aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-06-18qapi: Catch and reject flat union branch of array typeMarkus Armbruster
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2015-06-18tests/qapi-schema: New flat union array branch test caseMarkus Armbruster
The new test demonstrates another generator crash. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2015-06-18qapi: Better separate the different kinds of helpersMarkus Armbruster
Insert comments to separate sections dealing with parsing, semantic analysis, code generation, and so forth. Move helpers to their proper section. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2015-06-18qapi: Move exprs checking from parse_schema() to check_exprs()Markus Armbruster
To have expression semantic analysis in one place rather than two. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2015-06-18qapi: Fix to reject stray 't', 'f' and 'n'Markus Armbruster
Screwed up in commit e53188a. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2015-06-18qapi: Simplify inclusion cycle detectionMarkus Armbruster
We maintain a stack of filenames in include_hist for convenient cycle detection. As error_path() demonstrates, the same information is readily available in the expr_info, so just use that, and drop include_hist. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2015-06-18qapi: Fix file name in error messages for included filesMarkus Armbruster
We print the name as it appears in the include expression. Tools processing error messages want it relative to the working directory. Make it so. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2015-06-18qapi: Improve a couple of confusing variable namesMarkus Armbruster
old name new name ---------------------------- input_file fname input_relname fname input_fname abs_fname include_path incl_abs_fname parent_info incl_info Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2015-06-18qapi: Eliminate superfluous QAPISchema attribute input_dirMarkus Armbruster
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2015-06-18qapi: Drop bogus command from docsMarkus Armbruster
Commit 87a560c4 added it in the wrong place. Commit 59a2c4ce added it in the right place, but didn't remove it from the wrong place. Do that now. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2015-06-18MAINTAINERS: Fix up QAPI and QAPI schema file patternsMarkus Armbruster
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2015-06-18Merge remote-tracking branch 'remotes/mcayland/tags/qemu-openbios-signed' ↵Peter Maydell
into staging Update OpenBIOS images # gpg: Signature made Wed Jun 17 20:06:06 2015 BST using RSA key ID AE0F321F # gpg: Good signature from "Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>" * remotes/mcayland/tags/qemu-openbios-signed: Update OpenBIOS images Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-06-18vfio: fix build error on CentOS 5.7Leon Alrae
Include linux/vfio.h after sys/ioctl.h, just like in hw/vfio/common.c. Signed-off-by: Leon Alrae <leon.alrae@imgtec.com> Acked-by: Alex Williamson <alex.williamson@redhat.com> Message-id: 1434544500-22405-1-git-send-email-leon.alrae@imgtec.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-06-17Update OpenBIOS imagesMark Cave-Ayland
Update OpenBIOS images to SVN r1340 built from submodule. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2015-06-17tap: add VNET_LE/VNET_BE operationsGreg Kurz
The linux tap and macvtap backends can be told to parse vnet headers according to little or big endian. This is done through the TUNSETVNETLE and TUNSETVNETBE ioctls. This patch brings all the plumbing for QEMU to use these APIs. Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-06-17vhost: set vring endianness for legacy virtioGreg Kurz
Legacy virtio is native endian: if the guest and host endianness differ, we have to tell vhost so it can swap bytes where appropriate. This is done through a vhost ring ioctl. Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-06-17virtio: introduce virtio_legacy_is_cross_endian()Greg Kurz
This helper will be used by vhost and tap to detect cross-endianness in the legacy virtio case. Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-06-17linux-headers: sync vhost.hGreg Kurz
This patch brings the cross-endian vhost API to QEMU. Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-06-17tests: virtio-scsi: Move start/stop to individual test functionsFam Zheng
Signed-off-by: Fam Zheng <famz@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-06-17libqos: Complete virtio device ID definition listFam Zheng
Signed-off-by: Fam Zheng <famz@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-06-17libqos: Allow calling guest_free on NULL pointerFam Zheng
Signed-off-by: Fam Zheng <famz@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-06-17tests: Link libqos virtio object to virtio-scsi-testFam Zheng
Signed-off-by: Fam Zheng <famz@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-06-17i8254: fix out-of-bounds memory access in pit_ioport_read()Petr Matousek
Due converting PIO to the new memory read/write api we no longer provide separate I/O region lenghts for read and write operations. As a result, reading from PIT Mode/Command register will end with accessing pit->channels with invalid index. Fix this by ignoring read from the Mode/Command register. This is CVE-2015-3214. Reported-by: Matt Tait <matttait@google.com> Fixes: 0505bcdec8228d8de39ab1a02644e71999e7c052 Cc: qemu-stable@nongnu.org Signed-off-by: Petr Matousek <pmatouse@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-06-17qemu-ga: Building Windows MSI installation with configure/MakefileYossi Hindin
New options were added to enable Windows MSI installation package creation: Option --enable-guest-agent-msi, like the name suggests, enables building Windows MSI package for QEMU guest agent; option --disable-guest-agent-msi disables MSI package creation; by default, no MSI package is created Signed-off-by: Yossi Hindin <yhindin@redhat.com> Message-Id: <1430913460-13174-5-git-send-email-yhindin@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-06-17qemu-ga: Introduce Windows MSI scriptYossi Hindin
The script enables building Windows MSI installation package on Linux with wixl tool. Signed-off-by: Yossi Hindin <yhindin@redhat.com> Message-Id: <1430913460-13174-4-git-send-email-yhindin@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-06-17qemu-ga: debug printouts to help troubleshoot installationYossi Hindin
Debug printouts extended, helps installation troubleshooting Signed-off-by: Yossi Hindin <yhindin@redhat.com> Message-Id: <1430913460-13174-3-git-send-email-yhindin@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-06-17qemu-ga: adding vss-[un]install optionsYossi Hindin
Existing command line options include '-s install' and '-s uninstall'. These options install/uninstall both Windows QEMU GA service and optional VSS COM server. The QEMU GA Windows service allows always-on serving guest agent's QMP commands and VSS COM server enables guest agent integration with Volume Shadow Service. This commit introdices new options '-s vss-install' and '-s vss-uninstall', affecting only GA VSS COM server registration. The new options are useful for registering and unregistering the COM server during MSI installation, upgrade and uninstallation. Signed-off-by: Yossi Hindin <yhindin@redhat.com> Message-Id: <1430913460-13174-2-git-send-email-yhindin@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-06-17qemu-log: Open file for logging when specifiedPranith Kumar
qemu-log defaults to stderr when there is no '-D' option mentioned on command line. When '-D' option is specified, we also need to specify '-d' option for it to use the specified logfile. When using monitor to enable logging this is troublesome since there will be no '-d' option because of which monitor dumps the logs to stderr. Fix this by opening the log file when '-D' is specified on the command line. Also fix an ancient comment which does not hold true since changing location and log level has now been streamlined. Signed-off-by: Pranith Kumar <bobby.prani@gmail.com> CC: Paolo Bonzini <pbonzini@redhat.com> CC: Luiz Capitulino <lcapitulino@redhat.com> CC: Markus Armbruster <armbru@redhat.com> CC: Peter Maydell <peter.maydell@linaro.org> Message-Id: <1433946024-18439-1-git-send-email-bobby.prani@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-06-17Merge remote-tracking branch 'remotes/agraf/tags/signed-s390-for-upstream' ↵Peter Maydell
into staging Patch queue for s390 - 2015-06-17 This is a special one. Two awesome features in one pull request: - CCW support for TCG - Watchpoint support for TCG To celebrate this, we also switch the default machine model from s390-virtio to s390-ccw and give users a fully working s390x model again! # gpg: Signature made Wed Jun 17 11:42:26 2015 BST using RSA key ID 03FEDC60 # gpg: Good signature from "Alexander Graf <agraf@suse.de>" # gpg: aka "Alexander Graf <alex@csgraf.de>" * remotes/agraf/tags/signed-s390-for-upstream: (26 commits) s390x: Switch to s390-ccw machine as default target-s390x: PER: add Breaking-Event-Address register target-s390x: PER instruction-fetch nullification event support target-s390x: PER store-using-real-address event support target-s390x: PER storage-alteration event support translate-all: fix watchpoints if retranslation not possible target-s390x: PER instruction-fetch event support target-s390x: PER successful-branching event support target-s390x: basic PER event handling target-s390x: add get_per_in_range function target-s390x: add get_per_atmid function target-s390x: add PER related constants target-s390x: mvc_fast_memmove: access memory through softmmu target-s390x: mvc_fast_memset: access memory through softmmu target-s390x: function to adjust the length wrt page boundary softmmu: provide tlb_vaddr_to_host function for user mode target-s390x: wire up I/O instructions in TCG mode target-s390x: wire up DIAG REIPL in TCG mode target-s390x: wire up DIAG IPL in TCG mode target-s390x: fix s390_cpu_initial_reset ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-06-17s390x: Switch to s390-ccw machine as defaultAlexander Graf
We now finally have TCG support for the basic set of instructions necessary to run the s390-ccw machine. That means in any aspect possible that machine type is now superior to the legacy s390-virtio machine. Switch over to the ccw machine as default. That way people don't get a halfway broken machine with the s390x target. Signed-off-by: Alexander Graf <agraf@suse.de> Reviewed-by: Aurelien Jarno <aurelien@aurel32.net> Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
2015-06-17target-s390x: PER: add Breaking-Event-Address registerAurelien Jarno
This patch adds support for PER Breaking-Event-Address register. Like real hardware, it save the current PSW address when the PSW address is changed by an instruction. We have to take care of optimizations QEMU does, a branch to the next instruction is still a branch. This register is copied to low core memory when a program exception happens. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-17target-s390x: PER instruction-fetch nullification event supportAurelien Jarno
For the instruction-fetch nullification event, we just reuse the existing instruction-fetch code and trigger the exception immediately in that case. There is no need to save the CPU state in the TCG code as it has been saved by the previous instruction before calling the per_check_exception helper. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-17target-s390x: PER store-using-real-address event supportAurelien Jarno
This PER event happens each time the STURA or STURG instructions are used. As they use helpers, we can just save the event in the PER code there, if enabled. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-17target-s390x: PER storage-alteration event supportAurelien Jarno
For the PER storage-alteration event we can use the QEMU watchpoint infrastructure. When PER is enabled or PER control register changed we enable the corresponding watchpoints. When a watchpoint arises we can save the event. Unfortunately the current code does not provide the address space used to trigger the watchpoint. For now we assume it comes from the default ASC. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-17translate-all: fix watchpoints if retranslation not possibleAurelien Jarno
The tb_check_watchpoint function currently assumes that all memory access is done either directly through the TCG code or through an helper which knows its return address. This is obviously wrong as the helpers use cpu_ldxx/stxx_data functions to access the memory. Instead of aborting in that case, don't try to retranslate the code, but assume that the CPU state (and especially the program counter) has been saved before calling the helper. Then invalidate the TB based on this address. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-17target-s390x: PER instruction-fetch event supportAurelien Jarno
For the PER instruction-fetch, we can't use the QEMU breakpoint infrastructure as it triggers for a single address and not a full address range, and as it actually stop before the instruction and not before. We therefore call an helper with the just fetched instruction address, which check if the address is within the PER address range. If it is the case, an event is recorded and will be signaled through an exception. Note that we implement here the PER-3 behaviour, that is an invalid opcode is not considered as an instruction fetch. Without PER-3 this behavious is undefined. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-17target-s390x: PER successful-branching event supportAurelien Jarno
For the PER successful-branching event support, we can't rely on any QEMU infrastucture. We therefore call an helper in all places where a branch can be taken. We have to pay attention to the branch to next case, as it's still a taken branch. We don't need to care about the cases using goto_tb, as we have disabled them in the previous patch. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-17target-s390x: basic PER event handlingAurelien Jarno
This patch add basic support to generate PER exceptions. It adds two fields to the cpu structure to record for the PER address and PER code & ATMID values. When an exception is triggered and a PER event is pending, the two PER values are copied to the lowcore area. At the end of an instruction, an helper is checking for a possible pending PER event and triggers an exception in that case. For that to work with branches, we need to disable TB chaining when PER is activated. Fortunately it's already in the TB flags. Finally in case of a SERVICE CALL exception, we need to trigger the PER exception immediately after. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-17target-s390x: add get_per_in_range functionAurelien Jarno
This function checks if an address is in between the PER starting address and the PER ending address, taking care of a possible address range loop. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-17target-s390x: add get_per_atmid functionAurelien Jarno
This function returns the ATMID field that is stored in the per_perc_atmid lowcore entry. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-17target-s390x: add PER related constantsAurelien Jarno
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-17target-s390x: mvc_fast_memmove: access memory through softmmuAurelien Jarno
mvc_fast_memmove is bypassing the softmmu functions, getting the physical source and destination addresses using the mmu_translate function and accessing the corresponding physical memory. This prevents watchpoints to work correctly. Instead use the tlb_vaddr_to_host function to get the host addresses corresponding to the guest source and destination addresses through the softmmu code and fallback to the byte level code in case the corresponding address are not in the QEMU TLB or being examined through a watchpoint. As a bonus it works even for area crossing pages by splitting the are into chunks contained in a single page, bringing some performances improvements. We can therefore remove the 8-byte loads/stores method, as it is now quite unlikely to be used. At the same time change the name of the function to fast_memmove as it's not specific to mvc and use the same argument order as the C memmove function. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-17target-s390x: mvc_fast_memset: access memory through softmmuAurelien Jarno
mvc_fast_memset is bypassing the softmmu functions, getting the physical address using the mmu_translate function and accessing the corresponding physical memory. This prevents watchpoints to work correctly. Instead use the tlb_vaddr_to_host function to get the host address corresponding to the guest address through the softmmu code and fallback to the byte level code in case the corresponding address is not in the QEMU TLB or being examined through a watchpoint. As a bonus it works even for area crossing pages by splitting the are into chunks contained in a single page, bringing some performances improvements. At the same time change the name of the function to fast_memset as it's not specific to mvc and use the same argument order as the C memset function. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-17target-s390x: function to adjust the length wrt page boundaryAurelien Jarno
This patch adds a function to adjust the length of a transfer so that it doesn't cross a page boundary in softmmu mode. It does nothing in user mode. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-17softmmu: provide tlb_vaddr_to_host function for user modeAurelien Jarno
To avoid to many #ifdef in target code, provide a tlb_vaddr_to_host for both user and softmmu modes. In the first case the function always succeed and just call the g2h function. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-17target-s390x: wire up I/O instructions in TCG modeAlexander Graf
The code handling the I/O instructions for KVM decodes the instruction itself. In TCG mode also pass the full instruction word to the helpers. Signed-off-by: Alexander Graf <agraf@suse.de> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-17target-s390x: wire up DIAG REIPL in TCG modeAurelien Jarno
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-17target-s390x: wire up DIAG IPL in TCG modeAurelien Jarno
DIAG IPL is already implemented for KVM, but not wired from TCG. For that change the format of the instruction so that we can get R1 and R3 numbers in addition to the function code. The diag function can change plenty of things, including CC, so we should enter with a static CC. Also it doesn't set the value of general register 2 to 0 as in the current code. We also need to exit the CPU loop after a reset, which means a new PSW. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-17target-s390x: fix s390_cpu_initial_resetAurelien Jarno
The s390_cpu_initial_reset function zeroes a big part of the CPU state structure, including CPU_COMMON, and thus the QEMU TLB structure. As they should not be initialized with zeroes only, we need to call the tlb_flush to initialize it correctly. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-17target-s390x: initialize I/O interrupt queueAurelien Jarno
env->io_index[] should be set to -1 during CPU reset to mark the I/O interrupt queue as empty. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Alexander Graf <agraf@suse.de>