aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2013-02-09Update OpenBIOS imagesBlue Swirl
Update OpenBIOS images to SVN r1097 built from submodule. Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2013-02-08xilinx_zynq: Fix wrong IRQ number of the second EHCI controllerLiming Wang
The IRQ number of the second EHCI controller should be 76, not 75. Signed-off-by: Liming Wang <walimisdev@gmail.com> Tested-by: Peter Crosthwaite <peter.crosthwaite@petalogix.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-08block/curl: disable extra protocols to prevent CVE-2013-0249Stefan Hajnoczi
There is a buffer overflow in libcurl POP3/SMTP/IMAP. The workaround is simple: disable extra protocols so that they cannot be exploited. Full details here: http://curl.haxx.se/docs/adv_20130206.html QEMU only cares about HTTP, HTTPS, FTP, FTPS, and TFTP. I have tested that this fix prevents the exploit on my host with libcurl-7.27.0-5.fc18. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-08qemu-nbd: document --cache and --aio optionsPaolo Bonzini
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-08hw/virtio-net: disable multiqueue by defaultJesse Larrew
The new multiqueue feature adds fields to the virtio device config, which breaks Windows guests. Disable the feature by default until the Windows drivers are fixed. Signed-off-by: Jesse Larrew <jlarrew@linux.vnet.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-08hw/virtio-net.c: set config size using host featuresJesse Larrew
Currently, the config size for virtio devices is hard coded. When a new feature is added that changes the config size, drivers that assume a static config size will break. For purposes of backward compatibility, there needs to be a way to inform drivers of the config size needed to accommodate the set of features enabled. aliguori: merged in - hw/virtio-net: use existing macros to implement endof - hw/virtio-net: fix config_size data type Signed-off-by: Jesse Larrew <jlarrew@linux.vnet.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-08virtio-net: pass host features to virtio_net_initAnthony Liguori
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-07net: fix infinite loop on exitMichael Roth
1ceef9f27359cbe92ef124bf74de6f792e71f6fb added handling for cleaning up multiple queues in qemu_del_nic() for cases where multiqueue is in use. To determine the number of queues it looks at nic->conf->queues, then iterates through all the queues to cleanup the associated NetClientStates. If no queues are found, no NetClientStates are deleted. However, nic->conf->queues is only set when a peer is created via -netdev or netdev_add, and is otherwise 0. This causes us to spin in net_cleanup() if we attempt to shut down qemu before adding a host device. Since qemu_new_nic() unconditionally creates at least 1 queue/NetClientState at queue idx 0, make qemu_del_nic() always attempt to clean it up. Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-06Update version for releasev1.4.0-rc1Anthony Liguori
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-06Merge branch 'for-linux-user' of ↵Anthony Liguori
https://git.gitorious.org/qemu-m68k/qemu-m68k into staging * 'for-linux-user' of https://git.gitorious.org/qemu-m68k/qemu-m68k: linux-user: correct reboot() linux-user: correct setsockopt() linux-user: correct print_timeval() swap tv_sec and tv_usec linux-user: correct msgrcv() Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-06linux-user: Restore cast to target type in get_user()Peter Maydell
Commit 658f2dc97 accidentally dropped the cast to the target type of the value loaded by get_user(). The most visible effect of this would be that the sequence "uint64_t v; get_user_u32(v, addr)" would sign extend the 32 bit loaded value into v rather than zero extending as would be expected for a _u32 accessor. Put the cast back again to restore the old behaviour. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-06hw/pxa2xx: Fix transposed crn/crm values for pxa2xx cp14 perf regsPeter Maydell
When the pxa2xx performance counter related cp14 registers were converted from a switch-statement implementation to the new table driven cpregs format in commit dc2a9045c, the crn and crm values for all these registers were accidentally transposed. Fix this mistake, which was causing OpenBSD for Zaurus to fail to boot. Reported-by: Jonathan Gray <jsg@jsg.id.au> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-06Merge remote-tracking branch 'stefanha/tracing' into stagingAnthony Liguori
# By Markus Armbruster # Via Stefan Hajnoczi * stefanha/tracing: trace: Fix location of simpletrace.py in docs trace: Clean up the "try to update atomic until it worked" loops trace: Direct access of atomics is verboten, use the API trace: Fix simple trace dropped event record for big endian
2013-02-06Merge remote-tracking branch 'stefanha/trivial-patches' into stagingAnthony Liguori
# By Michael Tokarev (1) and Stefan Weil (1) # Via Stefan Hajnoczi * stefanha/trivial-patches: vnc: recognize Hungarian doubleacutes target-m68k: Fix comment
2013-02-06hmp: Disable chardev-add and chardev-removeMarkus Armbruster
As a general rule, HMP commands must be built on top of the QMP API. Luiz and others have worked long & hard to make HMP conform to this rule. Commit f1088908 added chardev-add, in violation of this rule. QMP command chardev-add was added right before, with minimal features, and the idea to complete it step by step, then switch over the HMP command to use it. Unfortunately, we're not there, yet, and we don't want to release with chardev-add in a "HMP is more powerful than QMP" state. Disable the HMP command for now, along with its chardev-remove buddy. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-06hmp: make memchar-read escape ASCII control chars except \n and \tMarkus Armbruster
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-06qemu-char: Support suffixed ringbuf size arguments like "size=64K"Markus Armbruster
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-06qemu-char: Saner naming of memchar stuff & doc fixesMarkus Armbruster
New device, has never been released, so we can still improve things without worrying about compatibility. Naming is a mess. The code calls the device driver CirMemCharDriver, the public API calls it "memory", "memchardev", or "memchar", and the special commands are named like "memchar-FOO". "memory" is a particularly unfortunate choice, because there's another character device driver called MemoryDriver. Moreover, the device's distinctive property is that it's a ring buffer, not that's in memory. Therefore: * Rename CirMemCharDriver to RingBufCharDriver, and call the thing a "ringbuf" in the API. * Rename QMP and HMP commands from memchar-FOO to ringbuf-FOO. * Rename device parameter from maxcapacity to size (simple words are good for you). * Clearly mark the parameter as optional in documentation. * Fix error reporting so that chardev-add reports to current monitor, not stderr. * Replace cirmem in C identifiers by ringbuf. * Rework documentation. Document the impact of our crappy UTF-8 handling on reading. * QMP examples that even work. I could split this up into multiple commits, but they'd change the same documentation lines multiple times. Not worth it. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-06qemu-char: General chardev "memory" code cleanupMarkus Armbruster
Inline trivial cirmem_chr_is_empty() into its only caller. Rename qemu_chr_cirmem_count() to cirmem_count(). Fast ring buffer index wraparound. Without this, there's no point in restricting size to a power two. qemu_is_chr(chr, "memory") returns *zero* when chr is a memory character device, which isn't what I'd expect. Replace it by the saner and more obviously correct chr_is_cirmem(). Also avoids encouraging testing for specific character devices elsewhere. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-06qemu-char: Drop undocumented chardev "memory" compatibility syntaxMarkus Armbruster
This is a new device, so there's no compatibility to maintain, and its use case isn't common enough to justify shorthand syntax. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-06qemu-char: Fix chardev "memory" not to drop IAC charactersMarkus Armbruster
Undocumented misfeature, get rid of it while we can. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-06qmp: Drop wasteful zero-initialization in qmp_memchar_read()Markus Armbruster
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-06qmp: Drop superfluous special case "empty" in qmp_memchar_read()Markus Armbruster
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-06qmp: Plug memory leaks in memchar-write, memchar-readMarkus Armbruster
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-06qmp: Clean up type usage in qmp_memchar_write(), qmp_memchar_read()Markus Armbruster
Const-correctness, consistently use standard C types instead of mixing them with GLib types. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-06qmp: Use generic errors in memchar-read, memchar-writeMarkus Armbruster
New errors should be generic unless there's a real use case for rich errors. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-06qmp: Clean up design of memchar-readMarkus Armbruster
The data returned has a well-defined size, which makes the size returned along with it redundant at best. Drop it. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-06qmp: Fix design bug and read beyond buffer in memchar-writeMarkus Armbruster
Command memchar-write takes data and size parameter. Begs the question what happens when data doesn't match size. With format base64, qmp_memchar_write() copies the full data argument, regardless of size argument. With format utf8, qmp_memchar_write() copies size bytes from data, happily reading beyond data. Copies crap from the heap or even crashes. Drop the size parameter, and always copy the full data argument. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-06vnc: recognize Hungarian doubleacutesMichael Tokarev
As reported in http://bugs.debian.org/697641 , some Hungarian keys does not work with qemu when using vnc display. This is because while the Hungarian keymap mentions these symbols, qemu know nothing about them. So add them. This patch is applicable to -stable for all previous releases. Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-02-06target-m68k: Fix commentStefan Weil
* spelling fix ito -> into * reorder to match load/store Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-02-06vnc: recognize Hungarian doubleacutesMichael Tokarev
As reported in http://bugs.debian.org/697641 , some Hungarian keys does not work with qemu when using vnc display. This is because while the Hungarian keymap mentions these symbols, qemu know nothing about them. So add them. This patch is applicable to -stable for all previous releases. Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-06qemu/9p: Don't ignore error in fid clunkAneesh Kumar K.V
We use the clunk request to do the actual xattr operation. So don't ignore the error value for fid clunk. Security model "none" don't support posix acl. Without this patch guest won't get EOPNOTSUPP error on setxattr("system.posix_acl_access") Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-06qemu/iovec: Don't assert if sbytes is zeroAneesh Kumar K.V
Since these values can possibly be sent from guest (for hw/9pfs), do a sanity check on them. A 9p write request with 0 bytes caused qemu to abort without this patch Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-06e1000: fix link down handling with auto negotiationMichael S. Tsirkin
Fixes a couple of regression bugs introduced by b9d03e352cb6b31a66545763f6a1e20c9abf0c2c and related to auto-negotiation: - Auto-negotiation currently sets link up even if it was forced down from the monitor. - If Auto-negotiation was in progress during migration, link will never come up. As a fix, don't touch NC link_down field at all, instead add code on receive path to check guest link status. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-06configure: Fix build with XFreeRichard Henderson
The build is broken on ppc64-linux, possibly only with new binutils: ld: hw/lm32/../milkymist-tmu2.o: undefined reference to symbol 'XFree' ld: note: 'XFree' is defined in DSO /lib64/libX11.so.6 so try \ adding it to the linker command line So let's follow the linker's advice. Signed-off-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-06bswap: Fix width of swap in leul_to_cpuRichard Henderson
The misnamed HOST_LONG_BITS is really HOST_POINTER_BITS. Here we're explicitly using an unsigned long, rather than uintptr_t, so it is more correct to select the swap size via ULONG_MAX. Acked-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-05bios: recompile BIOSAnthony Liguori
SeaBIOS is really close to spilling over to 256k. Until we can better handle migration across RAM block size changes, recompile SeaBIOS with a compiler that causes the binary to still fit in 128k. This was built with: gcc version 4.7.2 20121109 (Red Hat 4.7.2-8) (GCC) On 64-bit Fedora 18. Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-05trace: Fix location of simpletrace.py in docsMarkus Armbruster
Missed when commit 4c3b5a48 moved it. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Harsh Prateek Bora <harsh@linux.vnet.ibm.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-02-05trace: Clean up the "try to update atomic until it worked" loopsMarkus Armbruster
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Harsh Prateek Bora <harsh@linux.vnet.ibm.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-02-05trace: Direct access of atomics is verboten, use the APIMarkus Armbruster
The GLib Reference Manual says: It is very important that all accesses to a particular integer or pointer be performed using only this API and that different sizes of operation are not mixed or used on overlapping memory regions. Never read or assign directly from or to a value -- always use this API. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Harsh Prateek Bora <harsh@linux.vnet.ibm.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-02-05trace: Fix simple trace dropped event record for big endianMarkus Armbruster
We use atomic operations to keep track of dropped events. Inconveniently, GLib supports only int and void * atomics, but the counter dropped_events is uint64_t. Can't stop commit 62bab732: a quick (gint *)&dropped_events bludgeons the compiler into submission. That cast is okay only when int is exactly 64 bits wide, which it commonly isn't. If int is even wider, we clobber whatever follows dropped_events. Not worth worrying about, as none of the machines that interest us have such morbidly obese ints. That leaves the common case: int narrower than 64 bits. Harmless on little endian hosts: we just don't access the most significant bits of dropped_events. They remain zero. On big endian hosts, we use only the most significant bits of dropped_events as counter. The least significant bits remain zero. However, we write out the full value, which is the correct counter shifted left a bunch of places. Fix by changing the variables involved to int. There's another, equally suspicious-looking (gint *)&trace_idx argument to g_atomic_int_compare_and_exchange(), but that one casts unsigned *, so it's okay. But it's also superfluous, because GLib's atomic int operations work just fine for unsigned. Drop it. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-02-04target-s390x: Fix wrong comparison in interrupt handlingStefan Weil
gcc with -Wextra complains about an ordered pointer comparison: target-s390x/helper.c:660:27: warning: ordered comparison of pointer with integer zero [-Wextra] Obviously the index was missing in the code. Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-04s390x: silence warning from GCC on uninitialized valuesAnthony Liguori
As best I can tell, this is a false positive. [aliguori@ccnode4 qemu-s390]$ make CC s390x-softmmu/target-s390x/helper.o /home/aliguori/git/qemu/target-s390x/helper.c: In function ‘do_interrupt’: /home/aliguori/git/qemu/target-s390x/helper.c:673:17: error: ‘addr’ may be used uninitialized in this function [-Werror=maybe-uninitialized] /home/aliguori/git/qemu/target-s390x/helper.c:620:20: note: ‘addr’ was declared here /home/aliguori/git/qemu/target-s390x/helper.c:673:17: error: ‘mask’ may be used uninitialized in this function [-Werror=maybe-uninitialized] /home/aliguori/git/qemu/target-s390x/helper.c:620:14: note: ‘mask’ was declared here cc1: all warnings being treated as errors make[1]: *** [target-s390x/helper.o] Error 1 make: *** [subdir-s390x-softmmu] Error 2 Cc: Cornelia Huck <cornelia.huck@de.ibm.com> Cc: Stefan Weil <sw@weilnetz.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-04acpi_piix4: fix segfault migrating from 1.2Michael Roth
b0b873a07872f7ab7f66f259c73fb9dd42aa66a9 bumped the vmstate version and introduced an old-style load function to handle migration from prior (<= 1.2) versions. The load function passes the top-level PIIX4PMState pointer to vmstate_load_state() to handle nested structs for APMState and pci_status, which leads to corruption of the top-level PIIX4PMState, since pointers to the nested structs are expected. A segfault can be fairly reliably triggered by migrating from 1.2 and issuing a reset, which will trigger a number of QOM operations which rely on the now corrupted ObjectClass/Object members. Fix this by passing in the expected pointers for vmstate_load_state(). Cc: qemu-stable@nongnu.org Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-04vl.c: validate -numa "cpus" parameter properlyEduardo Habkost
- Accept empty strings without aborting - Use parse_uint*() to parse numbers - Abort if anything except '-' or end-of-string is found after the first number. - Check for endvalue < value Also change the MAX_CPUMASK_BITS warning message from "A max of %d CPUs are supported in a guest" to "qemu: NUMA: A max of %d VCPUs are supported". Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-04vl.c: Extract -numa "cpus" parsing to separate functionEduardo Habkost
This will make it easier to refactor that code later. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-04vl.c: Use parse_uint_full() for NUMA nodeidEduardo Habkost
This should catch many kinds of errors that the current code wasn't checking for: - Values that can't be parsed as a number - Negative values - Overflow - Empty string Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-04vl.c: numa_add(): Validate nodeid before using itEduardo Habkost
Without this check, QEMU will corrupt memory if a too-large nodeid is provided in the command-line. e.g.: -numa node,mem=...,cpus=...,nodeid=65 This changes nodenr to unsigned long long, to avoid integer conversion issues when converting the strtoull() result to int. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-04vl.c: Check for NUMA node limit inside numa_add()Eduardo Habkost
Instead of checking the limit before calling numa_add(), check the limit only when we already know we're going to add a new node. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-04vl.c: Abort on unknown -numa option typeEduardo Habkost
Abort in case an invalid -numa option is provided, instead of silently ignoring it. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>