| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Fix obvious typos (decrement and off-by-one error) in pcmpestrm and pcmpistrm
which resulted in infinite loop. Reported by Frank Mehnert,
spotted also by Coverity (bug 84752853).
Reported-by: Frank Mehnert <frank.mehnert@oracle.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
Happily passes (size_t)-1 to rom_add_blob_fixed(), which promptly dies
attempting to malloc that much. Spotted by Coverity.
Bonus fix for ROMs larger than INT_MAX bytes: return ssize_t instead
of int. Bug can't bite, because the only user load_aout() limits ROM
size to an int value.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
This patch replace the previous implementation with this simplified and
more complete version (no shutdown when psret == 1).
Signed-off-by: Fabien Chouteau <chouteau@adacore.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
cppcheck report:
gdbstub.c:1781: error: Memory leak: s
Rearranging of the code avoids the leak.
v2:
Replace the g_malloc0() by g_new0() (suggested by Stuart Brady).
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
In both cases, val is computed, but then not used in the
subsequent line, which then re-computes the quantity in
a different type (int32_t vs unsigned long).
Keep the computation type that's been working so far.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
* 's390-1.0' of git://repo.or.cz/qemu/agraf:
s390x: initialize virtio dev region
tcg: Use TCGReg for standard tcg-target entry points.
tcg: Standardize on TCGReg as the enum for hard registers
s390x: Add shutdown for TCG s390-virtio machine
s390: Fix cpu shutdown for KVM
s390: fix short kernel command lines
s390: fix reset hypercall to reset the status
s390x: implement SIGP restart and shutdown
s390x: implement rrbe instruction properly
s390x: update R and C bits in storage key
s390x: make ipte 31-bit aware
s390x: add ldeb instruction
|
|
* 'ppc-1.0' of git://repo.or.cz/qemu/agraf:
pseries: Fix qdev.id handling in the VIO bus code
pseries: Allow kernel's early debug output to work
pseries: Default reg for vty should be SPAPR_VTY_BASE_ADDRESS
pseries: Check we have a chardev in spapr_vty_init()
pseries: Fix buggy spapr_vio_find_by_reg()
pseries: Correct RAM size check for SLOF
PPC: Fix for the gdb single step problem on an rfi instruction
tcg-ppc64: Fix compile errors for userspace only builds with gcc 4.6
pseries: Fix initialization of sPAPREnvironment structure
|
|
|
|
|
|
The variable is assigned a value which is never used,
so remove variable and assignment.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: malc <av1474@comtv.ru>
|
|
When the user creates a device on the command line with -device, they
can specify the id, using id=foo. Currently the VIO bus code overwrites
this id with it's own value. We should only set qdev.id if it is not
already set by the user.
The device tree code uses qdev.id for the device tree node name, however
we can't rely on the user specifiying the id using proper device tree
syntax, ie. device@reg. So separate the device tree node name from the
qdev.id, but use the same syntax, so they will match by default.
Signed-off-by: Michael Ellerman <michael@ellerman.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
|
|
The PAPR specification defines a virtual TTY/console interface for guest
OSes to use via the H_PUT_TERM_CHAR and H_GET_TERM_CHAR hypercalls. There
can be multiple virtual ttys, so these take a "termno" parameter. This
encodes which vty to use as the 'reg' property on the device tree node
associated with that vty.
However, with the early debug options enabled, the Linux kernel will
attempt debugging output through the vty very early, before it has read
the device tree. In this case it always uses a termno of 0. This works
on the existing PowerVM hypervisor, so we assume there must be a hack /
feature in there which interprets termno==0 to mean the default primary
console.
To help with debugging kernels, including existing distribution kernels,
this patch implements a similar feature / hack in qemu. If termno==0
is supplied to H_{GET,PUT}_TERM_CHAR, they use the first available vty
device instead.
We need to be careful in the case that the user has manually created
an spapr-vty at address 0. So first we search for the specified reg and
only if that doesn't match do we fall back.
Signed-off-by: Michael Ellerman <michael@ellerman.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
|
|
In commit b4a78527359a4540d84d4cdf629d01cbb262f698 ("Place pseries vty
devices at addresses more similar to existing machines"), we changed the
default reg for the vty to 0x30000000, however we didn't update the default
value for a user specified vty device. Fix that.
Signed-off-by: Michael Ellerman <michael@ellerman.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
|
|
If qemu is run like:
qemu-system-ppc64 -nodefaults -device spapr-vty
We end up in spapr_vty_init() with dev->chardev == NULL. Currently
that leads to a segfault because we unconditionally call
qemu_chr_add_handlers().
Although we could make that call conditional, I think a spapr-vty
without a chardev is basically useless so fail the init. This is
similar to what the serial code does for example.
Signed-off-by: Michael Ellerman <michael@ellerman.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
|
|
The spapr_vio_find_by_reg() function in hw/spapr_vio.c is supposed to find
the device structure for a PAPR virtual IO device with the given reg value,
and return NULL if none exists.
It does the first ok, but if no device with that reg exists, it just
returns the last device traversed in the list. This patch fixes it.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
|
|
The SLOF firmware used on the pseries machine needs a reasonable amount of
(guest) RAM in order to run, so we have a check in the machine init
function to check that this is available. However, SLOF runs in real mode
(MMU off) which means it can only actually access the RMA (Real Mode Area),
not all of RAM. In many cases the RMA is the same as all RAM, but when
running with Book3S HV KVM on PowerPC 970, the RMA must be especially
allocated to be (host) physically contiguous. In this case, the RMA size
is determined by what the host admin allocated at boot time, and will
usually be less than the whole guest RAM size.
This patch corrects the test to see if SLOF has enough memory for this
case.
In addition, more recent versions of SLOF that were committed earlier don't
need quite as much memory as earlier versions. Therefore, this patch also
reduces the amount of RAM we require to run SLOF.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
|
|
CD burning messes up the state of the host page cache and host block
device. Just pass all operations down to the device, even though that
might have slightly worse performance. Everything else just is not
reliable in combination with burning.
Reported-by: Thomas Schmitt <scdbackup@gmx.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
This will let scsi-block/scsi-generic report progress on long
operations.
Reported-by: Thomas Schmitt <scdbackup@gmxbackup.net>
Tested-by: Thomas Schmitt <scdbackup@gmxbackup.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
Reported-by: Thomas Schmitt <scdbackup@gmx.net>
Tested-by: Thomas Schmitt <scdbackup@gmx.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
- several MMC commands were parsed wrong by QEMU because their allocation
length/parameter list length is placed in a non-standard position in
the CDB (i.e. it is different from most commands with the same value in
bits 5-7).
- SEND VOLUME TAG length was multiplied by 40 which is not in SMC. The
parameter list length is between 32 and 40 bytes. Same for MEDIUM SCAN
(spec found at http://ldkelley.com/SCSI2/SCSI2-16.html but not in any of
the PDFs I have here).
- READ_POSITION (SSC) conflicts with PRE_FETCH (SBC). READ_POSITION's
transfer length is not hardcoded to 20 in SSC; for PRE_FETCH cmd->xfer
should be 0. Both fixed.
- FORMAT MEDIUM (the SSC name for FORMAT UNIT) was missing. The FORMAT
UNIT command is still somewhat broken for block devices because its
parameter list length is not in the CDB. However it works for CD/DVD
drives, which mandate the length of the payload.
- fixed wrong sign-extensions for 32-bit fields (for the LBA field,
this affects disks >1 TB).
- several other SBC or SSC commands were missing or parsed wrong.
- some commands were not in the list of "write" commands.
Reported-by: Thomas Schmitt <scdbackup@gmx.net>
Tested-by: Thomas Schmitt <scdbackup@gmx.net> (MMC bits only)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
Add more commands and their names, and remove SEEK(6) which is obsolete.
Instead, use SET_CAPACITY which is still in SSC.
Tested-by: Thomas Schmitt <scdbackup@gmx.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
Mode page 2A of emulated ATAPI DVD-ROM should have page length 0x14
like SCSI CD-ROM, rather than 0x12.
Mode page length is off by 8, as it should contain the length of the
payload after the first two bytes.
MODE SENSE(6) should be thrown out of ATAPI DVD-ROM emulation. It is
not specified in the ATAPI list of MMC-2, and MMC-5 prescribes to use
MODE SENSE(10). Anyway, its implementation is wrong.
Reported-by: Thomas Schmitt <scdbackup@gmx.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
Old operating systems rely on correct geometry to convert from CHS
addresses to LBA. Providing correct data is necessary for them to boot.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
The pre-1.0 firmware path for SCSI devices already included the LUN
using the suffix argument to add_boot_device_path. I missed that when
making channel and LUN customizable. Avoid that it is included twice, and
convert the colons to commas for consistency with other kinds of devices
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
Add a new section about using iSCSI LUNs with qemu
and provide a short example on how to set up a target and access it
using the built-in initiator
Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
.c files include .h files, so .o depends on .h,
and the linked result depends on .o.
We got it wrong for qga rules, fix it up.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
|
|
qga/guest-agent-commands.c includes qga-qmp-commands.h,
but it was missing in its dependencies. Add it in QGALIB_GEN.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
|
|
We have a single rule generating .c and .h files,
so .h doesn't depend on .c: both depend on the
source schema.
Fix Makefile to reflect that - without this,
if .c is there and .h is missing, Makefile does
not know how to remake .h and assumes it's
a dummy target, triggering endless rebuilds.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
|
|
make clean missed the source qmp files generated
by python. Fix that.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
|
|
We don't currently check for negative enum values in qmp_output_type_enum(),
this will very likely generate a segfault when triggered.
However, it _seems_ that no code in tree can trigger this today.
Acked-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
|
|
stat() can fail for a file name just read with readdir(). Easiest way
to trigger is a dangling symbolic link --- look ma, no race! When it
fails, file_completion() uses sb.st_mode uninitialized. If the
directory bit happens to be set, it appends a "/" to the completed
name.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
|
|
Reviewed-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Matthias Brugger <matthias.bgg@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
|
|
One n too many for running, need we say more.
Signed-Off-By: Vagrant Cascadian <vagrant@freegeek.org>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
|
|
These errors were detected by codespell:
remaing -> remaining
soley -> solely
virutal -> virtual
seperate -> separate
libcacard.txt still needs some more patches.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
|
|
This bug was detected by codespell.
In mips_mipssim.c a grammatical error was fixed, too.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
|
|
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
The default is still 3, and I didn't change older machine types.
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
Fix a long-standing bug which meant that any attempt to do an
8 or 16 bit read from the OMAP GPIO module would cause qemu to
crash due to an infinite recursion.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
|
|
When running the s390x virtio machine we can potentially use uninitialized
memory for the virtio device backing ram. That can lead to weird breakge.
So let's better initialize it to 0 properly.
Reported-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
---
v1 -> v2:
- use target_phys_addr_t
|
|
Including tcg_out_ld, tcg_out_st, tcg_out_mov, tcg_out_movi.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
|
|
Most targets did not name the enum; tci used TCGRegister.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
|
|
Now that we have code in place to do refcounting of online CPUs, we
can drag the TCG code along and implement shutdown for that one too,
so it doesn't feel left out by its KVM counterpart.
Signed-off-by: Alexander Graf <agraf@suse.de>
|
|
On s390 a shutdown is the state of all CPUs being either stopped
or disabled (for interrupts) waiting. We have to track the overall
number of running CPUs to call the shutdown sequence accordingly.
This patch implements the counting and shutdown handling for the
kvm path in qemu.
Lets also wrap changes to env->halted and env->exception_index.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
|
|
The default kernel command line for s390 is
"root=/dev/ram0 ro"
When overriding this line, we have to ensure to also copy the \0 to
avoid false lines, for example, -append "root=/dev/vda" will result in
"root=/dev/vda0 ro" with the current code.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
|
|
This patch fixes the reset hypercall which is supposed to also
reset the device status in device memory.
This fixes the following bug:
[root@localhost driver]# echo virtio0 > unbind
[ 35.056966] ------------[ cut here ]------------
[ 35.057054] kernel BUG at drivers/virtio/virtio.c:157!
[ 35.057113] illegal operation: 0001 [#1] SMP
[ 35.057181] Modules linked in:
[ 35.057243] CPU: 0 Not tainted 3.0.0-rc1-00180-g0792644-dirty #51
[ 35.057323] Process bash (pid: 497, task: 000000003e58c538, ksp: 000000003ef43978)
[ 35.057409] Krnl PSW : 0704100180000000 00000000003d46f8 (virtio_check_driver_offered_feature+0x0/0x38)
[ 35.057528] R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:0 CC:1 PM:0 EA:3
[ 35.057616] Krnl GPRS: 0000000000000000 0000000040000000 0000000000000007 0000000000000000
[ 35.057716] 00000000003b3be4 0000000000000001 000000003ef4d380 000000003f1cff00
[ 35.057805] 000000003ef43f18 00000000005ca620 0000000000000008 0000000000838e88
[ 35.057919] 000000000083c860 000000003f7c2e00 00000000003d46b0 000000003ef43d10
[ 35.058027] Krnl Code: 00000000003d46e8: f0b00004ebcf srp 4(12,%r0),3023(%r14),0
[ 35.058115] 00000000003d46ee: f0a0000407f4 srp 4(11,%r0),2036,0
[ 35.058207] 00000000003d46f4: a7f40001 brc 15,3d46f6
[ 35.058295] >00000000003d46f8: e31020900004 lg %r1,144(%r2)
[ 35.058383] 00000000003d46fe: bf2f1080 icm %r2,15,128(%r1)
[ 35.058470] 00000000003d4702: a784000d brc 8,3d471c
[ 35.058557] 00000000003d4706: e32010780004 lg %r2,120(%r1)
[ 35.058645] 00000000003d470c: 59302000 c %r3,0(%r2)
[ 35.058748] Call Trace:
[ 35.058777] ([<00000000003d469e>] virtio_dev_remove+0x36/0x90)
[ 35.058852] [<00000000003f3a40>] __device_release_driver+0x7c/0xec
[ 35.058936] [<00000000003f3ae8>] device_release_driver+0x38/0x48
[ 35.059023] [<00000000003f2a98>] driver_unbind+0xa4/0xc4
[ 35.059111] [<00000000002acb70>] sysfs_write_file+0xe8/0x19c
[ 35.059226] [<000000000022e7a4>] vfs_write+0xb0/0x18c
[ 35.059317] [<000000000022eb18>] SyS_write+0x58/0xb4
[ 35.059398] [<000000000057e674>] sysc_noemu+0x16/0x1c
[ 35.059475] [<000003fffd44b6c0>] 0x3fffd44b6c0
[ 35.059531] Last Breaking-Event-Address:
[ 35.059576] [<00000000003d46f4>] virtio_dev_remove+0x8c/0x90
[ 35.059646]
[ 35.059661] ---[ end trace 9b1959188f21ee11 ]---
Signed-off-by: Christian Borntraeger<borntraeger@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
|
|
An s390x OS does reboot and shutdown triggers through hypercalls that
we didn't implement on the TCG backend yet. That means that so far we
couldn't shut down virtual machines for example, having them hang on
shutdown when not using KVM.
With this patch, this restriction is gone. We can now shut down and
reboot s390x virtual machines even when using the TCG backend.
Signed-off-by: Alexander Graf <agraf@suse.de>
|
|
The rrbe instruction resets the reference bit in the given storage key.
So far, we merely made it a nop and also returned an invalid CC value,
so that the kernel never knew if a page actually got accessed.
This patch implements it properly, flushing the R bit and returning the
correct CC value.
Signed-off-by: Alexander Graf <agraf@suse.de>
|
|
When the s390x maps a page or writes happen to a page, the R and C
bits get updated. The easiest way to implement this in qemu is to
simply update them whenever we map a TLB translation and act according
to the permissions.
Signed-off-by: Alexander Graf <agraf@suse.de>
|
