aboutsummaryrefslogtreecommitdiff
path: root/hw/char
AgeCommit message (Collapse)AuthorFilesLines
2016-04-19cadence_uart: bounds check write offsetMichael S. Tsirkin1-0/+3
cadence_uart_init() initializes an I/O memory region of size 0x1000 bytes. However in uart_write(), the 'offset' parameter (offset within region) is divided by 4 and then used to index the array 'r' of size CADENCE_UART_R_MAX which is much smaller: (0x48/4). If 'offset>>=2' exceeds CADENCE_UART_R_MAX, this will cause an out-of-bounds memory write where the offset and the value are controlled by guest. This will corrupt QEMU memory, in most situations this causes the vm to crash. Fix by checking the offset against the array size. Cc: qemu-stable@nongnu.org Reported-by: 李强 <liqiang6-s@360.cn> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@xilinx.com> Message-id: 20160418100735.GA517@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-03-22Replaced get_tick_per_sec() by NANOSECONDS_PER_SECONDRutuja Shah2-6/+8
This patch replaces get_ticks_per_sec() calls with the macro NANOSECONDS_PER_SECOND. Also, as there are no callers, get_ticks_per_sec() is then removed. This replacement improves the readability and understandability of code. For example, timer_mod(fdctrl->result_timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + (get_ticks_per_sec() / 50)); NANOSECONDS_PER_SECOND makes it obvious that qemu_clock_get_ns matches the unit of the expression on the right side of the plus. Signed-off-by: Rutuja Shah <rutu.shah.26@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-03-22hw: explicitly include qemu-common.h and cpu.hPaolo Bonzini1-0/+2
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-03-22include/qemu/osdep.h: Don't include qapi/error.hMarkus Armbruster7-0/+7
Commit 57cb38b included qapi/error.h into qemu/osdep.h to get the Error typedef. Since then, we've moved to include qemu/osdep.h everywhere. Its file comment explains: "To avoid getting into possible circular include dependencies, this file should not include any other QEMU headers, with the exceptions of config-host.h, compiler.h, os-posix.h and os-win32.h, all of which are doing a similar job to this file and are under similar constraints." qapi/error.h doesn't do a similar job, and it doesn't adhere to similar constraints: it includes qapi-types.h. That's in excess of 100KiB of crap most .c files don't actually need. Add the typedef to qemu/typedefs.h, and include that instead of qapi/error.h. Include qapi/error.h in .c files that need it and don't get it now. Include qapi-types.h in qom/object.h for uint16List. Update scripts/clean-includes accordingly. Update it further to match reality: replace config.h by config-target.h, add sysemu/os-posix.h, sysemu/os-win32.h. Update the list of includes in the qemu/osdep.h comment quoted above similarly. This reduces the number of objects depending on qapi/error.h from "all of them" to less than a third. Unfortunately, the number depending on qapi-types.h shrinks only a little. More work is needed for that one. Signed-off-by: Markus Armbruster <armbru@redhat.com> [Fix compilation without the spice devel packages. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-03-18qapi: Don't special-case simple union wrappersEric Blake1-1/+1
Simple unions were carrying a special case that hid their 'data' QMP member from the resulting C struct, via the hack method QAPISchemaObjectTypeVariant.simple_union_type(). But by using the work we started by unboxing flat union and alternate branches, coupled with the ability to visit the members of an implicit type, we can now expose the simple union's implicit type in qapi-types.h: | struct q_obj_ImageInfoSpecificQCow2_wrapper { | ImageInfoSpecificQCow2 *data; | }; | | struct q_obj_ImageInfoSpecificVmdk_wrapper { | ImageInfoSpecificVmdk *data; | }; ... | struct ImageInfoSpecific { | ImageInfoSpecificKind type; | union { /* union tag is @type */ | void *data; |- ImageInfoSpecificQCow2 *qcow2; |- ImageInfoSpecificVmdk *vmdk; |+ q_obj_ImageInfoSpecificQCow2_wrapper qcow2; |+ q_obj_ImageInfoSpecificVmdk_wrapper vmdk; | } u; | }; Doing this removes asymmetry between QAPI's QMP side and its C side (both sides now expose 'data'), and means that the treatment of a simple union as sugar for a flat union is now equivalent in both languages (previously the two approaches used a different layer of dereferencing, where the simple union could be converted to a flat union with equivalent C layout but different {} on the wire, or to an equivalent QMP wire form but with different C representation). Using the implicit type also lets us get rid of the simple_union_type() hack. Of course, now all clients of simple unions have to adjust from using su->u.member to using su->u.member.data; while this touches a number of files in the tree, some earlier cleanup patches helped minimize the change to the initialization of a temporary variable rather than every single member access. The generated qapi-visit.c code is also affected by the layout change: |@@ -7393,10 +7393,10 @@ void visit_type_ImageInfoSpecific_member | } | switch (obj->type) { | case IMAGE_INFO_SPECIFIC_KIND_QCOW2: |- visit_type_ImageInfoSpecificQCow2(v, "data", &obj->u.qcow2, &err); |+ visit_type_q_obj_ImageInfoSpecificQCow2_wrapper_members(v, &obj->u.qcow2, &err); | break; | case IMAGE_INFO_SPECIFIC_KIND_VMDK: |- visit_type_ImageInfoSpecificVmdk(v, "data", &obj->u.vmdk, &err); |+ visit_type_q_obj_ImageInfoSpecificVmdk_wrapper_members(v, &obj->u.vmdk, &err); | break; | default: | abort(); Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1458254921-17042-13-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-03-16bcm2835_aux: add emulation of BCM2835 AUX (aka UART1) blockAndrew Baumann2-0/+317
At present only the core UART functions (data path for tx/rx) are implemented, which is enough for UEFI to boot. The following features/registers are unimplemented: * Line/modem control * Scratch register * Extra control * Baudrate * SPI interfaces Signed-off-by: Andrew Baumann <Andrew.Baumann@microsoft.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1457467526-8840-3-git-send-email-Andrew.Baumann@microsoft.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-03-05ui: Shorten references into InputEventEric Blake1-5/+7
An upcoming patch will alter how simple unions, like InputEvent, are laid out, which will impact all lines of the form 'evt->u.XXX' (expanding it to the longer 'evt->u.XXX.data'). For better legibility in that patch, and less need for line wrapping, it's better to use a temporary variable to reduce the effect of a layout change to just the variable initializations, rather than every reference within an InputEvent. There was one instance in hid.c:hid_pointer_event() where the code was referring to evt->u.rel inside the case label where evt->u.abs is the correct name; thankfully, both members of the union have the same type, so it happened to work, but it is now cleaner. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1457021813-10704-8-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-02-06virtio: introduce qemu_get/put_virtqueue_elementPaolo Bonzini1-7/+3
Move allocation to virtio functions also when loading/saving a VirtQueueElement. This will also let the load/save functions keep backwards compatibility when the VirtQueueElement layout is changed. Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-02-06virtio: move allocation to virtqueue_pop/vring_popPaolo Bonzini1-30/+50
The return code of virtqueue_pop/vring_pop is unused except to check for errors or 0. We can thus easily move allocation inside the functions and just return a pointer to the VirtQueueElement. The advantage is that we will be able to allocate only the space that is needed for the actual size of the s/g list instead of the full VIRTQUEUE_MAX_SIZE items. Currently VirtQueueElement takes about 48K of memory, and this kind of allocation puts a lot of stress on malloc. By cutting the size by two or three orders of magnitude, malloc can use much more efficient algorithms. The patch is pretty large, but changes to each device are testable more or less independently. Splitting it would mostly add churn. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2016-01-29hw: Clean up includesPeter Maydell5-0/+5
Clean up includes so that osdep.h is included first and headers which it implies are not included manually. This commit was created with scripts/clean-includes. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1453832250-766-38-git-send-email-peter.maydell@linaro.org
2016-01-29arm devices: Clean up includesPeter Maydell3-0/+3
Clean up includes so that osdep.h is included first and headers which it implies are not included manually. This commit was created with scripts/clean-includes. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1453832250-766-36-git-send-email-peter.maydell@linaro.org
2016-01-29virtio: Clean up includesPeter Maydell2-0/+2
Clean up includes so that osdep.h is included first and headers which it implies are not included manually. This commit was created with scripts/clean-includes. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1453832250-766-15-git-send-email-peter.maydell@linaro.org
2016-01-29xen: Clean up includesPeter Maydell1-6/+1
Clean up includes so that osdep.h is included first and headers which it implies are not included manually. This commit was created with scripts/clean-includes. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1453832250-766-14-git-send-email-peter.maydell@linaro.org
2016-01-29arm: Clean up includesPeter Maydell5-0/+5
Clean up includes so that osdep.h is included first and headers which it implies are not included manually. This commit was created with scripts/clean-includes. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1453832250-766-13-git-send-email-peter.maydell@linaro.org
2016-01-29x86: Clean up includesPeter Maydell5-0/+5
Clean up includes so that osdep.h is included first and headers which it implies are not included manually. This commit was created with scripts/clean-includes. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1453832250-766-11-git-send-email-peter.maydell@linaro.org
2016-01-29s390: Clean up includesPeter Maydell2-0/+2
Clean up includes so that osdep.h is included first and headers which it implies are not included manually. This commit was created with scripts/clean-includes. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com> Message-id: 1453832250-766-8-git-send-email-peter.maydell@linaro.org
2016-01-29sparc: Clean up includesPeter Maydell1-0/+1
Clean up includes so that osdep.h is included first and headers which it implies are not included manually. This commit was created with scripts/clean-includes. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1453832250-766-7-git-send-email-peter.maydell@linaro.org
2016-01-29ppc: Clean up includesPeter Maydell1-0/+1
Clean up includes so that osdep.h is included first and headers which it implies are not included manually. This commit was created with scripts/clean-includes. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1453832250-766-6-git-send-email-peter.maydell@linaro.org
2016-01-29lm32: Clean up includesPeter Maydell3-0/+3
Clean up includes so that osdep.h is included first and headers which it implies are not included manually. This commit was created with scripts/clean-includes. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1453832250-766-5-git-send-email-peter.maydell@linaro.org
2016-01-26xen: Switch uses of xc_map_foreign_{pages,bulk} to use libxenforeignmemory API.Ian Campbell1-4/+4
In Xen 4.7 we are refactoring parts libxenctrl into a number of separate libraries which will provide backward and forward API and ABI compatiblity. One such library will be libxenforeignmemory which provides access to privileged foreign mappings and which will provide an interface equivalent to xc_map_foreign_{pages,bulk}. The new xenforeignmemory_map() function behaves like xc_map_foreign_pages() when the err argument is NULL and like xc_map_foreign_bulk() when err is non-NULL, which maps into the shim here onto checking err == NULL and calling the appropriate old function. Note that xenforeignmemory_map() takes the number of pages before the arrays themselves, in order to support potentially future use of variable-length-arrays in the prototype (in the future, when Xen's baseline toolchain requirements are new enough to ensure VLAs are supported). In preparation for adding support for libxenforeignmemory add support to the <=4.0 and <=4.6 compat code in xen_common.h to allow us to switch to using the new API. These shims will disappear for versions of Xen which include libxenforeignmemory. Since libxenforeignmemory will have its own handle type but for <= 4.6 the functionality is provided by using a libxenctrl handle we introduce a new global xen_fmem alongside the existing xen_xc. In fact we make xen_fmem a pointer to the existing xen_xc, which then works correctly with both <=4.0 (xc handle is an int) and <=4.6 (xc handle is a pointer). In the latter case xen_fmem is actually a double indirect pointer, but it all falls out in the wash. Unlike libxenctrl libxenforeignmemory has an explicit unmap function, rather than just specifying that munmap should be used, so the unmap paths are updated to use xenforeignmemory_unmap, which is a shim for munmap on these versions of xen. The mappings in xen-hvm.c do not appear to be unmapped (which makes sense for a qemu-dm process) In fb_disconnect this results in a change from simply mmap over the existing mapping (with an implicit munmap) to expliclty unmapping with xenforeignmemory_unmap and then mapping the required anonymous memory in the same hole. I don't think this is a problem since any other thread which was racily touching this region would already be running the risk of hitting the mapping halfway through the call. If this is thought to be a problem then we could consider adding an extra API to the libxenforeignmemory interface to replace a foreign mapping with anonymous shared memory, but I'd prefer not to. Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2016-01-26xen: Switch uses of xc_map_foreign_range into xc_map_foreign_pagesIan Campbell1-4/+4
In Xen 4.7 we are refactoring parts libxenctrl into a number of separate libraries which will provide backward and forward API and ABI compatiblity. One such library will be libxenforeignmemory which provides access to privileged foreign mappings and which will provide an interface equivalent to xc_map_foreign_{pages,bulk}. In preparation for this switch all uses of xc_map_foreign_range to xc_map_foreign_pages. This is trivial because size was always XC_PAGE_SIZE so the necessary adjustments are trivial: * Pass &mfn (an array of length 1) instead of mfn. The function takes a pointer to const, so there is no possibily of mfn changing due to this change. * Pass nr_pages=1 instead of size=XC_PAGE_SIZE There is one wrinkle in xen_console.c:con_initialise() where con->ring_ref is an int but can in some code paths (when !xendev->dev) be treated as an mfn. I think this is an existing latent truncation hazard on platforms where xen_pfn_t is 64-bit and int is 32-bit (e.g. amd64, both arm* variants). I'm unsure under what circumstances xendev->dev can be NULL or if anything elsewhere ensures the value fits into an int. For now I just use a temporary xen_pfn_t to in effect upcast the pointer from int* to xen_pfn_t*. In xenfb.c:common_bind we now explicitly launder the mfn into a xen_pfn_t, so it has the correct type to be passed to xc_map_foreign_pages and doesn't provoke warnings on 32-bit x86. Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2016-01-26xen: Switch to libxengnttab interface for compat shims.Ian Campbell1-2/+2
In Xen 4.7 we are refactoring parts libxenctrl into a number of separate libraries which will provide backward and forward API and ABI compatiblity. One such library will be libxengnttab which provides access to grant tables. In preparation for this switch the compatibility layer in xen_common.h (which support building with older versions of Xen) to use what will be the new library API. This means that the gnttab shim will disappear for versions of Xen which include libxengnttab. To simplify things for the <= 4.0.0 support we wrap the int fd in a malloc(sizeof int) such that the handle is always a pointer. This leads to less typedef headaches and the need for XC_HANDLER_INITIAL_VALUE etc for these interfaces. Note that this patch does not add any support for actually using libxengnttab, it just adjusts the existing shims. Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2016-01-26xen_console: correctly cleanup primary console on teardown.Ian Campbell1-5/+2
All of the work in con_disconnect applies to the primary console case (when xendev->dev is NULL). Therefore remove the early check and bail and allow it to fall through. All of the existing code is correctly conditional already. The ->dev and ->gnttabdev handles are either both set or neither. For consistency with con_initialise() with to the former here too. With this con_initialise and con_disconnect now mirror each other. Fix up a hard tab in the function while editing. Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2016-01-14Merge remote-tracking branch 'remotes/armbru/tags/pull-error-2016-01-13' ↵Peter Maydell2-15/+8
into staging Error reporting patches for 2016-01-13 # gpg: Signature made Wed 13 Jan 2016 14:21:48 GMT using RSA key ID EB918653 # gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" # gpg: aka "Markus Armbruster <armbru@pond.sub.org>" * remotes/armbru/tags/pull-error-2016-01-13: (41 commits) checkpatch: Detect newlines in error_report and other error functions error: Consistently name Error * objects err, and not errp s390/sclp: Simplify control flow in sclp_realize() hw/s390x: Rename local variables Error *l_err to just err error: Clean up errors with embedded newlines (again) vhdx: Fix "log that needs to be replayed" error message pci-assign: Clean up "Failed to assign" error messages vmdk: Clean up "Invalid extent lines" error message vmdk: Clean up control flow in vmdk_parse_extents() a bit error: Strip trailing '\n' from error string arguments (again) qemu-io qemu-nbd: Use error_report() etc. instead of fprintf() migration: Use error_reportf_err() instead of monitor_printf() spapr: Use error_reportf_err() error: Use error_prepend() where it makes obvious sense error: Use error_reportf_err() where it makes obvious sense error: Don't decorate original error message when adding to it error: New error_prepend(), error_reportf_err() test-throttle: Simplify qemu_init_main_loop() error handling qemu-nbd: Clean up "Failed to load snapshot" error message block: Clean up "Could not create temporary overlay" error message ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-01-13hw: Don't use hw_error() for machine initialization errorsMarkus Armbruster1-3/+6
Printing CPU registers is not helpful during machine initialization. Moreover, these are straightforward configuration or "can get resources" errors, so dumping core isn't appropriate either. Replace hw_error() by error_report(); exit(1). Matches how we report these errors in other machine initializations. Cc: Richard Henderson <rth@twiddle.net> Cc: qemu-arm@nongnu.org Cc: qemu-ppc@nongnu.org Cc: Guan Xuetao <gxt@mprc.pku.edu.cn> Signed-off-by: Markus Armbruster <armbru@pond.sub.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Message-Id: <1450370121-5768-2-git-send-email-armbru@redhat.com> Reviewed-by: Richard Henderson <rth@twiddle.net>
2016-01-13Use error_fatal to simplify obvious fatal errorsMarkus Armbruster1-12/+2
Done with this Coccinelle semantic patch: @@ type T; identifier FUN, RET; expression list ARGS; expression ERR, EC; @@ ( - T RET = FUN(ARGS, &ERR); + T RET = FUN(ARGS, &error_fatal); | - RET = FUN(ARGS, &ERR); + RET = FUN(ARGS, &error_fatal); | - FUN(ARGS, &ERR); + FUN(ARGS, &error_fatal); ) - if (ERR != NULL) { - error_report_err(ERR); - exit(EC); - } This is actually a more elegant version of my initial semantic patch by courtesy of Eduardo. It leaves dead Error * variables behind, cleaned up manually. Cc: qemu-arm@nongnu.org Cc: "Michael S. Tsirkin" <mst@redhat.com> Cc: Eduardo Habkost <ehabkost@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
2016-01-13virtio serial port: fix to incomplete QOMifyCao jin1-1/+1
Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com> Message-Id: <1452068575-21543-1-git-send-email-caoj.fnst@cn.fujitsu.com> Reviewed-by: Amit Shah <amit.shah@redhat.com> Signed-off-by: Amit Shah <amit.shah@redhat.com>
2015-12-17cris: avoid "naked" qemu_logPaolo Bonzini1-1/+1
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-12-17qapi: Don't let implicit enum MAX member collideEric Blake1-1/+1
Now that we guarantee the user doesn't have any enum values beginning with a single underscore, we can use that for our own purposes. Renaming ENUM_MAX to ENUM__MAX makes it obvious that the sentinel is generated. This patch was mostly generated by applying a temporary patch: |diff --git a/scripts/qapi.py b/scripts/qapi.py |index e6d014b..b862ec9 100644 |--- a/scripts/qapi.py |+++ b/scripts/qapi.py |@@ -1570,6 +1570,7 @@ const char *const %(c_name)s_lookup[] = { | max_index = c_enum_const(name, 'MAX', prefix) | ret += mcgen(''' | [%(max_index)s] = NULL, |+// %(max_index)s | }; | ''', | max_index=max_index) then running: $ cat qapi-{types,event}.c tests/test-qapi-types.c | sed -n 's,^// \(.*\)MAX,s|\1MAX|\1_MAX|g,p' > list $ git grep -l _MAX | xargs sed -i -f list The only things not generated are the changes in scripts/qapi.py. Rejecting enum members named 'MAX' is now useless, and will be dropped in the next patch. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1447836791-369-23-git-send-email-eblake@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> [Rebased to current master, commit message tweaked] Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-11-02input: Convert to new qapi union layoutEric Blake1-6/+6
We have two issues with our qapi union layout: 1) Even though the QMP wire format spells the tag 'type', the C code spells it 'kind', requiring some hacks in the generator. 2) The C struct uses an anonymous union, which places all tag values in the same namespace as all non-variant members. This leads to spurious collisions if a tag value matches a non-variant member's name. Make the conversion to the new layout for input-related code. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1445898903-12082-20-git-send-email-eblake@redhat.com> [Commit message tweaked slightly] Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-10-29virtio-serial: convert to virtio_mapMichael S. Tsirkin1-4/+1
This also fixes a minor bug: - virtqueue_map_sg(port->elem.out_sg, port->elem.out_addr, - port->elem.out_num, 1); is wrong: out_sg is not written so should not be marked dirty. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com>
2015-10-27i.MX: Standardize i.MX serial debug.Jean-Christophe Dubois1-26/+24
The goal is to have debug code always compiled during build. We standardize all debug output on the following format: [QOM_TYPE_NAME]reporting_function: debug message We also replace IPRINTF with qemu_log_mask(). The qemu_log_mask() output is following the same format as the above debug. Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com> Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net> Message-id: 47b8759b251d356c633faf7ea34f897f340aea4e.1445781957.git.jcd@tribudubois.net [PMM: Drop attempt to print the ram_addr of a memory region in one DPRINTF, which (a) was using the wrong format string so didn't build on 32-bit and (b) was incorrectly looking at a private field of a MemoryRegion struct] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-10-23escc: add to input categoryLaurent Vivier1-0/+1
ESCC is a serial port controller, so add it to the input category. Signed-off-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2015-10-08hw: char: Remove unnecessary variableShraddha Barke1-3/+1
Compress lines and remove the variable. Signed-off-by: Shraddha Barke <shraddha.6596@gmail.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-10-08imx_serial: Generate interrupt on tx empty if enabledGuenter Roeck1-1/+3
Generate an interrupt if the tx buffer is empty and the tx empty interrupt is enabled. This fixes a problem seen when running a Linux image since Linux commit 55c3cb1358e ("serial: imx: remove unneeded imx_transmit_buffer() from imx_start_tx()"). Linux now waits for the tx empty interrupt before starting to send data, causing transmit stalls until there is an interrupt for another reason. Signed-off-by: Guenter Roeck <linux@roeck-us.net> Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-09-11maint: avoid useless "if (foo) free(foo)" patternMarkus Armbruster1-4/+2
My Coccinelle semantic patch finds a few more, because it also fixes up the equally pointless conditional if (foo) { free(foo); foo = NULL; } Result (feel free to squash it into your patch): Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-09-10virtio: avoid leading underscores for helpersCornelia Huck1-1/+1
Commit ef546f1275f6563e8934dd5e338d29d9f9909ca6 ("virtio: add feature checking helpers") introduced a helper __virtio_has_feature. We don't want to use reserved identifiers, though, so let's rename __virtio_has_feature to virtio_has_feature and virtio_has_feature to virtio_vdev_has_feature. Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-09-07i.MX: KZM: use standalone i.MX31 SOC supportJean-Christophe Dubois1-35/+0
Convert the KZM board to use the i.MX31 SoC defintition instead of redefining the entire SoC on the machine level. Major rewrite of the machine init code. While touching the memory map comment de-indent to the correct level of indentation. This obsoletes the legacy i.MX device device creation helpers which are removed. Tested by booting a minimal Linux system on the emulated platform Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net> Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com> Message-id: 5e783561f092e1c939562fdff001f1ab1194b07f.1441057361.git.jcd@tribudubois.net Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-09-07arm: Use g_new() & friends where that makes obvious senseMarkus Armbruster1-2/+1
g_new(T, n) is neater than g_malloc(sizeof(T) * n). It's also safer, for two reasons. One, it catches multiplication overflowing size_t. Two, it returns T * rather than void *, which lets the compiler catch more type errors. This commit only touches allocations with size arguments of the form sizeof(T). Coccinelle semantic patch: @@ type T; @@ -g_malloc(sizeof(T)) +g_new(T, 1) @@ type T; @@ -g_try_malloc(sizeof(T)) +g_try_new(T, 1) @@ type T; @@ -g_malloc0(sizeof(T)) +g_new0(T, 1) @@ type T; @@ -g_try_malloc0(sizeof(T)) +g_try_new0(T, 1) @@ type T; expression n; @@ -g_malloc(sizeof(T) * (n)) +g_new(T, n) @@ type T; expression n; @@ -g_try_malloc(sizeof(T) * (n)) +g_try_new(T, n) @@ type T; expression n; @@ -g_malloc0(sizeof(T) * (n)) +g_new0(T, n) @@ type T; expression n; @@ -g_try_malloc0(sizeof(T) * (n)) +g_try_new0(T, n) @@ type T; expression p, n; @@ -g_realloc(p, sizeof(T) * (n)) +g_renew(T, p, n) @@ type T; expression p, n; @@ -g_try_realloc(p, sizeof(T) * (n)) +g_try_renew(T, p, n) @@ type T; expression n; @@ -(T *)g_new(T, n) +g_new(T, n) @@ type T; expression n; @@ -(T *)g_new0(T, n) +g_new0(T, n) @@ type T; expression p, n; @@ -(T *)g_renew(T, p, n) +g_renew(T, p, n) Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Message-id: 1440524394-15640-1-git-send-email-armbru@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-08-18Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell1-1/+1
* SCSI fixes from Stefan and Fam * vhost-scsi fix from Igor and Lu Lina * a build system fix from Daniel * two more multi-arch-related patches from Peter C. * TCG patches from myself and Sergey Fedorov * RCU improvement from Wen Congyang * a few more simple cleanups # gpg: Signature made Fri 14 Aug 2015 22:41:52 BST using RSA key ID 78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" # gpg: WARNING: This key is not certified with sufficiently trusted signatures! # gpg: It is not certain that the signature belongs to the owner. # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini/tags/for-upstream: disas: Defeature print_target_address hw: fix mask for ColdFire UART command register scsi-generic: identify AIO callbacks more clearly scsi-disk: identify AIO callbacks more clearly scsi: create restart bottom half in the right AioContext configure: only add CONFIG_RDMA to config-host.h once qemu-nbd: remove unnecessary qemu_notify_event() vhost-scsi: Clarify vhost_virtqueue_mask argument exec: use macro ROUND_UP for alignment rcu: Allow calling rcu_(un)register_thread() during synchronize_rcu() exec: drop cpu_can_do_io, just read cpu->can_do_io cpu_defs: Simplify CPUTLB padding logic cpu-exec: Do not invalidate original TB in cpu_exec_nocache() vhost/scsi: call vhost_dev_cleanup() at unrealize() time virtio-scsi-test: Add test case for tail unaligned WRITE SAME scsi-disk: Fix assertion failure on WRITE SAME tests: virtio-scsi: clear unit attention after reset scsi-disk: fix cmd.mode field typo virtio-scsi: use virtqueue_map_sg() when loading requests Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-08-14hw: fix mask for ColdFire UART command registerPaolo Bonzini1-1/+1
The "miscellaneous commands" part of the register is 3 bits wide. Spotted by Coverity and confirmed in the datasheet, downloadable from http://cache.freescale.com/files/32bit/doc/ref_manual/MCF5307BUM.pdf (figure 14-6). Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-08-13i.MX: Fix UART driver to work with unitialized "chardev" deviceJean-Christophe Dubois1-2/+6
The "chardev" property initialization might have failed (for example because there are not enough chardevs provided by QEMU). The serial device emulator needs to be able to work with an uninitialized (NULL) chardev device pointer. This patch adds some missing tests on the chr pointer value before using it. Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net> Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Message-id: 1438342461-18967-1-git-send-email-jcd@tribudubois.net Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-08-13i.MX:Fix Coding style for UART emulator.Jean-Christophe Dubois1-17/+17
Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net> Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com> Message-id: 23ab872b7cd30b1399384fb26a2ebb75e9761d7b.1437080501.git.jcd@tribudubois.net Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-08-13i.MX: Move serial initialization to init/realize of DeviceClass.Jean-Christophe Dubois1-16/+19
Move constructor to DeviceClass methods * imx_serial_init * imx_serial_realize imx32_serial_properties is renamed to imx_serial_properties. Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net> Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com> Message-id: 6854bd75e2b5af312e04e760587e249dbaff807f.1437080501.git.jcd@tribudubois.net Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-08-13i.MX: Split UART emulator in a header file and a source fileJean-Christophe Dubois1-80/+2
Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net> Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Message-id: a51ef50fa222a614169056d5389a6d3ed6a63b04.1437080501.git.jcd@tribudubois.net Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-07-27virtio: get_features() can failJason Wang1-1/+2
Signed-off-by: Jason Wang <jasowang@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Acked-by: Paolo Bonzini <pbonzini@redhat.com>
2015-07-27virtio-serial: fix ANY_LAYOUTMichael S. Tsirkin1-1/+2
Don't assume a specific layout for control messages. Required by virtio 1. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Amit Shah <amit.shah@redhat.com> Reviewed-by: Jason Wang <jasowang@redhat.com>
2015-07-07spapr-vty: Use TYPE_ definition instead of hardcodingDavid Gibson1-1/+1
There's a call to object_dynamic_cast() in spapr_vty which uses the type name "spapr-vty" directly, instead of the usual idiom of using the #defined TYPE_VIO_SPAPR_VTY_DEVICE. Fix it. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-07-07spapr_vty: lookup should only return valid VTY objectsDavid Gibson1-0/+4
If a guest passes the reg property of a valid VIO object that is not a VTY to either H_GET_TERM_CHAR or H_PUT_TERM_CHAR, QEMU hits a dynamic cast assertion and aborts. PAPR+ says "Hypervisor checks the termno parameter for validity against the Vterm IOA unit addresses assigned to the partition, else return H_Parameter." This patch adds a type check to ensure vty_lookup() either returns a pointer to a valid VTY object or NULL. H_GET_TERM_CHAR and H_PUT_TERM_CHAR will now return H_PARAMETER to the guest instead of crashing. The patch has no effect on the reg == 0 hack used to implement the RTAS call display-character. Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-07-07spapr: Merge sPAPREnvironment into sPAPRMachineStateDavid Gibson1-3/+3
The code for -machine pseries maintains a global sPAPREnvironment structure which keeps track of general state information about the guest platform. This predates the existence of the MachineState structure, but performs basically the same function. Now that we have the generic MachineState, fold sPAPREnvironment into sPAPRMachineState, the pseries specific subclass of MachineState. This is mostly a matter of search and replace, although a few places which relied on the global spapr variable are changed to find the structure via qdev_get_machine(). Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>