aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-12-20Move target-* CPU file into a target/ folderThomas Huth
We've currently got 18 architectures in QEMU, and thus 18 target-xxx folders in the root folder of the QEMU source tree. More architectures (e.g. RISC-V, AVR) are likely to be included soon, too, so the main folder of the QEMU sources slowly gets quite overcrowded with the target-xxx folders. To disburden the main folder a little bit, let's move the target-xxx folders into a dedicated target/ folder, so that target-xxx/ simply becomes target/xxx/ instead. Acked-by: Laurent Vivier <laurent@vivier.eu> [m68k part] Acked-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de> [tricore part] Acked-by: Michael Walle <michael@walle.cc> [lm32 part] Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com> [s390x part] Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com> [s390x part] Acked-by: Eduardo Habkost <ehabkost@redhat.com> [i386 part] Acked-by: Artyom Tarasenko <atar4qemu@gmail.com> [sparc part] Acked-by: Richard Henderson <rth@twiddle.net> [alpha part] Acked-by: Max Filippov <jcmvbkbc@gmail.com> [xtensa part] Reviewed-by: David Gibson <david@gibson.dropbear.id.au> [ppc part] Acked-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> [cris&microblaze part] Acked-by: Guan Xuetao <gxt@mprc.pku.edu.cn> [unicore32 part] Signed-off-by: Thomas Huth <thuth@redhat.com>
2016-12-20Open 2.9 development treeStefan Hajnoczi
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-12-20Update version for v2.8.0 releasev2.8.0Stefan Hajnoczi
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-12-15Update version for v2.8.0-rc4 releasev2.8.0-rc4Stefan Hajnoczi
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-12-15virtio-pci: Fix cross-version migration with older machinesMaxime Coquelin
This patch fixes a cross-version migration regression introduced by commit d1b4259f ("virtio-bus: Plug devices after features are negotiated"). The problem is encountered when host's vhost backend does not support VIRTIO_F_VERSION_1, and migration is initiated from a v2.7 or prior machine with virtio-pci modern capabilities enabled to a v2.8 machine. In this case, modern capabilities get exposed to the guest by the source, whereas the target will detect version 1 is not supported so will only expose legacy capabilities. The problem is fixed by introducing a new "x-ignore-backend-features" property, which is set in v2.7 and prior compatibility modes. Doing this, v2.7 machine keeps its broken behaviour (enabling modern while version is not supported), and newer machines will behave correctly. Reported-by: Michael Roth <mdroth@linux.vnet.ibm.com> Reviewed-by: Marcel Apfelbaum <marcel@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Tested-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com> Message-id: 20161214163035.3297-1-maxime.coquelin@redhat.com Suggested-by: Stefan Hajnoczi <stefanha@redhat.com> Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Cornelia Huck <cornelia.huck@de.ibm.com> Cc: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Marcel Apfelbaum <marcel@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Tested-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-12-14po: add missing translations in de, fr, it, zhStefan Hajnoczi
There are missing translations for the new "Copy" menu item. The following people provided them to me on IRC just in time for the QEMU 2.8 release: * de_DE - Stefan Hajnoczi <stefanha@redhat.com> * fr_FR - Laurent Vivier <laurent@vivier.eu> * it - Pino Toscano <ptoscano@redhat.com> * zh_CN - Fam Zheng <famz@redhat.com> [Removed spurious space in zh_CN "Copy" translation that Fam Zheng pointed out. --Stefan] Reported-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-id: 20161214144713.11009-1-stefanha@redhat.com Cc: Fam Zheng <famz@redhat.com> Cc: Pino Toscano <ptoscano@redhat.com> Cc: Laurent Vivier <laurent@vivier.eu> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-12-14ui/gtk: fix "Copy" menu item segfaultStefan Hajnoczi
The "Copy" menu item copies VTE terminal text to the clipboard. This only works with VTE terminals, not with graphics consoles. Disable the menu item when the current notebook page isn't a VTE terminal. This patch fixes a segfault. Reproducer: Start QEMU and click the Copy menu item when the guest display is visible. Reported-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> Tested-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-id: 20161214142518.10504-1-stefanha@redhat.com Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-12-14Update language files for QEMU 2.8.0Stefan Hajnoczi
Update translation files (change created via 'make -C po update'). Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Stefan Weil <sw@weilnetz.de> Message-id: 20161213214917.6436-1-stefanha@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-12-06Update version for v2.8.0-rc3 releasev2.8.0-rc3Stefan Hajnoczi
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-12-06qapi: Document introduction of gluster's 'debug' optionEric Blake
We intentionally renamed 'debug-level' to 'debug' in the QMP schema for 'blockdev-add' related to gluster, in order to match the command line (commit 1a417e46). However, since 'debug-level' was visible in 2.7, that means that we should document that 'debug' was not available until 2.8. The change was intentional because 'blockdev-add' itself underwent incompatible changes (such as commit 0153d2f) for the same release; our intent is that after 2.8, these interfaces will now be stable. [In hindsight, we should have used the name x-blockdev-add when we first introduced it] Signed-off-by: Eric Blake <eblake@redhat.com> Message-id: 20161206182020.25736-1-eblake@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-12-06exec.c: Fix breakpoint invalidation racePeter Maydell
A bug (1647683) was reported showing a crash when removing breakpoints. The reproducer was bisected to 3359baad when tb_flush was finally made thread safe. While in MTTCG the locking in breakpoint_invalidate would have prevented any problems, but currently tb_lock() is a NOP for system emulation. The race is between a tb_flush from the gdbstub and the tb_invalidate_phys_addr() in breakpoint_invalidate(). Ideally we'd have actual locking here; for the moment the simple fix is to do a full tb_flush() for a bp invalidate, since that is thread-safe even if no lock is taken. Reported-by: Julian Brown <julian@codesourcery.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1481047629-7763-1-git-send-email-peter.maydell@linaro.org Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-12-06qapi: Document DEVICE_TRAY_MOVED additionEric Blake
Commit 2d76e72 failed to add a versioning tag to 'id'. I audited all qapi*.json files from v2.7.0 to the current state of the tree, and didn't find any other additions where we failed to use a version tag. Signed-off-by: Eric Blake <eblake@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-id: 20161206160345.22425-1-eblake@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-12-06tests/.gitignore: Ignore test-charChanglong Xie
[Lin Ma <lma@suse.com> notes that commit ea3af47d added test for chardev unit tests, but didn't add the name of generated binary in .gitignore. --Stefan] Signed-off-by: Changlong Xie <xiecl.fnst@cn.fujitsu.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-id: 1478494765-13233-1-git-send-email-xiecl.fnst@cn.fujitsu.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-12-06Merge remote-tracking branch 'kwolf/tags/for-upstream' into stagingStefan Hajnoczi
Block layer patches for 2.8.0-rc3 # gpg: Signature made Tue 06 Dec 2016 02:44:39 PM GMT # gpg: using RSA key 0x7F09B272C88F2FD6 # gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" # Primary key fingerprint: DC3D EB15 9A9A F95D 3D74 56FE 7F09 B272 C88F 2FD6 * kwolf/tags/for-upstream: qcow2: Don't strand clusters near 2G intervals during commit Message-id: 1481037418-10239-1-git-send-email-kwolf@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-12-06qcow2: Don't strand clusters near 2G intervals during commitEric Blake
The qcow2_make_empty() function is reached during 'qemu-img commit', in order to clear out ALL clusters of an image. However, if the image cannot use the fast code path (true if the image is format 0.10, or if the image contains a snapshot), the cluster size is larger than 512, and the image is larger than 2G in size, then our choice of sector_step causes problems. Since it is not cluster aligned, but qcow2_discard_clusters() silently ignores an unaligned head or tail, we are leaving clusters allocated. Enhance the testsuite to expose the flaw, and patch the problem by ensuring our step size is aligned. Signed-off-by: Eric Blake <eblake@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-12-06Merge remote-tracking branch 'jasowang/tags/net-pull-request' into stagingStefan Hajnoczi
# gpg: Signature made Tue 06 Dec 2016 02:24:23 AM GMT # gpg: using RSA key 0xEF04965B398D6211 # gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>" # Primary key fingerprint: 215D 46F4 8246 689E C77F 3562 EF04 965B 398D 6211 * jasowang/tags/net-pull-request: fsl_etsec: Fix various small problems in hexdump code fsl_etsec: Pad short payloads with zeros net: mcf: check receive buffer size register value Message-id: 1480991552-14360-1-git-send-email-jasowang@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-12-06Merge remote-tracking branch 'jtc/tags/block-pull-request' into stagingStefan Hajnoczi
# gpg: Signature made Mon 05 Dec 2016 09:30:45 PM GMT # gpg: using RSA key 0xBDBE7B27C0DE3057 # gpg: Good signature from "Jeffrey Cody <jcody@redhat.com>" # gpg: aka "Jeffrey Cody <jeff@codyprime.org>" # gpg: aka "Jeffrey Cody <codyprime@gmail.com>" # Primary key fingerprint: 9957 4B4D 3474 90E7 9D98 D624 BDBE 7B27 C0DE 3057 * jtc/tags/block-pull-request: qemu-doc: update gluster protocol usage guide block/nfs: fix QMP to match debug option block/gluster: fix QMP to match debug option Message-id: 1480973521-28945-1-git-send-email-jcody@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-12-06Merge remote-tracking branch 'pm215/tags/pull-target-arm-20161205' into stagingStefan Hajnoczi
target-arm queue: * fix gen_load_exclusive handling of ldaxp # gpg: Signature made Mon 05 Dec 2016 05:57:51 PM GMT # gpg: using RSA key 0x3C2525ED14360CDE # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" # gpg: aka "Peter Maydell <pmaydell@gmail.com>" # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE * pm215/tags/pull-target-arm-20161205: target-arm/translate-a64: fix gen_load_exclusive Message-id: 1480960775-5002-1-git-send-email-peter.maydell@linaro.org Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-12-06Merge remote-tracking branch 'armbru/tags/pull-qapi-2016-12-05' into stagingStefan Hajnoczi
QAPI patches for 2016-12-05 # gpg: Signature made Mon 05 Dec 2016 04:41:53 PM GMT # gpg: using RSA key 0x3870B400EB918653 # gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" # gpg: aka "Markus Armbruster <armbru@pond.sub.org>" # Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653 * armbru/tags/pull-qapi-2016-12-05: qapi: add missing colon-ending for section name qapi: use one symbol per line qapi: fix various symbols mismatch in documentation qapi: fix missing symbol @prefix qapi: fix schema symbol sections qga/schema: fix double-return in doc tests: Avoid qobject_from_jsonf("%"PRId64) test-qga: Avoid qobject_from_jsonv("%"PRId64) qmp-event: Avoid qobject_from_jsonf("%"PRId64) Message-id: 1480956313-31322-1-git-send-email-armbru@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-12-06Merge remote-tracking branch 'kraxel/tags/pull-vga-20161205-1' into stagingStefan Hajnoczi
qxl: fix flickering. cirrus: avoid devision by zero. virtio-gpu: fix two leaks. # gpg: Signature made Mon 05 Dec 2016 10:55:45 AM GMT # gpg: using RSA key 0x4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * kraxel/tags/pull-vga-20161205-1: display: cirrus: check vga bits per pixel(bpp) value virtio-gpu: fix memory leak in update_cursor_data_virgl virtio-gpu: fix information leak in getting capset info dispatch qxl: Only emit QXL_INTERRUPT_CLIENT_MONITORS_CONFIG on config changes Message-id: 1480935840-3961-1-git-send-email-kraxel@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-12-06fsl_etsec: Fix various small problems in hexdump codeAndrey Smirnov
Fix various small problems in hexdump code, such as: - Reference to non-existing field etsec->nic->nc.name is replaced with nc->name - Type mismatch warnings Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2016-12-05qemu-doc: update gluster protocol usage guidePrasanna Kumar Kalever
Document: 1. The new debug and logfile options with their usages 2. New json format and its usage and 3. update "GlusterFS, Device URL Syntax" section in "Invocation" Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Jeff Cody <jcody@redhat.com>
2016-12-05block/nfs: fix QMP to match debug optionPrasanna Kumar Kalever
The QMP definition of BlockdevOptionsNfs: { 'struct': 'BlockdevOptionsNfs', 'data': { 'server': 'NFSServer', 'path': 'str', '*user': 'int', '*group': 'int', '*tcp-syn-count': 'int', '*readahead-size': 'int', '*page-cache-size': 'int', '*debug-level': 'int' } } To make this consistent with other block protocols like gluster, lets change s/debug-level/debug/ Suggested-by: Eric Blake <eblake@redhat.com> Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Jeff Cody <jcody@redhat.com>
2016-12-05block/gluster: fix QMP to match debug optionPrasanna Kumar Kalever
The QMP definition of BlockdevOptionsGluster: { 'struct': 'BlockdevOptionsGluster', 'data': { 'volume': 'str', 'path': 'str', 'server': ['GlusterServer'], '*debug-level': 'int', '*logfile': 'str' } } But instead of 'debug-level we have exported 'debug' as the option for choosing debug level of gluster protocol driver. This patch fix QMP definition BlockdevOptionsGluster s/debug-level/debug/ Suggested-by: Eric Blake <eblake@redhat.com> Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Jeff Cody <jcody@redhat.com>
2016-12-05target-arm/translate-a64: fix gen_load_exclusiveAlex Bennée
While testing rth's latest TCG patches with risu I found ldaxp was broken. Investigating further I found it was broken by 1dd089d0 when the cmpxchg atomic work was merged. As part of that change the code attempted to be clever by doing a single 64 bit load and then shuffle the data around to set the two 32 bit registers. As I couldn't quite follow the endian magic I've simply partially reverted the change to the original code gen_load_exclusive code. This doesn't affect the cmpxchg functionality as that is all done on in gen_store_exclusive part which is untouched. I've also restored the comment that was removed (with a slight tweak to mention cmpxchg). Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Acked-by: Richard Henderson <rth@twiddle.net> Message-id: 20161202173454.19179-1-alex.bennee@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-12-05qapi: add missing colon-ending for section nameMarc-André Lureau
The documentation parser we are going to add expects a section name to end with ':', otherwise the comment is treated as free-form text body. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161117155504.21843-9-marcandre.lureau@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-12-05qapi: use one symbol per lineMarc-André Lureau
The documentation parser we are going to add only handles a single symbol per line. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161117155504.21843-8-marcandre.lureau@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-12-05qapi: fix various symbols mismatch in documentationMarc-André Lureau
There are various mismatch: - invalid symbols - section and member symbols mismatch - enum or union values vs 'type' The documentation parser catches all these cases. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161117155504.21843-7-marcandre.lureau@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-12-05qapi: fix missing symbol @prefixMarc-André Lureau
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Message-Id: <20161117155504.21843-6-marcandre.lureau@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-12-05qapi: fix schema symbol sectionsMarc-André Lureau
According to docs/qapi-code-gen.txt, there needs to be '##' to start a and end a symbol section, that's also what the documentation parser expects. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Message-Id: <20161117155504.21843-5-marcandre.lureau@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-12-05qga/schema: fix double-return in docMarc-André Lureau
guest-get-memory-block-info documentation should have only one "Returns:". Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Message-Id: <20161117155504.21843-3-marcandre.lureau@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-12-05tests: Avoid qobject_from_jsonf("%"PRId64)Eric Blake
The qobject_from_jsonf() function implements a pseudo-printf language for creating a QObject; however, it is hard-coded to only parse a subset of formats understood by -Wformat, and is not a straight synonym to bare printf(). In particular, any use of an int64_t integer works only if the system's definition of PRId64 matches what the parser expects; which works on glibc (%lld or %ld depending on 32- vs. 64-bit) and mingw (%I64d), but not on Mac OS (%qd). Rather than enhance the parser, it is just as easy to force the use of int (where the value is small enough) or long long instead of int64_t, which we know always works. This should cover all remaining testsuite uses of qobject_from_json[fv]() that were trying to rely on PRId64, although my proof for that was done by adding in asserts and checking that 'make check' still passed, where such asserts are inappropriate during hard freeze. A later series in 2.9 may remove all dynamic JSON parsing, but that's a bigger task. Reported by: G 3 <programmingkidx@gmail.com> Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1479922617-4400-4-git-send-email-eblake@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> [Rename value64 to value_ll] Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-12-05test-qga: Avoid qobject_from_jsonv("%"PRId64)Eric Blake
The qobject_from_jsonv() function implements a pseudo-printf language for creating a QObject; however, it is hard-coded to only parse a subset of formats understood by -Wformat, and is not a straight synonym to bare printf(). In particular, any use of an int64_t integer works only if the system's definition of PRId64 matches what the parser expects; which works on glibc (%lld or %ld depending on 32- vs. 64-bit) and mingw (%I64d), but not on Mac OS (%qd). Rather than enhance the parser, it is just as easy to use normal printf() for this particular conversion, matching what is done elsewhere in this file [1], which is safe in this instance because the format does not contain any of the problematic differences (bare '%' or the '%s' format). The use of PRId64 for a variable named 'pid' is gross, but it is a sad reality of the 64-bit mingw environment, which mistakenly defines pid_t as a 64-bit type even though getpid() returns 'int' on that platform [2]. Our definition of the QGA GuestExec type defines 'pid' as a 64-bit entity, and we can't tighten it to 'int32' unless the mingw header is fixed. Using 'long long' instead of 'int64_t' just so that we can stick with qobject_from_jsonv("%lld") instead of printf() is not any prettier, since we may have later type churn anyways. [1] see 'git grep -A2 strdup_printf tests/test-qga.c' [2] https://bugzilla.redhat.com/show_bug.cgi?id=1397787 Reported by: G 3 <programmingkidx@gmail.com> Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1479922617-4400-3-git-send-email-eblake@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-12-05qmp-event: Avoid qobject_from_jsonf("%"PRId64)Eric Blake
The qobject_from_jsonf() function implements a pseudo-printf language for creating a QObject; however, it is hard-coded to only parse a subset of formats understood by -Wformat, and is not a straight synonym to bare printf(). In particular, any use of an int64_t integer works only if the system's definition of PRId64 matches what the parser expects; which works on glibc (%lld or %ld depending on 32- vs. 64-bit) and mingw (%I64d), but not on Mac OS (%qd). Rather than enhance the parser, it is just as easy to use 'long long', which we know always works. There are few enough callers of qobject_from_json[fv]() that it is easy to audit that this is the only non-testsuite caller that was actually relying on this particular conversion. Reported by: G 3 <programmingkidx@gmail.com> Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1479922617-4400-2-git-send-email-eblake@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> [Cast tv.tv_sec, tv.tv_usec to long long for type correctness] Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-12-05Merge remote-tracking branch 'yongbok/tags/mips-20161204' into stagingStefan Hajnoczi
MIPS patches 2016-12-04 Changes: * Fix Loongson instructions * Fix bad shifts in {dextp|dextpdp} # gpg: Signature made Sun 04 Dec 2016 01:39:38 AM GMT # gpg: using RSA key 0x2238EB86D5F797C2 # gpg: Can't check signature: public key not found * yongbok/tags/mips-20161204: target-mips: fix bad shifts in {dextp|dextpdp} target-mips: Fix Loongson multimedia instructions. target-mips: Fix Loongson multimedia 'or' instruction. target-mips: Fix Loongson pandn instruction. Message-id: 1480816817-53245-1-git-send-email-yongbok.kim@imgtec.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-12-05display: cirrus: check vga bits per pixel(bpp) valuePrasad J Pandit
In Cirrus CLGD 54xx VGA Emulator, if cirrus graphics mode is VGA, 'cirrus_get_bpp' returns zero(0), which could lead to a divide by zero error in while copying pixel data. The same could occur via blit pitch values. Add check to avoid it. Reported-by: Huawei PSIRT <psirt@huawei.com> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Message-id: 1476776717-24807-1-git-send-email-ppandit@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-12-05fsl_etsec: Pad short payloads with zerosAndrey Smirnov
Depending on QEMU network setup it is possible for us to receive a complete Ethernet packet that is less 64 bytes long. One such example is when QEMU is configured to use a standalone TAP device (not set to be a part of any bridge) receives and ARP packet. In cases like that we need to add more than just 4-bytes of CRC padding and ensure that our payload is at least 60 bytes long, such that, when combined with CRC padding bytes the resulting size is at least 802.3 minimum MTU bytes long (64). Failing to do that results in code in etsec_walk_rx_ring() setting BD_RX_SH which, in turn, makes corresponding Linux driver of emulated host to reject buffer as a runt packet Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2016-12-05net: mcf: check receive buffer size register valuePrasad J Pandit
ColdFire Fast Ethernet Controller uses a receive buffer size register(EMRBR) to hold maximum size of all receive buffers. It is set by a user before any operation. If it was set to be zero, ColdFire emulator would go into an infinite loop while receiving data in mcf_fec_receive. Add check to avoid it. Reported-by: Wjjzhang <wjjzhang@tencent.com> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Signed-off-by: Jason Wang <jasowang@redhat.com>
2016-12-05virtio-gpu: fix memory leak in update_cursor_data_virglLi Qiang
In update_cursor_data_virgl function, if the 'width'/ 'height' is not equal to current cursor's width/height it will return without free the 'data' allocated previously. This will lead a memory leak issue. This patch fix this issue. Signed-off-by: Li Qiang <liqiang6-s@360.cn> Message-id: 58187760.41d71c0a.cca75.4cb9@mx.google.com Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-12-05virtio-gpu: fix information leak in getting capset info dispatchLi Qiang
In virgl_cmd_get_capset_info dispatch function, the 'resp' hasn't been full initialized before writing to the guest. This will leak the 'resp.padding' and 'resp.hdr.padding' fieds to the guest. This patch fix this issue. Signed-off-by: Li Qiang <liqiang6-s@360.cn> Message-id: 5818661e.0860240a.77264.7a56@mx.google.com Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-12-05qxl: Only emit QXL_INTERRUPT_CLIENT_MONITORS_CONFIG on config changesChristophe Fergeau
Currently if the client keeps sending the same monitor config to QEMU/spice-server, QEMU will always raise a QXL_INTERRUPT_CLIENT_MONITORS_CONFIG regardless of whether there was a change or not. Guest-side (with fedora 25), the kernel QXL KMS driver will also forward the event to user-space without checking if there were actual changes. Next in line are gnome-shell/mutter (on a default f25 install), which will try to reconfigure everything without checking if there is anything to do. Where this gets ugly is that when applying the resolution changes, gnome-shell/mutter will call drmModeRmFB, drmModeAddFB, and drmModeSetCrtc, which will cause the primary surface to be destroyed and recreated by the QXL KMS driver. This in turn will cause the client to resend a client monitors config message, which will cause QEMU to reemit an interrupt with an unchanged monitors configuration, ... This causes https://bugzilla.redhat.com/show_bug.cgi?id=1266484 This commit makes sure that we only emit QXL_INTERRUPT_CLIENT_MONITORS_CONFIG when there are actual configuration changes the guest should act on. Signed-off-by: Christophe Fergeau <cfergeau@redhat.com> Message-id: 20161028144840.18326-1-cfergeau@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-12-04target-mips: fix bad shifts in {dextp|dextpdp}Yongbok Kim
Fixed issues in the MIPSDSP64 instructions dextp and dextpdp. Shifting can go out of 32 bit range. https://bugs.launchpad.net/qemu/+bug/1631625 Reported-by: Thomas Huth <thuth@redhat.com> Reported-by: Jia Liu <proljc@gmail.com> Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
2016-12-04target-mips: Fix Loongson multimedia instructions.Heiher
Needed to emit FPU exception on Loongson multimedia instructions executing if Status:CU1 is clear. or FPR changes may be missed on Linux. Signed-off-by: Heiher <wangr@lemote.com> Signed-off-by: Fuxin Zhang <zhangfx@lemote.com> Reviewed-by: Yongbok Kim <yongbok.kim@imgtec.com> Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
2016-12-02target-mips: Fix Loongson multimedia 'or' instruction.Heiher
Signed-off-by: Heiher <wangr@lemote.com> Signed-off-by: Fuxin Zhang <zhangfx@lemote.com> Reviewed-by: Yongbok Kim <yongbok.kim@imgtec.com> Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
2016-12-02target-mips: Fix Loongson pandn instruction.Heiher
pandn FD, FS, FT Operation: FD = ((NOT FS) AND FT) Signed-off-by: Heiher <wangr@lemote.com> Signed-off-by: Fuxin Zhang <zhangfx@lemote.com> Reviewed-by: Yongbok Kim <yongbok.kim@imgtec.com> Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
2016-12-01Merge remote-tracking branch 'dgibson/tags/ppc-for-2.8-20161201' into stagingStefan Hajnoczi
ppc patch queue 2016-12-01 Just a single migration / hotplug fix in this set. I believe it's important enough to go in this late in the 2.8 release process. # gpg: Signature made Thu 01 Dec 2016 04:43:49 AM GMT # gpg: using RSA key 0x6C38CACA20D9B392 # gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>" # gpg: aka "David Gibson (kernel.org) <dwg@kernel.org>" # gpg: aka "David Gibson (Red Hat) <dgibson@redhat.com>" # gpg: aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>" # Primary key fingerprint: 75F4 6586 AE61 A66C C44E 87DC 6C38 CACA 20D9 B392 * dgibson/tags/ppc-for-2.8-20161201: spapr: fix default DRC state for coldplugged LMBs Message-id: 20161201044441.14365-1-david@gibson.dropbear.id.au Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-12-01Merge remote-tracking branch 'mst/tags/for_upstream' into stagingStefan Hajnoczi
virtio, vhost, pc: fixes Minor fixes since 2.8.0-rc2. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> # gpg: Signature made Wed 30 Nov 2016 02:25:12 AM GMT # gpg: using RSA key 0x281F0DB8D28D5469 # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" # Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67 # Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469 * mst/tags/for_upstream: virtio-crypto: fix uninitialized variables loader: fix undefined behavior in rom_order_compare() loader: fix handling of custom address spaces when adding ROM blobs intel_iommu: fix incorrect device invalidate spec/vhost-user: fix the VHOST_USER prefix Message-id: 1480564455-23933-1-git-send-email-mst@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-12-01spapr: fix default DRC state for coldplugged LMBsMichael Roth
Currently we set the initial isolation/allocation state for DRCs associated with coldplugged LMBs to ISOLATED/UNUSABLE, respectively, under the assumption that the guest will move this state to UNISOLATED/USABLE. In fact, this is only the case for LMBs added via hotplug. For coldplugged LMBs, the guest actually assumes the initial state to be UNISOLATED/USABLE. In practice, this only becomes an issue when we attempt to unplug one of these LMBs, where the guest kernel will issue an rtas-get-sensor-state call to check that the corresponding DRC is in an USABLE state before it will release the LMB back to QEMU. If the returned state is otherwise, the guest will assume no further action is needed, which bypasses the QEMU-side cleanup that occurs during the USABLE->UNUSABLE transition. This results in LMBs and their corresponding pc-dimm devices to stick around indefinitely. This patch fixes the issue by manually setting DRCs associated with cold-plugged LMBs to UNISOLATED/ALLOCATED, but leaving the hotplug state untouched. As it turns out, this is analogous to the handling for cold-plugged CPUs in spapr_core_plug(). Cc: qemu-ppc@nongnu.org Cc: David Gibson <david@gibson.dropbear.id.au> Cc: Bharata B Rao <bharata@linux.vnet.ibm.com> Cc: Greg Kurz <gkurz@linux.vnet.ibm.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-11-30virtio-crypto: fix uninitialized variablesGonglei
Though crypto_cfg.reserve is an unused field, let me initialize the structure in order to make coverity happy. *** CID 1365923: Uninitialized variables (UNINIT) /hw/virtio/virtio-crypto.c: 851 in virtio_crypto_get_config() 845 stl_le_p(&crypto_cfg.mac_algo_h, c->conf.mac_algo_h); 846 stl_le_p(&crypto_cfg.aead_algo, c->conf.aead_algo); 847 stl_le_p(&crypto_cfg.max_cipher_key_len, c->conf.max_cipher_key_len); 848 stl_le_p(&crypto_cfg.max_auth_key_len, c->conf.max_auth_key_len); 849 stq_le_p(&crypto_cfg.max_size, c->conf.max_size); 850 >>> CID 1365923: Uninitialized variables (UNINIT) >>> Using uninitialized value "crypto_cfg". Field "crypto_cfg.reserve" is uninitialized when calling "memcpy". [Note: The source code implementation of the function has been overridden by a builtin model.] 851 memcpy(config, &crypto_cfg, c->config_size); 852 } 853 Rported-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Gonglei <arei.gonglei@huawei.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-11-30loader: fix undefined behavior in rom_order_compare()Laszlo Ersek
According to ISO C99 / N1256 (referenced in HACKING): > 6.5.8 Relational operators > > 4 For the purposes of these operators, a pointer to an object that is > not an element of an array behaves the same as a pointer to the first > element of an array of length one with the type of the object as its > element type. > > 5 When two pointers are compared, the result depends on the relative > locations in the address space of the objects pointed to. If two > pointers to object or incomplete types both point to the same object, > or both point one past the last element of the same array object, they > compare equal. If the objects pointed to are members of the same > aggregate object, pointers to structure members declared later compare > greater than pointers to members declared earlier in the structure, > and pointers to array elements with larger subscript values compare > greater than pointers to elements of the same array with lower > subscript values. All pointers to members of the same union object > compare equal. If the expression /P/ points to an element of an array > object and the expression /Q/ points to the last element of the same > array object, the pointer expression /Q+1/ compares greater than /P/. > In all other cases, the behavior is undefined. Our AddressSpace objects are allocated generally individually, and kept in the "address_spaces" linked list, so we mustn't compare their addresses with relops. Convert the pointers subjected to the relop in rom_order_compare() to "uintptr_t": > 7.18.1.4 Integer types capable of holding object pointers > > 1 [...] > > The following type designates an unsigned integer type with the > property that any valid pointer to void can be converted to this type, > then converted back to pointer to void, and the result will compare > equal to the original pointer: > > /uintptr_t/ > > These types are optional. Cc: "Michael S. Tsirkin" <mst@redhat.com> Cc: Alistair Francis <alistair.francis@xilinx.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Peter Maydell <peter.maydell@linaro.org> Cc: qemu-devel@nongnu.org Fixes: 3e76099aacb4dae0d37ebf95305369e03d1491e6 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@xilinx.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>