aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2015-11-10target-arm: Fix gdb singlestep handling in arm_debug_excp_handler()Sergey Fedorov1-1/+7
Do not raise a CPU exception if no CPU breakpoint has fired, since singlestep is also done by generating a debug internal exception. This fixes a bug with singlestepping in gdbstub. Signed-off-by: Sergey Fedorov <serge.fdrv@gmail.com> Message-id: 1446726361-18328-1-git-send-email-serge.fdrv@gmail.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-11-10Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2015-11-10' into ↵Peter Maydell14-438/+276
staging QAPI patches # gpg: Signature made Tue 10 Nov 2015 07:12:25 GMT using RSA key ID EB918653 # gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" # gpg: aka "Markus Armbruster <armbru@pond.sub.org>" * remotes/armbru/tags/pull-qapi-2015-11-10: qapi-introspect: Document lack of sorting qapi: Provide nicer array names in introspection qapi: More tests of input arrays qapi: Test failure in middle of array parse qapi: More tests of alternate output qapi: Simplify error cleanup in test-qmp-* qapi: Simplify non-error testing in test-qmp-* qapi: Plug leaks in test-qmp-* qapi: Share test_init code in test-qmp-input* qobject: Protect against use-after-free in qobject_decref() qapi: Strengthen test of TestStructList qapi: Use generated TestStruct machinery in tests Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-11-10qapi-introspect: Document lack of sortingEric Blake2-9/+27
qapi-code-gen.txt already claims that types, commands, and events share a common namespace; set this in stone by further documenting that our introspection output will never have collisions with the same name tied to more than one meta-type. Our largest QMP enum currently has 125 values, our largest object type has 27 members, and the mean for each is less than 10. These sizes are small enough that the per-element overhead of O(log n) binary searching probably outweighs the speed possible with direct O(n) linear searching (a better algorithm with more overhead will only beat a leaner naive algorithm only as you scale to larger input sizes). Arguably, the overall SchemaInfo array could be sorted by name; there, we currently have 531 entities, large enough for a binary search to be faster than linear. However, remember that we have mutually-recursive types, which means there is no topological ordering that will allow clients to learn all information about that type in a single linear pass; thus clients will want to do random access over the data, and they will probably read the introspection output into a hashtable for O(1) lookup rather than O(log n) binary searching, at which point, pre-sorting our introspection output doesn't help the client. It doesn't help that sorting can be subjective if you introduce locales into the mix (I'm not experienced enough with Python to know for sure, but at least it looks like it defaults to sorting in the C locale even when run under a different locale). And while our current introspection output is deterministic (because we visit entities in a sorted order), we may want to change that order in the future (such as using OrderedDict to stick to .json declaration order). For these reasons, we simply document that clients should not rely on any particular order of items in introspection output. And since it is now a documented part of the contract, we have the freedom to later rearrange output if needed, without worrying about breaking well-written clients. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1446791754-23823-13-git-send-email-eblake@redhat.com> [Commit message tweaked] Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-11-10qapi: Provide nicer array names in introspectionEric Blake2-5/+10
For the sake of humans reading introspection output, it is nice to have the name of implicit array types be recognizable as arrays of the underlying type. However, while this patch allows humans to skip from a command with return type "[123]" straight to the definition of type "123" without having to first inspect type "[123]", document that this shortcut should not be taken by client apps. This makes the resulting introspection string slightly larger by default (just over 200 bytes), but it's in the noise (less than 0.3% of the overall 70k size of 'query-qmp-capabilities'). Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1446791754-23823-12-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-11-10qapi: More tests of input arraysEric Blake1-0/+52
Our testsuite had no coverage of empty arrays, nor of what happens when the input does not match the expected type. Useful to have, especially if we start changing the visitor contracts. I did not think it worth duplicating these additions to test-qmp-input-strict; since all strict mode does is add the ability to reject JSON input that has more keys than what the visitor expects, yet the additions in this patch error out earlier than that point regardless of whether strict mode was requested. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1446791754-23823-11-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-11-10qapi: Test failure in middle of array parseEric Blake2-1/+13
Our generated list visitors have the same problem as has been mentioned elsewhere (see commit 2f52e20): they allocate data even on failure. An upcoming patch will correct things to provide saner guarantees, but first we need to expose the behavior in the testsuite to ensure we aren't introducing any memory usage bugs. There are more test cases throughout the test-qmp-input-* tests that already deal with partial allocation; a later commit will clean up all visit_type_FOO(), without marking all of the tests with FIXME at this time. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1446791754-23823-10-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-11-10qapi: More tests of alternate outputEric Blake1-1/+15
The testsuite was only covering that we could output the 'int' branch of an alternate (no additional allocation/cleanup required). Add a test of the 'str' branch, to make sure that things still work even when a branch involves allocation. Update to modern style of g_new0() over g_malloc0() while touching it. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1446791754-23823-9-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-11-10qapi: Simplify error cleanup in test-qmp-*Eric Blake5-35/+31
We have several tests that perform multiple sub-actions that are expected to fail. Asserting that an error occurred, then clearing it up to prepare for the next action, turned into enough boilerplate that it was sometimes forgotten (for example, a number of tests added to test-qmp-input-visitor.c in d88f5fd leaked err). Worse, if an error is not reset to NULL, we risk invalidating later use of that error (passing a non-NULL err into a function is generally a bad idea). Encapsulate the boilerplate into a single helper function error_free_or_abort(), and consistently use it. The new function is added into error.c for use everywhere, although it is anticipated that testsuites will be the main client. Signed-off-by: Eric Blake <eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-11-09configure: Don't disable optimization for non-fortify buildsPeter Maydell1-0/+2
Commit b553a0428014636bc inadvertently disabled optimization for all non-fortify builds. Fix this bug so we only do an unoptimized build if we want debug. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1447082049-25099-1-git-send-email-peter.maydell@linaro.org
2015-11-09hw/timer/hpet.c: Avoid signed integer overflow which results in bugs on OSXPeter Maydell1-2/+2
Signed integer overflow in C is undefined behaviour, and the compiler is at liberty to assume it can never happen and optimize accordingly. In particular, the subtractions in hpet_time_after() and hpet_time_after64() were causing OSX clang to optimize the code such that it was prone to hangs and complaints about the main loop stalling (presumably because we were spending all our time trying to service very high frequency HPET timer callbacks). The clang sanitizer confirms the UB: hw/timer/hpet.c:119:26: runtime error: signed integer overflow: -2146967296 - 2147003978 cannot be represented in type 'int' Fix this by doing the subtraction as an unsigned operation and then converting to signed for the comparison. Reported-by: Aaron Elkins <threcius@yahoo.com> Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1447080991-24995-1-git-send-email-peter.maydell@linaro.org
2015-11-09qapi: Simplify non-error testing in test-qmp-*Eric Blake4-135/+53
By using &error_abort, we can avoid a local err variable in situations where we expect success. It also has the nice effect that if the test breaks, the error message from error_abort tends to be nicer than that of g_assert(). This patch has an additional bonus of fixing several call sites that were passing &err to two different functions without checking it in between. In general that is unsafe practice; because if the first function sets an error, the second function could abort() if it tries to set a different error. We got away with it because we were asserting that err was NULL through the entire chain, but switching to &error_abort avoids the questionable practice up front. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1446791754-23823-7-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-11-09qapi: Plug leaks in test-qmp-*Eric Blake3-35/+18
Make valgrind happy with the current state of the tests, so that it is easier to see if future patches introduce new memory problems without being drowned in noise. Many of the leaks were due to calling a second init without tearing down the data from an earlier visit. But since teardown is already idempotent, and we already register teardown as part of input_visitor_test_add(), it is nicer to just make init() safe to call multiple times than it is to have to make all tests call teardown. Another common leak was forgetting to clean up an error object, after testing that an error was raised. Another leak was in test_visitor_in_struct_nested(), failing to clean the base member of UserDefTwo. Cleaning that up left check_and_free_str() as dead code (since using the qapi_free_* takes care of recursion, and we don't want double frees). A final leak was in test_visitor_out_any(), which was reassigning the qobj local variable to a subset of the overall structure needing freeing; it did not result in a use-after-free, but was not cleaning up all the qdict. test-qmp-event and test-qmp-commands were already clean. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1446791754-23823-6-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-11-09qapi: Share test_init code in test-qmp-input*Eric Blake2-51/+46
Rather than duplicate the body of two functions just to decide between qobject_from_jsonv() and qobject_from_json(), exploit the fact that qobject_from_jsonv() intentionally takes 'va_list *' instead of the more common 'va_list', and that qobject_from_json() just calls qobject_from_jsonv(,NULL). For each file, our two existing init functions then become thin wrappers around a new internal function, and future updates to initialization don't have to be duplicated. Suggested-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1446791754-23823-5-git-send-email-eblake@redhat.com> [Two old comment typos fixed] Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-11-09qobject: Protect against use-after-free in qobject_decref()Eric Blake1-0/+1
Adding an assertion to qobject_decref() will ensure that a programming error causing use-after-free will result in immediate failure (provided no other thread has started using the memory) instead of silently attempting to wrap refcnt around and leaving the problem to potentially bite later at a harder point to diagnose. Suggested-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1446791754-23823-4-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-11-09qapi: Strengthen test of TestStructListEric Blake1-11/+7
Make each list element different, to ensure that order is preserved, and use the generated free function instead of hand-rolling our own to ensure (under valgrind) that the list is properly cleaned. Suggested-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1446791754-23823-3-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-11-09qapi: Use generated TestStruct machinery in testsEric Blake6-162/+10
Commit d88f5fd and friends first introduced the various test-qmp-* tests in 2011, with duplicated hand-rolled TestStruct machinery, to make sure the qapi visitor interface was tested. Later, commit 4f193e3 in 2013 added a .json file for further testing use by the files, but without consolidating any of the existing hand-rolled visitors. And with four copies, subtle differences have crept in, between the tests themselves (mainly whitespace differences, but also a question of whether to use NULL or "TestStruct" when calling visit_start_struct()) and from what the generator produces (the hand-rolled versions did not cater to partially-allocated objects, because they did not have a deallocation usage). Of course, just because the visitor interface is tested does not mean it is a sane interface; and future patches will be changing some of the visitor contracts. Rather than having to duplicate the cleanup work in each copy of the TestStruct visitor, and keep each hand-rolled copy in sync with what the generator supplies, we might as well just test what the generator should give us in the first place. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1446791754-23823-2-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-11-09Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into ↵Peter Maydell7-39/+309
staging # gpg: Signature made Mon 09 Nov 2015 10:08:17 GMT using RSA key ID 81AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" * remotes/stefanha/tags/block-pull-request: blockdev: acquire AioContext in hmp_commit() monitor: add missed aio_context_acquire into vm_completion call aio: Introduce aio-epoll.c aio: Introduce aio_context_setup aio: Introduce aio_external_disabled dataplane: support non-contigious s/g dataplane: simplify indirect descriptor read Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-11-09blockdev: acquire AioContext in hmp_commit()Stefan Hajnoczi1-1/+11
This one slipped through. Although we acquire AioContext when committing all devices we don't for just a single device. AioContext must be acquired before calling bdrv_*() functions to synchronize access with other threads that may be using the AioContext. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Denis V. Lunev <den@openvz.org> Reviewed-by: Jeff Cody <jcody@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-11-09monitor: add missed aio_context_acquire into vm_completion callDenis V. Lunev1-3/+8
Signed-off-by: Denis V. Lunev <den@openvz.org> CC: Stefan Hajnoczi <stefanha@redhat.com> CC: Kevin Wolf <kwolf@redhat.com> CC: Luiz Capitulino <lcapitulino@redhat.com> CC: Markus Armbruster <armbru@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-11-09aio: Introduce aio-epoll.cFam Zheng2-1/+188
To minimize code duplication, epoll is hooked into aio-posix's aio_poll() instead of rolling its own. This approach also has both compile-time and run-time switchability. 1) When QEMU starts with a small number of fds in the event loop, ppoll is used. 2) When QEMU starts with a big number of fds, or when more devices are hot plugged, epoll kicks in when the number of fds hits the threshold. 3) Some fds may not support epoll, such as tty based stdio. In this case, it falls back to ppoll. A rough benchmark with scsi-disk on virtio-scsi dataplane (epoll gets enabled from 64 onward). Numbers are in MB/s. =============================================== | master | epoll | | scsi disks # | read randrw | read randrw -------------|----------------|---------------- 1 | 86 36 | 92 45 8 | 87 43 | 86 41 64 | 71 32 | 70 38 128 | 48 24 | 58 31 256 | 37 19 | 57 28 =============================================== To comply with aio_{disable,enable}_external, we always use ppoll when aio_external_disabled() is true. [Removed #ifdef CONFIG_EPOLL around AioContext epollfd field declaration since the field is also referenced outside CONFIG_EPOLL code. --Stefan] Signed-off-by: Fam Zheng <famz@redhat.com> Message-id: 1446177989-6702-4-git-send-email-famz@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-11-09aio: Introduce aio_context_setupFam Zheng4-2/+27
This is the place to initialize platform specific bits of AioContext. Signed-off-by: Fam Zheng <famz@redhat.com> Message-id: 1446177989-6702-3-git-send-email-famz@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-11-09aio: Introduce aio_external_disabledFam Zheng1-0/+11
This allows AioContext users to check the enable/disable state of external clients. Signed-off-by: Fam Zheng <famz@redhat.com> Message-id: 1446177989-6702-2-git-send-email-famz@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-11-09dataplane: support non-contigious s/gMichael S. Tsirkin1-22/+46
bring_map currently fails if one of the entries it's mapping is contigious in GPA but not HVA address space. Introduce a mapped_len parameter so it can handle this, returning the actual mapped length. This will still fail if there's no space left in the sg, but luckily max queue size in use is currently 256, while max sg size is 1024, so we should be OK even is all entries happen to cross a single DIMM boundary. Won't work well with very small DIMM sizes, unfortunately: e.g. this will fail with 4K DIMMs where a single request might span a large number of DIMMs. Let's hope these are uncommon - at least we are not breaking things. Reported-by: Stefan Hajnoczi <stefanha@redhat.com> Reported-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Tested-by: Igor Mammedov <imammedo@redhat.com> Message-id: 1446047243-3221-2-git-send-email-mst@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-11-09dataplane: simplify indirect descriptor readMichael S. Tsirkin1-10/+18
Use address_space_read to make sure we handle the case of an indirect descriptor crossing DIMM boundary correctly. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Tested-by: Igor Mammedov <imammedo@redhat.com> Message-id: 1446047243-3221-1-git-send-email-mst@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-11-07Merge remote-tracking branch 'remotes/ehabkost/tags/x86-pull-request' into ↵Peter Maydell2-9/+34
staging target-i386: tcg: Handle clflushopt/clwb/pcommit instructions A small update to TCG code so it can handle the new clflushopt/clwb/pcommit instructions. # gpg: Signature made Sat 07 Nov 2015 14:50:54 GMT using RSA key ID 984DC5A6 # gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>" * remotes/ehabkost/tags/x86-pull-request: target-i386: Add clflushopt/clwb/pcommit to TCG_7_0_EBX_FEATURES target-i386: tcg: Check right CPUID bits for clflushopt/pcommit target-i386: tcg: Accept clwb instruction Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-11-07Merge remote-tracking branch 'remotes/jnsnow/tags/ide-pull-request' into stagingPeter Maydell8-45/+191
# gpg: Signature made Fri 06 Nov 2015 20:01:44 GMT using RSA key ID AAFC390E # gpg: Good signature from "John Snow (John Huston) <jsnow@redhat.com>" * remotes/jnsnow/tags/ide-pull-request: arm: allwinner-a10: Add SATA ahci: Add allwinner AHCI ahci: split realize and init ahci: Add some MMIO debug printfs ide: remove hardcoded 2GiB transactional limit Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-11-06arm: allwinner-a10: Add SATAPeter Crosthwaite2-0/+15
Add the Allwinner A10 AHCI controller module to the SoC. Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com> Reviewed-by: John Snow <jsnow@redhat.com> Message-id: 69d6962f2d14a218bd07e9ac4ccd1947737cc30f.1445917756.git.crosthwaite.peter@gmail.com Signed-off-by: John Snow <jsnow@redhat.com>
2015-11-06ahci: Add allwinner AHCIPeter Crosthwaite3-0/+112
Add a Sysbus AHCI subclass for the Allwinner AHCI. It has a few extra vendor specific registers which are used for phy and power init. Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com> Reviewed-by: John Snow <jsnow@redhat.com> Message-id: 833b5b05ed5ade38bf69656679b0a7575e79492b.1445917756.git.crosthwaite.peter@gmail.com [resolved patch context on pull --js] Signed-off-by: John Snow <jsnow@redhat.com>
2015-11-06ahci: split realize and initPeter Crosthwaite3-15/+34
Do the init level tasks asap and the realize later (mainly when num_ports is available). This allows sub-class realize routines to work with the device post-init. Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com> Reviewed-by: John Snow <jsnow@redhat.com> Message-id: 1a7c7b2b32e5ccf49373a5065da5ece89730d3ac.1445917756.git.crosthwaite.peter@gmail.com Signed-off-by: John Snow <jsnow@redhat.com>
2015-11-06ahci: Add some MMIO debug printfsPeter Crosthwaite1-6/+15
These are useful for bringup of AHCI. Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com> Reviewed-by: John Snow <jsnow@redhat.com> Message-id: 517ba413dce7deb4ab17c0cc1e8bbdaaace2a0db.1445917756.git.crosthwaite.peter@gmail.com Signed-off-by: John Snow <jsnow@redhat.com>
2015-11-06ide: remove hardcoded 2GiB transactional limitJohn Snow3-24/+15
Not that you can request a >2GiB transaction, but that's why checking for it makes no sense anymore. With the newer 'limit' parameter to prepare_buf, we no longer need a static limit. The maximum limit is still 2GiB, but the limit parameter is set to the current transaction size, which cannot surpass 32MiB (512 * 65536). If the PRDT surpasses the transactional size, then, we'll just carry out the normative underflow handling pathways instead of needing an extra, strange pathway that worries about hitting some logistical cap for the largest sglist we can support -- we'll never even attempt to build one that big anymore. Reported-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: John Snow <jsnow@redhat.com> Acked-by: Stefan Hajnoczi <stefanha@redhat.com> Message-id: 1445902682-20051-1-git-send-email-jsnow@redhat.com
2015-11-06target-i386: Add clflushopt/clwb/pcommit to TCG_7_0_EBX_FEATURESXiao Guangrong1-1/+3
Now these instructions are handled by TCG and can be added to the TCG_7_0_EBX_FEATURES macro. Signed-off-by: Xiao Guangrong <guangrong.xiao@linux.intel.com> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2015-11-06target-i386: tcg: Check right CPUID bits for clflushopt/pcommitEduardo Habkost1-8/+20
Detect the clflushopt and pcommit instructions and check their corresponding feature flags, instead of checking CPUID_SSE and CPUID_CLFLUSH. Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2015-11-06target-i386: tcg: Accept clwb instructionEduardo Habkost1-1/+12
Accept the clwb instruction (66 0F AE /6) if its corresponding feature flag is enabled on CPUID[7]. Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2015-11-06Merge remote-tracking branch ↵Peter Maydell34-89/+130
'remotes/mjt/tags/pull-trivial-patches-2015-11-06' into staging trivial patches for 2015-11-06 # gpg: Signature made Fri 06 Nov 2015 12:42:43 GMT using RSA key ID A4C3D7DB # gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>" # gpg: aka "Michael Tokarev <mjt@corpit.ru>" # gpg: aka "Michael Tokarev <mjt@debian.org>" * remotes/mjt/tags/pull-trivial-patches-2015-11-06: (24 commits) tap-bsd: use user-specified tap device if it already exists qemu-sockets: do not test path with access() before unlinking taget-ppc: Fix read access to IBAT registers higher than IBAT3 exec: avoid unnecessary cacheline bounce on ram_list.mru_block target-alpha: fix uninitialized variable ivshmem-server: fix possible OVERRUN pci-assign: do not test path with access() before opening qom/object: fix 2 comment typos configure: remove help string for 'vnc-tls' option usb: Use g_new() & friends where that makes obvious sense qxl: Use g_new() & friends where that makes obvious sense ui: Use g_new() & friends where that makes obvious sense bt: fix use of uninitialized variable seqlen hw/dma/pxa2xx: Remove superfluous memset linux-user/syscall: Replace g_malloc0 + memcpy with g_memdup tests/i44fx-test: No need for zeroing memory before memset hw/input/tsc210x: Remove superfluous memset xen: fix invalid assertion tests: ignore test-qga fix bad indentation in pcie_cap_slot_write_config() ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-11-06tap-bsd: use user-specified tap device if it already existsEd Maste1-5/+33
Acked-by: Roger Pau Monné <roger.pau@citrix.com> Signed-off-by: Ed Maste <emaste@freebsd.org> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-11-06qemu-sockets: do not test path with access() before unlinkingPaolo Bonzini1-2/+1
Using access() is a time-of-check/time-of-use race condition. It is okay to use them to provide better error messages, but that is pretty much it. This is not one such case; on the other hand, access() *will* skip unlink() for a non-existent path, so ignore ENOENT return values from the unlink() system call. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-11-06taget-ppc: Fix read access to IBAT registers higher than IBAT3Julio Guerra1-1/+1
Fix the index used to read the IBAT's vector which results in IBAT0..3 instead of IBAT4..N. The bug appeared by saving/restoring contexts including IBATs values. Signed-off-by: Julio Guerra <julio@farjump.io> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-11-06exec: avoid unnecessary cacheline bounce on ram_list.mru_blockPaolo Bonzini1-1/+1
Whenever the MRU cache hits for the list of RAM blocks, qemu_get_ram_block does an unnecessary write that causes a processor cache line to bounce from one core to another. This causes a performance hit. Reported-by: Emilio G. Cota <cota@braap.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-11-06target-alpha: fix uninitialized variablePaolo Bonzini1-1/+1
I am not sure why the compiler does not catch it. There is no semantic change since gen_excp returns EXIT_NORETURN, but the old code is wrong. Reported by Coverity. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-11-06ivshmem-server: fix possible OVERRUNGonglei1-1/+3
>>> CID 1337991: Memory - illegal accesses (OVERRUN) >>> Decrementing "i". The value of "i" is now 65534. 218 while (i--) { 219 event_notifier_cleanup(&peer->vectors[i]); 220 } Signed-off-by: Gonglei <arei.gonglei@huawei.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-11-06pci-assign: do not test path with access() before openingPaolo Bonzini1-5/+1
Using access() is a time-of-check/time-of-use race condition. It is okay to use them to provide better error messages, but that is pretty much it. In this case we can get the same error from fopen(), so just use strerror and errno there---which actually improves the error message most of the time. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-11-06qom/object: fix 2 comment typosCao jin2-6/+6
Also change the misleading definition of macro OBJECT_CLASS_CHECK Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-11-06configure: remove help string for 'vnc-tls' optionDaniel P. Berrange1-1/+0
The '--enable-vnc-tls' option to configure was removed in commit 3e305e4a4752f70c0b5c3cf5b43ec957881714f7 Author: Daniel P. Berrange <berrange@redhat.com> Date: Thu Aug 6 14:39:32 2015 +0100 ui: convert VNC server to use QCryptoTLSSession This removes the corresponding help string. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-11-06usb: Use g_new() & friends where that makes obvious senseMarkus Armbruster4-8/+7
g_new(T, n) is neater than g_malloc(sizeof(T) * n). It's also safer, for two reasons. One, it catches multiplication overflowing size_t. Two, it returns T * rather than void *, which lets the compiler catch more type errors. This commit only touches allocations with size arguments of the form sizeof(T). Same Coccinelle semantic patch as in commit b45c03f. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-11-06qxl: Use g_new() & friends where that makes obvious senseMarkus Armbruster1-1/+1
g_new(T, n) is neater than g_malloc(sizeof(T) * n). It's also safer, for two reasons. One, it catches multiplication overflowing size_t. Two, it returns T * rather than void *, which lets the compiler catch more type errors. This commit only touches allocations with size arguments of the form sizeof(T). Same Coccinelle semantic patch as in commit b45c03f. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-11-06ui: Use g_new() & friends where that makes obvious senseMarkus Armbruster7-11/+11
g_new(T, n) is neater than g_malloc(sizeof(T) * n). It's also safer, for two reasons. One, it catches multiplication overflowing size_t. Two, it returns T * rather than void *, which lets the compiler catch more type errors. This commit only touches allocations with size arguments of the form sizeof(T). Same Coccinelle semantic patch as in commit b45c03f. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-11-06bt: fix use of uninitialized variable seqlenPaolo Bonzini1-9/+20
sdp_svc_match, sdp_attr_match and sdp_svc_attr_match read the last argument. The only sensible way to change the code is to make that last argument "len" instead of "seqlen" which is the length of a subsequence in the previous "if" branch. To make the structure of the code clearer, use "else" instead of "else if". Reported by Coverity. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-11-06hw/dma/pxa2xx: Remove superfluous memsetThomas Huth1-2/+1
g_malloc0 already clears the memory, so no need for the additional memset here. And while we're at it, also convert the g_malloc0 to the preferred g_new0. Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-11-06linux-user/syscall: Replace g_malloc0 + memcpy with g_memdupThomas Huth1-2/+1
No need to use g_malloc0 to zero the memory if we memcpy to the whole buffer afterwards anyway. Actually, there is even a function which combines both steps, g_memdup, so let's use this function here instead. Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>