| Age | Commit message (Collapse) | Author |
|---|
|
audio: cleanups, bugfixes (memory leaks).
# gpg: Signature made Thu 04 May 2017 08:16:50 AM BST
# gpg: using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138
* kraxel/tags/pull-audio-20170504-1: (30 commits)
audio: Use ARRAY_SIZE from qemu/osdep.h
audio: un-export OPLResetChip
audio: Remove unused typedefs
audio: UpdateHandler is not used anymore
audio: IRQHandler is not used anymore
audio: OPLSetUpdateHandler is not used anywhere
audio: OPLSetIRQHandler is not used anywhere
audio: GUSsample is int16_t
audio: GUSword is uint16_t
audio: GUSword is uint16_t
audio: remove GUSchar
audio: GUSbyte is uint8_t
audio: Remove unused fields
audio: Remove type field
audio: Remove Unused OPL_TYPE_*
audio: Unfold OPLSAMPLE
audio: Remove INT32
audio: remove INT16
audio: Remove INT8
audio: remove UINT32
...
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
|
input: limit kbd queue depth
input: don't queue delay if paused
input: Add trace event for empty keyboard queue
# gpg: Signature made Thu 04 May 2017 06:48:37 AM BST
# gpg: using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138
* kraxel/tags/pull-input-20170504-1:
input: Add trace event for empty keyboard queue
input: don't queue delay if paused
input: limit kbd queue depth
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
|
Openrisc Features and Fixes for qemu 2.10
# gpg: Signature made Thu 04 May 2017 01:41:45 AM BST
# gpg: using RSA key 0xC3B31C2D5E6627E4
# gpg: Good signature from "Stafford Horne <shorne@gmail.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: D9C4 7354 AEF8 6C10 3A25 EFF1 C3B3 1C2D 5E66 27E4
* shorne/tags/pull-or-20170504:
target/openrisc: Support non-busy idle state using PMR SPR
target/openrisc: Remove duplicate features property
target/openrisc: Implement full vmstate serialization
migration: Add VMSTATE_STRUCT_2DARRAY()
target/openrisc: implement shadow registers
migration: Add VMSTATE_UINTTL_2DARRAY()
target/openrisc: add numcores and coreid support
target/openrisc: Fixes for memory debugging
target/openrisc: Implement EPH bit
target/openrisc: Implement EVBAR register
MAINTAINERS: Add myself as openrisc maintainer
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
|
staging
VFIO fixes 2017-05-03
- Enable 8-byte memory region accesses (Jose Ricardo Ziviani)
- Fix vfio-pci error message (Dong Jia Shi)
# gpg: Signature made Wed 03 May 2017 10:28:55 PM BST
# gpg: using RSA key 0x239B9B6E3BB08B22
# gpg: Good signature from "Alex Williamson <alex.williamson@redhat.com>"
# gpg: aka "Alex Williamson <alex@shazbot.org>"
# gpg: aka "Alex Williamson <alwillia@redhat.com>"
# gpg: aka "Alex Williamson <alex.l.williamson@gmail.com>"
# Primary key fingerprint: 42F6 C04E 540B D1A9 9E7B 8A90 239B 9B6E 3BB0 8B22
* awilliam/tags/vfio-updates-20170503.0:
vfio/pci: Fix incorrect error message
vfio: enable 8-byte reads/writes to vfio
vfio: Set MemoryRegionOps:max_access_size and min_access_size
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
|
More s390x patches, this time boot related:
- LOADPARM machine property, exposed to the guest via SCLP and
diagnose 308
- Use LOADPARM in the s390-ccw bios to select a boot entry
- Fix a crash in the ipl device code when a virtio-scsi-pci device
has been specified
# gpg: Signature made Tue 02 May 2017 02:29:26 PM BST
# gpg: using RSA key 0xDECF6B93C6F02FAF
# gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>"
# gpg: aka "Cornelia Huck <cohuck@kernel.org>"
# gpg: aka "Cornelia Huck <cornelia.huck@de.ibm.com>"
# gpg: aka "Cornelia Huck <huckc@linux.vnet.ibm.com>"
# Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0 18CE DECF 6B93 C6F0 2FAF
* cohuck/tags/s390x-20170502:
hw/s390x/ipl: Fix crash with virtio-scsi-pci device
pc-bios/s390-ccw.img: update image
pc-bios/s390-ccw: add boot entry selection to El Torito routine
pc-bios/s390-ccw: add boot entry selection for ECKD DASD
pc-bios/s390-ccw: provide entry selection on LOADPARM for SCSI disk
pc-bios/s390-ccw: provide a function to interpret LOADPARM value
pc-bios/s390-ccw: get LOADPARM stored in SCP Read Info
pc-bios/s390-ccw: Make ebcdic/ascii conversion public
util/qemu-config: Add loadparm to qemu machine_opts
hw/s390x/sclp: update LOADPARM in SCP Info
hw/s390x/ipl: enable LOADPARM in IPIB for a boot device
hw/s390x: provide loadparm property for the machine
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
|
Block layer patches
# gpg: Signature made Fri 28 Apr 2017 09:20:17 PM BST
# gpg: using RSA key 0x7F09B272C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74 56FE 7F09 B272 C88F 2FD6
* kwolf/tags/for-upstream: (34 commits)
progress: Show current progress on SIGINFO
iotests: fix exclusion option
iotests: clarify help text
qemu-img: use blk_co_pwrite_zeroes for zero sectors when compressed
qemu-img: improve convert_iteration_sectors()
block: assert no image modification under BDRV_O_INACTIVE
block: fix obvious coding style mistakes in block_int.h
qcow2: Allow discard of final unaligned cluster
block: Add .bdrv_truncate() error messages
block: Add errp to BD.bdrv_truncate()
block: Add errp to b{lk,drv}_truncate()
block/vhdx: Make vhdx_create() always set errp
qemu-img: Document backing options
qemu-img/convert: Move bs_n > 1 && -B check down
qemu-img/convert: Use @opts for one thing only
block: fix alignment calculations in bdrv_co_do_zero_pwritev
block: Do not unref bs->file on error in BD's open
iotests: 109: Filter out "len" of failed jobs
iotests: Fix typo in 026
Issue a deprecation warning if the user specifies the "-hdachs" option.
...
Message-id: 1493411622-5343-1-git-send-email-kwolf@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
|
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20170425223739.6703-27-quintela@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20170425223739.6703-26-quintela@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-id: 20170425223739.6703-25-quintela@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-id: 20170425223739.6703-24-quintela@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-id: 20170425223739.6703-23-quintela@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-id: 20170425223739.6703-22-quintela@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-id: 20170425223739.6703-21-quintela@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-id: 20170425223739.6703-20-quintela@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-id: 20170425223739.6703-19-quintela@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-id: 20170425223739.6703-18-quintela@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-id: 20170425223739.6703-17-quintela@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-id: 20170425223739.6703-16-quintela@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
These were used for the remove stuff.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-id: 20170425223739.6703-15-quintela@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
It was not used anymore as now there is only one type of devices.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-id: 20170425223739.6703-14-quintela@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Since we removed the previous unused devices, they are not used anymore.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-id: 20170425223739.6703-13-quintela@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
It was used only once, and now it was always int16_t.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-id: 20170425223739.6703-12-quintela@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-id: 20170425223739.6703-11-quintela@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-id: 20170425223739.6703-10-quintela@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-id: 20170425223739.6703-9-quintela@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-id: 20170425223739.6703-8-quintela@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
More modernitation.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-id: 20170425223739.6703-7-quintela@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
uint8_t has existed since ..... all this century?
Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-id: 20170425223739.6703-6-quintela@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
So, remove the ifdefs.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-id: 20170425223739.6703-5-quintela@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
It was never compiled in.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-id: 20170425223739.6703-4-quintela@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Include file has never been on qemu and it has been undefined from the very beginning.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-id: 20170425223739.6703-3-quintela@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Notice that the code was supposed to be in the file ymf262.h, that has
never been on qemu source tree.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-id: 20170425223739.6703-2-quintela@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Spotted by ASAN.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20170503223846.6559-4-marcandre.lureau@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
AUD_add_capture() allocates two buffers which are never released.
Add the missing calls to AUD_del_capture().
Impact: Allows vnc clients to exhaust host memory by repeatedly
starting and stopping audio capture.
Fixes: CVE-2017-8309
Cc: P J P <ppandit@redhat.com>
Cc: Huawei PSIRT <PSIRT@huawei.com>
Reported-by: "Jiangxin (hunter, SCC)" <jiangxin1@huawei.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-id: 20170428075612.9997-1-kraxel@redhat.com
|
|
The exit callback always return 0, convert it to void
Signed-off-by: Zihan Yang <tgnyang@gmail.com>
Message-id: 1493211188-24086-5-git-send-email-tgnyang@gmail.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
The exit callback of DeviceClass will be removed in the future, so
convert to unrealize in the init functioin
Signed-off-by: Zihan Yang <tgnyang@gmail.com>
Message-id: 1493211188-24086-4-git-send-email-tgnyang@gmail.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
The OpenRISC architecture has the Power Management Register (PMR)
special purpose register to manage cpu power states. The interesting
modes are:
* Doze Mode (DME) - Stop cpu except timer & pic - wake on interrupt
* Sleep Mode (SME) - Stop cpu and all units - wake on interrupt
* Suspend Model (SUME) - Stop cpu and all units - wake on reset
The linux kernel will set DME when idle.
This patch implements the PMR SPR and halts the qemu cpu when there is a
change to DME or SME. This means that openrisc qemu in no longer peggs
a host cpu at 100%.
In order for this to work we need to kick the CPU when timers are
expired. Update the cpu timer to kick the cpu upon each timer event.
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Stafford Horne <shorne@gmail.com>
|
|
The features property has stored the exact same thing as the cpucfgr
spr. Remove the feature enum and property as it is not needed.
In order to preserve the behavior or keeping features accross reset this
patch moves cpucfgr into the non reset region of the state struct. Since
the cpucfgr is read only this means we only need to sset cpucfgr once
during class init.
Signed-off-by: Stafford Horne <shorne@gmail.com>
|
|
Previously serialization did not persist the tlb, timer, pic and other
key state items. This meant snapshotting and restoring a running os
would crash. After adding these I am able to take snapshots of a
running linux os and restore at a later time.
I am currently not trying to maintain capatibility with older versions
as I do not believe this really worked before or anyone used it.
Signed-off-by: Stafford Horne <shorne@gmail.com>
|
|
For openrisc we implement tlb state as a 2d array of tlb entry structs.
This is added to allow easy storing of state of 2d arrays.
Signed-off-by: Stafford Horne <shorne@gmail.com>
|
|
Shadow registers are part of the openrisc spec along with sr[cid], as
part of the fast context switching feature. When exceptions occur,
instead of having to save registers to the stack if enabled the CID will
increment and a new set of registers will be available.
This patch only implements shadow registers which can be used as extra
scratch registers via the mfspr and mtspr if required. This is
implemented in a way where it would be easy to add on the fast context
switching, currently cid is hardcoded to 0.
This is need for openrisc linux smp kernels to boot correctly.
Signed-off-by: Stafford Horne <shorne@gmail.com>
|
|
In openRISC we are implementing the shadow registers as a 2d array.
Using this target long method rather than direct 32-bit alternatives is
consistent with the rest of our vm state serialization logic.
Signed-off-by: Stafford Horne <shorne@gmail.com>
|
|
These are used to identify the processor in SMP system. Their
definition has been defined in verilog cores but it not yet part of the
spec but it will be soon.
The proposal for this is available:
https://openrisc.io/proposals/core-identifier-and-number-of-cores
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Stafford Horne <shorne@gmail.com>
|
|
When debugging in gdb you might want to inspect instructions in mapped
pages or in exception vectors like 0x800 etc. This was previously not
possible in qemu since the *get_phys_page_debug() routine only looked
into the data tlb.
Change to fall back to look into instruction tlb and plain physical
pages.
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Stafford Horne <shorne@gmail.com>
|
|
When the "No host device provided" error occurs, the hint message
that starts with "Use -vfio-pci," makes no sense, since "-vfio-pci"
is not a valid command line parameter.
Correct this by replacing "-vfio-pci" with "-device vfio-pci".
Signed-off-by: Dong Jia Shi <bjsdjshi@linux.vnet.ibm.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
|
|
This patch enables 8-byte writes and reads to VFIO. Such implemention
is already done but it's missing the 'case' to handle such accesses in
both vfio_region_write and vfio_region_read and the MemoryRegionOps:
impl.max_access_size and impl.min_access_size.
After this patch, 8-byte writes such as:
qemu_mutex_lock locked mutex 0x10905ad8
vfio_region_write (0001:03:00.0:region1+0xc0, 0x4140c, 4)
vfio_region_write (0001:03:00.0:region1+0xc4, 0xa0000, 4)
qemu_mutex_unlock unlocked mutex 0x10905ad8
goes like this:
qemu_mutex_lock locked mutex 0x10905ad8
vfio_region_write (0001:03:00.0:region1+0xc0, 0xbfd0008, 8)
qemu_mutex_unlock unlocked mutex 0x10905ad8
Signed-off-by: Jose Ricardo Ziviani <joserz@linux.vnet.ibm.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
|
|
Sets valid.max_access_size and valid.min_access_size to ensure safe
8-byte accesses to vfio. Today, 8-byte accesses are broken into pairs
of 4-byte calls that goes unprotected:
qemu_mutex_lock locked mutex 0x10905ad8
vfio_region_write (0001:03:00.0:region1+0xc0, 0x2020c, 4)
qemu_mutex_unlock unlocked mutex 0x10905ad8
qemu_mutex_lock locked mutex 0x10905ad8
vfio_region_write (0001:03:00.0:region1+0xc4, 0xa0000, 4)
qemu_mutex_unlock unlocked mutex 0x10905ad8
which occasionally leads to:
qemu_mutex_lock locked mutex 0x10905ad8
vfio_region_write (0001:03:00.0:region1+0xc0, 0x2030c, 4)
qemu_mutex_unlock unlocked mutex 0x10905ad8
qemu_mutex_lock locked mutex 0x10905ad8
vfio_region_write (0001:03:00.0:region1+0xc0, 0x1000c, 4)
qemu_mutex_unlock unlocked mutex 0x10905ad8
qemu_mutex_lock locked mutex 0x10905ad8
vfio_region_write (0001:03:00.0:region1+0xc4, 0xb0000, 4)
qemu_mutex_unlock unlocked mutex 0x10905ad8
qemu_mutex_lock locked mutex 0x10905ad8
vfio_region_write (0001:03:00.0:region1+0xc4, 0xa0000, 4)
qemu_mutex_unlock unlocked mutex 0x10905ad8
causing strange errors in guest OS. With this patch, such accesses
are protected by the same lock guard:
qemu_mutex_lock locked mutex 0x10905ad8
vfio_region_write (0001:03:00.0:region1+0xc0, 0x2000c, 4)
vfio_region_write (0001:03:00.0:region1+0xc4, 0xb0000, 4)
qemu_mutex_unlock unlocked mutex 0x10905ad8
This happens because the 8-byte write should be broken into 4-byte
writes by memory.c:access_with_adjusted_size() in order to be under
the same lock. Today, it's done in exec.c:address_space_write_continue()
which was able to handle only 4 bytes due to a zero'ed
valid.max_access_size (see exec.c:memory_access_size()).
Signed-off-by: Jose Ricardo Ziviani <joserz@linux.vnet.ibm.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
|
|
When driving QEMU from the outside, we have basically no chance to
determine how quickly the guest OS picks up key events, so we usually
have to limit ourselves to very slow keyboard presses to make sure
the guest always has enough chance to pick them up.
This patch adds a trace events when the keyboarde queue is drained.
An external driver can use that as hint that new keys can be pressed.
Signed-off-by: Alexander Graf <agraf@suse.de>
Message-id: 1490883775-94658-1-git-send-email-agraf@suse.de
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
qemu_input_event_send() discards key event when the guest is paused,
but not the delay.
The delay ends up in the input queue, and qemu_input_event_send_key()
will further fill the queue with upcoming events.
VNC uses qemu_input_event_send_key_delay(), not SPICE, which results
in a different input behaviour on pause: VNC will queue the events
(except the first that is discarded), SPICE will discard all events.
Don't queue delay if paused, and provide same behaviour on SPICE and
VNC clients on resume (and potentially avoid over-allocating the
buffer queue)
Fixes:
https://bugzilla.redhat.com/show_bug.cgi?id=1444326
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20170425130520.31819-1-marcandre.lureau@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Apply a limit to the number of items we accept into the keyboard queue.
Impact: Without this limit vnc clients can exhaust host memory by
sending keyboard events faster than qemu feeds them to the guest.
Fixes: CVE-2017-8379
Cc: P J P <ppandit@redhat.com>
Cc: Huawei PSIRT <PSIRT@huawei.com>
Reported-by: jiangxin1@huawei.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20170428084237.23960-1-kraxel@redhat.com
|
