Age | Commit message (Collapse) | Author | Files | Lines |
|
* upstream-merge: (197 commits)
NBD: Avoid leaking a couple of strings when the NBD device is closed
qemu-progress.c: printf isn't signal safe
ide/atapi: fix set but unused
atapi: Explain why we need a 'media not present' state
atapi: Move comment to proper place
qemu-img resize: Fix option parsing
lm32: add Milkymist Minimac2 support
milkymist-sysctl: fix timers
milkymist-vgafb: fix console resizing
lm32: fix exception handling
kvm: use qemu_free consistently
kvm: Install specialized interrupt handler
fix crash in migration, 32-bit userspace on 64-bit host
Redirect cpu_interrupt to callback handler
Break up user and system cpu_interrupt implementations
kvm: create kvmclock when one of the flags are present
kvm: add kvmclock to its second bit
x86: Allow multiple cpu feature matches of lookup_feature
kvm: use kernel-provided para_features instead of statically coming up with new capabilities
Don't zero out buffer in sched_getaffinity
...
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
|
|
* commit 'd2d979c628e4b2c4a3cb71a31841875795c79043':
NBD: Avoid leaking a couple of strings when the NBD device is closed
qemu-progress.c: printf isn't signal safe
ide/atapi: fix set but unused
atapi: Explain why we need a 'media not present' state
atapi: Move comment to proper place
qemu-img resize: Fix option parsing
lm32: add Milkymist Minimac2 support
milkymist-sysctl: fix timers
milkymist-vgafb: fix console resizing
lm32: fix exception handling
kvm: use qemu_free consistently
fix crash in migration, 32-bit userspace on 64-bit host
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
|
|
* commit 'aa7f74d1199020a29c677bc80518df5267bfe73f': (70 commits)
kvm: Install specialized interrupt handler
Redirect cpu_interrupt to callback handler
Break up user and system cpu_interrupt implementations
kvm: create kvmclock when one of the flags are present
kvm: add kvmclock to its second bit
x86: Allow multiple cpu feature matches of lookup_feature
kvm: use kernel-provided para_features instead of statically coming up with new capabilities
Don't zero out buffer in sched_getaffinity
Fix buffer overrun in sched_getaffinity
linux-user: Fix compilation for "old" linux versions
virtfs: fix build due from rename
virtio-serial: Fix endianness bug in the config space
char: Detect chardev release by NULL handlers as well as NULL opaque
char: Allow devices to use a single multiplexed chardev.
spice-chardev: listen to frontend guest open / close
virtio-console: notify backend of guest open / close
chardev: Allow frontends to notify backends of guest open / close
target-arm: Don't update base register on abort in Thumb T1 LDM
target-arm: fix LDMIA bug on page boundary
ioapic: Do not set irr for masked edge IRQs
...
Conflicts:
kvm-all.c
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
|
|
* commit '5ee8ad71e159e724e2fa1af6b2c502668179502a':
PXE: Use consistent naming for PXE ROMs
Add ipxe submodule
Conflicts:
Makefile
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
|
|
* commit 'a1d8db07fb46e1da410ca7b4ce24a997707d4a53': (72 commits)
target-i386: fix constants wrt softfloat
target-i386: fix helper_fprem() and helper_fprem1() wrt softfloat
target-i386: fix logarithmic and trigonometric helpers wrt softfloat
target-i386: add CPU86_LDouble <-> double conversion functions
target-i386: replace approx_rsqrt and approx_rcp by softfloat ops
target-i386: fix helper_fsqrt() wrt softfloat
target-i386: fix helper_fdiv() wrt softfloat
target-i386: fix helper_fxtract() wrt softfloat
target-i386: fix helper_fbld_ST0() wrt softfloat
target-i386: fix helper_fscale() wrt softfloat
softfloat-native: add float*_is_any_nan() functions
softfloat-native: fix float*_scalbn() functions
softfloat: fix float*_scalnb() corner cases
softfloat: add floatx80_compare*() functions
softfloat-native: add a few constant values
softfloat: add pi constants
softfloat: add floatx80 constants
softfloat: fix floatx80_is_infinity()
softfloat: fix floatx80 handling of NaN
vmstate: port mac_dbdma
...
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
|
|
* commit '3110e2925489c571901e945e315942ce84fe696f': (41 commits)
s390x: Enable s390x-softmmu target
s390x: Prepare cpu.h for emulation
move helpers.h to helper.h
libcacard: fix opposite usage of isspace
target-mips: clear softfpu exception state for comparison instructions
target-mips: fix c.ps.* instructions
target-mips: don't hardcode softfloat exception bits
target-mips: simplify FP comparisons
target-ppc: fix SPE comparison functions
softfloat: improve description of comparison functions
softfloat: move float*_eq and float*_eq_quiet
softfloat: rename float*_eq_signaling() into float*_eq()
softfloat: rename float*_eq() into float*_eq_quiet()
target-i386: fix CMPUNORDPS/D and CMPORDPS/D instructions
target-mips: use new float*_unordered*() functions
target-alpha: use new float64_unordered_quiet() function
softfloat-native: add float*_unordered_quiet() functions
softfloat: add float*_unordered_{,quiet}() functions
target-i386: add floatx_{add,mul,sub} and use them
target-i386: use float unions from cpu-all.h
...
Conflicts:
cpu-exec.c
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
|
|
We only need to walk as many vectors on updates as the device supports.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
|
|
As suggested by Michael Tsirkin: Move the check for GSI routing from
kvm_msi_message_add to the MSI/MSI-X initalization. If it fails (and KVM
is in in-kernel irqchip mode), do not advertise MSI at all.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
|
|
Define a mask of PCI command register bits that need to be emulated,
i.e. read back from their shadow state. We will need this for
selectively emulating the INTx mask bit.
Note: No initialization of emulate_cmd_mask to zero needed, the device
state is already zero-initialized.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Acked-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
|
|
No one can remember where this came from, and it looks very hacky
anyway (we return 0 for config space address 0xfc of _every_ assigned
device, not only vga as the comment claims). So better remove it and
wait for the underlying issue to reappear.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Acked-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
|
|
Ensure that accesses exceeding PCI_CAPABILITY_LIST and
PCI_INTERRUPT_LINE+PIN hit the real device in areas we do not
virtualize. Again, we do not optimize these checks and accesses a lot,
they are considered to be slow paths.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Acked-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
|
|
If we emulate the command register, we must only read its content from
the shadow config space. For dword read of both PCI_COMMAND and
PCI_STATUS, at least the latter must be read from the device.
For simplicity reasons and as the code path is not considered
performance critical for the affected SRIOV devices, the fix performes
device access to the command word unconditionally, even if emulation is
enabled and only that word is read.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Acked-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
|
|
We will need it earlier in the file, so move it unmodified to the top.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Acked-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
|
|
Use ranges_overlap and proper constants to match the access range
against regions that need special handling. This also fixes yet uncaught
high-byte write access to the command register. Moreover, use more
constants instead of magic numbers.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Acked-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
|
|
Signed-off-by: Nick Thomas <nick@bytemark.co.uk>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
Change the signal handling to indicate a signal is pending, rather
then printing directly from the signal handler.
In addition make the signal prints go to stderr, rather than stdout.
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
Signed-off-by: Alon Levy <alevy@redhat.com>
Acked-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
After the re-org of the atapi code, it might not be intuitive for a
reader of the code to understand why we're inserting a 'media not
present' state between cd changes.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
Move misplaced comment for media_is_dvd()
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
For shrinking images, you're supposed to use a negative size. However, the
leading minus makes getopt think that it's an option and so you get the help
text if you don't use -- like in 'qemu-img resize test.img -- -1G'.
This patch handles the size first and removes it from the argument list so that
getopt won't even try to interpret it and you don't need -- any more.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
This patch adds support for Milkymist's minimal Ethernet MAC v2. It
superseds minimac1.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
|
|
Prevent timers from firing right after starting.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
|
|
After enabling the framebuffer, ensure that the console is resized.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
|
|
Global interrupt enable bit is already saved within the exception handler
helper routine. Thus remove extra code in translation routines.
Additionally, debug exceptions has always DEBA as base address.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
|
|
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
|
|
KVM only requires to set the raised IRQ in CPUState and to kick the
receiving vcpu if it is remote. Installing a specialized handler allows
potential future changes to the TCG code path without risking KVM side
effects.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
|
|
This change fixes a long-standing immediate crash (memory corruption
and abort in glibc malloc code) in migration on 32bits.
The bug is present since this commit:
commit 692d9aca97b865b0f7903565274a52606910f129
Author: Bruce Rogers <brogers@novell.com>
Date: Wed Sep 23 16:13:18 2009 -0600
qemu-kvm: allocate correct size for dirty bitmap
The dirty bitmap copied out to userspace is stored in a long array,
and gets copied out to userspace accordingly. This patch accounts
for that correctly. Currently I'm seeing kvm crashing due to writing
beyond the end of the alloc'd dirty bitmap memory, because the buffer
has the wrong size.
Signed-off-by: Bruce Rogers
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
--- a/qemu-kvm.c
+++ b/qemu-kvm.c
@@ int kvm_get_dirty_pages_range(kvm_context_t kvm, unsigned long phys_addr,
- buf = qemu_malloc((slots[i].len / 4096 + 7) / 8 + 2);
+ buf = qemu_malloc(BITMAP_SIZE(slots[i].len));
r = kvm_get_map(kvm, KVM_GET_DIRTY_LOG, i, buf);
BITMAP_SIZE is now open-coded in that function, like this:
size = ALIGN(((mem->memory_size) >> TARGET_PAGE_BITS), HOST_LONG_BITS) / 8;
The problem is that HOST_LONG_BITS in 32bit userspace is 32
but it's 64 in 64bit kernel. So userspace aligns this to
32, and kernel to 64, but since no length is passed from
userspace to kernel on ioctl, kernel uses its size calculation
and copies 4 extra bytes to userspace, corrupting memory.
Here's how it looks like during migrate execution:
our=20, kern=24
our=4, kern=8
...
our=4, kern=8
our=4064, kern=4064
our=512, kern=512
our=4, kern=8
our=20, kern=24
our=4, kern=8
...
our=4, kern=8
our=4064, kern=4064
*** glibc detected *** ./x86_64-softmmu/qemu-system-x86_64: realloc(): invalid next size: 0x08f20528 ***
(our is userspace size above, kern is the size as calculated
by the kernel).
Fix this by always aligning to 64 in a hope that no platform will
have sizeof(long)>8 any time soon, and add a comment describing it
all. It's a small price to pay for bad kernel design.
Alternatively it's possible to fix that in the kernel by using
different size calculation depending on the current process.
But this becomes quite ugly.
Special thanks goes to Stefan Hajnoczi for spotting the fundamental
cause of the issue, and to Alexander Graf for his support in #qemu.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
CC: Bruce Rogers <brogers@novell.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
|
|
This allows to override the interrupt handling of QEMU in system mode.
KVM will make use of it to set a specialized handler.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
|
|
Both have only two lines in common, and we will convert the system
service into a callback which is of no use for user mode operation.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
CC: Riku Voipio <riku.voipio@iki.fi>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
|
|
kvmclock presence can be signalled by two different flags. So for
device creation, we have to test for both.
Signed-off-by: Glauber Costa <glommer@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
|
|
We have two bits that can represent kvmclock in cpuid.
They signal the guest which msr set to use. When we tweak flags
involving this value - specially when we use "-", we have to act on both.
Signed-off-by: Glauber Costa <glommer@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
|
|
kvmclock is represented by two feature bits. Therefore, lookup_feature
needs to continue its search even after the first match. Enhance it
accordingly and switch to a bool return type at this chance.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
|
|
new capabilities
Use the features provided by KVM_GET_SUPPORTED_CPUID directly to
mask out features from guest-visible cpuid.
The old get_para_features() mechanism is kept for older kernels that do not implement it.
Signed-off-by: Glauber Costa <glommer@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
|
|
The kernel doesn't fill the buffer provided to sched_getaffinity
with zero bytes, so neither should QEMU.
Signed-off-by: Mike McCormack <mj.mccormack@samsung.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Riku Voipio <riku.voipio@iki.fi>
|
|
Zeroing of the cpu array should start from &cpus[kernel_ret]
not &cpus[num_zeros_to_fill].
This fixes a crash in EFL's edje_cc running under qemu-arm.
Signed-off-by: Mike McCormack <mj.mccormack@samsung.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Acked-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Riku Voipio <riku.voipio@iki.fi>
|
|
Debian Lenny and other installations with older linux versions
failed to compile linux-user because some CLONE_xxx macros are
undefined.
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Riku Voipio <riku.voipio@iki.fi>
|
|
* 'patches' of git://qemu.weilnetz.de/git/qemu:
qemu-timer: Fix timers for w32
qemu-timer: Avoid type casts
qemu-timer: Remove unneeded include statement (w32)
qemu-timer: Add and use new function qemu_timer_expired_ns
|
|
The latest virtfs pull broke the cris-softmmu target.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
|
|
|
|
The virtio serial specification requres that the values in the config
space are encoded in native endian of the guest.
The qemu virtio-serial code did not do conversion to the guest endian
format what caused problems when host and guest use different format.
This patch corrects the qemu side, correctly doing host-native <->
guest-native conversions when accessing the config space. This won't
break any setups that aren't already broken, and fixes the case
of different host and guest endianness.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
|
|
Juan says he prefers these extra checks to ensure a user of a chardev is
releasing it.
Requested-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
|
|
This fixes regression caused by commit
2d6c1ef40f3678ab47a4d14fb5dadaa486bfcda6
("char: Prevent multiple devices opening same chardev"):
-nodefaults -nographic -chardev stdio,id=stdio,mux=on,signal=off \
-mon stdio -device virtio-serial-pci \
-device virtconsole,chardev=stdio -device isa-serial,chardev=stdio
fails with:
qemu-system-x86_64: -device isa-serial,chardev=stdio: Property 'isa-serial.chardev' can't take value 'stdio', it's in use
Signed-off-by: Kusanagi Kouichi <slash@ac.auone-net.jp>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
|
|
Note the vmc_register_interface() in spice_chr_write is left in place
in case someone uses spice-chardev with a frontend which does not have
guest open / close notification.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
|
|
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
|
|
Some frontends know when the guest has opened the "channel" and is actively
listening to it, for example virtio-serial. This patch adds 2 new qemu-chardev
functions which can be used by frontends to signal guest open / close, and
allows interested backends to listen to this.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
|
|
Make sure the base register isn't updated if it is in the load list
for a Thumb LDM (T1 encoding) which aborts partway through the load.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
|
target-arm: fix LDMIA bug on page boundary
When consecutive memory locations are on page boundary, a base register may be
loaded before page fault occurs. After page fault handling, it losts the memory
location information. To solve this problem, loading a base register has to put back.
Signed-off-by: Yuyeon Oh <yuyeon.oh@samsung.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
|
So far we set IRR for edge IRQs even if the pin is masked. If the guest
later on unmasks and switches the pin to level-triggered mode, irr will
remain set, causing an IRQ storm. The point is that setting IRR is not
correct in this case according to the spec, and avoiding this resolves
the issue.
Reported-and-tested-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
|
The -virtfs option creates an fsdev representing the pass-through file
system and a guest-visible virtio-9p-pci device that can access this
file system. This patch replaces the string manipulation used to build
and reparse option lists with direct QemuOpts calls. Removing the
string manipulation code makes it easier to maintain and less error
prone.
An error message is also updated to use "mount_tag" instead of
"mnt_tag".
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
|