Peter Maydell [Thu, 15 May 2014 15:24:12 +0000 (16:24 +0100)]
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20140513' into staging
target-arm queue:
* update libvixl to 1.4
* remove version_minimum_id_old from ARM devices
* stellaris_enet tx/rx/migration overhaul
* various minor fixes for coverity issues
# gpg: Signature made Tue 13 May 2014 16:25:12 BST using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
* remotes/pmaydell/tags/pull-target-arm-20140513:
hw/arm/omap_gpmc: Avoid buffer overrun filling prefetch FIFO
hw/arm/stellaris: Correct handling of GPTM TAR register
hw/timer/exynos4210_mct: Avoid overflow in exynos4210_ltick_recalc_count
hw/dma/omap_dma: Add (uint32_t) casts when shifting uint16_t by 16
hw/arm/omap1: Avoid unintended sign extension writing omap_rtc YEARS_REG
hw/net/cadence_gem: Remove dead code
hw/intc/allwinner-a10-pic: Add missing 'break'
target-arm/helper.c: Don't flush the TLB if SCTLR is rewritten unchanged
hw/net/stellaris_enet: Convert to vmstate
hw/net/stellaris_enet: Get rid of rx_fifo pointer
hw/net/stellaris_enet: Fix debug format strings
hw/net/stellaris_enet: Correctly implement the TR and THR registers
hw/net/stellaris_enet: Rewrite tx fifo handling code
hw/net/stellaris_enet: Correct handling of packet padding
hw/net/stellaris_enet: Restructure tx_fifo code to avoid buffer overrun
savevm: Remove all the unneeded version_minimum_id_old (arm)
disas/libvixl: Update to libvixl 1.4
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Thu, 15 May 2014 14:38:39 +0000 (15:38 +0100)]
Merge remote-tracking branch 'remotes/kvm/uq/master' into staging
* remotes/kvm/uq/master:
pc: port 92 reset requires a low->high transition
cpu: make CPU_INTERRUPT_RESET available on all targets
apic: do not accept SIPI on the bootstrap processor
target-i386: preserve FPU and MSR state on INIT
target-i386: fix set of registers zeroed on reset
kvm: forward INIT signals coming from the chipset
kvm: reset state from the CPU's reset method
target-i386: the x86 CPL is stored in CS.selector - auto update hflags accordingly.
target-i386: set eflags prior to calling cpu_x86_load_seg_cache() in seg_helper.c
target-i386: set eflags and cr0 prior to calling cpu_x86_load_seg_cache() in smm_helper.c
target-i386: set eflags prior to calling svm_load_seg_cache() in svm_helper.c
pci-assign: limit # of msix vectors
pci-assign: Fix a bug when map MSI-X table memory failed
kvm: make one_reg helpers available for everyone
target-i386: Remove unused data from local array
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This commit is broken because it does not account for the
build tree and the source tree being different, and can cause
build failures for out-of-tree builds. Revert it until we can
identify a better solution to the problem.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1400153676-30180-1-git-send-email-peter.maydell@linaro.org Acked-by: Kevin Wolf <kwolf@redhat.com>
exec-all.h: Use stl_le_p instead of stl_p patching x86
We got the wrong version of stl_p, the one that bswaps as appropriate
for the target. Since x86 is always little-endian, the "_le_" routine
will resolve to what we want.
Signed-off-by: Richard Henderson <rth@twiddle.net>
In fill_prefetch_fifo(), if the device we are reading from is 16 bit,
then we must not try to transfer an odd number of bytes into the FIFO.
This could otherwise have resulted in our overrunning the prefetch.fifo
array by one byte.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Peter Maydell [Tue, 13 May 2014 15:09:39 +0000 (16:09 +0100)]
hw/arm/stellaris: Correct handling of GPTM TAR register
We don't implement very much of the GPTM TAR register, and what we
do is wrong. The "are we in RT mode?" field is in s->config, not
s->control. Correct this, use LOG_UNIMP rather than hw_error()
for the cases we don't support, and avoid an unlabelled fallthrough
that makes Coverity complain.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Peter Maydell [Tue, 13 May 2014 15:09:39 +0000 (16:09 +0100)]
hw/dma/omap_dma: Add (uint32_t) casts when shifting uint16_t by 16
Add missing (uint32_t) casts in cases where we're trying to
put a uint16_t value into the top half of a 32-bit field.
These were already present in some but not all places.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
When writing to the YEARS_REG register, if the year value is
99 then the multiplication by 31536000 will overflow into
the sign bit of a 32 bit value and then be erroneously
sign-extended if time_t is 64 bits. Add a cast to avoid this.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Peter Maydell [Tue, 13 May 2014 15:09:38 +0000 (16:09 +0100)]
hw/net/cadence_gem: Remove dead code
Commit 191946c moved the code to handle padding to minimum
length from after the handling of the CRC to before it.
This means that the CRC code doesn't need to cope with the
possibility that the size is less than 60; remove this
dead code.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Peter Maydell [Tue, 13 May 2014 15:09:38 +0000 (16:09 +0100)]
target-arm/helper.c: Don't flush the TLB if SCTLR is rewritten unchanged
Linux makes a habit of writing the same value to the SCTLR that it
already holds. In a sample boot of the kernel to a shell prompt
it wrote the SCTLR with the value it already held 325465 times,
and wrote different values just 3 times.
Skip flushing the TLB if the SCTLR value isn't actually being changed;
this speeds up my sample boot by 3-5%.
Peter Maydell [Tue, 13 May 2014 15:09:38 +0000 (16:09 +0100)]
hw/net/stellaris_enet: Convert to vmstate
Convert this device to use vmstate for its save/load, including
providing a post_load function that sanitizes inbound data to
avoid possible buffer overflows if it is malicious.
The sanitizing fixes CVE-2013-4532 (though nobody should be
relying on the security properties of most of the unmaintained
ARM board models anyway, and migration doesn't actually
work on this board due to issues in other device models).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Peter Maydell [Tue, 13 May 2014 15:09:37 +0000 (16:09 +0100)]
hw/net/stellaris_enet: Get rid of rx_fifo pointer
The rx_fifo pointer is awkward to migrate, and is actually
redundant since it is always possible to determine it from
the current rx[].len/.data and rx_fifo_len. Remove both
rx_fifo and rx_fifo_len from the state, replacing them with
a simple rx_fifo_offset which points at the current location
in the RX fifo.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Peter Maydell [Tue, 13 May 2014 15:09:37 +0000 (16:09 +0100)]
hw/net/stellaris_enet: Correctly implement the TR and THR registers
Packet transmission for the stellaris ethernet controller can be triggered
in one of two ways:
* by setting a threshold value in the THR register; when the FIFO
fill level reaches the threshold, the h/w starts transmitting.
Software has to finish filling the FIFO before the transmit
process completes to avoid a (silent) underrun
* by software writing to the TR register to explicitly trigger
transmission
Since QEMU transmits packets instantaneously (from the guest's
point of view), implement "transmit based on threshold" with
our existing mechanism of "transmit as soon as we have the whole
packet", with the additional wrinkle that we don't transmit if
the packet size is below the specified threshold, and implement
"transmit by specific request" properly.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
The datasheet is clear that the frame length written to the DATA
register is actually stored in the TX FIFO; this means we don't
need to keep both tx_frame_len and tx_fifo_len state separately.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Peter Maydell [Tue, 13 May 2014 15:09:36 +0000 (16:09 +0100)]
hw/net/stellaris_enet: Correct handling of packet padding
The PADEN bit in the transmit control register enables padding of short
data packets out to the required minimum length. However a typo here
meant we were adjusting tx_fifo_len rather than tx_frame_len, so the
padding didn't actually happen. Fix this bug.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Cc: qemu-stable@nongnu.org
Peter Maydell [Tue, 13 May 2014 15:09:36 +0000 (16:09 +0100)]
hw/net/stellaris_enet: Restructure tx_fifo code to avoid buffer overrun
The current tx_fifo code has a corner case where the guest can overrun
the fifo buffer: if automatic CRCs are disabled we allow the guest to write
the CRC word even if there isn't actually space for it in the FIFO.
The datasheet is unclear about exactly how the hardware deals with this
situation; the most plausible answer seems to be that the CRC word is
just lost.
Implement this fix by separating the "can we stuff another word in the
FIFO" logic from the "should we transmit the packet now" check. This
also moves us closer to the real hardware, which has a number of ways
it can be configured to trigger sending the packet, some of which we
don't implement.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Cc: qemu-stable@nongnu.org
Juan Quintela [Tue, 13 May 2014 15:09:35 +0000 (16:09 +0100)]
savevm: Remove all the unneeded version_minimum_id_old (arm)
After commit 767adce2d, they are redundant. This way we don't assign them
except when needed. Once there, there were lots of cases where the ".fields"
indentation was wrong:
Peter Maydell [Tue, 13 May 2014 15:09:35 +0000 (16:09 +0100)]
disas/libvixl: Update to libvixl 1.4
Update our copy of libvixl to upstream's 1.4 release.
Note that we no longer need any local fixes for compilation
on 32 bit hosts -- they have all been integrated upstream.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1399040419-9227-1-git-send-email-peter.maydell@linaro.org Acked-by: Richard Henderson <rth@twiddle.net>
Peter Maydell [Fri, 9 May 2014 15:06:41 +0000 (16:06 +0100)]
bsd-user: Remove reference to CONFIG_UNAME_RELEASE
Commit e586822a5 broke the bsd-user build when it removed the
CONFIG_UNAME_RELEASE define but forgot to remove the use of it
in bsd-user. Fix this in the simplest possible way (bsd-user
doesn't make any use at all of the qemu_uname_release variable
except to allow it to be pointlessly set by the user, so this
is all we need to do.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1399648001-20980-1-git-send-email-peter.maydell@linaro.org
Paolo Bonzini [Tue, 5 Mar 2013 14:04:36 +0000 (15:04 +0100)]
pc: port 92 reset requires a low->high transition
The PIIX datasheet says that "before another INIT pulse can be
generated via [port 92h], [bit 0] must be written back to a
zero.
This bug is masked right now because a full reset will clear the
value of port 92h. But once we implement soft reset correctly,
the next attempt to enable the A20 line by setting bit 1 (and
leaving the others untouched) will cause another reset.
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Tue, 5 Mar 2013 14:35:17 +0000 (15:35 +0100)]
cpu: make CPU_INTERRUPT_RESET available on all targets
On the x86, some devices need access to the CPU reset pin (INIT#).
Provide a generic service to do this, using one of the internal
cpu_interrupt targets. Generalize the PPC-specific code for
CPU_INTERRUPT_RESET to other targets.
Since PPC does not support migration across QEMU versions (its
machine types are not versioned yet), I picked the value that
is used on x86, CPU_INTERRUPT_TGT_INT_1. Consequently, TGT_INT_2
and TGT_INT_3 are shifted down by one while keeping their value.
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Tue, 12 Mar 2013 12:16:28 +0000 (13:16 +0100)]
target-i386: preserve FPU and MSR state on INIT
Most MSRs, plus the FPU, MMX, MXCSR, XMM and YMM registers should not
be zeroed on INIT (Table 9-1 in the Intel SDM). Copy them out of
CPUX86State and back in, instead of special casing env->pat.
The relevant fields are already consecutive except PAT and SMBASE.
However:
- KVM and Hyper-V MSRs should be reset because they include memory
locations written by the hypervisor. These MSRs are moved together
at the end of the preserved area.
- SVM state can be moved out of the way since it is written by VMRUN.
Cc: Andreas Faerber <afaerber@suse.de> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Tue, 29 Apr 2014 11:10:05 +0000 (13:10 +0200)]
target-i386: fix set of registers zeroed on reset
BND0-3, BNDCFGU, BNDCFGS, BNDSTATUS were not zeroed on reset, but they
should be (Intel Instruction Set Extensions Programming Reference
319433-015, pages 9-4 and 9-6). Same for YMM.
XCR0 should be reset to 1.
TSC and TSC_RESET were zeroed already by the memset, remove the explicit
assignments.
Cc: Andreas Faerber <afaerber@suse.de> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Wed, 20 Mar 2013 12:11:56 +0000 (13:11 +0100)]
kvm: reset state from the CPU's reset method
Now that we have a CPU object with a reset method, it is better to
keep the KVM reset close to the CPU reset. Using qemu_register_reset
as we do now keeps them far apart.
With this patch, PPC no longer calls the kvm_arch_ function, so
it can get removed there. Other arches call it from their CPU
reset handler, and the function gets an ARMCPU/X86CPU/S390CPU.
Note that ARM- and s390-specific functions are called kvm_arm_*
and kvm_s390_*, while x86-specific functions are called kvm_arch_*.
That follows the convention used by the different architectures.
Changing that is the topic of a separate patch.
Reviewed-by: Gleb Natapov <gnatapov@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Kevin O'Connor [Tue, 29 Apr 2014 20:38:59 +0000 (16:38 -0400)]
target-i386: the x86 CPL is stored in CS.selector - auto update hflags accordingly.
Instead of manually calling cpu_x86_set_cpl() when the CPL changes,
check for CPL changes on calls to cpu_x86_load_seg_cache(R_CS). Every
location that called cpu_x86_set_cpl() also called
cpu_x86_load_seg_cache(R_CS), so cpu_x86_set_cpl() is no longer
required.
This fixes the SMM handler code as it was not setting/restoring the
CPL level manually.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Kevin O'Connor [Tue, 29 Apr 2014 20:38:10 +0000 (16:38 -0400)]
target-i386: set eflags and cr0 prior to calling cpu_x86_load_seg_cache() in smm_helper.c
The cpu_x86_load_seg_cache() function inspects cr0 and eflags, so make
sure all changes to eflags and cr0 are done prior to loading the
segment caches.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Kevin O'Connor [Tue, 29 Apr 2014 20:37:50 +0000 (16:37 -0400)]
target-i386: set eflags prior to calling svm_load_seg_cache() in svm_helper.c
The svm_load_seg_cache() function calls cpu_x86_load_seg_cache() which
inspects env->eflags. So, make sure all changes to eflags are done
prior to loading the segment cache.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
KVM only supports MSIX table size up to 256 vectors,
but some assigned devices support more vectors,
at the moment attempts to assign them fail with EINVAL.
Tweak the MSIX capability exposed to guest to limit table size
to a supported value.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Tested-by: Gonglei <arei.gonglei@huawei.com> Cc: qemu-stable@nongnu.org Acked-by: Alex Williamson <alex.williamson@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
pci-assign: Fix a bug when map MSI-X table memory failed
When mmapping memory for the MSI-X table failsthe dev->msix_table is
not set to NULL and assigned_dev_unregister_msix_mmio() will cause
a segfault when trying to munmap it.
Signed-off-by: Gonglei Arei <arei.gonglei@huawei.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Peter Maydell [Tue, 13 May 2014 10:30:07 +0000 (11:30 +0100)]
Merge remote-tracking branch 'remotes/bonzini/configure' into staging
* remotes/bonzini/configure:
libcacard: remove libcacard-specific CFLAGS and LIBS from global vars
build: simplify and fix fix-obj-vars
build: convert some obj-specific CFLAGS to use new foo.o-cflags syntax
build: add support for per-object -cflags and -libs to all rules
Makefile: use $(INSTALL_LIB) for modules not $(INSTALL_PROG)
Makefile.target: use $(INSTALL_PROG) for installing, not $(INSTALL)
Makefile: strip tools and modules too
build: simplify Makefile.target around unnest-vars invocations
build: simplify Makefile.target a bit, use just one rule for softmmu
build: Fix per-object variables for Makefile.target
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 13 May 2014 09:35:46 +0000 (10:35 +0100)]
Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging
Block pull request
# gpg: Signature made Fri 09 May 2014 19:57:53 BST using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>"
* remotes/stefanha/tags/block-pull-request:
glib: fix g_poll early timeout on windows
block: qemu-iotests - test for live migration
block: qemu-iotests - update 085 to use common.qemu
block: qemu-iotests - add common.qemu, for bash-controlled qemu tests
block/raw-posix: Try both FIEMAP and SEEK_HOLE
gluster: Correctly propagate errors when volume isn't accessible
vl.c: remove init_clocks call from main
block: Fix open flags with BDRV_O_SNAPSHOT
qemu-iotests: Test converting to streamOptimized from small cluster size
vmdk: Implement .bdrv_get_info()
vmdk: Implement .bdrv_write_compressed
qemu-img: Convert by cluster size if target is compressed
block/iscsi: bump year in copyright notice
block/nfs: Check for NULL server part
qemu-img: sort block formats in help message
iotests: Use configured python
qcow2: Fix alloc_clusters_noref() overflow detection
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
There was some modulo logic to ensure that Microblaze always booted into
physical RAM regardless of the elf entry. Removed it, as QEMU should fail
gracefully when given a bad elf, rather than attempt to run it.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
The TCSR register has only 11 valid bits. This is now used by the
linux kernel to auto-detect endianness, and causes Linux 3.15-rc1
and later to hang when run under qemu-microblaze. Mask valid bits
before writing the register to solve the problem.
Signed-off-by: Guenter Roeck <linux@roeck-us.net> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@gmail.com> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
The MER register only has two valid bits. This is now used by
the linux kernel to auto-detect endianness, and causes Linux 3.15-rc1
and later to hang when run under qemu-microblaze. Mask valid bits before
writing the register to solve the problem.
Signed-off-by: Guenter Roeck <linux@roeck-us.net> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
[Edgar: Untabified] Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
tcg: Remove unreachable code in tcg_out_op and op_defs
The INDEX_op_call case has just been obsoleted; the mov and movi
cases have not been reachable for years. Attempt to document this
both in each tcg_out_op switch, and via TCG_OPF_NOT_PRESENT.
Because of the TCG_OPF_NOT_PRESENT change, this must be done for
all targets in a single commit.
Signed-off-by: Richard Henderson <rth@twiddle.net>
tcg: Use tcg_target_available_regs in tcg_reg_alloc_mov
The move opcodes are special in that their constraints must cover
all available registers. So instead of checking the constraints,
just use the available registers.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Using a 16-byte aligned structure achieves best results, both for code
cleanliness and compiled code size. However, this means that we can't
use the trick of encoding the slot number into the low 2 bits.
Thankfully, we only ever use slot2, so make that explicit in the names
of the relocation functions, and drop the code for other slots.
Signed-off-by: Richard Henderson <rth@twiddle.net>
And use tcg pointer differencing functions as appropriate.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
And use tcg pointer differencing functions as appropriate.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
To be defined by the tcg backend based on the elemental unit of the ISA.
During the transition, allow TCG_TARGET_INSN_UNIT_SIZE to be undefined,
which allows us to default tcg_insn_unit to the current uint8_t.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
Peter Maydell [Fri, 28 Mar 2014 15:29:48 +0000 (15:29 +0000)]
tcg: Avoid undefined behaviour patching code at unaligned addresses
To avoid C undefined behaviour when patching generated code,
provide wrappers tcg_patch8/16/32/64 which use the usual memcpy
trick, and use them in the i386 backend.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
Peter Maydell [Fri, 28 Mar 2014 15:29:47 +0000 (15:29 +0000)]
tcg: Avoid stores to unaligned addresses
Avoid stores to unaligned addresses in TCG code generation, by using the
usual memcpy() approach. (Using bswap.h would drag a lot of QEMU baggage
into TCG, so it's simpler just to do direct memcpy() here.)
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
Peter Maydell [Fri, 28 Mar 2014 15:29:46 +0000 (15:29 +0000)]
exec-all.h: Use stl_p to avoid undefined behaviour patching x86 jumps
The code which patches x86 jump instructions assumes it can do an
unaligned write of a uint32_t. This is actually safe on x86, but it's
still undefined behaviour. We have infrastructure for doing efficient
unaligned accesses which doesn't engage in undefined behaviour, so
use it.
This is technically fractionally less efficient, at least with gcc 4.6;
instead of one instruction:
7b2: 89 3e mov %edi,(%rsi)
we get an extra spurious store to the stack slot:
7b2: 89 7c 24 64 mov %edi,0x64(%rsp)
7b6: 89 3e mov %edi,(%rsi)
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
Michael Tokarev [Thu, 8 May 2014 12:48:27 +0000 (16:48 +0400)]
libcacard: remove libcacard-specific CFLAGS and LIBS from global vars
Currently all what's needed for single file libcacard/vcard_emul_nss.c
(libnss cflags) and hw/usb/ccid-card-emulated.c (libcacard includes)
together with the libs is added to global QEMU_CFLAGS and libs_softmmu.
Use the cflags only where really used (for two mentioned files), and
libs only where needed.
While at it, rename variables to better reflect reality: libcacard_*
is really nss_*.
This needs a bit more tweaking: $(NSS_LIBS) should not contain $glib_libs
(ditto for _cflags). But in order to fix it, some more preparations
should be made first. So add a FIXME comment.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Thu, 8 May 2014 13:02:48 +0000 (15:02 +0200)]
build: simplify and fix fix-obj-vars
fix-obj-vars has the undesired side effect of breaking -cflags
-objs and -libs variables in the toplevel Makefile.objs. The
variables in the toplevel Makefile.objs do not need any fix,
so fix-obj-vars need not do anything.
Since we are touching it, remove the now unnecessary $(if)
in the callers.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Sangho Park [Thu, 8 May 2014 08:47:10 +0000 (12:47 +0400)]
glib: fix g_poll early timeout on windows
g_poll has a problem on Windows when using
timeouts < 10ms, in glib/gpoll.c:
/* If not, and we have a significant timeout, poll again with
* timeout then. Note that this will return indication for only
* one event, or only for messages. We ignore timeouts less than
* ten milliseconds as they are mostly pointless on Windows, the
* MsgWaitForMultipleObjectsEx() call will timeout right away
* anyway.
*/
if (retval == 0 && (timeout == INFINITE || timeout >= 10))
retval = poll_rest (poll_msgs, handles, nhandles, fds, nfds, timeout);
so whenever g_poll is called with timeout < 10ms it does
a quick poll instead of wait, this causes significant performance
degradation of QEMU, thus we should use WaitForMultipleObjectsEx
directly
Signed-off-by: Stanislav Vorobiov <s.vorobiov@samsung.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Jeff Cody [Wed, 30 Apr 2014 14:55:09 +0000 (10:55 -0400)]
block: qemu-iotests - update 085 to use common.qemu
The new functionality of common.qemu implements the QEMU control
and communication functionality that was originally in test 085.
This removes that now-duplicate functionality, and uses the
common.qemu functions.
The QEMU commandline changes slightly due to this; in addition to
monitor and qmp i/o options, the new QEMU commandline from inside
common.qemu now introduces -machine accel=qtest.
Reviewed-by: Benoit Canet <benoit@irqsave.net> Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Jeff Cody <jcody@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Jeff Cody [Wed, 30 Apr 2014 14:55:08 +0000 (10:55 -0400)]
block: qemu-iotests - add common.qemu, for bash-controlled qemu tests
This creates some common functions for bash language qemu-iotests
to control, and communicate with, a running QEMU process.
4 functions are introduced:
1. _launch_qemu()
This launches the QEMU process(es), and sets up the file
descriptors and fifos for communication. You can choose to
launch each QEMU process listening for either QMP or HMP
monitor. You can call this function multiple times, and
save the handle returned from each. The returned handle is
in $QEMU_HANDLE. You must copy this value.
Commands 2 and 3 use the handle received from _launch_qemu(), to talk
to the appropriate process.
2. _send_qemu_cmd()
Sends a command string, specified by $2, to QEMU. If $3 is
non-NULL, _send_qemu_cmd() will wait to receive $3 as a
required result string from QEMU. Failure to receive $3 will
cause the test to fail. The command can optionally be retried
$qemu_cmd_repeat number of times. Set $qemu_error_no_exit
to not force the test the fail on exit; in this case,
$QEMU_STATUS[$1] will be set to -1 on failure.
3. _timed_wait_for()
Waits for a response, for up to a default of 10 seconds. If
$2 is not seen in that time (anywhere in the response), then
the test fails. Primarily used by _send_qemu_cmd, but could
be useful standalone, as well. To prevent automatic exit
(and therefore test failure), set $qemu_error_no_exit to a
non-NULL value. If $silent is a non-NULL value, then output
to stdout will be suppressed.
4. _cleanup_qemu()
Kills the running QEMU processes, and removes the fifos.
Signed-off-by: Jeff Cody <jcody@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Max Reitz [Thu, 8 May 2014 18:57:55 +0000 (20:57 +0200)]
block/raw-posix: Try both FIEMAP and SEEK_HOLE
The current version of raw-posix always uses ioctl(FS_IOC_FIEMAP) if
FIEMAP is available; lseek with SEEK_HOLE/SEEK_DATA are not even
compiled in in this case. However, there may be implementations which
support the latter but not the former (e.g., NFSv4.2) as well as vice
versa.
To cover both cases, try FIEMAP first (as this will return -ENOTSUP if
not supported instead of returning a failsafe value (everything
allocated as a single extent)) and if that does not work, fall back to
SEEK_HOLE/SEEK_DATA.
Signed-off-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Peter Krempa [Fri, 9 May 2014 10:08:10 +0000 (12:08 +0200)]
gluster: Correctly propagate errors when volume isn't accessible
The docs for glfs_init suggest that the function sets errno on every
failure. In fact it doesn't. As other functions such as
qemu_gluster_open() in the gluster block code report their errors based
on this fact we need to make sure that errno is set on each failure.
This fixes a crash of qemu-img/qemu when a gluster brick isn't
accessible from given host while the server serving the volume
description is.
Thread 1 (Thread 0x7ffff7fba740 (LWP 203880)):
#0 0x00007ffff77673f8 in glfs_lseek () from /usr/lib64/libgfapi.so.0
#1 0x0000555555574a68 in qemu_gluster_getlength ()
#2 0x0000555555565742 in refresh_total_sectors ()
#3 0x000055555556914f in bdrv_open_common ()
#4 0x000055555556e8e8 in bdrv_open ()
#5 0x000055555556f02f in bdrv_open_image ()
#6 0x000055555556e5f6 in bdrv_open ()
#7 0x00005555555c5775 in bdrv_new_open ()
#8 0x00005555555c5b91 in img_info ()
#9 0x00007ffff62c9c05 in __libc_start_main () from /lib64/libc.so.6
#10 0x00005555555648ad in _start ()
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Kirill Batuzov [Tue, 6 May 2014 12:59:53 +0000 (16:59 +0400)]
vl.c: remove init_clocks call from main
Clocks are initialized in qemu_init_main_loop. They are not needed before it.
Initializing them twice is not only unnecessary but is harmful: it results in
memory leak and potentially can lead to a situation where different parts of
QEMU use different sets of timers.
To avoid it remove init_clocks call from main and add an assertion to
qemu_clock_init that corresponding clock has not been initialized yet.
Signed-off-by: Kirill Batuzov <batuzovk@ispras.ru> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Kevin Wolf [Tue, 6 May 2014 10:11:42 +0000 (12:11 +0200)]
block: Fix open flags with BDRV_O_SNAPSHOT
The immediately visible effect of this patch is that it fixes committing
a temporary snapshot to its backing file. Previously, it would fail with
a "permission denied" error because bdrv_inherited_flags() forced the
backing file to be read-only, ignoring the r/w reopen of bdrv_commit().
The bigger problem this revealed is that the original open flags must
actually only be applied to the temporary snapshot, and the original
image file must be treated as a backing file of the temporary snapshot
and get the right flags for that.
Reported-by: Jan Kiszka <jan.kiszka@web.de> Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Peter Maydell [Fri, 9 May 2014 14:46:34 +0000 (15:46 +0100)]
Merge remote-tracking branch 'remotes/qmp-unstable/queue/qmp' into staging
* remotes/qmp-unstable/queue/qmp: (38 commits)
Revert "qapi: Clean up superfluous null check in qapi_dealloc_type_str()"
qapi: Document optional arguments' backwards compatibility
qmp: use valid JSON in transaction example
qmp: Don't use error_is_set() to suppress additional errors
dump: Drop pointless error_is_set(), DumpState member errp
qemu-option: Clean up fragile use of error_is_set()
qga: Drop superfluous error_is_set()
qga: Clean up fragile use of error_is_set()
qapi: Clean up fragile use of error_is_set()
tests/qapi-schema: Drop superfluous error_is_set()
qapi: Drop redundant, unclean error_is_set()
hmp: Guard against misuse of hmp_handle_error()
qga: Use return values instead of error_is_set(errp)
error: Consistently name Error ** objects errp, and not err
qmp: Consistently name Error ** objects errp, and not err
qga: Consistently name Error ** objects errp, and not err
qmp hmp: Consistently name Error * objects err, and not errp
pci-assign: assigned_initfn(): set monitor error in common error handler
pci-assign: propagate errors from assign_intx()
pci-assign: propagate errors from assign_device()
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
qmp: Don't use error_is_set() to suppress additional errors
Using error_is_set(errp) that way can sweep programming errors under
the carpet when we get called incorrectly with an error set.
encrypted_bdrv_it() does it, because there's no way to make
bdrv_iterate() break its loop. Actually safe, because qmp_cont()
clears the error before the loop. Clean it up anyway: replace
bdrv_iterate() by bdrv_next(), break the loop on error.
Replace both occurrences, for consistency.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
dump: Drop pointless error_is_set(), DumpState member errp
In qmp_dump_guest_memory(), the error must be clear on entry, and we
always bail out after setting it, directly or via dump_init().
Therefore, both error_is_set() are always false. Drop them.
DumpState member errp is now write-only. Drop it, too.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
qemu-option: Clean up fragile use of error_is_set()
Using error_is_set(ERRP) to find out whether to bail out due to
previous error is either wrong, fragile, or unnecessarily opaque.
It's wrong when ERRP may be null, because errors go undetected when it
is. It's fragile when proving ERRP non-null involves a non-local
argument. Else, it's unnecessarily opaque (see commit 84d18f0).
The error_is_set(state->errp) in qemu_opts_from_qdict_1() is merely
fragile, because the callers never pass state argument with null
state->errp.
Make the code more robust and more obviously correct: test
*state->errp directly.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
acquire_privilege(), execute_async() and check_suspend_mode() do
nothing when called with an error set. Callers shouldn't do that, and
no caller does. Drop the superfluous tests.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Using error_is_set(ERRP) to find out whether a function failed is
either wrong, fragile, or unnecessarily opaque. It's wrong when ERRP
may be null, because errors go undetected when it is. It's fragile
when proving ERRP non-null involves a non-local argument. Else, it's
unnecessarily opaque (see commit 84d18f0).
The error_is_set(errp) in the guest agent command handler functions
are merely fragile, because all chall chains (do_qmp_dispatch() via
the generated marshalling functions) pass a non-null errp argument.
Make the code more robust and more obviously correct: receive the
error in a local variable, then propagate it through the parameter.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Using error_is_set(ERRP) to find out whether a function failed is
either wrong, fragile, or unnecessarily opaque. It's wrong when ERRP
may be null, because errors go undetected when it is. It's fragile
when proving ERRP non-null involves a non-local argument. Else, it's
unnecessarily opaque (see commit 84d18f0).
The error_is_set(errp) in do_qmp_dispatch() is merely fragile, because
the caller never passes a null errp argument.
Make the code more robust and more obviously correct: receive the
error in a local variable, then propagate it through the parameter.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
do_qmp_dispatch()'s test for qmp_dispatch_check_obj() failure examines
both the return value and the error object. The latter part is
unclean; it works only when do_qmp_dispatch()'s caller passes a
non-null errp argument. That's the case, but it's not locally
obvious. Unclean.
Cleanup would be easy enough, but since the unclean code is also
redundant, let's just drop it.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
qga: Use return values instead of error_is_set(errp)
Using error_is_set(errp) to check whether a function call failed is
fragile: it breaks when errp is null. ga_get_fd_handle() and
guest_file_handle_add() don't return a useful value when they fail,
but that's just stupid. Fix that, and check them instead. As far
as I can tell, errp can't be null there, but this is more robust and
more obviously correct.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>