aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2017-02-07wdt: Add Aspeed watchdog device modelCédric Le Goater3-0/+258
The Aspeed SoC includes a set of watchdog timers using 32-bit decrement counters, which can be based either on the APB clock or a 1 MHz clock. The watchdog timer is designed to prevent system deadlock and, in general, it should be restarted before timeout. When a timeout occurs, different types of signals can be generated, ARM reset, SOC reset, System reset, CPU Interrupt, external signal or boot from alternate block. The current model only performs the system reset function as this is used by U-Boot and Linux. Signed-off-by: Joel Stanley <joel@jms.id.au> Message-id: 1485452251-1593-2-git-send-email-clg@kaod.org [clg: - fixed compile breakage - fixed io region size - added watchdog_perform_action() on timer expiry - wrote a commit log - merged fixes from Andrew Jeffery to scale the reload value ] Signed-off-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-07integratorcp: adding vmstate for save/restorePavel Dovgalyuk1-0/+59
VMState added by this patch preserves correct loading of the integratorcp device state. Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru> Message-id: 20170131114310.6768.79416.stgit@PASHA-ISP [PMM: removed unnecessary minimum_version_id_old lines] Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-07Merge remote-tracking branch 'remotes/juanquintela/tags/migration/20170206' ↵Peter Maydell7-37/+77
into staging migration/next for 20170206 # gpg: Signature made Mon 06 Feb 2017 16:13:26 GMT # gpg: using RSA key 0xF487EF185872D723 # gpg: Good signature from "Juan Quintela <quintela@redhat.com>" # gpg: aka "Juan Quintela <quintela@trasno.org>" # Primary key fingerprint: 1899 FF8E DEBF 58CC EE03 4B82 F487 EF18 5872 D723 * remotes/juanquintela/tags/migration/20170206: postcopy: Recover block devices on early failure Postcopy: Reset state to avoid cleanup assert vmstate registration: check return values migration: Check for ID length vmstate_register_with_alias_id: Take an Error ** migration: create Migration Incoming State at init time Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-07Merge remote-tracking branch 'remotes/rth/tags/pull-hppa-20170206' into stagingPeter Maydell5-16/+14
Misc hppa fixes. # gpg: Signature made Tue 07 Feb 2017 02:28:40 GMT # gpg: using RSA key 0xAD1270CC4DD0279B # gpg: Good signature from "Richard Henderson <rth7680@gmail.com>" # gpg: aka "Richard Henderson <rth@redhat.com>" # gpg: aka "Richard Henderson <rth@twiddle.net>" # Primary key fingerprint: 9CB1 8DDA F8E8 49AD 2AFC 16A4 AD12 70CC 4DD0 279B * remotes/rth/tags/pull-hppa-20170206: target/hppa: Fix gdb_write_register target/hppa: Tidy do_cbranch linux-user: define correct UTS machine name for hppa linux-user: fix "apt-get update" on linux-user hppa linux-user: add hppa magic numbers in qemu-binfmt-conf.sh Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-07rules: don't try to create missing include dirsDaniel P. Berrange2-2/+1
In commit ba78db44f6532d66a1e704bd44613e841baa2fc5 Author: Daniel P. Berrange <berrange@redhat.com> Date: Wed Jan 25 16:14:10 2017 +0000 make: move top level dir to end of include search path The dir $(BUILD_DIR)/$(@D) was added to the include path. This would sometimes point to a non-existant directory, if the sub-dir in question did not contain any target-independant files (eg tcg/). To deal with this the rules.mak attempted to create the directory. While this was succesful, it also caused accidental creation of files in the parent of the build dir. e.g. when building common source files into target specific output files. Rather than trying to workaround this, just revert the code that attempted to mkdir the missing include directories. Instead just turn off the compiler warning in question as the missing dir is expected & harmless in general. NB: you can clean up a build directory parent that has been filled with empty directories by commit ba78db44f653 using this GNU find command in that parent directory: find audio backends block chardev crypto disas fsdev hw io linux-user \ migration nbd net qapi qom replay slirp target ui util \ -type d -empty -delete Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Tested-by: Alberto Garcia <berto@igalia.com> [PMM: added note about how to clean up a polluted directory] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-06target/hppa: Fix gdb_write_registerRichard Henderson1-0/+1
Add a missing break, detected by Coverity. Reported-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
2017-02-06target/hppa: Tidy do_cbranchRichard Henderson1-12/+5
Removes some dead code detected by Covarity. Reported-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Richard Henderson <rth@twiddle.net>
2017-02-06linux-user: define correct UTS machine name for hppaLaurent Vivier1-1/+1
the correct UTS machine name (as expected by systemd) is "parisc", not "hppa". Signed-off-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20170126080449.28255-4-laurent@vivier.eu> Signed-off-by: Richard Henderson <rth@twiddle.net>
2017-02-06linux-user: fix "apt-get update" on linux-user hppaLaurent Vivier1-1/+0
apt-get was hanging on linux-user hppa. strace has shown the netlink data stream was not correctly byte swapped. It appears the fd translator function is unregistered just after it has been registered, so the translator function is not called. This patch removes the fd_trans_unregister() after the do_socket() in the TARGET_NR_socket case. This fd_trans_unregister() was added by commit e36800c linux-user: add signalfd/signalfd4 syscalls when do_socket() was not registering any fd translator. And as now it is, we must remove this fd_trans_unregister() to keep them. Reported-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> Signed-off-by: Laurent Vivier <laurent@vivier.eu> Tested-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> Message-Id: <20170126080449.28255-3-laurent@vivier.eu> Signed-off-by: Richard Henderson <rth@twiddle.net>
2017-02-06linux-user: add hppa magic numbers in qemu-binfmt-conf.shLaurent Vivier1-2/+7
As we have now a linux-user HPPA target, we can add it to the list of supported targets in qemu-binfmt-conf.sh Signed-off-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Richard Henderson <rth@twiddle.net> Message-Id: <20170126080449.28255-2-laurent@vivier.eu> Signed-off-by: Richard Henderson <rth@twiddle.net>
2017-02-06postcopy: Recover block devices on early failureDr. David Alan Gilbert1-0/+25
An early postcopy failure can be recovered from as long as we know we haven't sent the command to run the destination. We have to undo the bdrv_inactivate_all by calling bdrv_invalidate_cache_all Note that I'm not using ms->block_inactive because once we've sent the postcopy package we dont want anything else to try and recover the block storage on the source; the destination might have started writing to it. Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Message-Id: <20170202155909.31784-3-dgilbert@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
2017-02-06Postcopy: Reset state to avoid cleanup assertDr. David Alan Gilbert1-0/+1
On a destination host with no userfault support an incoming postcopy would cause the state to enter ADVISE before it realised there was no support, and because it was in ADVISE state it would perform a cleanup at the end. Since there was no support the cleanup function should be unreachable, but ends up being called and asserting. Reset the state when we realise we have no support, thus the cleanup doesn't happen. Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Message-Id: <20170202155909.31784-2-dgilbert@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
2017-02-06vmstate registration: check return valuesDr. David Alan Gilbert1-4/+6
Check qdev's call to vmstate_register_with_alias_id; that gets most of the common uses; there's hundreds of calls via vmstate_register which could get fixed over time. Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Message-Id: <20170202125956.21942-4-dgilbert@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
2017-02-06migration: Check for ID lengthDr. David Alan Gilbert2-5/+18
The qdev id of a device can be huge if it's on the end of a chain of bridges; in reality such chains shouldn't occur but they can be made to by chaining PCIe bridges together. The migration format has a number of 256 character long format limits; check we don't hit them (we already use pstrcat/cpy but that just protects us from buffer overruns, we fairly quickly hit an assert). Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Message-Id: <20170202125956.21942-3-dgilbert@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
2017-02-06vmstate_register_with_alias_id: Take an Error **Dr. David Alan Gilbert5-6/+10
I'll be adding an error to it in a subsequent patch. Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Message-Id: <20170202125956.21942-2-dgilbert@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
2017-02-06migration: create Migration Incoming State at init timeJuan Quintela3-24/+19
Signed-off-by: Juan Quintela <quintela@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Message-Id: <1485207141-1941-3-git-send-email-quintela@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
2017-02-06Merge remote-tracking branch 'remotes/kraxel/tags/pull-usb-20170206-1' into ↵Peter Maydell6-20/+44
staging usb: various bugfixes, mostly xhci. # gpg: Signature made Mon 06 Feb 2017 11:26:35 GMT # gpg: using RSA key 0x4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/pull-usb-20170206-1: xhci: fix event queue IRQ handling usb: ccid: check ccid apdu length xhci: guard xhci_kick_epctx against recursive calls xhci: don't kick in xhci_submit and xhci_fire_ctl_transfer xhci: rename xhci_complete_packet to xhci_try_complete_packet xhci: only free completed transfers usb: accept usb3 control requests usb/uas: more verbose error message hw/usb/dev-hid: Improve guest compatibility of usb-tablet Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-06xhci: fix event queue IRQ handlingGerd Hoffmann1-0/+13
The qemu xhci emulation doesn't handle the ERDP_EHB flag correctly. When the host adapter queues a new event the ERDP_EHB flag is set. The flag is cleared (via w1c) by the guest when it updates the ERDP (event ring dequeue pointer) register to notify the host adapter which events it has fetched. An IRQ must be raised in case the ERDP_EHB flag flips from clear to set. If the flag is set already (which implies there are events queued up which are not yet processed by the guest) xhci must *not* raise a IRQ. Qemu got that wrong and raised an IRQ on every event, thereby generating spurious interrupts in case we've queued events faster than the guest processed them. This patch fixes that. With that change in place we also have to check ERDP updates, to see whenever the guest has fetched all queued events. In case there are still pending events set ERDP_EHB and raise an IRQ again, to make sure the events don't linger unseen forever. The linux kernel driver and the microsoft windows driver (shipped with win8+) can deal with the spurious interrupts without problems. The renesas windows driver (v2.1.39) which can be used on older windows versions is quite upset though. It does spurious ERDP updates now and then (not every time, seems we must hit a race window for this to happen), which in turn makes the qemu xhci emulation think the event ring is full. Things go south from here ... tl;dr: This is the "fix xhci on win7" patch. Cc: M.Cerveny@computer.org Cc: 1373228@bugs.launchpad.net Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 1486104705-13761-1-git-send-email-kraxel@redhat.com
2017-02-06Merge remote-tracking branch 'remotes/dgibson/tags/isa-cleanup-20170206' ↵Peter Maydell21-212/+305
into staging Allow ISA to be disabled on some platforms (v3) This makes some cleanups that are a start on allowing ISA to be compiled out for platforms which don't use it. I posted this series last November, and it collected a number of R-bs and no apparent objections. So, I've now rebased it (trivially) and am sending a pull request in the hopes of merge. A lot of the pieces here don't have a clear maintainer, so I'm sending it directly to Peter. Notes: * Patch 3/3 triggers a style warning, but that's just because I'm moving a C++ // comment verbatim from one file to another Changes since v2: * Trivial rebase Changes since v1: * Fixed some silly compile errors in 3/3 exposed by some changes in other headers # gpg: Signature made Mon 06 Feb 2017 01:37:50 GMT # gpg: using RSA key 0x6C38CACA20D9B392 # gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>" # gpg: aka "David Gibson (Red Hat) <dgibson@redhat.com>" # gpg: aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>" # gpg: aka "David Gibson (kernel.org) <dwg@kernel.org>" # Primary key fingerprint: 75F4 6586 AE61 A66C C44E 87DC 6C38 CACA 20D9 B392 * remotes/dgibson/tags/isa-cleanup-20170206: Split ISA and sysbus versions of m48t59 device Allow ISA bus to be configured out Split serial-isa into its own config option Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-06usb: ccid: check ccid apdu lengthPrasad J Pandit1-1/+1
CCID device emulator uses Application Protocol Data Units(APDU) to exchange command and responses to and from the host. The length in these units couldn't be greater than 65536. Add check to ensure the same. It'd also avoid potential integer overflow in emulated_apdu_from_guest. Reported-by: Li Qiang <liqiang6-s@360.cn> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Message-id: 20170202192228.10847-1-ppandit@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2017-02-06xhci: guard xhci_kick_epctx against recursive callsGerd Hoffmann1-0/+7
Track xhci_kick_epctx processing being active in a variable. Check the variable before calling xhci_kick_epctx from xhci_kick_ep. Add an assert to make sure we don't call recursively into xhci_kick_epctx. Cc: 1653384@bugs.launchpad.net Fixes: 94b037f2a451b3dc855f9f2c346e5049a361bd55 Reported-by: Fabian Lesniak <fabian@lesniak-it.de> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 1486035372-3621-1-git-send-email-kraxel@redhat.com Message-id: 1485790607-31399-5-git-send-email-kraxel@redhat.com
2017-02-06xhci: don't kick in xhci_submit and xhci_fire_ctl_transferGerd Hoffmann1-8/+0
xhci_submit and xhci_fire_ctl_transfer are is called from xhci_kick_epctx processing loop only, so there is no need to call xhci_kick_epctx make sure processing continues. Also eecursive calls into xhci_kick_epctx can cause trouble. Drop the xhci_kick_epctx calls. Cc: 1653384@bugs.launchpad.net Fixes: 94b037f2a451b3dc855f9f2c346e5049a361bd55 Reported-by: Fabian Lesniak <fabian@lesniak-it.de> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 1485790607-31399-4-git-send-email-kraxel@redhat.com
2017-02-06xhci: rename xhci_complete_packet to xhci_try_complete_packetGerd Hoffmann1-6/+6
Make clear that this isn't guaranteed to actually complete the transfer, the usb packet can still be in flight after calling that function. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 1485790607-31399-3-git-send-email-kraxel@redhat.com
2017-02-06xhci: only free completed transfersGerd Hoffmann1-1/+3
Most callsites check already, one was missed. Cc: 1653384@bugs.launchpad.net Fixes: 94b037f2a451b3dc855f9f2c346e5049a361bd55 Reported-by: Fabian Lesniak <fabian@lesniak-it.de> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 1485790607-31399-2-git-send-email-kraxel@redhat.com
2017-02-06usb: accept usb3 control requestsGerd Hoffmann2-0/+9
Windows 10 reportedly sends these, so accept them in case the device in question is a superspeed (usb3) device. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 1485870727-21956-2-git-send-email-kraxel@redhat.com
2017-02-06usb/uas: more verbose error messageGerd Hoffmann1-1/+2
Print some more details in case we get a unknown control request, to ease trouble-shooting. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 1485870727-21956-1-git-send-email-kraxel@redhat.com
2017-02-06hw/usb/dev-hid: Improve guest compatibility of usb-tabletPhil Dennis-Jordan1-3/+3
1. Set bInterfaceProtocol to 0x00 for usb-tablet. This should be non-zero for boot protocol devices only, which the usb-tablet is not. 2. Set the usb-tablet's usage to "mouse" in the report descriptor. The boot protocol of 0x02 specifically confused OS X/macOS' HID driver stack, causing it to generate additional bogus HID events with relative motion in addition to the tablet's absolute coordinate events. Absolute pointing devices with HID Report Descriptor usage of 0x01 (pointing) are treated by the macOS HID driver as analog sticks, and absolute coordinates are not directly translated to absolute mouse cursor positions. Changing it to 0x02 (mouse) fixes the problem, and does not have any adverse effect in other operating systems and windowing systems. (VMWare does the same thing.) Signed-off-by: Phil Dennis-Jordan <phil@philjordan.eu> Message-id: 1485365075-32702-1-git-send-email-phil@philjordan.eu Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2017-02-06Split ISA and sysbus versions of m48t59 deviceDavid Gibson4-210/+284
The m48t59 device supports both ISA and direct sysbus attached versions of the device in the one .c file. This can be awkward for some embedded machine types which need the sysbus M48T59, but don't want to pull in the ISA bus code and its other dependencies. Therefore, this patch splits out the code for the ISA attached M48T59 into its own C file. It will be built when both CONFIG_M48T59 and CONFIG_ISA_BUS are enabled. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
2017-02-06Allow ISA bus to be configured outDavid Gibson5-1/+6
Currently, the code to handle the legacy ISA bus is always included in qemu. However there are lots of platforms that don't include ISA legacy devies, and quite a few that have never used ISA legacy devices at all. This patch allows the ISA bus code to be disabled in the configuration for platforms where it doesn't make sense. For now, the default configs are adjusted to include ISA on all platforms including PCI: anything with PCI can at least in principle add an i82378 PCI->ISA bridge. Also, CONFIG_IDE_CORE which is already in pci.mak requires ISA support. We also explicitly enable ISA on some other non-PCI platforms which include ISA devices: moxie, sparc and unicore32. We may want to pare this down in future. The platforms that will lose ISA by default are: cris, lm32, microblazeel, microblaze, openrisc, s390x, tricore, xtensaeb, xtensa. As far as I can tell none of these ever used ISA. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Acked-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
2017-02-06Split serial-isa into its own config optionDavid Gibson14-1/+15
At present, the core device model code for 8250-like serial ports (serial.c) and the code for serial ports attached to ISA-style legacy IO (serial-isa.c) are both controlled by the CONFIG_SERIAL variable. There are lots and lots of embedded platforms that have 8250-like serial ports but have never had anything resembling ISA legacy IO. Therefore, split serial-isa into its own CONFIG_SERIAL_ISA option so it can be disabled for platforms where it's not appropriate. For now, I enabled CONFIG_SERIAL_ISA in every default-config where CONFIG_SERIAL is enabled, excepting microblaze, or32, and xtensa. As best as I can tell, those platforms never used legacy ISA, and also don't include PCI support (which would allow connection of a PCI->ISA bridge and/or a southbridge including legacy ISA serial ports). Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Thomas Huth <thuth@redhat.com> Acked-by: Christian Borntraeger <borntraeger@de.ibm.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
2017-02-03Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into ↵Peter Maydell1-0/+14
staging # gpg: Signature made Fri 03 Feb 2017 14:37:45 GMT # gpg: using RSA key 0x9CA4ABB381AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" # Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8 * remotes/stefanha/tags/block-pull-request: iothread: enable AioContext polling by default Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-03iothread: enable AioContext polling by defaultStefan Hajnoczi1-0/+14
IOThread AioContexts are likely to consist only of event sources like virtqueue ioeventfds and LinuxAIO completion eventfds that are pollable from userspace (without system calls). We recently merged the AioContext polling feature but didn't enable it by default yet. I have gone back over the performance data on the mailing list and picked a default polling value that gave good results. Let's enable AioContext polling by default so users don't have another switch they need to set manually. If performance regressions are found we can still disable this for the QEMU 2.9 release. Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Christian Borntraeger <borntraeger@de.ibm.com> Cc: Karl Rister <krister@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-id: 20170126170119.27876-1-stefanha@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-02-03Merge remote-tracking branch 'remotes/sstabellini/tags/xen-20170202' into ↵Peter Maydell5-30/+42
staging Xen 2017/02/02 # gpg: Signature made Thu 02 Feb 2017 18:26:58 GMT # gpg: using RSA key 0x894F8F4870E1AE90 # gpg: Good signature from "Stefano Stabellini <sstabellini@kernel.org>" # gpg: aka "Stefano Stabellini <stefano.stabellini@eu.citrix.com>" # Primary key fingerprint: D04E 33AB A51F 67BA 07D3 0AEA 894F 8F48 70E1 AE90 * remotes/sstabellini/tags/xen-20170202: xen: use qdev_unplug() instead of g_free() in xen_pv_find_xendev() MAINTAINERS: Update xen-devel mailing list address xen-platform: add missing disk unplug option xen-platform: add support for unplugging NVMe disks... xen-platform: re-structure unplug_disks Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-03tci: Remove invalid assertionsStefan Weil1-2/+0
tb_jmp_insn_offset and tb_jmp_reset_offset are pointers and cannot be used with ARRAY_SIZE. Signed-off-by: Stefan Weil <sw@weilnetz.de> Acked-by: Michael S. Tsirkin <mst@redhat.com> Message-id: 20170202195601.11286-1-sw@weilnetz.de Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-03Merge remote-tracking branch 'remotes/kraxel/tags/pull-vga-20170202-2' into ↵Peter Maydell1-25/+39
staging cirrus: multiple bugfixes, including CVE-2017-2615 fix. # gpg: Signature made Thu 02 Feb 2017 15:03:35 GMT # gpg: using RSA key 0x4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/pull-vga-20170202-2: cirrus: fix oob access issue (CVE-2017-2615) cirrus: fix blit address mask handling cirrus: allow zero source pitch in pattern fill rops cirrus: handle negative pitch in cirrus_invalidate_region() Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-02Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.9-20170202' ↵Peter Maydell63-771/+3867
into staging ppc patch queue 2017-02-02 This obsoletes ppc-for-2.9-20170112, which had a MacOS build bug. This is a long overdue ppc pull request for qemu-2.9. It's been a long time coming due to some holidays and inconveniently timed problems with testing. So, there's a lot in here: * More POWER9 instruction implementations for TCG * The simpler parts of my CPU compatibility mode cleanup * This changes behaviour to prefer compatibility modes over "raW" mode for new machine type versions * New "40p" machine type which is essentially a modernized and cleaned up "prep". The intention is that it will replace "prep" once it has some more testing and polish. * Add pseries-2.9 machine type * Implement H_SIGNAL_SYS_RESET hypercall * Consolidate the two alternate CPU init paths in pseries by making it always go through CPU core objects to initialize CPU * A number of bugfixes and cleanups * Stop the guest timebase when the guest is stopped under KVM. This makes the guest system clock also stop when paused, which matches the x86 behaviour. * Some preliminary cleanups leading towards implementation of the POWER9 MMU. There are also some changes not strictly related to ppc code, but for its benefit: * Limit the pxi-expander-bridge (PXB) device to x86 guests only (it's essentially a hack to work around historical x86 limitations) * Some additions to the 128-bit math in host_utils, necessary for some of the new instructions. * Revise a number of qtests and enable them for ppc # gpg: Signature made Thu 02 Feb 2017 01:40:16 GMT # gpg: using RSA key 0x6C38CACA20D9B392 # gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>" # gpg: aka "David Gibson (Red Hat) <dgibson@redhat.com>" # gpg: aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>" # gpg: aka "David Gibson (kernel.org) <dwg@kernel.org>" # Primary key fingerprint: 75F4 6586 AE61 A66C C44E 87DC 6C38 CACA 20D9 B392 * remotes/dgibson/tags/ppc-for-2.9-20170202: (107 commits) hw/ppc/pnv: Use error_report instead of hw_error if a ROM file can't be found ppc/kvm: Handle the "family" CPU via alias instead of registering new types target/ppc/mmu_hash64: Fix incorrect shift value in amr calculation target/ppc/mmu_hash64: Fix printing unsigned as signed int tcg/POWER9: NOOP the cp_abort instruction target/ppc/debug: Print LPCR register value if register exists target-ppc: Add xststdc[sp, dp, qp] instructions target-ppc: Add xvtstdc[sp,dp] instructions target-ppc: Add MMU model check for booke machines ppc: switch to constants within BUILD_BUG_ON target/ppc/cpu-models: Fix/remove bad CPU aliases target/ppc: Remove unused POWERPC_FAMILY(POWER) spapr: clock should count only if vm is running ppc: Remove unused function cpu_ppc601_rtc_init() target/ppc: Add pcr_supported to POWER9 cpu class definition powerpc/cpu-models: rename ISAv3.00 logical PVR definition target-ppc: Add xvcv[hpsp, sphp] instructions target-ppc: Add xsmulqp instruction target-ppc: Add xsdivqp instruction target-ppc: Add xscvsdqp and xscvudqp instructions ... # Conflicts: # hw/pci-bridge/Makefile.objs Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-02xen: use qdev_unplug() instead of g_free() in xen_pv_find_xendev()Juergen Gross1-6/+7
The error exits of xen_pv_find_xendev() free the new xen-device via g_free() which is wrong. As the xen-device has been initialized as qdev it must be removed via qdev_unplug(). This bug has been introduced with commit 3a6c9172ac5951e6dac2b3f6 ("xen: create qdev for each backend device"). Reported-by: Roger Pau Monné <roger.pau@citrix.com> Tested-by: Roger Pau Monné <roger.pau@citrix.com> Signed-off-by: Juergen Gross <jgross@suse.com> Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
2017-02-02Merge remote-tracking branch 'remotes/stefanha/tags/tracing-pull-request' ↵Peter Maydell63-280/+400
into staging # gpg: Signature made Wed 01 Feb 2017 13:44:32 GMT # gpg: using RSA key 0x9CA4ABB381AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" # Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8 * remotes/stefanha/tags/tracing-pull-request: trace: clean up trace-events files qapi: add missing trace_visit_type_enum() call trace: improve error reporting when parsing simpletrace header trace: update docs to reflect new code generation approach trace: switch to modular code generation for sub-directories trace: move setting of group name into Makefiles trace: move hw/i386/xen events to correct subdir trace: move hw/xen events to correct subdir trace: move hw/block/dataplane events to correct subdir make: move top level dir to end of include search path # Conflicts: # Makefile Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-02Merge remote-tracking branch 'remotes/borntraeger/tags/s390x-20170201' into ↵Peter Maydell3-3/+5
staging s390x fixes - build error with old gcc versions - race between cmma reset and rom/loader resets - linux-user vs. cpu model # gpg: Signature made Wed 01 Feb 2017 08:24:47 GMT # gpg: using RSA key 0x117BBC80B5A61C7C # gpg: Good signature from "Christian Borntraeger (IBM) <borntraeger@de.ibm.com>" # Primary key fingerprint: F922 9381 A334 08F9 DBAB FBCA 117B BC80 B5A6 1C7C * remotes/borntraeger/tags/s390x-20170201: target/s390x: use "qemu" cpu model in user mode s390x/kvm: fix small race reboot vs. cmma s390-pci: fix compilation on older GCC versions Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-02cirrus: fix oob access issue (CVE-2017-2615)Li Qiang1-4/+3
When doing bitblt copy in backward mode, we should minus the blt width first just like the adding in the forward mode. This can avoid the oob access of the front of vga's vram. Signed-off-by: Li Qiang <liqiang6-s@360.cn> { kraxel: with backward blits (negative pitch) addr is the topmost address, so check it as-is against vram size ] Cc: qemu-stable@nongnu.org Cc: P J P <ppandit@redhat.com> Cc: Laszlo Ersek <lersek@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Wolfgang Bumiller <w.bumiller@proxmox.com> Fixes: d3532a0db02296e687711b8cdc7791924efccea0 (CVE-2014-8106) Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 1485938101-26602-1-git-send-email-kraxel@redhat.com Reviewed-by: Laszlo Ersek <lersek@redhat.com>
2017-02-02Merge remote-tracking branch 'remotes/cody/tags/block-pull-request' into stagingPeter Maydell1-205/+84
# gpg: Signature made Wed 01 Feb 2017 05:32:23 GMT # gpg: using RSA key 0xBDBE7B27C0DE3057 # gpg: Good signature from "Jeffrey Cody <jcody@redhat.com>" # gpg: aka "Jeffrey Cody <jeff@codyprime.org>" # gpg: aka "Jeffrey Cody <codyprime@gmail.com>" # Primary key fingerprint: 9957 4B4D 3474 90E7 9D98 D624 BDBE 7B27 C0DE 3057 * remotes/cody/tags/block-pull-request: sheepdog: reorganize check for overlapping requests sheepdog: simplify inflight_aio_head management sheepdog: do not use BlockAIOCB sheepdog: reorganize coroutine flow sheepdog: remove unused cancellation support Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-02Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into stagingPeter Maydell34-221/+492
virtio, vhost, pci: fixes, features generic pci root port support disable shpc by default safer version of ARRAY_SIZE and QEMU_BUILD_BUG_ON fixes and cleanups all over the place Signed-off-by: Michael S. Tsirkin <mst@redhat.com> # gpg: Signature made Wed 01 Feb 2017 01:38:34 GMT # gpg: using RSA key 0x281F0DB8D28D5469 # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" # Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67 # Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469 * remotes/mst/tags/for_upstream: (22 commits) arm: add trailing ; after MISMATCH_CHECK arm: better stub version for MISMATCH_CHECK hw/pci: disable pci-bridge's shpc by default vhost-user: delete chardev on cleanup vhost: skip ROM sections virtio: make virtio_should_notify static pci: Convert msix_init() to Error and fix callers hcd-xhci: check & correct param before using it msix: Follow CODING_STYLE hw/i386: check if nvdimm is enabled before plugging hw/pcie: Introduce Generic PCI Express Root Port hw/ioh3420: derive from PCI Express Root Port base class hw/pcie: Introduce a base class for PCI Express Root Ports intel_iommu: fix and simplify size calculation in process_device_iotlb_desc() pci: mark ROMs read-only ARRAY_SIZE: check that argument is an array compiler: expression version of QEMU_BUILD_BUG_ON compiler: rework BUG_ON using a struct QEMU_BUILD_BUG_ON: use __COUNTER__ ppc: switch to constants within BUILD_BUG_ON ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-02Merge remote-tracking branch 'remotes/elmarco/tags/chr-split-pull-request' ↵Peter Maydell42-5275/+5999
into staging # gpg: Signature made Tue 31 Jan 2017 19:32:40 GMT # gpg: using RSA key 0xDAE8E10975969CE5 # gpg: Good signature from "Marc-André Lureau <marcandre.lureau@redhat.com>" # gpg: aka "Marc-André Lureau <marcandre.lureau@gmail.com>" # gpg: WARNING: This key is not certified with sufficiently trusted signatures! # gpg: It is not certain that the signature belongs to the owner. # Primary key fingerprint: 87A9 BD93 3F87 C606 D276 F62D DAE8 E109 7596 9CE5 * remotes/elmarco/tags/chr-split-pull-request: (41 commits) char: headers clean-up char: move parallel chardev in its own file char: move serial chardev to its own file char: move pty chardev in its own file char: move pipe chardev in its own file char: move console in its own file char: move stdio in its own file char: move file chardev in its own file char: move udp chardev in its own file char: move socket chardev to its own file char: move win-stdio into its own file char: move win chardev base class in its own file char: move fd chardev in its own file char: move QIOChannel-related stuff to char-io.h char: remove unused READ_RETRIES char: rename and move to header CHR_READ_BUF_LEN char: move ringbuf/memory to its own file char: move mux to its own file char: move null chardev to its own file char: make null_chr_write() the default method ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-02-02hw/ppc/pnv: Use error_report instead of hw_error if a ROM file can't be foundThomas Huth1-3/+3
hw_error() is for CPU related errors only (it dumps the CPU registers and calls abort()!), so using error_report() is the better choice of reporting an error in case we simply did not find a file. Signed-off-by: Thomas Huth <thuth@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-02-02ppc/kvm: Handle the "family" CPU via alias instead of registering new typesThomas Huth1-13/+23
When running with KVM on POWER, we are registering a "family" CPU type for the host CPU that we are running on. For example, on all POWER8-compatible hosts, we register a "POWER8" CPU type, so that you can always start QEMU with "-cpu POWER8" there, without the need to know whether you are running on a POWER8, POWER8E or POWER8NVL host machine. However, we also have a "POWER8" CPU alias in the ppc_cpu_aliases list (that is mainly useful for TCG). This leads to two cosmetical drawbacks: If the user runs QEMU with "-cpu ?", we always claim that POWER8 is an "alias for POWER8_v2.0" - which is simply not true when running with KVM on POWER. And when using the 'query-cpu-definitions' QMP call, there are currently two entries for "POWER8", one for the alias, and one for the additional registered type. To solve the two problems, we should rather update the "family" alias instead of registering a new types. We then only have one "POWER8" CPU definition around, an alias, which also points to the right destination. Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1396536 Signed-off-by: Thomas Huth <thuth@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-02-02target/ppc/mmu_hash64: Fix incorrect shift value in amr calculationSuraj Jitindar Singh1-1/+1
We are calculating the authority mask register key value wrong. The pte entry contains the key value with the two upper bits and the three lower bits stored separately. We should use these two portions to get a 5 bit value, not or them together which will only give us a 3 bit value. Fix this. Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-02-02target/ppc/mmu_hash64: Fix printing unsigned as signed intSuraj Jitindar Singh1-2/+2
We were printing an unsigned value as a signed value, fix this. Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-02-02tcg/POWER9: NOOP the cp_abort instructionSuraj Jitindar Singh1-0/+5
The cp_abort instruction is used to remove the state of an in progress copy paste sequence. POWER9 compilers add this in various places, such as context switches which causes illegal instruction signals since we don't yet implement this instruction. Given there is no implementation of the copy paste facility and that we don't claim to support it, we can just noop this instruction. Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-02-02target/ppc/debug: Print LPCR register value if register existsSuraj Jitindar Singh1-0/+3
It can be useful when debugging to print the LPCR value. Thus we add the LPCR to the "info registers" output if the register had been defined. Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-02-02target-ppc: Add xststdc[sp, dp, qp] instructionsNikunj A Dadhania5-8/+69
xststdcsp: VSX Scalar Test Data Class Single-Precision xststdcdp: VSX Scalar Test Data Class Double-Precision xststdcqp: VSX Scalar Test Data Class Quad-Precision Signed-off-by: Nikunj A Dadhania <nikunj@linux.vnet.ibm.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>