Fam Zheng [Wed, 26 Oct 2016 03:50:06 +0000 (11:50 +0800)]
trace: Fix 'char **' compilation error in simple backend
Currently, the generated function body will do "strlen(arg)" but the
argument could be 'char **' or 'char * const *'. Avoid that by excluding
such cases in is_string check.
Reported by patchew's "make docker-test-mingw@fedora".
Suggested-by: Eric Blake <eblake@redhat.com> Signed-off-by: Fam Zheng <famz@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1477453806-21097-1-git-send-email-famz@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Gerd Hoffmann [Thu, 27 Oct 2016 14:42:28 +0000 (16:42 +0200)]
seabios: update to 1.10.0 release.
New in this release:
===================
* Initial support for Trusted Platform Module (TPM) version 2.0
* Several USB XHCI timing fixes on real hardware
* Support for "LSI MPT Fusion" scsi controllers on QEMU
* Support for virtio devices mapped above 4GB
* Several bug fixes and code cleanups
Alex Williamson (1):
fw/pci: Add support for mapping Intel IGD via QEMU
Cao jin (1):
Fix comment typo
Cole Robinson (1):
biostables: Support SMBIOS 2.6+ UUID format
Dana Rubin (2):
pvscsi: Fix incorrect arguments order in call to memalign_low
pvscsi: Use high memory for rings
Don Slutz (1):
Support for booting from LSI Logic LSI53C1030, SAS1068, SAS1068e
Gerd Hoffmann (4):
ahci: set transfer mode according to the capabilities of connected drive
virtio: uninline _vp_{read,write}
virtio: pci cfg access
virtio: fix virtio-pci
Haozhong Zhang (1):
fw/msr_feature_control: add support to set MSR_IA32_FEATURE_CONTROL
Igor Mammedov (3):
paravirt: disable legacy bios tables in case of more than 255 CPUs
add helpers to read etc/boot-cpus at resume time
support booting with more than 255 CPUs
Kevin O'Connor (124):
usb: Allow configuration of sigatt time (in etc/usb-time-sigatt)
xhci: Check for device disconnects during USB2 reset polling
sdcard: Only enable error_irq_enable for bits defined in SDHCI v1 spec
sdcard: fix typo causing 32bit write to 16bit block_size field
sdcard: Enable extra debugging on sdcard_waitw() timeout
acpi_extract: Move main code to new function main()
acpi_extract: Make the generated .hex files more human readable
acpi_extract: Don't generate unused (and empty) q35-acpi-dsdt.hex file
acpi: Don't build SSDT files on every build; store them in git
acpi: Remove build check for iasl
tpm: Move standard definitions from tcgbios.h to new file std/tcg.h
util.h: Minor - HaveRunPost is in misc.c not resume.c
tpm: Add "static" declaration to functions not used outside tcgbios.c
tpm: Move code around in tcgbios.c
tpm: Move error recovery from tpm_extend_acpi_log() to only caller
tpm: Open code tpm_ipl() into callers
tpm: Change tpm_add_measurement() to tpm_add_action()
tpm: Move tpm_add_bootdevice() into callers
tpm: Move tpm_start_option_rom_scan() and tpm_calling_int19h() into callers
tpm: pcpes->event is a variable length array
tpm: Don't pass entry_count around in parameters to/from tpm_extend_acpi_log()
tpm: There is no need to pass pcrindex to hash_log_extend_event()
tpm: Perform hashing separately from logging
tpm: There is no need to pass event_length to hash/extend functions
tpm: Avoid scatter-gather copying in build_and_send_cmd()
tpm: Don't implement scatter-gather in transmit()
tpm: Merge tpm_log_event() and tpm_extend_acpi_log()
tpm: Merge tpm_log_extend_event() and tpm_extend(); extend before logging
xhci: Wait for port enable even for USB3 devices
xhci: Improve port status change debugging
xhci: Disable slot on failed set_address command
nmi: Don't try to switch onto extra stack in NMI handler
scsi: Do not call printf() from scsi_is_ready()
block: Report drive->sectors using "%u" instead of "%d"
tpm: Add banner separating the TCG bios interface code from TCG menu code
tpm: Avoid macro expansion of tpm request / response structs
tpm: Simplify hardware probe and detection checks
tpm: Add wrapper function tpmhw_set_timeouts()
tpm: Move TPM hardware functions from tcgbios.c to hw/tpm_drivers.c
tpm: Rework TPM interface shutdown support
tpm: Simplify tcpa probe
tpm: Introduce tpm_get_capability() helper function
tpm: Eliminate response buffer parameter from build_and_send_cmd()
tpm: Don't return a status from external bios measurement functions
tpm: No need to check the return status of measurements
tpm: Don't call tpm_set_failure() from tpm_log_extend_event()
tpm: Don't use 16bit BIOS return codes in build_and_send_cmd()
tpm: Don't use 16bit BIOS return codes in tpm_log_event()
tpm: Don't use 16bit BIOS return codes in tpmhw_* functions
tpm: Don't use 16bit BIOS return codes in TPM menu functions
usb: Remove usbdev->slotid field
coreboot: Check for unaligned cbfs header
resume: Make KVM soft reboot loop detection more flexible
post: Always set HaveRunPost prior to setting any other global variable
kbd: Don't treat scancode and asciicode as separate values
kbd: Refactor capslock and numlock handling
ehci: Only delay UHCI/OHCI port scan until after EHCI setup completes
usb: Eliminate USB controller setup thread
pci: Add helper functions for internal driver BAR handling
ahci: Convert to new PCI BAR helper functions
ata: Convert to new PCI BAR helper functions
esp-scsi: Convert to new PCI BAR helper functions
lsi-scsi: Convert to new PCI BAR helper functions
megasas: Convert to new PCI BAR helper functions
pvscsi: Convert to new PCI BAR helper functions
sdcard: Convert to new PCI BAR helper functions
ehci: Convert to new PCI BAR helper functions
ohci: Convert to new PCI BAR helper functions
uhci: Convert to new PCI BAR helper functions
xhci: Convert to new PCI BAR helper functions
virtio: Convert to new PCI BAR helper functions
pci: Consistently set pci->have_drivers for devices with internal drivers
pci: Implement '%pP' printf handler for 'struct pci_device' pointers
pci: Move code in pci.c that is specific to pciinit.c to pciinit.c
pci: Split low-level pci code from higher-level 'struct pci_device' code
scsi: Always use MAXDESCSIZE when building drive description
block: Move drive setup to new function block_setup()
tpm: Unify tpm_fill_hash()/tpm_log_extend_event() and use in BIOS interface
docs: Note release date of 1.9.1
build: fix .text section address alignment
tpm: Write logs in TPM 2 format
mpt-scsi: Declare 'int i' outside of for loop for older compilers
block: Move send_disk_op() from block.c to disk.c
disk: Avoid stack_hop() path if already on the extra stack
optionroms: Drop support for CONFIG_OPTIONROMS_DEPLOYED
shadow: Batch PCI config writes
virtio: Use threads when scanning for virtio devices
scsi: Launch a thread when scanning for drives in the scsi drivers
docs: Note release date of 1.9.2
usb-xhci: Remove unused const variables
tcgbios: Remove unused const variable
vgabios: Remove special case of dh==0xff in handle_1013()
vgabios: Don't check for special case of page==0xff on external calls
vgabios: Simplify set_cursor_pos()
docs: Note release date of 1.9.3
vgabios: Simplify scroll logic
blockcmd: CMD_SCSI op is only used in 32bit mode
swcursor: Move swcursor code from vgafb.c to new file swcursor.c
swcursor: Concentrate swcursor logic in swcursor.c
vgafb: Move header definitions from vgabios.h to new file vgafb.h
vgainit: Move video param setup to stdvga_build_video_param()
vgautil: Add new header file with misc function and variable definitions
vgautil: Move generic definitions from stdvga.h to vgautil.h
vgautil: Move definitions from cbvga.h and clext.h to vgautil.h
version: Update header files now that version.c is not auto generated
checkstack: Handle conditional checks at start of functions
tpm: Append to TPM2 log the hashes used for PCR extension
ps2: Remove stale check for timeout warning on reset
pic: The default hardware interrupt handlers should not take a parameter
kbd: Implement 101-key keyboard keycode mapping
kbd: Implement extended keycode mappings for keypad-enter and keypad-/
kbd: Suppress keys without mappings
kbd: Merge bda->kbd_flag0 and bda->kbd_flag1
kbd: Extract out shift flag setting into new function
kbd: Move checking for special keys in __process_keys() into switch
kbd: Ignore fake shift keys
usb-hid: Generate Ctrl+Break and Alt+SysReq keys
kbd: Generate interrupt events for SysReq, PrtScr, and Break
post: Map int 0x05 to entry point
kbd: Move extended and release events out of special key detection switch
build: Be sure to also include out/*.d in Makefile
smp: consolidate CPU APIC ID detection and accounting
build: Add -fno-pie to the gcc flags when available
docs: Note v1.10.0 release
Marcel Apfelbaum (2):
fw/pci: do not automatically allocate IO region for PCIe bridges
fw/pci: add Q35 S3 support
Matt DeVillier (1):
sdcard: skip detection of PCI sdhci controllers if etc/sdcard used
Paolo Bonzini (1):
smp: restore MSRs on S3 resume
Piotr Król (1):
docs: fix various typos and inconsistency
Roger Pau Monne (1):
build: fix typo in buildversion.py
Stefan Berger (34):
tpm: Temporarily deactivate the TPM in case of failure
tpm: Refactor function building TPM commands
tpm: Refactor the parameters being passed to tpm_extend_acpi_log
tpm: Refactor hash_log_event BIOS interface function
tpm: Refactor hash_log_extend_event
tpm: fix compiler warning with older gcc versions
tpm: Drop code using the TPM for sha1
tpm: Set timeouts and durations to microsecond values
tpm: Cache all log related pointers in tpm_state
tpm: Refactor pass_through_to_tpm
tpm: Rename remaining interrupt functions
tpm: Remove check for working TPM from TPM interrupt handler
tpm: Check length parameter of the array
tpm: Add a menu for TPM configuration
tpm: Copy digest into HashLogExentEvent response
tpm: Move assert_physical_presence and dependencies
tpm: Add support for harware physical presence
tpm: Rework the assertion of physical presence
tpm: Remove usage of PP_CMD_ENABLE from all but one place
tpm: Do not set TPM in failure mode if menu command fails
tpm: Extend TPM TIS with TPM 2 support.
tpm: Factor out tpm_extend
tpm: Prepare code for TPM 2 functions
tpm: Implement tpm20_startup and tpm20_s3_resume
tpm: Implement tpm20_set_timeouts
tpm: Implement tpm20_prepboot
tpm: Implement tpm20_extend
tpm: Implement tpm20_menu
tpm: Implement TPM 2's tpm_set_failure part
tpm: Filter TPM commands in passthrough API
tpm: Retrieve the PCR Bank configuration
tpm: Restructure tpm20_extend to use buffer and take hash as parameter
tpm: Refactor tpml_digest_values_sha1 structure
tpm: Extend tpm20_extend to support extending to multiple PCR banks
Peter Maydell [Thu, 27 Oct 2016 11:45:45 +0000 (12:45 +0100)]
Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging
# gpg: Signature made Wed 26 Oct 2016 03:19:06 BST
# gpg: using RSA key 0xEF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F 3562 EF04 965B 398D 6211
* remotes/jasowang/tags/net-pull-request:
colo-proxy: fix memory leak
net: rtl8139: limit processing of ring descriptors
net: vmxnet: initialise local tx descriptor
e1000e: Don't zero out buffer address in rx descriptor
net: rocker: set limit to DMA buffer size
net: eepro100: fix memory leak in device uninit
tap-bsd: OpenBSD uses tap(4) now
net: pcnet: fix source formatting and indentation
net: pcnet: check rx/tx descriptor ring length
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* remotes/vivier/tags/m68k-part1-pull-request: (23 commits)
target-m68k: Optimize gen_flush_flags
target-m68k: Optimize some comparisons
target-m68k: Use setcond for scc
target-m68k: Introduce DisasCompare
target-m68k: Reorg flags handling
target-m68k: Remove incorrect clearing of cc_x
target-m68k: Some fixes to SR and flags management
target-m68k: Print flags properly
target-m68k: update CPU flags management
target-m68k: don't update cc_dest in helpers
target-m68k: update move to/from ccr/sr
target-m68k: remove m68k_cpu_exec_enter() and m68k_cpu_exec_exit()
target-m68k: Replace helper_xflag_lt with setcond
target-m68k: allow to update flags with operation on words and bytes
target-m68k: REG() macro cleanup
target-m68k: set PAGE_BITS to 12 for m68k
target-m68k: define operand sizes
target-m68k: set disassembler mode to 680x0 or coldfire
target-m68k: introduce read_imXX() functions
target-m68k: manage scaled index
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Emulating LL/SC with cmpxchg is not correct, since it can
suffer from the ABA problem. However, portable parallel
code is written assuming only cmpxchg which means that in
practice this is a viable alternative.
Signed-off-by: Richard Henderson <rth@twiddle.net>
The exception is not emitted anymore; remove it and the associated
TCG variables.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Emilio G. Cota <cota@braap.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
Message-Id: <1467054136-10430-31-git-send-email-cota@braap.org>
Emilio G. Cota [Mon, 27 Jun 2016 19:02:15 +0000 (15:02 -0400)]
linux-user: remove handling of aarch64's EXCP_STREX
The exception is not emitted anymore.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Emilio G. Cota <cota@braap.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
Message-Id: <1467054136-10430-30-git-send-email-cota@braap.org>
Emilio G. Cota [Mon, 27 Jun 2016 19:02:14 +0000 (15:02 -0400)]
linux-user: remove handling of ARM's EXCP_STREX
The exception is not emitted anymore.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Emilio G. Cota <cota@braap.org> Signed-off-by: Richard Henderson <rth@twidle.net>
Message-Id: <1467054136-10430-29-git-send-email-cota@braap.org>
Emilio G. Cota [Mon, 27 Jun 2016 19:02:13 +0000 (15:02 -0400)]
target-arm: emulate aarch64's LL/SC using cmpxchg helpers
Emulating LL/SC with cmpxchg is not correct, since it can
suffer from the ABA problem. Portable parallel code, however,
is written assuming only cmpxchg--and not LL/SC--is available.
This means that in practice emulating LL/SC with cmpxchg is
a viable alternative.
The appended emulates LL/SC pairs in aarch64 with cmpxchg helpers.
This works in both user and system mode. In usermode, it avoids
pausing all other CPUs to perform the LL/SC pair. The subsequent
performance and scalability improvement is significant, as the
plots below show. They plot the throughput of atomic_add-bench
compiled for ARM and executed on a 64-core x86 machine.
Emilio G. Cota [Mon, 27 Jun 2016 19:02:08 +0000 (15:02 -0400)]
target-arm: emulate LL/SC using cmpxchg helpers
Emulating LL/SC with cmpxchg is not correct, since it can
suffer from the ABA problem. Portable parallel code, however,
is written assuming only cmpxchg--and not LL/SC--is available.
This means that in practice emulating LL/SC with cmpxchg is
a viable alternative.
The appended emulates LL/SC pairs in ARM with cmpxchg helpers.
This works in both user and system mode. In usermode, it avoids
pausing all other CPUs to perform the LL/SC pair. The subsequent
performance and scalability improvement is significant, as the
plots below show. They plot the throughput of atomic_add-bench
compiled for ARM and executed on a 64-core x86 machine.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-Id: <1467054136-10430-23-git-send-email-cota@braap.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
target-arm: Rearrange aa32 load and store functions
Stop specializing on TARGET_LONG_BITS == 32; unconditionally allocate
a temp and expand with tcg_gen_extu_i32_tl. Split out gen_aa32_addr,
gen_aa32_frob64, gen_aa32_ld_i32 and gen_aa32_st_i32 as separate interfaces.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
Emilio G. Cota [Mon, 27 Jun 2016 19:02:05 +0000 (15:02 -0400)]
tests: add atomic_add-bench
With this microbenchmark we can measure the overhead of emulating atomic
instructions with a configurable degree of contention.
The benchmark spawns $n threads, each performing $o atomic ops (additions)
in a loop. Each atomic operation is performed on a different cache line
(assuming lines are 64b long) that is randomly selected from a range [0, $r).
[ Note: each $foo corresponds to a -foo flag ]
Signed-off-by: Emilio G. Cota <cota@braap.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
Message-Id: <1467054136-10430-20-git-send-email-cota@braap.org>
Emilio G. Cota [Mon, 27 Jun 2016 19:02:06 +0000 (15:02 -0400)]
target-i386: remove helper_lock()
It's been superseded by the atomic helpers.
The use of the atomic helpers provides a significant performance and scalability
improvement. Below is the result of running the atomic_add-test microbenchmark with:
$ x86_64-linux-user/qemu-x86_64 tests/atomic_add-bench -o 5000000 -r $r -n $n
, where $n is the number of threads and $r is the allowed range for the additions.
The scenarios measured are:
- atomic: implements x86' ADDL with the atomic_add helper (i.e. this patchset)
- cmpxchg: implement x86' ADDL with a TCG loop using the cmpxchg helper
- master: before this patchset
Results sorted in ascending range, i.e. descending degree of contention.
Y axis is Throughput in Mops/s. Tests are run on an AMD machine with 64
Opteron 6376 cores.
For master I stopped measuring master after 8 threads, because there is little
point in measuring the well-known performance collapse of a contended lock.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-Id: <1467054136-10430-21-git-send-email-cota@braap.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
Allow qemu to build on 32-bit hosts without 64-bit atomic ops.
Even if we only allow 32-bit hosts to multi-thread emulate 32-bit
guests, we still need some way to handle the 32-bit guest using a
64-bit atomic operation. Do so by dropping back to single-step.
Reviewed-by: Emilio G. Cota <cota@braap.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
Wikipedia suggests that only very old AMD64 (circa 2004) did not have
this instruction. Further, it's required by Windows 8 so no new cpus
will ever omit it.
If we truely care about these, then we could check this at startup time
and then avoid executing paths that use it.
Reviewed-by: Emilio G. Cota <cota@braap.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
Add all of cmpxchg, op_fetch, fetch_op, and xchg.
Handle both endian-ness, and sizes up to 8.
Handle expanding non-atomically, when emulating in serial.
Reviewed-by: Emilio G. Cota <cota@braap.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
Alex Bennée [Wed, 5 Oct 2016 18:13:04 +0000 (11:13 -0700)]
linux-user: enable parallel code generation on clone
The variable parallel_cpus controls the generation of thread aware
atomic code. We only need to set it once we clone our first thread.
At this point any existing translations need to be thrown away.
Reviewed-by: Emilio G. Cota <cota@braap.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
While the check against sizeof(void *) is appropriate for
normal usage within qemu, there are places in which we want
wider operaions and have checked for their existance.
Reviewed-by: Emilio G. Cota <cota@braap.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
Emilio G. Cota [Mon, 27 Jun 2016 19:01:54 +0000 (15:01 -0400)]
atomics: add atomic_op_fetch variants
This paves the way for upcoming work.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Emilio G. Cota <cota@braap.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
Message-Id: <1467054136-10430-9-git-send-email-cota@braap.org>
Emilio G. Cota [Mon, 27 Jun 2016 19:01:53 +0000 (15:01 -0400)]
atomics: add atomic_xor
This paves the way for upcoming work.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Emilio G. Cota <cota@braap.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
Message-Id: <1467054136-10430-8-git-send-email-cota@braap.org>
Li Qiang [Mon, 19 Sep 2016 02:07:11 +0000 (19:07 -0700)]
virtio-gpu: fix memory leak in virtio_gpu_resource_create_2d
In virtio gpu resource create dispatch, if the pixman format is zero
it doesn't free the resource object allocated previously. Thus leading
a host memory leak issue. This patch avoid this.
audio: intel-hda: check stream entry count during transfer
Intel HDA emulator uses stream of buffers during DMA data
transfers. Each entry has buffer length and buffer pointer
position, which are used to derive bytes to 'copy'. If this
length and buffer pointer were to be same, 'copy' could be
set to zero(0), leading to an infinite loop. Add check to
avoid it.
net: rtl8139: limit processing of ring descriptors
RTL8139 ethernet controller in C+ mode supports multiple
descriptor rings, each with maximum of 64 descriptors. While
processing transmit descriptor ring in 'rtl8139_cplus_transmit',
it does not limit the descriptor count and runs forever. Add
check to avoid it.
Reported-by: Andrew Henderson <hendersa@icculus.org> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Signed-off-by: Jason Wang <jasowang@redhat.com>
Li Qiang [Wed, 10 Aug 2016 19:12:20 +0000 (00:42 +0530)]
net: vmxnet: initialise local tx descriptor
In Vmxnet3 device emulator while processing transmit(tx) queue,
when it reaches end of packet, it calls vmxnet3_complete_packet.
In that local 'txcq_descr' object is not initialised, which could
leak host memory bytes a guest.
Reported-by: Li Qiang <liqiang6-s@360.cn> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Reviewed-by: Dmitry Fleytman <dmitry@daynix.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Kevin Wolf [Sun, 16 Oct 2016 22:35:07 +0000 (00:35 +0200)]
e1000e: Don't zero out buffer address in rx descriptor
The e1000e emulation zeroes out any used rx descriptor and then writes a
completely newly constructed value there. By doing this, it doesn't only
update the write-back area of the descriptors (as it's supposed to do),
but it also clears the buffer address, which real hardware doesn't do.
The spec explicitly mentions in chapter 7.1.8 that it is valid for a
driver to reuse a descriptor and only update the status field while
doing so, i.e. reusing the old buffer address:
If software statically allocates buffers, and uses memory read to
check for completed descriptors, it simply has to zero the status
byte in the descriptor to make it ready for reuse by hardware.
This patch fixes the behaviour to leave the buffer address in
descriptors unchanged even after the descriptor has been used.
Signed-off-by: Kevin Wolf <mail@kevin-wolf.de> Reviewed-by: Dmitry Fleytman <dmitry@daynix.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Rocker network switch emulator has test registers to help debug
DMA operations. While testing host DMA access, a buffer address
is written to register 'TEST_DMA_ADDR' and its size is written to
register 'TEST_DMA_SIZE'. When performing TEST_DMA_CTRL_INVERT
test, if DMA buffer size was greater than 'INT_MAX', it leads to
an invalid buffer access. Limit the DMA buffer size to avoid it.
Reported-by: Huawei PSIRT <psirt@huawei.com> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Reviewed-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Li Qiang [Sat, 8 Oct 2016 12:07:25 +0000 (05:07 -0700)]
net: eepro100: fix memory leak in device uninit
The exit dispatch of eepro100 network card device doesn't free
the 's->vmstate' field which was allocated in device realize thus
leading a host memory leak. This patch avoid this.
Signed-off-by: Li Qiang <liqiang6-s@360.cn> Signed-off-by: Jason Wang <jasowang@redhat.com>
The AMD PC-Net II emulator has set of control and status(CSR)
registers. Of these, CSR76 and CSR78 hold receive and transmit
descriptor ring length respectively. This ring length could range
from 1 to 65535. Setting ring length to zero leads to an infinite
loop in pcnet_rdra_addr() or pcnet_transmit(). Add check to avoid it.
Reported-by: Li Qiang <liqiang6-s@360.cn> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Signed-off-by: Jason Wang <jasowang@redhat.com>
Separate all ccr bits. Continue to batch updates via cc_op.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Fix gen_logic_cc() to really extend the size of the result.
Fix gen_get_ccr(): update cc_op as it is used by the helper.
Factorize flags computing and src/ccr cleanup
Laurent Vivier [Wed, 24 Jun 2015 00:35:06 +0000 (02:35 +0200)]
target-m68k: manage scaled index
Scaled index is not supported by 68000, 68008, and 68010.
EA = (bd + PC) + Xn.SIZE*SCALE + od
Ignore it:
M68000 FAMILY PROGRAMMER’S REFERENCE MANUAL
2.4 BRIEF EXTENSION WORD FORMAT COMPATIBILITY
"If the MC68000 were to execute an instruction that
encoded a scaling factor, the scaling factor would be
ignored and would not access the desired memory address.
The earlier microprocessors do not recognize the brief
extension word formats implemented by newer processors.
Although they can detect illegal instructions, they do not
decode invalid encodings of the brief extension word formats
as exceptions."
Signed-off-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Richard Henderson <rth@twiddle.net>
target-m68k: Build the opcode table only once to avoid multithreading issues
Signed-off-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> Signed-off-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Richard Henderson <rth@twiddle.net>
Peter Maydell [Tue, 25 Oct 2016 16:03:11 +0000 (17:03 +0100)]
Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2016-10-25' into staging
QAPI patches for 2016-10-25
# gpg: Signature made Tue 25 Oct 2016 16:56:27 BST
# gpg: using RSA key 0x3870B400EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg: aka "Markus Armbruster <armbru@pond.sub.org>"
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653
* remotes/armbru/tags/pull-qapi-2016-10-25:
qdict: implement a qdict_crumple method for un-flattening a dict
qapi: don't pass two copies of TestInputVisitorData to tests
qapi: rename QmpOutputVisitor to QObjectOutputVisitor
qapi: rename QmpInputVisitor to QObjectInputVisitor
qapi: rename *qmp-*-visitor* to *qobject-*-visitor*
qapi: add trace events for visitor
trivial: Restore blank line in qapi-schema
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
qdict: implement a qdict_crumple method for un-flattening a dict
The qdict_flatten() method will take a dict whose elements are
further nested dicts/lists and flatten them by concatenating
keys.
The qdict_crumple() method aims to do the reverse, taking a flat
qdict, and turning it into a set of nested dicts/lists. It will
apply nesting based on the key name, with a '.' indicating a
new level in the hierarchy. If the keys in the nested structure
are all numeric, it will create a list, otherwise it will create
a dict.
If the keys are a mixture of numeric and non-numeric, or the
numeric keys are not in strictly ascending order, an error will
be reported.
The intent of this function is that it allows a set of QemuOpts
to be turned into a nested data structure that mirrors the nesting
used when the same object is defined over QMP.
Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <1475246744-29302-3-git-send-email-berrange@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Parameter recursive dropped along with its tests; whitespace style
touched up] Signed-off-by: Markus Armbruster <armbru@redhat.com>
qapi: don't pass two copies of TestInputVisitorData to tests
The input_visitor_test_add() method was accepting an instance
of 'TestInputVisitorData' and passing it as the 'user_data'
parameter to test functions. The main 'TestInputVisitorData'
instance that was actually used, was meanwhile being allocated
automatically by the test framework fixture setup.
The 'user_data' parameter is going to be needed for tests
added in later patches, so getting rid of the current mistaken
usage now allows this.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <1475246744-29302-7-git-send-email-berrange@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
qapi: rename QmpOutputVisitor to QObjectOutputVisitor
The QmpOutputVisitor has no direct dependency on QMP. It is
valid to use it anywhere that one wants a QObject. Rename it
to better reflect its functionality as a generic QAPI
to QObject converter.
The commit before previous renamed the files, this one renames C
identifiers.
Reviewed-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <1475246744-29302-6-git-send-email-berrange@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Split into file rename and identifier rename] Signed-off-by: Markus Armbruster <armbru@redhat.com>
qapi: rename QmpInputVisitor to QObjectInputVisitor
The QmpInputVisitor has no direct dependency on QMP. It is
valid to use it anywhere that one has a QObject. Rename it
to better reflect its functionality as a generic QObject
to QAPI converter.
The previous commit renamed the files, this one renames C identifiers.
Reviewed-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <1475246744-29302-5-git-send-email-berrange@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Straightforwardly rebased, split into file and identifier rename] Signed-off-by: Markus Armbruster <armbru@redhat.com>
qapi: rename *qmp-*-visitor* to *qobject-*-visitor*
The QMP visitors have no direct dependency on QMP. It is
valid to use them anywhere that one has a QObject. Rename them
to better reflect their functionality as a generic QObject
to QAPI converter.
This is the first of three parts: rename the files. The next two
parts will rename C identifiers. The split is necessary to make git
rename detection work.
Reviewed-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Split into file and identifier rename, two comments touched up] Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <1475246744-29302-4-git-send-email-berrange@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com>
[visit_type_uint8() & friends rearranged slightly for clarity] Signed-off-by: Markus Armbruster <armbru@redhat.com>
Eric Blake [Mon, 17 Oct 2016 21:29:54 +0000 (16:29 -0500)]
trivial: Restore blank line in qapi-schema
Commit de63ab6 accidentally undid part of commit a43edcf,
because the two patches were written in parallel, and the
blank line was not noticed as a casualty of merge conflicts.
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1476739794-19536-1-git-send-email-eblake@redhat.com> Reviewed-by: Laurent Vivier <lvivier@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
Commit ea3af47 accidentally dropped check-qdict from the list of unit
tests. Put it back.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1477386565-26225-1-git-send-email-armbru@redhat.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 25 Oct 2016 09:25:27 +0000 (10:25 +0100)]
Merge remote-tracking branch 'remotes/ehabkost/tags/x86-pull-request' into staging
x86 and CPU queue, 2016-10-24
x2APIC support to APIC code, cpu_exec_init() refactor on all
architectures, and other x86 changes.
# gpg: Signature made Mon 24 Oct 2016 20:51:14 BST
# gpg: using RSA key 0x2807936F984DC5A6
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>"
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF D1AA 2807 936F 984D C5A6
* remotes/ehabkost/tags/x86-pull-request:
exec: call cpu_exec_exit() from a CPU unrealize common function
exec: move cpu_exec_init() calls to realize functions
exec: split cpu_exec_init()
pc: q35: Bump max_cpus to 288
pc: Require IRQ remapping and EIM if there could be x2APIC CPUs
pc: Add 'etc/boot-cpus' fw_cfg file for machine with more than 255 CPUs
Increase MAX_CPUMASK_BITS from 255 to 288
pc: Clarify FW_CFG_MAX_CPUS usage comment
pc: kvm_apic: Pass APIC ID depending on xAPIC/x2APIC mode
pc: apic_common: Reset APIC ID to initial ID when switching into x2APIC mode
pc: apic_common: Restore APIC ID to initial ID on reset
pc: apic_common: Extend APIC ID property to 32bit
pc: Leave max apic_id_limit only in legacy cpu hotplug code
acpi: cphp: Force switch to modern cpu hotplug if APIC ID > 254
pc: acpi: x2APIC support for SRAT table
pc: acpi: x2APIC support for MADT table and _MAT method
Conflicts:
target-arm/cpu.c
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Laurent Vivier [Thu, 20 Oct 2016 11:26:04 +0000 (13:26 +0200)]
exec: call cpu_exec_exit() from a CPU unrealize common function
As cpu_exec_exit() mirrors the cpu_exec_realizefn(),
rename it as cpu_exec_unrealizefn().
Create and register a cpu_common_unrealizefn() function for
the CPU device class and call cpu_exec_unrealizefn() from
this function.
Remove cpu_exec_exit() from cpu_common_finalize()
(which mirrors init, not realize), and as x86_cpu_unrealizefn()
and ppc_cpu_unrealizefn() overwrite the device class unrealize function,
add a call to a parent_unrealize pointer.
Laurent Vivier [Thu, 20 Oct 2016 11:26:03 +0000 (13:26 +0200)]
exec: move cpu_exec_init() calls to realize functions
Modify all CPUs to call it from XXX_cpu_realizefn() function.
Remove all the cannot_destroy_with_object_finalize_yet as
unsafe references have been moved to cpu_exec_realizefn().
(tested with QOM command provided by commit 4c315c27)
for arm:
Setting of cpu->mp_affinity is moved from arm_cpu_initfn()
to arm_cpu_realizefn() as setting of cpu_index is now done
in cpu_exec_realizefn(). To avoid to overwrite an user defined
value, we set it to an invalid value by default, and update
it in realize function only if the value is still invalid.
Signed-off-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: Andrew Jones <drjones@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Laurent Vivier [Thu, 20 Oct 2016 11:26:02 +0000 (13:26 +0200)]
exec: split cpu_exec_init()
Put in cpu_exec_initfn() what initializes the CPU,
and leave in cpu_exec_init() what adds it to the environment.
As cpu_exec_initfn() is called by all XX_cpu_initfn(), call it
directly in cpu_common_initfn().
cpu_exec_init() is now a realize function, it will be renamed
to cpu_exec_realizefn() and moved to the XX_cpu_realizefn()
function in a following patch.
Signed-off-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Igor Mammedov [Thu, 20 Oct 2016 14:58:42 +0000 (16:58 +0200)]
pc: Add 'etc/boot-cpus' fw_cfg file for machine with more than 255 CPUs
Currently firmware uses 1 byte at 0x5F offset in RTC CMOS
to get number of CPUs present at boot. However 1 byte is
not enough to handle more than 255 CPUs. So add a new
fw_cfg file that would allow QEMU to tell it.
For compat reasons add file only for machine types that
support more than 255 CPUs.
Igor Mammedov [Wed, 19 Oct 2016 12:05:37 +0000 (14:05 +0200)]
pc: apic_common: Reset APIC ID to initial ID when switching into x2APIC mode
SDM: x2APIC State Transitions:
State Changes From xAPIC Mode to x2APIC Mode
"
Any APIC ID value written to the memory-mapped
local APIC ID register is not preserved
"
projects / thirdparty / qemu.git / log
