aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2012-09-08target-sparc: fix fcmp{s,d,q} instructions wrt exceptionAurelien Jarno
fcmp{s,d,q} instructions are supposed to ignore quiet NaN (contrary to the fcmpe{s,d,q} instructions), but the current code is wrongly setting the NV exception in that case. Moreover the current code is duplicated: first the arguments are checked for NaN to generate an exception, and later in case the comparison is unordered (which can only happens if one of the argument is a NaN), the same check is done to generate an exception. Fix that by calling clear_float_exceptions() followed by check_ieee_exceptions() as for the other floating point instructions. Use the _compare_quiet functions for fcmp{s,d,q} and the _compare ones for fcmpe{s,d,q}. Simplify the flag setting by not clearing a flag that is set the line just below. This fix allows the math glibc testsuite to pass. Cc: Blue Swirl <blauwirbel@gmail.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-09-08target-xtensa: fix missing errno codes for mingw32Max Filippov
Put the following errno value mappings under #ifdef: xtensa-semi.c: In function 'errno_h2g': xtensa-semi.c:113: error: 'ENOTBLK' undeclared (first use in this function) xtensa-semi.c:113: error: (Each undeclared identifier is reported only once xtensa-semi.c:113: error: for each function it appears in.) xtensa-semi.c:113: error: array index in initializer not of integer type xtensa-semi.c:113: error: (near initialization for 'guest_errno') xtensa-semi.c:124: error: 'ETXTBSY' undeclared (first use in this function) xtensa-semi.c:124: error: array index in initializer not of integer type xtensa-semi.c:124: error: (near initialization for 'guest_errno') xtensa-semi.c:134: error: 'ELOOP' undeclared (first use in this function) xtensa-semi.c:134: error: array index in initializer not of integer type xtensa-semi.c:134: error: (near initialization for 'guest_errno') Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-09-08target-cris: Fix buffer overflowStefan Weil
Report from smatch: target-cris/translate.c:3464 cpu_dump_state(32) error: buffer overflow 'env->sregs' 4 <= 255 sregs is declared 'uint32_t sregs[4][16]', so the first index must be less than 4 or ARRAY_SIZE(env->sregs). Signed-off-by: Stefan Weil <sw@weilnetz.de>
2012-09-08MIPS/user: Fix reset CPU state initializationMaciej W. Rozycki
This change updates the CPU reset sequence to use a common piece of code that figures out CPU state flags, fixing the problem with MIPS_HFLAG_COP1X not being set where applicable that causes floating-point MADD family instructions (and other instructions from the MIPS IV FP subset) to trap. As compute_hflags is now shared between op_helper.c and translate.c, the function is now moved to a common header. There are no changes to this function. The problem was seen with the 24Kf MIPS32r2 processor in user emulation. The new approach prevents system and user emulation from diverging -- all the hflags state is initialized in one place now. Signed-off-by: Maciej W. Rozycki <macro@codesourcery.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2012-09-07lan9118: fix multicast filteringAurelien Jarno
The lan9118 emulation tries to compute the multicast index by calling directly the crc32() function from zlib, but fails to get the correct result. Use the common compute_mcast_idx() function instead, which gives the correct result. This fixes IPv6 support. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2012-09-07fix entry pointer for ELF kernels loaded with -kernel optionHenning Schild
Find a hopefully proper patch attached. Take it or leave it. Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Henning Schild <henning@hennsch.de> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2012-09-06hw/pl110: Fix spelling of 'palette'Peter Maydell
Fix the spelling of 'palette' used in various local variables, structure members and comments. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2012-09-05target-xtensa: convert host errno values to guestMax Filippov
Guest errno values are taken from the newlib. Convert only those errno values that can be returned from used system calls. Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-09-05CHECKPATCH: Add warning for single else statement.Don Slutz
For an example: WARNING: braces {} are necessary even for single statement blocks + } else + return env->regs[R_EAX]; total: 0 errors, 1 warnings, 41 lines checked Signed-off-by: Don Slutz <Don@CloudSwitch.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-09-05CHECKPATCH: Add --debug adv_apwDon Slutz
Add debug options to find this issue. They were not listed in the help because the are not simple to understand the output of. Signed-off-by: Don Slutz <Don@CloudSwitch.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-09-05CHECKPATCH: Add --debug adv_checkingDon Slutz
Add debug options to find this issue. They were not listed in the help because the are not simple to understand the output of. Signed-off-by: Don Slutz <Don@CloudSwitch.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-09-05CHECKPATCH: Add --debug adv_dcsDon Slutz
Add debug options to find this issue. They were not listed in the help because the are not simple to understand the output of. Signed-off-by: Don Slutz <Don@CloudSwitch.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-09-05Open up 1.3 development treeAnthony Liguori
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-09-05Update version for 1.2.0v1.2.0Anthony Liguori
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-09-04console: bounds check whenever changing the cursor due to an escape codeIan Campbell
This is XSA-17 / CVE-2012-3515 Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-09-04qemu-timer: properly arm alarm timer for timers set by device initializationPaolo Bonzini
QEMU will hang when fed the following command-line qemu-system-mips -kernel vmlinux-2.6.32-5-4kc-malta -append "console=ttyS0" -nographic -net none The -net none is important otherwise it seems some events are generated causing the things to work. When it doesn't work, the guest hangs when measuring the CPU frequency, after the following line: [ 0.000000] NR_IRQS:256 Pressing a key on the serial port unblocks it, hinting that the problem is due to the recent elimination of the 1 second timeout in the main loop. The problem is that because init_timer_alarm sets the timer's pending flag to true, the alarm timer is never armed until after the first time through the main loop. Thus the bug started when QEMU started testing the pending flag in qemu_mod_timer (commit 1828be3, more alarm timer cleanup, 2010-03-10). But actually, it isn't true at all that a timer is pending when the alarm timer is created, and the real bug has been latent forever: the fix is to remove the bogus setting of pending flag. Reported-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Jan Kiszka <jan.kiszka@siemens.com> Tested-by: Aurelien Jarno <aurelien@aurel32.net> Tested-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2012-09-01target-xtensa: return ENOSYS for unimplemented simcallsMax Filippov
This prevents guest from proceeding with uninitialised garbage returned from unimplemented simcalls. Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-08-31Update version to 1.2.0-rc3v1.2.0-rc3Anthony Liguori
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-31console: Fix warning from clang (and potential crash)Stefan Weil
ccc-analyzer reports this warning: console.c:1090:29: warning: Dereference of null pointer if (active_console->cursor_timer) { ^ Function console_select allows active_console to be NULL, but would crash when accessing cursor_timer. Fix this. Reviewed-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-31Merge remote-tracking branch 'kraxel/usb.61' into stagingAnthony Liguori
* kraxel/usb.61: uas: move transfer kickoff ehci: Fix interrupt endpoints no longer working ehci: handle TD deactivation of inflight packets ehci: add ehci_cancel_queue() ehci: simplify ehci_state_executing ehci: Remove unnecessary ehci_flush_qh call ehci: Schedule async-bh when IAAD bit gets set ehci: Fix NULL ptr deref when unplugging an USB dev with an iso stream active usb: unique packet ids usb: Halt ep queue en cancel pending packets on a packet error fix info qtree indention
2012-08-31Merge remote-tracking branch 'kwolf/for-anthony' into stagingAnthony Liguori
* kwolf/for-anthony: qemu-iotests: add backing file smaller than image test case stream: complete early if end of backing file is reached qed: refuse unaligned zero writes with a backing file
2012-08-31uas: move transfer kickoffGerd Hoffmann
Kick next scsi transfer from request release callback instead of command completion callback, otherwise we might get stuck in case scsi_req_unref() doesn't release the request instantly due to someone else holding a reference too. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-08-31ehci: Fix interrupt endpoints no longer workingHans de Goede
One of the recent changes (likely the addition of queuing support) has broken interrupt endpoints, this patch fixes this. Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2012-08-31ehci: handle TD deactivation of inflight packetsGerd Hoffmann
Check the TDs of inflight packets, cancel packets in case the guest clears the active bit. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-08-31ehci: add ehci_cancel_queue()Gerd Hoffmann
Factor out function to cancel all packets of a queue. No behavior change. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-08-31ehci: simplify ehci_state_executingHans de Goede
ehci_state_executing does not need to check for p->usb_status == USB_RET_ASYNC or USB_RET_PROCERR, since ehci_execute_complete already does a similar check and will trigger an assert if either value is encountered. USB_RET_ASYNC should never be the packet status when execute_complete runs for obvious reasons, and USB_RET_PROCERR is only used by ehci_state_execute / ehci_execute not by ehci_state_executing / ehci_execute_complete. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-08-31ehci: Remove unnecessary ehci_flush_qh callHans de Goede
ehci_qh_do_overlay() already calls ehci_flush_qh() before it returns, calling it twice is useless. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-08-31ehci: Schedule async-bh when IAAD bit gets setHans de Goede
After the "ehci: Print a warning when a queue unexpectedly contains packets on cancel" commit. Under certain reproducable conditions I was getting the following message: "EHCI: Warning queue not empty on queue reset". After aprox. 8 hours of debugging I've finally found the cause. The Linux EHCI driver has an IAAD watchdog, to work around certain EHCI hardware sometimes not acknowledging the doorbell at all. This watchdog has a timeout of 10 ms, which is less then the time between 2 runs through the async schedule when async_stepdown is at its highest value. Thus the watchdog can trigger, after which Linux clears the IAAD bit and re-uses the QH. IOW we were not properly detecting the unlink of the qh, due to us missing (ignoring for more then 10 ms) the IAAD command, which triggered the warning. Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2012-08-31ehci: Fix NULL ptr deref when unplugging an USB dev with an iso stream activeHans de Goede
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2012-08-31usb: unique packet idsGerd Hoffmann
This patch adds IDs to usb packets. Those IDs are (a) supposed to be unique for the lifecycle of a packet (from packet setup until the packet is either completed or canceled) and (b) stable across migration. uhci, ohci, ehci and xhci use the guest physical address of the transfer descriptor for this. musb needs a different approach because there is no transfer descriptor. But musb also doesn't support pipelining, so we have never more than one packet per endpoint in flight. So we go create an ID based on endpoint and device address. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-08-31usb: Halt ep queue en cancel pending packets on a packet errorHans de Goede
For controllers which queue up more then 1 packet at a time, we must halt the ep queue, and inside the controller code cancel all pending packets on an error. There are multiple reasons for this: 1) Guests expect the controllers to halt ep queues on error, so that they get the opportunity to cancel transfers which the scheduled after the failing one, before processing continues 2) Not cancelling queued up packets after a failed transfer also messes up the controller state machine, in the case of EHCI causing the following assert to trigger: "assert(p->qtdaddr == q->qtdaddr)" at hcd-ehci.c:2075 3) For bulk endpoints with pipelining enabled (redirection to a real USB device), we must cancel all the transfers after this a failed one so that: a) If they've completed already, they are not processed further causing more stalls to be reported, originating from the same failed transfer b) If still in flight, they are cancelled before the guest does a clear stall, otherwise the guest and device can loose sync! Note this patch only touches the ehci and uhci controller changes, since AFAIK no other controllers actually queue up multiple transfer. If I'm wrong on this other controllers need to be updated too! Also note that this patch was heavily tested with the ehci code, where I had a reproducer for a device causing a transfer to fail. The uhci code is not tested with actually failing transfers and could do with a thorough review! Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-08-31fix info qtree indentionGerd Hoffmann
Without the patch bus properties are are not in line with the other properties: [ ... ] dev: fw_cfg, id "" ctl_iobase = 0x510 data_iobase = 0x511 irq 0 mmio ffffffffffffffff/0000000000000002 mmio ffffffffffffffff/0000000000000001 [ ... ] With the patch applied everything is lined up properly: [ ... ] dev: fw_cfg, id "" ctl_iobase = 0x510 data_iobase = 0x511 irq 0 mmio ffffffffffffffff/0000000000000002 mmio ffffffffffffffff/0000000000000001 [ ... ] Needed to make the autotest qtree parser happy. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-08-30w32: Fix broken buildStefan Weil
Commit ef8621b1a3b199c348606c0a11a77d8e8bf135f1 added an include file which is not available for MinGW compilations. Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-30Update version for 1.2.0-rc2v1.2.0-rc2Anthony Liguori
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-29scsi-disk: Fix typo (uint32 -> uint32_t)Stefan Weil
Cc: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-29msix: make [un]use vectors on reset/load optionalMichael S. Tsirkin
The facility to use/unuse vectors dynamically is helpful for virtio but little else: everyone just seems to use vectors in their init function. Avoid clearing msix vector use info on reset and load. For virtio, clear it explicitly. This should fix regressions reported with ivshmem - though I didn't test this, I verified that virtio keeps working like it did. Tested-by: Cam Macdonell <cam@cs.ualberta.ca> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-29kvm: get/set PV EOI MSRMichael S. Tsirkin
Support get/set of new PV EOI MSR, for migration. Add an optional section for MSR value - send it out in case MSR was changed from the default value (0). Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-29linux-headers: update to 3.6-rc3Michael S. Tsirkin
Update linux-headers to version present in Linux 3.6-rc3. Header asm-x96_64/kvm_para.h update is needed for the new PV EOI feature. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-29target-i386: disable pv eoi to fix migration across QEMU versionsAnthony Liguori
We have a problem with how we handle migration with KVM paravirt features. We unconditionally enable paravirt features regardless of whether we know how to migrate them. We also don't tie paravirt features to specific machine types so an old QEMU on a new kernel would expose features that never existed. The 1.2 cycle is over and as things stand, migration is broken. Michael has another series that adds support for migrating PV EOI and attempts to make it work correctly for different machine types. After speaking with Michael on IRC, we agreed to take this patch plus 1 & 4 from his series. This makes sure QEMU can migrate PV EOI if it's enabled, but does not enable it by default. This also means that we won't unconditionally enable new features for guests future proofing us from this happening again in the future. Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-29reset PMBA and PMREGMISC PIIX4 registers.Gleb Natapov
The bug causes Windows + OVMF hang after reboot since OVMF checks PMREGMISC to see if IO space is enabled and skip configuration if it is. Reviewed-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Gleb Natapov <gleb@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-29qemu-ga: Fix null pointer passed to unlink in failure branchStefan Weil
Clang reports this warning: Null pointer passed as an argument to a 'nonnull' parameter Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com> Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-29memory: Fix copy&paste mistake in memory_region_iorange_writeJan Kiszka
The last argument of find_portio is "write", so this must be true here. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-29ivshmem: remove redundant ioeventfd configurationCam Macdonell
setup_ioeventfds() is unnecessary and actually causes a segfault when used ioeventfd=on is used on the command-line. Since ioeventfds are handled within the memory API, it can be removed. Signed-off-by: Cam Macdonell <cam@cs.ualberta.ca> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-29hw/arm_gic.c: Define .class_size in arm_gic_info TypeInfoPeter Maydell
Add the missing .class_size definition to the arm_gic_info TypeInfo. This fixes the memory corruption and possible segfault that otherwise results when the class struct is allocated at too small a size and the class init function writes off the end of it. Reported-by: Adam Lackorzynski <adam@os.inf.tu-dresden.de> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-29qemu-iotests: add backing file smaller than image test caseStefan Hajnoczi
This new test case checks that streaming completes successfully when the backing file is smaller than the image file. Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-08-29stream: complete early if end of backing file is reachedStefan Hajnoczi
It is possible to create an image that is larger than its backing file. Reading beyond the end of the backing file produces zeroes if no writes have been made to those sectors in the image file. This patch finishes streaming early when the end of the backing file is reached. Without this patch the block job hangs and continually tries to stream the first sectors beyond the end of the backing file. To reproduce the hung block job bug: $ qemu-img create -f qcow2 backing.qcow2 128M $ qemu-img create -f qcow2 -o backing_file=backing.qcow2 image.qcow2 6G $ qemu -drive if=virtio,cache=none,file=image.qcow2 (qemu) block_stream virtio0 (qemu) info block-jobs The qemu-iotests 030 streaming test still passes. Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-08-29qed: refuse unaligned zero writes with a backing fileStefan Hajnoczi
Zero writes have cluster granularity in QED. Therefore they can only be used to zero entire clusters. If the zero write request leaves sectors untouched, zeroing the entire cluster would obscure the backing file. Instead return -ENOTSUP, which is handled by block.c:bdrv_co_do_write_zeroes() and falls back to a regular write. The qemu-iotests 034 test cases covers this scenario. Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-08-29Merge remote-tracking branch 'bonzini/scsi-next' into stagingAnthony Liguori
* bonzini/scsi-next: iscsi: Set number of blocks to 0 for blank CDROM devices scsi: more fixes to properties for passthrough devices esp: support 24-bit DMA megasas: Add 'hba_serial' property
2012-08-29Merge remote-tracking branch 'riku/linux-user-for-upstream' into stagingAnthony Liguori
* riku/linux-user-for-upstream: linux-user: Clarify "Unable to reserve guest address space" error linux-user: fix emulation of getdents linux-user: arg_table need not have global scope
2012-08-28tcg/mips: fix broken CONFIG_TCG_PASS_AREG0 codeAurelien Jarno
The CONFIG_TCG_PASS_AREG0 code for calling ld/st helpers was broken in that it did not respect the ABI requirement that 64 bit values were passed in even-odd register pairs. The simplest way to fix this is to implement some new utility functions for marshalling function arguments into the correct registers and stack, so that the code which sets up the address and data arguments does not need to care whether there has been a preceding env argument. Based on commit 9716ef3b for ARM by Peter Maydell. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>