aboutsummaryrefslogtreecommitdiff
path: root/hw
AgeCommit message (Collapse)AuthorFilesLines
2021-01-25Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into ↵Peter Maydell7-26/+33
staging # gpg: Signature made Mon 25 Jan 2021 09:05:51 GMT # gpg: using RSA key EF04965B398D6211 # gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>" [marginal] # gpg: WARNING: This key is not certified with sufficiently trusted signatures! # gpg: It is not certain that the signature belongs to the owner. # Primary key fingerprint: 215D 46F4 8246 689E C77F 3562 EF04 965B 398D 6211 * remotes/jasowang/tags/net-pull-request: net: checksum: Introduce fine control over checksum type net: checksum: Add IP header checksum calculation net: checksum: Skip fragmented IP packets net: Fix handling of id in netdev_add and netdev_del Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-01-25Merge remote-tracking branch ↵Peter Maydell3-50/+63
'remotes/gkurz-gitlab/tags/9p-next-pull-request' into staging This fixes a Coverity report and improves the fid reclaim logic. # gpg: Signature made Mon 25 Jan 2021 09:37:28 GMT # gpg: using RSA key B4828BAF943140CEF2A3491071D4D5E5822F73D6 # gpg: Good signature from "Greg Kurz <groug@kaod.org>" [full] # gpg: aka "Gregory Kurz <gregory.kurz@free.fr>" [full] # gpg: aka "[jpeg image of size 3330]" [full] # Primary key fingerprint: B482 8BAF 9431 40CE F2A3 4910 71D4 D5E5 822F 73D6 * remotes/gkurz-gitlab/tags/9p-next-pull-request: 9pfs: Convert reclaim list to QSLIST 9pfs: Improve unreclaim loop 9pfs: Convert V9fsFidState::fid_list to QSIMPLEQ 9pfs: Convert V9fsFidState::clunked to bool 9pfs/proxy: Check return value of proxy_marshal() Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-01-25Merge remote-tracking branch 'remotes/philmd-gitlab/tags/sdmmc-20210124' ↵Peter Maydell2-38/+47
into staging SD/MMC patches - Various improvements for SD cards in SPI mode (Bin Meng) # gpg: Signature made Sun 24 Jan 2021 19:16:55 GMT # gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE # gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full] # Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE * remotes/philmd-gitlab/tags/sdmmc-20210124: hw/sd: sd.h: Cosmetic change of using spaces hw/sd: ssi-sd: Use macros for the dummy value and tokens in the transfer hw/sd: ssi-sd: Fix the wrong command index for STOP_TRANSMISSION hw/sd: ssi-sd: Add a state representing Nac hw/sd: ssi-sd: Suffix a data block with CRC16 util: Add CRC16 (CCITT) calculation routines hw/sd: sd: Drop sd_crc16() hw/sd: sd: Support CMD59 for SPI mode hw/sd: ssi-sd: Fix incorrect card response sequence Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-01-25net: checksum: Introduce fine control over checksum typeBin Meng7-26/+33
At present net_checksum_calculate() blindly calculates all types of checksums (IP, TCP, UDP). Some NICs may have a per type setting in their BDs to control what checksum should be offloaded. To support such hardware behavior, introduce a 'csum_flag' parameter to the net_checksum_calculate() API to allow fine control over what type checksum is calculated. Existing users of this API are updated accordingly. Signed-off-by: Bin Meng <bin.meng@windriver.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2021-01-24hw/sd: ssi-sd: Use macros for the dummy value and tokens in the transferBin Meng1-10/+16
At present the codes use hardcoded numbers (0xff/0xfe) for the dummy value and block start token. Replace them with macros. Signed-off-by: Bin Meng <bin.meng@windriver.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20210123104016.17485-12-bmeng.cn@gmail.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-01-24hw/sd: ssi-sd: Fix the wrong command index for STOP_TRANSMISSIONBin Meng1-1/+1
This fixes the wrong command index for STOP_TRANSMISSION, the required command to interrupt the multiple block read command, in the old codes. It should be CMD12 (0x4c), not CMD13 (0x4d). Fixes: 775616c3ae8c ("Partial SD card SPI mode support") Signed-off-by: Bin Meng <bin.meng@windriver.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20210123104016.17485-10-bmeng.cn@gmail.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-01-24hw/sd: ssi-sd: Add a state representing NacBin Meng1-2/+7
Per the "Physical Layer Specification Version 8.00" chapter 7.5.2, "Data Read", there is a minimum 8 clock cycles (Nac) after the card response and before data block shows up on the data out line. This applies to both single and multiple block read operations. Current implementation of single block read already satisfies the timing requirement as in the RESPONSE state after all responses are transferred the state remains unchanged. In the next 8 clock cycles it jumps to DATA_START state if data is ready. However we need an explicit state when expanding our support to multiple block read in the future. Let's add a new state PREP_DATA explicitly in the ssi-sd state machine to represent Nac. Note we don't change the single block read state machine to let it jump from RESPONSE state to DATA_START state as that effectively generates a 16 clock cycles Nac, which might not be safe. As the spec says the maximum Nac shall be calculated from several fields encoded in the CSD register, we don't want to bother updating CSD to ensure our Nac is within range to complicate things. Signed-off-by: Bin Meng <bin.meng@windriver.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20210123104016.17485-9-bmeng.cn@gmail.com> [PMD: Change VMState version id 4 -> 5] Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-01-24hw/sd: ssi-sd: Suffix a data block with CRC16Bin Meng1-3/+20
Per the SD spec, a valid data block is suffixed with a 16-bit CRC generated by the standard CCITT polynomial x16+x12+x5+1. This part is currently missing in the ssi-sd state machine. Without it, all data block transfer fails in guest software because the expected CRC16 is missing on the data out line. Fixes: 775616c3ae8c ("Partial SD card SPI mode support") Signed-off-by: Bin Meng <bin.meng@windriver.com> Acked-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20210123104016.17485-8-bmeng.cn@gmail.com> [PMD: Change VMState version id 3 -> 4, check s->mode validity in post_load()] Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-01-24hw/sd: sd: Drop sd_crc16()Bin Meng1-18/+0
commit f6fb1f9b319f ("sdcard: Correct CRC16 offset in sd_function_switch()") changed the 16-bit CRC to be stored at offset 64. In fact, this CRC calculation is completely wrong. From the original codes, it wants to calculate the CRC16 of the first 64 bytes of sd->data[], however passing 64 as the `width` to sd_crc16() actually counts 256 bytes starting from the `message` for the CRC16 calculation, which is not what we want. Besides that, it seems existing sd_crc16() algorithm does not match the SD spec, which says CRC16 is the CCITT one but the calculation does not produce expected result. It turns out the CRC16 was never transferred outside the sd core, as in sd_read_byte() we see: if (sd->data_offset >= 64) sd->state = sd_transfer_state; Given above reasons, let's drop it. Signed-off-by: Bin Meng <bin.meng@windriver.com> Tested-by: Pragnesh Patel <pragnesh.patel@sifive.com> Reviewed-by: Pragnesh Patel <pragnesh.patel@sifive.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20210123104016.17485-6-bmeng.cn@gmail.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-01-24hw/sd: sd: Support CMD59 for SPI modeBin Meng1-7/+1
After the card is put into SPI mode, CRC check for all commands including CMD0 will be done according to CMD59 setting. But this command is currently unimplemented. Simply allow the decoding of CMD59, but the CRC remains unchecked. Signed-off-by: Bin Meng <bin.meng@windriver.com> Tested-by: Pragnesh Patel <pragnesh.patel@sifive.com> Reviewed-by: Pragnesh Patel <pragnesh.patel@sifive.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20210123104016.17485-5-bmeng.cn@gmail.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-01-24hw/sd: ssi-sd: Fix incorrect card response sequenceBin Meng1-3/+8
Per the "Physical Layer Specification Version 8.00" chapter 7.5.1, "Command/Response", there is a minimum 8 clock cycles (Ncr) before the card response shows up on the data out line. However current implementation jumps directly to the sending response state after all 6 bytes command is received, which is a spec violation. Add a new state PREP_RESP in the ssi-sd state machine to handle it. Fixes: 775616c3ae8c ("Partial SD card SPI mode support") Signed-off-by: Bin Meng <bin.meng@windriver.com> Tested-by: Pragnesh Patel <pragnesh.patel@sifive.com> Reviewed-by: Pragnesh Patel <pragnesh.patel@sifive.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20210123104016.17485-4-bmeng.cn@gmail.com> [PMD: Change VMState version id 2 -> 3] Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-01-23Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into ↵Peter Maydell1-6/+24
staging * Make MinGW respect --bindir (Joshua) * Switch MinGW to a "deep" installation (Joshua + NSIS fixes by myself) * Fix compilation errors/warnings (Qixin, Philippe) * QemuOpts cleanups (myself) * Consistency improvements for -action (myself) * remove deprecated "change vnc TARGET" functionality (myself) * meson cleanups (Marc-André, Philippe, myself) * IDE out-of-bounds access (Prasad) * LA57 fix for -cpu max (Weijiang) # gpg: Signature made Sat 23 Jan 2021 20:55:59 GMT # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "pbonzini@redhat.com" # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full] # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini-gitlab/tags/for-upstream: (30 commits) qemu-option: warn for short-form boolean options qemu-option: move help handling to get_opt_name_value qemu-option: clean up id vs. list->merge_lists vnc: support "-vnc help" qmp: remove deprecated "change" command hmp: remove "change vnc TARGET" command acceptance: switch to QMP change-vnc-password command meson.build: Detect bzip2 program meson.build: Declare global edk2_targets / install_edk2_blobs variables meson: Add a section header for library dependencies meson: Display crypto-related information altogether meson: Display block layer information altogether meson: Display accelerators and selected targets altogether meson: Summarize compilation-related information altogether meson: Summarize overall features altogether meson: Display host binaries information altogether meson: Summarize information related to directories first meson: convert wixl detection to Meson nsis: adjust for new MinGW paths meson: Declare have_virtfs_proxy_helper in main meson.build ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-01-23ide: atapi: check logical block address and read size (CVE-2020-29443)Prasad J Pandit1-6/+24
While processing ATAPI cmd_read/cmd_read_cd commands, Logical Block Address (LBA) maybe invalid OR closer to the last block, leading to an OOB access issues. Add range check to avoid it. Fixes: CVE-2020-29443 Reported-by: Wenxiang Qian <leonwxqian@gmail.com> Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Message-Id: <20210118115130.457044-1-ppandit@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-01-229pfs: Convert reclaim list to QSLISTGreg Kurz2-10/+9
Use QSLIST instead of open-coding for a slightly improved readability. No behavioral change. Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Message-Id: <20210122143514.215780-1-groug@kaod.org> Signed-off-by: Greg Kurz <groug@kaod.org>
2021-01-229pfs: Improve unreclaim loopGreg Kurz1-14/+32
If a fid was actually re-opened by v9fs_reopen_fid(), we re-traverse the fid list from the head in case some other request created a fid that needs to be marked unreclaimable as well (i.e. the client opened a new handle on the path that is being unlinked). This is suboptimal since most if not all fids that require it have likely been taken care of already. This is mostly the result of new fids being added to the head of the list. Since the list is now a QSIMPLEQ, add new fids at the end instead to avoid the need to rewind. Take a reference on the fid to ensure it doesn't go away during v9fs_reopen_fid() and that it can be safely passed to QSIMPLEQ_NEXT() afterwards. Since the associated put_fid() can also yield, same is done with the next fid. So the logic here is to get a reference on a fid and only put it back during the next iteration after we could get a reference on the next fid. Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Message-Id: <20210121181510.1459390-1-groug@kaod.org> Signed-off-by: Greg Kurz <groug@kaod.org>
2021-01-22usb-host: map LIBUSB_SPEED_SUPER_PLUS to USB_SPEED_SUPERGerd Hoffmann1-0/+15
Handle host superspeedplus (usb 3.1+) devices like superspeed (usb 3.0) devices. That is enough to get them handled properly by xhci. They show up as superspeed devices inside the guest, but should be able to actually run at higher speeds. Reported-by: Angel Pagan <Angel.Pagan@stratus.com> Tested-by: Angel Pagan <Angel.Pagan@stratus.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-Id: <20210121150832.3564097-1-kraxel@redhat.com>
2021-01-22usb: add pcap support.Gerd Hoffmann4-0/+285
Log all traffic of a specific usb device to a pcap file for later inspection. File format is compatible with linux usb monitor. Usage: qemu -device usb-${somedevice},pcap=file.pcap wireshark file.pcap Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20210119194452.2148048-1-kraxel@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-01-22hw/usb/dev-uas: Report command additional adb length as unsupportedPhilippe Mathieu-Daudé1-1/+11
We are not ready to handle additional CDB data. If a guest sends a packet with such additional data, report the command parameter as not supported. Specify a size (of 1 byte) for the add_cdb member we are not using, to fix the following warning: usb/dev-uas.c:157:31: error: field 'status' with variable sized type 'uas_iu' not at the end of a struct or class is a GNU extension [-Werror,-Wgnu-variable-sized-type-not-at-end] uas_iu status; ^ Reported-by: Ed Maste <emaste@FreeBSD.org> Reported-by: Daniele Buono <dbuono@linux.vnet.ibm.com> Reported-by: Han Han <hhan@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20210120153522.1173897-4-philmd@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-01-22hw/usb/hcd-xhci: Fix extraneous format-truncation error on 32-bit hostsPhilippe Mathieu-Daudé1-1/+1
For some reason the assert() added in commit ccb799313a5 ("hw/usb: avoid format truncation warning when formatting port name") does not fix when building with GCC 10. KISS and expand the buffer by 4 bytes to silent the following error when using GCC 10.2.1 on Fedora 33: hw/usb/hcd-xhci.c: In function 'usb_xhci_realize': hw/usb/hcd-xhci.c:3309:54: error: '%d' directive output may be truncated writing between 1 and 8 bytes into a region of size 5 [-Werror=format-truncation=] 3309 | snprintf(port->name, sizeof(port->name), "usb2 port #%d", i+1); | ^~~~~~~~~~~~~~~ hw/usb/hcd-xhci.c:3309:54: note: directive argument in the range [1, 89478486] In file included from /usr/include/stdio.h:866, from include/qemu/osdep.h:85, from hw/usb/hcd-xhci.c:22: /usr/include/bits/stdio2.h:70:10: note: '__builtin___snprintf_chk' output between 13 and 20 bytes into a destination of size 16 70 | return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 71 | __bos (__s), __fmt, __va_arg_pack ()); | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ hw/usb/hcd-xhci.c:3323:54: error: '%d' directive output may be truncated writing between 1 and 8 bytes into a region of size 5 [-Werror=format-truncation=] 3323 | snprintf(port->name, sizeof(port->name), "usb3 port #%d", i+1); | ^~~~~~~~~~~~~~~ hw/usb/hcd-xhci.c:3323:54: note: directive argument in the range [1, 89478486] In file included from /usr/include/stdio.h:866, from include/qemu/osdep.h:85, from hw/usb/hcd-xhci.c:22: /usr/include/bits/stdio2.h:70:10: note: '__builtin___snprintf_chk' output between 13 and 20 bytes into a destination of size 16 70 | return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 71 | __bos (__s), __fmt, __va_arg_pack ()); | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ cc1: all warnings being treated as errors Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20210118181115.313742-1-philmd@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-01-22hw/usb: Convert to qdev_realize()Markus Armbruster2-7/+2
Device code shouldn't mess with QOM property "realized" since we have proper interfaces (merge commit 6675a653). Commit 8ddab8dd3d "usb/hcd-xhci: Split pci wrapper for xhci base model" and commit f00ff136ee "usb: hcd-xhci-sysbus: Attach xhci to sysbus device" reintroduced two instances. Clean them up. Note that s->xhci is a (bus-less) TYPE_XHCI device. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20210119120151.53757-1-armbru@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-01-22hw/usb: Fix bad printf format specifiersAlex Chen4-9/+9
We should use printf format specifier "%u" instead of "%d" for argument of type "unsigned int". Reported-by: Euler Robot <euler.robot@huawei.com> Signed-off-by: Alex Chen <alex.chen@huawei.com> Message-id: 20201119025751.45750-1-alex.chen@huawei.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-01-22hw/usb/host-libusb.c: fix build with kernel < 5.0Fabrice Fontaine1-1/+2
USBDEVFS_GET_SPEED is used since version 5.2.0 and https://gitlab.com/qemu-project/qemu/-/commit/202d69a715a4b1824dcd7ec1683d027ed2bae6d3 resulting in the following build failure with kernel < 5.0: ../hw/usb/host-libusb.c: In function 'usb_host_open': ../hw/usb/host-libusb.c:953:32: error: 'USBDEVFS_GET_SPEED' undeclared (first use in this function); did you mean 'USBDEVFS_GETDRIVER'? int rc = ioctl(hostfd, USBDEVFS_GET_SPEED, NULL); ^~~~~~~~~~~~~~~~~~ USBDEVFS_GETDRIVER A tentative was made to fix this build failure with https://gitlab.com/qemu-project/qemu/-/commit/4969e697c15ac536d5c0700381d5d026ef7f0588 However, the assumption that distros with old kernels also have old libusb is just wrong so also add a check for defined(USBDEVFS_GET_SPEED) Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Message-id: 20201213213016.457350-1-fontaine.fabrice@gmail.com [ kraxel: codestyle whitespace fixup ] Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-01-21Merge remote-tracking branch 'remotes/cohuck-gitlab/tags/s390x-20210121' ↵Peter Maydell1-4/+36
into staging s390x updates: - headers update to Linux 5.11-rc2 - fix tcg emulation for some instructions that are generated by clang Linux kernel builds - vfio-ccw: wire up the device unplug notification mechanism - fix a gcc 11 warning # gpg: Signature made Thu 21 Jan 2021 12:08:12 GMT # gpg: using RSA key C3D0D66DC3624FF6A8C018CEDECF6B93C6F02FAF # gpg: issuer "cohuck@redhat.com" # gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>" [unknown] # gpg: aka "Cornelia Huck <huckc@linux.vnet.ibm.com>" [full] # gpg: aka "Cornelia Huck <cornelia.huck@de.ibm.com>" [full] # gpg: aka "Cornelia Huck <cohuck@kernel.org>" [unknown] # gpg: aka "Cornelia Huck <cohuck@redhat.com>" [unknown] # Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0 18CE DECF 6B93 C6F0 2FAF * remotes/cohuck-gitlab/tags/s390x-20210121: s390x: Use strpadcpy for copying vm name vfio-ccw: Connect the device request notifier Update linux headers to 5.11-rc2 update-linux-headers: Include const.h s390x/tcg: Ignore register content if b1/b2 is zero when handling EXECUTE tests/tcg/s390x: Fix EXRL tests s390x/tcg: Don't ignore content in r0 when not specified via "b" or "x" s390x/tcg: Fix RISBHG s390x/tcg: Fix ALGSI Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-01-219pfs: Convert V9fsFidState::fid_list to QSIMPLEQGreg Kurz2-25/+20
The fid_list is currently open-coded. This doesn't seem to serve any purpose that cannot be met with QEMU's generic lists. Let's go for a QSIMPLEQ : this will allow to add new fids at the end of the list and to improve the logic in v9fs_mark_fids_unreclaim(). Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Message-Id: <20210118142300.801516-3-groug@kaod.org> Signed-off-by: Greg Kurz <groug@kaod.org>
2021-01-219pfs: Convert V9fsFidState::clunked to boolGreg Kurz2-3/+3
This can only be 0 or 1. Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Message-Id: <20210118142300.801516-2-groug@kaod.org> Signed-off-by: Greg Kurz <groug@kaod.org>
2021-01-219pfs/proxy: Check return value of proxy_marshal()Greg Kurz1-1/+2
This should always successfully write exactly two 32-bit integers. Make it clear with an assert(), like v9fs_receive_status() and v9fs_receive_response() already do when unmarshalling the same header. Fixes: Coverity CID 1438968 Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Message-Id: <161035859647.1221144.4691749806675653934.stgit@bahia.lan> Signed-off-by: Greg Kurz <groug@kaod.org>
2021-01-21Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2021-01-20' into ↵Peter Maydell3-3/+14
staging nbd patches for 2021-01-20 - minor resource leak fixes in qemu-nbd - ensure proper aio context when nbd server uses iothreads - iotest refactorings in preparation for rewriting ./check to be more flexible, and preparing for more nbd server reconnect features # gpg: Signature made Thu 21 Jan 2021 02:28:19 GMT # gpg: using RSA key 71C2CC22B1C4602927D2F3AAA7A16B4A2527436A # gpg: Good signature from "Eric Blake <eblake@redhat.com>" [full] # gpg: aka "Eric Blake (Free Software Programmer) <ebb9@byu.net>" [full] # gpg: aka "[jpeg image of size 6874]" [full] # Primary key fingerprint: 71C2 CC22 B1C4 6029 27D2 F3AA A7A1 6B4A 2527 436A * remotes/ericb/tags/pull-nbd-2021-01-20: iotests.py: qemu_io(): reuse qemu_tool_pipe_and_status() iotests.py: fix qemu_tool_pipe_and_status() iotests/264: fix style iotests: define group in each iotest iotests/294: add shebang line iotests: make tests executable iotests: fix some whitespaces in test output files iotests/303: use dot slash for qcow2.py running iotests/277: use dot slash for nbd-fault-injector.py running nbd/server: Quiesce coroutines on context switch block: Honor blk_set_aio_context() context requirements qemu-nbd: Fix a memleak in nbd_client_thread() qemu-nbd: Fix a memleak in qemu_nbd_client_list() Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-01-21vfio-ccw: Connect the device request notifierEric Farman1-4/+36
Now that the vfio-ccw code has a notifier interface to request that a device be unplugged, let's wire that together. Signed-off-by: Eric Farman <farman@linux.ibm.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Message-Id: <20210104202057.48048-4-farman@linux.ibm.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2021-01-20block: Honor blk_set_aio_context() context requirementsSergio Lopez3-3/+14
The documentation for bdrv_set_aio_context_ignore() states this: * The caller must own the AioContext lock for the old AioContext of bs, but it * must not own the AioContext lock for new_context (unless new_context is the * same as the current context of bs). As blk_set_aio_context() makes use of this function, this rule also applies to it. Fix all occurrences where this rule wasn't honored. Suggested-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Sergio Lopez <slp@redhat.com> Message-Id: <20201214170519.223781-2-slp@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Eric Blake <eblake@redhat.com>
2021-01-20hw/block/nand: Rename PAGE_SIZE to NAND_PAGE_SIZEJiaxun Yang1-20/+20
As per POSIX specification of limits.h [1], OS libc may define PAGE_SIZE in limits.h. To prevent collosion of definition, we rename PAGE_SIZE here. [1]: https://pubs.opengroup.org/onlinepubs/7908799/xsh/limits.h.html Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Message-Id: <20210118063808.12471-5-jiaxun.yang@flygoat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2021-01-19Merge remote-tracking branch ↵Peter Maydell1-82/+157
'remotes/huth-gitlab/tags/pull-request-2021-01-19' into staging * Refactor next-cube interrupt and register handling into a proper QOM device # gpg: Signature made Tue 19 Jan 2021 08:15:39 GMT # gpg: using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5 # gpg: issuer "huth@tuxfamily.org" # gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full] # gpg: aka "Thomas Huth <thuth@redhat.com>" [full] # gpg: aka "Thomas Huth <huth@tuxfamily.org>" [full] # gpg: aka "Thomas Huth <th.huth@posteo.de>" [unknown] # Primary key fingerprint: 27B8 8847 EEE0 2501 18F3 EAB9 2ED9 D774 FE70 2DB5 * remotes/huth-gitlab/tags/pull-request-2021-01-19: hw/m68k/next-cube: Add missing header comment to next-cube.h hw/m68k/next-cube: Add vmstate for NeXTPC device hw/m68k/next-cube: Remove unused fields from NeXTState hw/m68k/next-cube: Move rtc into NeXTPC struct hw/m68k/next-cube: Make next_irq GPIO inputs to NEXT_PC device hw/m68k/next-cube: Move int_status and int_mask to NeXTPC struct hw/m68k/next-cube: Make next_irq take NeXTPC* as its opaque hw/m68k/next-cube: Move scr_ops into NeXTPC device hw/m68k/next-cube: Move mmio_ops into NeXTPC device hw/m68k/next-cube: Move register/interrupt functionality into a device hw/m68k/next-cube: Make next_irq() function static Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-01-19hw/m68k/next-cube: Add vmstate for NeXTPC devicePeter Maydell1-1/+33
Add the vmstate for the new NeXTPC devic; this is in theory a migration compatibility break, but this machine doesn't have working migration currently anyway. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20210115201206.17347-11-peter.maydell@linaro.org> Signed-off-by: Thomas Huth <huth@tuxfamily.org>
2021-01-19hw/m68k/next-cube: Remove unused fields from NeXTStatePeter Maydell1-4/+0
The fields scsi_irq, scsi_dma, scsi_reset and fd_irq in NeXTState are all unused, except in commented out "this should do something like this" code. Remove the unused fields. As and when the functionality that might use them is added, we can put in the correct kind of wiring (which might or might not need to be a qemu_irq, but which in any case will need to be in the NeXTPC device, not in NeXTState). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20210115201206.17347-10-peter.maydell@linaro.org> Signed-off-by: Thomas Huth <huth@tuxfamily.org>
2021-01-19hw/m68k/next-cube: Move rtc into NeXTPC structPeter Maydell1-14/+8
Move the rtc into the NeXTPC struct. Since this is the last use of the 'backdoor' NextState pointer we can now remove that. Probably the RTC should be its own device at some point: in hardware there is a separate MCS1850 RTC chip connected to the Peripheral Controller via a 1-bit serial interface. That goes beyond the remit of the current refactoring, though. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20210115201206.17347-9-peter.maydell@linaro.org> Signed-off-by: Thomas Huth <huth@tuxfamily.org>
2021-01-19hw/m68k/next-cube: Make next_irq GPIO inputs to NEXT_PC devicePeter Maydell1-17/+4
Make the next_irq function be GPIO inputs to the NEXT_PC device, rather than a freestanding set of qemu_irq lines. This fixes a minor Coverity issue where it correctly points out the trivial memory leak of the memory allocated in the call to qemu_allocate_irqs(). Fixes: CID 1421962 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20210115201206.17347-8-peter.maydell@linaro.org> Signed-off-by: Thomas Huth <huth@tuxfamily.org>
2021-01-19hw/m68k/next-cube: Move int_status and int_mask to NeXTPC structPeter Maydell1-17/+16
All the code which accesses int_status and int_mask is now doing so via the NeXTPC->NeXTState indirection, so we can move these fields into the NeXTPC struct where they belong. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20210115201206.17347-7-peter.maydell@linaro.org> Signed-off-by: Thomas Huth <huth@tuxfamily.org>
2021-01-19hw/m68k/next-cube: Make next_irq take NeXTPC* as its opaquePeter Maydell1-8/+23
Make the next_irq function take a NeXTPC* as its opaque rather than the M68kCPU*. This will make it simpler to turn the next_irq function into a gpio input line of the NeXTPC device in the next commit. For this to work we have to pass the CPU to the NeXTPC device via a link property, in the same way we do in q800.c (and for the same reason). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20210115201206.17347-6-peter.maydell@linaro.org> Signed-off-by: Thomas Huth <huth@tuxfamily.org>
2021-01-19hw/m68k/next-cube: Move scr_ops into NeXTPC devicePeter Maydell1-25/+25
Move the registers handled by the scr_ops struct into the NeXTPC device. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20210115201206.17347-5-peter.maydell@linaro.org> Signed-off-by: Thomas Huth <huth@tuxfamily.org>
2021-01-19hw/m68k/next-cube: Move mmio_ops into NeXTPC devicePeter Maydell1-36/+44
Move the registers handled by the mmio_ops struct into the NeXTPC device. This allows us to also move the scr1 and scr2 data fields. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20210115201206.17347-4-peter.maydell@linaro.org> Signed-off-by: Thomas Huth <huth@tuxfamily.org>
2021-01-19hw/m68k/next-cube: Move register/interrupt functionality into a devicePeter Maydell1-0/+44
Currently the next-cube board code open-codes a lot of handling of interrupts and some miscellaneous registers. Move this into a proper QOM device. In the real hardware this functionality seems to be the responsibility of the Peripheral Controller (PC) chip, so name the device that. There are several different things that will need to be moved into this device: * the mmio_iops register set * the scr_ops register set * the next_irq IRQ handling To ease review, we structure the change as a sequence of commits: in this first commit we create the skeleton of the NeXTPC device with no content, but with a backdoor pointer to the NeXTState machine's state struct so we can move parts of the code and still have refactored and non-refactored code using the same struct data fields. Further commits will move functionality into the new device piece by piece. At the end we will be able to remove the backdoor pointer because all the data fields will be in the NeXTPC struct and not the NeXTState struct. We'll add the VMState for the new device at the end of all that; this is in theory a migration compatibility break but this machine does not currently support migration at all anyway. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20210115201206.17347-3-peter.maydell@linaro.org> [huth: Add a comment in front of struct NeXTPC] Signed-off-by: Thomas Huth <huth@tuxfamily.org>
2021-01-19hw/m68k/next-cube: Make next_irq() function staticPeter Maydell1-1/+1
The next_irq() function is global, but isn't actually used anywhere outside next-cube.c. Make it static. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20210115201206.17347-2-peter.maydell@linaro.org> Signed-off-by: Thomas Huth <huth@tuxfamily.org>
2021-01-19spapr_cpu_core.c: use g_auto* in spapr_create_vcpu()Daniel Henrique Barboza1-9/+3
Use g_autoptr() with Object and g_autofree with the string to avoid the need of a cleanup path. Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> Message-Id: <20210114180628.1675603-6-danielhb413@gmail.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-01-19spapr_rtas.c: fix identation of rtas_ibm_suspend_me() argsDaniel Henrique Barboza1-3/+3
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> Message-Id: <20210114180628.1675603-5-danielhb413@gmail.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-01-19spapr_hcall.c: make do_client_architecture_support staticDaniel Henrique Barboza1-0/+1
The function is called only inside spapr_hcall.c. Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> Message-Id: <20210114180628.1675603-3-danielhb413@gmail.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-01-19spapr: Improve handling of memory unplug with old guestsGreg Kurz3-13/+21
Since commit 1e8b5b1aa16b ("spapr: Allow memory unplug to always succeed") trying to unplug memory from a guest that doesn't support it (eg. rhel6) no longer generates an error like it used to. Instead, it leaves the memory around : only a subsequent reboot or manual use of drmgr within the guest can complete the hot-unplug sequence. A flag was added to SpaprMachineClass so that this new behavior only applies to the default machine type. We can do better. CAS processes all pending hot-unplug requests. This means that we don't really care about what the guest supports if the hot-unplug request happens before CAS. All guests that we care for, even old ones, set enough bits in OV5 that lead to a non-empty bitmap in spapr->ov5_cas. Use that as a heuristic to decide if CAS has already occured or not. Always accept unplug requests that happen before CAS since CAS will process them. Restore the previous behavior of rejecting them after CAS when we know that the guest doesn't support memory hot-unplug. This behavior is suitable for all machine types : this allows to drop the pre_6_0_memory_unplug flag. Fixes: 1e8b5b1aa16b ("spapr: Allow memory unplug to always succeed") Signed-off-by: Greg Kurz <groug@kaod.org> Message-Id: <161012708715.801107.11418801796987916516.stgit@bahia.lan> Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-01-19sam460ex: Use type cast macro instead of simple castBALATON Zoltan1-5/+2
Use the PCI_BUS type cast macro to convert result of qdev_get_child_bus(). Also remove the check for NULL afterwards which should not be needed because sysbus_create_simple() uses error_abort and we create the PCI host object here that's expected to have a PCI bus so this shouldn't fail. Even if it would fail that would be due to a programmer error so an error message is not necessary. Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Message-Id: <a4dc55b56eed3ce899b7bf9835b980a114c52598.1610143658.git.balaton@eik.bme.hu> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-01-19Revert "ppc4xx: Move common dependency on serial to common option"BALATON Zoltan1-1/+4
This reverts commit e6d5106786 which was added mistakenly. While this change works it was suggested during review that keeping dependencies explicit for each board may be better than listing them in a common option so keep the previous version and revert this change. Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Message-Id: <8c65807fc7dc1c4c4f6320f2fd6409a3091c88ff.1610143658.git.balaton@eik.bme.hu> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-01-19Revert "sam460ex: Remove FDT_PPC dependency from KConfig"BALATON Zoltan1-0/+1
This reverts commit 038da2adf that was mistakenly added, this dependency is still needed to get libfdt dependencies even if fdt.o is not needed by sam460ex. Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Message-Id: <15a9fa72eed4f02bdbeaef206803d5e22260e2de.1610143658.git.balaton@eik.bme.hu> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-01-19hw/ppc: Remove unused ppcuic_init()Peter Maydell1-38/+0
Now we've converted all the callsites to directly create the QOM UIC device themselves, the ppcuic_init() function is unused and can be removed. The enum defining PPCUIC symbolic constants can be moved to the ppc-uic.h header where it more naturally belongs. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Message-Id: <20210108171212.16500-5-peter.maydell@linaro.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-01-19hw/ppc/ppc405_uc: Drop use of ppcuic_init()Peter Maydell3-33/+47
Switch the ppc405_uc boards to directly creating and configuring the UIC, rather than doing it via the old ppcuic_init() helper function. We retain the API feature of ppc405ep_init() where it passes back something allowing the callers to wire up devices to the UIC if they need to, even though neither of the callsites currently makes use of this ability -- instead of passing back the qemu_irq array we pass back the UIC DeviceState. This fixes a trivial Coverity-detected memory leak where we were leaking the array of IRQs returned by ppcuic_init(). Fixes: Coverity CID 1421922 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20210108171212.16500-4-peter.maydell@linaro.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>