 64 bit integer write interface to xenstore Xen PV backend: Disable use of O_DIRECT by default as it results in crashes. Xen PV backend: Move call to bdrv_new from blk_init to blk_connect
2013-04-05Merge remote-tracking branch 'kwolf/for-anthony' into stagingAnthony Liguori8-47/+46
# By Stefan Hajnoczi (4) and Kevin Wolf (3) # Via Kevin Wolf * kwolf/for-anthony: qcow2: Fix L1 write error handling in qcow2_update_snapshot_refcount qcow2: Return real error in qcow2_update_snapshot_refcount block: clean up I/O throttling wait_time code block: drop duplicated slice extension code block: keep I/O throttling slice time constant block: fix I/O throttling accounting blind spot usb-storage: Forward serial number to scsi-disk
2013-04-05qcow2: Fix L1 write error handling in qcow2_update_snapshot_refcountKevin Wolf1-6/+8
It ignored the error code, and at least the 'goto fail' is obvious nonsense as it creates an endless loop (if the next attempt doesn't magically succeed) and leaves the in-memory L1 table in big-endian instead of converting it back. In error cases, there's no point in writing an updated L1 table, so skip this part for them. Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2013-04-05qcow2: Return real error in qcow2_update_snapshot_refcountKevin Wolf1-6/+5
This fixes the error message triggered by the following script: cat > /tmp/blkdebug.cfg <<EOF [inject-error] event = "cluster_free" errno = "28" immediately = "off" EOF $qemu_img create -f qcow2 test.qcow2 10G $qemu_img snapshot -c snap test.qcow2 $qemu_img snapshot -d snap blkdebug:/tmp/blkdebug.cfg:test.qcow2 Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2013-04-05block: clean up I/O throttling wait_time codeStefan Hajnoczi1-3/+3
The wait_time variable is in seconds. Reflect this in a comment and use NANOSECONDS_PER_SECOND instead of BLOCK_IO_SLICE_TIME * 10 (which happens to have the right value). Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Tested-By: Benoit Canet <benoit@irqsave.net> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2013-04-05block: drop duplicated slice extension codeStefan Hajnoczi1-4/+1
The current slice is extended when an I/O request exceeds the limit. There is no need to extend the slice every time we check a request. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Tested-By: Benoit Canet <benoit@irqsave.net> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2013-04-05block: keep I/O throttling slice time constantStefan Hajnoczi3-12/+9
It is not necessary to adjust the slice time at runtime. We already extend the current slice in order to carry over accounting into the next slice. Changing the actual slice time value introduces oscillations. The guest may experience large changes in throughput or IOPS from one moment to the next when slice times are adjusted. Reported-by: Benoît Canet <benoit@irqsave.net> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Tested-By: Benoit Canet <benoit@irqsave.net> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2013-04-05block: fix I/O throttling accounting blind spotStefan Hajnoczi2-12/+11
I/O throttling relies on bdrv_acct_done() which is called when a request completes. This leaves a blind spot since we only charge for completed requests, not submitted requests. For example, if there is 1 operation remaining in this time slice the guest could submit 3 operations and they will all be submitted successfully since they don't actually get accounted for until they complete. Originally we probably thought this is okay since the requests will be accounted when the time slice is extended. In practice it causes fluctuations since the guest can exceed its I/O limit and it will be punished for this later on. Account for I/O upon submission so that I/O limits are enforced properly. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Tested-By: Benoit Canet <benoit@irqsave.net> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2013-04-05usb-storage: Forward serial number to scsi-diskKevin Wolf4-5/+10
usb-storage takes care to fetch the USB serial number from -drive options, but it neglected to pass its own 'serial' property to the scsi-disk it creates. With this patch, the 'serial' qdev property and the 'serial' option in -drive behave the same and correctly apply the serial number on both USB and SCSI level. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com>
2013-04-05hw/nand.c: Fix nand erase operationWendy Liang1-0/+1
Usually, nand erase operation has only 2 or 3 address cycles. We need to mask s->addr to zero unset stale high-order bytes in the nand address before using it as the erase address. This fixes the NAND erase operation in Linux. [PC: Generalised to work for any number of address cycles rather than just 3] Signed-off-by: Wendy Liang <jliang@xilinx.com> Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Message-id: 1364967188-26711-1-git-send-email-peter.crosthwaite@xilinx.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2013-04-05cadence_uart: Flush queued characters on resetPeter Crosthwaite1-0/+1
Reset can be used to empty the rx-fifo. As the fifo full condition is used to return false from can_receive, queued rx data should be flushed on reset accordingly. Cc: Wendy Liang <jliang@xilinx.com> Cc: Jason Wu <huanyu@xilinx.com> Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Reported-by: Jason Wu <huanyu@xilinx.com> Message-id: 494c1e005e225c915d295ddfd75d992ad2dabc3c.1364964526.git.peter.crosthwaite@xilinx.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2013-04-05pl330: Don't inhibit ES bits on INTENPeter Crosthwaite1-2/+1
This if-else logic inhibits setting of the event status (ES) bits when interrupts are enabled. This is incorrect. ES should be set regardless on INTEN state. INTEN only inhibits the signalling of events to PL330 threads, not setting of the ES register. Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2013-04-05Allow xen guests to plug disks of 1 TiB or moreFelipe Franciosi1-2/+2
The current xen backend driver implementation uses int64_t variables to store the size of the corresponding backend disk/file. It also uses an int64_t variable to store the block size of that image. When writing the number of sectors (file_size/block_size) to xenstore, however, it passes these values as 32 bit signed integers. This will cause an overflow for any disk of 1 TiB or more. This patch changes the xen backend driver to use a 64 bit integer write xenstore function. Signed-off-by: Felipe Franciosi <felipe@paradoxo.org> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2013-04-05Introduce 64 bit integer write interface to xenstoreFelipe Franciosi2-1/+16
The current implementation of xen_backend only provides 32 bit integer functions to write to xenstore. This patch adds two functions that allow writing 64 bit integers (one generic function and another for the backend only). This patch also fixes the size of the char arrays used to represent these integers as strings (originally 32 bytes, however no more than 12 bytes are needed for 32 bit integers and no more than 21 bytes are needed for 64 bit integers). Signed-off-by: Felipe Franciosi <felipe@paradoxo.org> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2013-04-05Xen PV backend: Disable use of O_DIRECT by default as it results in crashes.Alex Bligh1-1/+1
Due to what is almost certainly a kernel bug, writes with O_DIRECT may continue to reference the page after the write has been marked as completed, particularly in the case of TCP retransmit. In other scenarios, this "merely" risks data corruption on the write, but with Xen pages from domU are only transiently mapped into dom0's memory, resulting in kernel panics when they are subsequently accessed. This brings PV devices in line with emulated devices. Removing O_DIRECT is safe as barrier operations are now correctly passed through. See: http://lists.xen.org/archives/html/xen-devel/2012-12/msg01154.html for more details. Signed-off-by: Alex Bligh <alex@alex.org.uk> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2013-04-05Xen PV backend: Move call to bdrv_new from blk_init to blk_connectAlex Bligh1-32/+40
This commit delays the point at which bdrv_new (and hence blk_open on the underlying device) is called from blk_init to blk_connect. This ensures that in an inbound live migrate, the block device is not opened until it has been closed at the other end. This is in preparation for supporting devices with open/close consistency without using O_DIRECT. This commit does NOT itself change O_DIRECT semantics. Signed-off-by: Alex Bligh <alex@alex.org.uk> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2013-04-05pflash_cfi01: Implement migration supportPeter Maydell1-3/+17
Add a vmstate to pflash_cfi01, so that it can be live migrated. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1363717469-30980-3-git-send-email-peter.maydell@linaro.org
2013-04-05pflash_cfi01: Drop unused 'bypass' fieldPeter Maydell1-8/+2
For pflash_cfi01 the 'bypass' field is set to zero and never changes, so remove it (it is a leftover from pflash_cfi02, where bypass is implemented). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1363717469-30980-2-git-send-email-peter.maydell@linaro.org
2013-04-05hw/arm_gic_common: Use vmstate struct rather than save/load functionsPeter Maydell1-67/+41
Update the GIC save/restore to use vmstate rather than hand-rolled save/load functions. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Igor Mitsyanko <i.mitsyanko@gmail.com> Message-id: 1363975375-3166-4-git-send-email-peter.maydell@linaro.org
2013-04-05arm_gic: Fix sizes of state fields in preparation for vmstate supportPeter Maydell3-25/+25
In preparation for switching to vmstate for migration support, fix the sizes of various GIC state fields. In particular, we replace all the bitfields (which VMState can't deal with) with straightforward uint8_t values which we do bit operations on. (The bitfields made more sense when NCPU was set differently in different situations, but we now always model at the architectural limit of 8.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Igor Mitsyanko <i.mitsyanko@gmail.com> Reviewed-by: Andreas Färber <afaerber@suse.de> Message-id: 1363975375-3166-3-git-send-email-peter.maydell@linaro.org
2013-04-05vmstate: Add support for two dimensional arraysPeter Maydell1-0/+27
Add support for migrating two dimensional arrays, by defining a set of new macros VMSTATE_*_2DARRAY paralleling the existing VMSTATE_*_ARRAY macros. 2D arrays are handled the same for actual state serialization; the only difference is that the type check has to change for a 2D array. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Igor Mitsyanko <i.mitsyanko@gmail.com> Message-id: 1363975375-3166-2-git-send-email-peter.maydell@linaro.org
2013-04-05hw/onenand.c: fix migration of dynamically allocated buffer "otp"Igor Mitsyanko1-1/+2
VMSTATE_BUFFER_UNSAFE should be used for buffers inlined in device state, not for buffers allocated dynamically. Change to VMSTATE_BUFFER_POINTER_UNSAFE macro, which will do migration right. Signed-off-by: Igor Mitsyanko <i.mitsyanko@gmail.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1362923278-4080-4-git-send-email-i.mitsyanko@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2013-04-05hw/sd.c: fix migration of dynamically allocated buffer "buf"Igor Mitsyanko1-1/+1
VMSTATE_BUFFER_UNSAFE should be used for buffers inlined in device state, not for buffers allocated dynamically. Change to VMSTATE_BUFFER_POINTER_UNSAFE macro, which will do migration right. Signed-off-by: Igor Mitsyanko <i.mitsyanko@gmail.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Tested-by: Michael Walle <michael@walle.cc> Message-id: 1362923278-4080-3-git-send-email-i.mitsyanko@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2013-04-05vmstate.h: introduce VMSTATE_BUFFER_POINTER_UNSAFE macroIgor Mitsyanko1-0/+9
Macro could be used to migrate a dynamically allocated buffer of known size. Signed-off-by: Igor Mitsyanko <i.mitsyanko@gmail.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1362923278-4080-2-git-send-email-i.mitsyanko@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2013-04-05hw/arm_mptimer: Save the timer statePeter Maydell1-2/+3
Add a missing VMSTATE_TIMER() entry to the arm_mptimer vmstate description; this omission meant that we would probably hang on reload when the timer failed to fire. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Message-id: 1363967348-3044-1-git-send-email-peter.maydell@linaro.org
2013-04-05pl050: Don't send always-constant is_mouse fieldPeter Maydell1-3/+2
The is_mouse field of the pl050 state structure is constant (it tracks whether this is a 'pl050_keyboard' or 'pl050_mouse'), so there's no need to include it in the VMState structure. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1363628480-29306-1-git-send-email-peter.maydell@linaro.org
2013-04-05hw/arm/nseries: don't print to stdout or stderrPeter Maydell1-13/+5
Remove various bits of printing to stdout or stderr from the nseries code, replacing it with a qemu log message where there's an appropriate log category, and just dropping the output for some of the more debug-like printing. In particular, this will get rid of the 'mipid_reset' message you currently get from 'make check'. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Andreas Färber <afaerber@suse.de> Message-id: 1363368565-24546-1-git-send-email-peter.maydell@linaro.org
2013-04-05Merge remote-tracking branch 'luiz/queue/qmp' into stagingAnthony Liguori4-89/+44
# By Luiz Capitulino # Via Luiz Capitulino * luiz/queue/qmp: chardev: drop the Memory chardev driver hmp: human-monitor-command: stop using the Memory chardev driver Monitor: Make output buffer dynamic qstring: add qstring_get_length()
2013-04-05xilinx_zynq: Cleanup ssi_create_slavePeter Crosthwaite1-2/+1
With the recent m25p80 cleanup there is no need to use ssi_create_slave_no_init() anymore. Just use ssi_create_slave(). Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-04-05petalogix_ml605_mmu: Cleanup ssi_create_slave()Peter Crosthwaite1-2/+1
With the recent m25p80 cleanup there is no need to use ssi_create_slave_no_init() anymore. Just use ssi_create_slave(). Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-04-05target-s390: Fix SRNMTRichard Henderson1-0/+1
Fallthough into abort = oops. Cc: qemu-trivial@nongnu.org Cc: Alexander Graf <agraf@suse.de> Signed-off-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-04-05chardev: drop the Memory chardev driverLuiz Capitulino1-64/+0
It's not used anymore since the last commit. Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com>
2013-04-05hmp: human-monitor-command: stop using the Memory chardev driverLuiz Capitulino1-9/+8
The Memory chardev driver was added because, as the Monitor's output buffer was static, we needed a way to accumulate the output of an HMP commmand when ran by human-monitor-command. However, the Monitor's output buffer is now dynamic, so it's possible for the human-monitor-command to use it instead of the Memory chardev driver. This commit does that change, but there are two important observations about it: 1. We need a way to signal to the Monitor that it shouldn't call chardev functions when flushing its output. This is done by adding a new flag to the Monitor object called skip_flush (which is set to true by qmp_human_monitor_command()) 2. The current code has buffered semantics: QMP clients will only see a command's output if it flushes its output with a new-line character. This commit changes this to unbuffered, which means that QMP clients will see a command's output whenever the command prints anything. I don't think this will matter in practice though, as I believe all HMP commands print the new-line character anyway. Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com>
2013-04-05Monitor: Make output buffer dynamicLuiz Capitulino1-17/+28
Commit f628926bb423fa8a7e0b114511400ea9df38b76a changed monitor_flush() to retry on qemu_chr_fe_write() errors. However, the Monitor's output buffer can keep growing while the retry is not issued and this can cause the buffer to overflow. To reproduce this issue, just start qemu and type on the Monitor: (qemu) ? This will cause an assertion to trig. To fix this problem this commit makes the Monitor buffer dynamic, which means that it can grow as much as needed. Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com>
2013-04-05qstring: add qstring_get_length()Luiz Capitulino2-0/+9
Long overdue. Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com>
2013-04-05linux-user: Don't omit comma for strace of rt_sigaction()Peter Maydell1-1/+1
Pass the 'last' parameter of print_signal() through to print_raw_param(); this fixes a problem where we weren't printing the comma separator for strace of rt_sigaction() when the signal was an unnamed (ie realtime) one: 6856 rt_sigaction(230xf6fff870,0xf6fff8fc) = 0 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-04-05test-visitor-serialization: Fix some memory leaksStefan Berger1-1/+11
This patch fixes some of the memory leaks in test-visitor-serialization but not all of them. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-04-04Allow clock_gettime() monotonic clock to be utilized on more OS'sBrad Smith2-5/+2
Allow the clock_gettime() code using monotonic clock to be utilized on more POSIX compliannt OS's. This started as a fix for OpenBSD which was listed in one function as part of the previous hard coded list of OS's for the functions to support but not in the other. Signed-off-by: Brad Smith <brad@comstyle.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Message-id: 20130405003748.GH884@rox.home.comstyle.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-04-04pc_acpi_init(): don't bail as soon as failing to find default DSDTLaszlo Ersek1-16/+17
Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Anthony Liguori <aliguori@us.ibm.com> Message-id: 1363821803-3380-11-git-send-email-lersek@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-04-04Introduce IO_APIC_DEFAULT_ADDRESS for 0xfec00000Laszlo Ersek1-1/+3
Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Anthony Liguori <aliguori@us.ibm.com> Message-id: 1363821803-3380-10-git-send-email-lersek@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-04-04extract/unify the constant 0xfee00000 as APIC_DEFAULT_ADDRESSLaszlo Ersek4-6/+4
A common dependency of the constant's current users: - hw/apic_common.c - hw/i386/kvmvapic.c - target-i386/cpu.c is "target-i386/cpu.h". Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Anthony Liguori <aliguori@us.ibm.com> Message-id: 1363821803-3380-9-git-send-email-lersek@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-04-04like acpi_table_install(), acpi_table_add() should propagate ErrorsLaszlo Ersek4-12/+16
Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Anthony Liguori <aliguori@us.ibm.com> Message-id: 1363821803-3380-8-git-send-email-lersek@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-04-04acpi_table_add(): extract and reimplement internalsLaszlo Ersek1-121/+163
The new function acpi_table_install() installs any blob the caller passes in. In the next patches this function will be promoted from helper role to extern. Reimplementing the logic should make it easier to understand. It also removes a buffer overflow when has_header && cumulative_file_size < ACPI_TABLE_HDR_SIZE - ACPI_TABLE_PFX_SIZE (In that case the g_realloc() call in the read() loop used to shrink the "acpi_tables" array, causing an out-of-bounds read access when copying the header out of "acpi_tables".) The new code isn't more daring alignment-wise than its predecessor: "acpi_table_header" is packed, and the uint32_t fields are at offsets 6, 26, and 34. Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Anthony Liguori <aliguori@us.ibm.com> Message-id: 1363821803-3380-7-git-send-email-lersek@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-04-04acpi_table_add(): accept QemuOpts and parse it with OptsVisitorLaszlo Ersek6-63/+98
As one consequence, strtok() -- which modifies its argument -- is replaced with g_strsplit(). Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Anthony Liguori <aliguori@us.ibm.com> Message-id: 1363821803-3380-6-git-send-email-lersek@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>